head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.4
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.2
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2012Q3:1.2.0.6
	pkgsrc-2012Q3-base:1.2
	pkgsrc-2012Q2:1.2.0.4
	pkgsrc-2012Q2-base:1.2
	pkgsrc-2012Q1:1.2.0.2
	pkgsrc-2012Q1-base:1.2
	pkgsrc-2011Q4:1.1.0.6
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.4
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.2
	pkgsrc-2011Q2-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2012.12.14.01.32.01;	author jnemeth;	state dead;
branches;
next	1.2;

1.2
date	2012.03.22.03.43.42;	author jnemeth;	state Exp;
branches;
next	1.1;

1.1
date	2011.06.09.09.17.27;	author jnemeth;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Update to Asterisk 1.8.19.0: this is a bugfix release.

----- 1.8.19.0:

The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.

The release of Asterisk 1.8.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent resetting of NATted realtime peer address on reload.

* --- Do not use a FILE handle when doing SIP TCP reads.

* --- Fix execution of 'i' extension due to uninitialized variable.

* --- Ensure that the Queue application tracks busy members in off
      nominal situations

* --- Properly extract the Body information of an EWS calendar item

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0

Thank you for your continued support of Asterisk!

----- 1.8.18.1:

The Asterisk Development Team has announced the release of Asterisk 1.8.18.1.

The release of Asterisk 1.8.18.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!

The following is the issue resolved in this release:

* --- chan_local: Fix local_pvt ref leak in local_devicestate().

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.1

Thank you for your continued support of Asterisk!
@
text
@$NetBSD: patch-bl,v 1.2 2012/03/22 03:43:42 jnemeth Exp $

--- contrib/scripts/autosupport.orig	2012-01-04 20:00:33.000000000 +0000
+++ contrib/scripts/autosupport
@@@@ -33,7 +33,7 @@@@ NONINTERACTIVE=0
 # If a prefix is specified on command-line, add it.
 if (set -u; : $1) 2> /dev/null
 then
-  if [ $1 == "-h" ] || [ $1 == "--help" ]; then
+  if [ $1 = "-h" ] || [ $1 = "--help" ]; then
     echo
     echo "Digium autosupport script"
     echo "Copyright (C) 2005-2010, Digium, Inc."
@@@@ -53,7 +53,7 @@@@ then
     echo "    XXXXXXXX_${TARBALL_OUTPUT_FILE}"
     echo
     exit
-  elif [ $1 == "-n" ] || [ $1 == "--non-interactive" ]; then
+  elif [ $1 = "-n" ] || [ $1 = "--non-interactive" ]; then
     FILE_PREFIX=
     NONINTERACTIVE=1
   else
@


1.2
log
@Update to 1.8.10.1:  this fixes AST-2012-002 and AST-2012-003.

pkgsrc changes: adapt to having iLBC coded included in the asterisk
tarball and newer version of sounds tarball.

----- 1.8.10.0 -----

The Asterisk Development Team has announced the release of Asterisk 1.8.10.0.

The release of Asterisk 1.8.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---

* --- Include iLBC source code for distribution with Asterisk ---

* --- Fix callerid of originated calls ---

* --- Fix outbound DTMF for inband mode of chan_ooh323 ---

* --- Create and initialize udptl only when dialog requests image media ---

* --- Don't prematurely stop SIP session timer ---

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.10.0

Thank you for your continued support of Asterisk!

----- 1.8.10.1 -----

The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.

The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible.  Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.

These issues and their resolution are described in the security
advisory.

For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.10.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2012-003.pdf

Thank you for your continued support of Asterisk!
@
text
@d1 1
a1 1
$NetBSD$
@


1.1
log
@Upgrade to 1.8.4.2.  This fixes several security issues including:
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, AST-2011-006,
and AST-2011-007.

pkgsrc changes:
- add patch for autosupport script; == -> =
- patch configure to not unconditionally set PBX_LAUNCHD=1
  - this allows res_timing_kqueue.so to build

This last change brings a timing source to NetBSD which allows IAX
trunking and allows the bridging modules to work, a rather major
piece that was missing.  Note that I haven't extensively tested
it.  But, have at it...

