Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/asterisk/ChangeLog
blob: 624459fb3573001bc03c6bb42c1149d7e0e4bbb2 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248

# ChangeLog for net-misc/asterisk
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.470 2014/02/06 16:48:19 chainsaw Exp $

*asterisk-11.7.0-r1 (06 Feb 2014)

  06 Feb 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.7.0-r1.ebuild:
  Stop blowing up the V21 tone detector in SpanDSP by sanitising the input data
  properly. Patch by Michal Rybarik scavenged from an upstream bug report by
  Jaco Kroon. Closes bug #500504.

*asterisk-12.0.0 (13 Jan 2014)

  13 Jan 2014; Tony Vroon <chainsaw@gentoo.org> +asterisk-12.0.0.ebuild:
  First release on the 12 branch. This is not LTS, and uses the new PJSIP-based
  SIP channel. If in doubt, you are not ready for this.

  08 Jan 2014; Mike Frysinger <vapier@gentoo.org> asterisk-1.8.25.0.ebuild,
  asterisk-11.7.0.ebuild:
  Inherit the user eclass for enewuser/etc...

  23 Dec 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.23.1.ebuild,
  -asterisk-1.8.24.0.ebuild, -asterisk-11.5.1.ebuild, -asterisk-11.6.0.ebuild,
  -asterisk-11.6.0-r1.ebuild:
  Remove all vulnerable ebuilds for AST-2013-006 & AST-2013-007; for security
  bug #494630.

  23 Dec 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.25.0.ebuild,
  asterisk-11.7.0.ebuild:
  Stable for x86, wrt bug #494630

  23 Dec 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.25.0.ebuild,
  asterisk-11.7.0.ebuild:
  Stable for amd64, wrt bug #494630

*asterisk-11.7.0 (18 Dec 2013)
*asterisk-1.8.25.0 (18 Dec 2013)

  18 Dec 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.25.0.ebuild,
  +asterisk-11.7.0.ebuild:
  Upgrades on both branches for memory corruption (AST-2013-006) & security
  bypass (AST-2013-007) vulnerabilities, as per Agostino Sarubbo in security
  bug #494630. Squelch unnecessary chatter from build system, as per Patryk
  Rzadzinski in bug #489862.

*asterisk-11.6.0-r1 (30 Oct 2013)

  30 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.6.0-r1.ebuild:
  A useful response to the debug USE-flag, as suggested by Kerin Millar and
  implemented by Jaco Kroon. Closes bug #346959.

  27 Oct 2013; Pacho Ramos <pacho@gentoo.org> metadata.xml:
  Voip herd is removed: http://article.gmane.org/gmane.linux.gentoo.devel/88434

*asterisk-1.8.24.0 (22 Oct 2013)

  22 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.24.0.ebuild:
  Version bump.

*asterisk-11.6.0 (22 Oct 2013)

  22 Oct 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.6.0.ebuild:
  Version bump. Features improved NAT support and plugs a memory leak in the
  logger.

  28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> -asterisk-1.8.20.2.ebuild,
  -asterisk-11.2.2.ebuild:
  Remove old

  28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.23.1.ebuild,
  asterisk-11.5.1.ebuild:
  Stable for x86, wrt bug #482776

  28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.23.1.ebuild,
  asterisk-11.5.1.ebuild:
  Stable for amd64, wrt bug #482776

*asterisk-11.5.1 (28 Aug 2013)
*asterisk-1.8.23.1 (28 Aug 2013)

  28 Aug 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.22.0.ebuild,
  -asterisk-1.8.23.0.ebuild, +asterisk-1.8.23.1.ebuild,
  -asterisk-11.4.0.ebuild, -asterisk-11.5.0.ebuild, +asterisk-11.5.1.ebuild,
  +files/1.8.0/asterisk.initd7:
  Security upgrades for AST-2013-004 & AST-2013-005 on both branches.
  Behavioral improvements for G729 VAD, closes bug #480928. Add missed
  ownership checks to init script, closes bug #482688. Both by Jaco Kroon.
  Removed all insecure non-stable ebuilds.

  31 Jul 2013; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.20.2.ebuild,
  -asterisk-1.8.21.0.ebuild, asterisk-1.8.22.0.ebuild,
  asterisk-1.8.23.0.ebuild, asterisk-11.2.2.ebuild, -asterisk-11.3.0.ebuild,
  asterisk-11.4.0.ebuild, asterisk-11.5.0.ebuild:
  Make our inability to co-exist with net-libs/pjsip explicit to avoid any
  build failures. Closes bug #47812 by Steven Lai. Removed older non-stable
  builds on both branches.

*asterisk-11.5.0 (23 Jul 2013)
*asterisk-1.8.23.0 (23 Jul 2013)

  23 Jul 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.23.0.ebuild,
  +asterisk-11.5.0.ebuild, +files/1.8.0/asterisk.initd6:
  Bugfix releases on both branches. Completely revised init script by Jaco
  Kroon that supports running multiple Asterisk instances on a single host,
  closes bug #473224.

*asterisk-1.8.22.0 (20 May 2013)

  20 May 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.22.0.ebuild:
  One of the last bugfix releases on the 1.8 branch. You need to migrate to 11.
  And soon.

*asterisk-11.4.0 (20 May 2013)

  20 May 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.4.0.ebuild:
  In a refreshing change of heart, upstream now care about parallel build
  failures. Drop our relevant two downstream patches. Fixes a
  res_timing_pthread deadlock, an FD leak in the web server and more SRTP
  decryption/white noise issues.

  30 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.20.1.ebuild,
  -asterisk-11.2.1.ebuild:
  Remove vulnerable ebuilds after stabling, for security bug #463622.

