wrong size, and the linker complained about ckcpro's 'dest' (which
was int vs long.)
i bumped the package version since it actually fixes real bugs on
big endian 64 bit platforms, and maybe bugs on other 64 bit.
Changes:
1.40.0
------
[+] * Added SMSD configuration option RetryTimeout.
[-] * Removed non configurable sleep after failed message send.
[+] * SMSD now tries to store whole decoded text for concatenated
messages in the first entry in database.
[-] * Improved compatibility with Sierra SL8084TR.
[+] * Added support for delivery reports stored in SR memory.
[+] * Configure CNMI parameters for AT driver.
0.4.0:
Fix2: reset LIGHT_EX colors with RESET_ALL.
Fix: ignore invalid "erase" ANSI codes.
Fix stream wrapping under PyCharm.
Added contextlib magic methods to ansitowin32.StreamWrapper.
Fix: don't cache stdio handles, since they might be closed/changed by fd redirection. This fixes an issue with pytest.
Drop support for EOL Python 2.5, 2.6, 3.1, 3.2 and 3.3, and add 3.6.
AST-2017-005, AST-2017-006, and AST-2017-008. There was no release
announcement as only security patches were issued. I just found
this update while looking to see what updates I was missing for
more recent versions of Asterisk. The Asterisk 11.x series was
declared end-of-life on Oct. 25th, 2017, so there will not be any
more updates to this package (other then PKGREVISION bumps for
dependencies) before it gets deleted. There is a reasonable chance
that there are unpatched vulnerabilities in this package. Anybody
still using it should upgrade a newer version as soon as possibble.
----- AST-2017-2005 -----
Description The "strictrtp" option in rtp.conf enables a feature of the
RTP stack that learns the source address of media for a
session and drops any packets that do not originate from
the expected address. This option is enabled by default in
Asterisk 11 and above.
The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the
RTP stack. This uses the source address of incoming media
as the target address of any sent media. This option is not
enabled by default but is commonly enabled to handle
devices behind NAT.
A change was made to the strict RTP support in the RTP
stack to better tolerate late media when a reinvite occurs.
When combined with the symmetric RTP support this
introduced an avenue where media could be hijacked. Instead
of only learning a new address when expected the new code
allowed a new source address to be learned at all times.
If a flood of RTP traffic was received the strict RTP
support would allow the new address to provide media and
with symmetric RTP enabled outgoing traffic would be sent
to this new address, allowing the media to be hijacked.
Provided the attacker continued to send traffic they would
continue to receive traffic as well.
Resolution The RTP stack will now only learn a new source address if it
has been told to expect the address to change. The RTCP
support has now also been updated to drop RTCP reports that
are not regarding the RTP session currently in progress. The
strict RTP learning progress has also been improved to guard
against a flood of RTP packets attempting to take over the
media stream.
----- AST-2017-006 -----
Description The app_minivm module has an "externnotify" program
configuration option that is executed by the MinivmNotify
dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS
shell for interpretation and execution. Since the caller-id
name and number can come from an untrusted source, a
crafted caller-id name or number allows an arbitrary shell
command injection.
Resolution Patched Asterisk's app_minivm module to use a different
system call that passes argument strings in an array instead
of having the OS shell determine the application parameter
boundaries.
----- AST-2017-008 -----
Description This is a follow up advisory to AST-2017-005.
Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the "nat" and
"symmetric_rtp" options allow redirecting where Asterisk
sends the next RTCP report.
The RTP stream qualification to learn the source address of
media always accepted the first RTP packet as the new
source and allowed what AST-2017-005 was mitigating. The
intent was to qualify a series of packets before accepting
the new source address.
Resolution The RTP/RTCP stack will now validate RTCP packets before
processing them. Packets failing validation are discarded.
RTP stream qualification now requires the intended series of
packets from the same address without seeing packets from a
different source address to accept a new source address.
Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.
Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).
This is a standard version. It is scheduled to go to security
fixes only on October 3th, 2018, and EOL on October 3th, 2019.
See here for more information about Asterisk versions:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
pkgsrc-users@ a few weeks ago. This package is ancient and has
been EOL for a couple of years. It likely has numerous security
issues. Also, the PKGNAME will conflict with the upcoming Asterisk
18.* in a couple of years times. There were no objections.
Performing substitutions during post-patch breaks tools such as mkpatches,
making it very difficult to regenerate correct patches after making changes,
and often leading to substituted string replacements being committed.
pkgsrc changes:
- Indent a DEPENDS (suggested by `pkglint -Wall')
Changes:
1.39.0
------
* Fixed answering call in AT module.
* Improved support for Huawei E392 and E3131.
* Fixed compatibility of binaries with Windows XP and 2003.
* Improved support for ZTE MF667.
* Updated list of GSM networks and countries.
This switch is meant to be used by packages requiring an implementation of the
former libusb (as in devel/libusb). The original implementation can be
chosen by setting LIBUSB_TYPE to "native".
The alternative implementation libusb-compat (as in devel/libusb-compat) wraps
libusb1 (in devel/libusb1). This implementation can be chosen by setting
LIBUSB_TYPE to "compat". On NetBSD, it has the advantage of not requiring root
privileges to locate and use USB devices without a kernel driver.
This second part switches packages using libusb to this framework. It does not
change compilation options or dependencies at this point.
Compile-tested on most packages affected and available on NetBSD/amd64.
it fixes AST-2017-005, AST-2017-006, AST-2017-006, AST-2017-008,
AST-2017-009, AST-2017-010, AST-2017-011, AST-2017-012, AST-2017-013,
and AST-2017-014. Note that several of these are related to PJSIP
which pkgsrc doesn't use.
----- 14.7.5 -----
The Asterisk Development Team would like to announce security
releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18.
The available releases are released as versions 13.18.5, 14.7.5,
15.1.5 and 13.18-cert2.
The following security vulnerabilities were resolved in these versions:
* AST-2017-014: Crash in PJSIP resource when missing a contact header
A select set of SIP messages create a dialog in Asterisk. Those SIP messages
must contain a contact header. For those messages, if the header was not
present and using the PJSIP channel driver, it would cause Asterisk to crash.
The severity of this vulnerability is somewhat mitigated if authentication is
enabled. If authentication is enabled a user would have to first be authorized
before reaching the crash point.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.5
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2017-014.pdf
Thank you for your continued support of Asterisk!
----- 14.7.4 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.
The release of these versions resolves the following security
vulnerabilities:
* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
If a compound RTCP packet is received containing more than
one report (for example a Receiver Report and a Sender
Report) the RTCP stack will incorrectly store report
information outside of allocated memory potentially causing
a crash.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-14.7.4
The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-012.htmlhttp://downloads.asterisk.org/pub/security/AST-2017-012.pdf
Thank you for your continued support of Asterisk!
----- 14.7.3 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert8, 13.18.3,
14.7.3 and 15.1.3.
The release of these versions resolves the following security
vulnerabilities:
* AST-2017-013: DOS Vulnerability in Asterisk chan_skinny
If the chan_skinny (AKA SCCP protocol) channel driver is
flooded with certain requests it can cause the asterisk
process to use excessive amounts of virtual memory
eventually causing asterisk to stop processing requests of
any kind.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog=14.7.3
The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-013.pdf
Thank you for your continued support of Asterisk!
----- 14.7.2 -----
The Asterisk Development Team would like to announce the release
of Asterisk 14.7.2.
The release of Asterisk 14.7.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27387 - Regression: pjsip 13.18.0 - from_user - "+"
character isn't allowed any more
(Reported by Michael Maier)
* ASTERISK-27391 - Regression: Deadlock between AOR named lock
and pjproject grp lock
(Reported by shaurya jain)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.7.2
Thank you for your continued support of Asterisk!
