to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
Added libgcrypt support
Added support for Calendar app
Export function for KeyRing data
Overhaul of Expense plugin
Overhaul VCARD export including adding IM, Birthday, Website fields
GUI changes: ToDo items due today are marked by a soft green color
GUI changes: new alarm clock and lock icons
GUI changes: radio buttons to select between timed and untimed events
Fixed Mac OS X bugs/crash
Resolve segmentation fault when editing Contacts with attached pictures
Resolve error where Contacts created on Palm could not be deleted with Jpilot
Resolve sync error with simultaneously modified Contacts
Fix Bug 1991 : Categories are lost during first sync
The Asterisk Development Team has announced the release of Asterisk 11.4.0.
The release of Asterisk 11.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Fix StopMixMonitor Hanging Up When Unable To Stop MixMonitor On
A Channel
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix white noise on SRTP decryption
* --- Fix reload skinny with active devices.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.22.0.
The release of Asterisk 1.8.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Make ParkAndAnnounce return to priority + 1 when return context
is not defined
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix several unreleased mutex locks that cause problem with
processing calls
* --- Fix crash when AMI redirect action redirects two channels out of
a bridge.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.22.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.3.0.
The release of Asterisk 11.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Retain XMPP filters across reconnections so external modules
continue to function as expected.
* --- Ensure that a declined media stream is terminated with a '\r\n'
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.3.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.21.0.
The release of Asterisk 1.8.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix station ringback; trunk hangup issues in SLA
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Fix Record-Route parsing for large headers.
* --- Fix AMI redirect action with two channels failing to redirect
both channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.21.0
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
pkglint warnings aren't gospel! They need to be verified in an
intelligent manner. After variable substitution, the lines will
be shorter then 80 characters, thus there was no need to shorten
them.
COMMENT should not be longer than 70 characters.
COMMENT should not begin with 'A'.
COMMENT should not begin with 'An'.
COMMENT should not begin with 'a'.
COMMENT should not end with a period.
COMMENT should start with a capital letter.
pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
There is a new maintainer, Hendrik Sattler and the sources are held
at gitorius.org. Build is changed to CMake and although it does not appear
in the ChangeLog below, I forwarded all the NetBSD related patches that
pkgsrc had (and more in fact, to get it working) although I would still say
that obexapp is the better program.
From the ChangeLog:
ObexFTP 0.24 (released 2013-03-05)
----------------------------------
* Maintainer changed from Christian to Hendrik
* change build system to using CMake
* integrate obexfs-0.12
* fix build for OpenOBEX-1.7
ObexFTP 0.23 (released 2009-02-17)
----------------------------------
* allow win32 to use hci src names
* adding a simpler connect wrapper
* show OBEX_HandleInput errors
* catch errors and let the user know
* print timeout stats if available
* sdp unregister more verbose
* upgrading btkit
* fix for win32 without bt
* replacing deprecated automake vars
* sizeof() fixes
* removing bdaddr_t reference from obexftpd.c
* adding bootstrap helper
* concurrency bug in extconf.rb generated Makefile (fix by Alin Năstac)
* switching from POD to asciidoc
* clearing gnu-style implicit rules
ObexFTP 0.22 (released 2008-06-15)
----------------------------------
* added proper unicode support
* added support for transparent OBEX-over-AT mode
* rewritten at-command function
* added specific error messages
* refactored to flexible bt_kit layer
* fixed cache root duplicates
* fixed off-by-one and unfreed mem in cache layer
* added pkg-config file
* added example code
* switched to doxygen
* added python binding callbacks
* portable packed structs
* enabled linux hci dev names for source selection
* Python binding uses distutils now, tested by Adam Williamson
* removed exit from bt discovery
* Better autodetection for possible language bindings
* reworked win32 support
* Motorola SLVR L2 cobex fix by Andrey Rahmatullin
* now using AC_HELP_STRING for compat with autoconf <=2.57
* added hci selection support, drafted by Manuel Naranjo
* switched obexftp cli to new discovery api
* prefer PCSUITE over FTP, req. by Martin Storsjö for Series 60 2nd Ed.
