Automatic conversion of the NetBSD pkgsrc CVS module, use with care
Find a file
jnemeth 5f1b0b0d07 Update to Asterisk 1.8.24.1: this is a security update that fixes
AST-2013-006 and AST-2013-007.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.

The release of these versions resolve the following issues:

* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
  infinite loop could occur which would overwrite memory when a message is
  received into the unpacksms16() function and the length of the message is an
  odd number of bytes.

* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
  now marks certain individual dialplan functions as 'dangerous', which will
  inhibit their execution from external sources.

  A 'dangerous' function is one which results in a privilege escalation. For
  example, if one were to read the channel variable SHELL(rm -rf /) Bad
  Things(TM) could happen; even if the external source has only read
  permissions.

  Execution from external sources may be enabled by setting 'live_dangerously'
  to 'yes' in the [options] section of asterisk.conf. Although doing so is not
  recommended.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf

Thank you for your continued support of Asterisk!
2013-12-17 02:29:11 +00:00
archivers Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes. 2013-12-09 14:17:41 +00:00
audio Use "cpuset_t" on FreeBSD, this lets the package build. 2013-12-16 19:00:03 +00:00
benchmarks Add and enable "dnsperf". 2013-11-30 20:31:30 +00:00
biology Add socket libraries on SunOS. Patch from Sebastian Wiedenroth. 2013-12-10 14:18:05 +00:00
bootstrap Suggest placing pkgdb under prefix. 2013-12-16 10:43:09 +00:00
cad Has race conditions during build. 2013-11-29 12:53:45 +00:00
chat +phone 2013-12-16 06:42:47 +00:00
comms Update to Asterisk 1.8.24.1: this is a security update that fixes 2013-12-17 02:29:11 +00:00
converters Update to 0.19.6: 2013-12-11 19:45:28 +00:00
cross Don't let the installation path of libiberty.a depend on the multi-os 2013-12-08 22:31:53 +00:00
databases Use uniform shared library names to avoid packaging list divergence. 2013-12-15 18:45:18 +00:00
devel Add missing half of the Darwin patch. 2013-12-16 15:31:05 +00:00
distfiles
doc Note update of tex-context{,-doc} 2013-12-17 01:46:39 +00:00
editors Revbump from qt5* updates 2013-12-15 09:43:58 +00:00
emulators Bump PKGREVISON 2013-12-13 02:13:24 +00:00
filesystems Revbump from devel/apr update 2013-12-01 10:18:02 +00:00
finance Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes. 2013-12-09 14:17:41 +00:00
fonts One final fixup for freetype2. Fixes build with freetype 2.5.x. 2013-12-11 23:49:52 +00:00
games Disable optimisation for disassembler.cpp for Clang, it will eat too 2013-12-15 19:37:41 +00:00
geography Various patches to fix SunOS build, from Sebastian Wiedenroth. 2013-12-10 12:22:52 +00:00
graphics Build with freetype 2.5.x 2013-12-15 08:25:38 +00:00
ham Needs version 2 of sdcc. 2013-12-08 22:32:15 +00:00
inputmethod LC_CTYPE needs <clocale> 2013-12-15 19:38:33 +00:00
lang main DISTFILE must not be commented out. 2013-12-17 01:08:30 +00:00
licenses Add arrl-license. 2013-09-13 14:18:36 +00:00
mail restore enigmail checksums 2013-12-16 08:45:18 +00:00
math FreeBSD 9 lacks the same set of functions as NetBSD 6. 2013-12-15 19:58:11 +00:00
mbone Bump PKGREVISION for libXft changes for NetBSD native X support on 2013-06-06 12:53:40 +00:00
meta-pkgs x11-links should only be used with X11_TYPE == native. 2013-12-12 13:27:17 +00:00
misc Build on Linux. 2013-12-16 09:53:44 +00:00
mk Switch FETCH_USING to "fetch" by default on FreeBSD. 2013-12-16 05:47:43 +00:00
multimedia Force explicit bool conversion for C++11 mode. 2013-12-15 19:42:04 +00:00
net + exabgp 2013-12-15 22:24:06 +00:00
news another time_t on 32bit system issue, a less fatal one. 2013-12-11 09:45:14 +00:00
packages
parallel Update to SLURM 2.6.4 2013-12-06 06:05:30 +00:00
pkgtools Fix const correctness issue that has been intermittently causing build 2013-11-29 23:13:56 +00:00
print Update tex-context{,-doc} to 2013 2013-12-17 01:43:29 +00:00
regress
security Take MAINTAINERship; I more or less have been. 2013-12-16 01:03:02 +00:00
shells Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes. 2013-12-09 14:17:41 +00:00
sysutils Add -lclucene-shared on Darwin. 2013-12-16 12:07:20 +00:00
templates
textproc Pull stdint.h to fix build on FreeBSD 9. 2013-12-16 19:35:16 +00:00
time Update ruby-tz to 0.3.38. 2013-12-13 15:42:17 +00:00
wm + obconf 2013-12-08 08:00:26 +00:00
www Remove "used by" lines for contao31/contao31-example. 2013-12-16 01:49:06 +00:00
x11 No utmp.h on modern FreeBSD, use utmpx.h instead. 2013-12-16 19:51:14 +00:00
Makefile
pkglocate Fix PR 39648: 2010-11-11 19:56:34 +00:00
README

$NetBSD: README,v 1.18 2005/05/07 22:18:28 wiz Exp $

Please see doc/pkgsrc.txt for information.