changes aren't too extreme, but upgrading users should review upgrade notes
in /usr/local/share/doc/asterisk (UPGRADE-14.txt, UPGRADE-15.txt, UPGRADE.txt).
from semarie@, ok danj@
This is a Python port of Google's libphonenumber library (original code
in Java). Among other features it provides phone number validation,
standardized formatting, and informations like location and original
carrier.
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
- update comments in pjlib's sock_ossl.c, we do now have
SSL_set1_curves/SSL_CTX_set1_curves but still not SSL_get_shared_curve,
SSL_set1_{client_,}sigalgs_list
AST-2018-007: Infinite loop when reading iostreams
When connected to Asterisk via TCP/TLS if the client abruptly
disconnects, or sends a specially crafted message then Asterisk
gets caught in an infinite loop while trying to read the data stream.
Thus rendering the system as unusable.
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
When endpoint specific ACL rules block a SIP request they respond with
a 403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to
gain access to the disclosed endpoints.
handling From:
- fix berkeley db utilities and kamctl "shift: nothing to shift",
reported by feinerer@, from maintainer Roman Kravchuk
- fix runtime TLS failure, undefined symbol OPENSSL_zalloc,
from maintainer
- remove some dead patches follow switch to clang, from me
(there was an earlier update to 5.1.x from maintainer earlier this
month which I missed pushing earlier and it's too close to release now;
this is planned for post-6.3)
fail, reported by naddy@.
set COMPILER_LANGS=c while there, the GNU compiler is only used for C nested
functions (because I still have no ideas about the BlocksRuntime with clang),
c++ is not needed.
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004: Crash when receiving SUBSCRIBE request
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
AST-2018-006: WebSocket frames with 0 sized payload causes DoS
(only 15.x reported as affected by AST-2018-001)
BIO_meth_set_callback_ctrl(). however in this case it is just setting the
callback pointer to NULL, and BIO_meth_new() already returns zeroed space,
so just skip that for now.
