Makefile.moddir_rules | 2 1 + 1 - 0 !
apps/Makefile | 20 20 + 0 - 0 !
2 files changed, 21 insertions(+), 1 deletion(-)

 build multiple versions of app_voicemail.so
 This is a very ugly hack on upstream's Makefiles to allow building
 multiple variants of app_voicemail. Three variants are created:
  * app_voicemail.so: plain old filesystem storage that doesn't break
    existing setups
  * app_voicemail_imapstorage.so: IMAP storage
  * app_voicemail_odbcstorage.so: ODBC storage
 All these conflict with each other and Asterisk will refuse to load
 them concurrently. They are thus included in three separate and
 complicting packages.
 .
 Patch suggested to upstream but rejected for being "hackish". Though
 upstream RPM packages include packages that are only somewhat cleaner.

contrib/scripts/astgenkey | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 astgenkey should generate a private key that is not world-readable
 Upstream has not accepted this patch and chose instead to document this
 as a known minor issue.

sounds/sounds.xml | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 avoid downloading extra sound files
 Asterisk configures several sound files to be installed that are not
 included in the distribution tarball. Those files are downloaded by the
 'install' target.
 .
 The exact files to be downloaded is configurable. Here we change the
 default to avoid downloading any. We believe those should be part of a
 separate source package (as they rarely change, and have their own
 versioning).

addons/mp3/MPGLIB_README | 39 39 + 0 - 0 !
addons/mp3/MPGLIB_TODO | 2 2 + 0 - 0 !
addons/mp3/Makefile | 24 24 + 0 - 0 !
addons/mp3/README | 1 1 + 0 - 0 !
addons/mp3/common.c | 267 267 + 0 - 0 !
addons/mp3/dct64_i386.c | 335 335 + 0 - 0 !
addons/mp3/decode_i386.c | 153 153 + 0 - 0 !
addons/mp3/decode_ntom.c | 219 219 + 0 - 0 !
addons/mp3/huffman.h | 332 332 + 0 - 0 !
addons/mp3/interface.c | 325 325 + 0 - 0 !
addons/mp3/layer3.c | 2029 2029 + 0 - 0 !
addons/mp3/mpg123.h | 132 132 + 0 - 0 !
addons/mp3/mpglib.h | 75 75 + 0 - 0 !
addons/mp3/tabinit.c | 81 81 + 0 - 0 !
14 files changed, 4014 insertions(+)

 mpglib code originally in asterisk-addons
 The package asterisk-addons originally included mpglib. After the merge
 with asterisk, that code is no longer included and needs to be fetched
 (contrib/scripts/get_mpg_source.sh). This patch includes that fetched
 source (rev. 202).
 .
 TODO: get rid of this code and use libmpg123 or whatever.

addons/app_mysql.c | 1 0 + 1 - 0 !
addons/cdr_mysql.c | 1 0 + 1 - 0 !
addons/chan_mobile.c | 1 0 + 1 - 0 !
addons/chan_ooh323.c | 1 0 + 1 - 0 !
addons/format_mp3.c | 1 0 + 1 - 0 !
addons/res_config_mysql.c | 1 0 + 1 - 0 !
6 files changed, 6 deletions(-)

 enable modules formly from asterisk-addons
 The modules under addons/ are originally from the separate
 asterisk-addons package. As of asterisk 1.8 they are included in the
 main Asterisk distribution but not enabled by default. this patch
 enables them, as it seems valid in Debian.
 .
 format_mp3.c is not enabled, yet, though: the complete source is not
 included. See contrib/scripts/get_mp3_source.sh in the source tree.

codecs/Makefile | 1 0 + 1 - 0 !
codecs/codec_ilbc.c | 1 1 + 0 - 0 !
2 files changed, 1 insertion(+), 1 deletion(-)

 disable building codec_ilbc
 As we have to strip the ilbc code from asterisk, we need to disable
 building codec_ilbc and cleaning the ilbc/ directory.
 .
 Patch needs to be cleaned-up to be uploaded upstream.
 .
 FIXME: module now seems to potentially use libilbc. If it can be
 packaged into Debian, no reason to remove it.