===========================================================================
1.8.4.2:

The Asterisk Development Team has announced the release of Asterisk
version 1.8.4.2, which is a security release for Asterisk 1.8.

The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing
which can lead to a remotely exploitable crash:

     Remote Crash Vulnerability in SIP channel driver (AST-2011-007)

The issue and resolution is described in the AST-2011-007 security
advisory.

For more information about the details of this vulnerability, please
read the security advisory AST-2011-007, which was released at the same
time as this announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.2

Security advisory AST-2011-007 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-007.pdf

===========================================================================
1.8.4.1:

The Asterisk Development Team has announced the release of Asterisk 1.8.4.1.

The release of Asterisk 1.8.4.1 resolves several issues reported by the
community. Without your help this release would not have been possible.
Thank you!

Below is a list of issues resolved in this release:

 * Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)

 * Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
   This issue was found and reported by the Asterisk test suite.

 * Resolve potential crash when using SIP TLS support.

 * Improve reliability when using SIP TLS.

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1

===========================================================================
1.8.4:

The Asterisk Development Team has announced the release of Asterisk 1.8.4.

The release of Asterisk 1.8.4 resolves several issues reported by the community.
Without your help this release would not have been possible. Thank you!

Below is a sample of the issues resolved in this release:

 * Use SSLv23_client_method instead of old SSLv2 only.

 * Resolve crash in ast_mutex_init()

 * Resolution of several DTMF based attended transfer issues.

   NOTE: Be sure to read the ChangeLog for more information about these changes.

 * Resolve deadlocks related to device states in chan_sip

 * Resolve an issue with the Asterisk manager interface leaking memory when
   disabled.

 * Support greetingsfolder as documented in voicemail.conf.sample.

 * Fix channel redirect out of MeetMe() and other issues with channel softhangup

 * Fix voicemail sequencing for file based storage.

 * Set hangup cause in local_hangup so the proper return code of 486 instead of
   503 when using Local channels when the far sides returns a busy. Also affects
   CCSS in Asterisk 1.8+.

 * Fix issues with verbose messages not being output to the console.

 * Fix Deadlock with attended transfer of SIP call

Includes changes per AST-2011-005 and AST-2011-006
For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4

Information about the security releases are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.8.3.3:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.8.3.2:

he Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.

** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
    contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.2

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.8.3.1:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.1

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.8.3:

The Asterisk Development Team has announced the release of Asterisk 1.8.3.

The release of Asterisk 1.8.3 resolves several issues reported by the community
and would have not been possible without your participation. Thank you!

The following is a sample of the issues resolved in this release:

* Resolve duplicated data in the AstDB when using DIALGROUP()

* Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses.

* Reworking parsing of mwi => lines to resolve a segfault. Also add a set of
   unit tests for the function that does the parsing.

* When using cdr_pgsql the billsec field was not populated correctly on
   unanswered calls.

* Resolve memory leak in iCalendar and Exchange calendaring modules.

* This version of Asterisk includes the new Compiler Flags option
   BETTER_BACKTRACES which uses libbfd to search for better symbol information
   within both the Asterisk binary, as well as loaded modules, to assist when
   using inline backtraces to track down problems.

* Resolve issue where no Music On Hold may be triggered when using
   res_timing_dahdi.

* Resolve a memory leak when the Asterisk Manager Interface is disabled.

* Reimplemented fax session reservation to reverse the ABI breakage introduced
   in r297486.

* Fix regression that changed behavior of queues when ringing a queue member.

* Resolve deadlock involving REFER.

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3

===========================================================================
1.8.2.4:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.4

Security advisory AST-2011-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
@
text
@d3 1
a3 1
--- contrib/scripts/autosupport.orig	2011-01-04 21:00:16.000000000 +0000
d5 1
a5 1
@@@@ -32,7 +32,7 @@@@ files="n";
d14 9
@