This release brings:
- fewer dependencies (both "purple" and "sofia-sip" modem backends are now
maintained externally, likewise for the "locker" plug-in)
- easier integration of third-party extensions (with pkg-config)
- improvements to the user interface
- spanish translation
- minor bugfixes
but the format string specifies %d.
As all of them are time differences, and a fax transmission shouldn't
need more than 2^31 (normally not even 2^15) seconds, cast to (int),
like already in a few other places.
Needed because sizeof(time_t) > sizeof(int) in NetBSD-6 and later.
ok wiz@
pkgsrc changes:
* No longer use Makefile.common now that py-gammu is released as a separate
package by upstream too.
Changes:
2.3
===
* License changed tp GPL version 2 or later.
* Documentation improvements.
2.2
===
* Documentation improvements.
* Code cleanups.
2.1
===
* Include data required for tests in tarball.
* Include NEWS.rst in tarball.
* Fixed possible crash when changing debug file.
* Fixed various errors found by coverity.
2.0
===
* Separate Python module.
* Compiles using distutils.
* Support Python 3.
ok wiz@.
pkgsrc changes:
* Now comms/gammu depends on devel/libusb1 (instead of devel/libusb)
* Get rid of Makefile.common: it is no more needed now that comms/py-gammu is
distribuited also upstream as a separate package.
Changes:
20150814 - 1.36.4
[-] * Use advisory locking to prevent two Gammu instances share one device.
[!] * Include child process stdout and stderr in SMSD logs to ease debugging.
[-] * Fix string quoting with ODBC driver.
[+] * Added RunOnSent option to SMSD.
[+] * Store message reference in outbox in files SMSD.
[-] * Improved C API documentation in manual.
20150707 - 1.36.3
[-] * Updated list of GSM country codes and networks.
[-] * Fixed bash completition install path (Ville Skyttä).
[-] * Better logging of delivery report failures in SMSD.
[-] * Improved support for Huawei E3372.
20150615 - 1.36.2
[-] * Fixed compilation using MSVC.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Documentation improvements.
[-] * Fixed smsd startup with non existing folders.
[-] * Fixed possible stack overflows on Windows.
20150520 - 1.36.1
[-] * Compatibility with libdbi from git.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Fixed reconnecting to SQL server.
[+] * Don't split a surrogate pair between message segments (David Brown).
20150413 - 1.36.0
[!] * The python-gammu module is now shipped separately.
[!] * Removed usage of __TIME__ and __DATE__ macros in codebase.
[-] * Fixed encoding of special chars to iCalendar format.
[-] * Fixed decoding of priority from vTODO.
[-] * Avoid infinite loops with ignored messages.
[-] * Improved stability of checking phone SMS memory.
[-] * Fixed parsing of some backup files.
20150302 - 1.35.0
[-] * Fixed encoding of UTF-8 for higher code points.
[-] * Improved provided udev rules.
[-] * Fixed possible lock while getting network status in SMSD.
[-] * Various localization updates.
20141230 - 1.34.0
[+] * Add phone power ON/OFF function.
[!] * Removed deprecated Python modules gammu.Data and gammu.Worker.
[+] * Store network name and code in SMSD tables.
[-] * Fixed build with recent clang compiler.
[-] * Fixed several possible issues found by Coverity scan.
[-] * Fixed possible crash on SMSD startup.
[-] * Fixed decoding unicode SMS messages.
[-] * Added identification for several Nokia phones.
[-] * Fixed compilation issues on various platforms.
[-] * SMSD now honors loglevel for all logging targets.
[+] * SMSD can automatically hangup incoming calls.
[-] * Correctly detect Network errors.
minor features
pkgsrc changes:
- new version of core sounds
- add options for SNMP and PostgreSQL from Mike Bowie in PR/49661
and by popular demand
- add back support for menuselect personalization as that's how I was
doing menuselect non-interactively
- XXX need to look at a better way of doing this
- disable PJSIP for now as it doesn't work well on NetBSD from Mike Bowie
Since I added an option for PostgreSQL I also looked at adding an
option for directly using MySQL. Turns out that all the MySQL
modules are in the addons directory and are marked as being
deprecated. So I didn't bother. While investigating this, I also
noted that all the pgsql modules are marked as "extended" support.
