1.56 Mon Nov 15 21:00:00 CET 2010
- When sending messages in text mode, now we wait a bit
between the +CMSG command and the actual text.
Fixes RT #61729. Thanks to Boris Ivanov for the report.
- Added clear example of logging to a custom file
- Added a warning for not implemented _read_messages_text()
- Added a "assume_registered" option to skip GSM network
registration on buggy/problematic devices.
by Iain Hibbert:
- use libexpat instead of FreeBSD internal libbsdxml
- fix off by one error with busy spinner, which sometimes
resulted in a spurious backspace in the output
- fflush(stdout) for busy spinner
- print streaming statistics after transfers in client mode
- use HAVE_BT_DEVADDR rather than testing for __NetBSD__
- use bdaddr_any() functions instead of memcpy()
- allow server mode to bind to channel 0, indicating to the OS
that the first available channel should be used
- prevent busy loop bug if the socket is remotely closed causing
the read() to return 0 bytes
- fix some [unsigned comparison] compiler warnings
- provide connection ID for all get requests, improves compatibility
with remote windows mobile devices
The release of Asterisk 1.6.2.14 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where session timers would be advertised as supported even
when session-timers=refuse was set in sip.conf. Also fix
interoperability problems with session timer behavior in Asterisk.
(Closes issue #17005. Reported by alexcarey. Patched by dvossel)
* Parse all "Accept" headers for SIP SUBSCRIBE requests.
(Closes issue #17758. Reported by ibc. Patched by dvossel)
* Fix issue where queue stats would be reset on reload.
(Closes issue #17535. Reported by raarts. Patched by tilghman)
* Fix issue where MoH files were no longer rescanned on during a
reload.
(Closes issue #16744. Reported by pj. Patched by Qwell)
* Fix issue with dialplan pattern matching where the specificity for
pattern ranges and pattern characters was inconsistent.
(Closes issue #16903. Reported, patched by Nick_Lewis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14
a feature update, so users that are upgrading should read UPDATE.txt.
pkgsrc changes:
- update to 1.6.2.13
- bury the asterisk-sounds-extra inside this one to keep it in sync
- handle sound tarballs directly (upstream had changed this to do a
download during the install phase and dump files in $HOME)
- add new documentation files:
- asterisk.txt
- building_queues.txt
- database_transactions.txt
- followme.txt
========
1.6.2.13
========
This release resolves an issue where the .version and ChangeLog files were not
updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
other than the .version, ChangeLog and summary files.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13
========
1.6.2.12
========
The release of Asterisk 1.6.2.12 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where DNID does not get cleared on a new call when using
immediate=yes with ISDN signaling.
(Closes issue #17568. Reported by wuwu. Patched by rmudgett)
* Several updates to res_config_ldap.
(Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
Tested by suretec)
* Prevent loss of Caller ID information set on local channel after masquerade.
(Closes issue #17138. Reported by kobaz, patched by jpeeler)
* Fix SIP peers memory leak.
(Closes issue #17774. Reported, patched by kkm)
* Add Danish support to say.conf.sample
(Closes issue #17836. Reported, patched by RoadKill)
* Ensure SSRC is changed when media source is changed to resolve audio delay.
(Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
* Only do magic pickup when notifycid is enabled.
A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
that a device is ringing. This option should only be enabled when the new
'notifycid' option is set, but this was not the case. Instead the call-id
value was included for every RINGING Notify message, which caused a
regression for people who used other methods for call pickup.
(Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
Tested by: dvossel, urosh, okrief, alecdavis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12
========
1.6.2.11
========
The release of Asterisk 1.6.2.11 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Send DialPlanComplete as a response, not as a separate event. Otherwise, it
goes to all manager sessions and may exclude the current session, if the
Events mask excludes it.
(Closes issue #17504. Reported, patched by rrb3942)
* Allow the "useragent" value to be restored into memory from the realtime
backend. This value is purely informational. It does not alter configuration
at all.
(Closes issue #16029. Reported, patched by Guggemand)
* Fix rt(c)p set debug ip taking wrong argument Also clean up some coding
errors.
(Closes issue #17469. Reported, patched by wdoekes)
* Ensure channel placed in meetme in ringing state is properly hung up. An
outgoing channel placed in meetme while still ringing which was then hung up
would not exit meetme and the channel was not properly destroyed.
