lp://staging/ubuntu/karmic-security/asterisk

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

52. By Dave Walker on 2009-12-07

* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
  - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
    check ACL for handling SIP INVITEs. This blocks calls on networks
    intended to be prohibited, by configuration. Based on upstream patch.
  - AST-2009-007
  - CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
  - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
    to stop a specially crafted series of requests returning valid usernames.
    Based on upstream patch.
  - AST-2009-008
  - CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
  - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
    comfort noise payload containing 24 bytes or greater is recieved.
  - AST-2009-010
  - CVE-2009-4055

51. By Dave Walker on 2009-09-22

* New upstream version, upstream is now DFSG compliant.
  - ilibc has been removed upstream.
  - Music on Hold is now cc-by-sa.
  - binary firmware iaxy.bin has been removed upstream.
* debian/rules: Santitised UPSTREAM variable for compatiability
  with Ubuntu and other variants.
* debian/control: Removed Debian Vcs-Svn entry and replaced
  with ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
* patches/makefile_appdocs_dtd: Removed, merged upstream.
* patches/disable_moh: Previosly disabled, removed from pool.
* patches/ubuntu-banner: Ported debian-banner to display Ubuntu
  centric bug report information.
* Refresh quilt patches

50. By Kees Cook on 2009-09-03

debian/{control,rules}: enable hardened options to gain PIE build
(Debian bug 542741).

49. By Jean-Michel Dault on 2009-08-20

* Merge from Debian.
  - Lsb patches dropped: fixed upstream
  - Patch for LP #350732 dropped: fixed upstream
* Added:
  - Add support for web interface
  - Don't enable voicetronix cards by default
  - Chown /dev/dahdi in init script
  - Add files for potential backports
  - Change maintainer
  - Standards version 3.8.3

* Debian changes

 [ Faidon Liambotis ]
 * Fix FTBFS on armel. (Closes: #532971)

 [ Tzafrir Cohen ]
 * New upstream beta.
 * Patch hardware_dtmf_mute_fix removed: Applied upstream.
 * No need for a separate app_directory_odbc (will use app_voicemail_odbc).
 * Fix name of voicemail 'openssl' dep. (Thomas Renard) (Closes: #539150)

48. By Faidon Liambotis on 2009-07-28

[ Faidon Liambotis ]
* New upstream release.
  - Drop patches astvarrundir, pubkey_jnctn; merged upstream (finally!).
  - Adapt patch safe_asterisk-nobg.
* Switch to downloads.asterisk.org instead of downloads.digium.com.
* Add depends on libxml2-dev for the new XML documentation.
* Remove Conflicts/Replaces with asterisk-classic, asterisk-bristuff,
  asterisk-chan-capi (<< 1.1.1-1~), since those are pre-lenny.
* Revert upstream's r190830 that ported app_osplookup to OSP Toolkit 3.5;
  the API is not backwards compatible and Debian still has 3.4.2.
* Accommodate for the rename of libcap2-dev to libcap-dev (Closes: #532971).
* Add dependency to libspandsp to build the fax applications.
* Update Standards-Version to 3.8.2, no changes needed.
* Remove init script's "zaptel-fix" action; there's no zaptel anymore and
  was also lintian-buggy in its current form.
* Don't include /var/run/asterisk in the package, it is created at boot-time
  by the init script (thanks lintian).
* Remove asterisk-progdocs: it is of very limited use but a) is enormous in
  size and b) takes too long to build.
* Re-enable and port to 1.6 the h323 segfault patch, apparently it's still
  needed.
* Fix asterisk's Makefiles so that the openh323/libpt dependencies are added
  to chan_h323.so instead of the main asterisk binary.
* Fix astgenkey to respect system's umask. Thanks Jonas Smedegaard.
  (Closes: #531730)
* Create /var/log/asterisk/* directories if non-existent, for /var/log on
  tmpfs scenarios. Thanks martin f krafft! (Closes: #524015)
* Use the lsb-base standard way of gathering and reporting status in the
  init script. Thanks Dustin Kirkland and Ubuntu! (Closes: #506453)
* Fix debian/rules so that configure isn't called twice during a build.
* Install Zaptel-to-DAHDI.txt, explains the migration procedure from Zaptel
  to DAHDI and is therefore useful when upgrading from lenny.

[ Tzafrir Cohen ]
* New upstream release.
  - Fixes that bashism in safe_asterisk (Closes: #530047) (not dashism).
  - Dropped patch astcanary_startup: merged upstream.
* Patch makefile_appdocs_dtd: fix location of DTD installation.
* Register the HTML docs with doc-base as well.

47. By François Marier on 2009-03-29

Fix for IAX2 encrypted channels dropping out due to normal packet loss
(LP: #350732)

46. By Bhavani Shankar on 2009-01-05

* Merge from debian unstable, remaining changes: LP: #313988
  - debian/asterisk.init: Fix status action so that it returns the
    LSB-compliant return codes
  - debian/control: added lsb-base dependency for using status_of_proc.

45. By Luca Falavigna on 2008-12-22

Build-depend on libc-client2007b-dev.

44. By Dustin Kirkland  on 2008-11-21

* Merge from debian unstable, remaining changes:
  - debian/asterisk.init: Fix status action so that it returns the
    LSB-compliant return codes (Debian Bug: #)
  - debian/control: added lsb-base dependency for using status_of_proc;
    switch to libc-client2007b-dev build-dependency

43. By Thierry Carrez on 2008-09-29

* debian/asterisk.init: Fix status action so that it returns the
  LSB-compliant return codes (LP: #248947)
* debian/control: added lsb-base dependency for using status_of_proc