* fixed compile error with >=swig-1.3.28
* renamed sdp browse function
* fixed month/day swapping in atotime, spotted by Dr. Johannes Zellner
* added BFC compatibility for newer Siemens phones
* added PCSOFTWARE uuid support for SHARP phones
* added motorola support
* end bfb mode properly
* added CPROT=0 support from 3GPP 27.007
* fixed ericsson init
* fixed invalid conn_id in disconnect rep. by Alan J. McFarlane
* better create flag handling in setpath
* Changed LDADD to LIBADD sug. by Sergey Vlasov <vsu@altlinux.ru>
* obexftpd clean up by Hendrik Sattler
* 64-bit fixes by Hendrik Sattler
* Removed all (dangerous) obex_headerdata_t casts
* Reorganized all swig-dependant Makefiles
* Applied cobex write patch from Simon Ruggier <Simon80@gmail.com>
* Applied from Frode Isaksen <fisaksen@bewan.com>
ObexFTP 0.21 (released 2006-06-27)
----------------------------------
2006-05-26 Christian W. Zuckschwerdt <zany@triq.net>
* Fixes to obexftpd suggested by Hendrik Sattler
2006-05-24 Christian W. Zuckschwerdt <zany@triq.net>
* Added ruby binding
* Added preliminary discovery function
and the sources are now stored at gitorius.org. The build system is changed
to CMake
From the ChangeLog:
ver 1.7:
Add support for CMake config files
Internal code reorganisation and rewrite
Add new function set for better control than OBEX_HandleInput():
* OBEX_SetTimeout(),
* OBEX_Work() and
* OBEX_GetDataDirection()
ver 1.6:
Change ABI from 1 to 2 because:
* Redo the USB changes from version 1.4
* Remove InOBEX_* function, use the TcpOBEX_* functions instead
* Remove the simple Unicode<->ASCII functions
Add support for Single Response Mode
Add manpages for all example applications
Add udev support
Add new example app to find IrDA and USB OBEX devices
Add fixes for FreeBSD
Add support for libusb-1.x
Add support for close-on-exec
RXTX is a Java library, using a native implementation (via JNI), providing
serial and parallel communication for the Java Development Toolkit (JDK).
It is based on the specification for Sun's Java Communications API, though
while many of the class descriptions are the same the package used it not,
since gnu.io is used instead. A certain amount of compatibility is intended
with API, though this project should be considered as a fork and therefore
compatible in spirit, but not in implementation.
----- 11.2.1:
The Asterisk Development Team has announced the release of Asterisk 11.2.1.
The release of Asterisk 11.2.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.1
Thank you for your continued support of Asterisk!
----- 11.2.0:
The Asterisk Development Team has announced the release of Asterisk 11.2.0.
The release of Asterisk 11.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Add missing support for "who hung up" to chan_motif.
* --- Remove a fixed size limitation for producing SDP and change how
ICE support is disabled by default.
* --- Fix chan_sip websocket payload handling
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0
Thank you for your continued support of Asterisk!
----- 10.12.1
The Asterisk Development Team has announced the release of Asterisk 10.12.1.
The release of Asterisk 10.12.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.1
Thank you for your continued support of Asterisk!
----- 10.12.0
The Asterisk Development Team has announced the release of Asterisk 10.12.0.
The release of Asterisk 10.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Improve Code Readability And Fix Setting natdetected Flag
* --- Fix extension matching with the '-' char.
* --- Fix call files when astspooldir is relative.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0
Thank you for your continued support of Asterisk!
----- 1.8.20.1
The Asterisk Development Team has announced the release of Asterisk 1.8.20.1.
The release of Asterisk 1.8.20.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.1
Thank you for your continued support of Asterisk!