(Closes issue #15871. Reported, patched by Ivan)
* Correct how 100, 200, 300, etc. is said. Also add the crazy British numbers.
(Closes issue #16102. Reported, patched by Delvar)
* cdr_pgsql does not detect when a table is found. This change adds an ERROR
message to let you know when a failure exists to get the columns from the
pgsql database, which typically means that the table does not exist.
(Closes issue #17478. Reported, patched by kobaz)
* Avoid crashing when installing a duplicate translation path with a lower
cost.
(Closes issue #17092. Reported, patched by moy)
* Add missing handling for ringing state for use with queue empty options.
(Closes issue #17471. Reported, patched by jazzy)
* Fix reporting estimated queue hold time. Just say the number of seconds
(after minutes) rather than doing some incorrect calculation with respect to
minutes.
(Closes issue #17498. Reported, patched by corruptor)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11
========
1.6.2.10
========
The release of Asterisk 1.6.2.10 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Allow users to specify a port for DUNDI peers.
(Closes issue #17056. Reported, patched by klaus3000)
* Decrease the module ref count in sip_hangup when SIP_DEFER_BYE_ON_TRANSFER is
set.
(Closes issue #16815. Reported, patched by rain)
* If there is realtime configuration, it does not get re-read on reload unless
the config file also changes.
(Closes issue #16982. Reported, patched by dmitri)
* Send AgentComplete manager event for attended transfers.
(Closes issue #16819. Reported, patched by elbriga)
* Correct manager variable 'EventList' case.
(Closes issue #17520. Reported, patched by kobaz)
In addition, changes to res_timing_pthread that should make it more stable have
also been implemented.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.10
=======
1.6.2.9
=======
The release of Asterisk 1.6.2.9 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix the PickupChan() application
(Closes issue #16863. Reported, patched by schern. Patched by cjacobsen.
Tested by Graber, cjacobsen, lathama, rickead2000, dvossel)
* Improve logging by displaying line number
(Closes issue #16303. Reported by dant. Patched by pabelanger. Tested by
dant, pabelanger, lmadsen)
* Notify CLI when modules are loaded/unloaded
(Closes issue #17308. Reported, patched by pabelanger. Tested by russell)
* Make the Makefile logic more explicit and move the Snow Leopard logic down to
where it's not executed on non-Darwin systems
(Closes issue #17028. Reported by pabelanger. Patched by seanbright,
tilghman. Tested by pabelanger)
* Manager cookies are not compatible with RFC2109. Make that no longer true.
(Closes issue #17231. Reported, patched by ecarruda)
* With IMAP backend, messages in INBOX were counted twice for MWI
(Closes issue #17135. Reported by edhorton. Patched by ebroad, tilghman)
* Fix possible segfault when logging
(Closes issue #17331. Reported, patched by under. Patched by dvossel)
* Fix memory hogging behavior of app_queue
(Closes issue #17081. Reported by wliegel. Patched by mmichelson)
* Allow type=user SIP endpoints to be loaded properly from realtime
(Closes issue #16021. Reported, patched by Guggemand)
Additionally, the following issue may be of interest:
* Fix transcode_via_sln option with SIP calls and improve PLC usage
(Review: https://reviewboard.asterisk.org/r/622/)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.9
=======
1.6.2.8
=======
The release of Asterisk 1.6.2.8 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Enable auto complete for CLI command 'logger set level'.
(Closes issue #17152. Reported, patched by pabelanger)
* Make the mixmonitor thread process audio frames faster.
(Closes issue #17078. Reported, tested by geoff2010. Patched by dhubbard)
* Add missing 'useragent' field to sip-friends.sql file.
(Closes issue #17171. Reported, patched by thehar)
* Add example dialplan for dialing ISN numbers (http://www.freenum.org)
(Closes issue #17058. Reported, patched by pprindeville)
* Fix issue with double "sip:" in header field.
(Closes issue #15847. Reported, patched by ebroad)
* Add ability to generate ASCII documentation from the TeX files by running
'make asterisk.txt'.
(Closes issue #17220. Reported by lmadsen. Tested, patched by pabelanger)
* When StopMonitor() is called, ensure that it will not be restarted by a
channel event.
(Closes issue #16590. Reported, patched by kkm)
* Small error in the T.140 RTP port verbose log.
