Commit graph

1538 commits

Author SHA1 Message Date
wiz
cbbd0ce5d3 Fix build with gcc-4.5.
Mark as not MAKE_JOBS_SAFE (doesn't wait for library to be built before
linking it).
2011-12-19 13:44:07 +00:00
wiz
b1cdb8e352 Fix build (add missing headers). 2011-12-19 13:25:22 +00:00
dholland
de6214f7e2 Fix user/group handling; use SPECIAL_PERMS; support user-destdir mode.
Add patch comments.
Fix void main plus a couple build warnings.
PKGREVISION -> 3.
2011-12-18 18:18:50 +00:00
dholland
32e4292289 Needs curses, not termcap. Doesn't build, so no revbump. 2011-12-18 15:52:44 +00:00
sbd
5683bd8796 Add missing mk/termcap buildlink.
Respect LDFLAGS

Bump PKGREVISION
2011-12-17 10:15:00 +00:00
sbd
5500904816 Add missing mk/termcap buildlink.
Bump PKGREVISION
2011-12-17 10:14:56 +00:00
jnemeth
5c0d086acc This update is to fix AST-2011-013 and AST-2011-014.
Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2011-12-12 06:52:40 +00:00
jnemeth
2e4af05973 This update fixes AST-2011-013 and AST-2011-014. It also adapts to changes
in the iLBC codec files.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2011-12-12 05:05:33 +00:00
sbd
701c09ae49 1) Add missing mk/curses buildlink.
2) Pass BUILDLINK_CPPFLAGS and BUILDLINK_LDFLAGS to the make process.
3) Have the build variables  HAVE_LIBCURSES and HAVE_CURSES needed for the
   linux build set the by pkgsrc.

Bump PKGREVISION
2011-12-06 01:19:15 +00:00
adam
48bd48f954 Put <limits.h> back and fix PR#45540 2011-12-05 08:10:18 +00:00
jnemeth
d97e887bf9 Now that -current has sqlite3 included in base, enable it here. 2011-12-05 04:18:32 +00:00
hans
4a93e279bb Fix previous fix. 2011-11-30 23:48:18 +00:00
hans
b310e96b20 Fix a warnings about assigned but unused variable, which caused the
build to fail.
2011-11-29 15:12:07 +00:00
joerg
f76795ec07 Fix build with newer GCC 2011-11-27 19:36:09 +00:00
joerg
f04d7e101f Fix various missing includes. 2011-11-25 21:34:34 +00:00
joerg
70c3141e59 Fix build with newer GCC 2011-11-24 14:16:18 +00:00
tron
57b00f36d3 Fix build under recent versions of Mac OS X by selectin a make target
that actually exists.
2011-11-20 12:01:50 +00:00
dholland
dfed9c02ab TOOLS+=yacc, may unbreak Linux build 2011-11-14 01:36:46 +00:00
taca
6b9a0108b4 * Remove .require_paths from PLIST
* Bump PKGREVISION.
2011-11-08 15:37:33 +00:00
hiramatsu
2e8ef22e07 Add LICENSE. 2011-11-05 23:13:27 +00:00
sbd
e93e5d65e3 Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:11:52 +00:00
sbd
04daa2f1b8 Recursive bump for graphics/freetype2 buildlink addition. 2011-11-01 06:00:33 +00:00
obache
4d60596b1b distutils package, register egg-info.
Bump PKGREVISION.
2011-10-29 13:22:16 +00:00
jnemeth
636c6f0efe Update to 1.8.7.1 -- this update fixes AST-2011-012
pkgsrc change:  now what sqlite3 has been imported into NetBSD, enable it

               Asterisk Project Security Advisory - AST-2011-012

          Product         Asterisk
          Summary         Remote crash vulnerability in SIP channel driver
     Nature of Advisory   Remote crash
       Susceptibility     Remote authenticated sessions
          Severity        Critical
       Exploits Known     No
        Reported On       October 4, 2011
        Reported By       Ehsan Foroughi
         Posted On        October 17, 2011
      Last Updated On     October 17, 2011
      Advisory Contact    Terry Wilson <twilson@digium.com>
          CVE Name        CVE-2011-4063

    Description  A remote authenticated user can cause a crash with a
                 malformed request due to an unitialized variable.

    Resolution  Ensure variables are initialized in all cases when parsing
                the request.

