The release of Asterisk 10.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Set the Caller ID "tag" on peers even if remote party
information is present.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.7.0
Thank you for your continued support of Asterisk!
The release of Asterisk 1.8.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Make the address family filter specific to the transport.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.15.0
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is only built in some situation
instead of adding gross hacks
- upgrade to Asterisk 10.6.1: this is a bugfix release
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is built only in some situations
instead of adding gross hacks
- upgrade to Asterisk 1.8.14.1: this is a bugfix release
The release of Asterisk 1.8.14.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
Thank you for your continued support of Asterisk!
This package has not been patched for DragonFly.
There are two newer packages, asterisk10 and asterisk18
According to commit messages, this package will be removed in
"not too distant future" due to being EOL.
The Asterisk Development Team has announced the release of Asterisk 10.6.0.
The release of Asterisk 10.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Re-add LastMsgsSent value for SIP peers
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.14.0.
The release of Asterisk 1.8.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Update a peer's LastMsgsSent when the peer is notified of
waiting messages
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.0
Thank you for your continued support of Asterisk!
and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 nd Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
Thank you for your continued support of Asterisk!
AST-2012-010 and AST-2012-011
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
resolve the following two issues:
* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.
* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.
These issues and their resolution are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-010 and AST-2012-011, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/pST-2012-011.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced a security release for
Asterisk 10. This security release is released as version 10.5.1.
The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 10.5.1 resolves the following issue:
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client sends an Off Hook
message, followed by a Key Pad Button Message, a structure that
was previously set to NULL is dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
This issue and its resolution is described in the security advisory.
For more information about the details of this vulnerability, please
read security advisory AST-2012-009, which was released at the same
time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2012-009.pdf
Thank you for your continued support of Asterisk!
hex digits, so patching the makefile to compare it as decimal will
not work. Just patch out the test entirely, as pkgsrc guarantees
curl will always be present and the packaging is not equipped to
deal with this check failing anyhow.
The Asterisk Development Team has announced the release of Asterisk
10.5.0.
The release of Asterisk 10.5.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk
1.8.13.0.
The release of Asterisk 1.8.13.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.13.0
Thank you for your continued support of Asterisk!
AST-2012-008 along with some general bug fixes.
----- 10.4.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 10.4.2 -----
The Asterisk Development Team has announced the release of Asterisk
10.4.2.
The release of Asterisk 10.4.2 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
* --- Fix crash in ConfBridge when user announcement is played for
more than 2 users
(Closes issue ASTERISK-19899. Reported by Florian Gilcher)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.2
Thank you for your continued support of Asterisk!
and AST-2012-008 along with some general bug fixes.
----- 1.8.12.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 1.8.12.2 -----
The Asterisk Development Team has announced the release of Asterisk
1.8.12.2.
The release of Asterisk 1.8.12.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.2
Thank you for your continued support of Asterisk!
pkgsrc changes:
- set OPTIMIZE to -O3 as levels above are poorly defined and can
cause problems
- maintain current patch namimg convention
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.12.0.
The release of Asterisk 1.8.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Prevent chanspy from binding to zombie channels
* --- Fix Dial m and r options and forked calls generating warnings
for voice frames.
* --- Remove ISDN hold restriction for non-bridged calls.
* --- Fix copying of CDR(accountcode) to local channels.
* --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
* --- Eliminate double close of file descriptor in manager.c
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.12.0
Thank you for your continued support of Asterisk!
* libXp was used by Xaw8, but it had been obsolated, and in pkgsrc,
x11/libXaw/buildlink3.mk had been switched to pick up Xaw7 by default.
* With x11/xorg-cf-files, libXp was offered with XawClientLibs,
but updated to 1.0.4, it was removed.
* And pkgsrc had been switched to use always xorg-cf-files and imake from pkgsrc,
so all platforms should not require libXp from libXaw with Imake.
Bump PKGREVISION.
The Asterisk Development Team has announced the release of Asterisk 10.4.0.
The release of Asterisk 10.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Prevent chanspy from binding to zombie channels
* --- Fix Dial m and r options and forked calls generating warnings
for voice frames.
* --- Remove ISDN hold restriction for non-bridged calls.
* --- Fix copying of CDR(accountcode) to local channels.
* --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
* --- Eliminate double close of file descriptor in manager.c
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.0
Thank you for your continued support of Asterisk!