----- 14.7.0 -----
The Asterisk Development Team would like to announce the release
of Asterisk 14.7.0.
The release of Asterisk 14.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-27278 - [patch] chan_sip: Provide access to read the
full SIP Request-URI from INVITE
(Reported by David J. Pryke)
* ASTERISK-27255 - alembic: Add support for Microsoft SQL
server
(Reported by Florian Floimair)
* ASTERISK-27253 - [patch] libsrtp-2.1.x support
(Reported by Alexander Traud)
* ASTERISK-27220 - Enable CHANNEL function to get from and to
tag from SIP Headers
(Reported by Andre Nazario)
* ASTERISK-27169 - Google OAuth 2.0 support for XMPP / Motif
(Reported by Andrey)
* ASTERISK-27173 - Support for GMIME 3.0
(Reported by Tzafrir Cohen)
* ASTERISK-27092 - [patch] app_queue: Add Priority to AMI
QueueStatus
(Reported by Niklas Larsson)
* ASTERISK-27085 - [patch] chan_pjsip: Port SIPDtmfMode to
chan_pjsip
(Reported by Torrey Searle)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27346 - res_xmpp: Crash if OAuth 2.0 is used before
curl is loaded
(Reported by Ronald Raikes)
* ASTERISK-27372 - ARI: Node ARI client broken in latest
versions of 13 and 14
(Reported by Benjamin Keith Ford)
* ASTERISK-27047 - res_pjsip: user=phone added to Anonymous
caller-id when it shouldn't be.
(Reported by dtryba)
* ASTERISK-27270 - cdr_mysql: various crashes at second module
reload if cdr_mysql.conf is configured
(Reported by Tzafrir Cohen)
* ASTERISK-25266 - Application Originate returns SUCCESS to
ORIGINATE_STATUS upon failure to originate
(Reported by Allen Ford)
* ASTERISK-27192 - res_pjsip: Loss of SIP registrations causing
unavailable endpoints
(Reported by Richard Mudgett)
* ASTERISK-27305 - res_ari: Memory leaks in ARI when using
Content-Type: application/json
(Reported by David Hajek)
* ASTERISK-26922 - chan_sip: tcpbind uses wrong source address
(Reported by Ksenia)
* ASTERISK-27324 - [patch] Dual-Stack server cannot be used as
IPv4 client via TCP/TLS
(Reported by Alexander Traud)
* ASTERISK-27317 - vector: multiple evaluation of elem in
AST_VECTOR_ADD_SORTED.
(Reported by Corey Farrell)
* ASTERISK-27318 - res_pjsip_mwi: uninitialized value from
ast_strings_match
(Reported by Corey Farrell)
* ASTERISK-27284 - Status of RFC 3323 and PJSIP
(Reported by dtryba)
* ASTERISK-27296 - [patch] False positive busy checks when
icalendar's recurrence-id mechanism is involved
(Reported by Benoît Dereck-Tricot)
* ASTERISK-27216 - app_queue: does its
check-makeannouncement-logic twice each head-caller-loop
(Reported by Stefan Engström)
* ASTERISK-27298 - Problem with expires on pjsip /
outbound-publish
(Reported by Cyrille Demaret)
* ASTERISK-27295 - Contact is improperly translated after
d178f497
(Reported by Sean Bright)
* ASTERISK-27292 - Multiple RTP Stream Created Breaking RFC2833
(SSRC Changes)
(Reported by Ross Beer)
* ASTERISK-27289 - A codeblock that maintains a bug,but maybe
the codeblock will never run
(Reported by Huangyx)
* ASTERISK-27283 - Realtime config fail with PostgreSQL version
before 9.1
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-27257 - bridge_native_rtp: half-way direct media
when using early bridging
(Reported by Jean Aunis - Prescom)
* ASTERISK-27279 - Crash in pubsub_on_rx_request NULL pointer -
Possible PJSIP Vulnerability
(Reported by Ross Beer)
* ASTERISK-26606 - tcptls: Incorrect OpenSSL function call
leads to misleading error report
(Reported by Bob Ham)
* ASTERISK-16898 - SRTP unprotect: authentication failure when
RTP sequence number switches from 65535 -> 0
(Reported by Marcello Ceschia)
* ASTERISK-27274 - RTCP needs better packet validation to
resist port scans.
(Reported by Richard Mudgett)
* ASTERISK-27252 - RTP: One way audio with direct media and
strictrtp=yes.
(Reported by Richard Mudgett)
* ASTERISK-25524 - module reload res_calendar.so does not
reload everything in calendar.conf
(Reported by Jesper)
* ASTERISK-24588 - res_calendar does not process CalDAV from
Owncloud [fix included]
(Reported by Stefan Gofferje)
* ASTERISK-25523 - res_calendar: Warning about invalid channel
value (for notification) occurs even when event has no
notification configured.
(Reported by Jesper)
* ASTERISK-21399 - RTP Multicast of L16 (type 10): Asterisk and
wireshark disagree
(Reported by Tzafrir Cohen)
* ASTERISK-27248 - [patch]external_media_address and
external_signaling_address don't always honor localnet
(Reported by Walter Doekes)
* ASTERISK-27217 - chan_sip: Asterisk crashing when
subscription doesn't get set
(Reported by Bryan Walters)
* ASTERISK-24066 - res_smdi: convert to astobj2
(Reported by Corey Farrell)
* ASTERISK-17540 - SDP origin attribute modified when issuing
re-INVITE because of directmedia=yes
(Reported by saghul)
* ASTERISK-27254 - alembic: prune_on_boot fix erroneous
(Reported by Florian Floimair)
* ASTERISK-27232 - When in queue on g722 with interruptions,
music on hold can get stuck and no longer play
(Reported by Jens T.)
* ASTERISK-27024 - nat/external_media settings ignored in 14.4.1
(Reported by Christopher van de Sande)
* ASTERISK-26879 - PJSIP external_media_address ignored if no
local_net options are provided
(Reported by Matt Jordan)
* ASTERISK-27165 - CDR: CDR(start,u) function won't work in
cdr_custom config
(Reported by Jacek Konieczny)
* ASTERISK-27236 - Segfault ast_channel_name (chan=0x0) at
channel_internal_api.c:478 during T.38 Fax Receive
(Reported by Ross Beer)
* ASTERISK-27225 - Crash when freeing dtls_cfg->cafile
(Reported by Richard Kenner)
* ASTERISK-27177 - ooh323c: misleading indentation in
addons/ooh323c/src/ooSocket.c
(Reported by Tzafrir Cohen)
* ASTERISK-27241 - libc segfault upon entry into app_directory
(Reported by David Moore)
* ASTERISK-27152 - Sending a "tel" uri in a From or To header
in an unauthenticated message causes asterisk to crash
(Reported by Ross Beer)
* ASTERISK-27103 - core: ast_safe_system command injection
possible.
(Reported by Corey Farrell)
* ASTERISK-27013 - res_rtp_asterisk: Media can be hijacked even
with strict RTP enabled
(Reported by Joshua Colp)
* ASTERISK-26994 - Confbridge: CBAnn channels intermittently
become stuck when caller hangs up before recording name
(Reported by James Terhune)
* ASTERISK-20858 - app_minivm fails to clean up mkstemp files
(Reported by Walter Doekes)
* ASTERISK-16777 - several filename bugs in Record()
application
(Reported by klaus3000)
* ASTERISK-27209 - Incorrect SDP in 200 OK when PJSIP_DTMF_MODE
is used
(Reported by Torrey Searle)
* ASTERISK-27168 - alembic: PJSIP scripts are missing column
dtls_fingerprint in ps_endpoints table
(Reported by Florian Floimair)
* ASTERISK-19103 - When using realtime queues, function
QUEUE_MEMBER_LIST() will return an error if no other
app/function has loaded the queues first. This problem does not
exist if queues.conf is used.
