Automatic conversion of the NetBSD pkgsrc CVS module, use with care
Find a file
jnemeth 5fb63ec5f0 Update to asterisk 1.8.32.2: this is a security fix.
pkgsrc change: adapt to splitting up of speex

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2015-001: File descriptor leak when incompatible codecs are offered

                Asterisk may be configured to only allow specific audio or
                video codecs to be used when communicating with a
                particular endpoint. When an endpoint sends an SDP offer
                that only lists codecs not allowed by Asterisk, the offer
                is rejected. However, in this case, RTP ports that are
                allocated in the process are not reclaimed.

                This issue only affects the PJSIP channel driver in
                Asterisk. Users of the chan_sip channel driver are not
                affected.

* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

                CVE-2014-8150 reported an HTTP request injection
                vulnerability in libcURL. Asterisk uses libcURL in its
                func_curl.so module (the CURL() dialplan function), as well
                as its res_config_curl.so (cURL realtime backend) modules.

                Since Asterisk may be configured to allow for user-supplied
                URLs to be passed to libcURL, it is possible that an
                attacker could use Asterisk as an attack vector to inject
                unauthorized HTTP requests if the version of libcURL
                installed on the Asterisk server is affected by
                CVE-2014-8150.

For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

Thank you for your continued support of Asterisk!
2015-01-29 21:48:07 +00:00
archivers Update to 1.5: 2015-01-29 13:28:28 +00:00
audio After speex update, depend on speexdsp. 2015-01-29 21:26:52 +00:00
benchmarks Update HOMEPAGE, was 404. 2015-01-20 06:43:09 +00:00
biology Update HOMEPAGE, was Host Unknown. But the link to download still gets 404. 2014-12-20 12:02:28 +00:00
bootstrap remove obsolated information for bootstrap kit and binary packages. 2015-01-19 00:12:43 +00:00
cad Update tkgate to 1.8.7. Patch provided by Edgar Fuss in PR pkg/49482, 2015-01-17 14:48:56 +00:00
chat recursive revbump due to net/adns update 1.4 to 1.5.0 2015-01-29 09:53:29 +00:00
comms Update to asterisk 1.8.32.2: this is a security fix. 2015-01-29 21:48:07 +00:00
converters Fix PLIST for doxygen-1.8.9 and depend on that version. 2015-01-28 06:45:41 +00:00
cross PKGREVISION++, by converting (duplicated) libconfuse to confuse. Thanks gdt@. 2015-01-18 06:18:58 +00:00
databases Fix path to MySQL binary in the SMF method script. Bump PKGREVISION. 2015-01-26 12:39:56 +00:00
devel Update 0.16.02 to 0.18 2015-01-29 12:42:01 +00:00
distfiles
doc Updated graphics/p5-RRDTool-OO to 0.35 2015-01-29 20:47:30 +00:00
editors editors/lyx: update to 2.1.2.2 2015-01-10 18:13:22 +00:00
emulators Add upstream bug report URLs. 2015-01-29 20:08:16 +00:00
filesystems recuesive bump from libarchive major update. 2015-01-21 09:12:41 +00:00
finance Update to 2.6.5, switch to yelp3 since it has a higher chance of 2015-01-06 15:03:01 +00:00
fonts The freetype2 version in the pkg-config file was not properly 2015-01-28 08:17:33 +00:00
games recursive revbump due to net/adns update 1.4 to 1.5.0 2015-01-29 09:53:29 +00:00
geography Add opencpn-plugin-gshhs 2015-01-28 14:15:22 +00:00
graphics Update to 0.35, from Kai-Uwe Eckhardt <kuehro@gmx.de> in private mail. 2015-01-29 20:47:22 +00:00
ham - Re-packaged due to devel/doxygen update 1.8.8 to 1.8.9.1 2015-01-28 00:57:27 +00:00
inputmethod reported to upstream 2015-01-29 11:45:25 +00:00
lang Limit memory used by the Queens test program. 2015-01-29 21:29:32 +00:00
licenses skype21-license: Arise from your grave! and be used by wip/skype4. 2014-12-04 19:59:58 +00:00
mail Fix URL for sieve distribution files. 2015-01-28 17:44:28 +00:00
math specifiy -undefined dynamic-lookup with PKGSRC_FORTRAN=gfortran on Darwin 2015-01-27 06:36:27 +00:00
mbone Re-do the get_timestamp() patch to instead of calling times() use 2015-01-13 20:25:13 +00:00
meta-pkgs patches/patch-libs_context_src_asm_make__ppc32__sysv__macho__gas.S: Fix build failure on PPC Darwin 2015-01-25 11:26:50 +00:00
misc Don't kill attributes when building with clang. 2015-01-29 21:30:35 +00:00
mk ressurect support for PKGSRC_FORTRAN=gfortran and point it at gcc48 2015-01-27 04:53:46 +00:00
multimedia Update adobe-flash-plugin11 to 11.2.202.440 for APSA15-01 (CVE-2015-0311). 2015-01-27 11:24:57 +00:00
net recursive revbump due to net/adns update 1.4 to 1.5.0 2015-01-29 09:53:29 +00:00
news Use BROKEN_EXCEPT_ON_PLATFORM for where configs have to be created manually. 2015-01-01 11:19:28 +00:00
packages
parallel Fold PLIST.Linux into PLIST using more plist vars, and add more files 2015-01-15 20:51:11 +00:00
pkgtools removed patches, integrated upstream 2015-01-25 10:10:52 +00:00
print Remove patch not in distinfo. 2015-01-29 09:29:18 +00:00
regress Do not use a naked "make", instead use TEST_MAKE. Now it fails differently. 2014-06-21 16:34:13 +00:00
security Fix typo in previous. 2015-01-27 13:54:10 +00:00
shells Update HOMEPAGE, was not registered on DNS 2015-01-25 08:35:07 +00:00
sysutils Fix build with clang and on NetBSD/current. 2015-01-29 21:33:47 +00:00
templates
textproc Update groonga to 4.1.1. 2015-01-29 10:34:14 +00:00
time Revbump associated with update of lang/ocaml. 2015-01-20 14:24:34 +00:00
wm Tell configure explicitly where to look for X11 headers and libs. 2015-01-21 15:22:14 +00:00
www Make gssapi a default-on option instead of a fixed dependency. 2015-01-29 10:29:13 +00:00
x11 Update to 2.14: 2015-01-29 10:17:03 +00:00
Makefile
pkglocate
README

$NetBSD: README,v 1.18 2005/05/07 22:18:28 wiz Exp $

Please see doc/pkgsrc.txt for information.