10.9.0
Added
Added data parameter to print_json method / function
Added an --indent parameter to python -m rich.json
Changed
Changed default indent of JSON to 2 (down from 4)
Changed highlighting of JSON keys to new style (bold blue)
10.8.0
Added
Added Panel.subtitle
Added Panel.subtitle_align
Added rich.json.JSON
Added rich.print_json and Console.print_json
Fixed
Fixed a bug where calling rich.reconfigure within a pytest_configure hook would lead to a crash
Fixed highlight not being passed through options https://github.com/willmcgugan/rich/issues/1404
10.7.0
Added
Added Text.apply_meta
Added meta argument to Text.assemble
Added Style.from_meta
Added Style.on
Added Text.on
Changed
Changed RenderGroup to Group and render_group to group (old names remain for compatibility but will be deprecated in the future)
Changed rich.repr.RichReprResult to rich.repr.Result (old names remain for compatibility but will be deprecated in the future)
Changed meta serialization to use pickle rather than marshal to permit callables
16.19.0
New Features made in this release:
* [ASTERISK-29446] app_confbridge: New ConfKick application
(Reported by N A)
* [ASTERISK-29440] app_confbridge: Allow ConfBridge answer to be
suppressed
(Reported by N A)
* [ASTERISK-29431] Minimum and maximum dialplan functions
(Reported by N A)
* [ASTERISK-29439] func_volume: Volume function can t be read
(Reported by N A)
Bugs fixed in this release:
* [ASTERISK-29475] SayNumber triggers WARNING if caller hangs up
during application execution
(Reported by N A)
* [ASTERISK-29404] Consolidate res_pjsip_messaging fixes for domain
name
(Reported by George Joseph)
* [ASTERISK-29441] Core reload making TCP endpoints go offline
(Reported by Luke Escude)
* [ASTERISK-29433] res_rtp_asterisk: Server reflexive candidates use
incorrect raddr for RTCP
(Reported by Chris)
* [ASTERISK-28237] FRACK!, Failed assertion bad magic number
happens when unsubscribe an application from an
event source
(Reported by Lucas Tardioli Silveira)
* [ASTERISK-28393] Multidomain support issue
(Reported by Andrea Sannucci)
* [ASTERISK-29397] pjsip: Asterisk isn t tolerant of RFC8760 UASs
(Reported by George Joseph)
* [ASTERISK-24601] Missing RFC4235 tags and attributes in PJSIP
NOTIFY event: dialog XML body
(Reported by Marco Paland)
* [ASTERISK-29372] file.c switch does not account for flash events
(Reported by N A)
* [ASTERISK-29377] cpool_release_pool double free or corruption
(out)
(Reported by Robert Sutton)
* [ASTERISK-29370] chan_sip does not recognize application/hook-flash
(Reported by N A)
* [ASTERISK-29358] chan_pjsip: Trace message for progress is output
even if frame is not queued
(Reported by Michael Maier)
* [ASTERISK-29030] res_rtp_asterisk: Additional RTP-frame (with wrong
SSRC) gets inserted when switching from progress
to established
(Reported by Matthias Hensler)
* [ASTERISK-29407] chan_local: Filtering audio formats should not
occur on removed streams
(Reported by Joshua C. Colp)
Improvements made in this release:
* [ASTERISK-29450] Allow setting channel variables using Originate
application
(Reported by N A)
* [ASTERISK-29460] Recognize application/hook-flash in PJSIP
(Reported by N A)
* [ASTERISK-29459] Missing configuration from PJSIP to SIP conversion
script
(Reported by N A)
* [ASTERISK-29434] Asterisk reveals pjproject version in STUN packets
(Reported by Jeremy Lain )
* [ASTERISK-29349] Silent voicemail option is not completely silent
(Reported by N A)
* [ASTERISK-29380] Add Flash AMI event to handle flash events
(Reported by N A)
16.18.0
Bugs fixed in this release:
* [ASTERISK-29328] translate.c: possible buffer overflow when
upsampling
(Reported by Jean Aunis Prescom)
* [ASTERISK-29379] Segfault ast_channel_is_multistream (chan=0x0)
at channel_internal_api.c:1590
(Reported by Ross Beer)
* [ASTERISK-29364] res_rtp_asterisk: standard deviation
miscalculation
(Reported by Kevin Harwell)
* [ASTERISK-29373] res_rtp_asterisk: Flash events are duplicated
(Reported by N A)
* [ASTERISK-28356] app_queue: CLI set ringinuse for realtime member
not working
(Reported by Michael)
* [ASTERISK-24631] Incorrect description of option context in
queues.conf.sample
(Reported by Etienne Lessard)
* [ASTERISK-26614] app_queue: updatecdr option in queues.conf does
effectively nothing
(Reported by Alexander Gonchiy)
* [ASTERISK-25358] dateformat not read from logger.conf by remote
console
(Reported by Igor Liferenko)
* [ASTERISK-27542] app_queue: When queue show CLI command is
executed a crash occurs
(Reported by Miguel Sanz)
* [ASTERISK-29215] res_pjsip_session: NULL active_media_state
topology caused asterisk crash
(Reported by sungtae kim)
* [ASTERISK-29355] app_queue: Queue member status message sent even
if status doesn t change
(Reported by Roman Pertsev)
* [ASTERISK-29035] chan_local: Multistream support breaks T.38 faxing
(Reported by Matthias Hensler)
* [ASTERISK-29354] res_pjsip: Allow partial reloading of transports
(Reported by Joshua C. Colp)
* [ASTERISK-29348] menuselect doesn t return errors in many cases
(Reported by George Joseph)
* [ASTERISK-29352] res_rtp_asterisk: Fix frame delivery time when
SSRC changes
(Reported by Joshua C. Colp)
Improvements made in this release:
* [ASTERISK-29339] loader: Let s output warnings for deprecated
modules!
(Reported by Joshua C. Colp)
* [ASTERISK-29337] menuselect: Add ability to set deprecated in and
removed in versions for modules
(Reported by Joshua C. Colp)
* [ASTERISK-29335] xml: Embed module information into core XML
documentation.
(Reported by Joshua C. Colp)
* [ASTERISK-29336] documentation: Fix inconsistent support levels
(Reported by Joshua C. Colp)
The Asterisk Development Team would like to announce security releases for
Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases
are released as versions 13.38.3, 16.19.1, 17.9.4, 18.5.1 and 16.8-cert10.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent
a BYE request a crash will occur. This occurs due to the Asterisk
channel no longer being present while code assumes it is.
* AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an
* AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it's possible for Asterisk to crash when
using a TLS connection if the underlying socket parent/listener
gets destroyed during the handshake.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.3
The security advisories are available at:
https://downloads.asterisk.org/pub/security/AST-2021-007.pdfhttps://downloads.asterisk.org/pub/security/AST-2021-008.pdfhttps://downloads.asterisk.org/pub/security/AST-2021-009.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team would like to announce security releases for
Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases
are released as versions 13.38.3, 16.19.1, 17.9.4, 18.5.1 and 16.8-cert10.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
When Asterisk receives a re-INVITE without SDP after having sent
a BYE request a crash will occur. This occurs due to the Asterisk
channel no longer being present while code assumes it is.
* AST-2021-008: Remote crash when using IAX2 channel driver
If the IAX2 channel driver receives a packet that contains an
* AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
handshake
Depending on the timing, it's possible for Asterisk to crash when
using a TLS connection if the underlying socket parent/listener
gets destroyed during the handshake.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.5.1
The security advisories are available at:
https://downloads.asterisk.org/pub/security/AST-2021-007.pdfhttps://downloads.asterisk.org/pub/security/AST-2021-008.pdfhttps://downloads.asterisk.org/pub/security/AST-2021-009.pdf
Thank you for your continued support of Asterisk!