The 1.6.2 series went End of Life on April 21st 2012, so this was
the last update. This package will be deleted in the not too
distnat future.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
Thank you for your continued support of Asterisk!
and AST-2012-006.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve
the following issue:
* A remote crash vulnerability in the SIP channel driver when
processing UPDATE requests. If a SIP UPDATE request was received
indicating a connected line update after a channel was terminated
but before the final destruction of the associated SIP dialog,
Asterisk would attempt a connected line update on a non-existing
channel, causing a crash.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
Thank you for your continued support of Asterisk!
and AST-2012-006.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve
the following issue:
* A remote crash vulnerability in the SIP channel driver when
processing UPDATE requests. If a SIP UPDATE request was received
indicating a connected line update after a channel was terminated
but before the final destruction of the associated SIP dialog,
Asterisk would attempt a connected line update on a non-existing
channel, causing a crash.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.11.1http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-006.pdf
Thank you for your continued support of Asterisk!
Because it depends on changes to the API in libtiff 4.x, set the minimum
BUILDLINK_API_DEPENDS accordingly. And, even though it wasn't building,
bump PKGREVISION to 7; the new package depending on tiff>=4.0 needs to
be distinguishable from the old package depending on tiff<4.0.
XXX: This package desperately needs to be updated. It is years out of
XXX: date with respect to upstream.
Attempt to honor VARBASE instead of blithely dropping stuff into /var;
may be incomplete. Doing this right may require sorting out multiple
/var trees as it shouldn't, at least by default, be working dialer
locks in the pkgsrc VARBASE; however, it's not clear that those will
always necessarily be in /var either. For now the package assumes
they will be though.
*** If I have broken this for you, please let me know ASAP.
pkgsrc change: eliminate ilbc option now that the iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 1.8.11.0.
The release of Asterisk 1.8.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.11.0
Thank you for your continued support of Asterisk!
pkgsrc change: eliminate ilbc option now that iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 10.3.0.
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0
Thank you for your continued support of Asterisk!
Changes:
1.06 Wed 9 Nov 2011
- No functional changes
- Moved to production version
- Updating to Module::Install::DSL 1.04
- New Perl back-compatibility target of 5.6
- Made the Perl back-compat target explicit
- Bumping a variety of dependencies to pick up bug fixes
- Don't import from Params::Util
- Various whitespace/tabbing fixes
- Removed the use of base.pm
- Updated bundled author tests and moved to xt
Changes:
1.56 Thu Sep 29 13:43:31 CEST 2011
- [RT#71330] Unbroken the MANIFEST file. 1.55 was non functional.
Thanks to Vita Cizek for reporting.
1.55 [BROKEN RELEASE. AVOID] Fri Sep 23 22:01:31 CEST 2011
- Performance improvements by Ed Wildgoose, long time user. Thanks Ed!
Windows users, please test this release!
Changes:
1.60 Fri Mar 16 12:14:07 CET 2012
- Removed the syslog test. Was artificial and pointless,
and it failed on Windows and Solaris. Thanks to CPAN testers reports.
1.59 Thu Mar 8 10:13:30 CET 2012
- Fixed RT #75619, POD fixes to make the POD clean for Debian packaging.
- Applied .perltidyrc to all source files. Watch out if you had patches :)
Changes:
1.03 Fix AGI.pm from printing warnings on some optional
variables (http://bugs.debian.org/525025)
1.02 Fix POD for AGI.pm thanks to Lawrence Gilbert
Fix Manager.pm parsing values that were 0
Fix verbose example in AGI.pm
Fix return in _readparse in AGI.pm
Fix quoting on a few AGI.pm commands
This is a security fix update. It fixes AST-2012-002.
NOTE NOTE NOTE
This is likely to be the last update to this package. This version
of Asterisk will be EOLed on April 21st, 2012. It will probably
be removed from pkgsrc not long after that. If you are still using
this package, you should consider switching to comms/asterisk18,
the Long Term Support version, or comms/asterisk10 in the near
future.
NOTE NOTE NOTE
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein
app_milliwatt can potentially overrun a buffer on the stack, causing
Asterisk to crash. This does not have the potential for remote
code execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.23
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
Thank you for your continued support of Asterisk!
This is a security fix release. It fixes AST-2012-002 and AST-2012-003.
pkgsrc changes:
- adapt to having iLBC source code included
- fix building on Solaris
- adapt to new sound tarball
----- 10.2.0 -----
The Asterisk Development Team has announced the release of Asterisk 10.2.0.
The release of Asterisk 10.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
* --- Include iLBC source code for distribution with Asterisk ---
* --- Fix callerid of originated calls ---
* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
* --- Create and initialize udptl only when dialog requests image media ---
* --- Don't prematurely stop SIP session timer ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.2.0
Thank you for your continued support of Asterisk!
