with something like 'deny 0.0.0.0/0' then this affects you. workaround:
'deny 0.0.0.0/0.0.0.0'
- fix fullpkgpath's for the subpackages, they were including the flavour
and shouldn't have - fixes problems with dpb3 found by naddy. add @pkgpath
markers relating to this fix.
ok naddy@
(reminder, ports is not fully open, do not commit without specific permission)
crash in SIP (and only this, thanks to Asterisk developers for pushing
security fixes separately from other changes).
Does not affect Asterisk 1.4 in -stable (it's in the T.38 support,
which was added in 1.6).
ok ajacoutot@
This also has a small change in CDR generation, it's been well tested
upstream but still this can be a touchy area to change, so it's
going in now so the first OpenBSD release with Asterisk 1.6
packages has the change already made.
ok ajacoutot@
from overriding supplied AUTOfoo_VERSION variables) instead of the
custom Makefile target to run autoconf.
No package change -> no bump. Discussed with fgsch in relation
to 1.6, but it makes sense here too.
Fixes sscanf without size bounds. The biggest problem affects SIP in
Asterisk 1.6.1+ (i.e. not OpenBSD ports/packages) but the update makes
sense anyway...
just disable by setting the default FLAVOR; the asterisk,h323 entry
in ../Makefile picked it up. the unused pkg/*-speex files don't hurt,
so keep them around. bump PKGNAME (most likely gratuitous, but it's
cheap).
where the "pedantic" option is enabled (disabled by default).
Backported rather than updated until I sort out the H323 autoconf
breakage in newer versions.
users with access to the IAX port can use it to verify validity of usernames.
No other code changes in this version.
While there, remove spurious @user from PLIST.
introduced in 1.4.21 by correcting the order of lock and unlock
in a deadlock avoidance macro... No other changes. Not security,
but if you're running 1.4.21, you definitely want this.
- regen PLIST to remove @bin from a symlink.
split in two: add pkgspec, bump -speex package version
- adjust FULLPKGNAME handling so overrides can be shown clearly
at the top of the Makefile
- add space before assignment operator "FULLPKGNAME$i=" to avoid
potential ambiguity with bad values of $i
speex problem reported by jolan@, thanks!
in RTP codec payload type handling) and AST-2008-003 (SIP channel
can make a call into the context specified in the general section
of sip.conf). Affects all Asterisk users with SIP enabled.
This is a security update only, no changes other than these fixes.
fixes an overflow in IMAP voicemail storage reachable by anyone who can
send email to a VM box accessed from the phone. AST-2007-022, found by
sprintf audit.
ok ian@
