[pkgsrc/trunk]: pkgsrc/comms/asterisk16 Upgrade to 1.6.2.18. This fixes seve...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/comms/asterisk16 Upgrade to 1.6.2.18. This fixes seve...
From: jnemeth <jnemeth%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 10:51:45 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/ee16c079e417
branches:  trunk
changeset: 589398:ee16c079e417
user:      jnemeth <jnemeth%pkgsrc.org@localhost>
date:      Mon Jun 06 06:25:05 2011 +0000

description:
Upgrade to 1.6.2.18.  This fixes several security issues including:
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.

===========================================================================
1.6.2.18:

The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.

The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

 * Only offer codecs both sides support for directmedia.

 * Resolution of several DTMF based attended transfer issues.
   NOTE: Be sure to read the ChangeLog for more information about these changes.

 * Resolve deadlocks related to device states in chan_sip

 * Fix channel redirect out of MeetMe() and other issues with channel softhangup

 * Fix voicemail sequencing for file based storage.

 * Guard against retransmitting BYEs indefinitely during attended transfers with
   chan_sip.

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18

===========================================================================
1.6.2.17.3

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.6.2.17.2:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.

** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
    contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.6.2.17.1:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.6.2.17:

The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.

The release of Asterisk 1.6.2.17 resolves several issues reported by the
community and would have not been possible without your participation.

The following is a sample of the issues resolved in this release:

* Resolve duplicated data in the AstDB when using DIALGROUP()

* Correct issue where res_config_odbc could populate fields with invalid data.

* When using cdr_pgsql the billsec field was not populated correctly on
   unanswered calls.

* Resolve issue where re-transmissions of SUBSCRIBE could break presence.

* Fix regression causing forwarding voicemails to not work with file storage.

* This version of Asterisk includes the new Compiler Flags option
   BETTER_BACKTRACES which uses libbfd to search for better symbol information
   within both the Asterisk binary, as well as loaded modules, to assist when
   using inline backtraces to track down problems.

* Resolve several issues with DTMF based attended transfers.
   NOTE: Be sure to read the ChangeLog for more information about these changes.

* Resolve issue where no Music On Hold may be triggered when using
   res_timing_dahdi.

* Fix regression that changed behavior of queues when ringing a queue member.

Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17

===========================================================================
1.6.2.16.2:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2

Security advisory AST-2011-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
=============================================================================

diffstat:

 comms/asterisk16/Makefile |  6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diffs (27 lines):

diff -r 5c0f7883868b -r ee16c079e417 comms/asterisk16/Makefile
--- a/comms/asterisk16/Makefile Mon Jun 06 01:40:11 2011 +0000
+++ b/comms/asterisk16/Makefile Mon Jun 06 06:25:05 2011 +0000
@@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.30 2011/04/22 13:43:09 obache Exp $
+# $NetBSD: Makefile,v 1.31 2011/06/06 06:25:05 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=      asterisk-1.6.2.16.1
+DISTNAME=      asterisk-1.6.2.18
 DIST_SUBDIR=   ${PKGNAME_NOREV}
 DISTFILES=     ${DEFAULT_DISTFILES}
 EXTRACT_ONLY=  ${DISTNAME}.tar.gz
-PKGREVISION=   1
 CATEGORIES=    comms net audio
 MASTER_SITES=  http://downloads.asterisk.org/pub/telephony/asterisk/ \
                http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
@@ -44,7 +43,6 @@
 
 BUILD_DEFS+=           VARBASE
 
-# Running as non-root will come later
 ASTERISK_USER?=                asterisk
 ASTERISK_GROUP?=       asterisk
 PKG_GROUPS=            ${ASTERISK_GROUP}
Prev by Date: [pkgsrc/pkgsrc-2010Q2]: pkgsrc/print/gv Pullup ticket #3193 - requested by ob...
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/p5-Path-Class Update p5-Path-Class to 0.24.
Previous by Thread: [pkgsrc/pkgsrc-2010Q2]: pkgsrc/print/gv Pullup ticket #3193 - requested by ob...
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/p5-Path-Class Update p5-Path-Class to 0.24.
Indexes:
Home | Main Index | Thread Index | Old Index