Change logs for asterisk source package in Sid

  • asterisk (1:20.4.0~dfsg+~cs6.13.40431414-2) unstable; urgency=medium
    
      * build-depend on liblua5.1-dev (not liblua5.2-dev);
        closes: bug#1050625, thanks to Bastian Germann and David
      * update DEP-3 patch headers
    
     -- Jonas Smedegaard <email address hidden>  Sun, 27 Aug 2023 17:23:31 +0200
  • asterisk (1:20.4.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * stop depend on lsb-base
      * update watch file:
        + fixate component pjproject at upstream release 2.13.1
      * unfuzz patches
      * update copyright info: update coverage
    
     -- Jonas Smedegaard <email address hidden>  Fri, 04 Aug 2023 21:53:23 +0200
  • asterisk (1:20.3.0~dfsg+~cs6.13.40431413-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * unfuzz patches
      * fix cleanup to support double build;
        thanks to ideal.bowl5022
      * generate core documentation from markdown sources;
        skip generate manpage when nodoc is set;
        build-depend on cmark-cfm
    
     -- Jonas Smedegaard <email address hidden>  Wed, 21 Jun 2023 08:35:49 +0200
  • asterisk (1:20.2.1~dfsg+~cs6.13.40431413-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * update watch file:
        + fixate component pjproject at upstream release 2.13
      * update copyright info: update coverage
      * unfuzz patches
    
     -- Jonas Smedegaard <email address hidden>  Thu, 20 Apr 2023 20:31:59 +0200
  • asterisk (1:20.1.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
     -- Jonas Smedegaard <email address hidden>  Fri, 13 Jan 2023 00:26:47 +0100
  • asterisk (1:20.0.1~dfsg+~cs6.12.40431414-1) unstable; urgency=high
    
      [ upstream ]
      * new release
        * closes: bug#1017004, thanks to Neil Williams;
          also fixes these upstream bugs:
          ASTERISK-30103 ASTERISK-30176 ASTERISK-30244 ASTERISK-30338
          CVE-2022-37325 CVE-2022-42706 CVE-2022-42705 CVE-2022-39244
          CVE-2022-31031
          GHSA-26j7-ww69-c4qj GHSA-fq45-m3f7-3mhj
    
      [ Jonas Smedegaard ]
      * fix build module chan_sip;
        closes: bug#1024443, thanks to James Bottomley
      * add NEWS entry about new AMI live_dangerously option
      * set urgency=high due to multiple security bugfixes
    
     -- Jonas Smedegaard <email address hidden>  Thu, 08 Dec 2022 09:51:21 +0100
  • asterisk (1:20.0.0~dfsg+~cs6.12.40431414-2) unstable; urgency=medium
    
      * re-release for building with auto-builder
    
     -- Jonas Smedegaard <email address hidden>  Thu, 10 Nov 2022 15:21:24 +0100
  • asterisk (1:20.0.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
     -- Jonas Smedegaard <email address hidden>  Wed, 19 Oct 2022 18:49:49 +0200
  • asterisk (1:18.14.0~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * update watch file: simplify regex
      * relax to build-depend on default-libmysqlclient-dev
        for all architectures
      * unfuzz patches
    
     -- Jonas Smedegaard <email address hidden>  Tue, 23 Aug 2022 17:40:49 +0200
  • asterisk (1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1) unstable; urgency=medium
    
      [ upstream ]
      * new pre-release;
        embeds an updated PJProject, fixing multiple security issues;
        CVE-2022-24764 CVE-2022-24763 CVE-2022-24786
        CVE-2022-24792 CVE-2022-24793;
        closes: bug#1014976
    
      [ Jonas Smedegaard ]
      * update watch file:
        + fixate component pjproject at upstream release 2.12.1
        + track pre-releases
      * update copyright info:
        + update primary Source URI
        + update coverage
    
     -- Jonas Smedegaard <email address hidden>  Sat, 30 Jul 2022 10:16:47 +0200
  • asterisk (1:18.12.0~dfsg+~cs6.12.40431413-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * update watch file:
        + fixate component pjproject at upstream release 2.12
          (not asterisk fork of 2.10)
      * update copyright info: update coverage
      * update and unfuzz patches
      * declare compliance with Debian Policy 4.6.1
    
     -- Jonas Smedegaard <email address hidden>  Thu, 12 May 2022 22:37:38 +0200
  • asterisk (1:18.11.2~dfsg+~cs6.10.40431413-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * update copyright info: update coverage
    
     -- Jonas Smedegaard <email address hidden>  Sun, 17 Apr 2022 15:59:40 +0200
  • asterisk (1:18.11.1~dfsg+~cs6.10.40431413-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * use semantic newlines in long description and copyright fields
      * stop provide module chan_vpb failing to build:
        + add patch cherry-picked upstream
          to remove deprecated module chan_vpb
        + drop binary package asterisk-vpb
        + stop build-depend on libvpb-dev
        + add notice in NEWS
      * update and unfuzz patches
    
     -- Jonas Smedegaard <email address hidden>  Wed, 06 Apr 2022 15:22:41 +0200
  • asterisk (1:18.10.1~dfsg+~cs6.10.40431411-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
     -- Jonas Smedegaard <email address hidden>  Mon, 07 Mar 2022 19:02:16 +0100
  • asterisk (1:18.10.0~dfsg+~cs6.10.40431411-2) unstable; urgency=medium
    
      * fix teardown function in autopkgtest
      * fix build module app_macro, and simplify build configuration:
        + revert build rules to explicitly set menuselect target file
        + reduce and rename patch 2004
        + drop related obsolete patches 2003 2005 2007 2009 2017
        closes: bug#1005381, thanks to James Bottomley
      * drop unused obsolete h323 patches 1002 1003 1005
      * omit build-depending on default-libmysqlclient-dev
        for architectures where the package is unavailable
    
     -- Jonas Smedegaard <email address hidden>  Sat, 12 Feb 2022 19:24:51 +0100
  • asterisk (1:18.10.0~dfsg+~cs6.10.40431411-1) unstable; urgency=medium
    
      [ upstream ]
      * new release
    
      [ Jonas Smedegaard ]
      * drop patches cherry-picked upstream now applied
      * unfuzz patches
      * update TODOs
    
     -- Jonas Smedegaard <email address hidden>  Fri, 11 Feb 2022 10:41:21 +0100
  • asterisk (1:16.23.0~dfsg+~cs6.10.40431411-1) unstable; urgency=medium
    
      * embed project asterisk-opus as component;
        add patches 2015 2016 to integrate opus module with asterisk;
        integrate opus module with build rules;
        have asterisk-modules replace and break asterisk-opus
      * update copyright info: update coverage
      * relax to build-depend unversioned on libjansson-dev:
        required version satisfied in all supported Debian releases
      * build-depend on libneon27-dev
        (not libneon27-gnutls-dev, with libneon27-dev only as fallback);
        drop fallback build-dependencies
        for libcurl4-openssl-dev libradcli-dev
      * build-depend on liblua5.2-dev (not liblua5.1-0-dev)
      * build-depend on libcodec2-dev libfftw3-dev libsndfile1-dev
    
     -- Jonas Smedegaard <email address hidden>  Fri, 04 Feb 2022 00:40:53 +0100
  • asterisk (1:16.23.0~dfsg+~cs6.10.20220309-2) unstable; urgency=medium
    
      * update debhelper script dh_asterisk:
        + fix move excess paragraphs from POD section NAME to DESCRIPTION
        + fix reference man page debhelper(7) (not bogus debhelper(1)
        + add POD section COPYRIGHT AND LICENSE
        + simplify POD section SYNOPSIS
        + drop POD sections OPTIONS (superfluous) and NOTES (bogus)
        + fix typo in POD section DESCRIPTION
        + extend POD section DESCRIPTION
          to mention dh-sequence-asterisk (inspired by POD of dh_perl_openssl)
      * provide virtual package asterisk-abi-* (not asterisk-*),
        and have dh_asterisk generate matching package variable
        ${asterisk:Depends} (not the core less intuitive ${asterisk:ABI})
      * generate and install manpage for dh_asterisk;
        build-depend on perl
      * cherry-pick bugfix patches upstream; unfuzz remaining patches
    
     -- Jonas Smedegaard <email address hidden>  Sun, 23 Jan 2022 15:33:47 +0100
  • asterisk (1:16.23.0~dfsg+~cs6.10.20220309-1) unstable; urgency=medium
    
      * finalize and install debhelper script dh_asterisk;
        have asterisk-dev depend on debhelper perl:any,
        and provide virtual package dh-sequence-asterisk
      * relax to generate temporary PJPROJECT tarball sloppily:
        reproducibility or stable md5sum unneeded
      * fix avoid insecure hardcoded path below /tmp during build
      * rename and renumber patches;
        add file debian/patches/README to source
        documenting patch naming micro policy
      * drop vp8 patch, superseded by package asterisk-opus
      * embed project asterisk-amr as component;
        drop patch amr
      * embed project mp3 as component;
        drop patch mpglib
      * update copyright info:
        + fix avoid bdimad files from embedded PJPROJECT
          when repackaging upstream source:
          not freely licensed
        + update coverage
      * unfuzz patches
      * integrated embedded project mp3 with build rules
      * add patches 2011 2012 to integrate module amr with asterisk;
        update build rules to integrate module amr code files
      * add patch 2013 to integrate mp3 module with asterisk;
        update build rules to integrate mp3 module
      * add/update DEP-3 patch headers
      * add patch 2014
        to avoid non-free PJPROJECT audio device driver bdimad
    
     -- Jonas Smedegaard <email address hidden>  Sun, 23 Jan 2022 00:08:30 +0100
  • asterisk (1:16.23.0~dfsg+~2.10-1) unstable; urgency=medium
    
      [ upstream ]
      * new release(s)
    
      [ Jonas Smedegaard ]
      * update git-buildpackage config:
        + filter-out any .git* file
        + use DEP14 branch naming scheme
        + add usage comment
      * resolve PJPROJECT version from embedded source
      * update copyright info: update coverage
      * drop patches cherry-picked upstream now applied
      * update and unfuzz patches
      * fix relax autopkgtest: set allow-stderr
      * stop set obsolete menuselect option codec_opus_open_source
    
     -- Jonas Smedegaard <email address hidden>  Fri, 21 Jan 2022 03:25:41 +0100
  • asterisk (1:16.16.1~dfsg+~2.10-2) unstable; urgency=medium
    
