1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
|
# ChangeLog for net-misc/asterisk
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.506 2014/11/24 15:26:10 ago Exp $
24 Nov 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-11.14.1.ebuild:
Stable for amd64, wrt bug #530056
*asterisk-12.7.1 (24 Nov 2014)
*asterisk-11.14.1 (24 Nov 2014)
24 Nov 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.14.0.ebuild,
+asterisk-11.14.1.ebuild, -asterisk-12.6.1.ebuild, -asterisk-12.7.0.ebuild,
+asterisk-12.7.1.ebuild:
11 branch susceptible to AST-2014-012, AST-2014-014, AST-2014-017 &
AST-2014-018. 12 branch susceptible to AST-2014-012, AST-2014-013,
AST-2014-015, AST-2014-016, AST-2014-017 & AST-2014-018. Vulnerable
non-stable ebuilds removed. For security bug #530056.
*asterisk-12.7.0 (20 Nov 2014)
*asterisk-11.14.0 (20 Nov 2014)
20 Nov 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.14.0.ebuild,
+asterisk-12.7.0.ebuild:
Resource leak fixes, particularly in error paths.
03 Nov 2014; Aaron W. Swenson <titanofold@gentoo.org>
asterisk-11.13.1.ebuild, asterisk-12.6.1.ebuild:
Update PostgreSQL dependencies and/or checks to virtual/postgresql.
02 Nov 2014; Sven Vermeulen <swift@gentoo.org> asterisk-11.13.1.ebuild,
asterisk-12.6.1.ebuild:
Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug
#527698)
21 Oct 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.12.1.ebuild:
Remove vulnerable ebuilds now that stabilisation is complete. For security
bug #526208.
21 Oct 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-11.13.1.ebuild:
Stable for x86, wrt bug #526208
21 Oct 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-11.13.1.ebuild:
Stable for amd64, wrt bug #526208
*asterisk-12.6.1 (21 Oct 2014)
*asterisk-11.13.1 (21 Oct 2014)
21 Oct 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.28.2.ebuild,
-asterisk-1.8.29.0.ebuild, -asterisk-11.13.0.ebuild,
+asterisk-11.13.1.ebuild, -asterisk-12.5.1.ebuild, -asterisk-12.6.0.ebuild,
+asterisk-12.6.1.ebuild, -files/1.6.0/asterisk.confd,
-files/1.8.0/asterisk.initd4, -files/1.8.0/asterisk.initd5,
-files/1.8.0/asterisk.initd6:
New releases on the 11 & 12 branches to address the POODLE (AST-2014-011) SSL
3.0 vulnerability. The 1.8 branch is hereby removed from portage as
previously announced. 11 is low-churn and ideal to target for production
environments. Our patch sets against 1.8 cost significant effort to maintain
and essentially add 11-branch features to it.
*asterisk-12.6.0 (29 Sep 2014)
29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.6.0.ebuild:
Additional resilience against invalid (ao2) object references. Now supports
empty passwords for PJSIP userpass authentication. Masquerade fixes for T38
between PJSIP and non-PJSIP chanels. FORTIFY_SOURCE fix now upstream. Modify
permissions to suit a multi-daemon setup as per Jaco Kroon in bug #507894.
*asterisk-11.13.0 (29 Sep 2014)
29 Sep 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.13.0.ebuild:
Additional resilience against invalid (ao2) object references. FORTIFY_SOURCE
fix now upstream. Modify permissions to suit a multi-daemon setup as per Jaco
Kroon in bug #507894.
22 Sep 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.10.2.ebuild:
Remove vulnerable ebuild for security bug #523216 as stabilisation is
complete. 1.8 branch not affected.
20 Sep 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-11.12.1.ebuild:
Stable for x86, wrt bug #523216
20 Sep 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-11.12.1.ebuild:
Stable for amd64, wrt bug #523216
*asterisk-12.5.1 (19 Sep 2014)
*asterisk-11.12.1 (19 Sep 2014)
19 Sep 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.11.0.ebuild,
-asterisk-11.12.0.ebuild, +asterisk-11.12.1.ebuild, -asterisk-12.3.2.ebuild,
-asterisk-12.4.0.ebuild, -asterisk-12.5.0.ebuild, +asterisk-12.5.1.ebuild:
Upstream fix to fully respect SpanDSP API and avoid a potential null pointer
dereference. On the 12 branch, additional input validation for the PubSub
framework in PJSIP. Remove older non-stable ebuilds.