(Reported by Jim Van Meggelen)
* ASTERISK-21241 - When using voicemail as announce only
(maxmsg=0), the star dtmf to enter the voicemail is not honored
(Reported by Eelco Brolman)
* ASTERISK-27204 - [patch] app_queue: Wrong queue stat
calculation
(Reported by sungtae kim)
* ASTERISK-27207 - XMPP OAuth not working due to inverted
logic
(Reported by Michael Kuron)
* ASTERISK-27174 - res_calendar_icalendar: Recurring events not
being loaded from Google calendar using ical
(Reported by Mark Thompson)
* ASTERISK-27202 - If wget is not installed and "or" is not
available, external components (excluding pjsip) are not
installed
(Reported by Seán C. McCord)
* ASTERISK-27147 - Either asterisk or pjproject isn't re-using
tcp connections (again)
(Reported by George Joseph)
* ASTERISK-27193 - IPv6 receive address in message doesn't
include brackets
(Reported by Scott Griepentrog)
* ASTERISK-26745 - Asymmetric codecs when
asymmetric_rtp_codec=no
(Reported by Jesse Ross)
* ASTERISK-27158 - [patch] res_rtp_asterisk: RTCP statistics
are not available when native bridge is used
(Reported by Torrey Searle)
* ASTERISK-27110 - RTP session is not fully destroyed on
channel hangup
(Reported by Matt Jordan)
* ASTERISK-27171 - Asterisk 15.0.0-Beta1 does not compile
(Reported by Ira Emus)
* ASTERISK-26659 - res_pjsip: PJSIP presence - missing braces
around the status element in XML
(Reported by Abraham Liebsch)
* ASTERISK-27156 - Asterisk won't compile on Fedora 26 with
devmode enabled.
(Reported by Corey Farrell)
* ASTERISK-27130 - Applications ARI: Unsubscribe action for
deviceStates does not remove old subscriptions properly
(Reported by Sergej Kasumovic)
* ASTERISK-25810 - say.c calls for sounds in the subdir
"digits" that don't exist (in Core). SayUnixTime or other Say...
apps will fail out when they call these sounds.
(Reported by Nicolas Riendeau)
* ASTERISK-27142 - sounds: Conflict between files in
asterisk-sounds-core-1.6 and asterisk-sounds-extra-1.5
(Reported by Corey Farrell)
* ASTERISK-27133 - res_rtp_asterisk: RTCP does not use ICE when
RTCP-MUX in use
(Reported by Joshua Colp)
* ASTERISK-27123 - confbridge: Name recordings are left on
filesystem
(Reported by Sergej Kasumovic)
* ASTERISK-27122 - chan_iax2: On reload MWI taskprocessors keep
adding up
(Reported by Sergej Kasumovic)
* ASTERISK-26807 - sounds: New 3-D Binaural audio features
require new sound prompts
(Reported by Rusty Newton)
* ASTERISK-25816 - French conf-adminmenu, conf-usermenu prompts
differ in content from the English files
(Reported by Benoit Duverger)
* ASTERISK-26274 - Resolve open sounds issues and then create a
new sounds release (1.5.1? or 1.6?)
(Reported by Rusty Newton)
* ASTERISK-27128 - [patch]res_stasis_snoop: When recording a
snoop channel (using ARI) where no media is being received, no
recording happens when theres no media
(Reported by Dan Jenkins)
* ASTERISK-27124 - app_playback.c:say_date_generic use
timezonename parameter
(Reported by Holger Hans Peter Freyther)
* ASTERISK-27127 - configs: Erroneous load directive in sample
configuration results in "Error loading module
'res_pjsip_multihomed.so'"
(Reported by HZMI8gkCvPpom0tM)
* ASTERISK-27105 - [patch]core: when setting 'maxfiles' in
asterisk.conf, a message is printed, even in rasterisk -x
(Reported by Tzafrir Cohen)
* ASTERISK-27036 - res_pjsip: Asterisk crashes when an
extension tries to use PJSIP trunk with from_user containing '@'
(Reported by Maxim Vasilev)
* ASTERISK-27023 - res_rtp_asterisk: Deadlock when TURN session
in use
(Reported by Jatin Jain)
* ASTERISK-27093 - ODBC deadlocks when app_directory tries to
play back non-existent voicemail greeting
(Reported by James Terhune)
New Features made in this release:
-----------------------------------
* ASTERISK-27215 - [patch]AMI : Add CancelAtxfer Action
(Reported by Thomas Sevestre)
* ASTERISK-27117 - core: Add support for timelen parsing to
ast_parse_arg and ACO.
(Reported by Corey Farrell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.7.0
Thank you for your continued support of Asterisk!
----- 14.6.0 -----
The Asterisk Development Team would like to announce the release
of Asterisk 14.6.0.
The release of Asterisk 14.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27108 - Crash using 'data get' CLI command
(Reported by Sean Bright)
* ASTERISK-27106 - [patch] autodomain (SIP Domain Support): Add
only really different domain with TLS.
(Reported by Alexander Traud)
* ASTERISK-27100 - channel: ast_waitfordigit_full fails to
clear flag in an error branch.
(Reported by Corey Farrell)
* ASTERISK-27090 - PJSIP: Deadlock using TCP transport
(Reported by Richard Mudgett)
* ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events
(Reported by Ove Aursand)
* ASTERISK-27065 - call hangup after leaving app_queue
(Reported by Marek Cervenka)
* ASTERISK-26978 - rtp: Crash in ast_rtp_codecs_payload_code()
(Reported by Ross Beer)
* ASTERISK-24052 - app_voicemail reloads result in leaked IMAP sockets.
