cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
61,159 Commits 1 Branch 0 Tags 554 MiB
6de5af54a3
Commit Graph

61 Commits

Author SHA1 Message Date
sthen
858dc57b21 - update Asterisk to 1.6.2.13 
- upstream have prevented chan_h323 from building with pwlib>=1.19.0
as it segfaults at startup; disable the h323 flavour for now.
 2010-09-19 21:14:05 +00:00
sthen
6017df3bbb update asterisk to 1.6.2.11, loads of pretty safe bug fixes 2010-08-17 19:53:01 +00:00
sthen
c49f9f900f update to 1.6.2.10, switch to new LIB_DEPENDS etc. 2010-07-25 10:08:03 +00:00
sthen
e4fd3edfac update to 1.6.2.9; various crash fixes (including one with dtmf detection) 2010-06-18 22:10:44 +00:00
sthen
0551c55946 update to 1.6.2.8 2010-06-02 13:18:56 +00:00
sthen
832d7dc996 Update to 1.6.2.7; various bugs fixed including some DTMF problems, 
potential crashes in chan_sip, and a chan_local deadlock.
 2010-05-04 23:02:58 +00:00
sthen
dd9ff6c628 Update Asterisk to 1.6.2.6, which will be the only of the 1.6.x branches 
receiving most updates in the future; notably, compared to the in-tree
version, this adds a portable (pthread-based) clocking source rather
than relying on a non-portable zaptel timer.

Main functions tested and working well for myself and Diego Casati (thanks!)
Note that ConfBridge (added since 1.6.0) may need more work
 2010-04-08 16:18:00 +00:00
sthen
796c7bf27e update to 1.6.0.26 + a patch from a ticket upstream. 2010-03-25 12:01:47 +00:00
sthen
bb6fa8ee6c - SECURITY update to 1.6.0.25, fixing AST-2010-003. if you use ACL rules 
with something like 'deny 0.0.0.0/0' then this affects you. workaround:
'deny 0.0.0.0/0.0.0.0'

- fix fullpkgpath's for the subpackages, they were including the flavour
and shouldn't have - fixes problems with dpb3 found by naddy. add @pkgpath
markers relating to this fix.

ok naddy@
(reminder, ports is not fully open, do not commit without specific permission)
 2010-02-26 12:44:14 +00:00
sthen
86862f6681 SECURITY update to 1.6.0.22, fixing CVE-2010-0441, an unauthenticated 
crash in SIP (and only this, thanks to Asterisk developers for pushing
security fixes separately from other changes).

Does not affect Asterisk 1.4 in -stable (it's in the T.38 support,
which was added in 1.6).

ok ajacoutot@
 2010-02-03 00:18:44 +00:00
sthen
cd70bb9611 Update to 1.6.0.21, various bugs (including some crashes) fixed. 
This also has a small change in CDR generation, it's been well tested
upstream but still this can be a touchy area to change, so it's
going in now so the first OpenBSD release with Asterisk 1.6
packages has the change already made.

ok ajacoutot@
 2010-01-17 13:18:36 +00:00
sthen
b848cd9381 update to 1.6.0.20 2009-12-19 00:09:37 +00:00
sthen
16b6df18f8 Major version update to 1.6.0.19. For more information about the 
upgrade, see /usr/local/share/doc/asterisk/UPGRADE-1.6.txt

Particular thanks to fgsch@, ian@ and Michiel van Baak for help and testing.
 2009-12-13 12:11:29 +00:00
sthen
e61f39e54c SECURITY update to 1.4.27.1 for unauthenticated remote crash in RTP. 
http://downloads.digium.com/pub/security/AST-2009-010.html
 2009-11-30 22:51:39 +00:00
sthen
c103ca4da3 update to 1.4.27, I'll soon be committing a 1.6.0 version but first let's 
have the latest 1.4 for people who don't want to move yet.
 2009-11-19 16:17:04 +00:00
sthen
95fdcebf42 SECURITY update to 1.4.26.3; 
AST-2009-008: SIP responses expose valid usernames
AST-2009-009: Cross-site AJAX request (ajamdemo.html/prototype.js)
 2009-11-04 21:49:42 +00:00
sthen
7737a925e8 Update to 1.4.26.2; mitigates IAX2 denial of service AST-2009-006. 
This makes an non-backwards-compatible change to the IAX2 protocol.
It can be disabled with various options, but is on by default.