----- 1.8.20.0
The Asterisk Development Team has announced the release of Asterisk 1.8.20.0.
The release of Asterisk 1.8.20.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Improve Code Readability And Fix Setting natdetected Flag
* --- Fix extension matching with the '-' char.
* --- Fix call files when astspooldir is relative.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.0
Thank you for your continued support of Asterisk!
and AST-2012-015. Apparently the last update didn't completely
fix the issues.
The Asterisk Development Team has announced a security release for
Asterisk 11, Asterisk 11.1.2. This release addresses the security
vulnerabilities reported in AST-2012-014 and AST-2012-015, and
replaces the previous version of Asterisk 11 released for these
security vulnerabilities. The prior release left open a vulnerability
in res_xmpp that exists only in Asterisk 11; as such, other versions
of Asterisk were resolved correctly by the previous releases.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions. The vulnerabilities in SIP and HTTP were corrected in a prior
release of Asterisk; the vulnerability in XMPP is resolved in this release.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of. Handling the cachability of device states
aggregated via XMPP is handled in this release.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk - and we apologize for having
to do this twice!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
Note that Asterisk 10.* will be going into security fix only mode
on Dec. 15th, 2012. Users may wish to consider moving to one of
the Long Term Support versions: comms/asterisk18 (Asterisk 1.8.*)
or comms/asterisk (which currently has Asterisk 11.*). See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions for
information on Asterisk versions.
----- 10.11.0:
The Asterisk Development Team has announced the release of Asterisk 10.11.0.
The release of Asterisk 10.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Do not use a FILE handle when doing SIP TCP reads.
* --- Fix ConfBridge crash if no timing module loaded.
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix execution of 'i' extension due to uninitialized variable.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.11.0
Thank you for your continued support of Asterisk!
----- 10.10.1:
The Asterisk Development Team has announced the release of Asterisk 10.10.1.
The release of Asterisk 10.10.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- chan_local: Fix local_pvt ref leak in local_devicestate().
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.1
Thank you for your continued support of Asterisk!
----- 1.8.19.0:
The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
The release of Asterisk 1.8.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Do not use a FILE handle when doing SIP TCP reads.
* --- Fix execution of 'i' extension due to uninitialized variable.
* --- Ensure that the Queue application tracks busy members in off
nominal situations
* --- Properly extract the Body information of an EWS calendar item
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
Thank you for your continued support of Asterisk!
----- 1.8.18.1:
The Asterisk Development Team has announced the release of Asterisk 1.8.18.1.
The release of Asterisk 1.8.18.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- chan_local: Fix local_pvt ref leak in local_devicestate().
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.1
Thank you for your continued support of Asterisk!
Relevant ChangeLog entries since 2.5:
* src/main.c, src/minicom.c: iconv: Handle the case that iconv
did not convert anything. Reported by Mike Crowe, Debian #659351.
* src/ipc.c: Formatting cleanup.
* src/main.c: ETIME -> ETIMEDOUT as ETIME is not available on BSDs
* src/main.c: Fix invalid memory used, reported by Larry Baker
* src/config.c, src/rwconf.c: Do not set modem init and reset string
anymore, define them empty. Instead, when editing those offer
them as a default.
* src/minicom.h, src/main.c, src/dial.c: only update statusline
if there's a change (e.g. for updates times)
* src/updown.c: Flush before forking helper program,
patch by Domen Puncer, thanks!
* src/minicom.c, src/minicom.h, src/vt100.c: Add timestamps with
milliseconds, based on patch by Rapha�l Ass�nat, thanks!
* src/dial.c, src/minicom.c, src/main.c: Cleanups. Print
basename of current device to statusline if online time is disabled.
* configure.in, src/Makefile.am, src/main.c, src/minicom.c,
src/minicom.h, src/updown.c: Add lockdev support,
by Ludwig Nussel <ludwig.nussel@suse.de>
* src/dial.c: add a dialdir version 6 which does not save the
pointer on disk and should now work on 32 and 64 bit
systems equally.
