head 1.2; access; symbols pkgsrc-2014Q3:1.1.0.16 pkgsrc-2014Q3-base:1.1 pkgsrc-2014Q2:1.1.0.14 pkgsrc-2014Q2-base:1.1 pkgsrc-2014Q1:1.1.0.12 pkgsrc-2014Q1-base:1.1 pkgsrc-2013Q4:1.1.0.10 pkgsrc-2013Q4-base:1.1 pkgsrc-2013Q3:1.1.0.8 pkgsrc-2013Q3-base:1.1 pkgsrc-2013Q2:1.1.0.6 pkgsrc-2013Q2-base:1.1 pkgsrc-2013Q1:1.1.0.4 pkgsrc-2013Q1-base:1.1 pkgsrc-2012Q4:1.1.0.2 pkgsrc-2012Q4-base:1.1; locks; strict; comment @# @; 1.2 date 2014.11.19.08.32.48; author jnemeth; state dead; branches; next 1.1; commitid 8yUJOIpbDduZTLYx; 1.1 date 2012.12.11.08.22.49; author jnemeth; state Exp; branches 1.1.16.1; next ; 1.1.16.1 date 2014.12.06.16.57.53; author tron; state dead; branches; next ; commitid z07PsiCl2DxH901y; desc @@ 1.2 log @Update to Asterisk 11.14.0: this is mostly a bugfix release. The Asterisk Development Team has announced the release of Asterisk 11.14.0. The release of Asterisk 11.14.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24348 - Built-in editline tab complete segfault with MALLOC_DEBUG (Reported by Walter Doekes) * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls (Reported by Torrey Searle) * ASTERISK-23768 - [patch] Asterisk man page contains a (new) unquoted minus sign (Reported by Jeremy Lainé) * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits (Reported by Jeremy Lainé) * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir Cohen) * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with realtime peers (Reported by ibercom) * ASTERISK-24384 - chan_motif: format capabilities leak on module load error (Reported by Corey Farrell) * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path (Reported by Corey Farrell) * ASTERISK-24378 - Release AMI connections on shutdown (Reported by Corey Farrell) * ASTERISK-24354 - AMI sendMessage closes AMI connection on error (Reported by Peter Katzmann) * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted (Reported by Joshua Colp) * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM (Reported by Michael Myles) * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates received for component (Reported by Kevin Harwell) * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by NITESH BANSAL) * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by Torrey Searle) * ASTERISK-24406 - Some caller ID strings are parsed differently since 11.13.0 (Reported by Etienne Lessard) * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 (Reported by Tzafrir Cohen) * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by Tzafrir Cohen) * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE (Reported by Paolo Compagnini) * ASTERISK-18923 - res_fax_spandsp usage counter is wrong (Reported by Grigoriy Puzankin) * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by Corey Farrell) * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout (Reported by Dmitry Melekhov) * ASTERISK-23846 - Unistim multilines. Loss of voice after second call drops (on a second line). (Reported by Rustam Khankishyiev) * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy when sending qualify requests (Reported by Damian Ivereigh) * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566) (Reported by abelbeck) * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0 (Reported by Patrick Laimbock) * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing leak (Reported by Corey Farrell) * ASTERISK-24430 - missing letter "p" in word response in OriginateResponse event documentation (Reported by Dafi Ni) * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by Corey Farrell) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-24304 - asterisk crashing randomly because of unistim channel (Reported by dhanapathy sathya) * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by Nick Adams) * ASTERISK-24466 - app_queue: fix a couple leaks to struct call_queue (Reported by Corey Farrell) * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled (Reported by Corey Farrell) * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream leaks (Reported by Corey Farrell) * ASTERISK-24307 - Unintentional memory retention in stringfields (Reported by Etienne Lessard) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0 Thank you for your continued support of Asterisk! @ text @$NetBSD: patch-contrib_scripts_autosupport,v 1.1 2012/12/11 08:22:49 jnemeth Exp $ --- contrib/scripts/autosupport.orig 2012-01-04 20:01:27.000000000 +0000 +++ contrib/scripts/autosupport @@@@ -33,7 +33,7 @@@@ NONINTERACTIVE=0 # If a prefix is specified on command-line, add it. if (set -u; : $1) 2> /dev/null then - if [ $1 == "-h" ] || [ $1 == "--help" ]; then + if [ $1 = "-h" ] || [ $1 = "--help" ]; then echo echo "Digium autosupport script" echo "Copyright (C) 2005-2010, Digium, Inc." @@@@ -53,7 +53,7 @@@@ then echo " XXXXXXXX_${TARBALL_OUTPUT_FILE}" echo exit - elif [ $1 == "-n" ] || [ $1 == "--non-interactive" ]; then + elif [ $1 = "-n" ] || [ $1 = "--non-interactive" ]; then FILE_PREFIX= NONINTERACTIVE=1 else @ 1.1 log @Update to Asterisk 11.1.0: this is a major new long term support release. As this is a major release, you should read the information about updating: https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11 You can also find documentation in: /usr/pkg/share/doc/asterisk ----- 11.1.0: The Asterisk Development Team has announced the release of Asterisk 11.1.0. The release of Asterisk 11.1.