10.6.0:
Deprecated
Added deprecation warning for tabulate_mapping which will be removed in v11.0.0
Added
Added precision argument to filesize.decimal
Added separator argument to filesize.decimal
Added _rich_traceback_guard to Traceback
Added emoji_variant to Console
Added -emoji and -text variant selectors to emoji code
Fixed
Fixed issue with adjoining color tags https://github.com/willmcgugan/rich/issues/1334
Changed
Changed Console.size to use unproxied stdin and stdout
pkgsrc change: Fix segfault under aarch64 from ryoon for comms/asterisk16.
-----
The Asterisk Development Team would like to announce the release
of Asterisk 18.5.0.
The release of Asterisk 18.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-29446 - app_confbridge: New ConfKick application
(Reported by N A)
* ASTERISK-29440 - app_confbridge: Allow ConfBridge answer to
be suppressed
(Reported by N A)
* ASTERISK-29431 - Minimum and maximum dialplan functions
(Reported by N A)
* ASTERISK-29439 - func_volume: Volume function can't be read
(Reported by N A)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-29475 - SayNumber triggers WARNING if caller hangs
up during application execution
(Reported by N A)
* ASTERISK-29404 - Consolidate res_pjsip_messaging fixes for
domain name
(Reported by George Joseph)
* ASTERISK-29441 - Core reload making TCP endpoints go offline
(Reported by Luke Escude)
* ASTERISK-28237 - "FRACK!, Failed assertion bad magic number"
happens when unsubscribe an application from an event source
(Reported by Lucas Tardioli Silveira)
* ASTERISK-28393 - Multidomain support issue
(Reported by Andrea Sannucci)
* ASTERISK-29433 - res_rtp_asterisk: Server reflexive
candidates use incorrect raddr for RTCP
(Reported by Chris)
* ASTERISK-29397 - pjsip: Asterisk isn't tolerant of RFC8760 UASs
(Reported by George Joseph)
* ASTERISK-24601 - [patch]Missing RFC4235 tags and attributes
in PJSIP NOTIFY event: dialog XML body
(Reported by Marco Paland)
* ASTERISK-29370 - chan_sip does not recognize
application/hook-flash
(Reported by N A)
* ASTERISK-29377 - cpool_release_pool "double free or
corruption (out)"
(Reported by Robert Sutton)
* ASTERISK-29372 - file.c switch does not account for flash
events
(Reported by N A)
* ASTERISK-29358 - chan_pjsip: Trace message for progress is
output even if frame is not queued
(Reported by Michael Maier)
* ASTERISK-29407 - chan_local: Filtering audio formats should
not occur on removed streams
(Reported by Joshua C. Colp)
* ASTERISK-29030 - res_rtp_asterisk: Additional RTP-frame (with
wrong SSRC) gets inserted when switching from progress to
established
(Reported by Matthias Hensler)
Improvements made in this release:
-----------------------------------
* ASTERISK-29450 - Allow setting channel variables using
Originate application
(Reported by N A)
* ASTERISK-29459 - Missing configuration from PJSIP to SIP
conversion script
(Reported by N A)
* ASTERISK-29460 - Recognize application/hook-flash in PJSIP
(Reported by N A)
* ASTERISK-29434 - Asterisk reveals pjproject version in STUN packets
(Reported by Jeremy Lain??)
* ASTERISK-29349 - Silent voicemail option is not completely silent
(Reported by N A)
* ASTERISK-29380 - Add Flash AMI event to handle flash events
(Reported by N A)
For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-18.5.0
Thank you for your continued support of Asterisk!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-announce/attachments/20210624/fe9defa9/attachment.html>
Previous message (by thread): [asterisk-announce] Asterisk 16.19.0 Now Available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the asterisk-announce mailing list
[10.4.0] - 2021-06-18
Added
Added Style.meta
Added rich.repr.auto decorator
Fixed
Fixed error pretty printing classes with special rich_repr method
[10.3.0] - 2021-06-09
Added
Added Console.size setter
Added Console.width setter
Added Console.height setter
Added angular style Rich reprs
Added an IPython extension. Load via %load_ext rich
Changed
Changed the logic for retrieving the calling frame in console logs to a faster one for the Python implementations that support it.
This is a long term support version. It is scheduled to go to
security fixes only on October 20th, 2024, and EOL on October 20th,
2025.
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 18.3.0 to Asterisk 18.4.0 ------------
------------------------------------------------------------------------------
logger
------------------
* The dateformat option in logger.conf will now control the remote
console (asterisk -r -T) timestamp format. Previously, dateformat
only controlled the formatting of the timestamp going to log
files and the main console (asterisk -c) but only for non-verbose
messages.
Internally, Asterisk does not send the logging timestamp with
verbose messages to console clients. It's up to the Asterisk
remote consoles to format verbose messages. Asterisk remote
consoles previously did not load dateformat from logger.conf.
Previously there was a non-configurable and hard-coded "%b %e
%T" dateformat that would be used no matter what on all verbose
console messages printed on remote consoles.
Example:
logger.conf
dateformat=%F %T.%3q
# asterisk -rvvv -T
[2021-03-19 09:54:19.760-0400] Loading res_stasis_answer.so.
[Mar 19 09:55:43] -- Goto (dialExten,s,1)
Given the following example configuration in logger.conf, Asterisk
log files and the console, will log verbose messages using the
given timestamp. Now ensuring that all remote console messages
are logged with the same dateformat as other log streams.
---
[general]
dateformat=%F %T.%3q
[logfiles]
console => notice,warning,error,verbose
full => notice,warning,error,debug,verbose
---
Now we have a globally-defined dateformat that will be used
consistently across the Asterisk main console, remote consoles,
and log files.
Now we have consistent logging:
# asterisk -rvvv -T
[2021-03-19 09:54:19.760-0400] Loading res_stasis_answer.so.
[2021-03-19 09:55:43.920-0400] -- Goto (dialExten,s,1)
res_pjsip
------------------
* PJSIP transports can now be partially reloaded safely. This
allows the local_net and external_* options to be updated without
restarting Asterisk.
* PJSIP endpoints can now be configured to skip authentication
when handling OPTIONS requests by setting the
allow_unauthenticated_options configuration property to 'yes.'
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 18.2.2 to Asterisk 18.3.0 ------------
------------------------------------------------------------------------------
app_mixmonitor
------------------
* app_mixmonitor now sends manager events MixMonitorStart,
MixMonitorStop and MixMonitorMute when the channel monitoring
is started, stopped and muted (or unmuted) respectively.
chan_iax2
------------------
* You can now specify a default "auth" method in the [general]
section of iax.conf
chan_pjsip, app_transfer
------------------
* Added TRANSFERSTATUSPROTOCOL variable. When transfer is performed,
transfers can pass a protocol specific error code. Example, in
SIP 3xx-6xx represent any SIP specific error received when
performing a REFER.
func_odbc
------------------
* Introduce an ARGC variable for func_odbc functions, along with
a minargs per-function configuration option.
minargs enables enforcing of minimum count of arguments to pass
to func_odbc, so if you're unconditionally using ARG1 through
ARG4 then this should be set to 4. func_odbc will generate an
error in this case, so for example
[FOO]
minargs = 4
and ODBC_FOO(a,b,c) in dialplan will now error out instead of
using a potentially leaked ARG4 from Gosub().