* configure.in: Use AM_ICONV_LINK...
* src/script.c: Fix a buffer overflow problem. Thanks Frederic Germain.
* src/minicom.c: Do not use iconv-functions if iconv is not available.
* src/config.c, src/main.c, src/vt100.c, src/vt100.h: Add transmit
delay for every character, based on patch by Nicolas PILLON.
* src/config.c: Do not extend tilde to home directory for
non-path arguments. Debian bug #621741
* configure.in, src/Makefile.am: Add workaround and then use
libiconv for linking, fixes build issue on Mac OS X.
* src/main.c: Increase serial port open timeout, by
Lubomir Rintel
* src/main.c: Set sensible errno if port open times out,
by Lubomir Rintel
* src/help.c: Help fix for timestamp toggle by Mark Einon
* src/minicom.c: Code consolidation.
* src/minicom.c, src/minicom.h, src/vt100.c, man/minicom.1: Make
line timestamps three value: every line, every second, and off.
* man/minicom.1: Wording fix.
* src/vt100.c: Cleanups: Delete everything that was in OLD blocks.
Do not explicitly set global variables to 0.
* src/vt100.c, man/minicom.1: Change timestamp style, prepend every
line. Add in manpage.
* src/dial.c src/help.c src/ipc.c src/minicom.c src/minicom.h
src/vt100.c src/vt100.h: Addition by Mark Einon
<mark.einon@gmail.com> to add current date/time to each line.
* src/file.c: Only enter directory if we have read permissions to
get directory listings, by Jan Görig.
* src/file.c, src/getsdir.c: Cleanup and simplify.
* man/runscript.1, man/minicom.1: Fixes by John Bradshaw
* src/main.c: Avoid redraw of status line in Offline mode when
nothing changed.
* src/minicom.c: Do not lose line wrap setting over terminal resizes.
* src/main.c: Simplify status line update, also makes status
messages display the amount of time they are actually supposed
to display.
As this is a major release, you should read the information about updating:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
You can also find documentation in: /usr/pkg/share/doc/asterisk
----- 11.1.0:
The Asterisk Development Team has announced the release of Asterisk 11.1.0.
The release of Asterisk 11.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix execution of 'i' extension due to uninitialized variable.
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Fix ConfBridge crash if no timing module loaded.
* --- Fix the Park 'r' option when a channel parks itself.
* --- Fix an issue where outgoing calls would fail to establish audio
due to ICE negotiation failures.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.1.0
----- 11.0.1:
The Asterisk Development Team has announced the release of Asterisk 11.0.1.
The release of Asterisk 11.0.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- chan_sip: Fix a bug causing SIP reloads to remove all entries
from the registry
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix an issue with res_http_websocket where the chan_sip
WebSocket handler could not be registered.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1
Thank you for your continued support of Asterisk!
----- 11.0.0:
The Asterisk Development Team is pleased to announce the release of
Asterisk 11.0.0.
Asterisk 11 is the next major release series of Asterisk. It is a Long Term
Support (LTS) release, similar to Asterisk 1.8. For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
For important information regarding upgrading to Asterisk 11, please see the
Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
A short list of new features includes:
* A new channel driver named chan_motif has been added which provides support
for Google Talk and Jingle in a single channel driver. This new channel
driver includes support for both audio and video, RFC2833 DTMF, all codecs
supported by Asterisk, hold, unhold, and ringing notification. It is also
compliant with the current Jingle specification, current Google Jingle
specification, and the original Google Talk protocol.
* Support for the WebSocket transport for chan_sip.
* SIP peers can now be configured to support negotiation of ICE candidates.
* The app_page application now no longer depends on DAHDI or app_meetme. It
has been re-architected to use app_confbridge internally.
* Hangup handlers can be attached to channels using the CHANNEL() function.