18 Sep 2014; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.28.2.ebuild,
asterisk-1.8.29.0.ebuild, asterisk-11.10.2.ebuild, asterisk-11.11.0.ebuild,
asterisk-11.12.0.ebuild, asterisk-12.3.2.ebuild, asterisk-12.4.0.ebuild,
asterisk-12.5.0.ebuild:
Add missing build-time dependency on pkgconfig, as identified by cyberbat in
bug #522396.
*asterisk-12.5.0 (20 Aug 2014)
*asterisk-11.12.0 (20 Aug 2014)
20 Aug 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.12.0.ebuild,
+asterisk-12.5.0.ebuild:
Squelching the FORTIFY_SOURCE warnings, as we have this in our GCC specs the
build system should not try to apply it again on the command line. At long
last handles large SIP-over-SSL packets correctly. LUA vs convential dial
plan context clashes found & fixed.
*asterisk-12.4.0 (14 Jul 2014)
*asterisk-11.11.0 (14 Jul 2014)
*asterisk-1.8.29.0 (14 Jul 2014)
14 Jul 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.29.0.ebuild,
+asterisk-11.11.0.ebuild, +asterisk-12.4.0.ebuild:
New development on the 12 branch adds persistent connection support on the
built-in HTTP server. Fixes trickling down to stable branches include making
ast_careful_fwrite careful enough to avoid infinite loops and avoiding
unnecessary MOH restarts. Downstream patchset unchanged.
23 Jun 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.26.1.ebuild,
-asterisk-11.8.1.ebuild, -asterisk-12.1.1.ebuild, -asterisk-12.2.0.ebuild:
Remove vulnerable ebuilds for security bug #513102, as requested by Agostino
"ago" Sarubbo.
21 Jun 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.28.2.ebuild,
asterisk-11.10.2.ebuild:
Stable for x86, wrt bug #513102
21 Jun 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.28.2.ebuild,
asterisk-11.10.2.ebuild:
Stable for amd64, wrt bug #513102
*asterisk-12.3.2 (16 Jun 2014)
16 Jun 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-12.3.1.ebuild,
+asterisk-12.3.2.ebuild:
Upstream distributed a broken release that did not carry traffic for SIP over
TCP or SIP over TLS. This remains masked and is not recommended for
production deployments.
*asterisk-11.10.2 (16 Jun 2014)
*asterisk-1.8.28.2 (16 Jun 2014)
16 Jun 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.28.1.ebuild,
+asterisk-1.8.28.2.ebuild, -asterisk-11.10.1.ebuild,
+asterisk-11.10.2.ebuild:
Upstream distributed a broken release that did not carry traffic for SIP over
TCP or SIP over TLS.
*asterisk-12.3.1 (14 Jun 2014)
14 Jun 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-12.1.1.ebuild,
-asterisk-12.2.0.ebuild, -asterisk-12.3.0.ebuild, +asterisk-12.3.1.ebuild:
And now for the 12 branch, which has additional vulnerabilities in the PJSIP
channel driver. MixMonitor AMI command allowed arbitrary shell commands to be
executed (AST-2014-006). Upstream replacement of plain broken SSL read
implementation as part of an HTTPS denial of service (AST-2014-007) finally
fixes ASTERISK-18345 after almost three years. Relevant downstream patch
removed, this means we were very likely not vulnerable. Resolves a remote
crash in publish/subscribe framework (AST-2014-005) due to deadlock on a
synchronously dispatched task.
*asterisk-11.10.1 (14 Jun 2014)
*asterisk-1.8.28.1 (14 Jun 2014)
14 Jun 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.27.0.ebuild,
-asterisk-1.8.28.0.ebuild, +asterisk-1.8.28.1.ebuild,
-asterisk-11.9.0.ebuild, -asterisk-11.10.0.ebuild, +asterisk-11.10.1.ebuild:
MixMonitor AMI command allowed arbitrary shell commands to be executed
(AST-2014-006). Upstream replacement of plain broken SSL read implementation
as part of an HTTPS denial of service (AST-2014-007) finally fixes
ASTERISK-18345 after almost three years. Relevant downstream patch removed,
this means we were very likely not vulnerable.
*asterisk-12.3.0 (02 Jun 2014)
02 Jun 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.3.0.ebuild:
Significant string handling fixes as encouraged by GCC 4.10; leak fixes for
PJSIP. Still not recommended for production deployment, remains masked.
*asterisk-11.10.0 (30 May 2014)
*asterisk-1.8.28.0 (30 May 2014)
30 May 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.28.0.ebuild,
+asterisk-11.10.0.ebuild:
Bugfixes trickling down from Asterisk 12 development, particularly around
string handling and signedness mismatches (GCC 4.10 is clamping down on this
hard). T38 backport patch rediffed for 1.8 branch.
