when forming an outgoing SIP request while in pedantic mode, which
can cause a stack buffer to be made to overflow if supplied with
carefully crafted caller ID information"
http://downloads.asterisk.org/pub/security/AST-2011-001.html
This is also a major version update to the long-term support
1.8 branch, previous versions of this diff have been tested by
various ports@ readers, thanks for testing.
Please review /usr/local/share/doc/asterisk/UPGRADE.txt
(also note that memory use has increased).
ok ajacoutot@ jasper@
installed, which I won't add as a dependency just for this, but for people who
already have it, it makes the docs look nicer).
- install the sample features.conf which was @comment'ed.
receiving most updates in the future; notably, compared to the in-tree
version, this adds a portable (pthread-based) clocking source rather
than relying on a non-portable zaptel timer.
Main functions tested and working well for myself and Diego Casati (thanks!)
Note that ConfBridge (added since 1.6.0) may need more work
with something like 'deny 0.0.0.0/0' then this affects you. workaround:
'deny 0.0.0.0/0.0.0.0'
- fix fullpkgpath's for the subpackages, they were including the flavour
and shouldn't have - fixes problems with dpb3 found by naddy. add @pkgpath
markers relating to this fix.
ok naddy@
(reminder, ports is not fully open, do not commit without specific permission)
This also has a small change in CDR generation, it's been well tested
upstream but still this can be a touchy area to change, so it's
going in now so the first OpenBSD release with Asterisk 1.6
packages has the change already made.
ok ajacoutot@
users with access to the IAX port can use it to verify validity of usernames.
No other code changes in this version.
While there, remove spurious @user from PLIST.
introduced in 1.4.21 by correcting the order of lock and unlock
in a deadlock avoidance macro... No other changes. Not security,
but if you're running 1.4.21, you definitely want this.
- regen PLIST to remove @bin from a symlink.
Update to 1.2.9.1 which addresses a security vulnerability in the IAX2
channel driver (chan_iax2). The vulnerability affects all users with
IAX2 clients that might be compromised or used by a malicious user, and
can lead to denial of service attacks and random Asterisk server crashes
via a relatively trivial exploit.
From: maintainer Stuart Henderson <stu@spacehopper.org>
