Commit graph

1580 commits

Author SHA1 Message Date
ryoon
45f8f27196 Recursive PKGREVISION bump for xulrunner, nss, and nspr. 2012-03-06 17:38:53 +00:00
wiz
e0808f0de0 More pcre PKGREVISION bumps. 2012-03-03 12:54:15 +00:00
wiz
ee311e3b36 Recursive bump for pcre-8.30* (shlib major change) 2012-03-03 00:11:51 +00:00
hans
bbc6404569 Set perl path from TOOLS_PATH.perl instead of assuming it is in PREFIX. 2012-02-28 11:21:50 +00:00
jnemeth
ed3f427bf9 Upgrade to 10.1.3:
The Asterisk Development Team has announced the release of Asterisk 10.1.3.

The release of Asterisk 10.1.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix ACK routing for non-2xx responses.
  (Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)

* --- Fix regressions with regards to route-set creation on early dialogs ---
  (Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.3

Thank you for your continued support of Asterisk!
2012-02-27 00:18:09 +00:00
jnemeth
227651d436 Update to 1.8.9.3:
pkgsrc changes:

- maintain patch naming convention
- detect kqueue properly

The Asterisk Development Team has announced the release of Asterisk 1.8.9.3.

The release of Asterisk 1.8.9.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix ACK routing for non-2xx responses.
  (Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)

* --- Fix regressions with regards to route-set creation on early dialogs ---
  (Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.3

Thank you for your continued support of Asterisk!
2012-02-26 23:12:56 +00:00
hans
3aac3d65dc Fix build on SunOS. 2012-02-17 13:49:47 +00:00
hans
40819b4e65 Fix build on SunOS. 2012-02-16 18:00:20 +00:00
hans
3ca01df436 Fix build on SunOS. 2012-02-16 17:47:04 +00:00
hans
b691bd4994 Fix build on SunOS. 2012-02-16 17:35:30 +00:00
hans
ab724cef75 Fix build on SunOS. 2012-02-16 17:25:16 +00:00
hans
0e0c6a37db Buildlink textproc/wbxml2 in buildlink3.mk. 2012-02-16 17:22:39 +00:00
hans
35eb698529 Don't enable bluetooth on SunOS. 2012-02-16 17:21:15 +00:00
hans
bc19dd9cb6 Don't use -export-dynamic on SunOS. 2012-02-16 17:20:07 +00:00
hans
f628bdb621 Don't try to install SysV init scripts. That used to fix the build on
SunOS. Now it breaks because of tiff 4.0.
2012-02-16 17:18:50 +00:00
hans
dffea9e1f5 Fix build on SunOS. 2012-02-16 17:13:03 +00:00
hans
04a87af153 Fix build on SunOS. 2012-02-16 16:47:57 +00:00
hans
a488553a3c Fix build on SunOS. 2012-02-16 16:40:34 +00:00
hans
c0dfa2c444 Fix build on SunOS. 2012-02-16 16:30:03 +00:00
hans
54c8799333 Fix build on SunOS. 2012-02-16 16:13:51 +00:00
jnemeth
3e0376d06b The release of Asterisk 10.1.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix SIP INFO DTMF handling for non-numeric codes ---
  (Closes issue ASTERISK-19290. Reported by: Ira Emus)

* --- Fix crash in ParkAndAnnounce ---
  (Closes issue ASTERISK-19311. Reported-by: tootai)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.2
2012-02-12 20:17:16 +00:00
jnemeth
3b81e7b296 Update to Asterisk 1.8.9.2:
The release of Asterisk 1.8.9.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolve
2012-02-12 20:16:31 +00:00
jnemeth
01c9779df4 Update to 1.8.9.1:
The release of Asterisk 1.8.9.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fixes deadlocks occuring in chan_agent ---

* --- Ensure entering T.38 passthrough does not cause an infinite loop ---

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.1

Thank you for your continued support of Asterisk!
2012-02-08 07:27:24 +00:00
jnemeth
1c9cf915b3 Update to 10.1.1:
The release of Asterisk 10.1.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fixes deadlocks occuring in chan_agent ---