08 May 2014; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.26.1.ebuild,
asterisk-1.8.27.0.ebuild, asterisk-11.8.1.ebuild, asterisk-11.9.0.ebuild,
asterisk-12.1.1.ebuild, asterisk-12.2.0.ebuild:
Update ebuild dependencies to ensure only the 2.6 slot of gmime is selected.
Inverting the search order in the configure script was only a partial fix. As
pointed out by Pacho Ramos in bug #439846.
*asterisk-12.2.0 (25 Apr 2014)
25 Apr 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.2.0.ebuild:
Adds HEPv3 protocol support and PJSIP gains DNS client abilities that unlock
SRV records & weighting. This branch remains experimental and is not
recommended for production use at this time.
*asterisk-1.8.27.0 (25 Apr 2014)
25 Apr 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.27.0.ebuild:
Select bug fixes as cherry picked from the 11 branch. TLS chaining support
finally upstream. Move up to 11 if you still use this.
*asterisk-11.9.0 (25 Apr 2014)
25 Apr 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.9.0.ebuild:
Bug fix release, fixes include but are not limited to dial plan functions
coping with a NULL channel (AMI global function), correct NULL handling in
ODBC, advertising MESSAGE support in SIP headers, SpanDSP API adherence and
protection against non-G711 data in fax detection routines. TLS chaining
support finally upstream.
11 Mar 2014; Agostino Sarubbo <ago@gentoo.org> -asterisk-1.8.25.0.ebuild,
-asterisk-11.7.0.ebuild:
Remove old
11 Mar 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.26.1.ebuild,
asterisk-11.8.1.ebuild:
Stable for x86, wrt bug #504180
11 Mar 2014; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.26.1.ebuild,
asterisk-11.8.1.ebuild:
Stable for amd64, wrt bug #504180
*asterisk-12.1.1 (11 Mar 2014)
*asterisk-11.8.1 (11 Mar 2014)
*asterisk-1.8.26.1 (11 Mar 2014)
11 Mar 2014; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.26.0.ebuild,
+asterisk-1.8.26.1.ebuild, -asterisk-11.7.0-r1.ebuild,
-asterisk-11.8.0.ebuild, +asterisk-11.8.1.ebuild, -asterisk-12.0.0.ebuild,
-asterisk-12.1.0.ebuild, +asterisk-12.1.1.ebuild:
New releases in all three branches to address a stack overflow in HTTP cookie
header processing, a file descriptor exhaustion through session timers in
chan_sip and two remote crashes in PJSIP (12 branch only). Removed all
vulnerable non-stable ebuilds. Upstream vulnerability reports AST-2014-001,
002, 003 & 004.
*asterisk-12.1.0 (04 Mar 2014)
04 Mar 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.1.0.ebuild:
Version bump on the 12 branch. This, at long last, merges the TLS chaining
support. Still not recommended for production deployments at this time.
*asterisk-1.8.26.0 (04 Mar 2014)
04 Mar 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.26.0.ebuild:
Version bump on the 1.8 branch. If you still use this, you should be thinking
about 11.
*asterisk-11.8.0 (04 Mar 2014)
04 Mar 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.8.0.ebuild:
Fixes a crash on hangup cause set, which is a regression introduced by an
earlier fix. Performance improvements for high console verbosity. Updated
G729 VAD detection patch by Jaco Kroon, closes bug #496584.
*asterisk-11.7.0-r1 (06 Feb 2014)
06 Feb 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.7.0-r1.ebuild:
Stop blowing up the V21 tone detector in SpanDSP by sanitising the input data
properly. Patch by Michal Rybarik scavenged from an upstream bug report by
Jaco Kroon. Closes bug #500504.
*asterisk-12.0.0 (13 Jan 2014)
13 Jan 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.0.0.ebuild:
First release on the 12 branch. This is not LTS, and uses the new PJSIP-based
SIP channel. If in doubt, you are not ready for this.
08 Jan 2014; Mike Frysinger <vapier@gentoo.org> asterisk-1.8.25.0.ebuild,
asterisk-11.7.0.ebuild:
Inherit the user eclass for enewuser/etc...
23 Dec 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.23.1.ebuild,
-asterisk-1.8.24.0.ebuild, -asterisk-11.5.1.ebuild, -asterisk-11.6.0.ebuild,
-asterisk-11.6.0-r1.ebuild:
Remove all vulnerable ebuilds for AST-2013-006 & AST-2013-007; for security
bug #494630.
