Implicit MODGCC4_CPPLIBDEP in LIB_DEPENDS is not inherited by
LIB_DEPENDS-*, despite COMPILER_LIBCXX being in WANTLIB-*, so
it's needed to add it.
OK sthen@
- use getthrid to record TID (this is displayed following the opaque thread
id in "core show threads", and is useful to match against top -H output)
- provide a -kqueue package for res_timing_kqueue (previously @comment'ed
out). Normally a pthread-backed timer is used in the package; the kqueue-backed
timer is built by default but has had problems on OpenBSD in the past so is
@comment'ed out. I wouldn't consider this production ready on OpenBSD (lots
of "kqueue_timer_ack: [18]: Missed 1" at least on a kernel with standard HZ)
but I'd like to have it more easily available for experimentation, hence
adding the package.
AST-2019-006: SIP request can change address of a SIP peer.
AST-2019-007: AMI user could execute system commands.
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
AST-2019-004 Crash when negotiating for T.38 with a declined stream (res_pjsip_t38.c)
AST-2019-005 Remote Crash Vulnerability in audio transcoding (bug introduced in 16.5.0)
If somebody is removed who actually wants maintainer and either
didn't receive the mail, or didn't bother to reply to it, they are
free to send a diff to reinstate.
ok sthen@, jca@
AST-2019-002: Remote crash vulnerability with MESSAGE messages:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver:
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new) devel/gettext,-textstyle
* AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash.
https://issues.asterisk.org/jira/browse/ASTERISK-28260