(Reported by Louis Jocelyn Paquet)
* ASTERISK-27074 - core_local: local channel data not being
properly unref'ed and unlocked
(Reported by Kevin Harwell)
* ASTERISK-27075 - bridge: stuck channel(s) after failed
attended transfer
(Reported by Kevin Harwell)
* ASTERISK-27060 - Comment typo format_g729.c
(Reported by Matthew Fredrickson)
* ASTERISK-27041 - Core/PBX: [patch] Deadlock between dialplan
execution and application unregistration
(Reported by Frederic LE FOLL)
* ASTERISK-27026 - res_ari: Crash when no ari.conf
configuration file exists
(Reported by Ronald Raikes)
* ASTERISK-27057 - Seg Fault in ast_sorcery_object_get_id at
sorcery.c
(Reported by Ryan Smith)
* ASTERISK-27024 - nat/external_media settings ignored in
14.4.1
(Reported by Christopher van de Sande)
* ASTERISK-27046 - res_pjsip_transport_websocket: segfault in
get_write_timeout
(Reported by Jørgen H)
* ASTERISK-27022 - res_rtp_asterisk: Incorrect SSRC change for
RTCP component
(Reported by Michael Walton)
* ASTERISK-26923 - bridging: T.38 request is lost when channels
are added to bridge
(Reported by Torrey Searle)
* ASTERISK-27053 - res_pjsip_refer/session: Calls dropped
during transfer
(Reported by Kevin Harwell)
* ASTERISK-27052 - Asterisk build process fails with flag
--with-pjproject-bundled with curl download command and slow
network
(Reported by alex)
* ASTERISK-27039 - chan_pjsip: Device state is idle when
channel from endpoint is in early media
(Reported by Joshua Colp)
* ASTERISK-26996 - chan_pjsip: Flipping between codecs
(Reported by Michael Maier)
* ASTERISK-26281 - chan_pjsip would send INVITE to
'Unreachable' endpoints
(Reported by Jacek Konieczny)
* ASTERISK-26973 - bridge: Crash when freeing frame and
snooping
(Reported by Michel R. Vaillancourt)
* ASTERISK-19291 - Background in realtime
(Reported by Andrew Nowrot)
* ASTERISK-27025 - channel / meetme: Fix missing parentheses
(Reported by Joshua Colp)
* ASTERISK-27021 - GET /recordings/stored returns 500 Internal
Server Error
(Reported by Tim Morgan)
* ASTERISK-24858 - [patch]Asterisk 13 PJSIP sends RTP packets
in wrong byte order on Intel platform when using slin codec
(Reported by Frankie Chin)
* ASTERISK-23951 - Asterisk attempts and fails to build
format_mp3 even if mp3lib was not downloaded
(Reported by Tzafrir Cohen)
* ASTERISK-25294 - srtp's crypto_get_random deprecated
(Reported by Tzafrir Cohen)
* ASTERISK-23839 - AGI - RECORD FILE - documentation doesn't
describe BEEP argument
(Reported by Rusty Newton)
* ASTERISK-22432 - Async AGI crashes Asterisk when issuing "set
variable" command without args
(Reported by Antoine Pitrou)
* ASTERISK-25662 - Malformed AGI 520 Usage response
(Reported by Tony Mountifield)
* ASTERISK-27008 - res_format_attr_h264: SDP parse fails if
fmtp optional parameters have a space
(Reported by John Harris)
* ASTERISK-26399 - app_queue: Agent not called when caller is
parked
(Reported by wushumasters)
* ASTERISK-26400 - app_queue: Queue member stops being called
after AMI "Redirect" action for queues with wrapuptime
(Reported by Etienne Lessard)
* ASTERISK-26715 - app_queue: Member will not receive any new
calls after doing a transfer if wrapuptime = greater than 0 and
using Local channel
(Reported by David Brillert)
* ASTERISK-26975 - app_queue: Non-zero wrapup time can cause
agents not to receive queue calls after transfer queue call
(Reported by Lorne Gaetz)
* ASTERISK-27012 - app_confbridge: ConfBridge sometimes does
not play user name recording while leaving
(Reported by Robert Mordec)
* ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with
authentication failure 10 or 110
(Reported by Javier Riveros)
* ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice
completion failure/delay if client offers rtcp-mux as
negotiable
(Reported by Stefan Engström)
* ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite
when request and To URI differ
(Reported by Yasin CANER)
* ASTERISK-26789 - Audit manipulation of channel flags without
locks
(Reported by Joshua Colp)
* ASTERISK-26333 - Problems with Blind Transfer, PJSIP (Aastra
6869i)
(Reported by Matthias Binder)
Improvements made in this release:
-----------------------------------
* ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could
block PJSIP taskprocessor on startup
(Reported by Alexei Gradinari)
* ASTERISK-27043 - Core/BuildSystem: Add defines to fix build
with LibreSSL
(Reported by Guido Falsi)
* ASTERISK-27042 - Unpatched asterisk sources fail to build on
FreeBSD due to missing crypt.h file
(Reported by Guido Falsi)
* ASTERISK-26419 - audiohooks: Remove redundant codec
translations when using audiohooks
(Reported by Michael Walton)
* ASTERISK-26976 - libsrtp-2.x.x support
(Reported by Alex)
* ASTERISK-26124 - res_agi: Set audio format for EAGI audio
stream
(Reported by John Fawcett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.6.0
Thank you for your continued support of Asterisk!
and general bug fixes, fixes AST-2017-005, AST-2017-006, AST-2017-007,
AST-2017-008, AST-2017-009, AST-2017-10, AST-2017-11, AST-2017-12,
AST-2017-13, and AST-2017-14 (note that a number of these only
pertain to PJSIP which isn't used in pkgsrc)
----- 13.19.0 -----
The Asterisk Development Team would like to announce the release
of Asterisk 13.19.0.
The release of Asterisk 13.19.0 resolves several issues reported
by the community and would have not been possible without your
participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-27478 - PJSIP: Add CHANNEL(pjsip,request_uri) to get
incoming INVITE Request-URI.
(Reported by Richard Mudgett)
* ASTERISK-27413 - Add cache_media_frames debugging option.
(Reported by Richard Mudgett)
* ASTERISK-27206 - res_pjsip: No mechanism exists to limit
endpoint identification to IP only
(Reported by Ben Merrills)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27531 - Compiler optimizations can break module load
sequence.
(Reported by abelbeck)
* ASTERISK-27480 - Security: Authenticated SUBSCRIBE without
Contact crashes asterisk
(Reported by Ross Beer)
* ASTERISK-27299 - Asterisk Hangs with Bad file descriptor on
read()
(Reported by Abhay Gupta)
* ASTERISK-25079 - AMI bridge of channels results in MOH not
destroyed and robotic audio on one channel
(Reported by Zane Conkle)
* ASTERISK-27490 - chan_console: 'set active' fails to work
(Reported by Tzafrir Cohen)
* ASTERISK-24756 - ConfBridge sound_muted does not work from
CLI or AMI
(Reported by Thomas Frederiksen)
* ASTERISK-25649 - Transfer application does not work with
Local channels - documentation misleading
(Reported by Ivan Ullmann)
* ASTERISK-25869 - chan_sip: "rejected because extension not
found" should be logged as a security event
(Reported by Brian J. Murrell)
* ASTERISK-27440 - Strictrtp has issues to qualify video rtp
streams
(Reported by Wim De Vlaminck)
* ASTERISK-24329 - Music On Hold announcement cuts intro of
music the first time it is played
(Reported by Thomas Frederiksen)
* ASTERISK-19657 - Coverity Report: Fix issues for error type
CHAR_IO
(Reported by Matt Jordan)
* ASTERISK-27175 - iax.conf demo peer is invalid
(Reported by Tzafrir Cohen)
* ASTERISK-27430 - README refers to security documents that do
not exist.
(Reported by Corey Farrell)
* ASTERISK-20281 - "core set verbose" behaves strangely, can't
alias it, cli.conf example broken
(Reported by Tim Ringenbach at Asteria Solutions Group)
* ASTERISK-27382 - crash after an invalid rtcp packet from GT48
FXS gateway
(Reported by Tzafrir Cohen)
* ASTERISK-27429 - res_rtp_asterisk: Multiple reports in an
RTCP packet will write past where it should
(Reported by Vitezslav Novy)
* ASTERISK-27408 - Identify causes and fix
pjsip/resolver/srv/failover/in_dialog/transport_tcp
(Reported by Corey Farrell)
* ASTERISK-18411 - Queue members with hints for state_interface
get stuck in "In Use" state.
(Reported by Steven T. Wheeler)
* ASTERISK-26131 - chan_sip: Crash Asterisk (in
sip_request_call at chan_sip.c) by making a call to a single
character in a dot pattern match
(Reported by Dwayne Hubbard)
* ASTERISK-27475 - codec_opus requires libcurl
(Reported by Samuel For)
* ASTERISK-27467 - pjsip_options: qualify_frequency sometimes
not applied on reload
(Reported by John Bigelow)
* ASTERISK-27465 - CLI Completion Not Working
(Reported by Ross Beer)
* ASTERISK-27460 - CDR: Deadlock using AMI Originate with
Variable CDR(amaflags)=...
(Reported by Richard Mudgett)
* ASTERISK-27453 - RTP: Blind transfer direct media scenario
results in one way audio.
