This release brings:
- support the latest libSystem
- compatibility with Gtk+ 3
- improved hardware compatibility (GSM)
- improved handling of SMS and USSD messages
- new "console" plug-in
- improved "profiles" plug-in
- further improvements to the user interface
As its name suggests, picocom is a minimal dumb-terminal emulation
program. It is, in principle, very much like minicom, only it's
"pico" instead of "mini"!
It was designed to serve as a simple, manual, modem configuration,
testing, and debugging tool. It has also served (quite well) as a
low-tech serial communications program to allow access to all types
of devices that provide serial consoles. It could also prove useful
in many other similar tasks.
Changes:
2.5
===
* Compatibility with Gammu >= 1.36.7
2.4
===
* Fixed possible crash when initializing SMSD with invalid parameters.
* Fixed crash on handling diverts on certain architectures.
Changes:
20160203 - 1.37.0
[-] * Improved compatibility with ZTE MF190.
[-] * Improved compatibility with Huawei E1750.
[-] * Improved compatibility with Huawei E1752.
[-] * Increased detail of reported errors from SMSD.
20151208 - 1.36.8
[-] * Changed default value for ReceiveFrequency.
[-] * Fixed compatibility for PostgreSQL.
[-] * Fixed build failure with all disabled SMSD backends.
[-] * Documentation improvements.
[-] * Fixed mixing C++ code with SMSD.
20151129 - 1.36.7
[-] * Support devices which do not report full network status.
[-] * Disable Huawei unsolicited messages on startup.
[-] * Various improvements for Huawei modems.
[-] * Fixed compilation on Windows.
[-] * Fixed regression with Siemens AX75.
[-] * Improved decoding of USSD responses.
[-] * Properly decode emojis to console or files backend.
[+] * Added support for proxying the connection through arbitrary command.
[+] * SMSD now tracks retries count per message.
20151012 - 1.36.6
[-] * Fixed installation of bash-completion script.
[-] * Fixed timezone manipulation in SMSD.
[-] * Documentation improvements.
[-] * Fixed licensing of helper/win32-dirent.*.
[*] * Increased default speed for AT connection to 115200.
[*] * Improve AT module initialization.
20150826 - 1.36.5
[-] * Properly use timezones with SQLite in SMSD.
[-] * Improve support for Huawei E1752.
[-] * Fixed compilation on distros with old Glib.
features and fixes for AST-2016-001, AST-2016-002, and AST-2016-003.
Also some pkglinting.
----- 13.7.2
The Asterisk Development Team has announced the release of Asterisk 13.7.2.
The release of Asterisk 13.7.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25702 - PjSip realtime DB and Cache Errors since
upgrade to asterisk-13.7.0 from asterisk-13.7.0-rc2 (Reported by
Nic Colledge)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.2
Thank you for your continued support of Asterisk!
----- 13.7.1
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2016-001: BEAST vulnerability in HTTP server
The Asterisk HTTP server currently has a default configuration which allows
the BEAST vulnerability to be exploited if the TLS functionality is enabled.
This can allow a man-in-the-middle attack to decrypt data passing through it.
* AST-2016-002: File descriptor exhaustion in chan_sip
Setting the sip.conf timert1 value to a value higher than 1245 can cause an
integer overflow and result in large retransmit timeout times. These large
timeout values hold system file descriptors hostage and can cause the system
to run out of file descriptors.
* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.
If no UDPTL packets are lost there is no problem. However, a lost packet
causes Asterisk to use the available error correcting redundancy packets. If
those redundancy packets have zero length then Asterisk uses an uninitialized
buffer pointer and length value which can cause invalid memory accesses later
when the packet is copied.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.7.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-003.pdf
Thank you for your continued support of Asterisk!
----- 13.7.0
The Asterisk Development Team has announced the release of Asterisk 13.7.0.
The release of Asterisk 13.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-25419 - Dialplan Application for Integration of StatsD
(Reported by Ashley Sanders)
* ASTERISK-25549 - Confbridge: Add participant timeout option
(Reported by Mark Michelson)
* ASTERISK-24922 - ARI: Add the ability to intercept hold and
raise an event (Reported by Matt Jordan)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25689 - pjsip show contacts not working in Asterisk
13.7rc2 (Reported by Marcelo Terres)
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25664 - ast_format_cap_append_by_type leaks a reference
(Reported by Corey Farrell)
* ASTERISK-25601 - json: Audit reference usage and thread safety
(Reported by Joshua Colp)
* ASTERISK-25625 - res_sorcery_memory_cache: Add full backend
caching (Reported by Joshua Colp)
* ASTERISK-25615 - res_pjsip: Setting transport async_operations >
1 causes segfault on tls transports (Reported by George Joseph)
* ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
thread of asterisk is not released (Reported by Hiroaki Komatsu)
* ASTERISK-25619 - res_chan_stats not sending the correct
information to StatsD (Reported by Tyler Cambron)
* ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
Corey Farrell)
* ASTERISK-25609 - [patch]Asterisk may crash when calling
ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
* ASTERISK-24146 - [patch]No audio on WebRtc caller side when
answer waiting time is more than ~7sec (Reported by Aleksei
Kulakov)
* ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
(Reported by Alexander Traud)
* ASTERISK-25616 - Warning with a Codec Module which supports PLC
with FEC (Reported by Alexander Traud)
* ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
Dudás József)
* ASTERISK-25608 - res_pjsip/contacts/statsd: Lifecycle events
aren't consistent (Reported by George Joseph)
* ASTERISK-25584 - [patch] format-attribute module: VP8 missing
(Reported by Alexander Traud)
* ASTERISK-25583 - [patch] format-attribute module: RFC 7587 (Opus
Codec) (Reported by Alexander Traud)
* ASTERISK-25498 - Asterisk crashes when negotiating g729 without
that module installed (Reported by Ben Langfeld)
* ASTERISK-25595 - Unescaped : in messge sent to statsd (Reported
by Niklas Larsson)
* ASTERISK-25476 - chan_sip loses registrations after a while
(Reported by Michael Keuter)
* ASTERISK-25598 - res_pjsip: Contact status messages are
printing a hash instead of the uri (Reported by George Joseph)
* ASTERISK-25600 - bridging: Inconsistency in BRIDGEPEER (Reported
by Jonathan Rose)
* ASTERISK-25582 - Testsuite: Reactor timeout error in
tests/fax/pjsip/directmedia_reinvite_t38 (Reported by Matt
Jordan)
* ASTERISK-25593 - fastagi: record file closed after sending
result (Reported by Kevin Harwell)
* ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
it's assumed to (Reported by Walter Doekes)
* ASTERISK-25590 - CLI Usage info for 'pjsip send notify'
references incorrect config (Reported by Corey Farrell)
* ASTERISK-25165 - Testsuite - Sorcery memory cache leaks
(Reported by Corey Farrell)
* ASTERISK-25575 - res_pjsip: Dynamic outbound registrations
created via ARI are not loaded into memory on Asterisk
start/restart (Reported by Matt Jordan)
* ASTERISK-25545 - [patch] translation module gets cached not
joint format (Reported by Alexander Traud)
* ASTERISK-25573 - [patch] H.264 format attribute module: resets
whole SDP (Reported by Alexander Traud)
* ASTERISK-24958 - Forwarding loop detection inhibits certain
desirable scenarios (Reported by Mark Michelson)
* ASTERISK-25561 - app_queue.c line 6503 (try_calling): mutex
'qe->chan' freed more times than we've locked! (Reported by Alec
Davis)
* ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
Joshua Colp)
* ASTERISK-25160 - [patch] Opus Codec: SIP/SDP line fmtp missing
when called internally (Reported by Alexander Traud)
* ASTERISK-25535 - [patch] format creation on module load instead
of cache (Reported by Alexander Traud)
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25546 - threadpool: Race condition between idle timeout
and activation (Reported by Joshua Colp)
* ASTERISK-25537 - [patch] format-attribute module: RFC or
internal defaults? (Reported by Alexander Traud)
* ASTERISK-25533 - [patch] buffer for ast_format_cap_get_names
only 64 bytes (Reported by Alexander Traud)
* ASTERISK-25373 - add documentation for CALLERID(pres) and also
the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
Doekes)
* ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
Walter Doekes)
* ASTERISK-24779 - Passthrough OPUS codec not working with
chan_pjsip (Reported by PowerPBX)
* ASTERISK-25522 - ARI: Crash when creating channel via ARI
originate with requesting channel (Reported by Matt Jordan)
* ASTERISK-25434 - Compiler flags not reported in 'core show
settings' despite usage during compilation (Reported by Rusty
Newton)
* ASTERISK-24106 - WebSockets Automatically decides what driver it
will use (Reported by Andrew Nagy)
* ASTERISK-25513 - Crash: malloc failed with high load of
subscriptions. (Reported by John Bigelow)
* ASTERISK-25505 - res_pjsip_pubsub: Crash on off-nominal when UAS
dialog can't be created (Reported by Joshua Colp)
* ASTERISK-24543 - Asterisk 13 responds to SIP Invite with all
possible codecs configured for peer as opposed to intersection
of configured codecs and offered codecs (Reported by Taylor
Hawkes)
* ASTERISK-25494 - build: GCC 5.1.x catches some new const, array
bounds and missing paren issues (Reported by George Joseph)
* ASTERISK-25485 - res_pjsip_outbound_registration: registration
stops due to 400 response (Reported by Kevin Harwell)
* ASTERISK-25486 - res_pjsip: Fix deadlock when validating URIs
(Reported by Joshua Colp)
* ASTERISK-7803 - [patch] Update the maximum packetization values
in frame.c (Reported by dea)
* ASTERISK-25484 - [patch] autoframing=yes has no effect (Reported
by Alexander Traud)
* ASTERISK-25461 - Nested dialplan #includes don't work as
expected. (Reported by Richard Mudgett)
* ASTERISK-25455 - Deadlock of PJSIP realtime over
res_config_pgsql (Reported by mdu113)
* ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
(Reported by Olle Johansson)
* ASTERISK-25435 - Asterisk periodically hangs. UDP Recv-Q greatly
exceeds zero. (Reported by Dmitriy Serov)
* ASTERISK-25451 - Broken video - erased rtp marker bit (Reported
by Stefan Engström)
* ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
exist in AstDB (Reported by Andrew Nagy)
* ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
parsing (Reported by ffs)
* ASTERISK-25404 - segfault/crash in chan_pjsip_hangup ... at
chan_pjsip.c (Reported by Chet Stevens)
* ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
(Reported by Bojan Nemčić)
* ASTERISK-25441 - Deadlock in res_sorcery_memory_cache. (Reported
by Richard Mudgett)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)
Improvements made in this release:
-----------------------------------
* ASTERISK-25618 - res_pjsip: Check for readability of TLS files
at startup (Reported by George Joseph)
* ASTERISK-25572 - Endpoints: Add StatsD stats for Asterisk
endpoints (Reported by Matt Jordan)
* ASTERISK-25571 - PJSIP: Add StatsD stats for some common PJSIP
objects (Reported by Matt Jordan)
* ASTERISK-25518 - taskprocessor: Add high water mark (Reported by
Jonathan Rose)
* ASTERISK-25477 - pjsip show "command" like [criteria] (Reported
by Bryant Zimmerman)
* ASTERISK-24718 - [patch]Add inital support of "sanitize" to
configure (Reported by Badalian Vyacheslav)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0
Thank you for your continued support of Asterisk!
fixes for AST-2016-001, AST-2016-002, and AST-2016-003. Also some
pkglinting.
----- 11.21.1
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2016-001: BEAST vulnerability in HTTP server
The Asterisk HTTP server currently has a default configuration which allows
the BEAST vulnerability to be exploited if the TLS functionality is enabled.
This can allow a man-in-the-middle attack to decrypt data passing through it.
* AST-2016-002: File descriptor exhaustion in chan_sip
Setting the sip.conf timert1 value to a value higher than 1245 can cause an
integer overflow and result in large retransmit timeout times. These large
timeout values hold system file descriptors hostage and can cause the system
to run out of file descriptors.
* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.
If no UDPTL packets are lost there is no problem. However, a lost packet
causes Asterisk to use the available error correcting redundancy packets. If
those redundancy packets have zero length then Asterisk uses an uninitialized
buffer pointer and length value which can cause invalid memory accesses later
when the packet is copied.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.21.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-003.pdf
Thank you for your continued support of Asterisk!
----- 11.21.0
The Asterisk Development Team has announced the release of Asterisk 11.21.0.
The release of Asterisk 11.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
thread of asterisk is not released (Reported by Hiroaki Komatsu)
* ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
Corey Farrell)
* ASTERISK-25609 - [patch]Asterisk may crash when calling
ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
* ASTERISK-24146 - [patch]No audio on WebRtc caller side when
answer waiting time is more than ~7sec (Reported by Aleksei
Kulakov)
* ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
(Reported by Alexander Traud)
* ASTERISK-25616 - Warning with a Codec Module which supports PLC
with FEC (Reported by Alexander Traud)
* ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
Dudás József)
* ASTERISK-25498 - Asterisk crashes when negotiating g729 without
that module installed (Reported by Ben Langfeld)
* ASTERISK-25476 - chan_sip loses registrations after a while
(Reported by Michael Keuter)
* ASTERISK-25593 - fastagi: record file closed after sending
result (Reported by Kevin Harwell)
* ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
it's assumed to (Reported by Walter Doekes)
* ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
Joshua Colp)
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25537 - [patch] format-attribute module: RFC or
internal defaults? (Reported by Alexander Traud)
* ASTERISK-25373 - add documentation for CALLERID(pres) and also
the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
Doekes)
* ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
Walter Doekes)
* ASTERISK-25434 - Compiler flags not reported in 'core show
settings' despite usage during compilation (Reported by Rusty
Newton)
* ASTERISK-25494 - build: GCC 5.1.x catches some new const, array
bounds and missing paren issues (Reported by George Joseph)
* ASTERISK-7803 - [patch] Update the maximum packetization values
in frame.c (Reported by dea)
* ASTERISK-25461 - Nested dialplan #includes don't work as
expected. (Reported by Richard Mudgett)
* ASTERISK-25455 - Deadlock of PJSIP realtime over
res_config_pgsql (Reported by mdu113)
* ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
(Reported by Olle Johansson)
* ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
exist in AstDB (Reported by Andrew Nagy)
* ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
parsing (Reported by ffs)
* ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
(Reported by Bojan Nemčić)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)
Improvements made in this release:
-----------------------------------
* ASTERISK-24718 - [patch]Add inital support of "sanitize" to
configure (Reported by Badalian Vyacheslav)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0
Thank you for your continued support of Asterisk!
and run, but not a lot of functional testing. This does not have
the new PJSIP, which will be coming in a followup commit. This
also does not have the patches for compiling with Clang. For
upgrading instructions, please see:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13
-----
The Asterisk Development Team is pleased to announce the release
of Asterisk 13.0.0.
Asterisk 13 is the next major release series of Asterisk. It is a
Long Term Support (LTS) release, similar to Asterisk 11. For more
information about support time lines for Asterisk releases, see
the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
For important information regarding upgrading to Asterisk 13, please
see the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13
A short list of new features includes:
* Asterisk security events are now provided via AMI, allowing end
users to monitor their Asterisk system in real time for security
related issues.
* Both AMI and ARI now allow external systems to control the state
of a mailbox. Using AMI actions or ARI resources, external
systems can programmatically trigger Message Waiting Indicators
(MWI) on subscribed phones. This is of particular use to those
who want to build their own VoiceMail application using ARI.
* ARI now supports the reception/transmission of out of call text
messages using any supported channel driver/protocol stack through
ARI. Users receive out of call text messages as JSON events over
the ARI websocket connection, and can send out of call text
messages using HTTP requests.
* The PJSIP stack now supports RFC 4662 Resource Lists, allowing
Asterisk to act as a Resource List Server. This includes defining
lists of presence state, mailbox state, or lists of presence
state/mailbox state; managing subscriptions to lists; and batched
delivery of NOTIFY requests to subscribers.
* The PJSIP stack can now be used as a means of distributing device
state or mailbox state via PUBLISH requests to other Asterisk
instances. This is analogous to Asterisk's clustering support
using XMPP or Corosync; unlike existing clustering mechanisms,
using the PJSIP stack to perform the distribution of state does
not rely on another daemon or server to perform the work.
And much more!