----- 10.2.1 -----
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible. Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.2.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Thank you for your continued support of Asterisk!
pkgsrc changes: adapt to having iLBC coded included in the asterisk
tarball and newer version of sounds tarball.
----- 1.8.10.0 -----
The Asterisk Development Team has announced the release of Asterisk 1.8.10.0.
The release of Asterisk 1.8.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---
* --- Include iLBC source code for distribution with Asterisk ---
* --- Fix callerid of originated calls ---
* --- Fix outbound DTMF for inband mode of chan_ooh323 ---
* --- Create and initialize udptl only when dialog requests image media ---
* --- Don't prematurely stop SIP session timer ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.10.0
Thank you for your continued support of Asterisk!
----- 1.8.10.1 -----
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible. Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.10.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 10.1.3.
The release of Asterisk 10.1.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)
* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.3
Thank you for your continued support of Asterisk!
pkgsrc changes:
- maintain patch naming convention
- detect kqueue properly
The Asterisk Development Team has announced the release of Asterisk 1.8.9.3.
The release of Asterisk 1.8.9.3 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix ACK routing for non-2xx responses.
(Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer)
* --- Fix regressions with regards to route-set creation on early dialogs ---
(Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.3
Thank you for your continued support of Asterisk!
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix SIP INFO DTMF handling for non-numeric codes ---
(Closes issue ASTERISK-19290. Reported by: Ira Emus)
* --- Fix crash in ParkAndAnnounce ---
(Closes issue ASTERISK-19311. Reported-by: tootai)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.2
The release of Asterisk 1.8.9.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolve
The release of Asterisk 1.8.9.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.1
Thank you for your continued support of Asterisk!
The release of Asterisk 10.1.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fixes deadlocks occuring in chan_agent ---
* --- Ensure entering T.38 passthrough does not cause an infinite loop ---
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.1
Thank you for your continued support of Asterisk!
The Asterisk Development Team is pleased to announce the release of
Asterisk 10.1.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded. (closes issue ASTERISK-19202)
Reported by: Catalin Sanda
* Allow playback of formats that don't support seeking. ast_streamfile
previously did unconditional seeking on files that broke playback of
formats that don't support that functionality. This patch avoids the
seek that was causing the problem.
(closes issue ASTERISK-18994) Patched by: Timo Teras
* Add pjmedia probation concepts to res_rtp_asterisk's learning mode. In
order to better handle RTP sources with strictrtp enabled (which is the
default setting in 10) using the learning mode to figure out new sources
when they change is handled by checking for a number of consecutive (by
sequence number) packets received to an rtp struct based on a new
configurable value called 'probation'. Also, during learning mode instead
of liberally accepting all packets received, we now reject packets until a
clear source has been determined.
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop. Failing
to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
* Fix timing source dependency issues with MOH. Prior to this patch,
res_musiconhold existed at the same module priority level as the timing
sources that it depends on. This would cause a problem when music on
hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
* Fix RTP reference leak. If a blind transfer were initiated using a
REFER without a prior reINVITE to place the call on hold, AND if Asterisk
were sending RTCP reports, then there was a reference leak for the
RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
* Fix blind transfers from failing if an 'h' extension
is present. This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
* Restore call progress code for analog ports. Extracting sig_analog
from chan_dahdi lost call progress detection functionality. Fix
analog ports from considering a call answered immediately after
dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
* Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team is pleased to announce the release of
Asterisk 1.8.9.0. This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* AST-2012-001: prevent crash when an SDP offer
is received with an encrypted video stream when support for video
is disabled and res_srtp is loaded. (closes issue ASTERISK-19202)
Reported by: Catalin Sanda
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop. Failing
to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop
causes the loop to exit prematurely. This causes a variety of negative side
effects, depending on when the loop exits. This patch handles the frame by
essentially swallowing the frame in the local loop, as the current channel
drivers expect the RTP bridge to handle the frame, and, in the case of the
local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested
by: Matt Jordan
* Fix timing source dependency issues with MOH. Prior to this patch,
res_musiconhold existed at the same module priority level as the timing
sources that it depends on. This would cause a problem when music on
hold was reloaded, as the timing source could be changed after
res_musiconhold was processed. This patch adds a new module priority
level, AST_MODPRI_TIMING, that the various timing modules are now loaded
at. This now occurs before loading other resource modules, such
that the timing source is guaranteed to be set prior to resolving
the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H,
Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero
* Fix RTP reference leak. If a blind transfer were initiated using a
REFER without a prior reINVITE to place the call on hold, AND if Asterisk
were sending RTCP reports, then there was a reference leak for the
RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali
* Fix blind transfers from failing if an 'h' extension
is present. This prevents the 'h' extension from being run on the
transferee channel when it is transferred via a native transfer
mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported
by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by
Mark Michelson (license 5049)
* Restore call progress code for analog ports. Extracting sig_analog
from chan_dahdi lost call progress detection functionality. Fix
analog ports from considering a call answered immediately after
dialing has completed if the callprogress option is enabled.
(closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller
* Fix regression that 'rtp/rtcp set debup ip' only works when a port
was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by:
Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0
Thank you for your continued support of Asterisk!
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
The Asterisk Development Team is proud to announce the release of
Asterisk 10.0.0. This release is available for immediate download
at http://downloads.asterisk.org/pub/telephony/asterisk/
Asterisk 10 is the next major release series of Asterisk. It will
be a Standard support release, similar to Asterisk 1.6.2. For more
information about support time lines for Asterisk releases, see
the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
With the release of the Asterisk 10 branch, the preceding '1.' has
been removed from the version number per the blog post available
at
http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-arrived-at-asterisk-10/
The release of Asterisk 10 would not have been possible without
the support and contributions of the community.
You can find an overview of the work involved with the 10.0.0
release in the summary:
http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary.txt
A short list of available features includes:
* T.38 gateway functionality has been added to res_fax.
* Protocol independent out-of-call messaging support. Text messages not
associated with an active call can now be routed through the Asterisk
dialplan. SIP and XMPP are supported so far.
* New highly optimized and customizable ConfBridge application capable
of mixing audio at sample rates ranging from 8kHz-192kHz
* Addition of video_mode option in confbridge.conf to provide basic video
conferencing in the ConfBridge() dialplan application.
* Support for defining hints has been added to pbx_lua.
* Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
* Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES
Also, when upgrading a system between major versions, it is imperative
that you read and understand the contents of the UPGRADE.txt file,
which is located at:
http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt
Thank you for your continued support of Asterisk!
share/doc/asterisk/AST.{txt,pdf} has been replaced with
share/doc/asterisk/Asterisk_Admin_Guide. You will need a browser
to read the latter.
----- Asterisk 1.8.8.1 -----
The release of Asterisk 1.8.8.1 resolves a regression introduced
in Asterisk 1.8.8.0 reported by the community, and would have not
been possible without your participation. Thank you!
The following is the issue resolved in this release:
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop
Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local
bridge loop causes the loop to exit prematurely. This causes a
variety of negative side effects, which may include having Music
On Hold failing during a SIP Hold.
For a full description of the changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.1
Thank you for your continued support of Asterisk!
----- Asterisk 1.8.8.0 -----
The release of Asterisk 1.8.8.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Updated SIP 484 handling; added Incomplete control frame
When a SIP phone uses the dial application and receives a 484
Address Incomplete response, if overlapped dialing is enabled
for SIP, then the 484 Address Incomplete is forwarded back to
the SIP phone and the HANGUPCAUSE channel variable is set to
28. Previously, the Incomplete application dialplan logic was
automatically triggered; now, explicit dialplan usage of the
application is required.
* Prevent IAX2 from getting IPv6 addresses via DNS
IAX2 does not support IPv6 and getting such addresses from DNS
can cause error messages on the remote end involving bad IPv4
address casts in the presence of IPv6/IPv4 tunnels.
* Fix bad RTP media bridges in directmedia calls on peers separated by
multiple Asterisk nodes.
* Fix crashes in ast_rtcp_write()
* Fix for incorrect voicemail duration in external notifications.
This patch fixes an issue where the voicemail duration was being
reported with a duration significantly less than the actual
sound file duration.
* Prevent segfault if call arrives before Asterisk is fully booted.
* Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
* Fix locking order in app_queue.c which caused deadlocks
* Fix regression in configure script for libpri capability checks
* Prevent BLF subscriptions from causing deadlocks.
* Fix deadlock if peer is destroyed while sending MWI notice.
* Fix issue with setting defaultenabled on categories that are already
enabled by default.
* Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it
was possible to crash Asterisk by sending an INFO request if
no channel had been created yet.
* Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.
* Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when
the general and user/peer nat settings differ in whether to
respond to the port a request is sent from or the port listed
for responses in the Via header.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0
Thank you for your continued support of Asterisk!
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:
* The sample file listed *two* values for the 'nat' option as being the default.
Only 'yes' is the default.
* The warning about having differing 'nat' settings confusingly referred to both
peers and users.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22
Thank you for your continued support of Asterisk!