Hangup handlers will run when the channel is hung up similar to the h
extension; however, unlike an h extension, a hangup handler is associated with
the actual channel and will execute anytime that channel is hung up,
regardless of where it is in the dialplan.
* Added pre-dial handlers for the Dial and Follow-Me applications. Pre-dial
allows you to execute a dialplan subroutine on a channel before a call is
placed but after the application performing a dial action is invoked. This
means that the handlers are executed after the creation of the callee
channels, but before any actions have been taken to actually dial the callee
channels.
* Log messages can now be easily associated with a certain call by looking at
a new unique identifier, "Call Id". Call ids are attached to log messages for
just about any case where it can be determined that the message is related
to a particular call.
* Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in
Asterisk. Unlike traditional ACLs defined in specific module configuration
files, Named ACLs can be shared across multiple modules.
* The Hangup Cause family of functions and dialplan applications allow for
inspection of the hangup cause codes for each channel involved in a call.
This allows a dialplan writer to determine, for each channel, who hung up and
for what reason(s).
* Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE()
lets you set some of the configuration options from the general section
of features.conf on a per-channel basis. FEATUREMAP() lets you customize
the key sequence used to activate built-in features, such as blindxfer,
and automon.
* Support for DTLS-SRTP in chan_sip.
* Support for named pickupgroups/callgroups, allowing any number of pickupgroups
and callgroups to be defined for several channel drivers.
* IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework.
More information about the new features can be found on the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation
A full list of all new features can also be found in the CHANGES file.
http://svnview.digium.com/svn/asterisk/branches/11/CHANGES
For a full list of changes in the current release, please see the ChangeLog.
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.0.0
Thank you for your continued support of Asterisk!
the environment's SHELL to be patched into a dozen or so installed scripts,
instead of a bourne-like shell. Needed after 1.13 of patches/patch-ab (fix
for building on Solaris). Sh scripts don't work well with /bin/tcsh...
Bump revision to recognize whether the fixed one is installed.
LIRC is a package that supports receiving and sending IR signals of
the most common IR remote controls. It contains a daemon that decodes
and sends IR signals, a mouse daemon that translates IR signals to
mouse movements and a couple of user programs that allow to control
your computer with a remote control.
Tested on RHEL.
The Asterisk Development Team has announced the release of Asterisk 10.10.0.
The release of Asterisk 10.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Resolve issues in ConfBridge regarding marked, waitmarked, and
unmarked users
* --- dsp.c User Configurable DTMF_HITS_TO_BEGIN and
DTMF_MISSES_TO_END
* --- Fix error where improper IMAP greetings would be deleted.
* --- iax2-provision: Fix improper return on failed cache retrieval
* --- Fix T.38 support when used with chan_local in between.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.18.0.
The release of Asterisk 1.8.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- dsp.c User Configurable DTMF_HITS_TO_BEGIN and
DTMF_MISSES_TO_END
* --- Fix error where improper IMAP greetings would be deleted.
* --- iax2-provision: Fix improper return on failed cache retrieval
* --- Fix T.38 support when used with chan_local in between.
* --- Fix an issue where media would not flow for situations where the
legacy STUN code is in use.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 10.9.0.
The release of Asterisk 10.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix channel reference leak in ChanSpy.
* --- dsp.c: Fix multiple issues when no-interdigit delay is present,
and fast DTMF 50ms/50ms
* --- Fix bug where final queue member would not be removed from
memory.
* --- Fix memory leak when CEL is successfully written to PostgreSQL
database
* --- Fix DUNDi message routing bug when neighboring peer is
unreachable
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.9.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.17.0.
The release of Asterisk 1.8.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix channel reference leak in ChanSpy.
* --- dsp.c: Fix multiple issues when no-interdigit delay is present,
and fast DTMF 50ms/50ms
* --- Fix bug where final queue member would not be removed from
memory.
* --- Fix memory leak when CEL is successfully written to PostgreSQL
database
* --- Fix DUNDi message routing bug when neighboring peer is
unreachable
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.17.0
Thank you for your continued support of Asterisk!