* --- Ensure entering T.38 passthrough does not cause an infinite loop ---

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.1

Thank you for your continued support of Asterisk!
2012-02-08 05:42:32 +00:00
wiz
6c9c77e597 Revbump for
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)

Enjoy.
2012-02-06 12:39:42 +00:00
wiz
6b5bd8d27a Revbump for
a) tiff update to 4.0 (shlib major change)
b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk)

Enjoy.
2012-02-06 12:39:17 +00:00
jnemeth
8f29c51c20 Update to Asterisk 10.1.0:
The Asterisk Development Team is pleased to announce the release of
Asterisk 10.1.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 10.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* AST-2012-001: prevent crash when an SDP offer
  is received with an encrypted video stream when support for video
  is disabled and res_srtp is loaded.  (closes issue ASTERISK-19202)
  Reported by: Catalin Sanda

* Allow playback of formats that don't support seeking.  ast_streamfile
  previously did unconditional seeking on files that broke playback of
  formats that don't support that functionality.  This patch avoids the
  seek that was causing the problem.
  (closes issue ASTERISK-18994) Patched by: Timo Teras

* Add pjmedia probation concepts to res_rtp_asterisk's learning mode.  In
  order to better handle RTP sources with strictrtp enabled (which is the
  default setting in 10) using the learning mode to figure out new sources
  when they change is handled by checking for a number of consecutive (by
  sequence number) packets received to an rtp struct based on a new
  configurable value called 'probation'.  Also, during learning mode instead
  of liberally accepting all packets received, we now reject packets until a
  clear source has been determined.

* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.  Failing
  to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
  causes the loop to exit prematurely. This causes a variety of negative side
  effects, depending on when the loop exits. This patch handles the frame by
  essentially swallowing the frame in the local loop, as the current channel
  drivers expect the RTP bridge to handle the frame, and, in the case of the
  local bridge loop, no additional action is necessary.
  (closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
  by: Matt Jordan

* Fix timing source dependency issues with MOH.  Prior to this patch,
  res_musiconhold existed at the same module priority level as the timing
  sources that it depends on.  This would cause a problem when music on
  hold was reloaded, as the timing source could be changed after
  res_musiconhold was processed. This patch adds a new module priority
  level, AST_MODPRI_TIMING, that the various timing modules are now loaded
  at. This now occurs before loading other resource modules, such
  that the timing source is guaranteed to be set prior to resolving
  the timing source dependencies.
  (closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
  Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
  Patched by elguero

* Fix RTP reference leak.  If a blind transfer were initiated using a
  REFER without a prior reINVITE to place the call on hold, AND if Asterisk
  were sending RTCP reports, then there was a reference leak for the
  RTP instance of the transferrer.
  (closes issue ASTERISK-19192) Reported by: Tyuta Vitali

* Fix blind transfers from failing if an 'h' extension
  is present.  This prevents the 'h' extension from being run on the
  transferee channel when it is transferred via a native transfer
  mechanism such as SIP REFER.  (closes issue ASTERISK-19173) Reported
  by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
  Mark Michelson (license 5049)

* Restore call progress code for analog ports. Extracting sig_analog
  from chan_dahdi lost call progress detection functionality.  Fix
  analog ports from considering a call answered immediately after
  dialing has completed if the callprogress option is enabled.
  (closes issue ASTERISK-18841)
  Reported by: Richard Miller Patched by Richard Miller

* Fix regression that 'rtp/rtcp set debup ip' only works when a port
  was also specified.
  (closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
  Walter Doekes

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0

Thank you for your continued support of Asterisk!
2012-01-28 20:39:10 +00:00
jnemeth
5e66279d63 Update to Asterisk 1.8.9.0:
The Asterisk Development Team is pleased to announce the release of
Asterisk 1.8.9.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/