      * fix sysV init file to align with mariadb (not mysql);
        closes: bug#1003925, thanks to Roel van Meer
      * fix silently broken patch systemd;
        closes: bug#985314, thanks to Sergio Durigan Junior
      * unfuzz patches, with shortening quilt options
      * Trim trailing whitespace.
      * Use secure URI in Homepage field.
      * Update renamed lintian tag names in lintian overrides.
      * Drop transition for old debug package migration.
      * stop set CFLAGS=-fgnu89-inline,
        as GCC 5.x was supported upstream since late 2015
        (see also bug#777782)
      * explicitly disable BUILD_NATIVE,
        and stop set CFLAGS and LDFLAGS in configure
        (only in make menuselect)
      * tighten bug closures in changelog,
        for slightly better readability
        and to avoid confusing lintian-brush
      * stop export build flags: they are passed as arguments
      * let dh_auto_config resolve core configure options
      * revive upstream optimization flags
        unless DEB_BUILD_OPTIONS=noopt
      * support DEB_BUILD_OPTIONS=terse
      * fix install file CHANGES as upstream changelog,
        and more detailed ChangeLog only with asterisk-doc
      * use debhelper compatibility level 13 (not 10);
        stop install duplicates in package asterisk-doc
        now that its install path coincide with package asterisk;
        build-depend on debhelper-compat (not debhelper)
      * adapt install routines and helper scripts to use multiarch paths;
        add NEWS entry about this change
      * fix install phoneprov XML files
      * explicitly list a few images, contrib scripts and sample website
        as not-installed
      * fix install a manpage (not corresponding script)
        into manpage directory
      * install main header file only below /usr/include
        (i.e. drop transitional symlinking done in 2008)
      * install most possible manpages from upstream-installed locations,
        to ease detecting missed install files
      * update copyright info:
        + use SPDX shortname Apache-2.0
        + drop unused License section LGPL-2.1
        + fix Files section for codecs/gsm,
          covering both left-truncating wildcard
          and an explicit file overriding right-truncating wildcard,
          to list it _after_ right-truncating wildcard Files sections
      * fix have asterisk pre-depend on misc:Pre-Depends,
        needed by systemd calls in maintainer scripts
    
     -- Jonas Smedegaard <email address hidden>  Thu, 20 Jan 2022 10:33:17 +0100
  • asterisk (1:16.16.1~dfsg+~2.10-1) unstable; urgency=medium
    
      * update copyright info:
        + use Reference field (not License-Reference);
          tighten lintian overrides
        + fix add License fields GPL-2+ GPL-3+
        + fix interpret unversioned GPL/LGPL to mean any version
        + add comment about ambiguous statement
          for file include/jitterbuf.h
        + normalize copyright holders lists
        + fix list all wildcard directories (i.e. right truncation)
          before wildcard files (i.e. left truncation)
        + normalize files lists
        + add coverage for my packaging contributions
        + update coverage
        + refine source repackaging hints:
          stop avoid files no longer included upstream
          exclude non-DFSG pjproject files
        + use more SPDX(ish) shortnames
        + sort License sections alphabetically
        + fix cover pjproject files;
          drop non-autoritative file debian/copyright.pjproject
        + update coverage
        + declare pjproject source URI
      * update watch file:
        + stop force repackaging; stop set compression
        + set dversionmangle=auto
        + set pgpmode=auto (and stop set pgpsigurlmangle)
        + tighten match pattern
        + update usage comment
      * embed pjproject:
        + define as component with git-buildpackage and uscan
        + build from embedded files
        + stop include manually prepared embedded tarball
        + drop obsolete patch autoreconf-pjproject
      * simplify source helper script copyright-check
      * drop file README.source from source:
        packaging no longer non-standard
    
     -- Jonas Smedegaard <email address hidden>  Sun, 16 Jan 2022 23:17:14 +0100
  • asterisk (1:16.16.1~dfsg-4) unstable; urgency=medium
    
      [ Utkarsh Gupta ]
      * Set default systemd config to avoid console output to syslog.
        (Closes: #985314, #971090)
    
     -- Bernhard Schmidt <email address hidden>  Mon, 01 Nov 2021 23:16:15 +0100
  • asterisk (1:16.16.1~dfsg-2) unstable; urgency=high
    
      * CVE-2021-32558 / AST-2021-008 (Closes: #991710)
        If the IAX2 channel driver receives a packet that contains an unsupported
        media format it can cause a crash to occur in Asterisk
      * CVE-2021-32686 / AST-2021-009 (Closes: #991931)
        pjproject/pjsip: crash when SSL socket destroyed during handshake
    
     -- Bernhard Schmidt <email address hidden>  Fri, 06 Aug 2021 15:35:20 +0200
  • asterisk (1:16.16.1~dfsg-1) unstable; urgency=medium
    
      * New minor upstream version 16.16.1~dfsg
        - CVE-2020-35776 / AST-2021-001 (Closes: #983158)
          Remote crash in res_pjsip_diversion
        - CVE-2021-26717 / AST-2021-002 (Closes: #983157)
          Remote crash possible when negotiating T.38
        - CVE-2021-26712 / AST-2021-003
          Remote attacker could prematurely tear down SRTP calls
        - CVE-2021-26713 / AST-2021-004
          An unsuspecting WebRTC user could crash Asterisk with multiple
          hold/unhold requests
        - CVE-2021-26906 / AST-2021-005 (Closes: #983159)
          Remote Crash Vulnerability in PJSIP channel driver
    
     -- Bernhard Schmidt <email address hidden>  Mon, 22 Feb 2021 21:45:24 +0100
  • asterisk (1:16.15.1~dfsg-1) unstable; urgency=medium
    
      * New upstream version 16.15.1~dfsg
        - CVE-2020-35652 / AST-2020-003 + AST-2020-004 (Closes: #979372)
          Remote crash in res_pjsip_diversion
    
     -- Bernhard Schmidt <email address hidden>  Sun, 17 Jan 2021 15:56:22 +0100
  • asterisk (1:16.15.0~dfsg-1) unstable; urgency=medium
    
      * New upstream version 16.15.0~dfsg. fixes to CVEs
        - CVE-2020-28327 / AST-2020-001 (Closes: #974712)
          Remote crash in res_pjsip_session
        - CVE-2020-28242 / AST-2020-002 (Closes: #974713)
          Outbound INVITE loop on challenge with different nonce
    
     -- Bernhard Schmidt <email address hidden>  Mon, 23 Nov 2020 13:19:33 +0100
  • asterisk (1:16.12.0~dfsg-1) unstable; urgency=medium
    
      * Add new upstream signing key
        F2FC93DB7587BD1FB49E045A5D984BE337191CE7
        Asterisk Development Team <email address hidden>
      * New upstream version 16.12.0~dfsg (Closes: #882145)
      * Update to pjproject 2.10
      * Also update d/source/include-binaries
      * Update Uploaders (Closes: #953442)
      * Fix setting the version number
    
     -- Bernhard Schmidt <email address hidden>  Tue, 01 Sep 2020 01:15:39 +0200
  • asterisk (1:16.10.0~dfsg-1) unstable; urgency=medium
    
      * Team upload.
      * d/watch: use https instead of http, it is more secure
      * New upstream version 16.10.0~dfsg
      * Remove patches applied by upstream and refresh the remaining ones
        - Patches applied by upstream: AST-2019-002.patch and AST-2019-003.patch
      * Repack pjproject version 2.9
      * d/TODO.Debian: rename to d/TODO, thanks to lintian
      * d/README.Debian: fix a typo, thanks to lintian
      * d/rules: do not use dpkg-parsechangelog to get source package version
      * d/copyright:
        - Update years of the upstream copyright
        - Remove unused paragraphs and files dropped by upstream
        - Use https instead of http in Format and Source fields
    
     -- Lucas Kanashiro <email address hidden>  Mon, 18 May 2020 19:50:39 -0300
  • asterisk (1:16.2.1~dfsg-2) unstable; urgency=high
    
      * AST-2019-002 / CVE-2019-12827
        Buffer overflow in res_pjsip_messaging (Closes: #931980)
      * AST-2019-003 / CVE-2019-13161
        Remote Crash Vulnerability in chan_sip (Closes: #931981)
    
     -- Bernhard Schmidt <email address hidden>  Sat, 13 Jul 2019 23:47:36 +0200
  • asterisk (1:16.2.1~dfsg-1) unstable; urgency=medium
    
      * New upstream version 16.2.1~dfsg
        - CVE-2019-7251 / AST-2019-001 (Closes: #923690)
          Remote crash vulnerability with SDP protocol violation
      * Bump dependency on libjansson-dev to >= 2.11 (required by upstream)
    
     -- Bernhard Schmidt <email address hidden>  Thu, 07 Mar 2019 23:13:24 +0100
  • asterisk (1:16.2.0~dfsg-1) unstable; urgency=medium
    
      * New upstream version 16.2.0~dfsg
    
     -- Bernhard Schmidt <email address hidden>  Wed, 20 Feb 2019 23:49:31 +0100
  • asterisk (1:16.1.1~dfsg-1) unstable; urgency=medium
    
      Upload new major version to unstable
    
      [ Bernhard Schmidt ]
      * New upstream version 16.1.1 (Closes: #886984, #917481)
        - build with embedded pjproject 2.8 (dfsg-repacked)
        - Add lintian overrides for bundled library
        - Reenable app_macro, many dialplans need it
      * Update d/watch for Asterisk 16.x
      * Add signing key for Chris Savinovich <email address hidden>
      * New upstream version 16.1.0~dfsg
      * README.Debian: Fix a typo found by lintian
      * Drop libsqlite0-dev, deprecated
      * Do not load any local channel drivers by default (Closes: #821392)
      * asterisk.service: Attempt to run with realtime priority by default
        (Closes: #801629)
      * Improve/fix some raceconditions in sysv-initscript.
        Thanks to Walter Doekes (Closes: #778746)
    
      [ Rob Thomas ]
      * Build-Depend on libunbound-dev for async DNS
    
     -- Bernhard Schmidt <email address hidden>  Fri, 11 Jan 2019 18:51:43 +0100
  • asterisk (1:13.23.1~dfsg-2) unstable; urgency=medium
    
      * Fix autopkgtest by parsing XML results (Closes: #909689)
    
