Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.NetBSD.org", Issuer "Postmaster NetBSD.org" (not verified)) by mollari.NetBSD.org (Postfix) with ESMTPS id DD7A2A566B for ; Mon, 23 Dec 2013 01:34:19 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id F0F0C14A2B6; Mon, 23 Dec 2013 01:34:18 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id C53A614A2AF for ; Mon, 23 Dec 2013 01:34:04 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id L-CfkQL4wBEW for ; Mon, 23 Dec 2013 01:34:03 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 87AB014A269 for ; Mon, 23 Dec 2013 01:34:03 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id 3E4F396; Mon, 23 Dec 2013 01:34:03 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Mon, 23 Dec 2013 01:34:03 +0000 From: "John Nemeth" Subject: CVS commit: pkgsrc/comms/asterisk To: pkgsrc-changes@NetBSD.org Reply-To: jnemeth@netbsd.org X-Mailer: log_accum Message-Id: <20131223013403.3E4F396@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: jnemeth Date: Mon Dec 23 01:34:03 UTC 2013 Modified Files: pkgsrc/comms/asterisk: Makefile distinfo pkgsrc/comms/asterisk/patches: patch-apps_app__queue.c patch-main_udptl.c patch-res_res__xmpp.c Added Files: pkgsrc/comms/asterisk/patches: patch-apps_app__meetme.c patch-main_format.c patch-main_http.c Log Message: Update to Asterisk 11.6.1: this is a security fix update to fix AST-2013-006 and AST-2013-007, and a minor bug fix update. pkgsrc change: disable SRTP on NetBSD as it doesn't link ---- 11.6.1 ---- The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4, 10.12.4-digiumphones, and 11.6.1. The release of these versions resolve the following issues: * A buffer overflow when receiving odd length 16 bit messages in app_sms. An infinite loop could occur which would overwrite memory when a message is received into the unpacksms16() function and the length of the message is an odd number of bytes. * Prevent permissions escalation in the Asterisk Manager Interface. Asterisk now marks certain individual dialplan functions as 'dangerous', which will inhibit their execution from external sources. A 'dangerous' function is one which results in a privilege escalation. For example, if one were to read the channel variable SHELL(rm -rf /) Bad Things(TM) could happen; even if the external source has only read permissions. Execution from external sources may be enabled by setting 'live_dangerously' to 'yes' in the [options] section of asterisk.conf. Although doing so is not recommended. These issues and their resolutions are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2013-006 and AST-2013-007, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf Thank you for your continued support of Asterisk! ----- 11.6.0 ----- The Asterisk Development Team has announced the release of Asterisk 11.6.0. The release of Asterisk 11.6.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * --- Confbridge: empty conference not being torn down (Closes issue ASTERISK-21859. Reported by Chris Gentle) * --- Let Queue wrap up time influence member availability (Closes issue ASTERISK-22189. Reported by Tony Lewis) * --- Fix a longstanding issue with MFC-R2 configuration that prevented users (Closes issue ASTERISK-21117. Reported by Rafael Angulo) * --- chan_iax2: Fix saving the wrong expiry time in astdb. (Closes issue ASTERISK-22504. Reported by Stefan Wachtler) * --- Fix segfault for certain invalid WebSocket input. (Closes issue ASTERISK-21825. Reported by Alfred Farrugia) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0 Thank you for your continued support of Asterisk! To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 pkgsrc/comms/asterisk/Makefile cvs rdiff -u -r1.60 -r1.61 pkgsrc/comms/asterisk/distinfo cvs rdiff -u -r0 -r1.1 pkgsrc/comms/asterisk/patches/patch-apps_app__meetme.c \ pkgsrc/comms/asterisk/patches/patch-main_format.c \ pkgsrc/comms/asterisk/patches/patch-main_http.c cvs rdiff -u -r1.2 -r1.3 \ pkgsrc/comms/asterisk/patches/patch-apps_app__queue.c cvs rdiff -u -r1.1 -r1.2 pkgsrc/comms/asterisk/patches/patch-main_udptl.c \ pkgsrc/comms/asterisk/patches/patch-res_res__xmpp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.