ARGC is needed if you're using optional argument, to verify
whether or not an argument has been passed, else it's possible
to use a leaked ARGn from Gosub (app_stack). So now you can
safely do ${IF($[${ARGC}>3]?${ARGV}:default value)} kind of
thing.
res_srtp
------------------
* SRTP replay protection has been added to res_srtp and
a new configuration option "srtpreplayprotection" has been added
to the rtp.conf config file. For security reasons, the default
setting is "yes". Buggy clients may not handle this correctly
which could result in no, or one way, audio and Asterisk error
messages like "replay check failed".
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 18.1.0 to Asterisk 18.2.0 ------------
------------------------------------------------------------------------------
Core
------------------
* The location where the media cache stores its temporary files
is no longer hardcoded to /tmp but can now be configured separately
via the astcachedir config variable in asterisk.conf. To retain
backwards compatibility, the default location remains /tmp.
app_voicemail
------------------
* The VoiceMail application can now be configured to send greetings
and instructions via early media and only answering the channel
when it is time for the caller to record their message. This
behavior can be activated by passing the new 'e' option to
VoiceMail.
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 18.0.0 to Asterisk 18.1.0 ------------
------------------------------------------------------------------------------
Core
------------------
* Added debug logging categories that allow a user to output debug
information based on a specified category. This lets the user
limit, and filter debug output to data relevant to a particular
context, or topic. For instance the following categories are
now available for debug logging purposes:
dtls, dtls_packet, ice, rtcp, rtcp_packet, rtp, rtp_packet, stun, stun_packet
These debug categories can be enable/disable via an Asterisk
CLI command:
core set debug category <category>[:<sublevel>] [category[:<sublevel] ...]
core set debug category off [<category> [<category>] ...]
If no sub-level is associated all debug statements for a given
category are output. If a sub-level is given then only those
statements assigned a value at or below the associated sub-level
are output.
app_confbridge
------------------
* app_confbridge now has the ability to force the estimated bitrate
on an SFU bridge. To use it, set a bridge profile's remb_behavior
to "force" and set remb_estimated_bitrate to a rate in bits per
second. The remb_estimated_bitrate parameter is ignored if
remb_behavior is something other than "force".
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 17.0.0 to Asterisk 18.0.0 ------------
------------------------------------------------------------------------------
chan_pjsip
------------------
* The PJSIP_SEND_SESSION_REFRESH dialplan function now issues a
warning, and returns unsuccessful if it's used on a channel
prior to answering.
logger
------------------
* Added a new log formatter called "plain" that always prints
file, function and line number if available (even for verbose
messages) and never prints color control characters. Most
suitable for file output but can be used for other channels as
well.
You use it in logger.conf like so:
debug => [plain]debug
console => [plain]error,warning,debug,notice,pjsip_history
messages => [plain]warning,error,verbose
------------------------------------------------------------------------------
--- New functionality introduced in Asterisk 18.0.0 --------------------------
------------------------------------------------------------------------------
Core
------------------
* The Streams API becomes the home for the core ACN capabilities.
These include...
* Parsing and formatting of codec negotation preferences.
* Resolving pending streams and topologies with those configured
using configured preferences.
* Utility functions for creating string representations of
streams, topologies, and negotiation preferences.
For codec negotiation preferences:
* Added ast_stream_codec_prefs_parse() which takes a string
representation of codec negotiation preferences, which may
come from a pjsip endpoint for example, and populates a
ast_stream_codec_negotiation_prefs structure.
* Added ast_stream_codec_prefs_to_str() which does the reverse.
* Added many functions to parse individual parameter name
and value strings to their respectrive enum values, and the
reverse.
For streams:
* Added ast_stream_create_resolved() which takes a "live" stream
and resolves it with a configured stream and the negotiation
preferences to create a new stream.
* Added ast_stream_to_str() which create a string representation
of a stream suitable for debug or display purposes.
For topology:
* Added ast_stream_topology_create_resolved() which takes a
"live" topology and resolves it, stream by stream, with a
configured topology stream and the negotiation preferences
to create a new topology.
* Added ast_stream_topology_to_str() which create a string
representation of a topology suitable for debug or display
purposes.
* Renamed ast_format_caps_from_topology() to
ast_stream_topology_get_formats() to be more consistent with
the existing ast_stream_get_formats().
Additional changes:
* A new function ast_format_cap_append_names() appends the
results to the ast_str buffer instead of replacing buffer
contents.
app_bridgeaddchan
------------------
* The BridgeAdd application now behaves more like the Bridge
application. The application now sets the BRIDGERESULT channel
variable to indicate what happened when the channel resumes in
dialplan. This is instead of hanging up the channel on failure
conditions.
res_pjsip
------------------
* Two new options, incoming_call_offer_pref and outgoing_call_offer_pref
have been added to res_pjsip endpoints that specify the preferred
order of codecs to use between those received/sent in an SDP
offer and those set in the endpoint configuration.
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 17.0.0 to Asterisk 18.0.0 ------------
------------------------------------------------------------------------------
AMI
------------------
* You can now specify an optional 'Content-Type' as an argument
for the Asterisk SendText manager action.
ARI
------------------
* A new parameter 'inhibitConnectedLineUpdates' is now available
in the 'bridges.addChannel' call. This prevents the identity of
the newly connected channel from being presented to other bridge
members.
ARI Channels
------------------
* The Channel resource has a new sub-resource "externalMedia".
This allows an application to create a channel for the sole
purpose of exchanging media with an external server. Once
created, this channel could be placed into a bridge with existing
channels to allow the external server to inject audio into the
bridge or receive audio from the bridge. See
https://wiki.asterisk.org/wiki/display/AST/External+Media+and+ARI
for more information.
Core
------------------
* H.265/HEVC is now a supported video codec and it can be used by
specifying "h265" in the allow line. Please note however, that
handling of the additional SDP parameters described in RFC 7798
section 7.2 is not yet supported.
Features
------------------
* Adds support for AudioSocket, a very simple bidirectional audio
streaming protocol. There are both channel and application
interfaces.
A description of the protocol can be found on the referenced
wiki page. A short talk about the reasons and implementation
can be found on YouTube at the link provided.
ARI support has also been added via the existing "externalMedia"
ARI functionality. The UUID is specified using the arbitrary
"data" field.
Wiki: https://wiki.asterisk.org/wiki/display/AST/AudioSocket
YouTube: https://www.youtube.com/watch?v=tjduXbZZEgI
Messaging
------------------
* In order to reduce the amount of AMI and ARI events generated,
the global "Message/ast_msg_queue" channel can be set to suppress
it's normal channel housekeeping events such as "Newexten",
"VarSet", etc. This can greatly reduce load on the manager and
ARI applications when the Digium Phone Module for Asterisk is
in use. To enable, set "hide_messaging_ami_events" in asterisk.conf
to "yes" In Asterisk versions <18, the default is "no" preserving
existing behavior. Beginning with Asterisk 18, the option will
default to "yes".
STIR/SHAKEN
------------------
* STIR/SHAKEN support has been added to Asterisk. Configuration
is done in stir_shaken.conf. There is a sample configuration
file to help you get started
(asterisk/configs/samples/stir_shaken.conf.sample). Once that's
set up, you can enable STIR/SHAKEN on any endpoint by setting
stir_shaken to yes on the endpoint configuration object. This
will add an Identity header on outgoing INVITEs, and check for
an Identity header on incoming INVITEs. This option has been
added to Alembic as well.