More information about the new features can be found on the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation
A full list of all new features can also be found in the CHANGES file:
http://svnview.digium.com/svn/asterisk/branches/13/CHANGES
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.1.0.
The release of Asterisk 13.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-24554 - AMI/ARI: Generate events on connected line
changes (Reported by Matt Jordan)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24455 - func_cdr: CDR_PROP leaks payload (Reported by
Corey Farrell)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24437 - Review implementation of ast_bridge_impart for
leaks and document proper usage (Reported by Scott Griepentrog)
* ASTERISK-24453 - manager: acl_change_sub leaks (Reported by
Corey Farrell)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-24458 - chan_phone fails to build on big endian systems
(Reported by Tzafrir Cohen)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24462 - res_pjsip: Stale qualify statistics after
disablementation (Reported by Kevin Harwell)
* ASTERISK-24465 - audiohooks list leaks reference to formats
(Reported by Corey Farrell)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24411 - [patch] Status of outbound registration is not
changed upon unregistering. (Reported by John Bigelow)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24480 - res_http_websockets: Module reference decrease
below zero (Reported by Corey Farrell)
* ASTERISK-24482 - func_talkdetect: Fix stasis message leak in
audiohook callback (Reported by Corey Farrell)
* ASTERISK-24487 - configuration: sections should be loadable as
template even when not marked (Reported by Scott Griepentrog)
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24438 - res_pjsip_multihomed.so blocks Asterisk reload
when DNS settings invalid (Reported by Melissa Shepherd)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24491 - Memory leak in res_hep (Reported by Zane
Conkle)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24447 - Bridge DTMF hooks: Audio doesn't pass when
waiting for more matching digits. (Reported by Richard Mudgett)
* ASTERISK-24257 - agent must dial acceptdtmf twice to bridge to
queue caller (Reported by Steve Pitts)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24250 - [patch] Voicemail with multi-recipients To:
header fix (Reported by abelbeck)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24489 - Crash: Asterisk crashes when converting RTCP
packet to JSON for res_hep_rtcp and report blocks are greater
than 1 (Reported by Gregory Malsack)
* ASTERISK-24498 - Segmentation fault in res_hep_rtcp on attended
transfer (Reported by Beppo Mazzucato)
* ASTERISK-24501 - ARI: Moving a channel between bridges followed
by a hangup can cause an ARI client to not receive an expected
ChannelLeftBridge event before StasisEnd (Reported by Matt
Jordan)
* ASTERISK-24336 - PJSIP timer_min_se value under 90 causes crash
(Reported by Leon Rowland)
* ASTERISK-23651 - Reloading some modules that are loaded already,
results in 'No such module' before a successful reload (Reported
by Rusty Newton)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24508 - pjsip - REFER request from SNOM is rejected
with "400 bad request" - DEBUG shows "Received a REFER without a
parseable Refer-To" (Reported by Beppo Mazzucato)
* ASTERISK-24535 - stringfields: Fix regression from fix for
unintentional memory retention and another issue exposed by the
fix (Reported by Corey Farrell)
* ASTERISK-24471 - Crash - assert_fail in libc in
pjmedia_sdp_neg_negotiateofrom /usr/local/lib/libpjmedia.so.2
(Reported by yaron nahum)
* ASTERISK-24528 - res_pjsip_refer: Sending INVITE with Replaces
in-dialog with invalid target causes crash (Reported by Joshua
Colp)
* ASTERISK-24531 - res_pjsip_acl: ACLs not applied on initial
module load (Reported by Matt Jordan)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24542 - [patch]Failure showing codecs via 'core show
channeltype <tech>' (Reported by snuffy)
* ASTERISK-24533 - 2 threads created per chan_sip entry (Reported
by xrobau)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by NunowBorges)
* ASTERISK-24537 - Stasis: StasisStart/StasisEnd events are not
reliably transmitted during transfers (Reported by Matt Jordan)
* ASTERISK-24556 - Asterisk 13 core dumps when calling from pjsip
extension to another pjsip extension (Reported by Abhay Gupta)
Improvements made in this release:
-----------------------------------
* ASTERISK-24279 - Documentation: Clarify the behaviour of the CDR
property 'unanswered' (Reported by Matt Jordan)
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.1.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.2.0.
The release of Asterisk 13.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24342 - PJSIP: Qualifying endpoints attempts to do them
all at the same time. (Reported by Richard Mudgett)
* ASTERISK-24514 - res_pjsip_outbound_registration: stack overflow
when using non-default sorcery wizard (Reported by Kevin
Harwell)
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24607 - res_pjsip_session: re-INVITE with declined
media streams results in 488 (Reported by Matt Jordan)
* ASTERISK-24563 - Direct Media calls within private network
sometimes get one way audio (Reported by Kevin Harwell)
* ASTERISK-24604 - res_rtp_asterisk: Crash during restart due to
race condition in accessing codec in stored ast_frame and codec
core (Reported by Matt Jordan)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24536 - AMI redirect with PJSIP fails to move extra
channel (Reported by Niklas Larsson)
* ASTERISK-24459 - bridge_native_rtp: Native RTP bridging is
chosen for RTP compatible channels when the DTMF mode is not
compatible (Reported by Yaniv Simhi)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-24513 - Local channel apparently leaked in off-nominal
DTMF attended transfer (Reported by Mark Michelson)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-23841 - DTMF atxfer doesn't set CallerID for the recall
calls to the transferrer. (Reported by Richard Mudgett)
* ASTERISK-24376 - res_pjsip_refer: REFER request for remote
session attempts to direct channel to external_replaces
extension instead of context, without providing for the
Referred-To SIP URI (Reported by Matt Jordan)
* ASTERISK-24591 - Stasis() side of an ARI originated channel
cannot be Redirected (Reported by Kinsey Moore)
* ASTERISK-24049 - Asterisk Manager Interface: A number of list
type responses aren't using astman_send_listack (Reported by
Jonathan Rose)
* ASTERISK-24637 - Channel re-enters Stasis() when it should not
(Reported by John Bigelow)
* ASTERISK-24474 - sip_to_pjsip.py lacks documentation and does
not function (Reported by John Kiniston)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-24665 - Configure check required for
pjsip_get_dest_info() (Reported by Mark Michelson)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24655 - res_pjsip_outbound_publish: Hang on shutdown
while attempting to publish (Reported by Kevin Harwell)
* ASTERISK-24485 - res_pjsip cannot be unloaded or shutdown
(Reported by Corey Farrell)
* ASTERISK-24663 - [patch] Unnamed semaphore autoconf check fails
on cross compilation (Reported by abelbeck)
* ASTERISK-24624 - Transfer to invalid extension results in hung
channel. (Reported by Zane Conkle)
* ASTERISK-24615 - When Multiple Transports Exist in pjsip.conf,
Incorrect External Addresses is Used in SIP Packets When
Responding to INVITE (Reported by David Justl)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24600 - Stuck IAX channels, Asterisk stops responding
to most traffic, potential deadlock (Reported by Jeff Collell)
* ASTERISK-24560 - Creating a named ARI bridge twice causes a
crash (Reported by Kinsey Moore)
* ASTERISK-24682 - app_dial: Multiple DialEnd events emitted when
MACRO_RESULT or GOSUB_RESULT are an unexpected value (Reported
by Matt Jordan)
* ASTERISK-24640 - Registration pending stays forever after sip
reload (Reported by Max Man)
* ASTERISK-24673 - outgoing sip registers cannot be removed or
modified without doing restart (or doing module unload
chan_sip.so) (Reported by Stefan Engström)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24649 - Pushing of channel into bridge fails; Stasis
fails to get app name (Reported by John Bigelow)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24693 - Investigate and fix memory leaks in Asterisk
(Reported by Kevin Harwell)
* ASTERISK-24626 - Voicemail passwords not being stored in ARA
(Reported by Paddy Grice)
* ASTERISK-24539 - Compile fails on OSX because of sem_timedwait
in bridge_channel.c (Reported by George Joseph)
* ASTERISK-24544 - Compile fails on OSX Yosemite because of
incorrect detection of htonll and ntohll (Reported by George
Joseph)
* ASTERISK-24723 - confbridge: CLI command 'confbridge list XXXX'
no longer displays user menus (Reported by Matt Jordan)
* ASTERISK-24721 - manager: ModuleLoad action incorrectly reports
'module not found' during a Reload operation (Reported by Matt
Jordan)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24729 - Outbound registration not occuring on new
registrations after reload. (Reported by Richard Mudgett)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24666 - Security Vulnerability: RTP not closed after
sip call using unsupported codec (Reported by Y Ateya)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
* ASTERISK-24736 - Memory Leak Fixes (Reported by Mark Michelson)
* ASTERISK-24635 - PJSIP outbound PUBLISH crashes when no response
is ever received (Reported by Marco Paland)
* ASTERISK-24737 - When agent not logged in, agent status shows
unavailable, queue status shows agent invalid (Reported by
Richard Mudgett)
Improvements made in this release:
-----------------------------------
* ASTERISK-24552 - ARI: Allow associating a channel as an
initiator of an Origination for record keeping purposes
(Reported by Matt Jordan)
* ASTERISK-24553 - ARI/AMI: Include language in standard channel
snapshot output (Reported by Matt Jordan)
* ASTERISK-24643 - res_pjsip: Add user=phone option (Reported by
Matt Jordan)
* ASTERISK-24644 - res_pjsip_keepalive: Add keepalive module for
connection-oriented transports. (Reported by Matt Jordan)
* ASTERISK-24412 - [patch]Incomplete channel originate/continue
handling with ARI (Reported by Nir Simionovich (GreenfieldTech -
Israel))
* ASTERISK-24678 - [PATCH] Added atxfer* settings to
features.conf.sample (Reported by Niklas Larsson)
* ASTERISK-24575 - [patch]Make capath work for res_pjsip (Reported
by cloos)
* ASTERISK-24671 - Missing docs for the CDR AMI Event (Reported by
Dan Jenkins)
* ASTERISK-24316 - For httpd server, need option to define server
name for security purposes (Reported by Andrew Nagy)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.2.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.2.1.
The release of Asterisk 13.2.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- pjsip: resolve compatibility problem with ast_sip_session
(Closes issue ASTERISK-24941. Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.2.1
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.3.0.
The release of Asterisk 13.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-24703 - ARI: Add the ability to "transfer" (redirect) a
channel (Reported by Matt Jordan)
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24616 - Crash in res_format_attr_h264 due to invalid
string copy (Reported by Yura Kocyuba)
* ASTERISK-24748 - res_pjsip: If wizards explicitly configured in
sorcery.conf false ERROR messages may occur (Reported by Joshua
Colp)
* ASTERISK-24769 - res_pjsip_sdp_rtp: Local ICE candidates leaked
(Reported by Matt Jordan)
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24752 - Crash in bridge_manager_service_req when bridge
is destroyed by ARI during shutdown (Reported by Richard
Mudgett)
* ASTERISK-24741 - dtls_handler causes Asterisk to crash (Reported
by Zane Conkle)
* ASTERISK-24015 - app_transfer fails with PJSIP channels
(Reported by Private Name)
* ASTERISK-24727 - PJSIP: Crash experienced during multi-Asterisk
transfer scenario. (Reported by Mark Michelson)
* ASTERISK-24771 - ${CHANNEL(pjsip)} - segfault (Reported by
Niklas Larsson)
* ASTERISK-24716 - Improve pjsip log messages for presence
subscription failure (Reported by Rusty Newton)
* ASTERISK-24612 - res_pjsip: No information if a required sorcery
wizard is not loaded (Reported by Joshua Colp)
* ASTERISK-24768 - res_timing_pthread: file descriptor leak
(Reported by Matthias Urlichs)
* ASTERISK-24685 - "pjsip show version" CLI command (Reported by
Joshua Colp)
* ASTERISK-24632 - install_prereq script installs pjproject
without IPv6 support (Reported by Rusty Newton)
* ASTERISK-24085 - Documentation - We should remove or further
document the 'contact' section in pjsip.conf (Reported by Rusty
Newton)
* ASTERISK-24791 - Crash in ast_rtcp_write_report (Reported by
JoshE)
* ASTERISK-24700 - CRASH: NULL channel is being passed to
ast_bridge_transfer_attended() (Reported by Zane Conkle)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-22670 - Asterisk crashes when processing ISDN AoC
Events (Reported by klaus3000)
* ASTERISK-24689 - Segfault on hangup after outgoing PRI-Euroisdn
call (Reported by Marcel Manz)
* ASTERISK-24740 - [patch]Segmentation fault on aoc-e event
(Reported by Panos Gkikakis)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24499 - Need more explicit debug when PJSIP dialstring
is invalid (Reported by Rusty Newton)
* ASTERISK-24785 - 'Expires' header missing from 200 OK on
REGISTER (Reported by Ross Beer)
* ASTERISK-24677 - ARI GET variable on channel provides unhelpful
response on non-existent variable (Reported by Joshua Colp)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24812 - ARI: Creating channels through /channels
resource always uses SLIN, which results in unneeded transcoding
(Reported by Matt Jordan)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24751 - Integer values in json payload to ARI cause
asterisk to crash (Reported by jeffrey putnam)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24830 - res_rtp_asterisk.c checks USE_PJPROJECT not
HAVE_PJPROJECT (Reported by Stefan Engström)
* ASTERISK-24840 - res_pjsip: conflicting endpoint identifiers
(Reported by Kevin Harwell)
* ASTERISK-24755 - Asterisk sends unexpected early BYE to
transferrer during attended transfer when using a Stasis bridge
(Reported by John Bigelow)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-24807 - Missing mandatory field Max-Forwards (Reported
by Anatoli)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-24872 - [patch] AMI PJSIPShowEndpoint closes AMI
connection on error (Reported by Dmitriy Serov)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24882 - chan_sip: Improve usage of REF_DEBUG (Reported
by Corey Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24745 - [patch]Add no_answer to ARI hangup causes
(Reported by Ben Merrills)
* ASTERISK-24811 - asterisk-publication sorcery object does not
use realtime (Reported by Matt Hoskins)
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.3.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.3.1.
The release of Asterisk 13.3.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- pjsip: resolve compatibility problem with ast_sip_seesion
(Closes issue ASTERISK-24941. Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.3.1
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.4.0.
