The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
After such a long gestation period for the release of Cairo 1.12, we
inevitably accumulated a few bugs that were flushed out by broadening the
test base. Thanks to everybody who tried the release, apologies to any one
unfortunate enough to encounter a bug and many thanks for reporting it.
Change logs:
20120901:
* add --render-font-outline option that enables outline fonts
added in SDL_ttf 2.0.10
20120831:
* fix resampling bug in resizeImage function enabled by
-PDA_WIDTH or -DPDA_AUTOSIZE options
20120826:
* fix a bug in getcursorpos2 insn after strsp insn
* fix autosave bug if pretextgosub is not set
- ftp(1) in NetBSD 1.5.2 does not support using -R on files that do not
exist yet. Avoid using this option unless necessary.
- httpd(8) in NetBSD 1.5.2 does not support the -P option. Skip the http
test unless this option is present, as otherwise we cannot easily kill
the spawned httpd instance on a test failure.
0.35 to 0.36.
pkgsrc changes:
- bump required version of textproc/p5-Text-CSV_XS
Upstream changes:
0.36 - 2012-08-22, H.Merijn Brand
* Add line/record number and position in error messages
from 0.90 to 0.91.
Upstream changes:
0.91 - 2012-08-21, H.Merijn Brand
* Prevent test-failures for long doubles on weird architectures
* More utf-8 tests for te change of 0.90
* Update test case now 5.005 is not supported anymore
* Rip out the tell/seek introduced in 0.90
databases/p5-DBIx-Class-Schema-Loader from 0.07012 to 0.07031.
pkgsrc changes:
- adjusting dependencies according to distribution's meta information
Upstream changes since 0.07012:
0.07031 2012-09-06 15:07:08
- fix 02pod.t failure due to lack of =encoding utf8 statement (patch by
Marcel Gruenauer) (RT#79481)
0.07030 2012-09-06 03:27:09
- allow user to set qualify_objects=0 in multischema configurations
(andrewalker)
0.07029 2012-09-05 16:41:56
- Oracle: introspect ON DELETE and DEFERRABLE FK clauses
- Oracle WARNING: on_delete is now 'NO ACTION' by default, not
'CASCADE'. on_update is now 'NO ACTION' by default (Oracle does not
have update rules, this was done to preserve the behavior of the
schema when cross-deploying to SQLite.) is_deferrable is now
0 by default, not 1.
- DB2: introspect ON DELETE/UPDATE FK clauses
- DB2 WARNING: the default for on_delete/on_update is now 'NO ACTION'
not 'CASCADE', the default for is_deferrable is still 1 because DB2
does not have deferrable constraints.
- SQLite: introspect ON DELETE/UPDATE and DEFERRABLE FK clauses
- SQLite WARNING: the default for on_delete/on_update is now 'NO ACTION'
not 'CASCADE', and the default for is_deferrable is now 0 not 1.
0.07028 2012-08-30 05:32:42
- MSSQL: introspect ON DELETE/UPDATE clauses for foreign keys
- MSSQL WARNING: the default for on_delete/on_update is now 'NO ACTION'
not 'CASCADE'.
0.07027 2012-08-26 22:39:45
- PostgreSQL: introspect ON DELETE/UPDATE clauses for foreign keys and
the DEFERRABLE clause.
- PostgreSQL WARNING: the default for on_delete/on_update attributes for
belongs_to relationships is now 'NO ACTION' not 'CASCADE! The default
for is_deferrable is now 0 not 1.
0.07026 2012-08-26 01:01:26
- MySQL: introspect ON DELETE/UPDATE clauses for foreign keys.
- MySQL WARNING: the default on_delete/on_update attributes for
belongs_to relationships is now RESTRICT, *NOT* CASCADE! This is
overridable via the relationship_attrs option.
