pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/comms/asterisk16 asterisk16: Update to 16.29.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/193401842d47
branches:  trunk
changeset: 391125:193401842d47
user:      ryoon <ryoon%pkgsrc.org@localhost>
date:      Tue Jan 03 16:53:17 2023 +0000

description:
asterisk16: Update to 16.29.1

* Use bash for configure script. It uses bash-specific syntax.
* Use menuselect command to adjust options instead of manually
  crafted makeopts file. Manually crafted file does not work
  properly for me and 16.29.1 now.
* I have no idea about x11 option's status. It seems that
  gtk2 config UI is not available in this release at least,
  if I understand correctly.

Changelog:
16.29.1
Bugs fixed in this release:

[ASTERISK-30103] chan_ooh323 vulnerability in calling/called party IE (Reported By: Michael Bradeen)

[ASTERISK-30176] GetConfig can read files outside of Asterisk (Reported By: shawty)

[ASTERISK-30244] Occasional crash when TCP/TLS connection terminated and subscription persistence is removed (Reported By: nappsoft)

[ASTERISK-30338] Backport 2.13 security fixes from pjproject


16.29.0
New Features made in this release:

  * [ASTERISK-30037]         Add test support to calling external processes
                             (Reported by Philip Prindeville)
  * [ASTERISK-30161]         locks: add AMI event for deadlock
                             (Reported by N A)
  * [ASTERISK-30211]         app_confbridge: Add end_marked_any option
                             (Reported by N A)
  * [ASTERISK-30186]         res_pjsip: Add support for reloading TLS
                             certificate and key information
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29899]         features: Add advanced transfer initiation options
                             (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-30235]         res_crypto and tests: Memory issues and and
                             uninitialized variable error
                             (Reported by George Joseph)
  * [ASTERISK-30234]         res_geolocation:   may be used uninitialized error
                             in geoloc_config.c
                             (Reported by George Joseph)
  * [ASTERISK-30215]         Inbound SIP INVITE with Geo Location causing a
                             Segmentation Fault
                             (Reported by Dan Cropp)
  * [ASTERISK-30135]         [res_musiconhold] Allows the moh only for the
                             answered call
                             (Reported by sungtae kim)
  * [ASTERISK-26894]         pjsip should support tel uri scheme
                             (Reported by Gergely D?ms?di)
  * [ASTERISK-30210]         func_frame_trace: Channel masquerade triggers
                             assertion
                             (Reported by N A)
  * [ASTERISK-30190]         res_geolocation: GEOLOC_PROFILE isn  t returning
                             correct values on incoming channel
                             (Reported by George Joseph)
  * [ASTERISK-29185]         chan_pjsip: Endpoint: allow = all is broken.
                             (Reported by Alexander Traud)
  * [ASTERISK-30192]         res_tonedetect: fix typo for frametype
                             (Reported by N A)
  * [ASTERISK-29453]         alembic: incoming_call_offer_pref and
                             outgoing_call_offer_pref missing in   ps_endpoints
                                table
                             (Reported by Daniel Th  men)
  * [ASTERISK-26826]         testsuite: Add support for Python 3
                             (Reported by Joshua C. Colp)
  * [ASTERISK-30167]         res_geolocation: Refactor for issues found by
                             users
                             (Reported by George Joseph)
  * [ASTERISK-28422]         Memory Leak in Confbridge menu
                             (Reported by Ted G)
  * [ASTERISK-29917]         ami: FilterList action doesn  t exist
                             (Reported by N A)
  * [ASTERISK-30020]         ConfbridgeListRooms Event Not Documented
                             (Reported by Michael Cargile)
  * [ASTERISK-30018]         app_meetme: MeetmeList AMI event not documented
                             (Reported by Michael Cargile)
  * [ASTERISK-30151]         Documentation doesn  t include info about   field
                               , a 3rd required parameter.
                             (Reported by Chris Young)

Improvements made in this release:

  * [ASTERISK-30241]         res_pjsip_gelocation: Downgrade some NOTICE scope
                             trace debugs to DEBUG level
                             (Reported by N A)
  * [ASTERISK-30178]         extend user_eq_phone behavior to local uri  s
                             (Reported by Michael Bradeen)
  * [ASTERISK-30046]         Reimplement res/res_crypto.c internals with
                             EVP_PKEY interface to Openssl API  s
                             (Reported by Philip Prindeville)
  * [ASTERISK-30045]         Add test coverage to res/res_crypto.c
                             functionality
                             (Reported by Philip Prindeville)
  * [ASTERISK-30185]         res_geolocation: Allow location parameters to be
                             specified in profiles
                             (Reported by George Joseph)
  * [ASTERISK-30177]         res_geolocation: Add option to suppress empty
                             elements
                             (Reported by George Joseph)
  * [ASTERISK-30182]         res_geolocation: Add built-in profiles to use in
                             fully dynamic configurations
                             (Reported by George Joseph)
  * [ASTERISK-29906]         update RLS to reflect the changes to the lists
                             (Reported by Alexei Gradinari)
  * [ASTERISK-30163]         general: fix minor formatting issues
                             (Reported by N A)
  * [ASTERISK-30164]         chan_iax2: Add missing option documentation
                             (Reported by N A)
  * [ASTERISK-30160]         cdr.conf: Remove obsolete app_mysql reference
                             (Reported by N A)
  * [ASTERISK-30159]         general: Remove obsolete SVN references
                             (Reported by N A)
  * [ASTERISK-30153]         logger: Improve log levels
                             (Reported by N A)