The release of Asterisk 13.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-24922 - ARI: Add the ability to intercept hold and
raise an event (Reported by Matt Jordan)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25112 - Logger: Configuration settings are not reset to
default during reload. (Reported by Corey Farrell)
* ASTERISK-24944 - main/audiohook.c change prevents G722 call
recording (Reported by Ronald Raikes)
* ASTERISK-24887 - [patch]tags in a=crypto lines do not accept 2
or more digits (Reported by Makoto Dei)
* ASTERISK-25086 - [patch]PJSIP crashes if endpoint missing in
Dial() (Reported by snuffy)
* ASTERISK-25089 - res_pjsip_config_wizard: Variable specified in
templates aren't being processed correctly (Reported by George
Joseph)
* ASTERISK-25090 - CLI core show channel truncates cdr variables
(Reported by snuffy)
* ASTERISK-25085 - [patch]Potential crash after unload of
func_periodic_hook or test_message (Reported by Corey Farrell)
* ASTERISK-25083 - Message.c: Message channel becomes saturated
with frames leading to spammy log messages (Reported by Jonathan
Rose)
* ASTERISK-25082 - Asterisk deletes message after doing a playback
of an INBOX message using ast_vm_play when the Old folder is
full for that mailbox. (Reported by Jonathan Rose)
* ASTERISK-25041 - [patch]Broken column type checking in
res_config_mysql addon (Reported by Alexandre Fournier)
* ASTERISK-21893 - Segfault after call hangup, in
ast_channel_hangupcause_set, at channel_internal_api.c (Reported
by Alexandr Gordeev)
* ASTERISK-25074 - Regression: Recent clang-related change broke
cross compiling of Asterisk (Reported by Sebastian Kemper)
* ASTERISK-25042 - asterisk.conf options override command-line
options. (Reported by Corey Farrell)
* ASTERISK-24442 - Outgoing call files don't work properly when
set in the future (Reported by tootai)
* ASTERISK-25057 - res_pjsip_pubsub: Crash in send_notify due to
invalid root pointer in sub_tree (Reported by Matt Jordan)
* ASTERISK-24938 - ARI Snoop Channel results in excessive
escalating CPU usage (Reported by George Ladoff)
* ASTERISK-25034 - chan_dahdi: Some telco switches occasionally
ignore ISDN RESTART requests. (Reported by Richard Mudgett)
* ASTERISK-25003 - Asterisk crashes on attended transfer (using
feature) (Reported by Artem Volodin)
* ASTERISK-25038 - Queue log "EXITWITHTIMEOUT" does not always
contain waiting time (Reported by Etienne Lessard)
* ASTERISK-25027 - Build System: Many ARI modules are missing
dependencies. (Reported by Corey Farrell)
* ASTERISK-25061 - pbx_config: Register manager actions with
module version of macro. (Reported by Corey Farrell)
* ASTERISK-25025 - Periodic crashes (in
ast_channel_snapshot_create at stasis_channels.c) with Certified
Asterisk 13. (Reported by Chet Stevens)
* ASTERISK-25053 - Unit test category /main/presence missing
trailing slash. (Reported by Corey Farrell)
* ASTERISK-22708 - res_odbc.conf negative_connection_cache option
not respected, failover between DSNs doesn't work (Reported by
JoshE)
* ASTERISK-25054 - Formats interface's cannot be unregistered,
needs to hold modules until shutdown. (Reported by Corey
Farrell)
* ASTERISK-24896 - [patch] Using force black background leads to
colours not being reset (Reported by dant)
* ASTERISK-25033 - Asterisk 13 (branch head) won't compile without
PJSip (Reported by Peter Whisker)
* ASTERISK-25028 - Build System: Unneeded defines in
asterisk/buildopts.h (Reported by Corey Farrell)
* ASTERISK-25048 - Astobj2: Initialization order wrong when both
refdebug and AO2_DEBUG are both enabled. (Reported by Corey
Farrell)
* ASTERISK-19608 - Asterisk-1.8.x starts rejecting calls with
cause code 44 after some time. (Reported by Denis Alberto
Martinez)
* ASTERISK-24976 - cdr_odbc not include new columns added on 1.8
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25037 - res_pjsip_outbound_registration: Potential
crash in off-nominal failure case when sending message (Reported
by Joshua Colp)
* ASTERISK-25022 - Memory leak setting up DTLS/SRTP calls
(Reported by Steve Davies)
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by not here)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-24955 - res_fax: v.27ter support baud rate of 2400,
which is disallowed in res_fax's check_modem_rate (Reported by
Matt Jordan)
* ASTERISK-24996 - chan_pjsip: Creating Channel Causes Asterisk to
Crash When Duplicate AOR Sections Exist in pjsip.conf (Reported
by Ashley Sanders)
* ASTERISK-25020 - Mismatched response to outgoing REGISTER
request (Reported by Mark Michelson)
* ASTERISK-25018 - pjsip show endpoints crashes asterisk when
qualified aors present (Reported by Ivan Poddubny)
* ASTERISK-24749 - ConfBridge: Wrong language on playing
conf-hasjoin and conf-hasleft when played to bridge (Reported by
Philippe Bolduc)
* ASTERISK-24845 - pjsip send notify not working with Cisco phone
(Reported by Carl Fortin)
* ASTERISK-25004 - Crash in authenticated reinvite after
originated T.38 FAX (Reported by Mark Michelson)
* ASTERISK-24999 - PJSIP crashes with malformed contact line
(Reported by snuffy)
* ASTERISK-24998 - res_corosync: res_corosync tries to load even
if res_corosync.conf is missing (Reported by George Joseph)
* ASTERISK-24997 - Astobj2: Some callers of __adjust_lock do not
pre-check the object (Reported by Corey Farrell)
* ASTERISK-24982 - res_pjsip_mwi: Unsolicited MWI NOTIFY only sent
on mailbox changes (Reported by Joshua Colp)
* ASTERISK-24991 - Check for ao2_alloc failure in
__ast_channel_internal_alloc (Reported by Corey Farrell)
* ASTERISK-24895 - After hangup on the side of the ISDN network no
HangupRequest event comes for the dahdi channel. (Reported by
Andrew Zherdin)
* ASTERISK-24977 - Contacts that don't use qualify are being
marked as unavailable (Reported by George Joseph)
* ASTERISK-24774 - Segfault in ast_context_destroy with
extensions.ael and extensions.conf (Reported by Corey Farrell)
* ASTERISK-24841 - ConfBridge: Strange sampling rates chosen when
channels have multiple native formats (Reported by Matt Jordan)
* ASTERISK-24975 - Enabling 'DEBUG_THREADLOCALS' Causes the Build
to Fail (Reported by Ashley Sanders)
* ASTERISK-24958 - Forwarding loop detection inhibits certain
desirable scenarios (Reported by Mark Michelson)
* ASTERISK-24863 - res_pjsip: No endpoint events raised via AMI
when contacts cannot be reached/qualified (Reported by Dmitriy
Serov)
* ASTERISK-24869 - Asterisk segfaults on DAHDI attended transfer
due to application (appl) being NULL on unbridged channel
(Reported by viniciusfontes)
* ASTERISK-24970 - Crash in res_pjsip_pubsub handling of failed
notify (Reported by Scott Griepentrog)
* ASTERISK-24959 - [patch]CLI command cdr show pgsql status
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-24954 - Git migration: Asterisk version numbers are
incompatible with the Test Suite (Reported by Matt Jordan)
* ASTERISK-17608 - func_aes.so cannot be loaded if res_crypto /
openssl not compiled (Reported by Warren Selby)
* ASTERISK-24928 - [patch]t38_udptl_maxdatagram in pjsip.conf not
honored (Reported by Juergen Spies)
* ASTERISK-24835 - Early Media Not working with Chan SIP and
Asterisk 13 (Reported by Andrew Nagy)
* ASTERISK-21777 - Asterisk tries to transcode video instead of
audio (Reported by Nick Ruggles)
* ASTERISK-24380 - core: Native formats are set to h264 with
certain audio/video codec configuration, resulting in path
translation WARNINGs (Reported by Matt Jordan)
* ASTERISK-22352 - [patch] IAX2 custom qualify timer is not taken
into account (Reported by Frederic Van Espen)
* ASTERISK-24894 - [patch] iax2_poke_noanswer expiration timer too
short (Reported by Y Ateya)
* ASTERISK-24935 - res_pjsip_phoneprov_provider: Fix leaked
OBJ_MULTIPLE iterator. (Reported by Corey Farrell)
* ASTERISK-23319 - Segmentation fault in queue_exec at app_queue.c
(Reported by Vadim)
* ASTERISK-24933 - T38 fails negotiation (Reported by Jonathan
Rose)
* ASTERISK-24847 - [security] [patch] tcptls: certificate CN NULL
byte prefix bug (Reported by Matt Jordan)
* ASTERISK-21211 - chan_iax2 - unprotected access of
iaxs[peer->callno] potentially results in segfault (Reported by
Jaco Kroon)
* ASTERISK-18032 - [patch] - IPv6 and IPv4 NAT not working
(Reported by Christoph Timm)
* ASTERISK-24782 - StasisEnd event not present for channel that
was swapped out for another after completing attended transfer
(Reported by John Bigelow)
* ASTERISK-24910 - "timer=no" and "timer=required" settings in
pjsip.conf fail (Reported by Ray Crumrine)
* ASTERISK-24932 - Asterisk 13.x does not build with GCC 5.0
(Reported by Jeffrey C. Ollie)
* ASTERISK-24914 - Division by zero in file.c when playback of
voicemail with video as h264 (Reported by Marcello Ceschia)
* ASTERISK-24899 - Parking fall-through behavior different in 13
(Reported by Malcolm Davenport)
* ASTERISK-24937 - [patch]res_pjsip_messaging: Messages may be
sent out of order (Reported by Mark Michelson)
* ASTERISK-24920 - Asterisk handles duplicate SIP requests as if
they were each a new request (Reported by Mark Michelson)
* ASTERISK-24857 - [patch] "timing test", pjsip incoming/outgoing
calls, voicemail prompts and recordings all fail when using the
kqueue timer source on FreeBSD 10.x (Reported by Justin T.
Gibbs)
* ASTERISK-24155 - [patch]Non-portable and non-reliable recursion
detection in ast_malloc (Reported by Timo Teräs)
* ASTERISK-24142 - CCSS: crash during shutdown due to device
lookup in destroyed container (Reported by David Brillert)
* ASTERISK-24683 - Crash in PBX ast_hashtab_lookup_internal during
core restart now (Reported by Peter Katzmann)
* ASTERISK-24805 - [patch] - ASAN: Race condition
(heap-use-after-free) on asterisk closing (Reported by Badalian
Vyacheslav)
* ASTERISK-24881 - ast_register_atexit should only be used when
absolutely needed (Reported by Corey Farrell)
* ASTERISK-24731 - res_pjsip_session cannot be unloaded (Reported
by Corey Farrell)
* ASTERISK-24864 - app_confbridge: file playback blocks dtmf
(Reported by Kevin Harwell)
* ASTERISK-14233 - [patch] Buddies are always auto-registered when
processing the roster (Reported by Simon Arlott)
* ASTERISK-24780 - [patch] - Buddies are always auto-registered
when processing the roster (Reported by Simon Arlott)
* ASTERISK-24781 - PJSIP: Unnecessary 180 Ringing messages sent
with undesireabe consequences. (Reported by Richard Mudgett)
Improvements made in this release:
-----------------------------------
* ASTERISK-25044 - sorcery: Add ability to insert a new wizard
into an object type's list (Reported by George Joseph)
* ASTERISK-24892 - Super Awesome Company sound prompts (Reported
by Rusty Newton)
* ASTERISK-24744 - Swedish Core Voice prompts (Reported by Tove
Hjelm)
* ASTERISK-25043 - [patch] Avoiding ERR_remove_state in OpenSSL
(Reported by Alexander Traud)
* ASTERISK-25045 - vector: Add new capabilities and unit tests
(Reported by George Joseph)
* ASTERISK-24706 - [patch]add auto-dtmf mode for pjsip (Reported
by yaron nahum)
* ASTERISK-25051 - Remove unneeded uses of optional_api providers.
(Reported by Corey Farrell)
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
* ASTERISK-24917 - [patch] clang compilation warnings (Reported by
Diederik de Groot)
* ASTERISK-24949 - res_pjsip_outbound_registration: Backport line
functionality (Reported by Joshua Colp)
* ASTERISK-24965 - cel_pgsql - log_error string references CDR
instead of CEL (Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-24918 - pjsip: add CLI options to display global and
system configuration (Reported by Scott Griepentrog)
* ASTERISK-24862 - [patch] Support in-dialog OPTIONS (Reported by
yaron nahum)
* ASTERISK-24802 - stasis: set a channel variable on websocket
disconnect error (Reported by Kevin Harwell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.4.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.5.0.
The release of Asterisk 13.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Improvements made in this release:
-----------------------------------
* ASTERISK-25256 - [patch]Post AMI VarSet to empty string events
when Asterisk deletes a dialplan variable. (Reported by Richard
Mudgett)
* ASTERISK-25067 - Sorcery Caching: Implement a new caching module
(Reported by Matt Jordan)
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
* ASTERISK-25114 - res_pjsip: Add AMI etents for chan_pjsip
contact lifecycle changes (Reported by George Joseph)
* ASTERISK-25072 - res_pjsip_outbound_registration: line
functionality. Additional check for using the request URI
(Reported by Dmitriy Serov)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25250 - chan_sip - Despite the channel being answered,
caller on a call established via Local channel continues to hear
ringback (Reported by Etienne Lessard)
* ASTERISK-25253 - confbridge volume options and other volume
controls such as func_volume don't work (Reported by Dmitriy
Serov)
* ASTERISK-25247 - choppy audio when spying on a g722 channel,
chan_sip or chan_pjsip (Reported by hristo)
* ASTERISK-24867 - Docs for 'e' option in ResetCDR say to use
CDR_PROP instead, CDR_PROP docs are unclear (Reported by Rusty
Newton)
* ASTERISK-24853 - Documentation claims chan_sip outbound
registrations support WS or WSS as valid transports (not true)
(Reported by PSDK)
* ASTERISK-25242 - PJSIP: No audio when Asterisk inside NAT and
endpoints outside NAT - implement functionality similar to
chan_sip 'rtpkeepalive'? (Reported by Mark Michelson)
* ASTERISK-25258 - chan_pjsip: Incorrect format switch on received
RTP packet (Reported by Joshua Colp)
* ASTERISK-25257 - [patch]channels/sig_pri.h -> sig_pri_span ->
force_restart_unavailable_chans in wrong scope (Reported by
Patric Marschall)
* ASTERISK-24934 - [patch]Asterisk manager output does not escape
control characters (Reported by warren smith)
* ASTERISK-25255 - Missing AMI VarSet events when setting to an
empty string. (Reported by Richard Mudgett)
* ASTERISK-25254 - Crash if dialplan sets ATTENDEDTRANSFER to an
empty string before Park. (Reported by Richard Mudgett)
* ASTERISK-25183 - PJSIP: Crash on NULL channel in
chan_pjsip_incoming_response despite previous checks for NULL
channel (Reported by Matt Jordan)
* ASTERISK-25201 - Crash in PJSIP distributor on already free'd
threadpool (Reported by Matt Jordan)
* ASTERISK-24782 - StasisEnd event not present for channel that
was swapped out for another after completing attended transfer
(Reported by John Bigelow)
* ASTERISK-25240 - bridge_native_rtp: Direct media wrongfully
started when completing attended transfer (Reported by Joshua
Colp)
* ASTERISK-25103 - Roundup - investigate Asterisk DTLS crashes
(Reported by Rusty Newton)
* ASTERISK-22805 - res_rtp_asterisk: Crash when calling
BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP
(Reported by Dmitry Burilov)
* ASTERISK-24550 - res_rtp_asterisk: Crash in
ast_rtp_on_ice_complete during DTLS handshake (Reported by
Osaulenko Alexander)
* ASTERISK-24651 - [patch] Fix race condition in DTLS (Reported by
Badalian Vyacheslav)
* ASTERISK-24832 - [patch]DTLS-crashes within openssl (Reported
by Stefan Engström)
* ASTERISK-25127 - DTLS crashes following "Unable to cancel
schedule ID" in dtls_srtp_check_pending (Reported by Dade
Brandon)
* ASTERISK-25168 - Random Core Dumps on Asterisk 13.4 PJSIP, in
ast_channel_name at channel_internal_api.c (Reported by Carl
Fortin)
* ASTERISK-25115 - Crash related to func
sip_resolve_invoke_user_callback of res_pjsip/pjsip_resolver.c
(Reported by John Bigelow)
* ASTERISK-25226 - chan_sip: Channel leak in branch 13 on early
replaces call pickup (Reported by Walter Doekes)
* ASTERISK-25220 - [patch]Closing of fd -1 in chan_mgcp.c
(Reported by Walter Doekes)
* ASTERISK-25219 - [patch]Source and destination overlap in memcpy
in rtp_engine.c (Reported by Walter Doekes)
* ASTERISK-25212 - [patch]Segfault when using DEBUG_FD_LEAKS
(Reported by Walter Doekes)
* ASTERISK-19277 - [patch]endlessly repeating error: "poll failed:
Bad file descriptor" (Reported by Barry Chern)
* ASTERISK-25165 - Testsuite - Sorcery memory cache leaks
(Reported by Corey Farrell)
* ASTERISK-25202 - Hints extension state broken between 13.3.2 and
13.4 (Reported by cervajs)
* ASTERISK-25196 - res_pjsip_nat: rewrite_contact should not be
applied to Contact header when Record-Route headers are present
(Reported by Mark Michelson)
* ASTERISK-24907 - res_pjsip_outbound_registration: crash during
unload if registration attempts are still occuring (Reported by
Kevin Harwell)
* ASTERISK-25204 - res_pjsip_refer: Duplicated Referred-By or
Replaces headers on outbound INVITEs. (Reported by Mark
Michelson)
* ASTERISK-25171 - Early completion of feature code attended
transfer results in intermittent one-way audio, "ghost ringing"
and robotic sound. (Reported by Rusty Newton)
* ASTERISK-25189 - AMI: Add Linkedid header to standard channel
snapshot information. (Reported by Richard Mudgett)
* ASTERISK-25172 - Crash in channels/sip/sip blind
transfer/caller_refer_only test in
ast_format_cap_append_from_cap during ast_request (Reported by
Matt Jordan)
* ASTERISK-25180 - res_pjsip_mwi: Unsolicited MWI requires reload
(Reported by Joshua Colp)
* ASTERISK-25182 - [patch] on CLI sip reload, new codecs get
appended only (Reported by Alexander Traud)
* ASTERISK-25163 - Deadlock in chan_sip between reload of sip peer
container and MWI Stasis callback (Reported by Dmitriy Serov)
* ASTERISK-25091 - Asterisk REST API - bridge.addChannel crash
asterisk when calling channel hangup while adding to bridge
(Reported by Ilya Trikoz)
* ASTERISK-24900 - Manager event ParkedCallSwap is not documented
(Reported by Rusty Newton)
* ASTERISK-25162 - func_pjsip_aor: Leak of contact in iterator
(Reported by Corey Farrell)
* ASTERISK-25158 - res_pjsip: Add option to use AAL2 packing when
negotiating g.726 (Reported by Kevin Harwell)
* ASTERISK-24344 - CDR_PROP(disable) disables CDR only for first
dialed party (Reported by Janusz Karolak)
* ASTERISK-24443 - CDR fields (dst, dcontext) empty in transfer
call started from Macro (Reported by Arveno Santoro)
* ASTERISK-25154 - [patch]fromtag may need to be updatep after
successful call dialog match (Reported by Damian Ivereigh)
* ASTERISK-25156 - chan_pjsip’s CHAN_START cel event lacks the
correct context and exten (Reported by cloos)
* ASTERISK-25157 - bridging: Performing a blonde transfer does not
result in connected line updates (Reported by Joshua Colp)
* ASTERISK-25087 - Asterisk segfault when using Directory
application with alias option and specific mailbox configuration
(Reported by Chet Stevens)
* ASTERISK-24983 - IAX deadlock between hangup and scheduled
actions (ex. largrq) (Reported by Y Ateya)
* ASTERISK-25096 - [patch]Segfault when registering over
websockets with PJSIP (in ast_sockaddr_isnull at
/include/asterisk/netsock2.h) (Reported by Josh Kitchens)
* ASTERISK-24963 - ASAN: heap-use-after-free with PJSIP and WSS
(Reported by Badalian Vyacheslav)
* ASTERISK-22559 - gcc 4.6 and higher supports weakref attribute
but asterisk doesn't detect it. (Reported by ibercom)
* ASTERISK-25094 - PBX core: Investigate thread safety issues
(Reported by Corey Farrell)
* ASTERISK-25148 - res_pjsip NULL channel audit (Reported by Mark
Michelson)
* ASTERISK-24717 - ASAN: global-buffer-overflow codec_{ilbc | gsm
| adpcm | ipc10} (Reported by Badalian Vyacheslav)
* ASTERISK-25137 - endpoint stasis messages are delivered twice
(Reported by Vitezslav Novy)
* ASTERISK-25116 - res_pjsip: Two PeerStatus AMI messages are
sent for every status change (Reported by George Joseph)
* ASTERISK-25131 - chan_pjsip: In-dialog authentication not
handled. (Reported by Richard Mudgett)
* ASTERISK-25100 - asterisk coredump if host has an IPv6 address
that end with ::80 (Reported by Mark Petersen)
* ASTERISK-25122 - Large SIP packet received via pjsip over
websocket crashes Asterisk (Reported by Ivan Poddubny)
* ASTERISK-25121 - Stasis: Fix unsafe use of stasis_unsubscribe in
modules. (Reported by Corey Farrell)
* ASTERISK-24988 - func_talkdetect: Test is bouncing sporadically
(Reported by Joshua Colp)
* ASTERISK-25105 - res_pjsip: Possible incompatibility between
qualify_timeout and pjproject-2.4 (Reported by George Joseph)
* ASTERISK-25117 - res_mwi_external_ami: Fix manager action
registrations. (Reported by Corey Farrell)
New Features made in this release:
-----------------------------------
* ASTERISK-25259 - chan_pjsip: Add rtptimeout support (Reported by
Joshua Colp)
* ASTERISK-25238 - ARI: Support push configuration (Reported by
Matt Jordan)
* ASTERISK-25173 - ARI: Add the ability to load/reload/unload an
Asterisk module (Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.5.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 13.6.0.