This basically means that it is supported by the community, but
there is no one person listed as being responsible who would take
the lead for maintaining them. This basically means that they are
unsupported / low priority. See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States .
Also with the pgsql modules, there is no way to do a database query
from the dialplan. Thus it is recommended to use the unixodbc
option as the modules are supported and offer the most functionality.
-----
The Asterisk Development Team has announced the release of Asterisk 11.19.0.
The release of Asterisk 11.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25250 - chan_sip - Despite the channel being answered,
caller on a call established via Local channel continues to hear
ringback (Reported by Etienne Lessard)
* ASTERISK-25247 - choppy audio when spying on a g722 channel,
chan_sip or chan_pjsip (Reported by hristo)
* ASTERISK-24853 - Documentation claims chan_sip outbound
registrations support WS or WSS as valid transports (not true)
(Reported by PSDK)
* ASTERISK-25257 - [patch]channels/sig_pri.h -> sig_pri_span ->
force_restart_unavailable_chans in wrong scope (Reported by
Patric Marschall)
* ASTERISK-25103 - Roundup - investigate Asterisk DTLS crashes
(Reported by Rusty Newton)
* ASTERISK-22805 - res_rtp_asterisk: Crash when calling
BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP
(Reported by Dmitry Burilov)
* ASTERISK-24550 - res_rtp_asterisk: Crash in
ast_rtp_on_ice_complete during DTLS handshake (Reported by
Osaulenko Alexander)
* ASTERISK-24651 - [patch] Fix race condition in DTLS (Reported by
Badalian Vyacheslav)
* ASTERISK-24832 - [patch]DTLS-crashes within openssl (Reported
by Stefan Engström)
* ASTERISK-25127 - DTLS crashes following "Unable to cancel
schedule ID" in dtls_srtp_check_pending (Reported by Dade
Brandon)
* ASTERISK-25213 - [patch]Possibility of deadlock in chan_sip
INVITE early Replace code (Reported by Walter Doekes)
* ASTERISK-25220 - [patch]Closing of fd -1 in chan_mgcp.c
(Reported by Walter Doekes)
* ASTERISK-25219 - [patch]Source and destination overlap in memcpy
in rtp_engine.c (Reported by Walter Doekes)
* ASTERISK-25212 - [patch]Segfault when using DEBUG_FD_LEAKS
(Reported by Walter Doekes)
* ASTERISK-19277 - [patch]endlessly repeating error: "poll failed:
Bad file descriptor" (Reported by Barry Chern)
* ASTERISK-25202 - Hints extension state broken between 13.3.2 and
13.4 (Reported by cervajs)
* ASTERISK-25154 - [patch]fromtag may need to be updated after
successful call dialog match (Reported by Damian Ivereigh)
* ASTERISK-25139 - Malicious transfer sequence locks up Asterisk
(Reported by Gregory Massel)
* ASTERISK-25094 - PBX core: Investigate thread safety issues
(Reported by Corey Farrell)
* ASTERISK-22559 - gcc 4.6 and higher supports weakref attribute
but asterisk doesn't detect it. (Reported by ibercom)
* ASTERISK-24717 - ASAN: global-buffer-overflow codec_{ilbc | gsm
| adpcm | ipc10} (Reported by Badalian Vyacheslav)
* ASTERISK-25100 - asterisk coredump if host has an IPv6 address
that end with ::80 (Reported by Mark Petersen)
Improvements made in this release:
-----------------------------------
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.19.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.18.0.
