CVSROOT: /cvs Module name: ports Changes by: st...@cvs.openbsd.org 2012/04/11 09:12:47
Modified files: telephony/asterisk: Tag: OPENBSD_5_1 Makefile distinfo telephony/asterisk/patches: Tag: OPENBSD_5_1 patch-bootstrap_sh patch-channels_chan_unistim_c patch-configure_ac telephony/asterisk/pkg: Tag: OPENBSD_5_1 DESCR-main PLIST-main Added files: telephony/asterisk/patches: Tag: OPENBSD_5_1 patch-addons_chan_ooh323_c patch-addons_chan_ooh323_h patch-pbx_pbx_spool_c Removed files: telephony/asterisk/patches: Tag: OPENBSD_5_1 patch-channels_h323_ast_h323_cxx patch-channels_h323_ast_h323_h patch-main_asterisk_c Log message: MFC update to asterisk 1.8.11.0, relative to previous version this includes fixes for various crash/deadlock problems and the following SECURITY problems: AST-2012-002: stack buffer overflow (remote unauthenticated sessions). requires a dialplan using the Milliwatt application with the 'o' option, and internal_timing off. Affects all 1.4+ Asterisk versions. AST-2012-003: stack buffer overflow (remote unauth'd sessions) in HTTP manager interface; triggered by long digest authentication strings. Code injection possibility. Affects 1.8+.