The information received on an incoming INVITE can be checked
using the STIR_SHAKEN dialplan function. There are two variations:
STIR_SHAKEN(count)
STIR_SHAKEN(0, verify_result)
The first variation will tell you how many STIR/SHAKEN results
are on the channel. The second fetches information for a specific
result. The first parameter is the index, followed by what
information you want to retrieve. The available options are
'verify_result', 'identity', and 'attestation'.
app_chanisavail
------------------
* The ChanIsAvail application now tolerates empty positions in
the supplied device list. Dialplan can now be simplified by
not having to check for empty positions in the device list.
app_confbridge
------------------
* A new bridge profile option, maximum_sample_rate, has been added
which sets a maximum sample rate that the bridge will be mixed
at. This allows the bridge to move below the maximum sample rate
as needed but caps it at the maximum.
* A new option, "text_messaging", has been added to the user
profile which allows control over whether text messaging is
enabled or disabled for a user. If enabled (the default) text
messages will be sent to the user. If disabled no text messages
will be sent to the user.
app_dial
------------------
* The Dial application now tolerates empty positions in the supplied
destination list. Dialplan can now be simplified by not having
to check for empty positions in the destination list. If there
are no endpoints to dial then DIALSTATUS is set to CHANUNAVAIL.
app_mixmonitor
------------------
* An option 'S' has been added to MixMonitor. If used in combination
with the r() and/or t() options, if a frame is available to
write to one of those files but not the other, a frame of silence
if written to the file that does not have an audio frame. This
should prevent the two files from "drifting" when mixed after
the fact.
* If the 'filename' argument to MixMonitor() ended with '.wav49,'
Asterisk would silently convert the extension to '.WAV' when
opening the file for writing. This caused the MIXMONITOR_FILENAME
variable to reference the wrong file. The MIXMONITOR_FILENAME
variable will now reflect the name of the file that Asterisk
actually used instead of the filename that was passed to the
application.
app_page
------------------
* The Page application now tolerates empty positions in the supplied
destination list. Dialplan can now be simplified by not having
to check for empty positions in the destination list.
app_voicemail
------------------
* A feature was added in Asterisk 13.27.0 and 16.4.0 that removed
lock files from the Asterisk voicemail directory on startup.
Some users that store their voicemails on network storage devices
experienced slow startup times due to the relative expense of
traversing the voicemail directory structure looking for orphaned
lock files. This feature has now been removed.
Users who require the lock files to be removed at startup should
modify their startup scripts to do so before starting the asterisk
process.
chan_pjsip
------------------
* A new dialplan function, PJSIP_MOH_PASSTRHOUGH, has been added
to chan_pjsip. This allows the behaviour of the moh_passthrough
endpoint option to be read or changed in the dialplan. This
allows control on a per-call basis.
chan_rtp
------------------
* The UnicastRTP channel driver provided by chan_rtp now accepts
"<hostname>:<port>" as an alternative to "<ip_address>:<port>"
in the destination. The first AAAA (preferred) or A record
resolved will be used as the destination. The lookup is
synchronous so beware of possible dialplan delays if you specify
a hostname.
func_curl
------------------
* A new parameter, httpheader, has been added to CURLOPT function.
This parameter allows to set custom http headers for subsequent
calls of CURL function. Any setting of headers will replace
the default curl headers (e.g. "Content-type:
application/x-www-form-urlencoded")
* A new option, followlocation, can now be enabled with the
CURLOPT() dialplan function. Setting this will instruct cURL to
follow 3xx redirects, which it does not by default.
func_jitterbuffer
------------------
* The JITTERBUFFER dialplan function now has an option to enable
video synchronization support. When enabled and used with a
compatible channel driver (chan_sip, chan_pjsip) the video is
buffered according to the size of the audio jitterbuffer and is
synchronized to the audio.
func_volume
------------------
* Accept decimal number as argument.
http
------------------
* You can now disable the /httpstatus page served by Asterisk's
built-in HTTP server by setting 'enable_status' to 'no' in
http.conf.
minmemfree
------------------
* The 'minmemfree' configuration option now counts memory allocated
to the filesystem cache as "free" because it is memory that is
available to the process.
res_ari_channels
------------------
* When creating a channel in ARI using the create call
you can now specify dialplan variables to be set as part of the
same operation.
res_musiconhold
------------------
* This fix allows a realtime moh class to be unregistered from
the command line. This is useful when the contents of a directory
referenced by a realtime moh class have changed. The realtime
moh class is then reloaded on the next request and uses the new
directory contents.
* A new mode - playlist - has been added to res_musiconhold. This
mode allows the user to specify the files (or URLs) to play
explicitly by putting them directly in musiconhold.conf.
res_pjsip
------------------
* Added a new PJSIP system setting called disable_rport.
Default is no to keep support working as before.
If it is false (default) it adds the 'rport' parameter in the
outgoing request message. If it is true it does not add the
'rport' parameter in the outgoing request message.
This is a system option, but working as a global option.
res_pjsip_endpoint_identifier_ip
------------------
* In 'type = identify' sections, the addresses specified for the
'match' clause can now include a port number. For IP addresses,
the port is provided by including a colon after the address,
followed by the desired port number. If supplied, the netmask
should follow the port number. To specify a port for IPv6
addresses, the address itself must be enclosed in brackets to
be parsed correctly.
res_pjsip_logger
------------------
* The PJSIP packet logger now has the following CLI commands:
pjsip set logger pcap <filename>
When used this will create a pcap file containing the incoming
and outgoing SIP packets, in unencrypted form.
pjsip set logger console <on / off>
This allows you to toggle logging to console on and off.
pjsip set logger host <IP/subnet mask> add
This allows you to add an additional IP address or subnet mask
to logging, allowing you to log multiple instead of just a single
IP address or all traffic.
The normal "pjsip set logger host" CLI command has also been
expanded to allow subnet masks as well.
res_pjsip_session
------------------
* When placing an outgoing call to a PJSIP endpoint the intent
of any requested formats will now be respected. If only an audio
format is requested (such as ulaw) but the underlying endpoint
does not support the format the resulting SDP will still only
contain an audio stream, and not any additional streams such as
video.
* Two new options, incoming_call_offer_pref and outgoing_call_offer_pref
have been added to res_pjsip endpoints that specify the preferred
order of codecs to use between those received/sent in an SDP
offer and those set in the endpoint configuration.
res_rtp_asterisk
------------------
* This change include a new cli command 'rtp show settings'
The command display by general settings of rtp configuration.
For this point is added the fields: rtpstart, rtpend, dtmftimeout,
rtpchecksum, strictrtp, learning_min_sequential and icesupport.
* The blacklist mechanism in res_rtp_asterisk for ICE and STUN
was converted to an ACL mechanism.
As such six new options are now available:
ice_deny
ice_permit
ice_acl
stun_deny
stun_permit
stun_acl
These options have their obvious meanings as used elsewhere.
Backwards compatibility was maintained by adding {stun,ice}_blacklist
as aliases for {stun,ice}_deny.
res_sorcery_memory_cache
------------------
* The SorceryMemoryCacheExpireObject AMI action and CLI
command allow expiring of a specific object within the sorcery
memory cache. This is done by removing the object from the cache
with the expectation that the cache will then re-populate the
object when it is next needed.
For full backend caching this does not occur. The cache won't
repopulate until an entire refresh is done resulting in the
possibility that objects are missing until that time.
The AMI action and CLI command will now not allow expiring of
an object if the cache is configured as a full backend cache.
Instead you must use either the SorceryMemoryCacheExpire or
SorceryMemoryCachePopulate AMI actions or their associated CLI
commands.
taskprocessor.c
------------------
* Added two new CLI commands to reset stats for taskprocessors.
You can reset stats for a single, specific taskprocessor ('core
reset taskprocessor <taskprocessor>'), or you can reset all
taskprocessors ('core reset taskprocessors'). These commands
will reset the counter for the number of tasks processed as well
as the max queue size.