(Closes issue #16998. Reported, patched by frawd. Tested by russell)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.8
=======
1.6.2.7
=======
The release of Asterisk 1.6.2.7 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Include an extra newline after "Aliased CLI command" to get back the prompt.
(Issue #16978. Reported by jw-asterisk. Tested, patched by seanbright)
* Prevent segfault if bad magic number is encountered.
(Issue #17037. Reported, patched by alecdavis)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.7
=======
1.6.2.6
=======
The release of Asterisk 1.6.2.6 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Fix crash in app_voicemail related to message counting.
(Closes issue #16921. Reported, tested by whardier. Patched by seanbright)
* Overlap receiving: Automatically send CALL PROCEEDING when dialplan starts
(Reported, Patched, and Tested by alecdavis)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
* Fix ConfBridge crash when no timing module is loaded.
(Closes issue #16471. Reported, tested by kjotte. Patched, tested by junky)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.6
=======
1.6.2.5
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.5
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
=======
1.6.2.4
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.4
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and 1.6.2.4
include documention describing a possible dialplan string injection with common
usage of the ${EXTEN} (and other expansion variables). The issue and resolution
are described in the AST-2010-002 security advisory.
If you have a channel technology which can accept characters other than numbers
and letters (such as SIP) it may be possible to craft an INVITE which sends data
such as 300&Zap/g1/4165551212 which would create an additional outgoing channel
leg that was not originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or the Dial()
application.
The expansion of variables into programmatically-interpreted strings is a common
behavior in many script or script-like languages, Asterisk included. The ability
for a variable to directly replace components of a command is a feature, not a
bug - that is the entire point of string expansion.
However, it is often the case due to expediency or design misunderstanding that
a developer will not examine and filter string data from external sources before
passing it into potentially harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if the dialplan
designer is not suitably cautious as to how foreign data is allowed to enter the
system unchecked.
This security release is intended to raise awareness of how it is possible to
insert malicious strings into dialplans, and to advise developers to read the
best practices documents so that they may easily avoid these dangers.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-002, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.4
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in the top-level
directory of your Asterisk sources, or available in all Asterisk branches from
1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
=======
1.6.2.3
=======
Was never released.
=======
1.6.2.2
=======
The Asterisk Development Team has announced security releases for Asterisk as
the following versions:
* 1.6.2.2
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix
described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over SIP can remotely
crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash will occur when
the FaxMaxDatagram field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please read the
security advisory AST-2009-009, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
=======
1.6.2.1
=======
The release of Asterisk 1.6.2.1 resolved several issues reported by the
community, and would have not been possible without your participation. Thank
you!
* CLI 'queue show' formatting fix.
(Closes issue #16078. Reported by RoadKill. Tested by dvossel. Patched by
ppyy.)
* Fix misreverting from 177158.
(Closes issue #15725. Reported, Tested by shanermn. Patched by dimas.)
* Fixes subscriptions being lost after 'module reload'.
(Closes issue #16093. Reported by jlaroff. Patched by dvossel.)
* app_queue segfaults if realtime field uniqueid is NULL
(Closes issue #16385. Reported, Tested, Patched by haakon.)
* Fix to Monitor which previously assumed the file to write to did not contain
pathing.
(Closes issue #16377, #16376. Reported by bcnit. Patched by dant.
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.1-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.1
=======
1.6.2.0
=======
The release of Asterisk 1.6.2.0 is the first feature release since Asterisk
1.6.1.0, which was released April 27, 2009. Many new features have been included
in this release. For a complete list of changes, please see the CHANGES file.
For those upgrading from a previous release, please see UPGRADE.txt
It should be explicitly stated that Asterisk 1.6.2.0 is a major upgrade over any
previous release, and special care should be taken when upgrading existing
systems. Please see the UPGRADE.txt file for more information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/UPGRADE.txt
A detailed overview to the new features available in Asterisk 1.6.2.0 are
forthcoming within the next few days. Please watch http://blogs.asterisk.org for
further information!
Below is a summary of several new features available in this release:
* chan_dahdi now supports MFC/R2 signaling when Asterisk is compiled with
support for LibOpenR2. http://www.libopenr2.org/
* Added a new 'faxdetect=yes|no' configuration option to sip.conf. When this
option is enabled, Asterisk will watch for a CNG tone in the incoming audio
for a received call. If it is detected, the channel will jump to the
'fax' extension in the dialplan.