     -- Bernhard Schmidt <email address hidden>  Thu, 03 Jan 2019 16:20:10 +0100
  • asterisk (1:13.23.1~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.23.1~dfsg
        - CVE-2018-17281 / AST-2018-009 (Closes: #909554)
          Remote crash vulnerability in HTTP websocket upgrade
      * Add lintian overrides for modules
    
     -- Bernhard Schmidt <email address hidden>  Tue, 25 Sep 2018 09:59:08 +0200
  • asterisk (1:13.22.0~dfsg-2) unstable; urgency=medium
    
      * Fix/enable autopkgtest
        - Do not log disabled tests to stderr
        - Look at the correct line in the summary for failed tests
    
     -- Bernhard Schmidt <email address hidden>  Wed, 05 Sep 2018 11:30:36 +0200
  • asterisk (1:13.22.0~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.22.0~dfsg
        - CVE-2018-12227 / AST-2018-008 (Closes: #902954)
          PJSIP endpoint presence disclosure when using ACL
        - pjsip: Increase maximum number of usable ciphers (Closes: #897412)
      * Drop d/p/no_uname, not necessary anymore
      * Drop d/p/radcli-detection.patch, applied upstream
      * Fix d/p/hack-multiple-app-voicemail for upstream libtdl drop
      * Unfuzz d/p/amr.patch and d/p/ffmpeg-detection.patch
      * Fix FTBFS due to wrong filename for dh_installdocs (Closes: #903412)
    
     -- Bernhard Schmidt <email address hidden>  Sun, 22 Jul 2018 23:31:23 +0200
  • asterisk (1:13.20.0~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.20.0 (Closes: #891227, #891228)
      * Reorganize upstream GPG keys
        - Split individual signing keys in separate files
        - Add new key for Ben Ford <email address hidden>: 0x073B0C1FC9B2E352
        - Add new key for Joshua Colp <email address hidden>:
          0xCDBEE4CC699E200EB4D46BB79E76E3A42341CE04
      * Fix missing/broken Closes: in previous changelog
      * Install realtime database schema into asterisk-doc
      * Point Vcs-* to salsa
    
     -- Bernhard Schmidt <email address hidden>  Tue, 03 Apr 2018 10:59:20 +0200
  • asterisk (1:13.18.5~dfsg-1) unstable; urgency=medium
    
      * New upstream release:
        - CVE-2017-17850 / AST-2017-014 (closes: #885072)
        - AST-2017-012: Remote Crash Vulnerability in RTCP Stack
      * Re-add support for snmp (Closes #851738)
      * Don't load dundi, mgcp, skinny and unistim by default
      * Avoid parallel build in 'make install'
      * tests: realpath is now in coreutils
      * asttestmods: enable res_pjsip_pubsub tests
      * asttestmods: run asterisk as user asterisk
      * asttestmods: disable module test_cel for now
    
     -- Tzafrir Cohen <email address hidden>  Thu, 28 Dec 2017 00:20:16 +0200
  • asterisk (1:13.18.3~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.18.3~dfsg
        - CVE-2017-17090 / AST-2017-013
          DOS Vulnerability in Asterisk chan_skinny (Closes: #883342)
      * Drop duplicate filter line from d/gbp.conf
    
     -- Bernhard Schmidt <email address hidden>  Thu, 07 Dec 2017 15:20:29 +0100
  • asterisk (1:13.18.1~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.18.1~dfsg
        - CVE-2017-16671 / AST-2017-010
          Buffer overflow in CDR's set user (Closes: #881257)
        - CVE-2017-16672 / AST-2017-011
          Memory/File Descriptor/RTP leak in pjsip session resource
          (Closes: #881256)
        - Drop gmime-3.x and srtp 2.1 support patches applied upstream
        - Drop pjsip_unresolved_symbol.patch applied upstream
      * reproducibility: Sort order of input files for core-en_US.xml generation
      * Drop dh --with autotools_dev, default in compat 10
      * Add Multi-Arch: foreign to -dev and -doc
      * Remove deprecated priority extra
    
     -- Bernhard Schmidt <email address hidden>  Thu, 09 Nov 2017 23:35:12 +0100
  • asterisk (1:13.17.2~dfsg-2) unstable; urgency=medium
    
      * Build against libsrtp2
        - Add versioned b-d to pjproject 2.7 built with libsrtp2
        - d/p/libsrtp-2.1.x.patch: Upstream patch to support libsrtp 2.1.x
      * Transition to gmime 3.0 (Closes: #867346)
        - d/p/gmime-3.0.patch: Upstream patch to support gmime 3.0
      * Bump Standards-Version to 4.1.1, drop obsolete build-deps
      * Fix reproducible builds by overwriting kernel version and
        machine architecture
    
     -- Bernhard Schmidt <email address hidden>  Fri, 06 Oct 2017 23:27:22 +0200
  • asterisk (1:13.17.2~dfsg-1) unstable; urgency=high
    
      * New upstream version 13.17.2~dfsg
        - CVE-2017-14603 / AST-2017-008
          This is a follow-up for AST-2017-005: RTP/RTCP information leak
          improving robustness of the security fix and fixing a regression
          with re-INVITEs (Closes: #876328)
    
     -- Bernhard Schmidt <email address hidden>  Sat, 23 Sep 2017 20:41:06 +0200
  • asterisk (1:13.17.1~dfsg-1) unstable; urgency=high
    
      * New upstream version 13.17.1, fixing three CVEs
        - CVE-2017-14099 / AST-2017-005
          Media takeover in RTP stack ("RTP bleed") (Closes: #873907)
        - CVE-2017-14100 / AST-2017-006
          Shell access command injection in app_minivm (Closes: #873908)
        - CVE-2017-14098 / AST-2017-007
          Remote Crash Vulerability in res_pjsip (Closes: #873909)
    
     -- Bernhard Schmidt <email address hidden>  Sat, 02 Sep 2017 22:34:09 +0200
  • asterisk (1:13.17.0~dfsg-2) unstable; urgency=medium
    
      * Build with -Wl,--as-needed
      * Add patch to (hopefully) build reproducibly
      * Temporarily add libavdevice-dev to b-d to work around
        pjproject issue
    
     -- Bernhard Schmidt <email address hidden>  Thu, 17 Aug 2017 21:10:03 +0200
  • asterisk (1:13.17.0~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.17.0
        - Dropped OpenSSL 1.0 patches: merged upstream.
        - Dropped 859911-pjsip-set-rtp-source-address patches: merged upstream.
        - Dropped pjsip_unresolved_symbol.patch: merged upstream.
        - Dropped AST-2017-004.patch: merged upstream.
        - Closes: #856332 (specifically: just the example in pjsip.conf).
      * Added asterisk-tests package: internal tests. Not otherwise useful.
        - New ABI hash: 1fb7f5c06d7a2052e38d021b3d8ca151.
      * Added autopkgtest test based on them.
    
     -- Tzafrir Cohen <email address hidden>  Thu, 03 Aug 2017 23:20:22 -0400
  • asterisk (1:13.14.1~dfsg-2) unstable; urgency=high
    
      [ Tzafrir Cohen ]
      * CVE-2017-9358 / AST-2017-004: Memory exhaustion on short SCCP packets
        (Closes: #863906)
      * Documentation updates in debian/:
        - d/p/test_framework.patch: no longer an upstream issue
        - d/asterisk-config-custom:
          - fix typo: buildbuildpackage (Closes: #860902)
          - add comment that dpkg-buildpackage comes from dpkg-dev
    
     -- Bernhard Schmidt <email address hidden>  Fri, 02 Jun 2017 14:40:15 +0200
  • asterisk (1:13.14.1~dfsg-1) unstable; urgency=medium
    
      * New upstream version 13.14.1
        - Fixes AST-2017-001 (Buffer overflow in CDR's set user) (Closes: #859910)
      * Import upstream fix to set the RTP source address to the address bound by
        the PJSIP transport (Closes: #859911)
    
     -- Bernhard Schmidt <email address hidden>  Mon, 10 Apr 2017 12:53:03 +0200
  • asterisk (1:13.14.0~dfsg-1) unstable; urgency=medium
    
      [ Bernhard Schmidt ]
      * New upstream version 13.14.0~dfsg
        - Fixes RTP error on systems with disabled IPv6 (Closes: #853792)
        - Fixes asymetric RTP codec selection (Closes: #855014)
      * drop pjsip_improve_logging.patch, applied upstream
      * drop configure-osarch, applied upstream
    
     -- Bernhard Schmidt <email address hidden>  Tue, 14 Feb 2017 21:54:29 +0100
  • asterisk (1:13.13.1~dfsg-4) unstable; urgency=medium
    
      * Depend on asterisk-core-sounds-en instead of -gsm
    
     -- Bernhard Schmidt <email address hidden>  Tue, 24 Jan 2017 14:14:03 +0100
  • asterisk (1:13.13.1~dfsg-3) unstable; urgency=medium
    
      [ Bernhard Schmidt ]
      * Patch from upstream: pjsip_improve_logging.patch to improve logging
        levels in pjproject/chan_pjsip (Closes: #849804).
        Thanks to Joerg Dorchain for testing.
      * Disable SNMP support for now
        libsnmp-dev pulls in libssl1.0-dev, which is not coinstallable with
        libssl-dev needed by Asterisk and all other dependencies
    
     -- Bernhard Schmidt <email address hidden>  Tue, 17 Jan 2017 22:26:14 +0100
  • asterisk (1:13.13.1~dfsg-2) unstable; urgency=medium
    
      [ Tzafrir Cohen ]
      * test_framework.patch: fix ABI
      * Add a DAHDI hook script for Asterisk (Closes: #848584)
    
      [ Bernhard Schmidt ]
      * disable the open-source Opus and VP8 codec
        - these are built out-of-tree in asterisk-opus now, add Suggests
    
     -- Bernhard Schmidt <email address hidden>  Sun, 25 Dec 2016 19:54:12 +0100
  • asterisk (1:13.13.1~dfsg-1) unstable; urgency=medium
    
      [ Bernhard Schmidt ]
      * New upstream version 13.13.1~dfsg
        - Fix AST-2016-008 (Closes: #847666, but the Debian package was most
          likely not vulnerable due to a patched Opus implementation)
        - Fix AST-2016-009 / CVE-2016-9938 (Closes: #847668)
      * Drop fix_libedit_unicode.patch, applied upstream
      * Drop HURD patches, applied upstream
      * Drop changes to res/res_format_attr_opus.c from opus.patch
      * Add pjsip_unresolved_symbol.patch to fix unresolved symbol in chan_pjsip
    