The release of Asterisk 11.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25112 - Logger: Configuration settings are not reset to
default during reload. (Reported by Corey Farrell)
* ASTERISK-24887 - [patch]tags in a=crypto lines do not accept 2
or more digits (Reported by Makoto Dei)
* ASTERISK-24944 - main/audiohook.c change prevents G722 call
recording (Reported by Ronald Raikes)
* ASTERISK-25083 - Message.c: Message channel becomes saturated
with frames leading to spammy log messages (Reported by Jonathan
Rose)
* ASTERISK-25041 - [patch]Broken column type checking in
res_config_mysql addon (Reported by Alexandre Fournier)
* ASTERISK-21893 - Segfault after call hangup, in
ast_channel_hangupcause_set, at channel_internal_api.c (Reported
by Alexandr Gordeev)
* ASTERISK-25074 - Regression: Recent clang-related change broke
cross compiling of Asterisk (Reported by Sebastian Kemper)
* ASTERISK-25042 - asterisk.conf options override command-line
options. (Reported by Corey Farrell)
* ASTERISK-24442 - Outgoing call files don't work properly when
set in the future (Reported by tootai)
* ASTERISK-25034 - chan_dahdi: Some telco switches occasionally
ignore ISDN RESTART requests. (Reported by Richard Mudgett)
* ASTERISK-25038 - Queue log "EXITWITHTIMEOUT" does not always
contain waiting time (Reported by Etienne Lessard)
* ASTERISK-22708 - res_odbc.conf negative_connection_cache option
not respected, failover between DSNs doesn't work (Reported by
JoshE)
* ASTERISK-25028 - Build System: Unneeded defines in
asterisk/buildopts.h (Reported by Corey Farrell)
* ASTERISK-19608 - Asterisk-1.8.x starts rejecting calls with
cause code 44 after some time. (Reported by Denis Alberto
Martinez)
* ASTERISK-24976 - cdr_odbc not include new columns added on 1.8
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25022 - Memory leak setting up DTLS/SRTP calls
(Reported by Steve Davies)
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by not here)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-24955 - res_fax: v.27ter support baud rate of 2400,
which is disallowed in res_fax's check_modem_rate (Reported by
Matt Jordan)
* ASTERISK-24916 - Increasing memory usage when multiple reinvite
during call (Reported by Christophe Osuna)
* ASTERISK-19538 - Asterisk segfaults on sippeers realtime
redundancy (Reported by Alex)
* ASTERISK-24749 - ConfBridge: Wrong language on playing
conf-hasjoin and conf-hasleft when played to bridge (Reported by
Philippe Bolduc)
* ASTERISK-24991 - Check for ao2_alloc failure in
__ast_channel_internal_alloc (Reported by Corey Farrell)
* ASTERISK-24895 - After hangup on the side of the ISDN network no
HangupRequest event comes for the dahdi channel. (Reported by
Andrew Zherdin)
* ASTERISK-24774 - Segfault in ast_context_destroy with
extensions.ael and extensions.conf (Reported by Corey Farrell)
* ASTERISK-24975 - Enabling 'DEBUG_THREADLOCALS' Causes the Build
to Fail (Reported by Ashley Sanders)
* ASTERISK-24959 - [patch]CLI command cdr show pgsql status
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-24954 - Git migration: Asterisk version numbers are
incompatible with the Test Suite (Reported by Matt Jordan)
* ASTERISK-21777 - Asterisk tries to transcode video instead of
audio (Reported by Nick Ruggles)
* ASTERISK-24380 - core: Native formats are set to h264 with
certain audio/video codec configuration, resulting in path
translation WARNINGs (Reported by Matt Jordan)
* ASTERISK-22352 - [patch] IAX2 custom qualify timer is not taken
into account (Reported by Frederic Van Espen)
* ASTERISK-24894 - [patch] iax2_poke_noanswer expiration timer too
short (Reported by Y Ateya)
* ASTERISK-23319 - Segmentation fault in queue_exec at app_queue.c
(Reported by Vadim)
* ASTERISK-24847 - [security] [patch] tcptls: certificate CN NULL
byte prefix bug (Reported by Matt Jordan)
* ASTERISK-21211 - chan_iax2 - unprotected access of
iaxs[peer->callno] potentially results in segfault (Reported by
Jaco Kroon)
* ASTERISK-18032 - [patch] - IPv6 and IPv4 NAT not working
(Reported by Christoph Timm)
* ASTERISK-24942 - Voicemail API: message is deleted when