* A new application, Originate, has been introduced, that allows asynchronous
call origination from the dialplan.
* Added ConfBridge dialplan application which does conference bridges without
DAHDI. For information on its use, please see the output of
"core show application ConfBridge" from the CLI.
* extensions.conf now allows you to use keyword "same" to define an extension
without actually specifying an extension. It uses exactly the same pattern
as previously used on the last "exten" line. For example:
exten => 123,1,NoOp(something)
same => n,SomethingElse()
* Asterisk now provides the ability to define custom CLI aliases. For example,
if you would like to define short form aliases for frequently used commands,
such as "sh ch" for "core show channels", that is now possible. See the
cli_aliases.conf configuration file for more information.
* Asterisk now has support for subscribing to the state of remote voice
mailboxes via SIP.
* Asterisk now includes expanded HD codec support. G.722.1 and G.722.1C
(Siren7/Siren14) passthrough, recording, and playback is now supported.
Transcoding will be made available via add-on modules soon for this version of
Asterisk.
This is just a subset of the changes available in this release. Please see the
CHANGES file for additional information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/CHANGES
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.0-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.0
1.53 Thu Apr 01 13:49:00 CET 2010
- ***CHANGED*** default log file position
from /var/log/modem.log to /tmp/modem.log.
Too many failed tests and user reports made me
reconsider my poor default choice.
- Added voice dialing. Just dialing though.
You can't perform real voice calls through Device::Modem (yet :)
Thanks to Marek Jaros.
- Added ';' (voice dialing) and 'p' (pause) as valid values
for dial() number.
1.52 Sun Mar 28 15:50:00 CET 2010
- Added automatic port reconnection in the port() method.
This should improve connection reliability and reduce risk
of "Can't call method XXXXXX on undefined value YYYYYY" errors.
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
* Provide compilation option for GTK+3 as well as GTK+2
* Make program configuration check for _POSIX_CLOCK_SELECTION as
well as _POSIX_MONOTONIC_CLOCK when checking the availability of
monotonic clocks for condition variables (corrects BSD builds)
* Ensure PIPE_BUF is defined in mainwindow.cpp (corrects Hurd build).
* Upgrade internal c++-gtk-utils version to 1.2.3.
Changes 3.2.2:
* Update internal copy of c++-gtk-utils to version 1.2.2 and fix
compilation error with gcc-4.5.0.
* Provide an automatic redial option where the modem is in use or
the recipient of a fax is busy.
* Get GUI to deal with a corner case where sending a fax from the
socket server to an empty number (open connection) is cancelled.
* Provide an error dialog if, on program start-up, a connection to
the dbus session message bus cannot be established.
* Use Cgu::start_timeout_seconds() instead of Cgu::start_timeout()
where glib supports it, and so bump c++-gtk-utils requirement to
version 1.2.1.
The Asterisk releases for 1.6.0.28 and 1.6.1.20 are the last maintenance
releases for Asterisk branches 1.6.0 and 1.6.1 and have now moved to security
maintenance only.
The releases of Asterisk 1.6.0.28 and 1.6.1.20 resolves several issues reported
by the community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix issue where MixMonitor() recordings would be shorter than total duration
.
(Closes issue #17078. Reported,tested by geoff2010. Patched by dhubbard)
* When StopMonitor() is called, ensure it will not be restarted by a channel
event.
(Closes issue #16590. Reported, patched by kkm)
* Allow hidecalleridname feature to work.
(Closes issue #17143. Reported, patched by djensen99)
* Resolve deadlocks in chan_local.
(Closes issue #17185. Reported, tested by schmoozecom, GameGamer43)
* Ensure channel state is not incorrectly set in the case of a very early
answer by chan_dahdi.
(Closes issue #17067. Reported, patched by tzafrir)
* Registration fix for SIP realtime. Make sure realtime fields are not empty.
(Closes issue #17266. Reported, patched by Nick_Lewis. Tested by sberney)
Information about the Asterisk maintenance schedule is available at:
http://www.asterisk.org/asterisk-versions
For a full list of changes in the current release candidates, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.20
bug fix releases. At this point the 1.6.1 series is going to
security fixes only. That means this package will be moving to
the 1.6.2 series in the near future.
-----
1.6.1.18:
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2.
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Update documentation to not imply we support overriding options.
