Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id E1E587A20D for ; Sun, 7 Feb 2016 09:13:36 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 606B785EB8; Sun, 7 Feb 2016 09:13:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DE4E985E59 for ; Sun, 7 Feb 2016 09:13:35 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 2MtzpAIXC4fQ for ; Sun, 7 Feb 2016 09:13:34 +0000 (UTC) Received: from cvs.NetBSD.org (cvs.NetBSD.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id D820684CEF for ; Sun, 7 Feb 2016 09:13:34 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D031CFBB7; Sun, 7 Feb 2016 09:13:34 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Date: Sun, 7 Feb 2016 09:13:34 +0000 From: "John Nemeth" Subject: CVS commit: pkgsrc/comms/asterisk13 To: pkgsrc-changes@NetBSD.org Reply-To: jnemeth@netbsd.org X-Mailer: log_accum Message-Id: <20160207091334.D031CFBB7@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: jnemeth Date: Sun Feb 7 09:13:34 UTC 2016 Modified Files: pkgsrc/comms/asterisk13: Makefile PLIST distinfo pkgsrc/comms/asterisk13/patches: patch-Makefile patch-main_sched.c Log Message: Update Asterisk to 13.7.2: this is mainly bug fixes with some minor features and fixes for AST-2016-001, AST-2016-002, and AST-2016-003. Also some pkglinting. ----- 13.7.2 The Asterisk Development Team has announced the release of Asterisk 13.7.2. The release of Asterisk 13.7.2 resolves an issue reported by the community and would have not been possible without your participation. Thank you! The following is the issue resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-25702 - PjSip realtime DB and Cache Errors since upgrade to asterisk-13.7.0 from asterisk-13.7.0-rc2 (Reported by Nic Colledge) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.2 Thank you for your continued support of Asterisk! ----- 13.7.1 The Asterisk Development Team has announced security releases for Certified Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1. The release of these versions resolves the following security vulnerabilities: * AST-2016-001: BEAST vulnerability in HTTP server The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it. * AST-2016-002: File descriptor exhaustion in chan_sip Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors. * AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data. If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.7.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2016-001.pdf * http://downloads.asterisk.org/pub/security/AST-2016-002.pdf * http://downloads.asterisk.org/pub/security/AST-2016-003.pdf Thank you for your continued support of Asterisk! ----- 13.7.0 The Asterisk Development Team has announced the release of Asterisk 13.7.0. The release of Asterisk 13.7.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-25419 - Dialplan Application for Integration of StatsD (Reported by Ashley Sanders) * ASTERISK-25549 - Confbridge: Add participant timeout option (Reported by Mark Michelson) * ASTERISK-24922 - ARI: Add the ability to intercept hold and raise an event (Reported by Matt Jordan) Bugs fixed in this release: ----------------------------------- * ASTERISK-25689 - pjsip show contacts not working in Asterisk 13.7rc2 (Reported by Marcelo Terres) * ASTERISK-25640 - pbx: Deadlock on features reload and state change hint. (Reported by Krzysztof Trempala) * ASTERISK-25664 - ast_format_cap_append_by_type leaks a reference (Reported by Corey Farrell) * ASTERISK-25601 - json: Audit reference usage and thread safety (Reported by Joshua Colp) * ASTERISK-25625 - res_sorcery_memory_cache: Add full backend caching (Reported by Joshua Colp) * ASTERISK-25615 - res_pjsip: Setting transport async_operations > 1 causes segfault on tls transports (Reported by George Joseph) * ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and thread of asterisk is not released (Reported by Hiroaki Komatsu) * ASTERISK-25619 - res_chan_stats not sending the correct information to StatsD (Reported by Tyler Cambron) * ASTERISK-25569 - app_meetme: Audio quality issues (Reported by Corey Farrell) * ASTERISK-25609 - [patch]Asterisk may crash when calling ast_channel_get_t38_state(c) (Reported by Filip Jenicek) * ASTERISK-24146 - [patch]No audio on WebRtc caller side when answer waiting time is more than ~7sec (Reported by Aleksei Kulakov) * ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec (Reported by Alexander Traud) * ASTERISK-25616 - Warning with a Codec Module which supports PLC with FEC (Reported by Alexander Traud) * ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by Dudás József) * ASTERISK-25608 - res_pjsip/contacts/statsd: Lifecycle events aren't consistent (Reported by George Joseph) * ASTERISK-25584 - [patch] format-attribute module: VP8 missing (Reported by Alexander Traud) * ASTERISK-25583 - [patch] format-attribute module: RFC 7587 (Opus Codec) (Reported by Alexander Traud) * ASTERISK-25498 - Asterisk crashes when negotiating g729 without that module installed (Reported by Ben Langfeld) * ASTERISK-25595 - Unescaped : in messge sent to statsd (Reported by Niklas Larsson) * ASTERISK-25476 - chan_sip loses registrations after a while (Reported by Michael Keuter) * ASTERISK-25598 - res_pjsip: Contact status messages are printing a hash instead of the uri (Reported by George Joseph) * ASTERISK-25600 - bridging: Inconsistency in BRIDGEPEER (Reported by Jonathan Rose) * ASTERISK-25582 - Testsuite: Reactor timeout error in tests/fax/pjsip/directmedia_reinvite_t38 (Reported by Matt