The release of Asterisk 1.8.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* AST-2012-001: prevent crash when an SDP offer
  is received with an encrypted video stream when support for video
  is disabled and res_srtp is loaded.  (closes issue ASTERISK-19202)
  Reported by: Catalin Sanda

* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.  Failing
  to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
  causes the loop to exit prematurely. This causes a variety of negative side
  effects, depending on when the loop exits. This patch handles the frame by
  essentially swallowing the frame in the local loop, as the current channel
  drivers expect the RTP bridge to handle the frame, and, in the case of the
  local bridge loop, no additional action is necessary.
  (closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
  by: Matt Jordan

* Fix timing source dependency issues with MOH.  Prior to this patch,
  res_musiconhold existed at the same module priority level as the timing
  sources that it depends on.  This would cause a problem when music on
  hold was reloaded, as the timing source could be changed after
  res_musiconhold was processed. This patch adds a new module priority
  level, AST_MODPRI_TIMING, that the various timing modules are now loaded
  at. This now occurs before loading other resource modules, such
  that the timing source is guaranteed to be set prior to resolving
  the timing source dependencies.
  (closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
  Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
  Patched by elguero

* Fix RTP reference leak.  If a blind transfer were initiated using a
  REFER without a prior reINVITE to place the call on hold, AND if Asterisk
  were sending RTCP reports, then there was a reference leak for the
  RTP instance of the transferrer.
  (closes issue ASTERISK-19192) Reported by: Tyuta Vitali

* Fix blind transfers from failing if an 'h' extension
  is present.  This prevents the 'h' extension from being run on the
  transferee channel when it is transferred via a native transfer
  mechanism such as SIP REFER.  (closes issue ASTERISK-19173) Reported
  by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
  Mark Michelson (license 5049)

* Restore call progress code for analog ports. Extracting sig_analog
  from chan_dahdi lost call progress detection functionality.  Fix
  analog ports from considering a call answered immediately after
  dialing has completed if the callprogress option is enabled.
  (closes issue ASTERISK-18841)
  Reported by: Richard Miller Patched by Richard Miller

* Fix regression that 'rtp/rtcp set debup ip' only works when a port
  was also specified.
  (closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
  Walter Doekes

For a full list of changes in this release candidate, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0

Thank you for your continued support of Asterisk!
2012-01-28 19:11:35 +00:00
marino
9a2724648e comms/efax-gtk: Fix indirect linking error on DragonFly only 2012-01-24 23:55:57 +00:00
sbd
0baf031533 Recursive dependency bump for databases/gdbm ABI_DEPENDS change. 2012-01-24 09:10:50 +00:00
jnemeth
1fdc34555c Update to Asterisk 1.8.8.2. This fixes AST-2010-001:
Asterisk Project Security Advisory - AST-2012-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SRTP Video Remote Crash Vulnerability           |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 2012-01-15                                      |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Catalin Sanda                                   |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 2012-01-19                                      |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | January 19, 2012                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp < jcolp AT digium DOT com >         |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate a secure video       |
   |             | stream can crash Asterisk if video support has not been  |
   |             | enabled and the res_srtp Asterisk module is loaded.      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |      10.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.8.2           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           10.0.1            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                             SVN URL                             |Branch|
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8  |
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff  |v10   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |   Links   | https://issues.asterisk.org/jira/browse/ASTERISK-19202     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2012-001.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2012-001.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |       Editor       |         Revisions Made          |
   |-----------------+--------------------+---------------------------------|
   | 12-01-19        | Joshua Colp        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2012-001
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2012-01-20 07:31:17 +00:00
jnemeth
11bec36c12 Update to Asterisk 10.0.1. This fixes AST-2012-001:
Asterisk Project Security Advisory - AST-2012-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SRTP Video Remote Crash Vulnerability           |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 2012-01-15                                      |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Catalin Sanda                                   |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 2012-01-19                                      |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | January 19, 2012                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp < jcolp AT digium DOT com >         |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate a secure video       |
   |             | stream can crash Asterisk if video support has not been  |
   |             | enabled and the res_srtp Asterisk module is loaded.      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |      10.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.8.2           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           10.0.1            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                             SVN URL                             |Branch|
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8  |
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff  |v10   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |   Links   | https://issues.asterisk.org/jira/browse/ASTERISK-19202     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2012-001.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2012-001.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |       Editor       |         Revisions Made          |
   |-----------------+--------------------+---------------------------------|
   | 12-01-19        | Joshua Colp        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2012-001
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2012-01-20 07:29:08 +00:00
jnemeth
91ad787651 PR/35369 -- David Wetzel -- add support for speex codec (enabled by default) 2012-01-17 07:07:33 +00:00
jnemeth
5071d5487b PR/35369 -- David Wetzel -- add support for speex codec (enabled by default) 2012-01-17 06:29:41 +00:00
jnemeth
592d3fdf30 PR/35369 -- David Wetzel -- add support for speex codec (enabled by default) 2012-01-17 02:12:52 +00:00
jnemeth
f778a5a089 add and enable asterisk10 2012-01-15 18:39:32 +00:00
jnemeth
6d821d6563 Import Asterisk 10.0.0:
The Asterisk Development Team is proud to announce the release of
Asterisk 10.0.0. This release is available for immediate download
at http://downloads.asterisk.org/pub/telephony/asterisk/