16.28.0
The following issues are resolved in this release:

Improvements made in this release:

  * [ASTERISK-30128]         Create PJSIP interface module for
                             Geolocation
                             (Reported by George Joseph)
  * [ASTERISK-30127]         Create core Geolocation capability for
                             Asterisk
                             (Reported by George Joseph)
  * [ASTERISK-30089]         general: fix typos
                             (Reported by N A)
  * [ASTERISK-30050]         Upgrade Asterisk to bundled pjproject
                             2.12.1
                             (Reported by Stanislav Abramenkov)

Bugs fixed in this release:

  * [ASTERISK-30167]         res_geolocation: Refactor for issues found by
                             users
                             (Reported by George Joseph)
  * [ASTERISK-29966]         pbx_variables: ast_str_strlen can be wrong
                             (Reported by N A)
  * [ASTERISK-29905]         OSX: bininstall launchd issue on cross-platfrom
                             build
                             (Reported by Sergey V. Lobanov)
  * [ASTERISK-30137]         manager: Global disabled event filtered is
                             incomplete
                             (Reported by N A)
  * [ASTERISK-30109]         res_pjsip: no contact-status AMI event on register
                             of prune-on-boot contact that uses the same URI as
                             before Asterisk restart
                             (Reported by Michael Neuhauser)
  * [ASTERISK-30126]         Spelling mistake in configs/samples/queues.conf.
                             sample
                             (Reported by Sam Banks)
  * [ASTERISK-29991]         chan_dahdi, callerid: Caller ID does not honor
                             presentation
                             (Reported by N A)
  * [ASTERISK-29907]         res_pjsip, app_confbridge: Video call through
                             ConfBridge with normal endpoints causes infinite
                             loop/crash
                             (Reported by N A)
  * [ASTERISK-30029]         build: Git security vulnerability fix is sad with
                             our accessing git as root during   make install
                             (Reported by Joshua C. Colp)
  * [ASTERISK-30138]         Compile failure in res_geolocation/geoloc_
                             eprofile.c when optimization is enabled
                             (Reported by George Joseph)
  * [ASTERISK-30096]         cel_odbc: Column type 9 (field   cdr:cel:eventtime
                               ) is unsupported at this time
                             (Reported by Morvai Szabolcs)
  * [ASTERISK-30083]         chan_iax2: Optional dependency on openssl/
                             res_crypto is now mandatory
                             (Reported by Dmitry Melekhov)
  * [ASTERISK-30123]         features: Update automixmon documentation to
                             reflect reality
                             (Reported by Trevor Peirce)
  * [ASTERISK-30117]         pbx_lua: Remove compiler warnings
                             (Reported by Boris P. Korzun)
  * [ASTERISK-30001]         db: Removing nonexistent entries shows   Database
                             entry removed
                             (Reported by N A)
  * [ASTERISK-29822]         cli: Typing \? freezes the CLI permanently with
                             remote console
                             (Reported by N A)
  * [ASTERISK-30106]         res_calendar_icalendar: Microsoft online ICS
                             calendars no longer work
                             (Reported by N A)
  * [ASTERISK-30115]         app_dial: Allow hook flashes to propogate on
                             outbound dials
                             (Reported by N A)
  * [ASTERISK-29989]         app_dial, chan_dahdi: DIALSTATUS is inconsistent
                             for busy
                             (Reported by N A)
  * [ASTERISK-30072]         res_pjsip: allow TLS verification of wildcard
                             cert-bearing servers
                             (Reported by Kevin Harwell)
  * [ASTERISK-30075]         say: Abort if channel hangs up during playback
                             (Reported by N A)

New Features made in this release:

  * [ASTERISK-30136]         db: Add AMI action to retrieve all keys beginning
                             with a prefix
                             (Reported by N A)
  * [ASTERISK-30000]         chan_dahdi: Add POLARITY function
                             (Reported by N A)
  * [ASTERISK-30062]         cli: Add CLI command to execute a dialplan app
                             (Reported by N A)
  * [ASTERISK-29999]         pjsip: Get information from 200 OK INVITE reply
                             headers
                             (Reported by Jos   Lopes)
  * [ASTERISK-30061]         pbx: Add pbx helper application
                             (Reported by N A)

