KGpg is a simple interface for GnuPG, a powerful encryption utility. It
can help you set up and manage your keys, import and export keys, view key
signatures, trust status and expiry dates.
shipping symlinks into /usr/share/automake-1.11 instead of copies of
various semi-standard gnuish files, including some scripts needed by
the build.
Remove the patch that causes the build to try to run things direct
from ${PREFIX}/share/automake-1.11, as that's not the way things are
supposed to be done in a buildlink universe. However, adding a bl3.mk
to automake to allow using this stuff is itself wrong.
So instead, work around this mess by adding a post-extract hack that
deletes the symlinks and replaces them with the actual files from
automake.
Also, add a build dependence on automake so the files are actually
there when we try to reference them. (hi reinoud!)
No revbump needed as the package didn't build.
Grumble.
This is a security fix update. It fixes AST-2012-002.
NOTE NOTE NOTE
This is likely to be the last update to this package. This version
of Asterisk will be EOLed on April 21st, 2012. It will probably
be removed from pkgsrc not long after that. If you are still using
this package, you should consider switching to comms/asterisk18,
the Long Term Support version, or comms/asterisk10 in the near
future.
NOTE NOTE NOTE
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein
app_milliwatt can potentially overrun a buffer on the stack, causing
Asterisk to crash. This does not have the potential for remote
code execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.23
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
Thank you for your continued support of Asterisk!
This is a security fix release. It fixes AST-2012-002 and AST-2012-003.
pkgsrc changes:
- adapt to having iLBC source code included
- fix building on Solaris
- adapt to new sound tarball
----- 10.2.0 -----
The Asterisk Development Team has announced the release of Asterisk 10.2.0.
The release of Asterisk 10.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
* --- Include iLBC source code for distribution with Asterisk ---
* --- Fix callerid of originated calls ---
* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
* --- Create and initialize udptl only when dialog requests image media ---
* --- Don't prematurely stop SIP session timer ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.2.0
Thank you for your continued support of Asterisk!
----- 10.2.1 -----
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible. Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.2.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Thank you for your continued support of Asterisk!
This fixes a vulnerability caused due to an error when parsing a CMAP
record which can be exploited to cause an out-of-bounds write via
specially crafted JPEG files. (SA48498)
This package uses libgcrypt directly.
Usually, libgcrypt will be pulled up from libsoup24->libgnome-keyring->libgcrypt,
but it is not if libsoup24 without `gnome' option.
PR 46116.
Bump PKGREVISION.