(Reported by Richard Mudgett)
* ASTERISK-20643 - SIP ICE support - remove hardcoded
limitation on SDP size, make ICE support disabled by default in
SIP, maybe provide a better warning message
(Reported by Roy)
* ASTERISK-26980 - pjsip: Clean up WebRTC disables
(Reported by abelbeck)
* ASTERISK-27452 - Security: chan_skinny: Memory exhaustion if
flooded with unauthenticated requests
(Reported by George Joseph)
* ASTERISK-27454 - res_http_post: Don't require
GMIME_MAJOR_VERSION
(Reported by Joshua Colp)
* ASTERISK-23735 - Transcoding makes bad choice in high-rate
translations
(Reported by Richard Kenner)
* ASTERISK-27445 - ARI: Updating a bridge gives wrong error
message.
(Reported by Frank Durden)
* ASTERISK-24662 - [patch] column and row headers for Signed
Linear format variants in output of 'core show translation' are
ambiguous
(Reported by Rusty Newton)
* ASTERISK-27353 - H323 audio starts with a delay of 2
seconds.
(Reported by Marco Giordani)
* ASTERISK-27442 - pjsip: 183 without To tag does not negotiate
media
(Reported by Kevin Harwell)
* ASTERISK-27437 - [patch] ICE: server-reflexive candidates
(srflx) with Dual-Stack.
(Reported by Alexander Traud)
* ASTERISK-27434 - [patch] chan_sip/ICE: Square brackets around
IPv6 addresses.
(Reported by Alexander Traud)
* ASTERISK-27435 - [patch] configure:
pjsip_evsub_set_uas_timeout not found.
(Reported by Alexander Traud)
* ASTERISK-27431 - Asterisk fails to build when openssl headers
are not installed.
(Reported by Corey Farrell)
* ASTERISK-27332 - Asterisk fails to configure on MacOS Sierra
(Reported by Ivan Larionov)
* ASTERISK-27421 - RTP source learning not working with devices
that have some clock issues
(Reported by nappsoft)
* ASTERISK-27361 - Attended transfer crashes in Asterisk
13.17.2
(Reported by Alessandro Pimenta)
* ASTERISK-27238 - Bridging: Crash freeing a frame that's
already been freed
(Reported by Richard Kenner)
* ASTERISK-27412 - core: Audiohook freeing interpolated frame
when it shouldn't.
(Reported by Mikhail)
* ASTERISK-27423 - app_record: We set the RECORD_STATUS
channel variable before closing the file
(Reported by George Joseph)
* ASTERISK-26758 - res_hep_pjsip: For WebRTC clients Asterisk
insert same ip address in "source ip address" and "destination
ip address" fields in HEP packets
(Reported by Max Norba)
* ASTERISK-27363 - res_http_websocket: Wrong LocalAddress (it
is equal to RemoteAddress)
(Reported by Vasilii Rogin)
* ASTERISK-27415 - asterisk.conf: Setting astctl without
setting astrundir is ineffective.
(Reported by Corey Farrell)
* ASTERISK-27411 - pjsip: TCP connections may not be destroyed
(Reported by Joshua Colp)
* ASTERISK-27345 - res_pjsip_session: RTP instances leak on 488
responses.
(Reported by Corey Farrell)
* ASTERISK-27337 - chan_sip: Security vulnerability with client
code header (revisited)
(Reported by Richard Mudgett)
* ASTERISK-27319 - (Security) Function in PJSIP 2.7
miscalculates the length of an unsigned long variable in 64bit
machines
(Reported by Kim youngsung)
* ASTERISK-27391 - Regression: Deadlock between AOR named lock
and pjproject grp lock
(Reported by shaurya jain)
* ASTERISK-27393 - res_pjsip: Crash occurs when an empty
contact read from astdb or database
(Reported by Aaron An)
* ASTERISK-27290 - res_pjsip: PIDF contact field has
malformed/invalid XML
(Reported by basildane)
* ASTERISK-27032 - res_pjsip: TLS options do not handle empty
values
(Reported by seanchann.zhou)
* ASTERISK-27394 - [patch] tcptls: Print notice when TLS is
enabled but not configured.
(Reported by Alexander Traud)
* ASTERISK-26426 - format_ogg_opus: remove from source
(Reported by Kevin Harwell)
* ASTERISK-27378 - Modules: Fix issues with CLI completion.
(Reported by Corey Farrell)
* ASTERISK-27387 - Regression: pjsip 13.18.0 - from_user - "+"
character isn't allowed any more
(Reported by Michael Maier)
* ASTERISK-27390 - Audit menuselect module dependencies
(Reported by Corey Farrell)
* ASTERISK-27389 - Optional API modules should not allow
unload.
(Reported by Corey Farrell)
* ASTERISK-27369 - Bridge() dialplan application fails without
setting BRIDGERESULT channel variable
(Reported by James Terhune)
* ASTERISK-27377 - Typo in CHANNEL(dtmf_features) usage
documentation
(Reported by Igor Goncharovsky)
* ASTERISK-27181 - GCC 7 warning: app_voicemail.c: In function
'imap_delete_old_greeting'
(Reported by Anthony Messina)
* ASTERISK-27194 - jitterbuffer: Does not handle case where
translator returns null frame.
(Reported by Joshua Elson)
* ASTERISK-26639 - core: Disabling xmldoc support does not
work. Also results in abort during Asterisk startup.
(Reported by Mr Dini)
* ASTERISK-27372 - ARI: Node ARI client broken in latest
versions of 13 and 14
(Reported by Benjamin Keith Ford)
* ASTERISK-18140 - Expires handling in SUBSCRIBE confuses the
absence of the Expires header field with an unsubscribe action.
(Reported by Jonathan Cloots)
* ASTERISK-25960 - The config_hook unit test causes Asterisk to
crash if run a second time
(Reported by George Joseph)
* ASTERISK-27198 - res_pjsip: SDP contains IP4 instead of IP6
when rtp_ipv6 set to yes
(Reported by Martin Cisárik)
* ASTERISK-27346 - res_xmpp: Crash if OAuth 2.0 is used before
curl is loaded
(Reported by Ronald Raikes)
* ASTERISK-27365 - [patch] chan_sip: Crypto attribute not last
but first on SDP media level.
(Reported by Alexander Traud)
* ASTERISK-24483 - res_pjsip_pubsub.so, res_pjsip_refer.so:
Assertion on un/re-load: mod.id == -1
(Reported by Tzafrir Cohen)
* ASTERISK-23462 - Cannot disable SIP debugging via CLI after
enabling with conf file option - also 'sip set debug off'
reports debugging disabled, when it really isn't
(Reported by Rusty Newton)
* ASTERISK-27328 - Missing openssl dependencies in
res_rtp_asterisk and tcptls
(Reported by Tzafrir Cohen)
* ASTERISK-27341 - [patch] res_pjsip_session: SIP/SDP origin
(o=) contains local address.
(Reported by Alexander Traud)
* ASTERISK-27343 - Fails to build in FreeBSD due to
sys/sysmacros.h not existing there
(Reported by Guido Falsi)
* ASTERISK-27340 - backtrace.c: Crash due to double-free.
(Reported by Corey Farrell)
* ASTERISK-27339 - [patch] Crash on ast_ssl_teardown when
stopping.
(Reported by Alexander Traud)
* ASTERISK-27333 - sip_to_pjsip not correctly handling
disallow=all directive
(Reported by Torrey Searle)
Improvements made in this release:
-----------------------------------
* ASTERISK-24297 - cdr.c: Minor code optimizations.
