AllStarLink · Allan-N · Jan 16, 2025
@@ -6,7 +6,7 @@ on:
       ast-ver:
         description: 'Asterisk LTS Version Base'
         type: string
-        default: '22.1.0'
+        default: '22.1.1'
         required: true
       rpt-ver:
         description: 'app_rpt Version Tag'

diff --git a/build-asl3 b/build-asl3
@@ -28,7 +28,7 @@ usage()
 Usage : $0 [-a ASTV] [-v RPTV] [-r RELV] [-d DESTDIR] [-l] ACTIONS 
 
 Options :
-  -a  Asterisk version        (e.g. 22.1.0)
+  -a  Asterisk version        (e.g. 22.1.1)
   -v  ASL/app_rpt version     (e.g. 3.3.0)
   -r  Release version         (e.g. 1)
   -d  local install directory (default: "/")
@@ -228,7 +228,11 @@ link_path()
     if [[ -f "$src_path" ]]; then
 	path=$(basename $src_path)
 	rel_dir=$(realpath --relative-to="$(dirname "$dst_path")" "$(dirname $src_path)")
-	ln -f -s "$rel_dir/$path" "$dst_path"
+	if [[ ! -e "$dst_path" || -L "$dst_path" ]]; then
+	    ln -f -s "$rel_dir/$path" "$dst_path"
+	else
+	    echo "  Not replacing \"$dst_path\""
+	fi
     else
 	mkdir -p "${dst_path}"
 	( cd "$src_path" ; find . -mindepth 1 -path ".git" -prune -o -print )	\
@@ -238,7 +242,11 @@ link_path()
 	    if [[ -d "$src_path/$path" ]]; then
 		mkdir -p "$dst_path/$path"
 	    else
-		ln -f -s "$rel_dir/$path" "$dst_path/$path"
+		if [[ ! -e "$dst_path/$path" || -L "$dst_path/$path" ]]; then
+		    ln -f -s "$rel_dir/$path" "$dst_path/$path"
+		else
+		    echo "  Not replacing \"$dst_path/$path\""
+		fi
 	    fi
         done
     fi
@@ -279,6 +287,9 @@ apply_patch()
 prepare_patch_series()
 {
     for patch in $(cat debian/patches/series); do
+	if [[ $patch =~ ^# ]]; then 
+	    continue
+	fi
 	prepare_patched_files "debian/patches/$patch"
     done
 }
@@ -287,15 +298,15 @@ revert_patch()
 {
     patch="$1"
 
-    if [[ ! -f "${patch}" ]]; then
-	echo "info: not reverting patch: $patch"
+    if [[ ! -r "${patch}" ]]; then
+	#echo "info: not reverting patch: $patch"
 	return
     fi
 
     # check that all of the files being updated are regular files (and not symlinks)
     for file in $(grep -E '^--- |^\+\+\+ ' $patch | cut -d' ' -f2 | sed 's|^a/||;s|^b/||' | sort -u); do
-	if [[ -L "$file" ]]; then
-	    echo "not reverting patch: $patch (can't patch a symlink: $file)"
+	if [[ ! -f $file || -L $file ]]; then
+	    echo "not reverting patch: $patch (expecting file: $file)"
 	    return
 	fi
     done
@@ -349,7 +360,7 @@ merge_app_rpt()
 {
     if [[ -d "${MERGE_DIR}" ]]; then
 	pushd "${MERGE_DIR}"
-	if [ -f Makefiles.diff ]; then
+	if [ -r Makefiles.diff ]; then
 	    # if app_rpt <= 3.2.x, Asterisk <= 20.x.x
 	    revert_patch Makefiles.diff
 	else

diff --git a/debian/NEWS b/debian/NEWS
@@ -1,3 +1,14 @@
+asterisk (1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1) unstable; urgency=medium
+
+  Several Asterisk modules are no longer provided:
+  * app_macro
+  * chan_sip
+
+  If you used any of the above modules in the past,
+  you need to adapt your configuration.
+
+ -- Jonas Smedegaard <[email protected]>  Sat, 05 Oct 2024 10:59:01 +0200
+
 asterisk (1:20.0.1~dfsg+~cs6.12.40431414-1) unstable; urgency=high
 
   Asterisk Manager Interface (AMI) now restricts access

diff --git a/debian/README.Debian b/debian/README.Debian
@@ -248,14 +248,12 @@ Extra Channels
 ==============
 This package includes and enables by default a number of rather not so
 popular protocols. Having them enabled by default means that any
-security volnurability in them (such as CVE-2017-17090 / AST-2017-013 in
-chan_skinny) may open your system to attacks for no good reason.
+security volnurability in them may open your system to attacks
+for no good reason.
 