16.27.0
Improvements made in this release:

  * [ASTERISK-30090]         xmldocs: Use example tags for examples
                             (Reported by N A)
  * [ASTERISK-29906]         update RLS to reflect the changes to the lists
                             (Reported by Alexei Gradinari)
  * [ASTERISK-29891]         provide a display name for RLS subscriptions
                             (Reported by Alexei Gradinari)
  * [ASTERISK-30086]         res_parking: Warn when invalid parking space
                             requested
                             (Reported by N A)
  * [ASTERISK-30058]         Evaluate dialplan functions and variables in agi
                             exec
                             (Reported by Shloime Rosenblum)
  * [ASTERISK-30027]         ari: expose channel driver  s unique id (i.e.
                             Call-ID for chan_sip/chan_pjsip) in ARI channel
                             resource
                             (Reported by Moritz Fain)
  * [ASTERISK-29845]         res_pjsip_outbound_registration: Show time
                             remaining until registration lapses
                             (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-30097]         console: Recent documentation changes for
                             connecting to remote console are inconsistent
                             (Reported by Matthias Hensler)
  * [ASTERISK-30043]         Wrong party is disconnected when hook-flashing on
                             3-way bridge
                             (Reported by Josh Alberts)
  * [ASTERISK-29603]         res_pjsip: UPDATE/re-INVITE not sent when   timers
                             =always   is specified in pjsip.conf
                             (Reported by Ray Crumrine)
  * [ASTERISK-30092]         DateTime application: wrong inflection for one o
                             clock in German
                             (Reported by Christof Efkemann)
  * [ASTERISK-30064]         pbx: iax2 switch causes crash due to deadlock and
                             assertion
                             (Reported by N A)
  * [ASTERISK-29981]         res_calendar: Asterisk crashes when starting, and
                             will not run
                             (Reported by N A)
  * [ASTERISK-30039]         cli: Targeted debug on startup deadlocks and
                             creates unstable system
                             (Reported by N A)
  * [ASTERISK-30051]         res_pjsip: No video after un-hold with
                             moh_passthrough=yes
                             (Reported by Maximilian Fridrich)
  * [ASTERISK-24601]         Missing RFC4235 tags and attributes in PJSIP
                             NOTIFY event: dialog XML body
                             (Reported by Marco Paland)
  * [ASTERISK-30060]         loader: format warnings in dev mode
                             (Reported by N A)
  * [ASTERISK-30059]         menuselect: libxml include fails under Gentoo
                             (Reported by waltermoeller)
  * [ASTERISK-30065]         pjsip: Open Websocket connection is not reused for
                             outgoing requests
                             (Reported by LA)
  * [ASTERISK-30042]         res_pjsip_transport_websocket: Registration over
                             websocket returns a rewritten contact
                             (Reported by Thomas Guebels)
  * [ASTERISK-29993]         chan_dahdi: Operator control option borks both
                             lines involved on callee disconnect
                             (Reported by N A)
  * [ASTERISK-30044]         GCC 12 issues
                             (Reported by George Joseph)

New Features made in this release:

  * [ASTERISK-30063]         app_voicemail: Add option to prevent deletion of
                             messages
                             (Reported by N A)
  * [ASTERISK-30087]         res_parking: Add music on hold override option
                             (Reported by N A)
  * [ASTERISK-29965]         res_pjsip_outbound_registration: Make max
                             registration delay configurable
                             (Reported by N A)
  * [ASTERISK-30036]         app_confbridge: Add CONFBRIDGE_CHANNELS function
                             (Reported by N A)

16.26.1
Bugs fixed in this release:

  * [ASTERISK-30065]         pjsip: Open Websocket connection is not reused for
                             outgoing requests
                             (Reported by LA)

16.26.0
Security bugs fixed in this release:

  * [ASTERISK-29476]         res_stir_shaken: Blind SSRF vulnerabilities
                             (Reported by Clint Ruoho)
  * [ASTERISK-29838]         ${SQL_ESC()} not correctly escaping a terminating
                             \
                             (Reported by Leandro Dardini)
  * [ASTERISK-29872]         res_stir_shaken: Resource exhaustion with large
                             files
                             (Reported by Benjamin Keith Ford)

New Features made in this release:

  * [ASTERISK-29931]         Option to allow a user to not hear the join sound
                             on enter but everyone else can
                             (Reported by Michael Cargile)
  * [ASTERISK-29968]         func_db: Add a function to return cardinality of
                             keys at prefix
                             (Reported by N A)
  * [ASTERISK-29486]         Hint-like extension value lookup function without
                             device state
                             (Reported by N A)
  * [ASTERISK-29941]         chan_pjsip: Add ability to send flash events
                             (Reported by N A)
  * [ASTERISK-29820]         cli: Add command to evaluate a function
                             (Reported by N A)
  * [ASTERISK-29876]         app_queue: Add music on hold option
                             (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-28518]         chan_dahdi: Caller ID FSK Erroneously Sent when
                             Picking Up Dahdi Call On Hold
                             (Reported by Josh Alberts)
  * [ASTERISK-29990]         chan_dahdi: adding ring cadences is not idempotent
                             on dahdi restart
                             (Reported by N A)
  * [ASTERISK-30007]         chan_iax2: Prevent crashes due to attempted
                             encryption with missing secrets
                             (Reported by N A)
  * [ASTERISK-29728]         menuselect: Disabled by default modules that are
                             enabled are always recompiled
                             (Reported by N A)
  * [ASTERISK-30002]         app_meetme: Don  t erroneously set global
                             variables when channel is NULL
                             (Reported by N A)
  * [ASTERISK-29994]         chan_dahdi: Round robin array size is too small
                             for max number of groups
                             (Reported by N A)
  * [ASTERISK-22246]         Asterisk  s   T   flag is ignored when used with
                               r   or   R   flags. (documentation bug)
                             (Reported by Rusty Newton)
  * [ASTERISK-26582]         Asterisk seems to ignore the   n   parameter for
                               disable console colorization
                             (Reported by Sebastian Gutierrez)
  * [ASTERISK-29843]         Session timers get removed on UPDATE
                             (Reported by Mark Petersen)
  * [ASTERISK-29943]         file.c: seeking to negative file offset is not
                             prevented
                             (Reported by N A)
  * [ASTERISK-29955]         chan_sip: SIP route header is missing on UPDATE
                             (Reported by Mark Petersen)
  * [ASTERISK-29842]         Do not change 180 Ringing to 183 Progress even if
                             early_media already enabled
                             (Reported by Mark Petersen)
  * [ASTERISK-29948]         iostream: Infinite TCP timeout writing data
                             (Reported by N A)
  * [ASTERISK-29253]         Incorrect bridging on transfer
                             (Reported by Yury Kirsanov)
  * [ASTERISK-30024]         Failed to sign STIR/SHAKEN payload with
                             functionality not enabled
                             (Reported by Claude Diderich)
  * [ASTERISK-30006]         res_pjsip: UDP transport does not work when
                             async_operations is greater than 1
                             (Reported by Ross Beer)
  * [ASTERISK-29655]         res_pjsip_session: No video to caller if no camera
                             available
                             (Reported by Michael Auracher)
  * [ASTERISK-29638]         res_pjsip_session: No video after early media
                             (Reported by Michael Auracher)
  * [ASTERISK-30015]         pjsip / WebRTC: Chrome creating large number of
                             SDP attributes
                             (Reported by Josh Hogan)
  * [ASTERISK-30021]         ast_variable_list_replace_variable uses variable
                             with new keyword
                             (Reported by Jasper Hafkenscheid)
  * [ASTERISK-30023]         cdr_adaptive_odbc: does not support DATETIME
                             database columns
                             (Reported by Gregory Massel)
  * [ASTERISK-29411]         Crash in pjsip_msg_find_hdr_by_name
                             (Reported by LA)
  * [ASTERISK-29535]         Segmentation fault in libasteriskpj.so.2
                             (Reported by Daniel Bonazzi)
  * [ASTERISK-26719]         pbx: Only up to 127 includes in a dialplan context
                             (AST_PBX_MAX_STACK    1)
                             (Reported by Tzafrir Cohen)
  * [ASTERISK-29988]         REGRESSION: The build process is requiring xmllint
                             or xmlstarlet ro be installed when it shouldn  t
                             (Reported by George Joseph)
  * [ASTERISK-29986]         build: Asterisk 18.11.0 doesn  t compile when wget
                             isn  t available
                             (Reported by Stefan Ruijsenaars)
  * [ASTERISK-29895]         chan_iax2: Fix misaligned spacing in iax2 show
                             netstats printout
                             (Reported by N A)
  * [ASTERISK-29939]         agi: Fix xmldoc bug with set music
                             (Reported by N A)
  * [ASTERISK-28891]         documentation: AGICommand_set+music documentation
                             arguments displayed incorreclty
                             (Reported by Jonathan Harris)
  * [ASTERISK-29048]         chan_iax2:   iax2 show registry   shows host for
                             perceived
                             (Reported by David Herselman)
  * [ASTERISK-26689]         res_pjsip_sdp_rtp: 183 Session in Progress.
                             Disconnecting channel for lack of RTP activity
                             (Reported by Dmitriy Serov)
  * [ASTERISK-29929]         res_pjsip_sdp_rtp: Disconnecting channel for lack
                             of RTP activity in one way sessions
                             (Reported by Boris P. Korzun)
  * [ASTERISK-29674]         Adjust for 64bit time_t
                             (Reported by Andre Heider)
  * [ASTERISK-29961]         RLS: domain part of   uri   list attribute
                             mismatch with SUBSCRIBE request
                             (Reported by Alexei Gradinari)
  * [ASTERISK-29950]         SayNumber can handle   01   to   07  , but not
                             08   or   09
                             (Reported by Jim Van Meggelen)
  * [ASTERISK-29928]         logging messages truncated when using MUSL runtime
                             (Reported by Philip Prindeville)
  * [ASTERISK-29960]         ari: Retrieving stored recording can returns wrong
                             file
                             (Reported by Arix)

Improvements made in this release:

  * [ASTERISK-24827]         Missing documentation for chan_dahdi dial string
                             ring cadences
                             (Reported by Scott Griepentrog)
  * [ASTERISK-29940]         general: Add since tags to xmldocs
                             (Reported by N A)
  * [ASTERISK-29951]         app_mf, app_sf: Return -1 on hangup
                             (Reported by N A)
  * [ASTERISK-29954]         app_meetme: Emit warning if conference not found
                             (Reported by N A)
  * [ASTERISK-29351]         Qualify pjproject 2.12 for Asterisk
                             (Reported by George Joseph)
  * [ASTERISK-29877]         app_mf: Allow reading a maximum number of digits
                             (Reported by N A)
  * [ASTERISK-29976]         Should Readme include information about
                             install_prereq script?
                             (Reported by Marcel Wagner)
  * [ASTERISK-29970]         Use pkg-config to find libxml2 headers and
                             libraries
                             (Reported by Hugh McMaster)
  * [ASTERISK-25716]         Documentation: Document explanations and examples
                             for possible values of DIALSTATUS
                             (Reported by Rusty Newton)
  * [ASTERISK-29980]         build: External binary modules don  t use https
                             (Reported by INVADE International Ltd.)
  * [ASTERISK-29967]         pbx_builtins: Add missing documentation
                             (Reported by N A)

16.25.3
Bugs fixed in this release:

  * [ASTERISK-30024]         Failed to sign STIR/SHAKEN payload with
                             functionality not enabled
                             (Reported by Claude Diderich)

16.25.2
The following security vulnerabilities were resolved in 16.25.2:

  * AST-2022-001: res_stir_shaken: resource exhaustion with large files
    When using STIR/SHAKEN, it's possible to download files that are not
    certificates. These files could be much larger than what you would expect
    to
    download.
  * AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header
    When using STIR/SHAKEN, it's possible to send arbitrary requests like GET
    to
    interfaces such as localhost using the Identity header.
  * AST-2022-003: func_odbc: Possible SQL Injection
    Some databases can use backslashes to escape certain characters, such as
    backticks. If input is provided to func_odbc which includes backslashes it
    is
    possible for func_odbc to construct a broken SQL query and the SQL query to
    fail.