IAX2 users, read http://downloads.digium.com/pub/security/AST-2009-006.html
and the new /usr/local/share/doc/asterisk/IAX2-security.pdf (available
online in http://svn.digium.com/svn/asterisk/tags/1.4.26.2/doc/).
 2009-09-04 00:46:35 +00:00
sthen
755a20c358 Distfiles rerolled with different music-on-hold files. 
See http://blogs.digium.com/2009/08/18/asterisk-music-on-hold-changes/
 2009-08-18 22:09:40 +00:00
sthen
609d715116 SECURITY; http://downloads.asterisk.org/pub/security/AST-2009-005.html 
Fixes sscanf without size bounds. The biggest problem affects SIP in
Asterisk 1.6.1+ (i.e. not OpenBSD ports/packages) but the update makes
sense anyway...
 2009-08-10 23:22:31 +00:00
sthen
d6c17e0b16 bugfix update to 1.4.26; see http://www.asterisk.org/node/48610 2009-07-21 22:05:24 +00:00
sthen
ab4bb91ad8 update to 1.4.25.1; revised fix for SECURITY issue CVE-2009-0041 2009-06-05 23:10:40 +00:00
sthen
c0d15916fc maintenance update to 1.4.25. disable building the speex plugin by default 
for now, it causes a SIGBUS at startup (and also did in the previous version)
which hasn't been tracked down yet.
 2009-05-22 09:05:10 +00:00
sthen
62883bdc32 Minor security update to 1.4.24.1 for AST-2009-003 "SIP responses 
expose valid usernames". This update changes "alwaysauthreject" to
return the same response for invalid username as it does for invalid
password.
 2009-04-02 19:37:25 +00:00
sthen
7f827346dd maintenance update to 1.4.24 2009-03-29 22:23:35 +00:00
sthen
ca074f9466 SECURITY update to 1.4.22.2; updated fix for CVE-2009-0041 in IAX 2009-01-24 11:22:26 +00:00
sthen
baaf3b97ba SECURITY update to 1.4.22.1, fixing CVE-2009-0041: remote unauthenticated 
users with access to the IAX port can use it to verify validity of usernames.
No other code changes in this version.

While there, remove spurious @user from PLIST.
 2009-01-08 21:04:02 +00:00
sthen
7dadcbac78 maintenance update to 1.4.22; many fixes. 2008-10-07 09:57:52 +00:00
sthen
2861b10c40 SECURITY update fixing several problems in IAX, both remotely 
exploitable without authentication.

AST-2008-010: Asterisk IAX 'POKE' resource exhaustion (DoS)
AST-2008-011: Traffic amplification in IAX2, 40->1040 bytes
 2008-07-23 08:57:10 +00:00
sthen
cb6bf906d5 - bugfix update to 1.4.21.1, fixing a fairly major problem 
introduced in 1.4.21 by correcting the order of lock and unlock
in a deadlock avoidance macro... No other changes. Not security,
but if you're running 1.4.21, you definitely want this.