Asterisk 10 is the next major release series of Asterisk. It will
be a Standard support release, similar to Asterisk 1.6.2. For more
information about support time lines for Asterisk releases, see
the Asterisk versions page:

   https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

With the release of the Asterisk 10 branch, the preceding '1.' has
been removed from the version number per the blog post available
at

http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-arrived-at-asterisk-10/

The release of Asterisk 10 would not have been possible without
the support and contributions of the community.

You can find an overview of the work involved with the 10.0.0
release in the summary:

http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary.txt

A short list of available features includes:

* T.38 gateway functionality has been added to res_fax.
* Protocol independent out-of-call messaging support. Text messages not
   associated with an active call can now be routed through the Asterisk
   dialplan. SIP and XMPP are supported so far.
* New highly optimized and customizable ConfBridge application capable
   of mixing audio at sample rates ranging from 8kHz-192kHz
* Addition of video_mode option in confbridge.conf to provide basic video
   conferencing in the ConfBridge() dialplan application.
* Support for defining hints has been added to pbx_lua.
* Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
* Much, much more!

A full list of new features can be found in the CHANGES file.

   http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES

Also, when upgrading a system between major versions, it is imperative
that you read and understand the contents of the UPGRADE.txt file,
which is located at:

   http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt

Thank you for your continued support of Asterisk!
2012-01-15 18:36:18 +00:00
jnemeth
8238febf94 Update to Asterisk 1.8.8.1.
share/doc/asterisk/AST.{txt,pdf} has been replaced with
share/doc/asterisk/Asterisk_Admin_Guide.  You will need a browser
to read the latter.

----- Asterisk 1.8.8.1 -----

The release of Asterisk 1.8.8.1 resolves a regression introduced
in Asterisk 1.8.8.0 reported by the community, and would have not
been possible without your participation.  Thank you!

The following is the issue resolved in this release:

* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop

  Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local
  bridge loop causes the loop to exit prematurely.  This causes a
  variety of negative side effects, which may include having Music
  On Hold failing during a SIP Hold.

For a full description of the changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.1

Thank you for your continued support of Asterisk!

----- Asterisk 1.8.8.0 -----

The release of Asterisk 1.8.8.0 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

The following is a sample of the issues resolved in this release:

* Updated SIP 484 handling; added Incomplete control frame
   When a SIP phone uses the dial application and receives a 484
   Address Incomplete response, if overlapped dialing is enabled
   for SIP, then the 484 Address Incomplete is forwarded back to
   the SIP phone and the HANGUPCAUSE channel variable is set to
   28. Previously, the Incomplete application dialplan logic was
   automatically triggered; now, explicit dialplan usage of the
   application is required.