(Reported by Richard Mudgett)
* ASTERISK-27449 - [PATCH] When failing to acquire target
during attended transfer, display wanted extension
(Reported by Niklas Larsson)
* ASTERISK-27456 - app_voicemail: Add new object for
VoicemailUserEntry
(Reported by sungtae kim)
* ASTERISK-27380 - ast_coredumper: allow pointing out the
asterisk binary explicitly
(Reported by Tzafrir Cohen)
* ASTERISK-23556 - Compilation warning for invert.c (array
subscript is above array bounds)
(Reported by Marcello Ceschia)
* ASTERISK-27355 - Upgrade bundled PJPROJECT to 2.7
(Reported by Richard Mudgett)
* ASTERISK-27335 - CDR performance needs improvement.
(Reported by Richard Mudgett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.19.0
Thank you for your continued support of Asterisk!
----- 13.18.5 -----
The Asterisk Development Team would like to announce security
releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18.
The available releases are released as versions 13.18.5, 14.7.5,
15.1.5 and 13.18-cert2.
The following security vulnerabilities were resolved in these versions:
* AST-2017-014: Crash in PJSIP resource when missing a contact header
A select set of SIP messages create a dialog in Asterisk. Those
SIP messages must contain a contact header. For those messages,
if the header was not present and using the PJSIP channel driver,
it would cause Asterisk to crash. The severity of this vulnerability
is somewhat mitigated if authentication is enabled. If authentication
is enabled a user would have to first be authorized before reaching
the crash point.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.5
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2017-014.pdf
Thank you for your continued support of Asterisk!
----- 13.18.4 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert9, 13.18.4,
14.7.4 and 15.1.4.
The release of these versions resolves the following security
vulnerabilities:
* AST-2017-012: Remote Crash Vulnerability in RTCP Stack
If a compound RTCP packet is received containing more than
one report (for example a Receiver Report and a Sender
Report) the RTCP stack will incorrectly store report
information outside of allocated memory potentially causing
a crash.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.4
The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-012.htmlhttp://downloads.asterisk.org/pub/security/AST-2017-012.pdf
Thank you for your continued support of Asterisk!
----- 13.18.3 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available
security releases are released as versions 13.13-cert8, 13.18.3,
14.7.3 and 15.1.3.
The release of these versions resolves the following security
vulnerabilities:
* AST-2017-013: DOS Vulnerability in Asterisk chan_skinny
If the chan_skinny (AKA SCCP protocol) channel driver is
flooded with certain requests it can cause the asterisk
process to use excessive amounts of virtual memory
eventually causing asterisk to stop processing requests of
any kind.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.3
The security advisories are available at:
http://downloads.asterisk.org/pub/security/AST-2017-013.pdf
Thank you for your continued support of Asterisk!
----- 13.18.2 -----
The Asterisk Development Team would like to announce the release
of Asterisk 13.18.2.
The release of Asterisk 13.18.2 resolves several issues reported
by the community and would have not been possible without your
participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27387 - Regression: pjsip 13.18.0 - from_user - "+"
character isn't allowed any more
(Reported by Michael Maier)
* ASTERISK-27391 - Regression: Deadlock between AOR named lock
and pjproject grp lock
(Reported by shaurya jain)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.18.2
Thank you for your continued support of Asterisk!
----- 13.18.0 -----
The Asterisk Development Team would like to announce the release
of Asterisk 13.18.0.
The release of Asterisk 13.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-27278 - [patch] chan_sip: Provide access to read the
full SIP Request-URI from INVITE
(Reported by David J. Pryke)
* ASTERISK-27255 - alembic: Add support for Microsoft SQL
server
(Reported by Florian Floimair)
* ASTERISK-27253 - [patch] libsrtp-2.1.x support
(Reported by Alexander Traud)
* ASTERISK-27220 - Enable CHANNEL function to get from and to
tag from SIP Headers
(Reported by Andre Nazario)
* ASTERISK-27169 - Google OAuth 2.0 support for XMPP / Motif
(Reported by Andrey)
* ASTERISK-27173 - Support for GMIME 3.0
(Reported by Tzafrir Cohen)
* ASTERISK-27092 - [patch] app_queue: Add Priority to AMI
QueueStatus
(Reported by Niklas Larsson)
* ASTERISK-27085 - [patch] chan_pjsip: Port SIPDtmfMode to
chan_pjsip
(Reported by Torrey Searle)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27346 - res_xmpp: Crash if OAuth 2.0 is used before
curl is loaded
(Reported by Ronald Raikes)
* ASTERISK-27372 - ARI: Node ARI client broken in latest
versions of 13 and 14
(Reported by Benjamin Keith Ford)
* ASTERISK-27047 - res_pjsip: user=phone added to Anonymous
caller-id when it shouldn't be.
(Reported by dtryba)
* ASTERISK-26988 - res_pjsip_session: user_eq_phone adds double
user=phone parameters to URIs
(Reported by dtryba)
* ASTERISK-27270 - cdr_mysql: various crashes at second module
reload if cdr_mysql.conf is configured
(Reported by Tzafrir Cohen)
* ASTERISK-27301 - [patch] app_queue: Music On Hold for
real-time queues is not reset to default
(Reported by Nathan Bruning)
* ASTERISK-25266 - Application Originate returns SUCCESS to
ORIGINATE_STATUS upon failure to originate
(Reported by Allen Ford)
* ASTERISK-27192 - res_pjsip: Loss of SIP registrations causing
unavailable endpoints
(Reported by Richard Mudgett)
* ASTERISK-27305 - res_ari: Memory leaks in ARI when using
Content-Type: application/json
(Reported by David Hajek)
* ASTERISK-26922 - chan_sip: tcpbind uses wrong source address
(Reported by Ksenia)
* ASTERISK-27324 - [patch] Dual-Stack server cannot be used as
IPv4 client via TCP/TLS
(Reported by Alexander Traud)
* ASTERISK-27317 - vector: multiple evaluation of elem in
AST_VECTOR_ADD_SORTED.
(Reported by Corey Farrell)
* ASTERISK-27318 - res_pjsip_mwi: uninitialized value from
ast_strings_match
(Reported by Corey Farrell)
* ASTERISK-27296 - [patch] False positive busy checks when
icalendar's recurrence-id mechanism is involved
(Reported by Benoît Dereck-Tricot)
* ASTERISK-27284 - Status of RFC 3323 and PJSIP
(Reported by dtryba)
* ASTERISK-27216 - app_queue: does its
check-makeannouncement-logic twice each head-caller-loop
(Reported by Stefan Engström)
* ASTERISK-27295 - Contact is improperly translated after
d178f497
(Reported by Sean Bright)
* ASTERISK-27292 - Multiple RTP Stream Created Breaking RFC2833
(SSRC Changes)
(Reported by Ross Beer)
* ASTERISK-27289 - A codeblock that maintains a bug,but maybe
the codeblock will never run
(Reported by Huangyx)
* ASTERISK-27283 - Realtime config fail with PostgreSQL version
before 9.1
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-27257 - bridge_native_rtp: half-way direct media
when using early bridging
(Reported by Jean Aunis - Prescom)
* ASTERISK-27279 - Crash in pubsub_on_rx_request NULL pointer -
Possible PJSIP Vulnerability
(Reported by Ross Beer)
* ASTERISK-26606 - tcptls: Incorrect OpenSSL function call
leads to misleading error report
(Reported by Bob Ham)
* ASTERISK-16898 - SRTP unprotect: authentication failure when
RTP sequence number switches from 65535 -> 0
(Reported by Marcello Ceschia)
* ASTERISK-27274 - RTCP needs better packet validation to
resist port scans.
(Reported by Richard Mudgett)
* ASTERISK-27252 - RTP: One way audio with direct media and
strictrtp=yes.