The release of Asterisk 13.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-25377 - res_pjsip: Change default "From user" from UUID
to something more palatable (Reported by Mark Michelson)
* ASTERISK-25252 - ARI: Add the ability to manipulate log channels
(Reported by Matt Jordan)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)
* ASTERISK-25383 - Core dumps on startup and shutdown with
MALLOC_DEBUG enabled (Reported by yaron nahum)
* ASTERISK-25423 - Caller gets no Connected line update during
call pickup. (Reported by Richard Mudgett)
* ASTERISK-25305 - Dynamic logger channels can be added multiple
times (Reported by Mark Michelson)
* ASTERISK-25418 - On-hold channels redirected out of a bridge
appear to still be on hold (Reported by Mark Michelson)
* ASTERISK-25384 - Regular Asterisk crashes when using Page
application. "user_data is NULL" (Reported by Chet Stevens)
* ASTERISK-25407 - Asterisk fails to log to multiple syslog
destinations (Reported by Elazar Broad)
* ASTERISK-25410 - app_record: RECORDED_FILE variable not being
populated (Reported by Kevin Harwell)
* ASTERISK-25394 - pbx: Incorrect device and presence state when
changing hint details (Reported by Joshua Colp)
* ASTERISK-25396 - chan_sip: Extremely long callerid name causes
invalid SIP (Reported by Walter Doekes)
* ASTERISK-25399 - app_queue: AgentComplete event has wrong reason
(Reported by Kevin Harwell)
* ASTERISK-25185 - Segfault in app_queue on transfer scenarios
(Reported by Etienne Lessard)
* ASTERISK-25353 - [patch] Transcoding while different in Frame
size = Frames lost (Reported by Alexander Traud)
* ASTERISK-25325 - ARI PUT reload chan_sip HTTP response 404
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25390 - default_from_user can crash with certain
configuration backends (Reported by Mark Michelson)
* ASTERISK-25387 - res_pjsip_nat: Malformed REGISTER request
causes NAT'd Contact header to not be rewritten (Reported by
Matt Jordan)
* ASTERISK-25227 - No audio at in-band announcements in ooh323
channel (Reported by Alexandr Dranchuk)
* ASTERISK-25369 - res_parking: ParkAndAnnounce - Inheritable
variables aren't applied to the announcer channel (Reported by
Jonathan Rose)
* ASTERISK-25295 - res_pjsip crash - pjsip_uri_get_uri at
/usr/include/pjsip/sip_uri.h (Reported by Dmitriy Serov)
* ASTERISK-25381 - res_pjsip: AoRs deleted via ARI (or other
mechanism) do not destroy their related contacts (Reported by
Matt Jordan)
* ASTERISK-25367 - pbx: Long pattern match hints may cause "core
show hints" to crash (Reported by Joshua Colp)
* ASTERISK-25365 - Persistent subscriptions have extra
Content-Length/corrupted messages (Reported by Mark Michelson)
* ASTERISK-25362 - Deadlock due to presence state callback
(Reported by Mark Michelson)
* ASTERISK-25356 - res_pjsip_sdp_rtp: Multiple keepalive scheduled
items may exist (Reported by Joshua Colp)
* ASTERISK-25355 - sched: ast_sched_del may return prematurely due
to spurious wakeup (Reported by Joshua Colp)
* ASTERISK-25318 -
tests/rest_api/applications/subscribe-endpoint/nominal/resource:
Sporadically failing (Reported by Joshua Colp)
* ASTERISK-25346 - chan_sip: Overwriting answered elsewhere hangup
cause on call pickup (Reported by Joshua Colp)
* ASTERISK-25342 - res_pjsip: Repeated usage of pj_gethostip may
block (Reported by Joshua Colp)
* ASTERISK-25341 - bridge: Hangups may get lost when executing
actions (Reported by Joshua Colp)
* ASTERISK-25339 - res_pjsip: Empty "auth" sections from
non-config backgrounds are interpreted as valid (Reported by
Matt Jordan)
* ASTERISK-25215 - Differences in queue.log between Set
QUEUE_MEMBER and using PauseQueueMember (Reported by Lorne
Gaetz)
* ASTERISK-25322 - Crash occurs when using MixMonitor with t() or
r() options. (Reported by Richard Mudgett)
* ASTERISK-25320 - chan_sip.c: sip_report_security_event searches
for wrong or non existent peer on invite (Reported by Kevin
Harwell)
* ASTERISK-25315 - DAHDI channels send shortened duration DTMF
tones. (Reported by Richard Mudgett)
* ASTERISK-25312 - res_http_websocket: Terminate connection on
fatal cases (Reported by Joshua Colp)
* ASTERISK-25306 - Persistent subscriptions can save multiple SIP
messages at once, leading to potential crashes. (Reported by
Mark Michelson)
* ASTERISK-25309 - [patch] iLBC 20 advertised (Reported by
Alexander Traud)
* ASTERISK-25304 - res_pjsip: XML sanitization may write past
buffer (Reported by Joshua Colp)
* ASTERISK-25265 - [patch]DTLS Failure when calling WebRTC-peer on
Firefox 39 - add ECDH support and fallback to prime256v1
(Reported by Stefan Engström)
* ASTERISK-25296 - RTP performance issue with several channel
drivers. (Reported by Richard Mudgett)
* ASTERISK-25297 - Crashes running
channels/pjsip/resolver/srv/failover/in_dialog testsuite tests
(Reported by Richard Mudgett)
* ASTERISK-25292 - Testuite:
tests/apps/bridge/bridge_wait/bridge_wait_e_options fails
(Reported by Kevin Harwell)
* ASTERISK-25271 - Parking & blind transfer: Transferer channel
not hung up if no MOH (Reported by Kevin Harwell)
Improvements made in this release:
-----------------------------------
* ASTERISK-24870 - ARI: Subscriptions to bridges generally not
super useful (Reported by Matt Jordan)
* ASTERISK-25310 - [patch]on FreeBSD also pthread_attr_init()
defaults to PTHREAD_EXPLICIT_SCHED (Reported by Guido Falsi)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.6.0
Thank you for your continued support of Asterisk!
The find-prefix infrastructure was required in a pkgviews world where
packages installed from pkgsrc could have different installation
prefixes, and this was a way for a dependency prefix to be determined.
Now that pkgviews has been removed there is no longer any need for the
overhead of this infrastructure. Instead we use BUILDLINK_PREFIX.pkg
for dependencies pulled in via buildlink, or LOCALBASE/PREFIX where the
dependency is coming from pkgsrc.
Provides a reasonable performance win due to the reduction of `pkg_info
-qp` calls, some of which were redundant anyway as they were duplicating
the same information provided by BUILDLINK_PREFIX.pkg.
Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden). Existing SHA1
digests retained for now as an audit trail.
pkgsrc changes:
- from joerg@
- srtp support
- new asterisk-config option to control installing of sample config files
- manifest.xml for Solaris' SMF
- various bugfixes, some reworked by myself
- backport kqueue timer update from Asterisk 13
-----
The Asterisk Development Team has announced the release of Asterisk 11.20.0.
The release of Asterisk 11.20.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)
* ASTERISK-25427 - Callerid change does not always emit
NewCallerid AMI event (Reported by Ivan Poddubny)
* ASTERISK-25407 - Asterisk fails to log to multiple syslog
destinations (Reported by Elazar Broad)
* ASTERISK-25410 - app_record: RECORDED_FILE variable not being
populated (Reported by Kevin Harwell)
* ASTERISK-25394 - pbx: Incorrect device and presence state when
changing hint details (Reported by Joshua Colp)
* ASTERISK-25396 - chan_sip: Extremely long callerid name causes
invalid SIP (Reported by Walter Doekes)
* ASTERISK-25353 - [patch] Transcoding while different in Frame
size = Frames lost (Reported by Alexander Traud)
* ASTERISK-25227 - No audio at in-band announcements in ooh323
channel (Reported by Alexandr Dranchuk)
* ASTERISK-25346 - chan_sip: Overwriting answered elsewhere hangup
cause on call pickup (Reported by Joshua Colp)
* ASTERISK-25215 - Differences in queue.log between Set
QUEUE_MEMBER and using PauseQueueMember (Reported by Lorne
Gaetz)
* ASTERISK-25320 - chan_sip.c: sip_report_security_event searches
for wrong or non existent peer on invite (Reported by Kevin
Harwell)
* ASTERISK-25315 - DAHDI channels send shortened duration DTMF
tones. (Reported by Richard Mudgett)
* ASTERISK-25312 - res_http_websocket: Terminate connection on
fatal cases (Reported by Joshua Colp)
* ASTERISK-25265 - [patch]DTLS Failure when calling WebRTC-peer on
Firefox 39 - add ECDH support and fallback to prime256v1
(Reported by Stefan Engström)
Improvements made in this release:
-----------------------------------
* ASTERISK-25310 - [patch]on FreeBSD also pthread_attr_init()
defaults to PTHREAD_EXPLICIT_SCHED (Reported by Guido Falsi)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.20.0
Thank you for your continued support of Asterisk!
This release brings:
- fewer dependencies (both "purple" and "sofia-sip" modem backends are now
maintained externally, likewise for the "locker" plug-in)
- easier integration of third-party extensions (with pkg-config)
- improvements to the user interface
- spanish translation
- minor bugfixes
but the format string specifies %d.
As all of them are time differences, and a fax transmission shouldn't
need more than 2^31 (normally not even 2^15) seconds, cast to (int),
like already in a few other places.
Needed because sizeof(time_t) > sizeof(int) in NetBSD-6 and later.
ok wiz@
pkgsrc changes:
* No longer use Makefile.common now that py-gammu is released as a separate
package by upstream too.
Changes:
2.3
===
* License changed tp GPL version 2 or later.
* Documentation improvements.
2.2
===
* Documentation improvements.
* Code cleanups.
2.1
===
* Include data required for tests in tarball.
* Include NEWS.rst in tarball.
* Fixed possible crash when changing debug file.
* Fixed various errors found by coverity.
2.0
===
* Separate Python module.
* Compiles using distutils.
* Support Python 3.
ok wiz@.
pkgsrc changes:
* Now comms/gammu depends on devel/libusb1 (instead of devel/libusb)
* Get rid of Makefile.common: it is no more needed now that comms/py-gammu is
distribuited also upstream as a separate package.
Changes:
20150814 - 1.36.4
[-] * Use advisory locking to prevent two Gammu instances share one device.
[!] * Include child process stdout and stderr in SMSD logs to ease debugging.
[-] * Fix string quoting with ODBC driver.
[+] * Added RunOnSent option to SMSD.
[+] * Store message reference in outbox in files SMSD.
[-] * Improved C API documentation in manual.
20150707 - 1.36.3
[-] * Updated list of GSM country codes and networks.
[-] * Fixed bash completition install path (Ville Skyttä).
[-] * Better logging of delivery report failures in SMSD.
[-] * Improved support for Huawei E3372.
20150615 - 1.36.2
[-] * Fixed compilation using MSVC.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Documentation improvements.
[-] * Fixed smsd startup with non existing folders.
[-] * Fixed possible stack overflows on Windows.
20150520 - 1.36.1
[-] * Compatibility with libdbi from git.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Fixed reconnecting to SQL server.
[+] * Don't split a surrogate pair between message segments (David Brown).
20150413 - 1.36.0
[!] * The python-gammu module is now shipped separately.
[!] * Removed usage of __TIME__ and __DATE__ macros in codebase.
[-] * Fixed encoding of special chars to iCalendar format.
[-] * Fixed decoding of priority from vTODO.
[-] * Avoid infinite loops with ignored messages.
[-] * Improved stability of checking phone SMS memory.
[-] * Fixed parsing of some backup files.
20150302 - 1.35.0
[-] * Fixed encoding of UTF-8 for higher code points.
[-] * Improved provided udev rules.
[-] * Fixed possible lock while getting network status in SMSD.
[-] * Various localization updates.
20141230 - 1.34.0
[+] * Add phone power ON/OFF function.
[!] * Removed deprecated Python modules gammu.Data and gammu.Worker.
[+] * Store network name and code in SMSD tables.
[-] * Fixed build with recent clang compiler.
[-] * Fixed several possible issues found by Coverity scan.
[-] * Fixed possible crash on SMSD startup.
[-] * Fixed decoding unicode SMS messages.
[-] * Added identification for several Nokia phones.