* Prevent IAX2 from getting IPv6 addresses via DNS
   IAX2 does not support IPv6 and getting such addresses from DNS
   can cause error messages on the remote end involving bad IPv4
   address casts in the presence of IPv6/IPv4 tunnels.

* Fix bad RTP media bridges in directmedia calls on peers separated by
  multiple Asterisk nodes.

* Fix crashes in ast_rtcp_write()

* Fix for incorrect voicemail duration in external notifications.
   This patch fixes an issue where the voicemail duration was being
   reported with a duration significantly less than the actual
   sound file duration.

* Prevent segfault if call arrives before Asterisk is fully booted.

* Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
     http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

* Fix locking order in app_queue.c which caused deadlocks

* Fix regression in configure script for libpri capability checks

* Prevent BLF subscriptions from causing deadlocks.

* Fix deadlock if peer is destroyed while sending MWI notice.

* Fix issue with setting defaultenabled on categories that are already
  enabled by default.

* Don't crash on INFO automon request with no channel
     AST-2011-014. When automon was enabled in features.conf, it
     was possible to crash Asterisk by sending an INFO request if
     no channel had been created yet.

* Fixed crash from orphaned MWI subscriptions in chan_sip
   This patch resolves the issue where MWI subscriptions are orphaned
   by subsequent SIP SUBSCRIBE messages.

* Default to nat=yes; warn when nat in general and peer differ
     AST-2011-013. It is possible to enumerate SIP usernames when
     the general and user/peer nat settings differ in whether to
     respond to the port a request is sent from or the port listed
     for responses in the Via header.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0

Thank you for your continued support of Asterisk!
2012-01-15 03:32:47 +00:00
jnemeth
4695ae4a75 Update to Asterisk 1.6.2.22:
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:

* The sample file listed *two* values for the 'nat' option as being the default.
   Only 'yes' is the default.

* The warning about having differing 'nat' settings confusingly referred to both
   peers and users.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22

Thank you for your continued support of Asterisk!
2012-01-14 08:30:15 +00:00
obache
615c758c19 Recursive bump from audio/libaudiofile, x11/qt4-libs and x11/qt4-tools ABI bump. 2012-01-13 10:54:43 +00:00
dholland
132cb352ac USE_TOOLS, not TOOLS. Apparently my fault 2012-01-04 14:33:53 +00:00
joerg
c791c6861b Remove partial RCS ID from patch which confuses the pkgsrc logic 2011-12-26 03:11:10 +00:00
wiz
cbbd0ce5d3 Fix build with gcc-4.5.
Mark as not MAKE_JOBS_SAFE (doesn't wait for library to be built before
linking it).
2011-12-19 13:44:07 +00:00
wiz
b1cdb8e352 Fix build (add missing headers). 2011-12-19 13:25:22 +00:00
dholland
de6214f7e2 Fix user/group handling; use SPECIAL_PERMS; support user-destdir mode.
Add patch comments.
Fix void main plus a couple build warnings.
PKGREVISION -> 3.
2011-12-18 18:18:50 +00:00
dholland
32e4292289 Needs curses, not termcap. Doesn't build, so no revbump. 2011-12-18 15:52:44 +00:00
sbd
5683bd8796 Add missing mk/termcap buildlink.
Respect LDFLAGS

Bump PKGREVISION
2011-12-17 10:15:00 +00:00
sbd
5500904816 Add missing mk/termcap buildlink.
Bump PKGREVISION
2011-12-17 10:14:56 +00:00
jnemeth
5c0d086acc This update is to fix AST-2011-013 and AST-2011-014.
Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2011-12-12 06:52:40 +00:00
jnemeth
2e4af05973 This update fixes AST-2011-013 and AST-2011-014. It also adapts to changes
in the iLBC codec files.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2011-12-12 05:05:33 +00:00