                               Affected Versions
           Product         Release Series
    Asterisk Open Source       1.8.x       All versions
    Asterisk Open Source        10.x       All versions (currently in beta)

                                  Corrected In
                  Product                              Release
            Asterisk Open Source                 1.8.7.1, 10.0.0-rc1

                                    Patches
                             Download URL                           Revision
   http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
   http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff  10

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-012.pdf and
    http://downloads.digium.com/pub/security/AST-2011-012.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-012
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
2011-10-17 23:40:50 +00:00
hiramatsu
d347bf3015 Fix build with perl 5.14.1 2011-10-14 11:26:31 +00:00
jnemeth
3e61759e68 Update to 1.8.7.0nb1.
This update adds a "jabber" option which is enabled by default.
This option pulls in iksemel which is used by the res_jabber.
Doing this allows chan_jingle (jabber) and chan_gtalk to work.
2011-10-12 03:21:07 +00:00
jnemeth
12cc353a8e Revert previous. This package was marked OWNER= for a reason! 2011-10-11 03:15:50 +00:00
jnemeth
12dcabb06c Update to 1.8.7.0 (mainly bug fixes).
pkgsrc changes:
- adjust for ilbc changes after it was acquired by Google
- install AST.pdf IAX2-security.pdf into share/doc/asterisk

1.8.7.0:
========

The release of Asterisk 1.8.7.0 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

Please note that a significant numbers of changes and fixes have
gone into features.c in this release (call parking, built-in
transfers, call pickup, etc.).

NOTE:

Recently, we were notified that the mechanism included in our
Asterisk source code releases to download and build support for
the iLBC codec had stopped working correctly; a little investigation
revealed that this occurred because of some changes on the
ilbcfreeware.org website. These changes occurred as a result of
Google's acquisition of GIPS, who produced (and provided licenses
for) the iLBC codec.

If you are a user of Asterisk and iLBC together, and you've already
executed a license agreement with GIPS, we believe you can continue
using iLBC with Asterisk. If you are a user of Asterisk and iLBC
together, but you had not executed a license agreement with GIPS,
we encourage you to research the situation and consult with your
own legal representatives to determine what actions you may want
to take (or avoid taking).

More information is available on the Asterisk blog:

http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googles-acquisition-of-gips/

The following is a sample of the issues resolved in this release:

* Added the 'storesipcause' option to sip.conf to allow the user to
   disable the setting of HASH(SIP_CAUSE,) on the channel. Having
   chan_sip set HASH(SIP_CAUSE,) on the channel carries a significant
   performance penalty because of the usage of the MASTER_CHANNEL()
   dialplan function.

   We've decided to disable this feature by default in future 1.8
   versions. This would be an unexpected behavior change for anyone
   depending on that SIP_CAUSE update in their dialplan. Please
   refer to the asterisk-dev mailing list more information:

   http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html

* Significant fixes and improvements to parking lots.
   (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430,
   ASTERISK-17452, ASTERISK-17452, ASTERISK-15792.)

* Numerous issues have been reported for deadlocks that are caused
   by a blocking read in res_timing_timerfd on a file descriptor
   that will never be written to.

   A change to Asterisk adds some checks to make sure that the
   timerfd is both valid and armed before calling read(). Should
   fix: ASTERISK-18142, ASTERISK-18197, ASTERISK-18166 and possibly
   others.  (In essence, this change should make res_timing_timerfd
   usable.)

* Resolve segfault when publishing device states via XMPP and not connected.
   (Closes issue ASTERISK-18078.)

* Refresh peer address if DNS unavailable at peer creation.
   (Closes issue ASTERISK-18000)

* Fix the missing DAHDI channels when using the newer chan_dahdi.conf
   sections for channel configuration.
   (Closes issue ASTERISK-18496.)

* Remove unnecessary libpri dependency checks in the configure script.
   (Closes issue ASTERISK-18535.)

* Update get_ilbc_source.sh script to work again.
   (Closes issue ASTERISK-18412)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0

Thank you for your continued support of Asterisk!


1.8.6.0:
========

The release of Asterisk 1.8.6.0 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

The following is a sample of the issues resolved in this release:

* Fix an issue with Music on Hold classes losing files in playlist
   when realtime is used.  (Closes issue ASTERISK-17875.)

* Resolve a potential crash in chan_sip when utilizing auth= and
   performing a 'sip reload' from the console.  (Closes issue
   ASTERISK-17939.)

* Address some improper sql statements in res_odbc that would cause
   an update to fail on realtime peers due to trying to set as
   "(NULL)" rather than an actual NULL.  (Closes issue ASTERISK-17791.)

* Resolve issue where 403 Forbidden would always be sent maximum
   number of times regardless to receipt of ACK.

* Resolve issue where if a call to MeetMe includes both the dynamic(D)
   and always request PIN(P) options, MeetMe will ask for the PIN
   two times:  once for creating the conference and once for entering
   the conference.

* Fix New Zealand indications profile based on
   http://www.telepermit.co.nz/TNA102.pdf
   (Closes issue ASTERISK-16263.)