Jordan) * ASTERISK-25593 - fastagi: record file closed after sending result (Reported by Kevin Harwell) * ASTERISK-25585 - [patch]rasterisk never hits most of main(), but it's assumed to (Reported by Walter Doekes) * ASTERISK-25590 - CLI Usage info for 'pjsip send notify' references incorrect config (Reported by Corey Farrell) * ASTERISK-25165 - Testsuite - Sorcery memory cache leaks (Reported by Corey Farrell) * ASTERISK-25575 - res_pjsip: Dynamic outbound registrations created via ARI are not loaded into memory on Asterisk start/restart (Reported by Matt Jordan) * ASTERISK-25545 - [patch] translation module gets cached not joint format (Reported by Alexander Traud) * ASTERISK-25573 - [patch] H.264 format attribute module: resets whole SDP (Reported by Alexander Traud) * ASTERISK-24958 - Forwarding loop detection inhibits certain desirable scenarios (Reported by Mark Michelson) * ASTERISK-25561 - app_queue.c line 6503 (try_calling): mutex 'qe->chan' freed more times than we've locked! (Reported by Alec Davis) * ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by Joshua Colp) * ASTERISK-25160 - [patch] Opus Codec: SIP/SDP line fmtp missing when called internally (Reported by Alexander Traud) * ASTERISK-25535 - [patch] format creation on module load instead of cache (Reported by Alexander Traud) * ASTERISK-25449 - main/sched: Regression introduced by 5c713fdf18f causes erroneous duplicate RTCP messages; other potential scheduling issues in chan_sip/chan_skinny (Reported by Matt Jordan) * ASTERISK-25546 - threadpool: Race condition between idle timeout and activation (Reported by Joshua Colp) * ASTERISK-25537 - [patch] format-attribute module: RFC or internal defaults? (Reported by Alexander Traud) * ASTERISK-25533 - [patch] buffer for ast_format_cap_get_names only 64 bytes (Reported by Alexander Traud) * ASTERISK-25373 - add documentation for CALLERID(pres) and also the CONNECTEDLINE and REDIRECTING variants (Reported by Walter Doekes) * ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by Walter Doekes) * ASTERISK-24779 - Passthrough OPUS codec not working with chan_pjsip (Reported by PowerPBX) * ASTERISK-25522 - ARI: Crash when creating channel via ARI originate with requesting channel (Reported by Matt Jordan) * ASTERISK-25434 - Compiler flags not reported in 'core show settings' despite usage during compilation (Reported by Rusty Newton) * ASTERISK-24106 - WebSockets Automatically decides what driver it will use (Reported by Andrew Nagy) * ASTERISK-25513 - Crash: malloc failed with high load of subscriptions. (Reported by John Bigelow) * ASTERISK-25505 - res_pjsip_pubsub: Crash on off-nominal when UAS dialog can't be created (Reported by Joshua Colp) * ASTERISK-24543 - Asterisk 13 responds to SIP Invite with all possible codecs configured for peer as opposed to intersection of configured codecs and offered codecs (Reported by Taylor Hawkes) * ASTERISK-25494 - build: GCC 5.1.x catches some new const, array bounds and missing paren issues (Reported by George Joseph) * ASTERISK-25485 - res_pjsip_outbound_registration: registration stops due to 400 response (Reported by Kevin Harwell) * ASTERISK-25486 - res_pjsip: Fix deadlock when validating URIs (Reported by Joshua Colp) * ASTERISK-7803 - [patch] Update the maximum packetization values in frame.c (Reported by dea) * ASTERISK-25484 - [patch] autoframing=yes has no effect (Reported by Alexander Traud) * ASTERISK-25461 - Nested dialplan #includes don't work as expected. (Reported by Richard Mudgett) * ASTERISK-25455 - Deadlock of PJSIP realtime over res_config_pgsql (Reported by mdu113) * ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing (Reported by Olle Johansson) * ASTERISK-25435 - Asterisk periodically hangs. UDP Recv-Q greatly exceeds zero. (Reported by Dmitriy Serov) * ASTERISK-25451 - Broken video - erased rtp marker bit (Reported by Stefan Engström) * ASTERISK-25400 - Hints broken when "CustomPresence" doesn't exist in AstDB (Reported by Andrew Nagy) * ASTERISK-25443 - [patch]IPv6 - Potential issue in via header parsing (Reported by ffs) * ASTERISK-25404 - segfault/crash in chan_pjsip_hangup ... at chan_pjsip.c (Reported by Chet Stevens) * ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON (Reported by Bojan Nemčić) * ASTERISK-25441 - Deadlock in res_sorcery_memory_cache. (Reported by Richard Mudgett) * ASTERISK-25438 - res_rtp_asterisk: ICE role message even when ICE is not enabled (Reported by Joshua Colp) Improvements made in this release: ----------------------------------- * ASTERISK-25618 - res_pjsip: Check for readability of TLS files at startup (Reported by George Joseph) * ASTERISK-25572 - Endpoints: Add StatsD stats for Asterisk endpoints (Reported by Matt Jordan) * ASTERISK-25571 - PJSIP: Add StatsD stats for some common PJSIP objects (Reported by Matt Jordan) * ASTERISK-25518 - taskprocessor: Add high water mark (Reported by Jonathan Rose) * ASTERISK-25477 - pjsip show "command" like [criteria] (Reported by Bryant Zimmerman) * ASTERISK-24718 - [patch]Add inital support of "sanitize" to configure (Reported by Badalian Vyacheslav) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0 Thank you for your continued support of Asterisk! To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 pkgsrc/comms/asterisk13/Makefile \ pkgsrc/comms/asterisk13/PLIST pkgsrc/comms/asterisk13/distinfo cvs rdiff -u -r1.1.1.1 -r1.2 pkgsrc/comms/asterisk13/patches/patch-Makefile \ pkgsrc/comms/asterisk13/patches/patch-main_sched.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.