[-] * Fixed compilation issues on various platforms.
[-] * SMSD now honors loglevel for all logging targets.
[+] * SMSD can automatically hangup incoming calls.
[-] * Correctly detect Network errors.
minor features
pkgsrc changes:
- new version of core sounds
- add options for SNMP and PostgreSQL from Mike Bowie in PR/49661
and by popular demand
- add back support for menuselect personalization as that's how I was
doing menuselect non-interactively
- XXX need to look at a better way of doing this
- disable PJSIP for now as it doesn't work well on NetBSD from Mike Bowie
Since I added an option for PostgreSQL I also looked at adding an
option for directly using MySQL. Turns out that all the MySQL
modules are in the addons directory and are marked as being
deprecated. So I didn't bother. While investigating this, I also
noted that all the pgsql modules are marked as "extended" support.
This basically means that it is supported by the community, but
there is no one person listed as being responsible who would take
the lead for maintaining them. This basically means that they are
unsupported / low priority. See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States .
Also with the pgsql modules, there is no way to do a database query
from the dialplan. Thus it is recommended to use the unixodbc
option as the modules are supported and offer the most functionality.
-----
The Asterisk Development Team has announced the release of Asterisk 11.19.0.
The release of Asterisk 11.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25250 - chan_sip - Despite the channel being answered,
caller on a call established via Local channel continues to hear
ringback (Reported by Etienne Lessard)
* ASTERISK-25247 - choppy audio when spying on a g722 channel,
chan_sip or chan_pjsip (Reported by hristo)
* ASTERISK-24853 - Documentation claims chan_sip outbound
registrations support WS or WSS as valid transports (not true)
(Reported by PSDK)
* ASTERISK-25257 - [patch]channels/sig_pri.h -> sig_pri_span ->
force_restart_unavailable_chans in wrong scope (Reported by
Patric Marschall)
* ASTERISK-25103 - Roundup - investigate Asterisk DTLS crashes
(Reported by Rusty Newton)
* ASTERISK-22805 - res_rtp_asterisk: Crash when calling
BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP
(Reported by Dmitry Burilov)
* ASTERISK-24550 - res_rtp_asterisk: Crash in
ast_rtp_on_ice_complete during DTLS handshake (Reported by
Osaulenko Alexander)
* ASTERISK-24651 - [patch] Fix race condition in DTLS (Reported by
Badalian Vyacheslav)
* ASTERISK-24832 - [patch]DTLS-crashes within openssl (Reported
by Stefan Engström)
* ASTERISK-25127 - DTLS crashes following "Unable to cancel
schedule ID" in dtls_srtp_check_pending (Reported by Dade
Brandon)
* ASTERISK-25213 - [patch]Possibility of deadlock in chan_sip
INVITE early Replace code (Reported by Walter Doekes)
* ASTERISK-25220 - [patch]Closing of fd -1 in chan_mgcp.c
(Reported by Walter Doekes)
* ASTERISK-25219 - [patch]Source and destination overlap in memcpy
in rtp_engine.c (Reported by Walter Doekes)
* ASTERISK-25212 - [patch]Segfault when using DEBUG_FD_LEAKS
(Reported by Walter Doekes)
* ASTERISK-19277 - [patch]endlessly repeating error: "poll failed:
Bad file descriptor" (Reported by Barry Chern)
* ASTERISK-25202 - Hints extension state broken between 13.3.2 and
13.4 (Reported by cervajs)
* ASTERISK-25154 - [patch]fromtag may need to be updated after
successful call dialog match (Reported by Damian Ivereigh)
* ASTERISK-25139 - Malicious transfer sequence locks up Asterisk
(Reported by Gregory Massel)
* ASTERISK-25094 - PBX core: Investigate thread safety issues
(Reported by Corey Farrell)
* ASTERISK-22559 - gcc 4.6 and higher supports weakref attribute
but asterisk doesn't detect it. (Reported by ibercom)
* ASTERISK-24717 - ASAN: global-buffer-overflow codec_{ilbc | gsm
| adpcm | ipc10} (Reported by Badalian Vyacheslav)
* ASTERISK-25100 - asterisk coredump if host has an IPv6 address
that end with ::80 (Reported by Mark Petersen)
Improvements made in this release:
-----------------------------------
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.19.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.18.0.
The release of Asterisk 11.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25112 - Logger: Configuration settings are not reset to
default during reload. (Reported by Corey Farrell)
* ASTERISK-24887 - [patch]tags in a=crypto lines do not accept 2
or more digits (Reported by Makoto Dei)
* ASTERISK-24944 - main/audiohook.c change prevents G722 call
recording (Reported by Ronald Raikes)
* ASTERISK-25083 - Message.c: Message channel becomes saturated
with frames leading to spammy log messages (Reported by Jonathan
Rose)
* ASTERISK-25041 - [patch]Broken column type checking in
res_config_mysql addon (Reported by Alexandre Fournier)
* ASTERISK-21893 - Segfault after call hangup, in
ast_channel_hangupcause_set, at channel_internal_api.c (Reported
by Alexandr Gordeev)
* ASTERISK-25074 - Regression: Recent clang-related change broke
cross compiling of Asterisk (Reported by Sebastian Kemper)
* ASTERISK-25042 - asterisk.conf options override command-line
options. (Reported by Corey Farrell)
* ASTERISK-24442 - Outgoing call files don't work properly when
set in the future (Reported by tootai)
* ASTERISK-25034 - chan_dahdi: Some telco switches occasionally
ignore ISDN RESTART requests. (Reported by Richard Mudgett)
* ASTERISK-25038 - Queue log "EXITWITHTIMEOUT" does not always
contain waiting time (Reported by Etienne Lessard)
* ASTERISK-22708 - res_odbc.conf negative_connection_cache option
not respected, failover between DSNs doesn't work (Reported by
JoshE)
* ASTERISK-25028 - Build System: Unneeded defines in
asterisk/buildopts.h (Reported by Corey Farrell)
* ASTERISK-19608 - Asterisk-1.8.x starts rejecting calls with
cause code 44 after some time. (Reported by Denis Alberto
Martinez)
* ASTERISK-24976 - cdr_odbc not include new columns added on 1.8
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25022 - Memory leak setting up DTLS/SRTP calls
(Reported by Steve Davies)
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by not here)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-24955 - res_fax: v.27ter support baud rate of 2400,
which is disallowed in res_fax's check_modem_rate (Reported by
Matt Jordan)
* ASTERISK-24916 - Increasing memory usage when multiple reinvite
during call (Reported by Christophe Osuna)
* ASTERISK-19538 - Asterisk segfaults on sippeers realtime
redundancy (Reported by Alex)
* ASTERISK-24749 - ConfBridge: Wrong language on playing
conf-hasjoin and conf-hasleft when played to bridge (Reported by
Philippe Bolduc)
* ASTERISK-24991 - Check for ao2_alloc failure in
__ast_channel_internal_alloc (Reported by Corey Farrell)
* ASTERISK-24895 - After hangup on the side of the ISDN network no
HangupRequest event comes for the dahdi channel. (Reported by
Andrew Zherdin)
* ASTERISK-24774 - Segfault in ast_context_destroy with
extensions.ael and extensions.conf (Reported by Corey Farrell)
* ASTERISK-24975 - Enabling 'DEBUG_THREADLOCALS' Causes the Build
to Fail (Reported by Ashley Sanders)
* ASTERISK-24959 - [patch]CLI command cdr show pgsql status
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-24954 - Git migration: Asterisk version numbers are
incompatible with the Test Suite (Reported by Matt Jordan)
* ASTERISK-21777 - Asterisk tries to transcode video instead of
audio (Reported by Nick Ruggles)
* ASTERISK-24380 - core: Native formats are set to h264 with
certain audio/video codec configuration, resulting in path
translation WARNINGs (Reported by Matt Jordan)
* ASTERISK-22352 - [patch] IAX2 custom qualify timer is not taken
into account (Reported by Frederic Van Espen)
* ASTERISK-24894 - [patch] iax2_poke_noanswer expiration timer too
short (Reported by Y Ateya)
* ASTERISK-23319 - Segmentation fault in queue_exec at app_queue.c
(Reported by Vadim)
* ASTERISK-24847 - [security] [patch] tcptls: certificate CN NULL
byte prefix bug (Reported by Matt Jordan)
* ASTERISK-21211 - chan_iax2 - unprotected access of
iaxs[peer->callno] potentially results in segfault (Reported by
Jaco Kroon)
* ASTERISK-18032 - [patch] - IPv6 and IPv4 NAT not working
(Reported by Christoph Timm)
* ASTERISK-24942 - Voicemail API: message is deleted when
destination mailbox is at maxmsg (Reported by Scott Griepentrog)
* ASTERISK-24932 - Asterisk 13.x does not build with GCC 5.0
(Reported by Jeffrey C. Ollie)
* ASTERISK-21854 - Long Asterisk-version strings display
improperly in the 'Connected to ...' line upon remote console
connection (Reported by klaus3000)
* ASTERISK-24155 - [patch]Non-portable and non-reliable recursion
detection in ast_malloc (Reported by Timo Teräs)
* ASTERISK-24142 - CCSS: crash during shutdown due to device
lookup in destroyed container (Reported by David Brillert)
* ASTERISK-24683 - Crash in PBX ast_hashtab_lookup_internal during
core restart now (Reported by Peter Katzmann)
* ASTERISK-24805 - [patch] - ASAN: Race condition
(heap-use-after-free) on asterisk closing (Reported by Badalian
Vyacheslav)
* ASTERISK-24881 - ast_register_atexit should only be used when
absolutely needed (Reported by Corey Farrell)
* ASTERISK-24864 - app_confbridge: file playback blocks dtmf
(Reported by Kevin Harwell)
* ASTERISK-14233 - [patch] Buddies are always auto-registered when
processing the roster (Reported by Simon Arlott)
* ASTERISK-24780 - [patch] - Buddies are always auto-registered
when processing the roster (Reported by Simon Arlott)
Improvements made in this release:
-----------------------------------
* ASTERISK-24744 - Swedish Core Voice prompts (Reported by Tove
Hjelm)
* ASTERISK-25043 - [patch] Avoiding ERR_remove_state in OpenSSL
(Reported by Alexander Traud)
* ASTERISK-24917 - [patch] clang compilation warnings (Reported by
Diederik de Groot)
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
* ASTERISK-24965 - cel_pgsql - log_error string references CDR
instead of CEL (Reported by Rodrigo Ramirez Norambuena)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.18.0
Thank you for your continued support of Asterisk!
---
- Fix buffering for funny sample formats (namely, 24 bit), that do not
fit nicely into 32768 bytes. Effect was a nasty endless loop where
mpg123 needs to be externally killed.
1.22.1
---
- Fix mpg123-id3dump when writing images with funny (manipulated) MIME type.
Stupid mistake in length computation of the fallback file extension caused
junk from memory being appended to the filename if the pointer size
is less than 64 bit. For 64 bit pointers (or longer) it was correct by
accident.
- Fix pedantic build by cleaning up out123 source, also now really showing
the encoding list in --longhelp instead of possibly, again, writing junk
from memory in there.
- Not linking libmpg123 against libltdl anymore (bug 215).
- Update MSVC++ ports a bit to make them work again.
Xfce 4 Modem Lights panel plugin is intended to simplify establishing a ppp
connection via a modem. It is primarily designed to work with the debian ppp
package and the pon/poff scripts provided by that package, but should be usable
with any scripts that create a lock file during dialing and retain it through
the connection.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
NB: I'm not game enough to do it in the freeze, but it looks like the
JVM version detection patching could be removed - it appears no longer
necessary now that Pkgsrc passes in the correct RXTX_PATH and JHOME_PATH
itself. At any rate, adding version 8 is not required for the oracle-jdk8
build to complete smoothly.
While here restore old behaviour of not alphabetically sorting memos by default.
Changes since 1.8.1:
1.8.2 - 05/18/14
Many bug fixes
Fixed VCard output
Added export for B-Folders
Added export for KeePassX
Changed the "enye" letter in Manana an "n", got tired of it causing problems
(Ma\303\261ana to Manana)
Made lots of stupid code changes to make the compiler warnings go away
pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only
-----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected. This potentially allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.17.0.
The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
with replaces (Reported by Eelco Brolman)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.16.0.
The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
The ConfBridge application uses an internal bridging API to implement
conference bridges. This internal API uses a state model for channels within
the conference bridge and transitions between states as different things
occur. Unload load it is possible for some state transitions to be delayed
causing the channel to transition from being hung up to waiting for media. As
the channel has been hung up remotely no further media will arrive and the
channel will stay within ConfBridge indefinitely.
In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
AMI ConfbridgeStartRecord Action
The CONFBRIDGE dialplan function when executed from an external protocol (such
as AMI) can result in a privilege escalation as certain options within that
function can affect the underlying system. Additionally, the AMI
ConfbridgeStartRecord action has options that would allow modification of the
underlying system, and does not require SYSTEM class authorization in AMI.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
... sorry some 300 lines of ChangeLog
=========
20130529 - 1.33.00
[-] * Various translation improvements.
[-] * Improved support for Huawei E173, thanks to Gautier Minster.
[-] * Fixed buffer overflow in MMS decoder.
[-] * Fixed several memory leaks.
[-] * Improved compatibility with Qualcomm devices (bug #1654).
[-] * Various documentation improvements.
[-] * Updated version of sms-gammu2android, thanks to Shadow Walker.
[-] * Fixed compilation on Mac OS X, thanks to Soren Jorvang.
[-] * Fixed SMSD with CheckSecurity = 0 (bug #1672).
20120627 - 1.32.0
[-] * Fixed auto installation of EventLog registry.
[-] * Improved support for Arduino GPRS shield (bug #1592).
[-] * Fixed communication with Cross PD1101wi (bug #1617).
[-] * Ignore another unknown block in Nokia phonebook (bug #1614).
[-] * Do not encode number when setting up diverts.
20120224 - 1.31.90
[-] * Improved compatibility with ES75 (bug #1586).
[!] * Changed API for call diverts.
[+] * Added support for call diverts in Python API.
[+] * AT backend supports manipulating with call diverts.
[+] * Added support for suspending/resuming SMSD using SIGUSR1/2.
[!] * Changed protocol for S60 applet.
[+] * S60 applet now handles SMS with new lines.
[+] * Improved support for Windows Event Log.
20111221 - 1.31.0
[-] * Fixed compilation with latest libusb.
[-] * Improved error handling in SQL backend of SMSD.
[-] * SMSD documentation improvements.
[-] * Indonesian translation updates.
20111213 - 1.30.92
[-] * Improved vCard parser to better handle location for various fields, thanks to Vladimir Serbinenko for initial patch.
[-] * Fixed reading calls from some Nokia phones (bug #1553).
[-] * Improved text mode SMS parsing in AT driver, thanks to Vladimir Serbinenko.
[-] * Use glib's MD5 implementation if available.
20111129 - 1.30.91
[+] * Improved documentation for configuring Gammu.
[-] * Fixed parsing birthday from vCard in some cases.
[+] * Added option not to use configured logging in SMSD inject and monitor (bug #1539).
[+] * Added SMSD configuration LogFacility (bug #1539).
[-] * Fixed reading of data from OBEX phones (LP#891803).
[-] * Fixed double reply detection (bug #1544).
[-] * Increase maximal number of caller groups (bug #1541).
[-] * Cancel all calls on maketerminated call if we don't get call ID.
[-] * Fixed SMSC handling in some cases in SMSD (bug #1547).
20111107 - 1.30.90
[-] * Various documentation improvements.
[-] * Detect Alcatel style reply on CPIN response (bug #1502).
[-] * Fix build on some Win32 systems (bug #1496).
[-] * Make jadmaker handle names with spaces (Rapha l Droz).
[-] * Display 8-bit messages in hex (Nicolas Pitre).
[-] * Do not use AT+CUSD=2 on some phones (bug #1508).
[-] * Fixed gammu-monitor with Windows service (bug #1515).
[-] * Cleanup of contrib directory.
[-] * Better support for Samsung AT phones (bug #1513).
[-] * Fixed handling of MMS notification SMSes (bug #1530).
[-] * Fixed CPIN reply handling (bug #1532).
[+] * SMSD checks for PIN status just after connect (bug #1532).
[-] * Fixed various MSVC compilation issues.
20110719 - 1.30.0
[*] * Improved SMSD logging of configuration settings.