  30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
  asterisk-11.2.2.ebuild:
  Stable for x86, wrt bug #463622

  30 Mar 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.2.ebuild,
  asterisk-11.2.2.ebuild:
  Stable for amd64, wrt bug #463622

*asterisk-11.3.0 (29 Mar 2013)
*asterisk-1.8.21.0 (29 Mar 2013)

  29 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.21.0.ebuild,
  +asterisk-11.3.0.ebuild:
  Bugfix releases on both branches. Native RTP bridging is no longer attempted
  if packetisation differs, this helps to prevent fax failures. Improved
  locking to prevent deadlocks.

*asterisk-11.2.2 (28 Mar 2013)
*asterisk-1.8.20.2 (28 Mar 2013)

  28 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.19.1.ebuild,
  -asterisk-1.8.20.0.ebuild, +asterisk-1.8.20.2.ebuild,
  -asterisk-11.1.2.ebuild, -asterisk-11.2.0.ebuild, -asterisk-11.2.1-r2.ebuild,
  +asterisk-11.2.2.ebuild:
  Security upgrade to address a boundary error in H264 video SDP handling,
  naive Content-Length variable parsing in HTTP POST requests and an
  information leak around account existence for the SIP channel driver.

*asterisk-11.2.1-r2 (06 Mar 2013)

  06 Mar 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.2.1-r1.ebuild,
  +asterisk-11.2.1-r2.ebuild:
  Stop installing the /var/run directory structure, closes bug #451808. Two
  additional stability fixes, closes bug #460568. Removing -r1 ebuild as the
  reload protections within it are incomplete. Use -r2 or last stable. All
  patching by Jaco Kroon.

*asterisk-11.2.1-r1 (05 Mar 2013)

  05 Mar 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.1-r1.ebuild:
  Fix by Jaco Kroon to correctly handle error returns for dundi lookups,
  previously resulting in segmentation faults. Closes bug #460406.

  26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
  Stable for x86, wrt bug #458126

  26 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-11.2.1.ebuild:
  Stable for amd64, wrt bug #458126

  12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
  Stable for x86, wrt bug #456936

  12 Feb 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.20.1.ebuild:
  Stable for amd64, wrt bug #456936

*asterisk-11.2.1 (24 Jan 2013)
*asterisk-1.8.20.1 (24 Jan 2013)

  24 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +files/1.8.0/asterisk.initd5,
  -files/1.8.0/asterisk.initd, -files/1.8.0/asterisk.initd2,
  -files/1.8.0/asterisk.initd3, +asterisk-1.8.20.1.ebuild,
  +asterisk-11.2.1.ebuild:
  Partial rewrite of the init script by Jaco Kroon addresses shortcomings
  identified by Vincent Brillault in bug #445176. Upstream fixes include an
  astcanary PID mix-up and a necessary reset of the RTP sequence counter when
  SSRC changes.

*asterisk-1.8.20.0 (15 Jan 2013)

  15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-1.8.20.0.ebuild:
  Bugfix release on the 1.8 branch. The fix for bug #440278 is now upstream.

*asterisk-11.2.0 (15 Jan 2013)

  15 Jan 2013; Tony Vroon <chainsaw@gentoo.org> +asterisk-11.2.0.ebuild:
  Bugfix release on the 11 branch. The fix for bug #440278 is now upstream.

*asterisk-11.1.2 (07 Jan 2013)

  07 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-11.1.1.ebuild,
  +asterisk-11.1.2.ebuild:
  One final unsafe use of TCP reads onto the stack in res_xmpp; also stops
  caching taking place where unnecessary. This completes the DoS protection
  intended for 11.1.1; removing unsafe ebuild from tree.

  04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> asterisk-1.8.19.1.ebuild,
  asterisk-11.1.1.ebuild:
  Remove /var/run keepdir statements as per Diego Elio Pettenò in bug #450222.

  04 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-10.11.1.ebuild:
  As previously announced the 10 branch of Asterisk is now being removed. For
  stable releases, you want the 1.8 branch. For an actively developed branch
  with more features, you want the 11 branch.

  03 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.18.0-r2.ebuild:
  Clear vulnerable ebuild in 1.8 branch now that stabling has completed.

  03 Jan 2013; Agostino Sarubbo <ago@gentoo.org> asterisk-1.8.19.1.ebuild:
  Stable for amd64, wrt bug #449828

  03 Jan 2013; Andreas Schuerch <nativemad@gentoo.org>
  asterisk-1.8.19.1.ebuild:
  x86 stable, see bug 449828

*asterisk-11.1.1 (02 Jan 2013)
*asterisk-10.11.1 (02 Jan 2013)
*asterisk-1.8.19.1 (02 Jan 2013)

  02 Jan 2013; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.8.15.1.ebuild,
  -asterisk-1.8.18.1.ebuild, -asterisk-1.8.19.0.ebuild,
  +asterisk-1.8.19.1.ebuild, -asterisk-10.10.1.ebuild,
  -asterisk-10.11.0.ebuild, +asterisk-10.11.1.ebuild, -asterisk-11.0.2.ebuild,
  -asterisk-11.1.0.ebuild, +asterisk-11.1.1.ebuild:
  Security releases on all three branches; stop using stack allocations in TCP
  receive paths, as multiple packets may be concatenated together and overflow
  the stack as a result (CVE-2012-5976 / AST-2012-015). Never cache devices
  that are not associated with a physical entity, as to do so allows a denial
  of service through cache exhaustion (CVE-2012-5977 / AST-2012-014). Remove
  all non-stable vulnerable ebuilds. As requested by Sean Amoss in bug #449828.

  01 Jan 2013; Andreas K. Huettel <dilfridge@gentoo.org> +ChangeLog-2012:
  Split ChangeLog.

  For previous entries, please see ChangeLog-2012.