     -- Bernhard Schmidt <email address hidden>  Sun, 18 Dec 2016 14:48:07 +0100
  • asterisk (1:13.12.2~dfsg-2) unstable; urgency=medium
    
      [ Bernhard Schmidt ]
      * Import upstream fix for libedit unicode garbage (Closes: #845144)
    
     -- Bernhard Schmidt <email address hidden>  Thu, 01 Dec 2016 20:13:27 +0100
  • asterisk (1:13.12.2~dfsg-1) unstable; urgency=medium
    
      [ Tzafrir Cohen ]
      * libsystemd is needed for sd_notify support
      * upstreaming radcli-detection.patch
    
      [ Bernhard Schmidt ]
      * Additional upstream signing key for Rusty Newton <email address hidden>
      * New upstream version 13.12.2~dfsg
    
     -- Bernhard Schmidt <email address hidden>  Sun, 13 Nov 2016 20:58:36 +0100
  • asterisk (1:13.12.1~dfsg-1) unstable; urgency=medium
    
      * New upstream release. 
      * Update opus patch, add libopusfile-dev build-dep
      * Use startup notification in systemd unit
      * no_native_arch.patch: avoid -march=native (Closes: #842917)
      * Preliminary OpenSSL 1.1.0 support (Closes: #828240)
        - d/p/OpenSSL-1.1.0-support.patch from Tzafrir Cohen
        - d/p/OpenSSL-1.1.0-support-2.patch suggested by Stepan Golosunov
      * Install files for REST API (Closes: #836924)
      * Bump to debhelper 10, enabling parallel build (Closes: #778751)
      * Migrate to Automatic Debug Packages (-dbgsym)
      * Add Bernhard Schmidt to uploaders
    
     -- Bernhard Schmidt <email address hidden>  Wed, 09 Nov 2016 09:22:35 +0100
  • asterisk (1:13.11.2~dfsg-1) unstable; urgency=medium
    
      * Update d/u/signing-keys.asc for 13.11.2
        - Add Matthew Fredrickson (0x8438CBA18D0CAA72)
        - Drop Joshua Colp (0xDAB29B236B940F89)
      * New upstream version 13.11.2~dfsg
        - Update d/p/systemd.patch for new release
        - Refresh/unfuzz patches
        - fixes CVE-2016-7550 (Closes: #838833)
        - fixes CVE-2016-7551 (Closes: #838832)
      * Build-depend on libradcli-dev again, libfreeradius-client-dev is dropped
        from sid (Closes: #836953)
      * fix obsolete build-dep libmysqlclient-dev -> default-libmysqlclient-dev
      * add lsb-base dependency to asterisk
    
     -- Bernhard Schmidt <email address hidden>  Thu, 27 Oct 2016 13:06:22 +0200
  • asterisk (1:13.10.0~dfsg-1) unstable; urgency=medium
    
      [ upstream ]
      * New release(s).
    
      [ Jonas Smedegaard ]
      * Update upstream signing-key:
        + Add Richard Mudgett (0x6CB44E557BD982D8).
        + Drop Rusty Newton (0x123FD04E861FFB7D).
        + Drop Matthew Fredrickson (0x8438CBA18D0CAA72).
      * Update AMR patch.
      * Unfuzz patches.
      * Update copyright info.
    
     -- Jonas Smedegaard <email address hidden>  Mon, 29 Aug 2016 17:07:40 +0200
  • asterisk (1:13.9.1~dfsg-2) unstable; urgency=medium
    
      [ Tzafrir Cohen ]
      * provide a usable sounds/priv-callerintros
    
      [ Jonas Smedegaard ]
      * Fix override dh_install only for architecture-dependent targets.
        Closes: Bug#821018. Thanks to Santiago Vila.
      * Build-depend on libfreeradius-client-dev, with libradcli-dev only as
        fallback (see bug#825121).
    
     -- Jonas Smedegaard <email address hidden>  Fri, 15 Jul 2016 04:40:40 +0200
  • asterisk (1:13.9.1~dfsg-1) unstable; urgency=medium
    
      [ upstream ]
      * New release(s).
    
      [ Jonas Smedegaard ]
      * Update copyright info:
        + Fix cover BSD-4-Clause, BSD-3-Clause, GSM, and ISC licensed files.
        + Fix extend coverage for main upstream author.
        + Fix extend Files section for ooh323.
        + Fix add more copyright holders to initial catch-all Files section,
          and merge with more specific same-licensed Files sections.
        + Fix update and merge unrestricted licensed files.
        + Fix distinguish plain GPL licensed files from those referencing
          Asterisk exceptions.
        + Fix drop Files sections for files with no copyright or licensing
          statements.
        + Fix interpret "GPL is fine" grant as plain GPL-2 (without Asterisk
          exceptions).
        + Fix copyright holder and mention of additional WOL license.
        + Mention alternative LGPL license.
        + Use license grant and tidy comments for GPL licensed files.
        + Fix add files in the public domain.
        + Fix file path (track patch not patch content).
        + Fix strip trailing / from excluded files.
          Thanks to Vasuded Kamath.
      * Add copyright-check scripts to source package.
      * Declare compliance with Debian Policy 3.9.8.
    
     -- Jonas Smedegaard <email address hidden>  Wed, 15 Jun 2016 09:08:54 +0200
  • asterisk (1:13.8.2~dfsg-1) unstable; urgency=medium
    
      [ Tzafrir Cohen ]
      * New upstream release (Fixes AST-2016-005).
      * systemd: only restart on failure
    
      [ Jonas Smedegaard ]
      * Link against radcli favored over freeradius-client/radiusclient-ng:
        + Add patch to autodetect radcli.
        + Build-depend on libradcli-dev, with libfreeradius-client-dev or
          libradiusclient-ng-dev only as fallbacks.
        Closes: Bug#822339. Thanks to Daniel Pocock.
      * Enable PJProject and FFMpeg: Both projects has re-entered testing.
    
     -- Jonas Smedegaard <email address hidden>  Wed, 18 May 2016 14:44:34 +0200
  • asterisk (1:13.7.2~dfsg-1) unstable; urgency=medium
    
      [ upstream ]
      * New minor releases.
        + Fixes AST-2015-001.
          CVE-2015-1558. Closes: Bug#780601.
        + Fixes AST-2015-002.
          Related to CVE-2014-8150.
    
      [ Jonas Smedegaard ]
      * Update patches:
        + Unfuzz patches enable_addons smsq_enable.
        + Refresh and tighten all patches.
        + Add/update DEP3 patch headers, with long descriptions embedded in
          Description field.
      * Modernize Vcs-* field URLs:
        + Use https protocol.
        + Use cgit viewer.
      * Declare compliance with Debian Policy 3.9.7.
      * Wrap and sort control file.
      * Add myself as uploader.
      * Tidy copyright info: Strip trailing whitespace.
      * Drop/simplify obsolete versioning or fallbacks in build-dependencies
        or breaks/replaces.
      * Avoid X11-related on not-in-testing linkage (until in testing and
        X11-related binaries are in separate binary package).
        + Only enable PJProject, SDL or FFMpeg when targeted experimental.
        + Disable in non-experimental releases.
        + Ignore ABI drift on experimental builds.
        + Temporarily stop build-depend on libpjproject-dev.
        Closes: Bug#804460, #792303.
      * Fix build-depend only on libsrtp-dev (not also libsrtp0-dev).
      * Build-depend on liburiparser-dev, for (presumably) a more uniform
        URI parsing.
        Closes: Bug#786926.
      * Update watch file:
        + Bump to file format 4.
        + Always repackage, using xz.
        + Mangle debian version: strip ~dfsg suffix.
      * Update upstream PGP keyring: Add Joshua Colp (0xDAB29B236B940F89).
      * Git-ignore quilt .pc dir.
      * Have git-buildpackage filter upstream .gitignore files, enable
        signed tags, and enable use of pristine-tar.
      * Drop custom get-orig-source target: Use "gbp import-orig --uscan"
        instead.
      * Update copyright info:
        + Fix include reasons for repackaging in Source field (not separate
          Comment field) as mandated by file format 1.0.
        + Consider formats/msgsm.h as non-copyright-protected, with comment
          on reasoning.
        + Consider formats/msgsm.h as non-copyright-protected, with comment
          on reasoning.
        + Fix use License shortnames BSD-3-clause~IETF BSD-4-clause~Clapper
          (not BSD-3-clause).
        + Fix include full verbatim BSD-3-clause~IETF license.
        + Wrap at 72 chars.
        + Use "None" (not "-") as copyright holder for files in the public
          domain.
        + Strip non-license text.
        + Assume unversioned GPL is same as generally for the project.
        + Drop comment on audio data encoded as C header file lacking
          source: Upstream is free to choose that format as preferred form
          (similar to pnm for graphics).
        + Assume GTK+ dialogue code without explicit licensing has same
          license as project generally.
        + Use License-Grant and License-Reference fields.
          Thanks to Ben Finney.
      * Improve media support:
        + Add patch to add Opus codec module supporting transcoding.
        + Add patch to add VP8 format module supporting read/write to file.
        + Add patch to add AMR and AMR-WB modules supporting transcoding.
        + Add patches to support video in console.
        + Build-depend on libopus-dev libopencore-amrnb-dev
          libopencore-amrwb-dev libavcodec-dev libswscale-dev
          libsdl-image1.2-dev.
        Closes: bug#786972, #531728.
      * Bump ABI hash.
      * Add lintian override regarding license in License-Reference field.
        See bug#786450.
      * Tidy README.Debian: Fix typo.
      * Emit config.log if configure fails.
    
     -- Jonas Smedegaard <email address hidden>  Tue, 29 Mar 2016 16:31:49 +0200
  • asterisk (1:13.1.0~dfsg-1.1) unstable; urgency=medium
    
      * Non-maintainer upload.
    
      [ Matthias Klose ]
      * Build with -fgnu89-inline. Closes: #777782.
      * CVE-2015-1558: File descriptor leak when incompatible codecs are offered.
        Closes: #780601.
    
      [ James Cowgill ]
      * Fix OSARCH detection on all linux architectures. Closes: #780287.
    