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * --- Fix execution of 'i' extension due to uninitialized variable. * --- Prevent resetting of NATted realtime peer address on reload. * --- Fix ConfBridge crash if no timing module loaded. * --- Fix the Park 'r' option when a channel parks itself. * --- Fix an issue where outgoing calls would fail to establish audio due to ICE negotiation failures. For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.1.0 ----- 11.0.1: The Asterisk Development Team has announced the release of Asterisk 11.0.1. The release of Asterisk 11.0.1 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: * --- chan_sip: Fix a bug causing SIP reloads to remove all entries from the registry * --- confbridge: Fix a bug which made conferences not record with AMI/CLI commands * --- Fix an issue with res_http_websocket where the chan_sip WebSocket handler could not be registered. For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1 Thank you for your continued support of Asterisk! ----- 11.0.0: The Asterisk Development Team is pleased to announce the release of Asterisk 11.0.0. Asterisk 11 is the next major release series of Asterisk. It is a Long Term Support (LTS) release, similar to Asterisk 1.8. For more information about support time lines for Asterisk releases, see the Asterisk versions page: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions For important information regarding upgrading to Asterisk 11, please see the Asterisk wiki: https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11 A short list of new features includes: * A new channel driver named chan_motif has been added which provides support for Google Talk and Jingle in a single channel driver. This new channel driver includes support for both audio and video, RFC2833 DTMF, all codecs supported by Asterisk, hold, unhold, and ringing notification. It is also compliant with the current Jingle specification, current Google Jingle specification, and the original Google Talk protocol. * Support for the WebSocket transport for chan_sip. * SIP peers can now be configured to support negotiation of ICE candidates. * The app_page application now no longer depends on DAHDI or app_meetme. It has been re-architected to use app_confbridge internally. * Hangup handlers can be attached to channels using the CHANNEL() function. Hangup handlers will run when the channel is hung up similar to the h extension; however, unlike an h extension, a hangup handler is associated with the actual channel and will execute anytime that channel is hung up, regardless of where it is in the dialplan. * Added pre-dial handlers for the Dial and Follow-Me applications. Pre-dial allows you to execute a dialplan subroutine on a channel before a call is placed but after the application performing a dial action is invoked. This means that the handlers are executed after the creation of the callee channels, but before any actions have been taken to actually dial the callee channels. * Log messages can now be easily associated with a certain call by looking at a new unique identifier, "Call Id". Call ids are attached to log messages for just about any case where it can be determined that the message is related to a particular call. * Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in Asterisk. Unlike traditional ACLs defined in specific module configuration files, Named ACLs can be shared across multiple modules. * The Hangup Cause family of functions and dialplan applications allow for inspection of the hangup cause codes for each channel involved in a call. This allows a dialplan writer to determine, for each channel, who hung up and for what reason(s). * Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE() lets you set some of the configuration options from the general section of features.conf on a per-channel basis. FEATUREMAP() lets you customize the key sequence used to activate built-in features, such as blindxfer, and automon. * Support for DTLS-SRTP in chan_sip. * Support for named pickupgroups/callgroups, allowing any number of pickupgroups and callgroups to be defined for several channel drivers. * IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework. More information about the new features can be found on the Asterisk wiki: https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation A full list of all new features can also be found in the CHANGES file. http://svnview.digium.com/svn/asterisk/branches/11/CHANGES For a full list of changes in the current release, please see the ChangeLog. http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.0.0 Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-contrib_scripts_autosupport,v 1.2 2012/03/25 02:17:47 jnemeth Exp $ @ 1.1.16.1 log @Pullup ticket #4566 - requested by jnemeth comms/asterisk:: security update comms/asterisk18: security update Revisions pulled up: - comms/asterisk/Makefile 1.113-1.115 - comms/asterisk/PLIST 1.9 - comms/asterisk/distinfo 1.67-1.69 - comms/asterisk/patches/patch-contrib_scripts_autosupport deleted - comms/asterisk18/Makefile 1.88-1.90 - comms/asterisk18/PLIST 1.25 - comms/asterisk18/distinfo 1.56-1.58 --- Module Name: pkgsrc Committed By: jnemeth Date: Tue Oct 14 03:35:05 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile PLIST distinfo Log Message: Update Asterisk to 1.8.31.0. This is mostly a bugfix release: The Asterisk Development Team has announced the release of Asterisk 1.8.31.0. The release of Asterisk 1.8.31.