23 Dec 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.25.0.ebuild,
asterisk-11.7.0.ebuild:
Stable for x86, wrt bug #494630
23 Dec 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.25.0.ebuild,
asterisk-11.7.0.ebuild:
Stable for amd64, wrt bug #494630
*asterisk-11.7.0 (18 Dec 2013)
*asterisk-1.8.25.0 (18 Dec 2013)
18 Dec 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.25.0.ebuild,
+asterisk-11.7.0.ebuild:
Upgrades on both branches for memory corruption (AST-2013-006) & security
bypass (AST-2013-007) vulnerabilities, as per Agostino Sarubbo in security
bug #494630. Squelch unnecessary chatter from build system, as per Patryk
Rzadzinski in bug #489862.
*asterisk-11.6.0-r1 (30 Oct 2013)
30 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.6.0-r1.ebuild:
A useful response to the debug USE-flag, as suggested by Kerin Millar and
implemented by Jaco Kroon. Closes bug #346959.
27 Oct 2013; Pacho Ramos <pacho@gentoo.org> metadata.xml:
Voip herd is removed: http://article.gmane.org/gmane.linux.gentoo.devel/88434
*asterisk-1.8.24.0 (22 Oct 2013)
22 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.24.0.ebuild:
Version bump.
*asterisk-11.6.0 (22 Oct 2013)
22 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.6.0.ebuild:
Version bump. Features improved NAT support and plugs a memory leak in the
logger.
28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> -asterisk-1.8.20.2.ebuild,
-asterisk-11.2.2.ebuild:
Remove old
28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.23.1.ebuild,
asterisk-11.5.1.ebuild:
Stable for x86, wrt bug #482776
28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.23.1.ebuild,
asterisk-11.5.1.ebuild:
Stable for amd64, wrt bug #482776
*asterisk-11.5.1 (28 Aug 2013)
*asterisk-1.8.23.1 (28 Aug 2013)
28 Aug 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.22.0.ebuild,
-asterisk-1.8.23.0.ebuild, +asterisk-1.8.23.1.ebuild,
-asterisk-11.4.0.ebuild, -asterisk-11.5.0.ebuild, +asterisk-11.5.1.ebuild,
+files/1.8.0/asterisk.initd7:
Security upgrades for AST-2013-004 & AST-2013-005 on both branches.
Behavioral improvements for G729 VAD, closes bug #480928. Add missed
ownership checks to init script, closes bug #482688. Both by Jaco Kroon.
Removed all insecure non-stable ebuilds.
31 Jul 2013; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.20.2.ebuild,
-asterisk-1.8.21.0.ebuild, asterisk-1.8.22.0.ebuild,
asterisk-1.8.23.0.ebuild, asterisk-11.2.2.ebuild, -asterisk-11.3.0.ebuild,
asterisk-11.4.0.ebuild, asterisk-11.5.0.ebuild:
Make our inability to co-exist with net-libs/pjsip explicit to avoid any
build failures. Closes bug #47812 by Steven Lai. Removed older non-stable
builds on both branches.
*asterisk-11.5.0 (23 Jul 2013)
*asterisk-1.8.23.0 (23 Jul 2013)
23 Jul 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.23.0.ebuild,
+asterisk-11.5.0.ebuild, +files/1.8.0/asterisk.initd6:
Bugfix releases on both branches. Completely revised init script by Jaco
Kroon that supports running multiple Asterisk instances on a single host,
closes bug #473224.
*asterisk-1.8.22.0 (20 May 2013)
20 May 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.22.0.ebuild:
One of the last bugfix releases on the 1.8 branch. You need to migrate to 11.
And soon.
*asterisk-11.4.0 (20 May 2013)
20 May 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.4.0.ebuild:
In a refreshing change of heart, upstream now care about parallel build
failures. Drop our relevant two downstream patches. Fixes a
res_timing_pthread deadlock, an FD leak in the web server and more SRTP
decryption/white noise issues.
30 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.20.1.ebuild,
-asterisk-11.2.1.ebuild:
Remove vulnerable ebuilds after stabling, for security bug #463622.
30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
asterisk-11.2.2.ebuild:
Stable for x86, wrt bug #463622
30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
asterisk-11.2.2.ebuild:
Stable for amd64, wrt bug #463622
*asterisk-11.3.0 (29 Mar 2013)
*asterisk-1.8.21.0 (29 Mar 2013)
29 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.21.0.ebuild,
+asterisk-11.3.0.ebuild:
Bugfix releases on both branches. Native RTP bridging is no longer attempted
if packetisation differs, this helps to prevent fax failures. Improved
locking to prevent deadlocks.