- regen PLIST to remove @bin from a symlink.
 2008-06-30 20:03:49 +00:00
sthen
d57b2a9a52 Update Asterisk to 1.4.21, lots of quality-control fixes 
ok ian
 2008-06-14 16:00:10 +00:00
sthen
e1ead9579e update to 1.4.20.1; thanks to Pedro la Peu for additional testing. 2008-05-27 22:14:34 +00:00
sthen
0074d5ea7d Update to 1.4.19.2, fixing an IAX performance problem introduced 
by the security fix in the previous update. No change to other code.
Non-IAX users are unaffected.
 2008-05-13 23:49:57 +00:00
sthen
03a107191f SECURITY update, fixes remote amplification attack in IAX. 
http://downloads.digium.com/pub/security/AST-2008-006.html

ok ian@
 2008-04-23 07:04:09 +00:00
sthen
7c7f03755a update to 1.4.19 
ok ian@
 2008-04-02 23:18:11 +00:00
sthen
b78d620076 SECURITY update to 1.4.18.1, fixes AST-2008-002 (buffer overflows 
in RTP codec payload type handling) and AST-2008-003 (SIP channel
can make a call into the context specified in the general section
of sip.conf).  Affects all Asterisk users with SIP enabled.

This is a security update only, no changes other than these fixes.
 2008-03-19 08:18:10 +00:00
sthen
5802de6f10 update asterisk to 1.4.18 (following testing during RC period) 
ok jolan
 2008-02-07 22:08:30 +00:00
sthen
76825aff1b SECURITY update, AST-2008-001, fixes remote crash triggerable by anyone 
permitted to transfer SIP calls (possibly unauthenticated, depending on
config).

ok ian
 2008-01-03 02:23:30 +00:00
sthen
50c645a69b update to the asterisk release-du-jour. 
ok ian's asterisk-ok-bot
 2007-12-21 10:22:19 +00:00
sthen
9d7e6c2e89 Update to today's asterisk release. ok ian 2007-12-20 13:57:22 +00:00
sthen
2d388aff89 SECURITY update to 1.4.17, fixes AST-2007-027 (passwordless sip/iax peers, 
configured from "realtime" database rather than static .conf files, are not
subject to IP address restrictions).

ok ian
 2007-12-19 21:07:27 +00:00
sthen
0d8f4dba96 SECURITY update to Asterisk 1.4.15, fixes SQL problems with 
PostgreSQL drivers. AST-2007-025 (pgsql realtime) and AST-2007-026
(pgsql CDR logging).

ok jolan@
 2007-12-01 10:11:53 +00:00
sthen
ff506d6ff4 update Asterisk to 1.4.14 (with many bug fixes), and h323 flavor 
(for interactive builds only).

ok jolan, ian
 2007-11-27 10:41:04 +00:00
sthen
b22c11a7a4 SECURITY update for 1.4 versions (doesn't affect OpenBSD before 4.2); 
fixes an overflow in IMAP voicemail storage reachable by anyone who can
send email to a VM box accessed from the phone. AST-2007-022, found by
sprintf audit.

ok ian@
 2007-10-11 08:05:18 +00:00
sthen
bb85f6fc39 bug-fix update to 1.4.12 
ok ian@
 2007-10-04 11:25:44 +00:00
sthen
9c5f5dcd0d major version update to 1.4.11, ok ian@ jolan@ 2007-09-05 22:42:52 +00:00
ian
fab7c3a824 Upgrade to 1.2.22 to fix several remote exploits, from Stuart, tested by me 2007-07-19 01:31:27 +00:00
jolan
994a77a545 SECURITY: update to 1.2.19, from maintainer stuart henderson 
ASA-2007-013: chan_iax2.c assumes strings are null-terminated without
validating them, potential buffer overrun/information disclosure
 2007-07-02 14:03:34 +00:00
jolan
e137319740 SECURITY: update to 1.2.18 from maintainer stuart henderson 
ASA-2007-011: Multiple problems in SIP channel parser handling response
codes
ASA-2007-012: Remote Crash Vulnerability in Manager Interface
 2007-05-02 17:29:25 +00:00
espie
d4ebcd974d more base64 checksums 2007-04-05 17:26:05 +00:00
jolan
b55e239460 SECURITY: update to 1.2.17, fixes a(nother) remote DoS in chan_sip: 
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html

from maintainer stuart henderson
 2007-03-21 15:51:54 +00:00