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24032 - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined (Reported by Kilburn) * ASTERISK-24225 - Dial option z is broken (Reported by dimitripietro) * ASTERISK-24178 - [patch]fromdomainport used even if not set (Reported by Elazar Broad) * ASTERISK-24019 - When a Music On Hold stream starts it restarts at beginning of file. (Reported by Jason Richards) * ASTERISK-24211 - testsuite: Fix the dial_LS_options test (Reported by Matt Jordan) * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash Mohod) Improvements made in this release: ----------------------------------- * ASTERISK-24171 - [patch] Provide a manpage for the aelparse utility (Reported by Jeremy Lainé) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Tue Oct 14 03:36:40 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile PLIST distinfo Log Message: Update Asterisk to 11.13.0. This is mostly a bugfix release: The Asterisk Development Team has announced the release of Asterisk 11.13.0. The release of Asterisk 11.13.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24032 - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined (Reported by Kilburn) * ASTERISK-24225 - Dial option z is broken (Reported by dimitripietro) * ASTERISK-24178 - [patch]fromdomainport used even if not set (Reported by Elazar Broad) * ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload warnings and ref leaks (Reported by Walter Doekes) * ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP ICE candidates in SDP answer (Reported by Badalian Vyacheslav) * ASTERISK-24019 - When a Music On Hold stream starts it restarts at beginning of file. (Reported by Jason Richards) * ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying if ever not able to resolve (Reported by David Herselman) * ASTERISK-24211 - testsuite: Fix the dial_LS_options test (Reported by Matt Jordan) * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash Mohod) * ASTERISK-23577 - res_rtp_asterisk: Crash in ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by Jay Jideliov) * ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10) concurrent WebRTC (avpg/encryption/icesupport) calls (Reported by Roman Skvirsky) * ASTERISK-24301 - Security: Out of call MESSAGE requests processed via Message channel driver can crash Asterisk (Reported by Matt Jordan) Improvements made in this release: ----------------------------------- * ASTERISK-24171 - [patch] Provide a manpage for the aelparse utility (Reported by Jeremy Lainé) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Nov 19 08:30:57 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile distinfo Log Message: Update to Asterisk 1.8.32.0: this is mostly a bug fix release. The Asterisk Development Team has announced the release of Asterisk 1.8.32.0. The release of Asterisk 1.8.32.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24348 - Built-in editline tab complete segfault with MALLOC_DEBUG (Reported by Walter Doekes) * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls (Reported by Torrey Searle) * ASTERISK-23768 - [patch] Asterisk man page contains a (new) unquoted minus sign (Reported by Jeremy Lainé) * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits (Reported by Jeremy Lainé) * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with realtime peers (Reported by ibercom) * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM (Reported by Michael Myles) * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by NITESH BANSAL) * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by Torrey Searle) * ASTERISK-24406 - Some caller ID strings are parsed differently since 11.13.0 (Reported by Etienne Lessard) * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 (Reported by Tzafrir Cohen) * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by Tzafrir Cohen) * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE (Reported by Paolo Compagnini) * ASTERISK-18923 - res_fax_spandsp usage counter is wrong (Reported by Grigoriy Puzankin) * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout (Reported by Dmitry Melekhov) * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy when sending qualify requests (Reported by Damian Ivereigh) * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566) (Reported by abelbeck) * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0 (Reported by Patrick Laimbock) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by Nick Adams) * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled (Reported by Corey Farrell) * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream leaks (Reported by Corey Farrell) * ASTERISK-24307 - Unintentional memory retention in stringfields (Reported by Etienne Lessard) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Nov 19 08:32:48 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile distinfo Removed Files: pkgsrc/comms/asterisk/patches: patch-contrib_scripts_autosupport Log Message: Update to Asterisk 11.14.0: this is mostly a bugfix release. The Asterisk Development Team has announced the release of Asterisk 11.14.0. The release of Asterisk 11.14.