16.25.1
Bugs fixed in this release:

  * [ASTERISK-29988]         REGRESSION: The build process is requiring xmllint
                             or xmlstarlet ro be installed when it shouldn??t
                             (Reported by George Joseph)
  * [ASTERISK-29986]         build: Asterisk 18.11.0 doesn??t compile when wget
                             isn??t available
                             (Reported by Stefan Ruijsenaars)

15.25.0
Security bugs fixed in this release:

  * [ASTERISK-29945]         pjproject: Security fixes for
                             things
                             (Reported by Kevin Harwell)

New Features made in this release:

  * [ASTERISK-29853]         ami: Allow events to be globally disabled
                             (Reported by N A)
  * [ASTERISK-29840]         func_channel: Add LASTCONTEXT and LASTEXTEN
                             fields
                             (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-29924]         res_config_pgsql: omit   unsupported column type
                               text'   error
                             (Reported by Boris P. Korzun)
  * [ASTERISK-29923]         docs, LICENSE: pbx.digium.com no longer exists
                             (Reported by N A)
  * [ASTERISK-29904]         RLS: Batched Notifications stop working
                             (Reported by Alexei Gradinari)
  * [ASTERISK-29365]         taskprocessor: Can cause assert at shutdown
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29873]         Queue Realtime load
                             (Reported by Alexei Gradinari)
  * [ASTERISK-18416]         Realtime queue agents unavailable via AMI before a
                             call event.
                             (Reported by kwk)
  * [ASTERISK-27597]         AMI Queuestatus not working (with realtime queue)
                             (Reported by cagdas kopuz)
  * [ASTERISK-29886]         Asterisk AMI sends not-valid XML
                             (Reported by Napadailo Yaroslav)

Improvements made in this release:

  * [ASTERISK-29906]         update RLS to reflect the changes to the lists
                             (Reported by Alexei Gradinari)
  * [ASTERISK-29909]         app_queue: Add support for withdrawing a call
                             (Reported by Kfir Itzhak)
  * [ASTERISK-29353]         Qualify jansson 2.14 for asterisk
                             (Reported by George Joseph)
  * [ASTERISK-29897]         channels: Increase core debug levels for chatty
                             debugs
                             (Reported by N A)
  * [ASTERISK-29896]         xmldocs: Add since tag
                             (Reported by N A)
  * [ASTERISK-29861]         asterisk.h: add macro for curl user agent
                             (Reported by N A)
  * [ASTERISK-29920]         app_voicemail: Warn if trying to manage
                             nonexistent mailbox
                             (Reported by N A)
  * [ASTERISK-29925]         func_db: Warn about malformed key names
                             (Reported by N A)
  * [ASTERISK-29809]         curl, stir_shaken: refactor curl code
                             (Reported by N A)
  * [ASTERISK-29891]         provide a display name for RLS subscriptions
                             (Reported by Alexei Gradinari)
  * [ASTERISK-29866]         cli: add core dump information to core show
                             settings
                             (Reported by N A)
  * [ASTERISK-29898]         documentation: Add default attributes to
                             documentation
                             (Reported by N A)
  * [ASTERISK-29900]         app_mp3: Document and warn about https
                             incompatibility
                             (Reported by N A)

16.24.1
The following security vulnerabilities were resolved in 16.24.1:

  * AST-2022-004: pjproject: integer underflow on STUN message
    The header length on incoming STUN messages that contain an ERROR-CODE
    attribute is not properly checked. This can result in an integer underflow.
    Note, this requires ICE or WebRTC support to be in use with a malicious
    remote
    party.

  * AST-2022-005: pjproject: undefined behavior after freeing a dialog set
    When acting as a UAC, and when placing an outgoing call to a target that
    then
    forks Asterisk may experience undefined behavior (crashes, hangs, etc??)
    after a dialog set is prematurely freed.

  * AST-2022-006: pjproject: unconstrained malformed multipart SIP message
    If an incoming SIP message contains a malformed multi-part body an out of
    bounds read access may occur, which can result in undefined behavior. Note,
    it??s currently uncertain if there is any externally exploitable vector
    within Asterisk for this issue, but providing this as a security issue out
    of
    caution.[cleardot]

diffstat:

 comms/asterisk16/Makefile                |  11 +++--
 comms/asterisk16/PLIST                   |   5 ++-
 comms/asterisk16/distinfo                |  28 +++++++-------
 comms/asterisk16/options.mk              |  35 +++++++++++++-----
 comms/asterisk16/patches/patch-configure |  58 ++++++++++++++++++-------------
 5 files changed, 83 insertions(+), 54 deletions(-)

diffs (257 lines):

diff -r c76886f3a905 -r 193401842d47 comms/asterisk16/Makefile
--- a/comms/asterisk16/Makefile Tue Jan 03 16:39:00 2023 +0000
+++ b/comms/asterisk16/Makefile Tue Jan 03 16:53:17 2023 +0000
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.93 2022/11/23 16:19:31 adam Exp $
+# $NetBSD: Makefile,v 1.94 2023/01/03 16:53:17 ryoon Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
 #       to find out the current sound file versions
 
-DISTNAME=      asterisk-16.24.0
-PKGREVISION=   5
+DISTNAME=      asterisk-16.29.1
 CATEGORIES=    comms net audio
 MASTER_SITES=  http://downloads.asterisk.org/pub/telephony/asterisk/
 MASTER_SITES+= http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
@@ -29,7 +28,7 @@
 
 .include "../../mk/bsd.prefs.mk"
 