(Reported by Richard Mudgett)
* ASTERISK-25524 - module reload res_calendar.so does not
reload everything in calendar.conf
(Reported by Jesper)
* ASTERISK-24588 - res_calendar does not process CalDAV from
Owncloud [fix included]
(Reported by Stefan Gofferje)
* ASTERISK-25523 - res_calendar: Warning about invalid channel
value (for notification) occurs even when event has no
notification configured.
(Reported by Jesper)
* ASTERISK-21399 - RTP Multicast of L16 (type 10): Asterisk and
wireshark disagree
(Reported by Tzafrir Cohen)
* ASTERISK-27248 - [patch]external_media_address and
external_signaling_address don't always honor localnet
(Reported by Walter Doekes)
* ASTERISK-27165 - CDR: CDR(start,u) function won't work in
cdr_custom config
(Reported by Jacek Konieczny)
* ASTERISK-27217 - chan_sip: Asterisk crashing when
subscription doesn't get set
(Reported by Bryan Walters)
* ASTERISK-24066 - res_smdi: convert to astobj2
(Reported by Corey Farrell)
* ASTERISK-17540 - SDP origin attribute modified when issuing
re-INVITE because of directmedia=yes
(Reported by saghul)
* ASTERISK-27254 - alembic: prune_on_boot fix erroneous
(Reported by Florian Floimair)
* ASTERISK-27232 - When in queue on g722 with interruptions,
music on hold can get stuck and no longer play
(Reported by Jens T.)
* ASTERISK-27024 - nat/external_media settings ignored in
14.4.1
(Reported by Christopher van de Sande)
* ASTERISK-26879 - PJSIP external_media_address ignored if no
local_net options are provided
(Reported by Matt Jordan)
* ASTERISK-27236 - Segfault ast_channel_name (chan=0x0) at
channel_internal_api.c:478 during T.38 Fax Receive
(Reported by Ross Beer)
* ASTERISK-27225 - Crash when freeing dtls_cfg->cafile
(Reported by Richard Kenner)
* ASTERISK-27177 - ooh323c: misleading indentation in
addons/ooh323c/src/ooSocket.c
(Reported by Tzafrir Cohen)
* ASTERISK-27241 - libc segfault upon entry into app_directory
(Reported by David Moore)
* ASTERISK-27152 - Sending a "tel" uri in a From or To header
in an unauthenticated message causes asterisk to crash
(Reported by Ross Beer)
* ASTERISK-27103 - core: ast_safe_system command injection
possible.
(Reported by Corey Farrell)
* ASTERISK-27013 - res_rtp_asterisk: Media can be hijacked even
with strict RTP enabled
(Reported by Joshua Colp)
* ASTERISK-26994 - Confbridge: CBAnn channels intermittently
become stuck when caller hangs up before recording name
(Reported by James Terhune)
* ASTERISK-20858 - app_minivm fails to clean up mkstemp files
(Reported by Walter Doekes)
* ASTERISK-16777 - several filename bugs in Record()
application
(Reported by klaus3000)
* ASTERISK-27168 - alembic: PJSIP scripts are missing column
dtls_fingerprint in ps_endpoints table
(Reported by Florian Floimair)
* ASTERISK-23608 - ControlPlayback fails to play files with
names containing certain non-alpha characters
(Reported by Jonathan White)
* ASTERISK-19103 - When using realtime queues, function
QUEUE_MEMBER_LIST() will return an error if no other
app/function has loaded the queues first. This problem does not
exist if queues.conf is used.
(Reported by Jim Van Meggelen)
* ASTERISK-21241 - When using voicemail as announce only
(maxmsg=0), the star dtmf to enter the voicemail is not honored
(Reported by Eelco Brolman)
* ASTERISK-27204 - [patch] app_queue: Wrong queue stat
calculation
(Reported by sungtae kim)
* ASTERISK-27209 - Incorrect SDP in 200 OK when PJSIP_DTMF_MODE
is used
(Reported by Torrey Searle)
* ASTERISK-27207 - XMPP OAuth not working due to inverted
logic
(Reported by Michael Kuron)
* ASTERISK-27174 - res_calendar_icalendar: Recurring events not
being loaded from Google calendar using ical
(Reported by Mark Thompson)
* ASTERISK-27202 - If wget is not installed and "or" is not
available, external components (excluding pjsip) are not
installed
(Reported by Seán C. McCord)
* ASTERISK-27147 - Either asterisk or pjproject isn't re-using
tcp connections (again)
(Reported by George Joseph)
* ASTERISK-27193 - IPv6 receive address in message doesn't
include brackets
(Reported by Scott Griepentrog)
* ASTERISK-27158 - [patch] res_rtp_asterisk: RTCP statistics
are not available when native bridge is used
(Reported by Torrey Searle)
* ASTERISK-27110 - RTP session is not fully destroyed on
channel hangup
(Reported by Matt Jordan)
* ASTERISK-26745 - Asymmetric codecs when
asymmetric_rtp_codec=no
(Reported by Jesse Ross)
* ASTERISK-27171 - Asterisk 15.0.0-Beta1 does not compile
(Reported by Ira Emus)
* ASTERISK-26659 - res_pjsip: PJSIP presence - missing braces
around the status element in XML
(Reported by Abraham Liebsch)
* ASTERISK-27156 - Asterisk won't compile on Fedora 26 with
devmode enabled.
(Reported by Corey Farrell)
* ASTERISK-27130 - Applications ARI: Unsubscribe action for
deviceStates does not remove old subscriptions properly
(Reported by Sergej Kasumovic)
* ASTERISK-25810 - say.c calls for sounds in the subdir
"digits" that don't exist (in Core). SayUnixTime or other Say...
apps will fail out when they call these sounds.
(Reported by Nicolas Riendeau)
* ASTERISK-27142 - sounds: Conflict between files in
asterisk-sounds-core-1.6 and asterisk-sounds-extra-1.5
(Reported by Corey Farrell)
* ASTERISK-27124 - app_playback.c:say_date_generic use
timezonename parameter
(Reported by Holger Hans Peter Freyther)
* ASTERISK-27133 - res_rtp_asterisk: RTCP does not use ICE when
RTCP-MUX in use
(Reported by Joshua Colp)
* ASTERISK-27128 - [patch]res_stasis_snoop: When recording a
snoop channel (using ARI) where no media is being received, no
recording happens when theres no media
(Reported by Dan Jenkins)
* ASTERISK-27123 - confbridge: Name recordings are left on
filesystem
(Reported by Sergej Kasumovic)
* ASTERISK-27122 - chan_iax2: On reload MWI taskprocessors keep
adding up
(Reported by Sergej Kasumovic)
* ASTERISK-26807 - sounds: New 3-D Binaural audio features
require new sound prompts
(Reported by Rusty Newton)
* ASTERISK-25816 - French conf-adminmenu, conf-usermenu prompts
differ in content from the English files
(Reported by Benoit Duverger)
* ASTERISK-26274 - Resolve open sounds issues and then create a
new sounds release (1.5.1? or 1.6?)
(Reported by Rusty Newton)
* ASTERISK-27127 - configs: Erroneous load directive in sample
configuration results in "Error loading module
'res_pjsip_multihomed.so'"
(Reported by HZMI8gkCvPpom0tM)
* ASTERISK-27105 - [patch]core: when setting 'maxfiles' in
asterisk.conf, a message is printed, even in rasterisk -x
(Reported by Tzafrir Cohen)
* ASTERISK-27036 - res_pjsip: Asterisk crashes when an
extension tries to use PJSIP trunk with from_user containing
'@'
(Reported by Maxim Vasilev)
* ASTERISK-27023 - res_rtp_asterisk: Deadlock when TURN session
in use
(Reported by Jatin Jain)
* ASTERISK-27093 - ODBC deadlocks when app_directory tries to
play back non-existent voicemail greeting
(Reported by James Terhune)
New Features made in this release:
-----------------------------------
* ASTERISK-27215 - [patch]AMI : Add CancelAtxfer Action
(Reported by Thomas Sevestre)
* ASTERISK-27117 - core: Add support for timelen parsing to
ast_parse_arg and ACO.