* Added "like" support for 'core show taskprocessors'. Now you
can specify a specific set of taskprocessors (or just one) by
adding the keyword "like" to the above command, followed by your
search criteria.
Rich is a Python library for rich text and beautiful formatting in the
terminal.
The Rich API makes it easy to add color and style to terminal output. Rich can
also render pretty tables, progress bars, markdown, syntax highlighted source
code, tracebacks, and more - out of the box.
This is a micro update that is mostly security fixes and bug fixes
with very small improvements. In addition to this being a security
fix, asterisk16 is a leaf package.
Upstream changes:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-29305 - ASTERISK-29203 / AST-2021-002 -- Another
scenario is causing a crash
(Reported by Gregory Massel)
* ASTERISK-29260 - sRTP Replay Protection ignored; even tears
down long calls
(Reported by Alexander Traud)
* ASTERISK-29227 - res_pjsip_diversion: sending multiple 181
responses causes memory corruption and crash
(Reported by
Ivan Poddubny)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-29215 - res_pjsip_session: NULL active_media_state
topology caused asterisk crash
(Reported by sungtae kim)
* ASTERISK-29035 - chan_local: Multistream support breaks T.38
faxing
(Reported by Matthias Hensler)
* ASTERISK-29071 - app_confbridge: Memory rises when
jitterbuffer enabled and muting over AMI occurs
(Reported
by Stefan Ruf)
* ASTERISK-29329 - app_dial: DTMF to 'D' option gets duplicated
if there are multiple progress events
(Reported by N A)
* ASTERISK-24434 - Fix differing usage of assignment operators
in modules.conf
(Reported by Rusty Newton)
* ASTERISK-29306 - strings: Incorrect use of
__attribute__((pure)) in ast_str_to_lower definition
(Reported by Vitezslav Novy)
* ASTERISK-29300 - res_rtp_asterisk: When native local bridging
the remote SSRC becomes permanent
(Reported by Sebastian
Damm)
* ASTERISK-29235 - res_pjsip_nat: Contact is rewritten on
REGISTER responses with external_signaling_address
(Reported by Brian Paboojian)
* ASTERISK-29266 - ICE Role conflict with an unauthorized
session
(Reported by Salah Ahmed)
* ASTERISK-29105 - chan_pjsip: 180 Ringing with SDP not changed
into progress
(Reported by Sebastian Damm)
* ASTERISK-29297 - say: Y2021 problem – Asterisk cannot say
year 2021 in Dutch
(Reported by Jacek Konieczny)
* ASTERISK-29315 - res_pjsip: re-registration gets stuck if
setting initial auth credentials fails
(Reported by Nick
French)
* ASTERISK-29312 - res_fax: asterisk fails to publish the
Stasis and ReceiveFax status messages if the remote Station ID
contains invalid UTF-8 characters
(Reported by Alexei
Gradinari)
* ASTERISK-16799 - Callee declined when 'beep' audio file does
not exist
(Reported by IAMJames_)
* ASTERISK-29313 - res_pjsip_refer: Segfault in progress
notify
(Reported by George Joseph)
* ASTERISK-29293 - res_config_pgsql: Limit realtime_pgsql() to
return one (no more) record
(Reported by Boris P. Korzun)
* ASTERISK-29303 - pjsip: Re-invite occurs when it shouldn't
(Reported by Benjamin Keith Ford)
* ASTERISK-29311 - res_odbc_transaction sets forcecommit
default value based on isolation level instead of forcecommit
(Reported by Jaco Kroon)
* ASTERISK-28452 - pjsip: <sess-version> of SDP is not
incremented though SDP may be changed on reinvite without SDP
offer
(Reported by Michael Maier)
* ASTERISK-29287 - app.h: C++ compatibility broken
(Reported by Jean Aunis - Prescom)
* ASTERISK-28369 - app_queue: Member device state "invalid"
when second call is ringing and hint is used
(Reported by
Boolah )
* ASTERISK-29203 - res_pjsip_t38: Crash when changing state
(Reported by Gregory Massel)
* ASTERISK-29205 - res_rtp_asterisk: Asterisk crashes when
making hold/unhold from webrtc client
(Reported by Edvin
Vidmar)
* ASTERISK-29196 - res_pjsip: Segmentation fault
(Reported by Mauri de Souza Meneguzzo (3CPlus))
* ASTERISK-29280 - chan_sip: Allow peers without audio
(text+video).
(Reported by Alexander Traud)
* ASTERISK-29265 - chan_sip: Allow text+video media streams,
again.
(Reported by Alexander Traud)
* ASTERISK-29261 - res_pjsip: user=phone validation fail for
isup numbers containing *#
(Reported by Mark Petersen)
* ASTERISK-29259 - channel: Allow text+video media streams,
again.
(Reported by Alexander Traud)
* ASTERISK-29258 - chan_sip: Audio stream rejected, Other
stream present: Invalid SDP.
(Reported by Alexander Traud)
* ASTERISK-29220 - After T38 reinvite response of 488 a
subsequent G711 reinvite is not processed correctly. Instead the
previous T38 session media is used
(Reported by Robert
Cripps)
* ASTERISK-29248 - res_pjsip_session: res sometimes
uninitialized reported by compiler Clang.
(Reported by
Alexander Traud)
Improvements made in this release:
-----------------------------------
* ASTERISK-29321 - sorcery: Add support for more intelligent
reloading.
(Reported by Joshua C. Colp)
* ASTERISK-29325 - res_pjsip_registrar: Include source IP
address and port in log messages
(Reported by Joshua C.
Colp)
* ASTERISK-29326 - asterisk: Update copyright/company
(Reported by Joshua C. Colp)
* ASTERISK-29244 - Add MixMonitorStart / Stop / Mute AMI
events
(Reported by Sébastien Duthil)
* ASTERISK-29275 - Support of MIME-type for wav16
(Reported by Boris P. Korzun)
* ASTERISK-29252 - TRANSFERSTATUSPROTOCOL variable to report
Transfer (REFER) failure SIP code
(Reported by Dan Cropp)
* ASTERISK-29262 - Support of various URL-schemes by MoH
(Reported by Boris P. Korzun)
"tio" is a simple TTY terminal application which features a straightforward
commandline interface to easily connect to TTY devices for basic input/output.
Changelog:
The following issues are resolved in this release:
Security bugs fixed in this release:
* [ASTERISK-29219] res_pjsip_diversion: Crash if Tel URI contains
History-Info
(Reported by Torrey Searle)
Bugs fixed in this release:
* [ASTERISK-29229] Stasis/messaging: text messages not dispatched to
all subscribers when using generic subscription
(Reported by Jean Aunis Prescom)
* [ASTERISK-29238] chan_sip: SDP: Offers without any enabled stream
are accepted.
(Reported by Alexander Traud)
* [ASTERISK-29237] chan_sip: SDP: m=video is parsed even when
disabled.
(Reported by Alexander Traud)
* [ASTERISK-29222] chan_sip: Hold/Resume an sRTP call on a video
enabled user-agent.