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24348 - Built-in editline tab complete segfault with MALLOC_DEBUG (Reported by Walter Doekes) * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls (Reported by Torrey Searle) * ASTERISK-23768 - [patch] Asterisk man page contains a (new) unquoted minus sign (Reported by Jeremy Lainé) * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits (Reported by Jeremy Lainé) * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir Cohen) * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with realtime peers (Reported by ibercom) * ASTERISK-24384 - chan_motif: format capabilities leak on module load error (Reported by Corey Farrell) * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path (Reported by Corey Farrell) * ASTERISK-24378 - Release AMI connections on shutdown (Reported by Corey Farrell) * ASTERISK-24354 - AMI sendMessage closes AMI connection on error (Reported by Peter Katzmann) * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted (Reported by Joshua Colp) * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM (Reported by Michael Myles) * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates received for component (Reported by Kevin Harwell) * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by NITESH BANSAL) * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by Torrey Searle) * ASTERISK-24406 - Some caller ID strings are parsed differently since 11.13.0 (Reported by Etienne Lessard) * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 (Reported by Tzafrir Cohen) * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by Tzafrir Cohen) * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE (Reported by Paolo Compagnini) * ASTERISK-18923 - res_fax_spandsp usage counter is wrong (Reported by Grigoriy Puzankin) * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by Corey Farrell) * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout (Reported by Dmitry Melekhov) * ASTERISK-23846 - Unistim multilines. Loss of voice after second call drops (on a second line). (Reported by Rustam Khankishyiev) * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy when sending qualify requests (Reported by Damian Ivereigh) * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566) (Reported by abelbeck) * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0 (Reported by Patrick Laimbock) * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing leak (Reported by Corey Farrell) * ASTERISK-24430 - missing letter "p" in word response in OriginateResponse event documentation (Reported by Dafi Ni) * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by Corey Farrell) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-24304 - asterisk crashing randomly because of unistim channel (Reported by dhanapathy sathya) * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by Nick Adams) * ASTERISK-24466 - app_queue: fix a couple leaks to struct call_queue (Reported by Corey Farrell) * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled (Reported by Corey Farrell) * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream leaks (Reported by Corey Farrell) * ASTERISK-24307 - Unintentional memory retention in stringfields (Reported by Etienne Lessard) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Dec 3 01:00:23 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile distinfo Log Message: Update to Asterisk 1.8.32.1: this is a security fix release. The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1. The release of these versions resolves the following security vulnerabilities: * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address as the first ACL entry, that packet bypasses all ACL rules. * AST-2014-018: Permission Escalation through DB dialplan function The DB dialplan function when executed from an external protocol, such as AMI, could result in a privilege escalation. Users with a lower class authorization in AMI can access the internal Asterisk database without the required SYSTEM class authorization. For more information about the details of these vulnerabilities, please read security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Dec 3 01:57:37 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile distinfo Log Message: Update to Asterisk 11.14.1: this is a security fix release. The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1. The release of these versions resolves the following security vulnerabilities: * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address as the first ACL entry, that packet bypasses all ACL rules. * AST-2014-018: Permission Escalation through DB dialplan function The DB dialplan function when executed from an external protocol, such as AMI, could result in a privilege escalation. Users with a lower class authorization in AMI can access the internal Asterisk database without the required SYSTEM class authorization. In addition, the release of 11.6-cert8 and 11.14.1 resolves the following security vulnerability: * AST-2014-014: High call load with ConfBridge can result in resource exhaustion The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Unload load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely. In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves the following security vulnerability: * AST-2014-017: Permission Escalation via ConfBridge dialplan function and AMI ConfbridgeStartRecord Action The CONFBRIDGE dialplan function when executed from an external protocol (such as AMI) can result in a privilege escalation as certain options within that function can affect the underlying system. Additionally, the AMI ConfbridgeStartRecord action has options that would allow modification of the underlying system, and does not require SYSTEM class authorization in AMI. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-contrib_scripts_autosupport,v 1.1 2012/12/11 08:22:49 jnemeth Exp $ @