-USE_TOOLS+=            bison gmake perl:run pkg-config tar bash:run
+USE_TOOLS+=            bash bison gmake perl:run pkg-config tar
 USE_LANGUAGES=         c c++
 REPLACE_BASH+=         contrib/scripts/astversion
 REPLACE_BASH+=         contrib/scripts/ast_coredumper
@@ -43,6 +42,7 @@
 CHECK_INTERPRETER_SKIP+=       libdata/asterisk/scripts/refcounter.py
 
 GNU_CONFIGURE=         yes
+CONFIG_SHELL=          ${TOOLS_PATH.bash}
 CONFIGURE_ARGS+=       --datarootdir=${PREFIX}/libdata
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=       --without-gtk2
@@ -159,7 +159,7 @@
 DISTFILES+=    asterisk-extra-sounds-en-gsm-1.5.2.tar.gz
 
 # pjproject
-PJPROJ_VERSION=        2.10
+PJPROJ_VERSION=        2.12.1
 SITES.pjproject-${PJPROJ_VERSION}.tar.bz2= \
        -https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/${PJPROJ_VERSION}/pjproject-${PJPROJ_VERSION}.tar.bz2
 SITES.pjproject-${PJPROJ_VERSION}.md5= \
@@ -253,6 +253,7 @@
        dsp.conf dundi.conf enum.conf extconfig.conf extensions.ael     \
        extensions.lua  extensions_minivm.conf                          \
        features.conf festival.conf followme.conf func_odbc.conf        \
+       geolocation.conf                                                \
        hep.conf http.conf iax.conf iaxprov.conf indications.conf       \
        logger.conf manager.conf meetme.conf mgcp.conf minivm.conf      \
        misdn.conf modules.conf motif.conf musiconhold.conf muted.conf  \
diff -r c76886f3a905 -r 193401842d47 comms/asterisk16/PLIST
--- a/comms/asterisk16/PLIST    Tue Jan 03 16:39:00 2023 +0000
+++ b/comms/asterisk16/PLIST    Tue Jan 03 16:53:17 2023 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.27 2022/03/04 12:22:31 ryoon Exp $
+@comment $NetBSD: PLIST,v 1.28 2023/01/03 16:53:17 ryoon Exp $
 include/asterisk.h
 include/asterisk/_private.h
 include/asterisk/abstract_jb.h
@@ -143,6 +143,7 @@
 include/asterisk/privacy.h
 include/asterisk/pval.h
 include/asterisk/res_fax.h
+include/asterisk/res_geolocation.h
 include/asterisk/res_hep.h
 include/asterisk/res_mwi_external.h
 include/asterisk/res_odbc.h
@@ -370,6 +371,7 @@
 lib/asterisk/modules/func_dialplan.so
 lib/asterisk/modules/func_enum.so
 lib/asterisk/modules/func_env.so
+lib/asterisk/modules/func_evalexten.so
 lib/asterisk/modules/func_extstate.so
 lib/asterisk/modules/func_frame_drop.so
 lib/asterisk/modules/func_frame_trace.so
@@ -2600,6 +2602,7 @@
 share/examples/asterisk/festival.conf
 share/examples/asterisk/followme.conf
 share/examples/asterisk/func_odbc.conf
+share/examples/asterisk/geolocation.conf
 share/examples/asterisk/hep.conf
 share/examples/asterisk/http.conf
 share/examples/asterisk/iax.conf
diff -r c76886f3a905 -r 193401842d47 comms/asterisk16/distinfo
--- a/comms/asterisk16/distinfo Tue Jan 03 16:39:00 2023 +0000
+++ b/comms/asterisk16/distinfo Tue Jan 03 16:53:17 2023 +0000
@@ -1,21 +1,21 @@
-$NetBSD: distinfo,v 1.45 2022/03/04 12:22:31 ryoon Exp $
+$NetBSD: distinfo,v 1.46 2023/01/03 16:53:17 ryoon Exp $
 
