kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/comms
History
jnemeth 9545043a0d Update to Asterisk 11.15.1: this is a security fix. 
pkgsrc change: adapt to splitting up of speex

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2015-001: File descriptor leak when incompatible codecs are offered

                Asterisk may be configured to only allow specific audio or
                video codecs to be used when communicating with a
                particular endpoint. When an endpoint sends an SDP offer
                that only lists codecs not allowed by Asterisk, the offer
                is rejected. However, in this case, RTP ports that are
                allocated in the process are not reclaimed.

                This issue only affects the PJSIP channel driver in
                Asterisk. Users of the chan_sip channel driver are not
                affected.

* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

                CVE-2014-8150 reported an HTTP request injection
                vulnerability in libcURL. Asterisk uses libcURL in its
                func_curl.so module (the CURL() dialplan function), as well
                as its res_config_curl.so (cURL realtime backend) modules.

                Since Asterisk may be configured to allow for user-supplied
                URLs to be passed to libcURL, it is possible that an
                attacker could use Asterisk as an attack vector to inject
                unauthorized HTTP requests if the version of libcURL
                installed on the Asterisk server is affected by
                CVE-2014-8150.

For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

Thank you for your continued support of Asterisk!
2015-01-29 21:54:33 +00:00
..
asterisk Update to Asterisk 11.15.1: this is a security fix. 2015-01-29 21:54:33 +00:00
asterisk-sounds-de-x9media Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
asterisk-sounds-native Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
asterisk10 Update to Asterisk 10.12.4rc6. 2015-01-29 21:52:28 +00:00
asterisk18 Update to asterisk 1.8.32.2: this is a security fix. 2015-01-29 21:48:07 +00:00
binkd Use BROKEN_ON_PLATFORM to fail on LP64PLATFORMS. 2015-01-01 09:28:26 +00:00
birda Fix undefined and broken loop. Fix obviously broken format string. 2013-10-10 00:02:17 +00:00
bthfp Since ONLY_FOR_PLATFORM and NOT_FOR_PLATFORM can be used together, 2015-01-01 09:32:19 +00:00
conserver Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
conserver8 version 8.2.0 (Apr 20, 2014): 2014-11-23 08:57:42 +00:00
deforaos-phone Packaged DeforaOS Phone 0.4.1 2014-10-23 18:33:39 +00:00
dl-ezkit Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
efax Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
efax-gtk Update to 3.2.13 2014-07-19 06:44:05 +00:00
estic remove obsolete patches (replaced by patch-estic-*.cc) 2012-12-13 09:08:39 +00:00
fidogate Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
gammu (pkgsrc) 2014-11-23 09:46:49 +00:00
gkermit Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
gnome-pilot Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
gsmlib Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
hylafax Changes 6.0.6: 2014-03-14 15:59:29 +00:00
java-rxtx The printer port support is experimental, and only supported on some 2013-03-29 12:40:24 +00:00
jpilot Use EXPORT_SYMBOLS_LDFLAGS as suggested by joerg in PR pkg/37855. 2014-11-22 20:49:59 +00:00
jpilot-syncmal Recursive revbump from x11/pixman 2014-05-05 00:47:34 +00:00
kermit Switch license to modified-bsd. Move socks4 option over to use dante. 2015-01-17 15:30:03 +00:00
kyopon Continue on pointer sign warnings from clang. 2013-09-10 14:14:02 +00:00
libmal Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
libopensync Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
libopensync-plugin-evolution2 Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