     -- Matthias Klose <email address hidden>  Fri, 10 Jul 2015 12:56:51 +0200
  • asterisk (1:13.1.0~dfsg-1) unstable; urgency=high
    
    
      [ Tzafrir Cohen ]
      * New upstream release, fixes various security holes (Closes: #771463):
        - AST-2014-012 (CVE-2014-8412): Mixed IP address families in ACLs
          may permit unwanted traffic
        - AST-2014-013 (CVE-2014-8413): PJSIP ACLs not loaded at startup
        - AST-2014-014 (CVE-2014-8414): High call load may result in hung
          channels in ConfBridge
        - AST-2014-015 (CVE-2014-8415): Remote Crash Vulnerability in PJSIP
          channel driver
        - AST-2014-016 (CVE-2014-8416): Remote Crash Vulnerability in PJSIP
          channel driver
        - AST-2014-017 (CVE-2014-8417): Mark CONFBRIDGE as a sensitive
          function for external APIs
        - AST-2014-018 (CVE-2014-8418): Mark DB as a sensitive function for
          external APIs
        - AST-2014-019.patch (CVE-2014-9374): Remote Crash Vulnerability in
        WebSocket Server (Closes: #773230). 
      * The key file better be ascii-armoured, indeed
      * init script: kill with PID (Closes: #742783)
      * Describe patch astdatadir
    
      [ Stappers Geert ]
      * new file: debian/README.source (Closes: #772469).
      * asterisk-config-custom (Closes: #760032)
    
     -- Tzafrir Cohen <email address hidden>  Wed, 31 Dec 2014 14:58:53 +0200
  • asterisk (1:13.0.0~dfsg-2) unstable; urgency=medium
    
    
      * Patch bigendian: fix building chan_phone on big endian platforms.
      * Makefile_kfreebsd: Have Makefile's 'config' target install the same
        files as kFreeBSD as it does on Linux.
     -- Tzafrir Cohen <email address hidden>  Mon, 27 Oct 2014 23:13:36 +0200
  • asterisk (1:13.0.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release (Closes: #716931, #504741)
        - Patches merged upstream:
          - allow-tilde-destdir
          - dahdi_create_channels
          - enable_addons
          - escape_manpage_hyphen.patch
          - ignore_failed_channels.patch
          - neon_version_check.patch
          - pjproject
          - pri_destroy_span_prilist.patch
          - res_fax_bounds.patch
          - series
          - sigpri_handle_enodev_1.patch
      * A systemd service.
      * Compat level 9.
      * Extra build dependencies for Asterisk 13.
      * Re-enable chan_mgcp: work around a bug in menuselect? (Closes: #745718).
      * Some fixes to the copyright file.
    
     -- Tzafrir Cohen <email address hidden>  Sun, 26 Oct 2014 22:52:12 +0200
  • asterisk (1:11.13.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream release: fixes AST-2014-011 (CVE-2014-3566, POODLE).
    
     -- Tzafrir Cohen <email address hidden>  Sun, 26 Oct 2014 05:47:00 +0200
  • asterisk (1:11.13.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop aelparse_manpage.patch and smsq_manpage.patch, fixed upstream.
      * Fix an out of bounds error in res_fax.c.
      * Allow res_calendar_ews to work with neon 0.30.x (Closes: #761677).
      * Build with all hardening options enabled.
    
     -- Jeremy Lainé <email address hidden>  Fri, 26 Sep 2014 12:30:57 +0200
  • asterisk (1:11.12.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release, fixes:
        - AST-2014-010 a.k.a. CVE-2014-6610 (Closes: #762164).
    
     -- Jeremy Lainé <email address hidden>  Mon, 22 Sep 2014 09:53:31 +0200
  • asterisk (1:11.12.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop pbx_lua_regression patch, fixed upstream.
      * Make asterisk Provide asterisk-$$AST_BUILDOPT_SUM (Closes: #689109).
    
     -- Jeremy Lainé <email address hidden>  Wed, 20 Aug 2014 15:23:03 +0200
  • asterisk (1:11.11.0~dfsg-2) unstable; urgency=medium
    
    
      * Fix loading lua modules from pbx_lua (Closes: #756425).
      * Ship the aelparse utility (Closes: #747866).
    
     -- Jeremy Lainé <email address hidden>  Thu, 07 Aug 2014 13:00:58 +0200
  • asterisk (1:11.11.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
        - Drop safe_asterisk-config and safe_asterisk-nobg patches, fixed upstream
          in bug ASTERISK-23492.
        - Update pjproject patch.
      * Remove svn-upgrade from watch file.
    
     -- Jeremy Lainé <email address hidden>  Fri, 11 Jul 2014 00:59:13 +0200
  • asterisk (1:11.10.2~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release, fixes:
        - AST-2014-006: Asterisk Manager User Unauthorized Shell Access
        - AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
    
     -- Jeremy Lainé <email address hidden>  Fri, 13 Jun 2014 22:02:37 +0200
  • asterisk (1:11.10.0~dfsg-1) unstable; urgency=medium
    
    
      * New upstream release.
    
     -- Jeremy Lainé <email address hidden>  Mon, 02 Jun 2014 16:06:27 +0200
  • asterisk (1:11.9.0~dfsg-2) unstable; urgency=medium
    
    
      * Rollback changes to init script (Closes: #749024).
    
     -- Jeremy Lainé <email address hidden>  Tue, 27 May 2014 09:17:06 +0200
  • asterisk (1:11.9.0~dfsg-1) unstable; urgency=medium
    
    
      [ Jeremy Lainé ]
      * New upstream release.
        - Drop ASTERISK-23310 patch, fixed upstream.
        - Drop dahdi_pri_event_removed patch, fixed upstream.
        - Drop freeradius-client patch, fixed upstream.
        - Update pjproject patch.
      * Provide a manpage for smsq.
      * Use "set -e" in asterisk.(postrm|prerm) (fixes lintian warning).
      * Add upstream GPG signature check to watch file.
      * Add Daniel Pocock to uploaders.
    
      [ Daniel Pocock ]
      * Make init script more adaptable for multiple instances.
    
      [ Tzafrir Cohen ]
      * pri_destroy_span_prilist.patch, sigpri_handle_enodev_1.patch: fix
        regressions due to dahdi_pri_event_removed.
    
     -- Jeremy Lainé <email address hidden>  Wed, 21 May 2014 12:03:09 +0200
  • asterisk (1:11.8.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release (Closes: #741313).
    
     -- Jeremy Lainé <email address hidden>  Tue, 11 Mar 2014 07:44:54 +0100
  • asterisk (1:11.8.0~dfsg-2) unstable; urgency=medium
    
    
      * Really fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
    
     -- Jeremy Lainé <email address hidden>  Thu, 06 Mar 2014 07:38:11 +0100
  • asterisk (1:11.8.0~dfsg-1) unstable; urgency=low
    
    
      [ Jeremy Lainé ]
      * New upstream release.
        - rasterisk no longer prints a warning when live_dangerously is set.
      * Patch ASTERISK-23310: fixes crash when a leg of a remote RTP bridge fails.
    
      [ Frederic Van Espen ]
      * smsq_enable.patch: enable smsq compilation (Closes: #738588)
    
     -- Jeremy Lainé <email address hidden>  Tue, 04 Mar 2014 16:27:58 +0100
  • asterisk (1:11.7.0~dfsg-1) unstable; urgency=high
    
    
      * New upstream security release (Closes: #732355).
        - Drop astdb_mans patch, fixed upstream.
      * Fix versioned Breaks/Replaces for asterisk-dahdi (Closes: #732419).
    
     -- Jeremy Lainé <email address hidden>  Wed, 18 Dec 2013 09:47:58 +0100
  • asterisk (1:11.6.0~dfsg-3) unstable; urgency=medium
    
    
      * Fix default RADIUS configuration path when using libfreeradius-client.
    
     -- Jeremy Lainé <email address hidden>  Fri, 13 Dec 2013 10:10:50 +0100
  • asterisk (1:11.6.0~dfsg-2) unstable; urgency=medium
    
    
      [ Jeremy Lainé ]
      * Update Standards-Version to 3.9.5 (no changes).
      * Add Suggests on asterisk-vpb.
      * Build against libfreeradius-client (Closes: #721622).
      * Make sure CPPFLAGS get carried down to the build system.
      * Fix versioned Breaks/Replaces for asterisk-vpb (Closes: #731971).
    
      [ Tzafrir Cohen ]
      * Restore SE Linux settings on directories created in init script
        (Russell Coker, Closes: #731397). 
      * ignore_failed_channels.patch: allow dahdi to start after Asterisk.
      * Move app_flash to asterisk-dahdi.
    
     -- Jeremy Lainé <email address hidden>  Thu, 12 Dec 2013 19:04:39 +0100
  • asterisk (1:11.6.0~dfsg-1) unstable; urgency=low
    
    
      * New upstream release.
        - Drop bzero patch, fixed upstream.
        - Update pjproject patch.
      * Move VoiceTronix support to asterisk-vpb (Closes: #492329).
      * Enable BETTER_BACKTRACES for debug builds.
    
     -- Jeremy Lainé <email address hidden>  Mon, 02 Dec 2013 19:26:03 +0100
  • asterisk (1:11.5.1~dfsg1-1) unstable; urgency=low
    
    
      * Remove res/pjproject from the source tarball (Closes: #725210).
    
     -- Jeremy Lainé <email address hidden>  Thu, 03 Oct 2013 09:25:06 +0200
  • asterisk (1:11.5.1~dfsg-2) unstable; urgency=low
    
    
      [ Jeremy Lainé ]
      * Fix FTBFS for binary-arch builds.
      * Fix Vcs-Browser and Vcs-Git URLs.
      * Update Standards-Version to 3.9.4 (no changes).
    
      [ Tzafrir Cohen ]
      * Patch reenable: reenable chan_vpb.
      * Depend on srtp even on sparc and hurd: the build fails if srtp is not
        installed.
      * Add Jeremy Lainé to uploaders.
    