 Thus the following configuration files have been removed from the default
 set of configuration files installed to /etc/asterisk:
 * dundi.conf (DUNDi call routing, UDP port 4520)
-* mgcp.conf (chan_mgcp: MGCP voip protocol, UDP port 2727)
-* skinny.conf (chan_skinny: SCCP voip protocol, TCP port 2000)
 * unistim.conf (chan_unistim: UNISTIM voip protocol, UDP port 5000)
 
 If you do need any of those protocols, copy the sample file from

diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,154 @@
+asterisk (1:22.1.1~dfsg+~cs6.14.60671435-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+    + Restrict ListCategories to the configuration directory;
+      CVE-2024-53566
+
+  [ Jonas Smedegaard ]
+  * update git-buildpackage config:
+    + avoid variable abstraction in usage comment
+
+ -- Jonas Smedegaard <[email protected]>  Mon, 13 Jan 2025 00:01:35 +0100
+
+asterisk (1:22.1.0~dfsg+~cs6.14.60671435-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+
+  [ Jonas Smedegaard ]
+  * update and trust only upstream team signing key 5D984BE337191CE7
+  * update copyright info: update coverage
+
+ -- Jonas Smedegaard <[email protected]>  Wed, 27 Nov 2024 12:37:42 +0100
+
+asterisk (1:22.0.0~dfsg+~cs6.14.60671435-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+
+ -- Jonas Smedegaard <[email protected]>  Wed, 23 Oct 2024 13:39:34 +0200
+
+asterisk (1:22.0.0~~rc2~dfsg+~cs6.14.60671435-1) experimental; urgency=medium
+
+  [ upstream ]
+  * new prerelease(s)
+
+  [ Jonas Smedegaard ]
+  * update and unfuzz patches
+  * adapt build routines and add NEWS entry
+    related to no longer provided modules app_macro chan_sip
+  * stop build-depend on libasound2-dev;
+    stop mention ALSA in long description
+    (module chan_alsa not provided for some time)
+  * update copyright info: update coverage
+  * cleanup new upstream hint file .lastclean
+  * fix handle prerelease changelog file
+
+ -- Jonas Smedegaard <[email protected]>  Sat, 05 Oct 2024 11:28:05 +0200
+
+asterisk (1:20.9.3~dfsg+~cs6.14.60671435-1) unstable; urgency=high
+
+  [ upstream ]
+  * new release(s)
+    + add entries to Originate blacklist;
+      CVE-2024-42365;
+      closes: bug#1078574, thanks to Salvatore Bonaccorso
+    + test for NULL ub_result in unbound_resolver_callback;
+      CVE-2024-42491
+
+  [ Jonas Smedegaard ]
+  * fix minor privilege escalation; thanks to Niels Galjaard
+  * update watch file: track mp3 component from git clone
+  * unfuzz patch 2012
+  * set urgency=high due to security-related bugfixes
+
+ -- Jonas Smedegaard <[email protected]>  Sat, 07 Sep 2024 22:14:21 +0200
+
+asterisk (1:20.8.1~dfsg+~cs6.14.40431414-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+    + use PJProject 2.14.1,
+      which fixes Use-after-free in SRTP media transport;
+      CVE-2023-37457 CVE-2023-38703;
+      closes: bug#1059303, thanks to Moritz Mühlenhoff
+    + fix regression issues with DTLS client check;
+      closes: bug#1068296, thanks to Oleksandr Kozmenko
+
+  [ Jonas Smedegaard ]
+  * update watch file:
+    + track only LTS releases
+    + bump to track pjproject 2.14.1
+  * unfuzz patches
+  * update copyright info: update coverage
+  * declare compliance with Debian Policy 4.7.0
+  * create and restrict access to cache dir;
+    closes: bug#1072739, thanks to Bastian Triller
+  * fix rotate main logfiles,
+    as logfiles use suffix .log since Asterisk 19;
+    thanks to James Bottomley (see bug#1024822)
+
+ -- Jonas Smedegaard <[email protected]>  Fri, 07 Jun 2024 14:10:19 +0200
+
+asterisk (1:20.6.0~dfsg+~cs6.13.40431414-2) unstable; urgency=medium
+
+  * update patch 2016 to avoid excessive logging;
+    closes: bug#1060275, thanks to Daniel
+
+ -- Jonas Smedegaard <[email protected]>  Tue, 30 Jan 2024 11:42:08 +0100
+
+asterisk (1:20.6.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+
+  [ Jonas Smedegaard ]
+  * unfuzz patches
+  * update copyright info: update coverage
+  * build-depend on libjwt-dev
+
+ -- Jonas Smedegaard <[email protected]>  Fri, 26 Jan 2024 14:53:47 +0100
+
+asterisk (1:20.5.2~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+
+  [ Jonas Smedegaard ]
+  * use systemd.pc to place systemd service unit;
+    build-depend on systemd-dev;
+    closes: bug#1059180, thanks to Chris Hofstaedtler
+
+ -- Jonas Smedegaard <[email protected]>  Fri, 22 Dec 2023 13:58:28 +0100
+
+asterisk (1:20.5.1~dfsg+~cs6.13.40431414-1) unstable; urgency=high
+
+  [ upstream ]
+  * new release
+    + fixes these upstream bugs:
+      CVE-2023-49294 CVE-2023-49786;
+      closes: bug#1059032, #1059033, thanks to Salvatore Bonaccorso
+
+  [ Jonas Smedegaard ]
+  * fix enable opus codec;
+    build-depend on libopusenc-dev;
+    closes: bug#1025165,
+    thanks to Paweł Bogusławski, Faidon Liambotis and Athos Ribeiro
+  * set urgency=high due to multiple security bugfixes
+
+ -- Jonas Smedegaard <[email protected]>  Tue, 19 Dec 2023 17:38:11 +0100
+
+asterisk (1:20.5.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
+
+  [ upstream ]
+  * new release
+
+  [ Jonas Smedegaard ]
+  * unfuzz patches
+
+ -- Jonas Smedegaard <[email protected]>  Sat, 25 Nov 2023 12:25:03 +0100
+
 asterisk (1:20.4.0~dfsg+~cs6.13.40431414-2) unstable; urgency=medium
 