libopensync-plugin-file Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
libopensync-plugin-kdepim Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
libopensync-plugin-syncml Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
libsyncml bump PKGREVISION for openobex update 2013-03-15 08:25:15 +00:00
libticables2 LDFLAGS.SunOS+= -lsocket -lnsl; Fixes build failure, ideally. 2013-12-31 15:41:17 +00:00
libticalcs2 Import libticalcs2-1.1.7 as comms/libticalcs2. 2013-05-26 22:58:30 +00:00
libticonv Import libticonv-1.1.3 as comms/libticonv. 2013-05-26 22:59:06 +00:00
libtifiles2 Import libtifiles2-1.1.5 as comms/libtifiles2. 2013-05-26 22:59:42 +00:00
lirc Use PKG_SKIP_REASON for unsupported OSes. 2015-01-01 09:35:17 +00:00
lrzsz Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
malsync Reset maintainer for resigned developers. 2013-12-23 11:57:02 +00:00
mgetty+sendfax Bump PKGREVISION for netpbm update. 2014-09-08 21:24:44 +00:00
minicom Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
modemd Also needs groff 2014-02-24 12:44:23 +00:00
msynctool Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
multisync-gui Revbump after updating libwebp and icu 2014-10-07 16:47:10 +00:00
obexapp update MAINTAINER email address 2014-12-30 08:11:14 +00:00
obexftp CMAKE_INSTALL_MANDIR is specified by pkgsrc framework now. 2013-10-09 11:50:36 +00:00
op_panel Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
openobex Update 1.7 to 1.7.1 2014-11-23 11:33:33 +00:00
p5-Asterisk Remove pkgviews: don't set PKG_INSTALLATION_TYPES in Makefiles. 2014-10-09 14:05:50 +00:00
p5-Data-AMF Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
p5-Device-Gsm Remove SVR4_PKGNAME, per discussion on tech-pkg. 2014-10-09 13:44:32 +00:00
p5-Device-Modem Remove SVR4_PKGNAME, per discussion on tech-pkg. 2014-10-09 13:44:32 +00:00
p5-Device-SerialPort Remove SVR4_PKGNAME, per discussion on tech-pkg. 2014-10-09 13:44:32 +00:00
p5-Device-XBee-API Update p5-Device-XBee-API to version 0.7. 2014-06-15 06:22:55 +00:00
p5-pilot-link Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
p5-SMS-Send Don't expect perl to provide p5-Module-Pluggable (removed in 5.20). 2014-05-31 12:56:54 +00:00
pilot-link Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
pilot-link-libs Does not use curses or even termcap 2013-10-16 08:49:43 +00:00
pilotmgr Bump for perl-5.20.0. 2014-05-29 23:35:13 +00:00
plp Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
py-colorama Import py27-colorama-0.3.2 as comms/py-colorama. 2014-12-05 14:52:52 +00:00
py-gammu Update 1.26.1 to 1.33.0, as gammu has been updated, with PLIST adjust. 2014-11-23 10:06:41 +00:00
py-python-termstyle Improve EGG_NAME default to work for packages with '-' in their name. 2014-12-31 13:57:25 +00:00
py-serial Mark packages that are not ready for python-3.3 also not ready for 3.4, 2014-05-09 07:36:53 +00:00
qpage Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
ruby-termios Fix typo, s/GEM_CLEANBUOLD_EXTENSIONS/GEM_CLEANBUILD_EXTENSIONS/. 2015-01-16 09:18:47 +00:00
scmxx Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
snooper Fix attempt at detecting curses. 2013-11-05 17:38:41 +00:00
spandsp Remove fortran77 from USE_LANGUAGES as suggested by jnemeth@ 2013-06-09 23:29:34 +00:00
synce-librapi2 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-libsynce Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-rra Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
synce-serial Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
tilp2 Recursive revbump from x11/pixman 2014-05-05 00:47:34 +00:00
tkhylafax Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-03 11:24:38 +00:00
tn3270 Don't depend on parser skeleton to include stdlib.h. 2015-01-09 14:28:42 +00:00
xisp Revbump after graphics/jpeg and textproc/icu 2013-01-26 21:36:13 +00:00
xtel Install fonts into default font path. Bump PKGREVISION. 2014-06-01 16:44:38 +00:00
Makefile +py-python-termstyle 2014-12-06 03:20:41 +00:00