     -- Jeremy Lainé <email address hidden>  Wed, 02 Oct 2013 13:46:40 +0200
  • asterisk (1:11.5.1~dfsg-1) unstable; urgency=low
    
    
      [ Faidon Liambotis ]
      * New major upstream release.
        - Drop patch kfreebsd, fixed upstream.
        - Drop patch httpd_port.
        - Drop patch menuselect_cflags, merged upstream.
        - Drop patch bluetooth_bind, merged upstream.
        - Replace libopenais-dev with corosync-dev, res_corosync replaces res_ais.
        - Fixes CVE-2013-5641, CVE-2013-5642 (Closes: #721220).
        - Patch fix_xmpp_19532 also included (Closes: #545272).
        - Patch powerpcspe also included (Closes: #701505).
        - Fixes incorrect sip causes issue (Closes: #710557).
        - Patch powerpcspe also included (Closes: #701505).
        - Patces merged upstream: AST-2012-012, ASt-2012-013,
          AST-2012-014, AST-2012-015, AST-2013-002, AST-2013-003
      * Do not ship the removed-but-reincluded docs, they're outdated by now.
        Upstream wants their Wiki to be the primary Asterisk documentation place.
      * Ship UPGRADE-{10,1.8,1.4,1.2}.txt in asterisk-doc.
      * Do not ship app_meetme.so and app_dahdibarge.so, deprecated by upstream.
        - Also remove them from asterisk-dahdi's full description.
      * Remove ASTSAFE_CONSOLE and ASTSAFE_TTY from asterisk.default, they aren't
        being unused for a while now.
    
      [ Tzafrir Cohen ]
      * Patch undeprecate: undeprecate meetme.
      * increased compat level for debian/clean.
      * Disable hardening for now.
      * Convert rules to dh.
        - Patch astdatadir: set datadir in /usr/share/asterisk instead of
          using an environment variable.
      * Patch pjproject: make pjproject optional.
        - Patch bzero: Simplify applying the above, and fix an interface
          stupidity inflicted by pjproject.
        - get-orig-source: remove res/pjproject from the source tarball.
      * debian/rules: switch to dh.
      * Patches dahdi_create_channels, dahdi_pri_event_removed: backport dynamic
        DAHDI support.
      * Patch hyphen: hypen-minus fixes in asterisk.8
      * Patch astdb_man: Man pages for astdb2bdb and astdb2sqlite3.
    
      [ David Sarmiento ]
      * Re-enabled pjproject
      * Modified rules file to be able to build pjproject
      * Updated build-deps
    
     -- Tzafrir Cohen <email address hidden>  Mon, 30 Sep 2013 21:28:22 +0300
  • asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
    
    
      * Rewrtote sip.conf parts of AST-2012-014: dropped patches
        fix-sip-tcp-no-FILE and fix-sip-tls-leak.
      * Reverting other changes rejected by the release team: README.Debian,
        powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
    
     -- Tzafrir Cohen <email address hidden>  Tue, 09 Apr 2013 13:23:07 +0300
  • asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
    
    
      * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
        - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
          allocations when using TCP.
          The following two fixes were also pulled in order to easily apply it:
          - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
          - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
        - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
          Exploitation of Device State Caching
      * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
      * README.Debian: document running the testsuite. 
      * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
      * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
        - Patch AST-2013-002 (CVE-2012-2686): Prevent DoS in HTTP server with
          a large POST.
        - Patch AST-2013-003 (CVE-2012-2264): Prevent username disclosure in
          SIP channel driver.
      * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
    
     -- Tzafrir Cohen <email address hidden>  Sat, 06 Apr 2013 14:15:41 +0300
  • asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
    
    
      * New upstream release (Closes: #680470):
        - Fixes AST-2012-010 (CVE-2012-3863).
        - Fixes AST-2012-011 (CVE-2012-38612).
      * Patch AST-2012-012 (CVE-2012-2186): AMI User Shell Access with ExternalIVR
      * Patch AST-2012-012 (CVE-2012-4737): ACL rules ignored during calls
        by some IAX2 peers.
    
     -- Tzafrir Cohen <email address hidden>  Sat, 01 Sep 2012 04:44:12 +0300
  • asterisk (1:1.8.13.0~dfsg-1) unstable; urgency=high
    
    
      * New upstream release.
        - AST-2012-007 (CVE-2012-2947): Fix IAX receiving HOLD without
          suggested MOH class crash (Closes: #675204).
        - AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
          (Closes: #67521).
        - Patch gmime2.6 removed: merged upstream.
        - Patch sparc32_disable removed: hacks removed from Upstream Makefile.
      * Also pass LDFLAGS to menuselect (Closes: #664086 for real).
      * Fully strip-out the ilbc code (Closes: #665938, #665937).
        - Patch ilbc_disable to fix the build.
      * Patch httpd_port: Fix port number of Asterisk httpd.
      * While we're at it: Closes: #606959, which is a non-issue.
    
     -- Tzafrir Cohen <email address hidden>  Wed, 16 May 2012 18:43:18 +0300
  • asterisk (1:1.8.11.1~dfsg-1) unstable; urgency=high
    
    
      * New upstream release, Closes: #670180:
        - AST-2012-004 - further Manager permission fixes (CVE-2012-2414).
        - AST-2012-005 - Heap overflow in chan_skinny (CVE-2012-2415).
        - AST-2012-006 - Remote crash on SIP "UPDATE" method (CVE-2012-2416).
      * Fix daemon status check in init.d script (Closes: #669378).
      * Patch menuselect_cflags: allow passing our flags to menuselect's build.
        - Use it t opass our CFLAGS to menuselect (Closes: #664086).
    
     -- Tzafrir Cohen <email address hidden>  Wed, 25 Apr 2012 12:19:06 +0300
  • asterisk (1:1.8.10.1~dfsg-1) unstable; urgency=low
    
    
      [ Victor Seva ]
      * Update backports/squeeze script gmime2.6 -> gmime2.4
    
      [ Tzafrir Cohen ]
      * New upstrean bug-fix release.
        - Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and 
          AST-2012-003 flaws" (Closes: #664411).
      * Patch gmime2.6 (Closes: #663998, #664004), also fixed Build-Depends.
      * Remove the text of RFC 3951 from the tarball. (Closes: #665937)
    
     -- Mark Purcell <email address hidden>  Sat, 31 Mar 2012 08:44:57 +1100
  • asterisk (1:1.8.10.0~dfsg-1) unstable; urgency=low
    
    
      [ Tzafrir Cohen ]
      * New upstrean release.
      * Build-depend on sqlite3 as well (Closes: #531759).
    
      [ Paul Belanger ]
      * debian/patch/chan_iax2-detach-thread-on-non-stop-exit:
        - Dropped; merged upstream
    
      [ Mark Purcell ] 
      * New Release:
        - Fixes "SHA-1 code is doesn't allow modification" (Closes: #643703)
        - Fixes "[CVE-2012-1183 - CVE-2012-1184] Asterisk: AST-2012-002 and 
        AST-2012-003 flaws" (Closes: #664411)
        - Fixes "Placing calls on hold fails with some IP phones" (Closes: #632518)
        - Fixes "Pass the correct value to ast_timer_set_rate() for IAX2
        trunking." (Closes: #661974)
        - Fixes "Call quality on IAX significantly worse than SIP" (Closes: #481702)
        - Fixes "New upstream release: 1.8.2.2" (Closes: #610811)
        - Fixes "asterisk german number pronunciation" (Closes: #402991)
        - Fixes "Why using version 1.6.2.9 - it's not LTS" (Closes: #612147)
        - Fixes "SRTP/ZRTP support for Asterisk" (Closes: #577686)
        - Fixes "fails to register SIP channels on ARM"  (Closes: #660240)
      * Fix "Planned gmime 2.4 removal" Updated Build-Depends: (Closes: #663998)
      * export CFLAGS LDFLAGS
        - Fixes "Hardening flags missing for menuselect" (Closes: #664086)
        - Fixes "enable hardening options" (Closes: #542741)
    
     -- Mark Purcell <email address hidden>  Sun, 18 Mar 2012 16:47:35 +1100
  • asterisk (1:1.8.8.2~dfsg-1) unstable; urgency=high
    
    
      * New upstream release, fixes AST-2012-001 (Closes: #656596).
      * Use CFLAGS and LDFLAGS from dpkg-buildflags (Closes: #653944).
    
     -- Tzafrir Cohen <email address hidden>  Fri, 20 Jan 2012 14:16:47 +0200
  • asterisk (1:1.8.8.0~dfsg-1) unstable; urgency=high
    
    
      [ Faidon Liambotis ]
      * Fix Breaks/Conflicts to contain the epoch.
      * Urgency high since this resulted in file conflicts when upgrading from
        stable.
      * Patch reenable-pri-optional: Backport a patch from upstream to fix
        several PRI features being compiled-out and hence disabled.
      * Bump libpri-dev dependency to 1.4.12; it is not strictly needed but extra
        functionality is enabled at build-time.
    
      [ Tzafrir Cohen ]
      * New upstream release. Closes: #651552.
        - Patch reenable-pri-optional dropped: included upstream.
      * Officially remove asterisk-h323:
        - Break older versions, as it did not have a versioned Depends before.
        - Remove the package.
      * Update watch file to only check for 1.8.x tarballs.
    
     -- Tzafrir Cohen <email address hidden>  Sun, 18 Dec 2011 00:50:02 +0200
  • asterisk (1:1.8.7.1~dfsg-3) unstable; urgency=high
    
    
      [ Faidon Liambotis ]
      * Fix Breaks/Conflicts to contain the epoch.
      * Urgency high since this resulted in file conflicts when upgrading from
        stable.
      * Patch reenable-pri-optional: Backport a patch from upstream to fix
        several PRI features being compiled-out and hence disabled.
      * Bump libpri-dev dependency to 1.4.12; it is not strictly needed but extra
        functionality is enabled at build-time.
    
      [ Tzafrir Cohen ]
      * Officially remove asterisk-h323:
        - Break older versions, as it did not have a versioned Depends before.
        - Remove the package.
    
     -- Tzafrir Cohen <email address hidden>  Sun, 27 Nov 2011 00:22:08 +0200
  • asterisk (1:1.8.7.1~dfsg-2) unstable; urgency=low
    
    
      * libncurses is a build dep afterall (Closes: #649431).
    
     -- Tzafrir Cohen <email address hidden>  Fri, 25 Nov 2011 16:44:31 +0200
  • asterisk (1:1.8.7.1~dfsg-1) unstable; urgency=high
    
    
      [ Tzafrir Cohen ]
      * New upstream release (Closes: #647252):
        - Patch refix_bashism removed: applied upstream.
        - Patch openssl10 removed: applied upstream.
        - Patch gmime-2.4 removed: applied upstream.
        - Patch gcc46 removed - was a backport from upstream.
      * Disable chan_h323: broken with curren h323plus, and not loved by upstream.
      * Patch chan_iax2-detach-thread-on-non-stop-exit: Hopefully plugs a
        memory leak. EXPERIMENTAL. DO NOT UPLOAD WITH THIS FOR NOW.
      * Patch reinclude_docs: a copy of the included documentation that was
        removed.
      * Patch sparc32_disable: Remove pointless optimization for sparc64
    
      [ Paul Belanger ]
      * Bump libpri-dev to 1.4.11.
      * Ensure sub-packages with asterisk modules are the same version as the
        binary.
    