(Reported by Alexander Traud)
* [ASTERISK-29240] chan_pjsip: Incoming PJSIP calls set global
SIPDOMAIN instead of a channel variable
(Reported by Ivan Poddubny)
* [ASTERISK-27902] chan_pjsip isnt updating hangupcause on 4XX
responses
(Reported by George Joseph)
* [ASTERISK-28016] PJSIP sends duplicate 183 Progress responses
(Reported by Alex Hermann)
* [ASTERISK-28185] chan_pjsip: Subsequent same responses are not
stopped
(Reported by Julien)
* [ASTERISK-29230] pjsip: Asterisk goes crazy and massively spams
logfile if registration cant be send
(Reported by Michael Maier)
* [ASTERISK-29231] pjsip: SIGSEGV in CLI if no trunk is registered
(Reported by Michael Maier)
* [ASTERISK-29217] LOCK() can grant the same lock to multiple
channels spuriously
(Reported by Jaco Kroon)
* [ASTERISK-29201] Crash occurs when Transfer and execute Hangup
before the Transfer result
(Reported by Dan Cropp)
* [ASTERISK-28947] Segmentation fault in mixmonitor_ds_destroy
(Reported by Robert Sutton)
* [ASTERISK-29191] tel: URI in Diversion header causes crash
(Reported by Mikhail Ivanov)
* [ASTERISK-28883] Spyee information ist missing in ChanSpyStop AMI
Event
(Reported by Hendrik Wedhorn)
* [ASTERISK-29188] null media causing the Asterisk crash
(Reported by sungtae kim)
* [ASTERISK-29209] Debug messages printed by scope trace might be
missing newlines
(Reported by Alexander Traud)
* [ASTERISK-29024] pjsip: Route Header in Cancel request incorrectly
set
(Reported by Flole Systems)
* [ASTERISK-29211] res_musiconhold: Segfault on realtime music on
hold without entries
(Reported by Nathan Bruning)
* [ASTERISK-29022] Crash when manipulating PJSIP invite dlg ref
counts
(Reported by Sean Bright)
* [ASTERISK-29173] Media cache URL requests allow infinite redirects
(Reported by Sean Bright)
* [ASTERISK-29175] res_pjsip_stir_shaken: Fix module description
(Reported by Stanislav Abramenkov)
* [ASTERISK-29148] AST_MODULE_INFO no, MODULEINFO depend
(Reported by Alexander Traud)
* [ASTERISK-28798] chan_sip: TCP/TLS client without server.
(Reported by Alexander Traud)
* [ASTERISK-29165] res_pjsip: malformed header Accept-Encoding in
OPTIONS response
(Reported by Alexander Greiner-Baer)
* [ASTERISK-29161] Incorrect setup of recall channels
(Reported by Boris P. Korzun)
* [ASTERISK-29155] app_queue: Deadlock between queues container and
individual queues
(Reported by George Joseph)
Improvements made in this release:
* [ASTERISK-28549] Two repeated 183
(Reported by Gant Liu)
* [ASTERISK-29216] contrib: systemd asterisk service for centos8 or
other newer linux versions
(Reported by Mark Petersen)
* [ASTERISK-29143] res_http_media_cache: HTTP media cache stored
hardcoded in /tmp
(Reported by laszlovl)
* [ASTERISK-29118] VoiceMail() should have an option to play
greetings as Early Media
(Reported by Juan Carlos Castro y Castro)
-----
The Asterisk Development Team would like to announce security
releases for Asterisk 13, 15 and 16. The available releases are
released as versions 13.28.1, 15.7.4 and 16.5.1.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2019-004: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
responds with a declined media stream a crash will then occur in Asterisk.
* AST-2019-005: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the
number of samples are examined and as part of this a message is output to
indicate that no samples are present. A change was done to suppress this
message for a particular scenario in which the message was not relevant. This
change assumed that information about the origin of a frame will always exist
when in reality it may not.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.7.4
The security advisories are available at:
https://downloads.asterisk.org/pub/security/AST-2019-004.pdfhttps://downloads.asterisk.org/pub/security/AST-2019-005.pdf
-----
The Asterisk Development Team would like to announce security
releases for Asterisk 13, 15 and 16, and Certified Asterisk 13.21.
The available releases are released as versions 13.27.1, 15.7.3,
16.4.1 and 13.21-cert4.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2019-002: Remote crash vulnerability with MESSAGE messages
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
* AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.7.3
The security advisories are available at:
https://downloads.asterisk.org/pub/security/AST-2019-002.pdfhttps://downloads.asterisk.org/pub/security/AST-2019-003.pdf
-----
The Asterisk Development Team would like to announce security
releases for Asterisk 15 and 16. The available releases are released
as versions 15.7.2 and 16.2.1.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.7.2
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2019-001.pdf
-----
The Asterisk Development Team would like to announce the release
of Asterisk 15.7.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 15.7.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following issue is resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-28222 - Regression: MWI polling no longer works
(Reported by abelbeck)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-15.7.1
-----
The Asterisk Development Team would like to announce the release
of Asterisk 15.7.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 15.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-28127 - Buffer overflow for DNS SRV/NAPTR records
(Reported by Jan Hoffmann)
* ASTERISK-28013 - res_http_websocket: Crash when reading HTTP
Upgrade requests
(Reported by Sean Bright)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-28076 - bridging: Asterisk crashes when receiving an
empty realtime text frame
(Reported by Emmanuel BUU)
* ASTERISK-28084 - app_queue: QueueMemberStatus Event flooding AMI
(Reported by Andrej)
* ASTERISK-28077 - res_pjsip: improve realtime performance on
CLI 'pjsip show contacts'
(Reported by Alexei Gradinari)
* ASTERISK-27920 - app_queue: Queue member considered inuse
after immediately hanging up during dialing.
(Reported by Cao Minh Hiep)
* ASTERISK-26094 - stasis: Playing MOH to bridge with ARI does not work
(Reported by Cameron)
* ASTERISK-28065 - res_odbc: missing SQL error diagnostic
(Reported by Alexei Gradinari)
* ASTERISK-28057 - chan_sip: SipNotify via AMI behaves
differently to CLI
(Reported by Peter Katzmann)
* ASTERISK-28045 - configure script does not enforce libunbound2 version
(Reported by Samuel Galarneau)
* ASTERISK-28070 - testsuite: Sniffer assumes pjmedia will use
ports below 10000
(Reported by Joshua C. Colp)
* ASTERISK-27854 - rtp: Crash in off-nominal case where RTP
instance can't be set up
(Reported by Lei Fu)
* ASTERISK-28059 - PJSIP: Update bundled PJPROJECT to version 2.8
(Reported by Joshua C. Colp)
* ASTERISK-27121 - res_pjsip_mwi: Memory leak on reload
(Reported by Sergej Kasumovic)
* ASTERISK-28047 - chan_pjsip: Declined video stream is added
when no video codecs configured and session refresh with removed
video stream occurs
(Reported by Will)
* ASTERISK-28049 - res_pjproject build failure
(Reported by Jaco Kroon)
* ASTERISK-28034 - chan_sip unstable with TLS after asterisk
start or reloads
(Reported by David Hajek)
* ASTERISK-28029 - [patch] res_musiconhold : music on hold will
not start if previous hold just reached end of file
(Reported by Frederic LE FOLL)
* ASTERISK-28005 - channel.c: ARI ring only once
(Reported by Hajek Michal)
* ASTERISK-28032 - Realtime queuemembers are not updated during
retry phase
(Reported by lvl)
* ASTERISK-27988 - alembic: PJSIP
"mwi_subscribe_replaces_unsolicited" field is integer not boolean
(Reported by Joshua C. Colp)
* ASTERISK-28020 - res_pjsip_transport_websocket: Properly set
'received' for IPv6
(Reported by Sean Bright)
* ASTERISK-28022 - res_pjsip realtime: uri column in
ps_contacts table can be too short
(Reported by Florian Floimair)
Improvements made in this release:
-----------------------------------
* ASTERISK-28046 - Remove stale nonoptreq references
(Reported by Walter Doekes)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-15.7.0
-----
The Asterisk Development Team would like to announce security
releases for Asterisk 15 and 16. The available releases are released
as versions 15.6.2 and 16.0.1.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of
Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS
SRV or NAPTR response. The attacker???s request causes Asterisk to segfault
and crash.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.6.2
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2018-010.pdf
-----
The Asterisk Development Team would like to announce security
releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.21.