[-] * Fix possible crash in fbus2 driver.
[-] * Fix possible crash of ODBC driver on Windows (bug #1482).
[-] * Fixed usage of dbi plugins from Python module.
20110607 - 1.29.93
[-] * Properly initialize atobex driver with Sony-Ericsson phones.
[-] * Updated list of country and network codes.
[-] * Escape fields in SQL queries (bug#1415).
[-] * Escape fields in PostgreSQL SQL script (bug#1415).
[-] * Default to GSM encoding for text messages in SQL backend for SMSD.
[-] * Add option to override which SQL dialect to use in SMSD (bug #1427).
[-] * Improved m-obex protocol support, thanks to Vladimir Serbinenko.
[-] * Various fixes for Samsung B2100, thanks to Vladimir Serbinenko.
[-] * Fix check for AT+CPROT support (bug #1438).
[-] * Fix memory leak in s60 protocol driver (bug #1441).
[-] * Reverted change to SignalStrength because of SQL escaping we have now (bug #1380).
[-] * Improved vCard parser to handle vCards from Gmail.
[-] * Fixed LDIF parser to cope with multiple LDIF in single file.
20110315 - 1.29.92
[-] * Documentation improvements and fixes.
[-] * Saner error handling in Windows serial driver.
[-] * Cleanup in SMSD internals.
[+] * Added ODBC driver to SMSD.
20110225 - 1.29.91
[+] * Added screenshot function for Sony-Ericssonn phones (M rton N meth).
[-] * Fixed parsing of some Nokia SMSes (bug #1402).
[-] * Properly report error on deleting non deletable entries (bug #1396).
[-] * Slower switch from m-obex to AT (bug #1382).
[-] * Faster initialization for AT phones without enabled echo.
20110210 - 1.29.90
[-] * Fix detection of MySQL libraries (bug #1370).
[!] * Changed default connection settings to at and ttyACM0 (bug #1078).
[+] * Add new API call to abort existing operation (bug #1155).
[+] * Change database structure to avoid using reserved word Signal (bug #1380).
[+] * Possibility to limit time of day for SMS in SMSD (bug #1203).
[-] * Enforce limits on SMS payload length.
[+] * Made GSM_SMSCounter public (bug #1356).
[+] * Support for S60 phones using Series60 applet (bug #423).
[-] * Do not fail on 0x7b field in Nokia 3600s phonebook (bug #1385).
[!] * Disabled two stage probing for most protocols.
[-] * Fixed saving of SMS backups (bug #1392).
[+] * Screenshot functionality for DCT4 phones (bug #1390).
20110119 - 1.29.0
[+] * Added option to enter new PIN when entering PUK, thanks to Peter
Stuge for pointing out this requirement.
[-] * Improved documentation of SMSD backend services.
20110107 - 1.28.95
[-] * Fix decoding of SMS without date on DCT4 phones (bug #1368).
[+] * Added gammu-detect tool to detect available devices on system.
[-] * Fixed parsing of Philips reply to SPBR (bug #1366).
[-] * Fixed testsuite not to depend on system timezone.
[-] * Check if phone is waiting for requested security code before
entering.
[-] * Fixup invalid international numbers with double prefix (+00) in
SMS (bug #1364).
[-] * Fixed m-obex protocol implementation, thanks to Matthieu Patou (bug #1375).
[-] * Fixed build on Mac OS X, thanks to Matthieu Patou (bug #1374).
[-] * Fixed decoding of some SMS messages on S40 phones (bug #1243).
20101227 - 1.28.94
[+] * New convertbackup command to convert between backup formats.
[+] * Changed database structure to version 12, you need to upgrade it.
[-] * Try harder to find dn for LDIF export (bug #1363).
[-] * Better names for some fields in LDIF export (bug #1363).
[-] * Implement parsing of LDIF for all fields we save (bug #1363).
[-] * Various minor fixes in SMSD SQL backend.
[-] * Improved test suite coverage.
[-] * Improved dummy driver to allow more testing.
20101202 - 1.28.93
[+] * New SMSD configuration RunOnFailure.
[-] * Fix invalid SQL when storing 8bit SMS (bug #1329).
[-] * Probe if phone supports m-obex protocol (bug #1286).
[+] * Experimental support fo m-obex protocol (bug #1286).
[-] * Fix detection of delivery reports in MySQL and PostgreSQL backends
(bug #313).
[+] * Include udev rules for Nokia phones (bug #1251).
[-] * Fix parsing LG VX9200 reply on getting battery state (bug #1264).
[-] * Fix handling of SMS text mode (bug #1189).
[!] * Default to no retries of the send commands on the link.
[-] * Wait for more USSD replies on getussd command (bug #1346).
[!] * New unified SQL SMSD backend handling all SQL databases.
[+] * SQL queries in SQL SMSD backend can be configured.
20101004 - 1.28.92
[+] * New SMSD config option HardResetFrequency.
[+] * Gammu now supports freedesktop.org/XDG specs for config file
locations and reads ~/.config/gammu/config.
[-] * Increase timeout for AT+CMGL (bug #1317).
[+] * Added support for optional delivery report parts as defined by
ETSI 123 040, section 9.2.2.3 (bug #1304).
[+] * SMSD database host configuration is now named "host" not "PC".
20100916 - 1.28.91
[-] * Fixed locales compilation/support.
[-] * Set memory to use for MPBR/SBNR/SPBR commands as well (bug #1128).
[-] * Handle errors from CMGL same way as from CMGR (bug #1211).
[-] * Fixed parsing of AT+CPMS=? reply (bug #1296).
[+] * Implemented matching by serial number.
[+] * SMSD can now be configured just for sending/receiving.
[-] * Fixed battery status for S40 phones (bug #1301).
[-] * Improved compatibility with Motorola phonebook (bug #1128).
[+] * Lot of documentation improvements, check <http://wammu.eu/docs/devel/docs/>.
20100827 - 1.28.90
[-] * Fixed handling of empty reply on CREG/CGREG (bug #1245).
[-] * Prefer storing delivery reports over forwarding them.
[-] * Fix leak and crash when handling MMS notifications in Python.
[-] * Fixed parsing of date from AT phones (bug #1256).
[-] * Simplify handling text comment in SMS backup to keep new lines.
[+] * New command gammu battery.
[-] * Fail to send SMS without set SMSC.
[-] * Avoid updating SMSD backend frequently than StatusFrequency defines.
[-] * Store SIM phonebook to vCard on backup (bug #1281).
[-] * Fixed waiting for multipart messages (bug #1279).
[-] * Fixed crash on too long GPRS access point names in backup (bug #1267).
[-] * Fallback to using SMSC from phone in SMSD if none provided.
[-] * Improved guessing of HEX/GSM charsets for phone number in AT engine.
20100712 - 1.28.0
[+] * Support for adding notes using addnew command.
[-] * Better log errors when moving message in SMSD.
[!] * Removed checkfirmware command as the server is not existing anymore.
[-] * Proper closing of Bluetooth sockets on Windows (bug #1239).
[-] * Properly decode another way of MMS notification SMS.
[+] * Support for selecting USB device to use on Linux.
[-] * Fix storing text in SMS backup comment for multiline SMS.
[-] * Fixed crash when passing invalid parameters to SMS encoder.
20100629 - 1.27.95
[+] * Support for getting packet network state (bug #1220).
[-] * Fix parsing of AT replies from Nokia 2730 (bug #1224).
[-] * Nokia E61 needs encoded USSD requests (bug #1228).
[!] * Rename Port configuration directive to Device.
[-] * Try to reconnect after lost connection to MySQL error.
[-] * Actually enable -f processing in SMSD.
[+] * Configurable number of backend retries.
[-] * Prefer GSM charset for USSD requests (bug #1228).
20100603 - 1.27.94
[-] * Fixed folder detection for Nokia S40 phones (bug #1191).
[-] * Fixed smsd-inject for long messages.
[-] * Fixed waiting for more multipart messages (bug #1193).
[-] * Fixed parsing of cellid reply with different locales (bug #1202).
[-] * Fixed handling of timeouts from libusb (bug #1207).
[-] * Properly detect birthday on Nokia 2700 (bug #1213).
[-] * Provide fallback value for note type (bug #1213).
[-] * Rewritten parsing of CREG: reply to properly parse all replies (bug #1220).
20100413 - 1.27.93
[-] * Fix crash when SMS in Nokia has too many recipients (bug #1136).
[-] * Better handling of Bluetooth errors on Windows (bug #1146).
[-] * Build with -Wl,--as-needed to avoid not required dependencies.
[-] * Python module now uses more PEP-3 compliant naming.
[-] * Fix compilation while disabling some features.
[-] * Include message reference in FILES backend logs for SMSD.
[-] * Fix crash when adding file to Nokia (bug #1163).
[+] * Added function EncodePDU to python-gammu.
[-] * Fix storing message status on multiple delivery reports (bug #1167).
[-] * Force AT^SBNR support on Siemens AX75.
20100217 - 1.27.92
[+] * Write support for Siemens phonebook (bug #1129).
[-] * Properly decode UTF-8 version 3.0 vCards (bug #1132).
[-] * Fixed wrong counting of favorite messaging numbers (bug #1010).
[+] * Implement SendDTMF in Python bindings.
20100204 - 1.27.91
[-] * Add ID for Nokia 6275i (bug #1096).
[-] * Fix Windows build by not defining MSVC version.
[-] * Correctly use first entry location in MPBR (bug #1076).
[-] * Avoid buffer overrun when parsing SM30 SMS (bug #1110).
[-] * Properly detect user home directory.
[+] * Improved MMS notifications encoding.
[+] * Allow to specify MMS notification class.
[+] * Implemented decoding of MMS notification (bug #1100).
[+] * SMSD now properly groups multipart messages together.
[+] * New NULL service for SMSD.
[+] * RunOnReceive now gets environment variables with SMS data.
[-] * Fixed AT lines splitting to work properly with quotes.
[-] * Separate getting information for Motorola phones (bug #1076).
[-] * Fixed reading of Samsung contacts (bug #1105).
[-] * Re-enable classic AT commands for adding Samsung contact (bug #1105).
[+] * SMSD no longer requires support for SMS status, so it works with Nokia S40 phones.
[-] * Fix finding of empty location for some AT phones (bug #1119).
[-] * Restore phone phonebook also to phones not supporting status (bug #1122).
[-] * Avoid reading phone memory on reading SIM (bug #1123).
20100106 - 1.27.90
[-] * Simplify code in FILES smsd service.
[-] * FILES service can send smsbackup messages.
[+] * Configurable outbox format for SMSD/FILES.
[-] * Improve conversion of boolean settings from Python.
[-] * Do not use MPBR/SPBR for other than phone memory (bug #1076).
[-] * Fix crash with unknown CME error (bug #1082).
[-] * Fixed connecting to Onda devices (LP #501025).
[+] * SMSD can terminate itself after defined number of failures.
[-] * Improved decoding of SM30 Nokia messages (bug #1091).
20091222 - 1.27.0
[+] * Initial support for reading Motorola calendar (bug#338).
[-] * Avoid parsing boolean config values all around the code.
[+] * FILES backend of SMSD now support message injecting.
[-] * Ignore duplicate lines in AT reply (bug#1069).
20091212 - 1.26.93
[-] * Add ID for MTK1/MTK2 phones (bug#1051).
[+] * Add DecodePDU to Python bindings.
[+] * Added sample SQL trigger for SMSD polls.
[-] * Display sent SMS time if it is available (bug#1053).
[-] * Added bunch of new testcases.
[-] * Distinguish silent/tone alarms in own backup format.
[-] * Fixed compilation with Clang compiler.
[-] * Fixed handling of SMS memories with Samsung (bug#1063).
[+] * Reporting location based on OpenCellID database (bug#1039).
20091203 - 1.26.92
[-] * Compare full name of config section.
[-] * Add ID for Nokia 6111 (bug#1045).
[-] * Handle CME error 601 (bug#1044).
[+] * Support for reading birthday from Samsung phonebook (bug#1038).
[+] * Report GPRS state when getting network status (bug#1023).
[-] * Fix reading of Siemens phonebook (bug#1046).
[+] * Make gammu error codes map to GSM_Error.
[-] * Various code cleanups.
[-] * Add ID for Huawei E169.
20091119 - 1.26.91
[-] * Fixed parsing of vCards with lowercase types (bug #1006).
[-] * Handle forward references in Nokia phonebook (bug #1009).
[-] * Save timestamp to SMS backup for all messages.
[-] * Store PDU type in SMS backup.
[+] * More flexible handling of exclude/include lists in SMSD.
[+] * Add support for external list of exclude/include numbers (bug#1008).
[-] * Workaround decoding of messages padded by 0xFF by phone.
[-] * Force enabling of OBEX for SE S312 (bug#1016).
[-] * Recognize Motorola A1200 error replies (bug#1019).
[-] * Disable AT/Obex for Motorola A1200e (bug#1019).
[-] * Properly detect if phone does not support AT+MODE (bug#1019).
[-] * Disable AT/Obex for Motorola E790 (bug#1018).
[+] * Add option to filter messages by SMSC (bug#1020).
[-] * Implement retries when waiting for message prompt.
[-] * Fixed logic of detecting incoming calls.
[-] * Fixed loading of non ASCII messages from files in SMSD (bug#1011).
[+] * Added example showing reading of messages.
[-] * Build Windows release with Python 2.6.
[-] * Fixed compilation in MSVC because of missing S_ISDIR.
[-] * Fixed parsing of different Samsung reply (bug#1038).
[-] * Proper error code when SMSC is empty (bug#1032).
[-] * Fixed compilation of python-gammu in MSVC.
20091012 - 1.26.90
[-] * Fixed parsing of SMS with empty recipient (bug #998).
[-] * Correct setting of time on Huawei phones.
[+] * Addnew command can now change memory type being used.
[-] * Proper handling of locations and memory type in vCards.
[-] * Added IDs for several recent Sony-Ericsson phones.
[-] * Fix decoding of phone numbers in some cases (bug #999).
[-] * Replace MD5 implementation with public domain one (bug #964).
[-] * Huawei E17X has broken UCS-2, do not use it (bug #962).
[-] * Do not fail if phone does not support extended SMS params (bug #927).
[+] * Added support for Samsung calendar (bug #839).
[-] * Do not choke on OK in message text.
[-] * Add ID of Nokia 6020b (bug #1004).
[-] * Fix decoding of SMS with extended characters.
[-] * Fixed handling of DCT4 specific functions.
[-] * Add workaround for especially broken Ubinetics GDC201.
- added --with-trust-uds-cred which uses getsockopt() to fetch and
trust the client uid, bypassing password lookups - patch by Anton
Lundin <glance@acc.umu.se>
- missing closedir() causing memory leak - patch by Anton Lundin
<glance@acc.umu.se>
- sending a break signal over IPMI was broken - based on patch by
Alexander Y. Fomichev <git.user@gmail.com>
- IPv6 support (marked as experimental at this point because it's
untested (except by the author), there's a lack of documentation, and
I'm hoping for non-getifaddrs() system support) - patch by Milos
Vyletel <milos.vyletel@gmail.com>
- no more K&R compiler support
version 8.1.20 (Apr 4, 2014):
- IPMI serial over LAN support via FreeIPMI - based on patch by Anton
D. Kachalov <mouse@yandex-team.ru>
- minor cleanup of code, removal of gcc warnings and such that should
have no fuctional change
version 8.1.19 (Sep 26, 2013):
- prevent select/read loop when EOF on non-pty input (console) -
reported by Chris Marget <chris@marget.com>
- "!" syntax prefixing use of group names not honored - reported by
Zonker <consoleteam@gmail.com>
- fixed memory leak using timestamps - patch by Karvendhan M.
<Karvendhan.M@netapp.com>
- deprecated --with-cycladests (noop now) - cross-compilation should
work without it as autologin now expects setpgrp() to take two
arugments instead of testing for it
- no automatic checks for an empty password when using PAM
authentication - based on discussion with Ryan Kirkpatrick
<linux@rkirkpat.net>
- added 'sslcacertificatefile' and 'sslcacertificatepath' client
configuration options - based on patch by Aki Tuomi <cmouse@cmouse.fi>
- added 'sslcacertificatefile' and 'sslreqclientcert' server
configuration options
- added --with-req-server-cert to force clients to require a certificate
from the server when using SSL - based on emails with Thor Simon
<tls@coyotepoint.com>
- added server-side tasks (see conserver.cf man page) that are invoked
by the client (useful for things like IPMI-based power control of
servers, invoking resets of terminal server ports, or anything else
that requires scripting) - ideas from patch by Anton Lundin
<glance@acc.umu.se> and discussion on mailing list (2011)
- added 'confirm' option to break sequences
- added 'breaklist' option to limit exposure of break sequences to
consoles
- sending of break signals is now announced to all attached clients
The Asterisk Development Team has announced the release of Asterisk 11.14.0.