     -- Tzafrir Cohen <email address hidden>  Fri, 11 Nov 2011 17:48:03 +0200
  • asterisk (1:1.8.4.4~dfsg-2) unstable; urgency=low
      * Don't mark en-gsm sound files as enabled, so they won't be downloaded. -- Tzafrir Cohen <email address hidden>  Mon, 04 Jul 2011 23:19:50 +0300
  • asterisk (1:1.8.4.4~dfsg-1) unstable; urgency=high
      * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information    (closes: #632029)  * Clearly the NC-ND license for AST.{pdf,txt} is here to stay. Strip it.    - And while we're at at, strip out sound files and some generated files. -- Tzafrir Cohen <email address hidden>  Fri, 01 Jul 2011 11:51:45 +0300
  • asterisk (1:1.8.4.3-1) unstable; urgency=high
      * New upstream point release, fixes 3 remotely-explitables (of sort) bugs:    - AST-2011-008, CVE-2011-2529 (Closes: #631446)    - AST-2011-009 (Closes: #631445)    - AST-2011-010, CVE-2011-2535 (Closes: #631448) -- Tzafrir Cohen <email address hidden>  Fri, 24 Jun 2011 00:51:49 +0300
  • asterisk (1:1.8.4.2-1) unstable; urgency=low
      * New upstream point release:    - Fixes CVE-2011-2216 - AST-2011-007 (Closes: #629130).  * Patch gcc46: Fix the induced regression.  * Blacklist SRTP support on Sparc and hurd-i386 until SRTP available there.  -- Tzafrir Cohen <email address hidden>  Fri, 03 Jun 2011 23:20:29 +0300
  • asterisk (1:1.8.4-1) unstable; urgency=low
      * New upstream release.    - Patch no_ssl2 removed: merged upstream.  * Remove unneeded dependency on voicemail modules - only leave Recommends    (Closes: #624190).  * Patch refix_bashism: bashism crept bact into the configure script    (Jilles Tjoelker).  * Fixes for kFreeBSD (Closes: #624569):    - Declare build-deps linux-any: libtonezone-dev, libvpb-dev,      libbluetooth-dev, libopenh323-dev, libcap[2]-dev, libstrp0-dev.    - Thus sub-packages asterisk-dahdi, asterisk-h323 and asterisk-mobile      are linux-any.    - And logic added to rules file not to copy their files on non-linux.    - Patch kfreebsd: Fix building with kFreeBSD.    - Patch no_uname: Fix building with kFreeBSD: an uglier patch.  * Patch gcc46: Some gcc-4.6 fixes from upstream. Get rid of some    build warnings. -- Tzafrir Cohen <email address hidden>  Mon, 16 May 2011 00:58:19 +0300
  • asterisk (1:1.8.3.3-1) unstable; urgency=high
      [ Tzafrir Cohen ]  * Switching to branch 1.8    (Closes: #610487, #614580, #618790, #618791, #623775).  * Patch parser-mangles-include dropped: merged upstream.  * Patch dahdi-fxsks-hookstate dropped: merged upstream.  * Patch dahdi_ptmp_nt dropped: silly hack no longer needed.  * Patch dahdi_pri_debug_spannums dropped: merged upstream.  * Patch moh_datadir dropped: merged upstream.  * Patch settings_show_dirs dropped: merged upstream.  * Patch man_hyphen dropped: merged upstream.  * Patch typos dropped: merged upstream.  * Patch rtcp_cli_fix dropped: merged upstream.  * Sound files: version 1.4.20  * Separate sub-package asterisk-modules to avoid multiarch issues.  * Extra sub-package asterisk-dahdi for the dahdi modules (Closes: #590588).  * As of 1.8.1, AST.pdf and AST.txt are generated from the wiki.    - And thus no need for rubber at build time (Closes: #531551).  * Separate sub-packages for voicemail backends:    - asterisk-voicemail{,-{imap,odbc}storage}    - And rename the modules accordingly.  * asterisk-mysql, asterisk-mobile, asterisk-mp3, asterisk-ooh323:    - asterisk-addons was merged into Asterisk.    - Patch enable_addons: do build those modules.    - Also app_saycountpl, which will go into the mian package.    - Patch mpglib: mpglib from asterisk-addons, originally.  * Patch gmime-2.4: fixes building with gmime 2.4 (Closes: #549054).    - Requires re-generating configure script.  * Patch openssl10: Fix detection of openssl 1.0.  * Patch no_ssl2: Don't require client-side SSL2 support.  * include menuselect.makeopts in the docs directory - let us know what    modules were not built.  * Bump Standards version to 3.9.2.0 (no change needed).  * Upstream prefers chan_ooh323 to chan_h323. Suggest asterisk-ooh323.  * Drop asterisk-sounds-main: we already have that functionality the    asterisk-core-sounds packages.  * Recommend a moh (music-on-hold) package to have music played on hold.  [ Faidon Liambotis ]  * Switch to the "3.0 (quilt)" package source format.  [ Paul Belanger ]  * Depend on libneon27-dev and libical-dev for calendar support.  * Depend on libsrtp0-dev for SRTP support.  * When compiling with DEB_BUILD_OPTIONS="debug" enable native Asterisk    debugging tools.  Specifically DONT_OPTIMIZE, DEBUG_THREADS and    --enable-dev-mode.  * Regardless of which asterisk-voicemail-* is installed (each package    conflicts on each other), the name of the module is now    app_voicemail.so.  * Fix a bug with app_voicemail-*.exports.in not being copied properly. -- Tzafrir Cohen <email address hidden>  Mon, 25 Apr 2011 21:46:51 +0300
  • asterisk (1:1.6.2.9-2+squeeze1) stable-security; urgency=high
      * AST-2011-001/CVE-2011-0495: Stack buffer overflow in SIP channel driver    (Closes: #610487) -- Faidon Liambotis <email address hidden>  Thu, 10 Feb 2011 19:03:02 +0200
  • asterisk (1:1.6.2.9-2) unstable; urgency=high
    
    
      [ Tzafrir Cohen ]
      * Bump Standards version to 3.9.0 (no change needed).
      * rtcp_cli_fix: Backport a silly CLI parsing issue. (Closes: #589736)
      * Patch typos: fix a few typos in the source.
      * Patch man_hyphen: fix hyphen/minus issues in man pages.
      * Remove useless binaries aelparse, conf2ael and muted.
    
      [ Faidon Liambotis ]
      * Change the way that we read include files, to accommodate for changes
        in GCC 4.4. Taken from upstream's SVN, thanks to Peter Allgeyer for the
        patch and Stefan Bauer for preparing an upload. (Closes: #594190)
      * Set urgency high for a squeeze-targetted RC bug-fixing upload.
    
     -- Faidon Liambotis <email address hidden>  Tue, 07 Sep 2010 21:52:54 +0300
  • asterisk (1:1.6.2.9-1) unstable; urgency=low
    
    
      * NOT RELEASED YET
      * New upstream release (Closes: #585156).
      - Patch dahdi_fxs_false_ringing removed: merged upstream.
      - Patch fxs_ports_1626 removed: merged upstream.
      * Fix dependencies so we start after named and such (Closes: #433779).
      * Do use libresample (app_jack, codec_resample).
    
     -- Tzafrir Cohen <email address hidden>  Tue, 29 Jun 2010 23:53:28 +0300
  • asterisk (1:1.6.2.7-1) unstable; urgency=low
    
    
      * New upstream release
      * Add Build-Depends: libsqlite0-dev | libsqlite-dev
      * Included upstream: followme_prompts sqlite3_func_rename
    
     -- Mark Purcell <email address hidden>  Wed, 05 May 2010 23:36:52 +1000
  • asterisk (1:1.6.2.6-1) unstable; urgency=low
    
    
      * New upstream release.
        - Fixes AST-2010-003 - CVE-2010-1224 (Closes: #576560).
      * Patch h323-fix-makefile dropped: merged upstream.
      * Patch safe_asterisk-config: Mostly merged upstream. 
      * Patch moh_datadir: Make the datadir the default base for moh files
        if a relative path is used.
      * Patch dahdi-fxsks-hookstate: a newer version. 
      * sounds/en/ is now an alternative. English sounds installed to
        en_US_f_Allison .
      * Removed empty es/ and fr/ directories under sounds/ 
      * Patch settings_show_dirs: display the user values of more configurable
        items. 
      * Patch dahdi_fxs_false_ringing: Fix having Astribank FXS-s keep ringing if
        answered too soon. 
      * Patch followme_prompts: set proper vars when reading followme.conf
      * Patch sqlite3_func_rename: Avoid issues with the name sqlite3_log . 
      * Patch h323-extra-target: Allow manuallly generate channels/h323/Makefile.ast
      * And use it to generate the file before building, as otherwise some libs
        are missing from the link command, resulting in chan_h323.so load fail.
    
     -- Tzafrir Cohen <email address hidden>  Sat, 10 Apr 2010 21:18:39 +0300
  • asterisk (1:1.6.2.2-1) unstable; urgency=medium
    
    
      [ Faidon Liambotis ]
      * Relax Debian revision parsing regexp in debian/rules to help with parsing
        derivatives (e.g. Ubuntu) and backports.org revisions.
      * Urgency medium because of a security fix upload.
      * Bump Standards-Version to 3.8.4, no changes needed.
      * Add ${misc:Depends} on all packages; no functional change, just makes
        lintian happier.
      * Use $remote_fs instead of $local_fs in init script's Required-{Start,Stop}
        since we use /usr. Thanks lintian!
    
      [ Tzafrir Cohen ]
      * New upstream release. Fixes CVE-2010-0441 (AST-2010-001).
      * Patch sound_files: configure asterisk not to download the new MoH files.
      * Move sound files tarball to a safe place, as the patch we used to
        protect them is aparantly not in effect at clean time.
    
     -- Faidon Liambotis <email address hidden>  Sun, 07 Feb 2010 15:13:47 +0200
  • asterisk (1:1.6.2.0-1) unstable; urgency=low
    
    
      * New upstream release.
      * Use DEP3 to tag all of our patches and their merge status.
    
