1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
# ChangeLog for net-misc/asterisk
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.451 2013/03/30 13:13:13 chainsaw Exp $
30 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.20.1.ebuild,
-asterisk-11.2.1.ebuild:
Remove vulnerable ebuilds after stabling, for security bug #463622.
30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
asterisk-11.2.2.ebuild:
Stable for x86, wrt bug #463622
30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
asterisk-11.2.2.ebuild:
Stable for amd64, wrt bug #463622
*asterisk-11.3.0 (29 Mar 2013)
*asterisk-1.8.21.0 (29 Mar 2013)
29 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.21.0.ebuild,
+asterisk-11.3.0.ebuild:
Bugfix releases on both branches. Native RTP bridging is no longer attempted
if packetisation differs, this helps to prevent fax failures. Improved
locking to prevent deadlocks.
*asterisk-11.2.2 (28 Mar 2013)
*asterisk-1.8.20.2 (28 Mar 2013)
28 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.19.1.ebuild,
-asterisk-1.8.20.0.ebuild, +asterisk-1.8.20.2.ebuild,
-asterisk-11.1.2.ebuild, -asterisk-11.2.0.ebuild, -asterisk-11.2.1-r2.ebuild,
+asterisk-11.2.2.ebuild:
Security upgrade to address a boundary error in H264 video SDP handling,
naive Content-Length variable parsing in HTTP POST requests and an
information leak around account existence for the SIP channel driver.
*asterisk-11.2.1-r2 (06 Mar 2013)
06 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.2.1-r1.ebuild,
+asterisk-11.2.1-r2.ebuild:
Stop installing the /var/run directory structure, closes bug #451808. Two
additional stability fixes, closes bug #460568. Removing -r1 ebuild as the
reload protections within it are incomplete. Use -r2 or last stable. All
patching by Jaco Kroon.
*asterisk-11.2.1-r1 (05 Mar 2013)
05 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.1-r1.ebuild:
Fix by Jaco Kroon to correctly handle error returns for dundi lookups,
previously resulting in segmentation faults. Closes bug #460406.
26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
Stable for x86, wrt bug #458126
26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
Stable for amd64, wrt bug #458126
12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
Stable for x86, wrt bug #456936
12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
Stable for amd64, wrt bug #456936
*asterisk-11.2.1 (24 Jan 2013)
*asterisk-1.8.20.1 (24 Jan 2013)
24 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +files/1.8.0/asterisk.initd5,
-files/1.8.0/asterisk.initd, -files/1.8.0/asterisk.initd2,
-files/1.8.0/asterisk.initd3, +asterisk-1.8.20.1.ebuild,
+asterisk-11.2.1.ebuild:
Partial rewrite of the init script by Jaco Kroon addresses shortcomings
identified by Vincent Brillault in bug #445176. Upstream fixes include an
astcanary PID mix-up and a necessary reset of the RTP sequence counter when
SSRC changes.
*asterisk-1.8.20.0 (15 Jan 2013)
15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.20.0.ebuild:
Bugfix release on the 1.8 branch. The fix for bug #440278 is now upstream.
*asterisk-11.2.0 (15 Jan 2013)
15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.0.ebuild:
Bugfix release on the 11 branch. The fix for bug #440278 is now upstream.
*asterisk-11.1.2 (07 Jan 2013)
07 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.1.1.ebuild,
+asterisk-11.1.2.ebuild:
One final unsafe use of TCP reads onto the stack in res_xmpp; also stops
caching taking place where unnecessary. This completes the DoS protection
intended for 11.1.1; removing unsafe ebuild from tree.
04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.19.1.ebuild,
asterisk-11.1.1.ebuild:
Remove /var/run keepdir statements as per Diego Elio Pettenò in bug #450222.
04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-10.11.1.ebuild:
As previously announced the 10 branch of Asterisk is now being removed. For
stable releases, you want the 1.8 branch. For an actively developed branch
with more features, you want the 11 branch.
03 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.18.0-r2.ebuild:
Clear vulnerable ebuild in 1.8 branch now that stabling has completed.
03 Jan 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.19.1.ebuild:
Stable for amd64, wrt bug #449828
03 Jan 2013; Andreas Schuerch <nativemad@gentoo.org>
asterisk-1.8.19.1.ebuild:
x86 stable, see bug 449828
*asterisk-11.1.1 (02 Jan 2013)
*asterisk-10.11.1 (02 Jan 2013)
*asterisk-1.8.19.1 (02 Jan 2013)
02 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.15.1.ebuild,
-asterisk-1.8.18.1.ebuild, -asterisk-1.8.19.0.ebuild,
+asterisk-1.8.19.1.ebuild, -asterisk-10.10.1.ebuild,
-asterisk-10.11.0.ebuild, +asterisk-10.11.1.ebuild, -asterisk-11.0.2.ebuild,
-asterisk-11.1.0.ebuild, +asterisk-11.1.1.ebuild:
Security releases on all three branches; stop using stack allocations in TCP
receive paths, as multiple packets may be concatenated together and overflow
the stack as a result (CVE-2012-5976 / AST-2012-015). Never cache devices
that are not associated with a physical entity, as to do so allows a denial
of service through cache exhaustion (CVE-2012-5977 / AST-2012-014). Remove
all non-stable vulnerable ebuilds. As requested by Sean Amoss in bug #449828.
01 Jan 2013; Andreas K. Huettel <dilfridge@gentoo.org> +ChangeLog-2012:
Split ChangeLog.
For previous entries, please see ChangeLog-2012.
|
GitWeb