The available releases are released as versions 13.23.1, 14.7.8,
15.6.1 and 13.21-cert3.
These releases are available for immediate download at
https://downloads.asterisk.org/pub/telephony/asterisk/releases
The following security vulnerabilities were resolved in these versions:
* AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
There is a stack overflow vulnerability in the res_http_websocket.so module of
Asterisk that allows an attacker to crash Asterisk via a specially crafted
HTTP request to upgrade the connection to a websocket. The attacker???s
request causes Asterisk to run out of stack space and crash.
For a full list of changes in the current releases, please see the ChangeLogs:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.6.1
The security advisory is available at:
https://downloads.asterisk.org/pub/security/AST-2018-009.pdf
-----
The Asterisk Development Team would like to announce the release
of Asterisk 15.6.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 15.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-28002 - When T.140 realtime text is negociated, a
lot of debug traces are generated
(Reported by Emmanuel BUU)
* ASTERISK-27881 - PBX calls via chan_sip TCP trunk now get
authentification error
(Reported by Ian Gilmour)
* ASTERISK-28011 - chan_sip: get_refer_info() attempted unlock
mutex 'peer' without owning it!
(Reported by Alec Davis)
* ASTERISK-27944 - res_pjsip_t38: Crash receiving 1xx responses
other than 100 before 200 for T.38 reINVITE
(Reported by Joshua Elson)
* ASTERISK-28007 - rtcp-mux is put in SDP answer regardless of offer
(Reported by Torrey Searle)
* ASTERISK-27398 - No joint capabilities with video and audio-only streams
(Reported by Benjamin Keith Ford)
* ASTERISK-27973 - app_queue: QUEUESTATUS = CONTINUE instead LEAVEEMPTY
(Reported by Valentin Safonov)
* ASTERISK-27997 - pjproject_bundled: Fix for Solaris builds.
Do not undef s_addr.
(Reported by Alexander Traud)
* ASTERISK-27999 - Wrong SRTP use status report
(Reported by Salah Ahmed)
* ASTERISK-28001 - res_pjsip_registrar: Improve performance of
inbound handling
(Reported by Joshua Colp)
* ASTERISK-27966 - pjsip: Race condition in 183 re transmission
can result in a deadlock
(Reported by Torrey Searle)
* ASTERISK-15331 - make menuselect fails due to undefined
symbols (initscr32, w32addch) in menuselect_curses.o
(Reported by Majdi Bsoul)
* ASTERISK-14935 - [regression] menuselect compilation failure
on Solaris 10
(Reported by Samuel Owens)
* ASTERISK-12382 - menuselect compilation failure on Solaris 10
/ gcc 3.4.3
(Reported by rleasure)
* ASTERISK-9107 - menuselect compilation failure on Solaris 10/gcc-4.1.1
(Reported by Bob Atkins)
* ASTERISK-27991 - BuildSystem: Enable Jansson in Solaris 11.
(Reported by Alexander Traud)
* ASTERISK-27548 - res_pjsip_endpoint_identifier_ip only
matches against "generic string" headers
(Reported by George Joseph)
* ASTERISK-27990 - res_rtp_asterisk: Requires OpenSSL in
Developer Mode.
(Reported by Alexander Traud)
* ASTERISK-27591 - Frack errors in stasis.c and memory leakage
(Reported by Siruja Maharjan)
* ASTERISK-27978 - res_pjsip: Change default transport
keepalive to preserve behavior
(Reported by Joshua Colp)
* ASTERISK-27968 - systemd: asterisk.service
(Reported by seanchann.zhou)
* ASTERISK-27880 - [patch] pjproject_bundled: Repair
./configure --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27810 - BASIC-RETRANS: Implement receive
(Reported by Benjamin Keith Ford)
* ASTERISK-27972 - res_sorcery_config: Allow object name based matching
(Reported by Joshua Colp)
* ASTERISK-25548 - stasis: Improve message type "Use of before
init/after destruction" error
(Reported by Joshua Colp)
* ASTERISK-27967 - srtp: rejecting short sdes lifetimes
incompatible with obihai ATAs
(Reported by Nick French)
* ASTERISK-27961 - res_pjsip: Spurious ERROR logging when
printing headers in sip_msg
(Reported by Nick French)
* ASTERISK-27563 - pjsip modules always get -O2 even when
DONT_OPTIMIZE is set
(Reported by George Joseph)
* ASTERISK-27957 - PJSIP proposes ICE candidates on answer even
if not in offer
(Reported by Torrey Searle)
* ASTERISK-27347 - [patch] pjproject_bundled: Disable TCP/TLS keep-alives.
(Reported by Alexander Traud)
* ASTERISK-27938 - [patch] Compile fails with `IPTOS_MINCOST' undeclared.
(Reported by Alexander Traud)
* ASTERISK-27955 - res_pjsip_session: sdp group:BUNDLE
attribute truncated
(Reported by Kevin Harwell)
* ASTERISK-27956 - res_pjsip_pubsub: segfault in function publish_expire
(Reported by Alexei Gradinari)
* ASTERISK-27949 - res_pjsip_rfc3326: A lot of endpoints do not
correctly handle two Reason headers
(Reported by Ross Beer)
* ASTERISK-27763 - res_pjsip_session: Initial INVITE with
audio+fax results in 488 instead of declining stream
(Reported by Thiago Coutinho)
* ASTERISK-27657 - res_pjsip_t38: ATA fails with hangupcause
58(Bearer capability not available)
(Reported by Jared Hull)
* ASTERISK-27080 - res_pjsip_t38: Slow T.38 re-invite rejection
if remote leg has T.38 disabled
(Reported by Torrey Searle)
* ASTERISK-26686 - res_pjsip: Lock inversion in transport management
(Reported by Ross Beer)
* ASTERISK-27939 - [patch] bridge_softmix_binaural: Enable
FFTW3 in Solaris 11.
(Reported by Alexander Traud)
Improvements made in this release:
-----------------------------------
* ASTERISK-28006 - PJSIP: Missing
"party=calling"/"party=called" in Remote-Party-ID
(Reported by Eric Dantie)
* ASTERISK-27995 - pjproject_bundled: Find shared libraries in
root --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27993 - pjsip_wizard example gives wrong info about
unsupported SRV records
(Reported by Jonathan Harris)
* ASTERISK-27970 - res_rtp_asterisk: T.140 packets containing
backspace or end of line are merged with regular text and it
causes some UA to break
(Reported by Emmanuel BUU)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-15.6.0
-----
The Asterisk Development Team would like to announce the release
of Asterisk 15.5.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 15.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following issues are resolved in this release:
Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27818 - Username bruteforce is possible when using
ACL with PJSIP
(Reported by John)
* ASTERISK-27807 - iostreams: Potential DoS when client
connection closed prematurely
(Reported by Sean Bright)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-27783 - res_pjsip_pubsub: apparent crash on shutdown
(Reported by Kevin Harwell)
* ASTERISK-27870 - app_confbridge: Conference bridge and
announcer channels are not removed if conference is ended as
soon as it starts
(Reported by Robert Mordec)
* ASTERISK-27943 - AMI: Action SendText needs to use the correct thread.
(Reported by Richard Mudgett)
* ASTERISK-27942 - res_pjsip_messaging doesn't accept
application/* content-types.