     -- Faidon Liambotis <email address hidden>  Mon, 21 Dec 2009 06:19:38 +0200
  • asterisk (1:1.6.2.0~rc7-1) unstable; urgency=high
    
    
      * New upstream release candidate.
        - Fixes RTP comfort noise issues: CVE-2009-4055 (Closes: #559103).
    
     -- Tzafrir Cohen <email address hidden>  Wed, 02 Dec 2009 20:47:02 +0200
  • asterisk (1:1.6.2.0~rc3-2) unstable; urgency=high
    
    
      [ Faidon Liambotis ]
      * Really ship MoH sounds, as mentioned in the rc1 upload.
      * Move dahdi to Should-Start instead of Required-Start in the init script.
        (Closes: #552604)
      * Security fix: "ACL check not present for verifying SIP INVITEs",
        AST-2009-007. (Closes: #552756)
      * Urgency high because of security fix upload.
    
      [ Tzafrir Cohen ]
      * Add a sample startup init script. Not installed.
      * Add mysql and postgresql to Should-Start/Stop: Asterisk may use them
        in real-time mode.
    
     -- Faidon Liambotis <email address hidden>  Thu, 29 Oct 2009 21:38:55 +0200
  • asterisk (1:1.6.2.0~rc3-1) unstable; urgency=low
    
    
      * New upstream RC.
        - Session timer is not activated if Supported header field in INVITE has
          both "timer" and other option(s) (Closes: #552336)
        - Adapt patches/hack-multiple-app-voicemail.
      * Switch from libreadline5-dev to libreadline-dev build dependency.
      * Switch from libc-client2007b-dev to libc-client2007e-dev build dependency.
      * No need for repacking anymore; upstream removed the last piece of non-free
        material (IAXy's firmware) from the tarball upon our request.
        Thanks Digium!
      * Remove patches/debian-banner, no need to warn users to use our BTS
        anymore as we don't diverge that much nowadays.
      * Multiple fixes to init script: call 'core stop now' instead of 'stop now',
        kill the canary on stop, don't print the banner on start.
      * Temporarily remove OSP support, Asterisk needs a new version (3.5) that
        isn't yet in Debian.
      * Add sox to Recommends, used by res_monitor.
      * Remove ekiga, ohphone, twinkle, kphone from Suggests.
      * Cleanup the documentation provided in the asterisk-doc package.
        (Closes: #499215)
      * Cleanup cruft present in diff.gz after a double build.
      * Stop shipping old static-http code in examples. Among other things, it
        includes a vulnerable version of the prototype Javascript library.
      * Remove obsolete debian/backports/{etch,edgy,feisty}.
    
     -- Faidon Liambotis <email address hidden>  Mon, 26 Oct 2009 02:03:45 +0200
  • asterisk (1:1.6.2.0~dfsg~rc1-1) unstable; urgency=low
    
    
      [ Faidon Liambotis ]
      * New upstream release.
        - Fixes CVE-2009-2726 aka AST-2009-005 (Closes: #541441).
        - Ship CC BY-SA 3.0 licensed music-on-hold sounds, replacing the old
          non-free FreePlay Music that were never distributed by Debian.
        - Removed patches/makefile_appdocs_dtd (merged upstream) and
          patches/disable_moh (obsoleted, see above).
      * Fix FTBFS on armel. (Closes: #532971)
      * Bump Standards-Version to 3.8.3, no changes needed.
      * Provides: asterisk-1.6.2, instead of 1.6.1; there are no ABI gurantees
        between 1.6.x releases.
      * Remove references of Section: comm in individual binary packages as it is
        inherited from the source package.
    
      [ Tzafrir Cohen ]
      * Patch hardware_dtmf_mute_fix removed: Applied upstream.
      * No need for a separate app_directory_odbc (will use app_voicemail_odbc).
      * Fix name of voicemail 'openssl' dep. (Thomas Renard) (Closes: #539150)
      * Patch AST-2009-006: breaks IAX2 compatibility, note it in NEWS.Debian.
        (Closes: #539473)
    
     -- Faidon Liambotis <email address hidden>  Sun, 13 Sep 2009 02:22:17 +0300
  • asterisk (1:1.6.2.0~dfsg~beta3-1) unstable; urgency=low
    
    
      [ Faidon Liambotis ]
      * New upstream release.
        - Drop patches astvarrundir, pubkey_jnctn; merged upstream (finally!).
        - Adapt patch safe_asterisk-nobg.
      * Switch to downloads.asterisk.org instead of downloads.digium.com.
      * Add depends on libxml2-dev for the new XML documentation.
      * Remove Conflicts/Replaces with asterisk-classic, asterisk-bristuff,
        asterisk-chan-capi (<< 1.1.1-1~), since those are pre-lenny.
      * Revert upstream's r190830 that ported app_osplookup to OSP Toolkit 3.5;
        the API is not backwards compatible and Debian still has 3.4.2.
      * Accommodate for the rename of libcap2-dev to libcap-dev (Closes: #532971).
      * Add dependency to libspandsp to build the fax applications.
      * Update Standards-Version to 3.8.2, no changes needed.
      * Remove init script's "zaptel-fix" action; there's no zaptel anymore and
        was also lintian-buggy in its current form.
      * Don't include /var/run/asterisk in the package, it is created at boot-time
        by the init script (thanks lintian).
      * Remove asterisk-progdocs: it is of very limited use but a) is enormous in
        size and b) takes too long to build.
      * Re-enable and port to 1.6 the h323 segfault patch, apparently it's still
        needed.
      * Fix asterisk's Makefiles so that the openh323/libpt dependencies are added
        to chan_h323.so instead of the main asterisk binary.
      * Fix astgenkey to respect system's umask. Thanks Jonas Smedegaard.
        (Closes: #531730) 
      * Create /var/log/asterisk/* directories if non-existent, for /var/log on
        tmpfs scenarios. Thanks martin f krafft! (Closes: #524015)
      * Use the lsb-base standard way of gathering and reporting status in the
        init script. Thanks Dustin Kirkland and Ubuntu! (Closes: #506453)
      * Fix debian/rules so that configure isn't called twice during a build.
      * Install Zaptel-to-DAHDI.txt, explains the migration procedure from Zaptel
        to DAHDI and is therefore useful when upgrading from lenny.
    
      [ Tzafrir Cohen ]
      * New upstream release.
        - Fixes that bashism in safe_asterisk (Closes: #530047) (not dashism).
        - Dropped patch astcanary_startup: merged upstream.
      * Patch makefile_appdocs_dtd: fix location of DTD installation.
      * Register the HTML docs with doc-base as well.
    
     -- Faidon Liambotis <email address hidden>  Tue, 28 Jul 2009 03:42:54 +0300
  • asterisk (1:1.6.1.0~dfsg-1) unstable; urgency=low
    
    
      * New upstream release (Closes: #522528).
    
      [ Tzafrir Cohen ]
      * Depend explicitly on dahdi.
      * Patch apptest_sleep dropped: merged upstream.
      * Patch libtonezone_libm dropped: merged upstream.
      * Patch h323-make-fix dropped: merged upstream.
      * Use upstream's asterisk.conf rather than our bogus one.
      * Also add the version-specific release summary. 
      * Patch dahdi_ptmp_nt: (not really) chan_dahdi PtMP NT support 
        (Kristijan Vrban).
      * Patch dahdi_pri_debug_spannums: add span number in PRI trace. 
      * Patch astcanary_startup: Avoid a false death of the canary 
        (Closes: #528497).
      * Patch hardware_dtmf_mute_fix: Fix muting of DAHDI channels with hardware
        DTMF detection.
    
     -- Mark Purcell <email address hidden>  Wed, 20 May 2009 08:00:23 +1000
  • asterisk (1:1.4.21.2~dfsg-3.1) unstable; urgency=low
    
    
      * Non-maintainer upload.
      * Fix for IAX2 encrypted channels dropping out due to normal packet loss
        (closes: #521641)
    
     -- Francois Marier <email address hidden>  Sun, 26 Apr 2009 12:12:20 +1200
  • asterisk (1:1.4.21.2~dfsg-3) unstable; urgency=medium
    
    
      [ Faidon Liambotis ]
      * Fix a segfault that occured on AEL parsing on amd64 systems.
        (Closes: #507883)
      * Remove bristuff/app-meetme-avoid-overflows patch as it apparently causes
        more problems than it solves (if any).
        (Closes: #505310)
      * Urgency medium because of the RC bugfix.
    
      [ Patrick Matthäi ]
      * Bumped Standards-Version to 3.8.0.
    
      [ Mark Purcell ]
      * Update debian/watch
    
     -- Faidon Liambotis <email address hidden>  Sun, 04 Jan 2009 21:07:37 +0200
  • asterisk (1:1.4.21.2~dfsg-2) unstable; urgency=low
    
    
      [ Victor Seva ]
      * support DEB_BUILD_OPTION noopt used to produce non-optimized builds.
        (Closes: #492941).
      * Depend on libcap2-dev instead of libcap-dev because libcap1 is no longer
        maintained upstream. Thanks to Torsten Werner <email address hidden>.
        (Closes: #492620).
      * Backport script fixes:
        - Depend on debhelper >=5 on backport etch script.
        - replace libcap2-dev by libcap-dev.
        - remove lib-client2007b-dev. (Closes: #494405)
    
      [ Tzafrir Cohen ]
      * Patch chan_zap so that asterisk starts even without a Zaptel timing
        source. (Closes: #491310)
    
      [ Lionel Elie Mamane ]
      * /etc/default/asterisk: Bring comments on AST_DUMPCORE_DIR in sync with
        reality of implementation in /etc/init.d/asterisk. Change suggested
        CORE_PATTERN to more secure ones.
      * /etc/init.d/asterisk: Use the value of AST_DUMPCORE_DIR if it is a
        directory, not if the value if DUMPCORE_DIR is a directory.
    
      [ Faidon Liambotis ]
      * Backport a patch from Xorcom's tree fixing a deadlock situation caused
        by the bristuff patch. (Closes: #493055)
      * Backport a patch from Xorcom's tree fixing an occasional "Cause 34" error
        on BRIs.
      * Don't write /root/.asterisk_history when stopping asterisk with the init
        script. (Closes: #500294)
      * Eliminate warnings when calling some actions of the init script by
        replacing obsolete asterisk commands with their newer counterpart.
    
     -- Faidon Liambotis <email address hidden>  Sat, 04 Oct 2008 01:21:40 +0300