destination mailbox is at maxmsg (Reported by Scott Griepentrog)
* ASTERISK-24932 - Asterisk 13.x does not build with GCC 5.0
(Reported by Jeffrey C. Ollie)
* ASTERISK-21854 - Long Asterisk-version strings display
improperly in the 'Connected to ...' line upon remote console
connection (Reported by klaus3000)
* ASTERISK-24155 - [patch]Non-portable and non-reliable recursion
detection in ast_malloc (Reported by Timo Teräs)
* ASTERISK-24142 - CCSS: crash during shutdown due to device
lookup in destroyed container (Reported by David Brillert)
* ASTERISK-24683 - Crash in PBX ast_hashtab_lookup_internal during
core restart now (Reported by Peter Katzmann)
* ASTERISK-24805 - [patch] - ASAN: Race condition
(heap-use-after-free) on asterisk closing (Reported by Badalian
Vyacheslav)
* ASTERISK-24881 - ast_register_atexit should only be used when
absolutely needed (Reported by Corey Farrell)
* ASTERISK-24864 - app_confbridge: file playback blocks dtmf
(Reported by Kevin Harwell)
* ASTERISK-14233 - [patch] Buddies are always auto-registered when
processing the roster (Reported by Simon Arlott)
* ASTERISK-24780 - [patch] - Buddies are always auto-registered
when processing the roster (Reported by Simon Arlott)
Improvements made in this release:
-----------------------------------
* ASTERISK-24744 - Swedish Core Voice prompts (Reported by Tove
Hjelm)
* ASTERISK-25043 - [patch] Avoiding ERR_remove_state in OpenSSL
(Reported by Alexander Traud)
* ASTERISK-24917 - [patch] clang compilation warnings (Reported by
Diederik de Groot)
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
* ASTERISK-24965 - cel_pgsql - log_error string references CDR
instead of CEL (Reported by Rodrigo Ramirez Norambuena)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.18.0
Thank you for your continued support of Asterisk!
---
- Fix buffering for funny sample formats (namely, 24 bit), that do not
fit nicely into 32768 bytes. Effect was a nasty endless loop where
mpg123 needs to be externally killed.
1.22.1
---
- Fix mpg123-id3dump when writing images with funny (manipulated) MIME type.
Stupid mistake in length computation of the fallback file extension caused
junk from memory being appended to the filename if the pointer size
is less than 64 bit. For 64 bit pointers (or longer) it was correct by
accident.
- Fix pedantic build by cleaning up out123 source, also now really showing
the encoding list in --longhelp instead of possibly, again, writing junk
from memory in there.
- Not linking libmpg123 against libltdl anymore (bug 215).
- Update MSVC++ ports a bit to make them work again.
Xfce 4 Modem Lights panel plugin is intended to simplify establishing a ppp
connection via a modem. It is primarily designed to work with the debian ppp
package and the pon/poff scripts provided by that package, but should be usable
with any scripts that create a lock file during dialing and retain it through
the connection.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
NB: I'm not game enough to do it in the freeze, but it looks like the
JVM version detection patching could be removed - it appears no longer
necessary now that Pkgsrc passes in the correct RXTX_PATH and JHOME_PATH
itself. At any rate, adding version 8 is not required for the oracle-jdk8
build to complete smoothly.
While here restore old behaviour of not alphabetically sorting memos by default.
Changes since 1.8.1:
1.8.2 - 05/18/14
Many bug fixes
Fixed VCard output
Added export for B-Folders
Added export for KeePassX
Changed the "enye" letter in Manana an "n", got tired of it causing problems
(Ma\303\261ana to Manana)
Made lots of stupid code changes to make the compiler warnings go away
pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only
-----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected. This potentially allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.17.0.
The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
with replaces (Reported by Eelco Brolman)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.16.0.
The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