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 place asterisk read-only data files under /usr/share
 On Debian read-only resources belong under /usr. The space taken from
 the writable /var should be minimized.
 .
 Upstream prefers defaults to have those files under /var/lib, though
 supports a separate datadir.

channels/chan_mgcp.c | 1 0 + 1 - 0 !
channels/chan_vpb.cc | 2 1 + 1 - 0 !
2 files changed, 1 insertion(+), 2 deletions(-)

 reenable some drivers

build_tools/cflags.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable building asterisk with -march=native
Bug-Debian: https://bugs.debian.org/842917

utils/utils.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 enable the smsq application.

utils/utils.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 enable the aelparse application.

Makefile | 2 2 + 0 - 0 !
contrib/asterisk.service | 49 49 + 0 - 0 !
contrib/scripts/asterisk_cleanup | 18 18 + 0 - 0 !
contrib/scripts/live_ast | 38 38 + 0 - 0 !
4 files changed, 107 insertions(+)

 a systemd service
 Do away with safe_asterisk. But try very hard to let live_ast work with
 it.

build_tools/cflags-devmode.xml | 3 0 + 3 - 0 !
build_tools/cflags.xml | 4 4 + 0 - 0 !
2 files changed, 4 insertions(+), 3 deletions(-)

 enable the test framework

build_tools/menuselect-deps.in | 3 3 + 0 - 0 !
codecs/codec_amr.c | 405 405 + 0 - 0 !
codecs/ex_amr.h | 49 49 + 0 - 0 !
configure.ac | 7 7 + 0 - 0 !
include/asterisk/amr.h | 19 19 + 0 - 0 !
include/asterisk/format_cache.h | 10 10 + 0 - 0 !
main/codec_builtin.c | 50 50 + 0 - 0 !
main/format_cache.c | 16 16 + 0 - 0 !
main/rtp_engine.c | 6 6 + 0 - 0 !
makeopts.in | 7 7 + 0 - 0 !
res/res_format_attr_amr.c | 488 488 + 0 - 0 !
11 files changed, 1060 insertions(+)

 add amr and amr-wb codec modules supporting transcoding
 To add a codec for SIP/SDP (m=, rtmap, and ftmp), you create a format
 module in Asterisk: `codec_amr.patch` (for m= and rtmap) and
 `res/res_format_attr_amr.c` (for fmtp). However, this requires both
 call legs to support AMR (pass-through only). If one leg does not
 support AMR, the call has no audio. Or, if you use the pre-recorded
 voice and music files of Asterisk, these files cannot be heard, because
 they are not in AMR but in slin. Therefore, this repository adds not
 just a format module for the audio-codecs AMR and AMR-WB but a
 transcoding module as well: `codecs/codec_amr.c`.
 .
 This is an implementation of IETF
 [RFC 4867](http://tools.ietf.org/html/rfc4867). Sometimes, AMR is
 called AMR Narrowband (AMR-NB). AMR Wideband (ITU-T Recommendation
 G.722.2) is sometimes abbreviated W-AMR
 ([GSA](http://www.gsacom.com/hdvoice/)). GSMA Mobile
 [HD Voice](https://www.youtube.com/playlist?&list=PLj1MyDu3jckpSciPQ1Max0W6HDSaY8-n4)
 is AMR-WB. Research papers comparing AMR and AMR-WB with other audio
 codecs:
 [InterSpeech 2010](http://research.nokia.com/files/public/%5B12%5D_Interspeech%202010_Voice%20Quality%20Evaluation%20of%20Recent%20Open%20Source%20Codecs.pdf),
 [ICASSP 2010](http://research.nokia.com/files/public/%5B11%5D_ICASSP2010_Voice%20Quality%20Evaluation%20of%20Various%20Codecs.pdf),
 [InterSpeech 2011](http://research.nokia.com/files/public/%5B16%5D_InterSpeech2011_Voice_Quality_Characterization_of_IETF_Opus_Codec.pdf).
 Further
 [examples](http://www.voiceage.com/Audio-Samples-Listening-Room.html)