* Segfault in shell_helper in func_shell.c
   (Closes issue ASTERISK-18109.)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0

Thank you for your continued support of Asterisk!
2011-10-11 03:12:55 +00:00
jnemeth
d58eba77e5 Revert previous. This package is marked OWNER= for a reason! 2011-10-11 02:13:40 +00:00
dholland
dedec9fba6 Fix native X build by cleaning up FONTDIR after imake. Ride previous bump. 2011-10-09 03:53:31 +00:00
dholland
3ee72b3ed9 Add a monster cleanup patch, posted as a distfile, to fix rampant
misuse of function pointer casts and mismatched function calls and
arguments. Now this has some chance at running on something other
than i386.

PKGREVISION -> 12.
2011-10-09 03:35:26 +00:00
shattered
1f8d6d58ff Remove zaptel option everywhere (zaptel-netbsd package was removed) 2011-10-08 13:49:08 +00:00
dholland
7d65f7a6e0 Not MAKE_JOBS_SAFE 2011-10-08 07:04:34 +00:00
wiz
78bf2cbc7e Remove zaptel option, zaptel-netbsd was removed. 2011-10-06 08:35:01 +00:00
wiz
52dbab663f Remove packages depending on the removed packages. 2011-10-02 14:32:31 +00:00
wiz
0922371859 Remove packages scheduled to be deleted according to the pkgsrc-2011Q2
release notes.
2011-10-02 14:11:51 +00:00
joerg
d75cc0e9ea Add a missing includes 2011-09-25 19:41:11 +00:00
joerg
33fd24a1cb Add missing include 2011-09-25 19:40:28 +00:00
joerg
b69f58ed3a Uses chown during install phase, so ensure that the user/group exists
for destdir operation
2011-09-24 19:30:40 +00:00
obache
52885bfd2a Let to use new C++ style headers first for CXX runtime check,
taken from upstream.

Fixes PR pkg/45324.
2011-09-03 08:52:59 +00:00
jnemeth
f1f42d12d4 Add a patch for PR/44766. The issue was that older versions of gas
require you to use movd (instead of movq) when transferring data
between reg32/64 and an mmx register.  No PKGREVISION bump since it
failed to compile on amd64 meaning there was no binary package.
2011-09-01 09:22:30 +00:00
dsainty
42a8e6dab0 Update to Device-XBee-API version 0.4
Changes:

0.4, 20110831 - jeagle

Fix packet timeout bug reported by Dave S.

Replace call to die() in __data_to_int with return undef, update docs to
reflect this.
2011-09-01 02:29:38 +00:00
dsainty
7f1bd627e6 +p5-Device-XBee-API 2011-08-28 06:46:56 +00:00
dsainty
466028fd1d Import Device::XBee::API version 0.3.
Device::XBee::API is a module designed to encapsulate the Digi XBee API in
object-oriented Perl.  This module expects to communicate with an XBee
module using the API firmware via a serial (or serial over USB) device.
2011-08-28 06:40:10 +00:00
hans
60fff8c6cd Update to 9.0.302, see http://www.columbia.edu/kermit/ck90.html for more
information.

Tested on NetBSD-current and OpenIndiana.

Support for ssl and kerberos is now available through the options
framework.
2011-08-25 14:54:06 +00:00
hans
d45f9eff23 FILE is a opaque data type on 64bit SunOS, its true definition is not
available in any headers.

Hack around this by adding the definition from the Illumos source in the
relevant place. Fixes 64bit build.
2011-08-25 13:46:28 +00:00
wiz
a829b53daa Update to 1.58:
1.58  Mon Mar  7 22:31:22 EST 2011
    - Fixed RT #48229, an uninitialized value when registering to the network
      but getting no answer from the phone.

1.57  Mon Mar  7 20:53:03 EST 2011
    - Fixed a bug in send_sms() that prevented it from working at all.
      The bug was introduced with the "assume_registered" option.
    - Fixed RT #57585. Thanks to Eric Kössldorfer for his patch and
      test case.
    - Added PDU<->latin1 conversion functions in Device::Gsm::Pdu
    - Note to self: first release from Australia!
2011-08-16 19:58:06 +00:00
wiz
7db4f6d003 Update to 1.54:
1.54  Sun May 29 20:53:23 AEST 2011
    - Removed uninitialized warning on $obj->{'CONNECTED'}.
      Fixes RT #68504.
2011-08-16 19:56:56 +00:00
obache
914df23d5b Revision bump after updating perl5 to 5.14.1. 2011-08-14 07:38:55 +00:00
jnemeth
7de85296ed Bump PKGREVISION for perl update. 2011-08-07 02:40:32 +00:00