-BLAKE2s (asterisk-16.24.0/asterisk-16.24.0.tar.gz) = 5b794eb721b375f10d414fb5e8659504fa868f7472d1efca10751cf1a573221e
-SHA512 (asterisk-16.24.0/asterisk-16.24.0.tar.gz) = 0c770264fad5a5f4c8cc6572b524349337635f0a8def26391897776d7ba4ec8f0cf595f588abc75f9f37ba941a56b7d3704b3ef3ddb4b67d3e4e341992e8f815
-Size (asterisk-16.24.0/asterisk-16.24.0.tar.gz) = 27987904 bytes
-BLAKE2s (asterisk-16.24.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
-SHA512 (asterisk-16.24.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
-Size (asterisk-16.24.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
-BLAKE2s (asterisk-16.24.0/pjproject-2.10.md5) = 6739f51daf24d0567304f773bd49648c1be3a7a4a33c0f3353279fb349168e7e
-SHA512 (asterisk-16.24.0/pjproject-2.10.md5) = bd24048c9c2fdaf06468e44bceca92bd02848d759ef98285d20b50174f865b1aec2928f1ce6c092862397ba83dd1a74da4a7e479eca881df1e9f9d1c211a7054
-Size (asterisk-16.24.0/pjproject-2.10.md5) = 110 bytes
-BLAKE2s (asterisk-16.24.0/pjproject-2.10.tar.bz2) = fac6400fa94cde09a848314b754062364c021e8c13d3fe28493634d4415959f7
-SHA512 (asterisk-16.24.0/pjproject-2.10.tar.bz2) = fe29edccc63a8e72323e1b6f955a8c3475e26aba9cb8f5125546da4409fecc19a09a7950eee6b8e4a3c908943bc043d95130f878ad52958c5eccc617e3bcfb4e
-Size (asterisk-16.24.0/pjproject-2.10.tar.bz2) = 7339188 bytes
+BLAKE2s (asterisk-16.29.1/asterisk-16.29.1.tar.gz) = 94f413f54a235f036ab461a2229de59b9856973f25f263b6d4979a1131315ca2
+SHA512 (asterisk-16.29.1/asterisk-16.29.1.tar.gz) = 5ae5c22b48ea0ff83a655d64a0122923e736e84d612b7936d157614b01ed1f12da76a8adb10c045023a9464dce26563c8458fcea80af3f26176ed1fcbe4e5376
+Size (asterisk-16.29.1/asterisk-16.29.1.tar.gz) = 28104161 bytes
+BLAKE2s (asterisk-16.29.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
+SHA512 (asterisk-16.29.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
+Size (asterisk-16.29.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
+BLAKE2s (asterisk-16.29.1/pjproject-2.12.1.md5) = c177f86181d54770ea4b5bc73677c546de594f29a008470fede47c23035a3cce
+SHA512 (asterisk-16.29.1/pjproject-2.12.1.md5) = 6a25e243c3b846c871e6a5f9e14072256cbaa9e0da1782fec376643b55eaa8dbfb982e75cff6163753b0442563fecd60322ff0d7ce83fe15921f9d32d5135a10
+Size (asterisk-16.29.1/pjproject-2.12.1.md5) = 172 bytes
+BLAKE2s (asterisk-16.29.1/pjproject-2.12.1.tar.bz2) = b97e9a8024e347c095a6443baebbab5fc6ae2de53717f440be605a0212564d83
+SHA512 (asterisk-16.29.1/pjproject-2.12.1.tar.bz2) = ee0eabb9772862ed728f5a819b4e767273a0718fd19e1a9c69d22ee8df2d8eeb23b2adce836d4dcfd6ccebc76a6ab4346f088a21fbc6ae17edbfb2ab9ffa6b34
+Size (asterisk-16.29.1/pjproject-2.12.1.tar.bz2) = 7842268 bytes
 SHA1 (patch-Makefile) = 9f093c599f6c6208721c20387f07865a9cf2fd8e
 SHA1 (patch-build__tools_mkpkgconfig) = 7fab8fcf46d9f8a3b98455674fec6307ec472b23
 SHA1 (patch-channels_Makefile) = b32bb8439ae07ed361ab7cb811b4766a27f09ec9
-SHA1 (patch-configure) = 36f740a5d55fc6683e91239aedbb671c5d7077ee
+SHA1 (patch-configure) = c94bcfcd6fd6df5f3f45385b198a1def40df5a3c
 SHA1 (patch-configure.ac) = 98690ecc0e1cc99b6d7a0cd13412bd1b2b05397a
 SHA1 (patch-contrib_scripts_vmail.cgi) = 7935ce96ea319eb19cc2ce999813eb837d5357c0
 SHA1 (patch-include_asterisk_autoconfig.h.in) = 2f8a986bd3b35ebb384280f0dbf81c32d689ddd2
diff -r c76886f3a905 -r 193401842d47 comms/asterisk16/options.mk
--- a/comms/asterisk16/options.mk       Tue Jan 03 16:39:00 2023 +0000
+++ b/comms/asterisk16/options.mk       Tue Jan 03 16:53:17 2023 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.18 2020/12/31 11:07:01 nia Exp $
+# $NetBSD: options.mk,v 1.19 2023/01/03 16:53:17 ryoon Exp $
 
 PKG_OPTIONS_VAR=               PKG_OPTIONS.asterisk
 PKG_SUPPORTED_OPTIONS=         x11 unixodbc webvmail ldap spandsp
@@ -57,22 +57,37 @@
 CONFIGURE_ARGS+=       --without-iksemel
 .endif
 
-MAKE_FLAGS+=   GLOBAL_MAKEOPTS=${WRKSRC}/pkgsrc.makeopts
 post-configure:
+       cd ${WRKSRC} && \
+       env ${MAKE_ENV} && \
+           ${MAKE_PROGRAM} menuselect.makeopts
 .if !empty(PKG_OPTIONS:Mx11)
-       ${ECHO} "MENUSELECT_PBX=-pbx_gtkconsole" >> ${WRKSRC}/pkgsrc.makeopts
+       # I have no idea about x11 option's fate.
+       #${ECHO} "MENUSELECT_PBX=-pbx_gtkconsole" >> ${WRKSRC}/pkgsrc.makeopts
 .endif
 .if !empty(PKG_OPTIONS:Munixodbc)
-       ${ECHO} "MENUSELECT_OPTS_app_voicemail=ODBC_STORAGE" >> ${WRKSRC}/pkgsrc.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable ODBC_STORAGE menuselect.makeopts
 .endif
 .if defined(PLIST.mgcp)
-       ${ECHO} "MENUSELECT_RES=-res_pktccops" >> ${WRKSRC}/pkgsrc.makeopts
-       ${ECHO} "MENUSELECT_CHANNELS=-chan_mgcp" >> ${WRKSRC}/pkgsrc.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable res_pktccops menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable chan_mgcp menuselect.makeopts
+.else
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --disable res_pktccops menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --disable chan_mgcp menuselect.makeopts
 .endif
-       ${ECHO} "MENUSELECT_AGIS=agi-test.agi eagi-test eagi-sphinx-test jukebox.agi" >> ${WRKSRC}/pkgsrc.makeopts
-       ${ECHO} "MENUSELECT_CFLAGS=-BUILD_NATIVE" >> ${WRKSRC}/pkgsrc.makeopts
-       # this is a hack to work around a bug in menuselect
-       cd ${WRKSRC} && make ${MAKE_FLAGS} menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable agi-test.agi menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable eagi-test menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable eagi-sphinx-test menuselect.makeopts
+       cd ${WRKSRC} && \
+       ./menuselect/menuselect --enable jukebox.agi menuselect.makeopts
 