The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.32.0.
The release of Asterisk 1.8.32.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0
Thank you for your continued support of Asterisk!
Bugfix release for 0.4.0, notably for:
* issue with the "oss" plug-in
* less warnings when building with Gtk+ 3
DeforaOS Phone 0.4.0 did bring:
* support for Gtk+ 3 (except for the new "video" plug-in)
* new and updated plug-ins and tools
* additional features and interface updates
* as well as improved documentation (manual pages...)
* and additional improvements under the hood (portability, XDG compliance...)
Also drops the dependency on audio/pulseaudio.
The Asterisk Development Team has announced the release of Asterisk 11.13.0.
The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
warnings and ref leaks (Reported by Walter Doekes)
* ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
if ever not able to resolve (Reported by David Herselman)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
* ASTERISK-23577 - res_rtp_asterisk: Crash in
ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
Jay Jideliov)
* ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
by Roman Skvirsky)
* ASTERISK-24301 - Security: Out of call MESSAGE requests
processed via Message channel driver can crash Asterisk
(Reported by Matt Jordan)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.31.0.
The release of Asterisk 1.8.31.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.
Please note that the release of these versions resolves the following security
vulnerability:
* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
Dialplan Configurations
Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-010.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.30.0.
The release of Asterisk 1.8.30.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.30.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.12.0.
The release of Asterisk 11.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23985 - PresenceState Action response does not contain
ActionID; duplicates Message Header (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.12.0
Thank you for your continued support of Asterisk!
pkgsrc change: MAKE_JOBS_SAFE=NO from joerg@
The Asterisk Development Team has announced the release of Asterisk 11.11.0.
The release of Asterisk 11.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23792 - Mutex left locked in chan_unistim.c (Reported
by Peter Whisker)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23824 - ConfBridge: Users cannot be muted via CLI or
AMI when waiting to enter a conference (Reported by Matt Jordan)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23609 - Security: AMI action MixMonitor allows
arbitrary programs to be run (Reported by Corey Farrell)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23844 - Load of pbx_lua fails on sample extensions.lua
with Lua 5.2 or greater due to addition of goto statement
(Reported by Rusty Newton)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23834 - res_rtp_asterisk debug message gives wrong
length if ICE (Reported by Richard Kenner)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23917 - res_http_websocket: Delay in client processing
large streams of data causes disconnect and stuck socket
(Reported by Matt Jordan)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23916 - [patch]SIP/SDP fmtp line may include whitespace
between attributes (Reported by Alexander Traud)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
* ASTERISK-22961 - [patch] DTLS-SRTP not working with SHA-256
(Reported by Jay Jideliov)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.11.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.29.0.
The release of Asterisk 1.8.29.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23667 - features.conf.sample is unclear as to which
options can or cannot be set in the general section (Reported by
David Brillert)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.29.0
Thank you for your continued support of Asterisk!
* Depend on x11/c++-gtk-utils, instead of x11/gtkmm
Changelog:
Version 3.2.13 (11th April 2014)
--------------
Fix API breakage in GTK+-3.12 (the buttons of GtkDialog objects
have been made internal instead of non-internal children of the
action area box) (dialog.h, dialog.cpp).
Put icon in efax and efax-gtk about dialogs (dialogs.cpp).
Replace AC_CONFIG_HEADER macro with AC_CONFIG_HEADERS when
configuring (Samuli Suominen) (configure.ac).
Update build system to automake-1.13.3 (config.guess, config.sub,
depcomp, INSTALL).
Update desktop file (Samuli Suominen) (efax-gtk.desktop).
Version 3.2.12 (1st June 2013)
--------------
Force GType initialisation of GtkEntry for GtkSettings
(mainwindow.cpp).
Correct entry sizing in settings dialog (settings.cpp).
Improve tray icon sizing (tray_icon.cpp).
Permit the program to build against c++-gtk-utils-2.2 (this
requires increasing the c++-gtk-utils-1.2 dependency to 1.2.13,
and increasing the c++-gtk-utils-2.0 dependency to 2.0.1)
(acinclude.m4, README; mainwindow.h, mainwindow.cpp).
Cause bootstrap.sh to build translation files (bootstrap.sh).
Update build system to automake-1.13.1 (configure.ac,
config.guess, config.sub, depcomp, INSTALL, install-sh, missing;
src/Makefile.am; efax/Makefile.am).
Version 3.2.11 (1st January 2013)
--------------
Workaround for a bug in GtkFileChooserDialog in later versions of
gtk+-2.24 (dialogs.cpp).
Change efax-gtk.desktop to meet
http://specifications.freedesktop.org/menu-spec/menu-spec-latest.html
recommendations (efax-gtk.desktop).
Add French translation (Charlie Ledocq) (po/fr.po, LINGUAS).
Version 3.2.10 (21st October 2012)
--------------
Update build system to automake-1.12.1 and autoconf-2.69.
Suppress gtk+-3 deprecation warnings (acinclude.m4).
Set locale even if NLS not set (main.cpp).
Deal better with GtkMessageDialog format string (dialog.cpp).
Use automake silent rules (configure.ac).
Correct icon entry in efax-gtk.desktop file (efax-gtk.desktop).
Simplify file chooser selection code (dialogs.cpp).
Call atexit() instead of glib's now deprecated g_atexit() (the use
of atexit() in this program is entirely safe) (main.cpp).
Remove unnecessary pointer value check in present_prog()
(main.cpp).
Add Spanish translation (Antonio Trujillo) (po/LINGUAS, po/es.po,
po/efax-gtk.pot; mainwindow.cpp).
Update copyright notices (COPYING, README; addressbook.h,
addressbook.cpp, dialogs.h, dialogs.cpp, efax_controller.h,
efax_controller.cpp, fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cp, gpl.h,
helpfile.h, helpfile.cpp, logger.h, logger.cpp, main.cpp,
mainwindow.h, mainwindow.cpp, prog_defs.h, redial_queue.h,
redial_queue.cpp, settings.h, settings.cpp, settings_help.h,
settings_help.cpp, socket_list.h, socket_list.cpp,
socket_notify.h, socket_notify.cpp, socket_server.h,
socket_server.cpp, tray_icon.h, tray_icon.cpp;
utils/cairo_handle.h, utils/icon_info_handle.h,
utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp,
utils/pango_layout_iter_handle.h, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp, utils/sem_sync.h,
utils/tiff_handle.h, utils/toolbar_append_widget.h,
utils/toolbar_append_widget.cpp, utils/tree_path_handle.h,
utils/tree_row_reference_handle.h, utils/utf8_utils.h,
utils/utf8_utils.cpp;
efax-gtk-faxfilter/efax-gtk-socket-client.cpp.
Update documentation (README).
Update configuration scripts (acinclude.m4).
Version 3.2.9 (21st December 2011)
-------------
Have a hard dependency on c++-gtk-utils-1.2 >= 1.2.7 or
c++-gtk-utils-2.0 >= 2.0.0-rc1, so that C++0x/11 can be more
easily supported, and maintainability is improved (README,
acinclude.m4, configure.ac, src/Makefile.am,
src/utils/Makefile.am, po/POTFILES.in; delete src/internal
directory and its contents.)
Make the settings help dialogs of a reasonable size with GTK+3
(settings_help.cpp).
Permit IPv6 addresses to be specified with a wildcard and only
one, or no, ':' character (socket_server.cpp).
Explicitly set shadow type of fax input frame (mainwindow.cpp).
Change library linking order (src/Makefile.am and
efax/Makefile.am).
Remove unnecessary configure checks (acinclude.m4, configure.ac
and src/Makefile.am)
Upgrade gettext to version 0.18 and include m4 macros
(po/Makefile.in.in, po/Rules-quot, m4 directory, Makefile.am).
Add proper header checks at configuration time (configure.ac).
Version 3.2.8 (30th March 2011)
-------------
Permit IPv6 addresses in domain name form as well as in numeric
format (socket_server.h and socket_server.cpp).
Improve error checking and so suppress gcc-4.6 warning
(mainwindow.cpp; utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version.
Version 3.2.7.1 (16th March 2011)
---------------
Correct style change handling (mainwindow.h, mainwindow.cpp).
Update comments in efax-gtkrc on "SOCK_OTHER_ADDRESSES:" for IPv6
(efax-gtkrc).
Version 3.2.7 (14th March 2011)
-------------
Change default gtk target to gtk+3, and permit
--with-gtk-version=gtk2 and --with=gtk-version=gtk3 as well as
--with-gtk-version=gtk+2 and --with=gtk-version=gtk+3
(acinclude.m4, README).
Provide option for server to accept IPv6 connections (efax-gtkrc;
prog_defs.h, main.cpp, mainwindow.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_server.h and
socket_server.cpp).
Use GtkStyleContext for a GTK+3 compile (acinclude.m4;
addressbook.cpp, dialogs.h, dialogs.cpp, fax_list.cpp,
fax_list-manager.cpp, helpfile.cpp, logger.cpp, main.cpp,
mainwindow.h and mainwindow.cpp).
Correct non-sh-ism in configuration files (acinclude.m4).
Include efax-gtk.png icon in rpm spec file (efax-gtk.spec.in).
Minor adjustments to MonoTiffPrintManager implementation
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Provide some explicit casts for std::pair constructor required by
C++0x (dialogs.cpp, fax_list.cpp, file_list.cpp, socket_list.cpp).
Provide compile option for c++-gtk-utils-2.0 (acinclude.m4,
README; efax_controller.cpp, fax_list.cpp, gpl.h, logger.cpp,
socket_server.h and socket_server.cpp).
Surpress warning about std::auto_ptr being deprecated when
compiling under C++0x (acinclude.m4).
Upgrade internal c++-gtk-utils version to 1.2.12 (and also adjust
the configuration files for that (acinclude.m4, configure.ac;
src/internal/c++-gtk-utils/Makefile.am)).
Version 3.2.6 (13th November 2010)
-------------
Do not require dbus-glib where glib >= 2.26 is installed
(acinclude.4, configure.ac, src/Makefile.am,
src/internal/c++-gtk-utils/Makefile.am with upgraded
c++-gtk-utils).
Fixes for gtk+-2.91 (acinclude.m4, addressbook.cpp, dialogs.cpp,
fax_list.cpp, fax_list_manager.cpp, helpfile.cpp, logger.cpp,
main.cpp, mainwindow.h, mainwindow.cpp, settings.cpp and
socket_notify.cpp).
Improve widget sizing for widgets displaying text
(efax_controller.h, mainwindow.h and mainwindow.cpp).
Fix compilation error with gtk+-2.12 (mainwindow.cpp).
Remove anachronistic comment (utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version to 1.2.7.
Version 3.2.5 (13th October 2010)
-------------
Fix segfault when printing faxes with cairo-1.10
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Use cairo rather than the GDK drawing functions to draw the
indicator of whether there are print jobs from the socket to be
faxed (mainwindow.h, mainwindow.cpp and utils/cairo_handle.h).
Use gtk_tree_view_convert_bin_window_to_widget_coords() instead of
gtk_widget_get_pointer() in order to obtain the pointer position
in widget co-ordinates for tree view motion notify events
(fax_list_manager.cpp).
Modify argument handling for efax message functions to avoid an
invalid double call to vfprintf() on the same va_list value (this
bug is triggered on some systems when using the 'fax' script but
does not directly affect efax-gtk) (efax/efaxmsg.c, efax/PATCHES).
Upgrade internal c++-gtk-utils version to 1.2.6.
Version 3.2.4 (2nd August 2010)
-------------
Fix uncaught exception where a file to be faxed is not in valid
postscript/PDF format (efax_controller.cpp).
Include the former gnome stock_send-fax icon as the standard icon
for efax-gtk (Makefile.am, efax-gtk.desktop, efax-gtk.png,
AUTHORS; main.cpp).
Use XkbBell() rather than XBell() where available (acinclude.m4,
main.cpp).
Include pkg-config test for x11.pc, if available (acinclude.m4 and
src/Makefile.am).
Further build fixes for Debian Hurd (src/efax_controller.cpp and
src/fax_list.cpp; efax/efaxmsg.c).
Update Hungarian translation (László Csordás) (hu.po and
mainwindow.cpp).
Remove redundant anonymous namespace for callbacks with C linkage
(addressbook.h, addressbook.cpp, dialogs.h, dialogs.cpp,
fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cpp, helpfile.h,
helpfile.cpp, logger.h, logger.cpp, mainwindow.h, mainwindow.cpp,
redial_queue.h, redial_queue.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_list.h,
socket_list.cpp, socket_notify.h, socket_notify.cpp, tray_icon.h,
tray_icon.cpp, utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp).
Correct linkage specification of present_prog() (main.cpp).
Use Cgu::start_timeout_seconds() rather than Cgu::start_timeout()
where available (fax_list_manager.cpp, logger.cpp).
Remove redundant comments (prog_defs.h,
utils/toolbar_append_widget.cpp).
Upgrade internal c++-gtk-utils version to 1.2.4.
numerous general bugs. The vulnerabilities fixed are: AST-2014-001,
AST-2014-002, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
The security patches for AST-2014-007 have been updated with the
fix for the regression, and are available at
http://downloads.asterisk.org/pub/security
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or
HTTPS port respectively in http.conf and then not sending or
completing a HTTP request will tie up a HTTP session. By doing
this repeatedly until the maximum number of open HTTP sessions
is reached, legitimate requests are blocked.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.28.0.
The release of Asterisk 1.8.28.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
* ASTERISK-23650 - Intermittent segfault in string functions
(Reported by Roel van Meer)
Improvements made in this release:
-----------------------------------
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.28.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.27.0.
The release of Asterisk 1.8.27.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23382 - [patch]Build System: make -qp can corrupt
menuselect-tree and related files (Reported by Corey Farrell)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.27.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.26.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.26.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
Improvements made in this release:
-----------------------------------
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.26.0
Thank you for your continued support of Asterisk!
with general bug fixes. The security issues fixed are: AST-2014-001,
AST-2014-002, AST-2014-006, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP request
will tie up a HTTP session. By doing this repeatedly until the maximum number
of open HTTP sessions is reached, legitimate requests are blocked.
Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the
following issue:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
Manager users can execute arbitrary shell commands with the MixMonitor manager
action. Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is permitted to use
manager commands can potentially execute shell commands as the user executing
the Asterisk process.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.10.0.
The release of Asterisk 11.10.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-23559 - app_voicemail fails to load after fix to
dialplan functions (Reported by Corey Farrell)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23545 - Confbridge talker detection settings
configuration load bug (Reported by John Knott)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-23616 - Big memory leak in logger.c (Reported by
ibercom)
* ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
(Reported by Sebastian Wiedenroth)
* ASTERISK-23550 - Newer sound sets don't show up in menuselect
(Reported by Rusty Newton)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23605 - res_http_websocket: Race condition in shutting
down websocket causes crash (Reported by Matt Jordan)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
'spy', if the spied-on channel makes a new call, unable to
barge. (Reported by Robert Moss)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
Improvements made in this release:
-----------------------------------
* ASTERISK-23649 - [patch]Support for DTLS retransmission
(Reported by NITESH BANSAL)
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.9.0.
The release of Asterisk 11.9.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23034 - [patch] manager Originate doesn't abort on
failed format_cap allocation (Reported by Corey Farrell)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23232 - LocalBridge AMI Event LocalOptimization value
is opposite to what's expected (Reported by Leon Roy)
* ASTERISK-23098 - [patch]possible null pointer dereference in
format.c (Reported by Marcello Ceschia)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23279 - [patch]Asterisk doesn't support the dynamic
payload change in rtp mapping in the 200 OK response (Reported
by NITESH BANSAL)
* ASTERISK-23255 - UUID included for Redhat, but missing for
Debian distros in install_prereq script (Reported by Rusty
Newton)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23336 - Asterisk warning "Don't know how to indicate
condition 33 on ooh323c" on outgoing calls from H323 to SIP peer
(Reported by Alexander Semych)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-22911 - [patch]Asterisk fails to resume WebRTC call
from hold (Reported by Vytis Valentinavičius)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-21930 - [patch]WebRTC over WSS is not working.