(Reported by Corey Farrell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.18.0
Thank you for your continued support of Asterisk!
----- 13.17.0 ----
The Asterisk Development Team would like to announce the release
of Asterisk 13.17.0.
The release of Asterisk 13.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27108 - Crash using 'data get' CLI command
(Reported by Sean Bright)
* ASTERISK-27106 - [patch] autodomain (SIP Domain Support): Add
only really different domain with TLS.
(Reported by Alexander Traud)
* ASTERISK-27100 - channel: ast_waitfordigit_full fails to
clear flag in an error branch.
(Reported by Corey Farrell)
* ASTERISK-27090 - PJSIP: Deadlock using TCP transport
(Reported by Richard Mudgett)
* ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY
events
(Reported by Ove Aursand)
* ASTERISK-27065 - call hangup after leaving app_queue
(Reported by Marek Cervenka)
* ASTERISK-26978 - rtp: Crash in ast_rtp_codecs_payload_code()
(Reported by Ross Beer)
* ASTERISK-27074 - core_local: local channel data not being
properly unref'ed and unlocked
(Reported by Kevin Harwell)
* ASTERISK-27075 - bridge: stuck channel(s) after failed
attended transfer
(Reported by Kevin Harwell)
* ASTERISK-24052 - app_voicemail reloads result in leaked IMAP
sockets.
(Reported by Louis Jocelyn Paquet)
* ASTERISK-27060 - Comment typo format_g729.c
(Reported by Matthew Fredrickson)
* ASTERISK-27026 - res_ari: Crash when no ari.conf
configuration file exists
(Reported by Ronald Raikes)
* ASTERISK-27041 - Core/PBX: [patch] Deadlock between dialplan
execution and application unregistration
(Reported by Frederic LE FOLL)
* ASTERISK-27057 - Seg Fault in ast_sorcery_object_get_id at
sorcery.c
(Reported by Ryan Smith)
* ASTERISK-27024 - nat/external_media settings ignored in
14.4.1
(Reported by Christopher van de Sande)
* ASTERISK-27046 - res_pjsip_transport_websocket: segfault in
get_write_timeout
(Reported by Jørgen H)
* ASTERISK-27022 - res_rtp_asterisk: Incorrect SSRC change for
RTCP component
(Reported by Michael Walton)
* ASTERISK-26923 - bridging: T.38 request is lost when channels
are added to bridge
(Reported by Torrey Searle)
* ASTERISK-27053 - res_pjsip_refer/session: Calls dropped
during transfer
(Reported by Kevin Harwell)
* ASTERISK-27052 - Asterisk build process fails with flag
--with-pjproject-bundled with curl download command and slow
network
(Reported by alex)
* ASTERISK-27039 - chan_pjsip: Device state is idle when
channel from endpoint is in early media
(Reported by Joshua Colp)
* ASTERISK-26996 - chan_pjsip: Flipping between codecs
(Reported by Michael Maier)
* ASTERISK-26281 - chan_pjsip would send INVITE to
'Unreachable' endpoints
(Reported by Jacek Konieczny)
* ASTERISK-26973 - bridge: Crash when freeing frame and
snooping
(Reported by Michel R. Vaillancourt)
* ASTERISK-19291 - Background in realtime
(Reported by Andrew Nowrot)
* ASTERISK-27025 - channel / meetme: Fix missing parentheses
(Reported by Joshua Colp)
* ASTERISK-27021 - GET /recordings/stored returns 500 Internal
Server Error
(Reported by Tim Morgan)
* ASTERISK-24858 - [patch]Asterisk 13 PJSIP sends RTP packets
in wrong byte order on Intel platform when using slin codec
(Reported by Frankie Chin)
* ASTERISK-23951 - Asterisk attempts and fails to build
format_mp3 even if mp3lib was not downloaded
(Reported by Tzafrir Cohen)
* ASTERISK-25294 - srtp's crypto_get_random deprecated
(Reported by Tzafrir Cohen)
* ASTERISK-23839 - AGI - RECORD FILE - documentation doesn't
describe BEEP argument
(Reported by Rusty Newton)
* ASTERISK-22432 - Async AGI crashes Asterisk when issuing "set
variable" command without args
(Reported by Antoine Pitrou)
* ASTERISK-25662 - Malformed AGI 520 Usage response
(Reported by Tony Mountifield)
* ASTERISK-25101 - DTLS configuration can not be specified in
the general section - documentation
(Reported by Ben Langfeld)
* ASTERISK-27008 - res_format_attr_h264: SDP parse fails if
fmtp optional parameters have a space
(Reported by John Harris)
* ASTERISK-26399 - app_queue: Agent not called when caller is
parked
(Reported by wushumasters)
* ASTERISK-26400 - app_queue: Queue member stops being called
after AMI "Redirect" action for queues with wrapuptime
(Reported by Etienne Lessard)
* ASTERISK-26715 - app_queue: Member will not receive any new
calls after doing a transfer if wrapuptime = greater than 0 and
using Local channel
(Reported by David Brillert)
* ASTERISK-26975 - app_queue: Non-zero wrapup time can cause
agents not to receive queue calls after transfer queue call
(Reported by Lorne Gaetz)
* ASTERISK-27012 - app_confbridge: ConfBridge sometimes does
not play user name recording while leaving
(Reported by Robert Mordec)
* ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with
authentication failure 10 or 110
(Reported by Javier Riveros)
* ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice
completion failure/delay if client offers rtcp-mux as
negotiable
(Reported by Stefan Engström)
* ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite
when request and To URI differ
(Reported by Yasin CANER)
* ASTERISK-26789 - Audit manipulation of channel flags without
locks
(Reported by Joshua Colp)
* ASTERISK-26333 - Problems with Blind Transfer, PJSIP (Aastra
6869i)
(Reported by Matthias Binder)
Improvements made in this release:
-----------------------------------
* ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could
block PJSIP taskprocessor on startup
(Reported by Alexei Gradinari)
* ASTERISK-27043 - Core/BuildSystem: Add defines to fix build
with LibreSSL
(Reported by Guido Falsi)
* ASTERISK-27042 - Unpatched asterisk sources fail to build on
FreeBSD due to missing crypt.h file
(Reported by Guido Falsi)
* ASTERISK-26419 - audiohooks: Remove redundant codec
translations when using audiohooks
(Reported by Michael Walton)
* ASTERISK-26976 - libsrtp-2.x.x support
(Reported by Alex)
* ASTERISK-26124 - res_agi: Set audio format for EAGI audio
stream
(Reported by John Fawcett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.17.0
Thank you for your continued support of Asterisk!
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
Unsorted entries in PLIST files have generated a pkglint warning for at
least 12 years. Somewhat more recently, pkglint has learned to sort
PLIST files automatically. Since pkglint 5.4.23, the sorting is only
done in obvious, simple cases. These have been applied by running:
pkglint -Cnone,PLIST -Wnone,plist-sort -r -F
On some platforms (strictly speaking the ones that have libm
somewhere in a path with /lib64/) LIB_SUFFIX is set to `64' leading
to install phase/PLIST errors due libraries and pkg-config `.pc'
files are tried to be installed in `lib64/'.
Add a `cmakelists' SUBST_CLASS to avoid that.
This should fix problems noticed on Joyent CentOS 7.2/x86_64 bulk builds.