 .if !empty(PKG_OPTIONS:Mwebvmail)
 DEPENDS+=              p5-DBI-[0-9]*:../../databases/p5-DBI
diff -r c76886f3a905 -r 193401842d47 comms/asterisk16/patches/patch-configure
--- a/comms/asterisk16/patches/patch-configure  Tue Jan 03 16:39:00 2023 +0000
+++ b/comms/asterisk16/patches/patch-configure  Tue Jan 03 16:53:17 2023 +0000
@@ -1,40 +1,50 @@
-$NetBSD: patch-configure,v 1.4 2022/03/04 12:22:31 ryoon Exp $
+$NetBSD: patch-configure,v 1.5 2023/01/03 16:53:17 ryoon Exp $
 
---- configure.orig     2020-07-16 16:00:28.000000000 +0000
+--- configure.orig     2022-12-31 23:05:06.861637654 +0000
 +++ configure
-@@ -8960,7 +8960,7 @@ $as_echo_n "checking for clang -fblocks.
+@@ -10102,7 +10102,7 @@ printf %s "checking for clang -fblocks..
                                AST_CLANG_BLOCKS="-Wno-unknown-warning-option -fblocks"
-                               { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
- $as_echo "yes" >&6; }
+                               { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+ printf "%s\n" "yes" >&6; }
 -                      elif test "`echo 'int main(){return ^{return 42;}();}' | ${CC} -o /dev/null -fblocks -x c -lBlocksRuntime - 2>&1`" = ""; then
 +                      elif test "`echo 'int main(){return ^{return 42;}();}' | ${CC} ${LDFLAGS} -o /dev/null -fblocks -x c -lBlocksRuntime - 2>&1`" = ""; then
                                AST_CLANG_BLOCKS_LIBS="-lBlocksRuntime"
                                AST_CLANG_BLOCKS="-fblocks"
-                               { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-@@ -14723,7 +14723,7 @@ fi
- done
+                               { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+@@ -16525,7 +16525,7 @@ then :
+ fi
  
  
--ac_fn_c_check_header_mongrel "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
-+ac_fn_c_check_header_mongrel "$LINENO" "poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
- if test "x$ac_cv_header_sys_poll_h" = xyes; then :
+-ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
++ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
+ if test "x$ac_cv_header_sys_poll_h" = xyes
+ then :
+ 
+@@ -18962,6 +18962,18 @@ then :
+   printf "%s\n" "#define HAVE_MALLOC_TRIM 1" >>confdefs.h
  
- else
-@@ -16738,7 +16738,7 @@ fi
- done
+ fi
++ac_fn_c_check_func "$LINENO" "strftime_l" "ac_cv_func_strftime_l"
++if test "x$ac_cv_func_strftime_l" = xyes
++then :
++  printf "%s\n" "#define HAVE_STRFTIME_L 1" >>confdefs.h
++
++fi
++ac_fn_c_check_func "$LINENO" "strptime_l" "ac_cv_func_strptime_l"
++if test "x$ac_cv_func_strptime_l" = xyes
++then :
++  printf "%s\n" "#define HAVE_STRPTIME_L 1" >>confdefs.h
++
++fi
  
  
--for ac_func in asprintf atexit closefrom dup2 eaccess endpwent euidaccess ffsll ftruncate getcwd gethostbyname gethostname getloadavg gettimeofday glob ioperm inet_ntoa isascii memchr memmove 
memset mkdir mkdtemp munmap newlocale pipe2 ppoll putenv re_comp regcomp select setenv socket strcasecmp strcasestr strchr strcspn strdup strerror strlcat strlcpy strncasecmp strndup strnlen strrchr 
strsep strspn strstr strtod strtol strtold strtoq unsetenv uselocale utime vasprintf getpeereid sysctl swapctl malloc_trim
-+for ac_func in asprintf atexit closefrom dup2 eaccess endpwent euidaccess ffsll ftruncate getcwd gethostbyname gethostname getloadavg gettimeofday glob ioperm inet_ntoa isascii memchr memmove 
memset mkdir mkdtemp munmap newlocale pipe2 ppoll putenv re_comp regcomp select setenv socket strcasecmp strcasestr strchr strcspn strdup strerror strlcat strlcpy strncasecmp strndup strnlen strrchr 
strsep strspn strstr strtod strtol strtold strtoq unsetenv uselocale utime vasprintf getpeereid sysctl swapctl malloc_trim strftime_l strptime_l
- do :
-   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
- ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-@@ -16973,7 +16973,7 @@ rm -f core conftest.err conftest.$ac_obj
+ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for htonll" >&5
+@@ -19431,7 +19443,7 @@ rm -f core conftest.err conftest.$ac_obj
  LDFLAGS=${old_LDFLAGS}
  rm -f conftest.dynamics
  
--ac_fn_c_check_header_mongrel "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
-+ac_fn_c_check_header_mongrel "$LINENO" "poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
- if test "x$ac_cv_header_sys_poll_h" = xyes; then :
+-ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
++ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default"
+ if test "x$ac_cv_header_sys_poll_h" = xyes
+ then :
    HAS_POLL=1
- 




Home | Main Index | Thread Index | Old Index