configure.ac | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

 modernize autotools ffmpeg linking
 FFmpeg is a _family_ of libraries sharing an optional base subdir. That
 is not properly reflected in the autoconf detection logic, and makes it
 impossible to handle alternate location - e.g. when using Libav.
 .
 This patch queries pkg-config, used with recent FFmpeg, for files
 "libavcodec" and "libswscale", the family members currently used.

channels/console_video.h | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 include subdirs (not main dir) for ffmpeg paths
 Fix include FFmpeg headers from below /usr/include/ffmpeg/<libname>
 (this change requires -I/usr/include/ffmpeg).

build_tools/make_build_h | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 reproducible build

third-party/pjproject/Makefile | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 autoreconf pjproject

addons/ooh323c/src/ooq931.c | 15 9 + 6 - 0 !
1 file changed, 9 insertions(+), 6 deletions(-)

 cve-2022-37325

include/asterisk/res_pjsip.h | 83 83 + 0 - 0 !
res/res_pjsip/pjsip_transport_events.c | 214 194 + 20 - 0 !
res/res_pjsip_outbound_registration.c | 28 17 + 11 - 0 !
res/res_pjsip_pubsub.c | 25 13 + 12 - 0 !
4 files changed, 307 insertions(+), 43 deletions(-)

 cve-2022-42705

configs/samples/asterisk.conf.sample | 11 7 + 4 - 0 !
doc/UPGRADE-staging/manager_config_live_dangerously.txt | 8 8 + 0 - 0 !
include/asterisk/manager.h | 12 12 + 0 - 0 !
main/manager.c | 42 42 + 0 - 0 !
main/options.c | 1 1 + 0 - 0 !
5 files changed, 70 insertions(+), 4 deletions(-)

 cve-2022-42706

res/res_pjsip_header_funcs.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 cve-2023-37457

Bug-Debian: https://bugs.debian.org/1059303

main/manager.c | 42 39 + 3 - 0 !
1 file changed, 39 insertions(+), 3 deletions(-)

 cve-2023-49294

Bug-Debian: https://bugs.debian.org/1059032

res/res_rtp_asterisk.c | 55 55 + 0 - 0 !
1 file changed, 55 insertions(+)

 cve-2023-49786

Bug-Debian: https://bugs.debian.org/1059033

third-party/pjproject/Makefile | 19 12 + 7 - 0 !
third-party/pjproject/configure.m4 | 10 9 + 1 - 0 !
third-party/pjproject/patches/0000-remove-third-party.patch | 6 4 + 2 - 0 !
third-party/pjproject/patches/0010-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new-129fb323a66dd1fd16880fe5ba5e6a57.patch | 46 46 + 0 - 0 !
third-party/pjproject/patches/0020-log-dropped-packet-in-debug.patch | 28 28 + 0 - 0 !
third-party/pjproject/patches/0100-allow_multiple_auth_headers.patch | 413 0 + 413 - 0 !
third-party/pjproject/patches/config_site.h | 8 8 + 0 - 0 !
third-party/pjproject/pjproject-2.12.1.tar.bz2.md5 | 1 0 + 1 - 0 !
third-party/pjproject/pjproject-2.13.1.tar.bz2.md5 | 1 1 + 0 - 0 !
third-party/versions.mak | 2 1 + 1 - 0 !
10 files changed, 109 insertions(+), 425 deletions(-)

 pjproject-2.13.1

Update Asterisk specific patches for embedded pjproject library. Apply the fix
for CVE-2023-38703 by updating the tar.bz2 compressed library directly.