0.07025 2012-06-08 22:48:05
- support SQL Server 2000 again (broken in 0.07011)
- some slight optimization for SQL Server driver
0.07024 2012-05-08 15:35:16
- work around broken keyseq in DBD::Pg foreign_key_info (RT#77062)
0.07023 2012-05-05 11:44:15
- properly order FK columns when using base ::DBI loader (SineSwiper)
- bump Class::Inspector dep to 1.27 due to test failures with earlier
versions on perl >= 5.15.7 (RT#74236)
0.07022 2012-04-08 12:11:00
- do separate queries for default_value on Sybase ASE as some servers
can't join to that table (pcmantz) (RT#74170)
- set correct size for nchar/nvarchar columns for Sybase ASE,
depending on @@ncharsize
0.07021 2012-04-04 23:47:34
- use ::Schema::connect instead of ::Schema::connection in
make_schema_at (RT#74175)
- register sources on the schema class, never the instance, regardless
of how the connection is made for dynamic schemas
0.07020 2012-03-31 21:34:06
- fix some mro issues under perl 5.8
0.07019 2012-03-28 17:23:09
- fix some errors due to case issues (RT#75805)
0.07018 2012-03-27 05:55:10
- skip dbicdump tests on Win32 due to test fails (RT#75732)
- fix undefined warnings for DBDs without schemas
- work around ORA-24345 from $dbh->column_info
- fix spelling mistake in Base POD (RT#74796)
0.07017 2012-02-07 07:23:48
- *EXPERIMENTAL* support for dumping PostgreSQL schemas inside of a
transaction
- use DBI table_info/column_info REMARKS field if/where available for
table/column comments (SineSwiper)
- better compatibility with more DBDs (SineSwiper)
0.07015 2011-12-09 10:36:17
- generate many_to_many bridges for targets of link tables
0.07014 2011-11-18 17:06:34
- fix a bug in the automatic multischema clashing moniker disambiguation
code that overwrote $loader->moniker_parts
0.07013 2011-11-17 23:12:47
- automatically prefix database/schema to clashing monikers for
the same table name in multischema configurations
textproc/p5-Lingua-EN-Tagger from 0.16nb2 to 0.20.
pkgsrc changes:
- add newly introduced dependency to www/p5-HTML-Tagset
Upstream changes since 0.16:
0.20 Aaron Coburn 7/6/12
Escaped curly braces in regex patterns.
In perl 5.17 this becomes necessary.
0.19 Aaron Coburn 5/28/12
Added missing metadata fields to
Makefile.PL
0.18 Aaron Coburn 5/11/12
Added requirement for 5.8 for proper
unicode support. Modified get_sentences
routine for $ chars as with preceeding
issue.
0.17 Aaron Coburn 5/10/12
Added better error handling for loading
YAML files. Fixed error in get_sentences
routine related to (, [ and { characters
being fused to the preceding word.
* Drop built-in support for OS/2. If you need to upgrade an OS/2 application to
use this or a later version of SQLite, then add an application-defined VFS
using the sqlite3_vfs_register() interface. The code removed in this release
can serve as a baseline for the application-defined VFS.
* Ensure that floating point values are preserved exactly when reconstructing a
database from the output of the ".dump" command of the command-line shell.
* Added the sqlite3_close_v2() interface.
* Updated the command-line shell so that it can be built using
SQLITE_OMIT_FLOATING_POINT and SQLITE_OMIT_AUTOINIT.
* Improvements to the windows makefiles and build processes.
* Enhancements to PRAGMA integrity_check and PRAGMA quick_check so that they
can optionally check just a single attached database instead of all attached
databases.
* Enhancements to WAL mode processing that ensure that at least one valid
read-mark is available at all times, so that read-only processes can always
read the database.
* Performance enhancements in the sorter used by ORDER BY and CREATE INDEX.
* Added the SQLITE_DISABLE_FTS4_DEFERRED compile-time option.
* Better handling of aggregate queries where the aggregate functions are
contained within subqueries.
* Enhance the query planner so that it will try to use a covering index on
queries that make use of or optimization.