(Reported by George Joseph)
* ASTERISK-27909 - cdr: Deadlock with submit_scheduled_batch
and submit_unscheduled_batch
(Reported by Denis Lebedev)
* ASTERISK-27936 - res_pjsip_session doesn't update media when
a 200 comes in with a different port than a 183
(Reported by George Joseph)
* ASTERISK-26987 - pbx_dundi: Asterisk crashes when unloading
module pbx_dundi.so with dundi peers
(Reported by Kirsty Tyerman)
* ASTERISK-27933 - [patch] uuid: Enable UUID in Solaris 11.
(Reported by Alexander Traud)
* ASTERISK-27625 - channels: CHECK_BLOCKING is ineffective
(Reported by Corey Farrell)
* ASTERISK-27931 - [patch] BuildSystem: Enable ./configure in Solaris 11.
(Reported by Alexander Traud)
* ASTERISK-27926 - [patch] bootstrap.sh: find -maxdepth is not
POSIX compatible.
(Reported by Alexander Traud)
* ASTERISK-27903 - menuselect: GCC 8: restrict-qualified
parameter passed and aliased.
(Reported by Alexander Traud)
* ASTERISK-27914 - [patch] tests/test_utils: Repair ./configure
--with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27705 - chan_iax2: Stops listening for traffic
(Reported by Kirsty Tyerman)
* ASTERISK-27908 - [patch] crypto.h: Repair ./configure --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27905 - [patch] res_srtp: Repair ./configure --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27888 - SQL fetch error on query which return 0 columns
(Reported by Alexei Gradinari)
* ASTERISK-27902 - chan_pjsip isn't updating hangupcause on 4XX responses
(Reported by George Joseph)
* ASTERISK-27901 - [patch] ooh323c: GCC 8: output truncated
before terminating nul.
(Reported by Alexander Traud)
* ASTERISK-27872 - res_pjsip: Modified qualify_frequency
doesn't effect until pjsip reload
(Reported by Alexei Gradinari)
* ASTERISK-27094 - res_fax: Deadlock when using Local channels
and fax gateway
(Reported by David Brillert)
* ASTERISK-27848 - rtp: DTMF Breaks With telephony-event/16000
(Reported by Dominic)
* ASTERISK-25261 - Manager events for MeetMe have incorrectly
documented key name 'Usernum' - should be 'User'
(Reported by Francois Blackburn)
* ASTERISK-27878 - [patch] tcptls.h: Repair ./configure --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27876 - [patch] tcptls: Allow OpenSSL configured with no-dh.
(Reported by Alexander Traud)
* ASTERISK-27874 - [patch] tcptls: Allow OpenSSL 1.1.x
configured with enable-ssl3-method no-deprecated.
(Reported by Alexander Traud)
* ASTERISK-27845 - Codec-Change Re-INVITE during DTMF can cause
marker bit error
(Reported by Torrey Searle)
* ASTERISK-27831 - res_rtp_asterisk: Add support for
abs-send-time RTP extension
(Reported by Joshua Colp)
* ASTERISK-27863 - config/ast_destroy_realtime_fields:
successful DELETE is treated as failed
(Reported by Alexei Gradinari)
* ASTERISK-27865 - [patch]: tcptls: Repair ./configure --with-ssl=PATH.
(Reported by Alexander Traud)
* ASTERISK-27760 - Asterisk ODBC Voicemail Prompt storage fails
with recent MariaDB version.
(Reported by Nic Colledge)
* ASTERISK-27853 - Incorrect error reported when
leaving/retrieving a ODBC voicemail
(Reported by Nic Colledge)
* ASTERISK-27726 - chan_mobile: presents incorrect inbound
Caller-ID names
(Reported by Brian)
* ASTERISK-27861 - [patch] res_pjsip_endpoint_identifier_ip:
Unregister the module for headers.
(Reported by Alexander Traud)
* ASTERISK-27860 - [patch] res_pjsip: Register
pjsip_transport_management not externally but internally.
(Reported by Alexander Traud)
* ASTERISK-27852 - cli: "manager show settings" mislabels HTTP
timeout as being minutes.
(Reported by Corey Farrell)
* ASTERISK-27824 - Fix issues exposed by GCC 8
(Reported by George Joseph)
* ASTERISK-27850 - [patch] rtp_engine: Allow Media Formats with
add_static_payload(-1) on egress again.
(Reported by Alexander Traud)
* ASTERISK-27811 - [patch] sip_to_pjsip: Enable python3 compatibility.
(Reported by Alexander Traud)
* ASTERISK-27841 - digest over for manager (ami) over http
fails on too long uris
(Reported by Jaco Kroon)
* ASTERISK-26570 - Macro allows an infinite loop of dialplan
inclusion resulting in a crash
(Reported by Tzafrir Cohen)
* ASTERISK-27801 - Asterisk got stuck while enabling "ari set
debug all on"
(Reported by shaurya jain)
* ASTERISK-27795 - chan_sip: one way / no audio with srtp
(Reported by Florian Kaiser)
* ASTERISK-27800 - One way audio when calling from Asterisk(sip
trunk) to another number where both are connected to a SBC using
TLS+SRTP
(Reported by Artur Pires)
* ASTERISK-26806 - pjsip_options: rework to make more efficient
(Reported by Kevin Harwell)
* ASTERISK-27814 - translate: interpolated frames are not
passed through
(Reported by Kevin Harwell)
* ASTERISK-27812 - When the ooh323 debug is on there is no
ringing signal to incoming calls via H323 trunk.
(Reported by Dimos)
* ASTERISK-26893 - No "alert" or "progress" in chan_ooh323 if
debug is enabled only on the module
(Reported by Marco Giordani)
* ASTERISK-27639 - [patch] BuildSystem: Enable IMAP storage on
FreeBSD and DragonFly BSD.
(Reported by Alexander Traud)
* ASTERISK-27804 - bridge_softmix / app_confbridge: Add support
for combining REMB reports
(Reported by Joshua Colp)
* ASTERISK-27418 - app_confbridge: "core show profile bridge"
does not output "sfu" when video_mode is sfu
(Reported by Carlos Chavez)
* ASTERISK-27808 - [patch] chan_vpb: Avoid GNU old-style field
designator extension.
(Reported by Alexander Traud)
Improvements made in this release:
-----------------------------------
* ASTERISK-27929 - [patch] BuildSystem: Enable autotools in Solaris 11.
(Reported by Alexander Traud)
* ASTERISK-27752 - Ten seconds of silence after mp3 playback
(Reported by Sam Wierema)
* ASTERISK-27910 - [patch] res_rtp_asterisk: Allow OpenSSL
configured with no-deprecated.
(Reported by Alexander Traud)
* ASTERISK-27906 - [patch] res_crypto: Allow OpenSSL configured
with no-deprecated.
(Reported by Alexander Traud)
* ASTERISK-27877 - app_confbridge: Add talking indicator for
ConfBridgeList AMI response
(Reported by William McCall)
* ASTERISK-27873 - documentation: Error on wiki description of
Asterisk 13 "MeetmeMute" event
(Reported by Alessandro Polidori)
* ASTERISK-27846 - ast_coredumper: Fix OUTPUT directory
(Reported by Ted G)
* ASTERISK-27867 - [patch] libasteriskssl: Allow OpenSSL 1.0.2
configured with no-deprecated.
(Reported by Alexander Traud)
* ASTERISK-27796 - res_hep: Allow create_address to resolve a
provided hostname
(Reported by Sebastian Gutierrez)
* ASTERISK-27820 - [patch] Add DragonFly BSD.
(Reported by Alexander Traud)
* ASTERISK-27793 - cppcheck identifies redundant "if"
(Reported by Ilya Shipitsin)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-15.5.0