This is the second attempt to fix the build problem that some people
have seen (I have received inconsistent reports). This should
force chan_mgcp to build on systems where it can. It was tested
on NetBSD 5.0, thus ensuring that it doesn't break previously
working systems; and NetBSD 6.99.7, where I finally saw the problem
that some people were reporting.
21st, 2012. It most likely has multiple security issues. By this
point, all users of this package should have migrated to comms/asterisk18
or comms/asterisk10 as this version has been marked as being
deprecated for some time now.
Note that this directory is likely to re-appear in late 2017 when
Asterisk 16 comes out, assuming the current schedule is followed.
However that will be a vastly different version as Asterisk 11 is
only in the RC stage now (i.e. it will be five major versions after
the one that is expected to be released later this year).
AST-2012-013, and some general bugs.
The Asterisk Development Team has announced the release of Asterisk 1.8.16.0.
The release of Asterisk 1.8.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
ExternalIVR
* --- AST-2012-013: Resolve ACL rules being ignored during calls by
some IAX2 peers
* --- Handle extremely out of order RFC 2833 DTMF
* --- Resolve severe memory leak in CEL logging modules.
* --- Only re-create an SRTP session when needed; respond with correct
crypto policy
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.16.0
Thank you for your continued support of Asterisk!
AST-2012-013, and some general bugs.
The Asterisk Development Team has announced the release of Asterisk 10.8.0.
The release of Asterisk 10.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
ExternalIVR
* --- AST-2012-013: Resolve ACL rules being ignored during calls by
some IAX2 peers
* --- Handle extremely out of order RFC 2833 DTMF
* --- Resolve severe memory leak in CEL logging modules.
* --- Only re-create an SRTP session when needed
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.8.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
The release of Asterisk 10.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Set the Caller ID "tag" on peers even if remote party
information is present.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.7.0
Thank you for your continued support of Asterisk!
The release of Asterisk 1.8.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Make the address family filter specific to the transport.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.15.0
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is only built in some situation
instead of adding gross hacks
- upgrade to Asterisk 10.6.1: this is a bugfix release
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is built only in some situations
instead of adding gross hacks
- upgrade to Asterisk 1.8.14.1: this is a bugfix release
The release of Asterisk 1.8.14.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
Thank you for your continued support of Asterisk!
This package has not been patched for DragonFly.
There are two newer packages, asterisk10 and asterisk18
According to commit messages, this package will be removed in
"not too distant future" due to being EOL.
The Asterisk Development Team has announced the release of Asterisk 10.6.0.
The release of Asterisk 10.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Re-add LastMsgsSent value for SIP peers
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.14.0.
The release of Asterisk 1.8.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Update a peer's LastMsgsSent when the peer is notified of
waiting messages
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.0
Thank you for your continued support of Asterisk!
and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 nd Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
Thank you for your continued support of Asterisk!
AST-2012-010 and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/pST-2012-011.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced a security release for
Asterisk 10. This security release is released as version 10.5.1.
The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 10.5.1 resolves the following issue:
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client sends an Off Hook
message, followed by a Key Pad Button Message, a structure that
was previously set to NULL is dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
This issue and its resolution is described in the security advisory.
For more information about the details of this vulnerability, please
read security advisory AST-2012-009, which was released at the same
time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2012-009.pdf
Thank you for your continued support of Asterisk!
hex digits, so patching the makefile to compare it as decimal will
not work. Just patch out the test entirely, as pkgsrc guarantees
curl will always be present and the packaging is not equipped to
deal with this check failing anyhow.
The Asterisk Development Team has announced the release of Asterisk
10.5.0.
The release of Asterisk 10.5.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk
1.8.13.0.
The release of Asterisk 1.8.13.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.13.0
Thank you for your continued support of Asterisk!
AST-2012-008 along with some general bug fixes.
----- 10.4.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 10.4.2 -----
The Asterisk Development Team has announced the release of Asterisk
10.4.2.