*asterisk-11.2.2 (28 Mar 2013)
*asterisk-1.8.20.2 (28 Mar 2013)
28 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.19.1.ebuild,
-asterisk-1.8.20.0.ebuild, +asterisk-1.8.20.2.ebuild,
-asterisk-11.1.2.ebuild, -asterisk-11.2.0.ebuild, -asterisk-11.2.1-r2.ebuild,
+asterisk-11.2.2.ebuild:
Security upgrade to address a boundary error in H264 video SDP handling,
naive Content-Length variable parsing in HTTP POST requests and an
information leak around account existence for the SIP channel driver.
*asterisk-11.2.1-r2 (06 Mar 2013)
06 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.2.1-r1.ebuild,
+asterisk-11.2.1-r2.ebuild:
Stop installing the /var/run directory structure, closes bug #451808. Two
additional stability fixes, closes bug #460568. Removing -r1 ebuild as the
reload protections within it are incomplete. Use -r2 or last stable. All
patching by Jaco Kroon.
*asterisk-11.2.1-r1 (05 Mar 2013)
05 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.1-r1.ebuild:
Fix by Jaco Kroon to correctly handle error returns for dundi lookups,
previously resulting in segmentation faults. Closes bug #460406.
26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
Stable for x86, wrt bug #458126
26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
Stable for amd64, wrt bug #458126
12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
Stable for x86, wrt bug #456936
12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
Stable for amd64, wrt bug #456936
*asterisk-11.2.1 (24 Jan 2013)
*asterisk-1.8.20.1 (24 Jan 2013)
24 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +files/1.8.0/asterisk.initd5,
-files/1.8.0/asterisk.initd, -files/1.8.0/asterisk.initd2,
-files/1.8.0/asterisk.initd3, +asterisk-1.8.20.1.ebuild,
+asterisk-11.2.1.ebuild:
Partial rewrite of the init script by Jaco Kroon addresses shortcomings
identified by Vincent Brillault in bug #445176. Upstream fixes include an
astcanary PID mix-up and a necessary reset of the RTP sequence counter when
SSRC changes.
*asterisk-1.8.20.0 (15 Jan 2013)
15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.20.0.ebuild:
Bugfix release on the 1.8 branch. The fix for bug #440278 is now upstream.
*asterisk-11.2.0 (15 Jan 2013)
15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.0.ebuild:
Bugfix release on the 11 branch. The fix for bug #440278 is now upstream.
*asterisk-11.1.2 (07 Jan 2013)
07 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.1.1.ebuild,
+asterisk-11.1.2.ebuild:
One final unsafe use of TCP reads onto the stack in res_xmpp; also stops
caching taking place where unnecessary. This completes the DoS protection
intended for 11.1.1; removing unsafe ebuild from tree.
04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.19.1.ebuild,
asterisk-11.1.1.ebuild:
Remove /var/run keepdir statements as per Diego Elio Pettenò in bug #450222.
04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-10.11.1.ebuild:
As previously announced the 10 branch of Asterisk is now being removed. For
stable releases, you want the 1.8 branch. For an actively developed branch
with more features, you want the 11 branch.
03 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.18.0-r2.ebuild:
Clear vulnerable ebuild in 1.8 branch now that stabling has completed.
03 Jan 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.19.1.ebuild:
Stable for amd64, wrt bug #449828
03 Jan 2013; Andreas Schuerch <nativemad@gentoo.org>
asterisk-1.8.19.1.ebuild:
x86 stable, see bug 449828
*asterisk-11.1.1 (02 Jan 2013)
*asterisk-10.11.1 (02 Jan 2013)
*asterisk-1.8.19.1 (02 Jan 2013)
02 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.15.1.ebuild,
-asterisk-1.8.18.1.ebuild, -asterisk-1.8.19.0.ebuild,
+asterisk-1.8.19.1.ebuild, -asterisk-10.10.1.ebuild,
-asterisk-10.11.0.ebuild, +asterisk-10.11.1.ebuild, -asterisk-11.0.2.ebuild,
-asterisk-11.1.0.ebuild, +asterisk-11.1.1.ebuild:
Security releases on all three branches; stop using stack allocations in TCP
receive paths, as multiple packets may be concatenated together and overflow
the stack as a result (CVE-2012-5976 / AST-2012-015). Never cache devices
that are not associated with a physical entity, as to do so allows a denial
of service through cache exhaustion (CVE-2012-5977 / AST-2012-014). Remove
all non-stable vulnerable ebuilds. As requested by Sean Amoss in bug #449828.
01 Jan 2013; Andreas K. Huettel <dilfridge@gentoo.org> +ChangeLog-2012:
Split ChangeLog.
For previous entries, please see ChangeLog-2012.
|