(Closes issue #16855. Reported by davidw)
* Modify queued frames from Local channels to not set the other side to up.
(Closes issue #16816. Reported, tested by jamhed)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.18
-----
1.6.1.19:
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Pass the PID of the Asterisk process, not the PID of the canary.
(Closes issue #17065. Reported by globalnetinc. Patched by makoto. Tested by
frawd, globalnetinc)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.19
systems come with LDAP support built-in. This has no effect on
such systems. However, on older systems, it will pull in
openldap-client. But, a builder may still disable the option if
they wish. This fixes:
PR pkg/41987 - Robert Elz -- comms/asterisk16 PLIST problem
This is to get 0.12.5 out with the new Calendar code so J-Pilot
can get their release out. I will be dropping a 0.12.5.1 release
shortly after this with the patches rolled up from 0.12.4 to current
pushed in.
- mark as destdir ready
XXX The Makefile has a comment saying that "this program" is licensed
under GPL. There is a README file saying that the sounds are licensed
under a BSD licence. Need to check for updates and/or contact upstream
for clarification and a proper licence file.
XXX The PLIST needs some serious TLC.
AST-2010-003. AST-2010-002 was just a warning about dialplan
scripting errors that could lead to security issues.
Asterisk 1.6.1.13: general bug fixes
Asterisk 1.6.1.14: fix AST-2010-001
Asterisk 1.6.1.15: not released, skipped for security releases
Asterisk 1.6.1.16: fix AST-2010-002
Asterisk 1.6.1.17: fix AST-2010-003
Note that the only change in Asterisk 1.6.1.16 was the addtion of
a README file. However, the package doesn't install random docs.
That is planned for a future update seperate from the upstream
updates.
-----
Asterisk 1.6.1.13:
The release of Asterisk 1.6.1.13 resolved several issues reported
by the community, and would have not been possible without your
participation. Thank you!
* Restarts busydetector (if enabled) when DTMF is received after
call is bridged
(Closes issue #16389. Reported, Tested, Patched by alecdavis.)
* Send parking lot announcement to the channel which parked the
call, not the park-ee.
(Closes issue #16234. Reported, Tested by yeshuawatso. Patched
by tilghman.)
* When the field is blank, don't warn about the field being unable
to be coerced just skip the column.
(Closes
http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html)
Reported by Nic Colledge on the -dev list.)
* Don't queue frames to channels that have no means to process
them.
(Closes issue #15609. Reported, Tested by aragon. Patched by
tilghman.)
* Fixes holdtime playback issue in app_queue.
(Closes issue #16168. Reported, Patched by nickilo. Tested by
wonderg, nickilo.)
A summary of changes in this release can be found in the release
summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t
xt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13
-----
Asterisk 1.6.1.14:
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include
the fix described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over
SIP can remotely crash Asterisk by modifying the FaxMaxDatagram
field of the SDP to contain either a negative or exceptionally
large value. The same crash will occur when the FaxMaxDatagram
field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please
read the security advisory AST-2009-009, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
-----
Asterisk 1.6.1.16:
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and
1.6.2.4 include documention describing a possible dialplan string
injection with common usage of the ${EXTEN} (and other expansion
variables). The issue and resolution are described in the AST-2010-002
security advisory.
If you have a channel technology which can accept characters other
than numbers and letters (such as SIP) it may be possible to craft
an INVITE which sends data such as 300&Zap/g1/4165551212 which
would create an additional outgoing channel leg that was not
originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or
the Dial() application.
The expansion of variables into programmatically-interpreted strings
is a common behavior in many script or script-like languages,
Asterisk included. The ability for a variable to directly replace
components of a command is a feature, not a bug - that is the entire
point of string expansion.
However, it is often the case due to expediency or design
misunderstanding that a developer will not examine and filter string
data from external sources before passing it into potentially
harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if
the dialplan designer is not suitably cautious as to how foreign
data is allowed to enter the system unchecked.
This security release is intended to raise awareness of how it is
possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may
easily avoid these dangers.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-002, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in
the top-level directory of your Asterisk sources, or available in
all Asterisk branches from 1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
-----
Asterisk 1.6.1.17:
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve
an issue with invalid parsing of ACL (Access Control List) rules
leading to a possible compromise in security. The issue and resolution
are described in the AST-2010-003 security advisory.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-003, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
-----