The release of Asterisk 10.4.2 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
* --- Fix crash in ConfBridge when user announcement is played for
more than 2 users
(Closes issue ASTERISK-19899. Reported by Florian Gilcher)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.2
Thank you for your continued support of Asterisk!
and AST-2012-008 along with some general bug fixes.
----- 1.8.12.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 1.8.12.2 -----
The Asterisk Development Team has announced the release of Asterisk
1.8.12.2.
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
Thank you for your continued support of Asterisk!
pkgsrc changes:
- set OPTIMIZE to -O3 as levels above are poorly defined and can
cause problems
- maintain current patch namimg convention
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
The release of Asterisk 1.8.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Prevent chanspy from binding to zombie channels
* --- Fix Dial m and r options and forked calls generating warnings
for voice frames.
* --- Remove ISDN hold restriction for non-bridged calls.
* --- Fix copying of CDR(accountcode) to local channels.
* --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
* --- Eliminate double close of file descriptor in manager.c
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
Thank you for your continued support of Asterisk!
* libXp was used by Xaw8, but it had been obsolated, and in pkgsrc,
x11/libXaw/buildlink3.mk had been switched to pick up Xaw7 by default.
* With x11/xorg-cf-files, libXp was offered with XawClientLibs,
but updated to 1.0.4, it was removed.
* And pkgsrc had been switched to use always xorg-cf-files and imake from pkgsrc,
so all platforms should not require libXp from libXaw with Imake.
Bump PKGREVISION.
The Asterisk Development Team has announced the release of Asterisk 10.4.0.
The release of Asterisk 10.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Prevent chanspy from binding to zombie channels
* --- Fix Dial m and r options and forked calls generating warnings
for voice frames.
* --- Remove ISDN hold restriction for non-bridged calls.
* --- Fix copying of CDR(accountcode) to local channels.
* --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
* --- Eliminate double close of file descriptor in manager.c
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.0
Thank you for your continued support of Asterisk!
The 1.6.2 series went End of Life on April 21st 2012, so this was
the last update. This package will be deleted in the not too
distnat future.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
Thank you for your continued support of Asterisk!
and AST-2012-006.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve
the following issue:
* A remote crash vulnerability in the SIP channel driver when
processing UPDATE requests. If a SIP UPDATE request was received
indicating a connected line update after a channel was terminated
but before the final destruction of the associated SIP dialog,
Asterisk would attempt a connected line update on a non-existing
channel, causing a crash.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
Thank you for your continued support of Asterisk!
and AST-2012-006.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve
the following issue:
* A remote crash vulnerability in the SIP channel driver when
processing UPDATE requests. If a SIP UPDATE request was received
indicating a connected line update after a channel was terminated
but before the final destruction of the associated SIP dialog,
Asterisk would attempt a connected line update on a non-existing
channel, causing a crash.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
Thank you for your continued support of Asterisk!
Because it depends on changes to the API in libtiff 4.x, set the minimum
BUILDLINK_API_DEPENDS accordingly. And, even though it wasn't building,
bump PKGREVISION to 7; the new package depending on tiff>=4.0 needs to
be distinguishable from the old package depending on tiff<4.0.
XXX: This package desperately needs to be updated. It is years out of
XXX: date with respect to upstream.
Attempt to honor VARBASE instead of blithely dropping stuff into /var;
may be incomplete. Doing this right may require sorting out multiple
/var trees as it shouldn't, at least by default, be working dialer
locks in the pkgsrc VARBASE; however, it's not clear that those will
always necessarily be in /var either. For now the package assumes
they will be though.
*** If I have broken this for you, please let me know ASAP.
pkgsrc change: eliminate ilbc option now that the iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 1.8.11.0.
The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0
Thank you for your continued support of Asterisk!
pkgsrc change: eliminate ilbc option now that iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 10.3.0.
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0
Thank you for your continued support of Asterisk!