(Reported by John)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-20149 - Crash when faxing SIP to SIP with strictrtp set
to yes (Reported by Alexandr Gordeev)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23311 - Manager - MoH Stop Event fails to show up when
leaving Conference (Reported by Benjamin Keith Ford)
* ASTERISK-23420 - [patch]Memory leak in manager_add_filter
function in manager.c (Reported by Etienne Lessard)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-23461 - Only first user is muted when joining
confbridge with 'startmuted=yes' (Reported by Chico Manobela)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23103 - [patch]Crash in ast_format_cmp, in ao2_find
(Reported by JoshE)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
* ASTERISK-23460 - ooh323 channel stuck if call is placed directly
and gatekeeper is not available (Reported by Dmitry Melekhov)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
* ASTERISK-23099 - [patch] WSS: enable ast_websocket_read()
function to read the whole available data at first and then wait
for any fragmented packets (Reported by Thava Iyer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.9.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.8.0.
The release of Asterisk 11.8.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
Asterisk to Chrome (Reported by Shaun Clark)
* ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
DTMF menus in ConfBridge (processed as directive) (Reported by
Nicolas Tanski)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
Melekhov)
* ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
"WIMPy" Harzenetter)
* ASTERISK-22942 - [patch] - Asterisk crashed after
Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
Improvements made in this release:
-----------------------------------
* ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
When Running "sip show peers" (Reported by Michael L. Young)
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22919 - core show channeltypes slicing (Reported by
outtolunc)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
Thank you for your continued support of Asterisk!
Changes since version 0.4:
0.7, 20130330 - jeagle
Add ability to allow users to specify their own frame allocation routines.
Update API mode 2 with latest version from jdodgen
0.6, 20120624 - jeagle
Update documentation.
Add support for API mode 2 escapes. Needs testing.
Add constant for the "BD" baud rate table.
0.5, 20120401 - jeagle
Add support for Win32::SerialPort to enable Windows support. (Thanks Jerry)
Fix issue with tx() in async mode. (Thanks Vicente)
Add support for "explicit rx indicator" packets. (Thanks Vicente)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
These releases are maintenance releases, and do not contain any new
features or functionality, but only contain bugfixes:
* Re-order library files in fchmod() configure check
* faxalter: Wire up the nissing page range -Z options
* man: JobReqError/JobRetryError were missing in hylafax-config.4
* typerules: adding missing comma to typeNames array
* Do not warn about one of the Fontpath directories not existing
* Reworked how faxsetup looks for Fontmap
* Use a private Fontmap.HylaFAX file of .pfb files
* Combine all Fontmap files in memory, including new Fontmap.HylaFAX
* Bug 934: We need to avoid a 0-index in playList
* hfaxd: Eliminte extraneous debug logging
* hfaxd: Make source port for active connections be ctrl port - 1
* hfaxd: Release old accept fd
* Support libtiff 4.0
* faxsend: JobRetryOther/JobRequeueOther weren't actually being used
* Make sure not to cut faxq FIFO messages in two when reaching end of buffer
* hfaxd: Port is network byte order, correct logging of it
This fixes abuild failure when a version of the package is already
installed.
Not bumping PKGREVISION because the resulting package should be unchanged.
Revision history for Perl extension Device::Modem.
1.57 Sun Jan 26 11:36:11 CET 2014
- Added a "handshake" option to the connect() method.
Allowed values are "xoff", "rts" or "none" (default).
Thanks to Ezio Bonsi for suggesting the idea.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Version 2.7 2013-10-17
---------------------------
- Win32: setRTS and setDTR can be called before the port is opened and it will
set the initial state on port open.
- Posix: add platform specific method: outWaiting (already present for Win32)
- Posix: rename flowControl to setXON to match name on Win32, add
flowControlOut function
- rfc2217: zero polls value (baudrate, data size, stop bits, parity) (Erik
Lundh)
- Posix: [Patch pyserial:28] Accept any speed on Linux [update]
- Posix: [Patch pyserial:29] PosixSerial.read() should "ignore" errno.EINTR
- OSX: [Patch pyserial:27] Scan by VendorID/Product ID for USB Serial devices
- Ensure working with bytes in write() calls
Bugfixes:
- [Bug 3540332] SerialException not returned
- [Bug pyserial:145] Error in socket_connection.py
- [Bug pyserial:135] reading from socket with timeout=None causes TypeError
- [Bug pyserial:130] setup.py should not append py3k to package name
- [Bug pyserial:117] no error on lost conn w/socket://
Bugfixes (posix):
- [Patch 3462364] Fix: NameError: global name 'base' is not defined
- list_ports and device() for BSD updated (Anders Langworthy)
- [Bug 3518380] python3.2 -m serial.tools.list_ports error
- [Bug pyserial:137] Patch to add non-standard baudrates to Cygwin
- [Bug pyserial:141] open: Pass errno from IOError to SerialException
- [Bug pyserial:125] Undefined 'base' on list_ports_posix.py, function usb_lsusb
- [Bug pyserial:151] Serial.write() without a timeout uses 100% CPU on POSIX
- [Patch pyserial:30] [PATCH 1/1] serial.Serial() should not raise IOError.
Bugfixes (win32):
- [Bug 3444941] ctypes.WinError() unicode error
- [Bug 3550043] on Windows in tools global name 'GetLastError' is not defined
- [Bug pyserial:146] flush() does nothing in windows (despite docs)
- [Bug pyserial:144] com0com ports ignored due to missing "friendly name"
- [Bug pyserial:152] Cannot configure port, some setting was wrong. Can leave
port handle open but port not accessible
The Asterisk Development Team has announced the release of Asterisk 1.8.25.0.
The release of Asterisk 1.8.25.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- chan_sip: Fix an issue where an incompatible audio format may be
added to SDP.
* --- cdr_adaptive_odbc: Also apply a filter when the CDR value is
empty.
* --- app_queue: Fix Queuelog EXITWITHKEY only logging two of four
fields
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.25.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.7.0.
The release of Asterisk 11.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_confbridge: Can now set the language used for announcements
to the conference.
* --- app_queue: Fix CLI "queue remove member" queue_log entry.
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007, and a minor bug fix update.
pkgsrc change: disable SRTP on NetBSD as it doesn't link
---- 11.6.1 ----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
----- 11.6.0 -----
The Asterisk Development Team has announced the release of Asterisk 11.6.0.
The release of Asterisk 11.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Confbridge: empty conference not being torn down
(Closes issue ASTERISK-21859. Reported by Chris Gentle)
* --- Let Queue wrap up time influence member availability
(Closes issue ASTERISK-22189. Reported by Tony Lewis)
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
(Closes issue ASTERISK-21117. Reported by Rafael Angulo)
* --- chan_iax2: Fix saving the wrong expiry time in astdb.
(Closes issue ASTERISK-22504. Reported by Stefan Wachtler)
* --- Fix segfault for certain invalid WebSocket input.
(Closes issue ASTERISK-21825. Reported by Alfred Farrugia)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.24.0.
The release of Asterisk 1.8.24.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
* --- Fix Not Storing Current Incoming Recv Address
* --- Fix Segfault When Syntax Of A Line Under [applicationmap] Is
Invalid
* --- Tolerate presence of RFC2965 Cookie2 header by ignoring it
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.24.0
Thank you for your continued support of Asterisk!
Changes since 1.8.0:
1.8.1 - 04/05/11
Added a jpilot-merge utility for merging unsynced records into a pdb file
Fixes Debian bug #574030: jpilot: can't delete appointments
Resolve bug 2012 where small months in Postcript printout overlapped a calendar event.
Fix multiple memory leaks all over code base
Added a VCard export format optimized for GMail/Android import
Correct iCal export for repeating events with an end date
Add Category and Location fields to Calendar iCal export
Add categories to left-hand side of Calendar application
Add "cancel sync" button and icon to main jpilot window
use CRLF for ToDo iCal export per RFC
Add new "future" button to repeat appt. modification dialog so that changes only affect future occurrences
Ability to install files directly to SDCARD, hardcoded to /PALM/Launcher/ directory
Keyboard shortcuts to set priority of ToDo items with Alt+# where # is 1-5
Add ability to launch external editor to quickly edit memo or note text. Bound to Ctrl-E.
- Alternative hex output (to be improved)
- Print creation date of serial device file (if < 20 hrs), useful for
identifying just plugged in USB-Serial adapters
- Support ':' (colon) in device path names. Note, that this changes old
behaviour which used ':' as a device path delimiter.
- Several language updates.
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
pkgsrc change: disable detection of broken IP_PKTINFO on NetBSD
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.23.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add work around for NetBSD's incompatible implementation of IP_PKTINFO
- core sounds package was updated to 1.4.24
The Asterisk Development Team has announced the release of Asterisk 1.8.23.0.
The release of Asterisk 1.8.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a memory copying bug in slinfactory which was causing
mixmonitor issues.
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix crash in chan_sip when a core initiated op occurs at the
same time as a BYE
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- chan_sip: Session-Expires: Set timer to correctly expire at
(~2/3) of the interval when not the refresher
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add dependency on libuuid
- work around NetBSD's incompatible implementation of IP_PKTINFO
The Asterisk Development Team has announced the release of Asterisk 11.5.0.
The release of Asterisk 11.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Segfault In app_queue When "persistentmembers" Is Enabled
And Using Realtime
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls
Initiated By PBX
* --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent
out after retries fail
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0
Thank you for your continued support of Asterisk!
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
- improvements to the user interface
- better phone log support
- support for changing the SIM PIN code (via the new "password" plug-in)
- optional "pulseaudio" plug-in (instead of builtin to the "profiles" plug-in)
- fixes to the "video" plug-in
- new manual pages
- more portable Makefiles
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@
Commented 2/3 patches. Added gsed to USE_TOOLS. Buildlink'd pthread. Added
fortran77 to USE_LANGUAGES. Included options.mk file to enable the user to
build with mmx, sse, and "tests" option, which uses pcap, X11, sndfile,
libxml2, fltk, and fftw to run some tests. All of these options are
disabled by default. Some of these changes were already present in
wip/spandsp and were merged into this package after its removal. All
PKG_OPTIONS are disabled by default. There are no noticeable changes to
the package from this update.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
Added libgcrypt support
Added support for Calendar app
Export function for KeyRing data
Overhaul of Expense plugin
Overhaul VCARD export including adding IM, Birthday, Website fields
GUI changes: ToDo items due today are marked by a soft green color
GUI changes: new alarm clock and lock icons
GUI changes: radio buttons to select between timed and untimed events
Fixed Mac OS X bugs/crash
Resolve segmentation fault when editing Contacts with attached pictures
Resolve error where Contacts created on Palm could not be deleted with Jpilot
Resolve sync error with simultaneously modified Contacts
Fix Bug 1991 : Categories are lost during first sync
The Asterisk Development Team has announced the release of Asterisk 11.4.0.
The release of Asterisk 11.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Fix StopMixMonitor Hanging Up When Unable To Stop MixMonitor On
A Channel
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix white noise on SRTP decryption
* --- Fix reload skinny with active devices.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.22.0.
The release of Asterisk 1.8.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Make ParkAndAnnounce return to priority + 1 when return context
is not defined
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix several unreleased mutex locks that cause problem with
processing calls
* --- Fix crash when AMI redirect action redirects two channels out of
a bridge.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.22.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.3.0.
The release of Asterisk 11.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Retain XMPP filters across reconnections so external modules
continue to function as expected.
* --- Ensure that a declined media stream is terminated with a '\r\n'
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.3.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.21.0.
The release of Asterisk 1.8.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix station ringback; trunk hangup issues in SLA
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Fix Record-Route parsing for large headers.
* --- Fix AMI redirect action with two channels failing to redirect
both channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.21.0
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
pkglint warnings aren't gospel! They need to be verified in an
intelligent manner. After variable substitution, the lines will
be shorter then 80 characters, thus there was no need to shorten
them.
COMMENT should not be longer than 70 characters.
COMMENT should not begin with 'A'.
COMMENT should not begin with 'An'.
COMMENT should not begin with 'a'.
COMMENT should not end with a period.
COMMENT should start with a capital letter.
pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
There is a new maintainer, Hendrik Sattler and the sources are held
at gitorius.org. Build is changed to CMake and although it does not appear
in the ChangeLog below, I forwarded all the NetBSD related patches that
pkgsrc had (and more in fact, to get it working) although I would still say
that obexapp is the better program.
From the ChangeLog:
ObexFTP 0.24 (released 2013-03-05)
----------------------------------
* Maintainer changed from Christian to Hendrik
* change build system to using CMake
* integrate obexfs-0.12
* fix build for OpenOBEX-1.7
ObexFTP 0.23 (released 2009-02-17)
----------------------------------
* allow win32 to use hci src names
* adding a simpler connect wrapper
* show OBEX_HandleInput errors
* catch errors and let the user know
* print timeout stats if available
* sdp unregister more verbose
* upgrading btkit
* fix for win32 without bt
* replacing deprecated automake vars
* sizeof() fixes
* removing bdaddr_t reference from obexftpd.c
* adding bootstrap helper
* concurrency bug in extconf.rb generated Makefile (fix by Alin Năstac)
* switching from POD to asciidoc
* clearing gnu-style implicit rules
ObexFTP 0.22 (released 2008-06-15)
----------------------------------
* added proper unicode support
* added support for transparent OBEX-over-AT mode
* rewritten at-command function
* added specific error messages
* refactored to flexible bt_kit layer
* fixed cache root duplicates
* fixed off-by-one and unfreed mem in cache layer
* added pkg-config file
* added example code
* switched to doxygen
* added python binding callbacks
* portable packed structs
* enabled linux hci dev names for source selection
* Python binding uses distutils now, tested by Adam Williamson
* removed exit from bt discovery
* Better autodetection for possible language bindings
* reworked win32 support
* Motorola SLVR L2 cobex fix by Andrey Rahmatullin
* now using AC_HELP_STRING for compat with autoconf <=2.57
* added hci selection support, drafted by Manuel Naranjo
* switched obexftp cli to new discovery api
* prefer PCSUITE over FTP, req. by Martin Storsjö for Series 60 2nd Ed.
* fixed compile error with >=swig-1.3.28
* renamed sdp browse function
* fixed month/day swapping in atotime, spotted by Dr. Johannes Zellner
* added BFC compatibility for newer Siemens phones
* added PCSOFTWARE uuid support for SHARP phones
* added motorola support
* end bfb mode properly
* added CPROT=0 support from 3GPP 27.007
* fixed ericsson init
* fixed invalid conn_id in disconnect rep. by Alan J. McFarlane
* better create flag handling in setpath
* Changed LDADD to LIBADD sug. by Sergey Vlasov <vsu@altlinux.ru>
* obexftpd clean up by Hendrik Sattler
* 64-bit fixes by Hendrik Sattler
* Removed all (dangerous) obex_headerdata_t casts
* Reorganized all swig-dependant Makefiles
* Applied cobex write patch from Simon Ruggier <Simon80@gmail.com>
* Applied from Frode Isaksen <fisaksen@bewan.com>
ObexFTP 0.21 (released 2006-06-27)
----------------------------------
2006-05-26 Christian W. Zuckschwerdt <zany@triq.net>
* Fixes to obexftpd suggested by Hendrik Sattler
2006-05-24 Christian W. Zuckschwerdt <zany@triq.net>
* Added ruby binding
* Added preliminary discovery function
and the sources are now stored at gitorius.org. The build system is changed
to CMake
From the ChangeLog:
ver 1.7:
Add support for CMake config files
Internal code reorganisation and rewrite
Add new function set for better control than OBEX_HandleInput():
* OBEX_SetTimeout(),
* OBEX_Work() and
* OBEX_GetDataDirection()
ver 1.6:
Change ABI from 1 to 2 because:
* Redo the USB changes from version 1.4
* Remove InOBEX_* function, use the TcpOBEX_* functions instead
* Remove the simple Unicode<->ASCII functions
Add support for Single Response Mode
Add manpages for all example applications
Add udev support
Add new example app to find IrDA and USB OBEX devices
Add fixes for FreeBSD
Add support for libusb-1.x
Add support for close-on-exec