   * build-depend on liblua5.1-dev (not liblua5.2-dev);
@@ -14,7 +165,9 @@ asterisk (1:20.4.0~dfsg+~cs6.13.40431414-1) unstable; urgency=medium
   [ Jonas Smedegaard ]
   * stop depend on lsb-base
   * update watch file:
-    + fixate component pjproject at upstream release 2.13.1
+    + fixate component pjproject at upstream release 2.13.1;
+      fixes these upstream bugs:
+      CVE-2022-23537 CVE-2022-23547 CVE-2022-39269 CVE-2023-27585
   * unfuzz patches
   * update copyright info: update coverage
 

diff --git a/debian/control b/debian/control
@@ -77,7 +77,7 @@ Build-Depends:
  uuid-dev,
  zlib1g-dev,
  lsb-release
-Standards-Version: 4.6.2
+Standards-Version: 4.7.0
 Homepage: https://www.allstarlink.org/
 Vcs-Git: https://salsa.debian.org/pkg-voip-team/asterisk.git
 Vcs-Browser: https://salsa.debian.org/pkg-voip-team/asterisk

diff --git a/debian/copyright b/debian/copyright
@@ -95,7 +95,7 @@ Copyright:
   2012, 2015        Matt Jordan <[email protected]>
   2022              Michael Kuron
   2005              Mikael Magnusson <[email protected]>
-  2021-2022         Naveen Albert <[email protected]>
+  2021-2022, 2024   Naveen Albert <[email protected]>
   1999-2006         Oleksiy Krivoshey <[email protected]>
   2005, 2009        Olle E. Johansson <[email protected]>
   2005              Oxymium sarl
@@ -108,7 +108,7 @@ Copyright:
   2008              Roberto Casas <[email protected]>
   1999-2006         Russell Bryant <[email protected]>
   2005-2008, 2012   Russell Bryant <[email protected]>
-  2019-2022         Sangoma Technologies Corporation
+  2019-2023         Sangoma Technologies Corporation
   2014              Schmooze Com, Inc.
   2008, 2017, 2020  Sean Bright <[email protected]>
   2006              Sergey Basmanov <[email protected]>
@@ -309,10 +309,9 @@ License: BSD-3-Clause
 
 Files:
  contrib/scripts/live_ast
- contrib/scripts/sip_nat_settings
  menuselect/contrib/menuselect-dummy
 Copyright:
-  2005, 2007-2008  Tzafrir Cohen <[email protected]>
+  2007-2008  Tzafrir Cohen <[email protected]>
 License: GPL-2+
 
 Files:
@@ -714,7 +713,7 @@ Comment:
 
 Files: debian/*
 Copyright:
-  2016, 2023  Jonas Smedegaard <[email protected]>
+  2016, 2022-2024  Jonas Smedegaard <[email protected]>
 License-Grant:
  This packaging is free software;
  you can redistribute it and/or modify it