This release brings:
- fewer dependencies (both "purple" and "sofia-sip" modem backends are now
maintained externally, likewise for the "locker" plug-in)
- easier integration of third-party extensions (with pkg-config)
- improvements to the user interface
- spanish translation
- minor bugfixes
but the format string specifies %d.
As all of them are time differences, and a fax transmission shouldn't
need more than 2^31 (normally not even 2^15) seconds, cast to (int),
like already in a few other places.
Needed because sizeof(time_t) > sizeof(int) in NetBSD-6 and later.
ok wiz@
pkgsrc changes:
* No longer use Makefile.common now that py-gammu is released as a separate
package by upstream too.
Changes:
2.3
===
* License changed tp GPL version 2 or later.
* Documentation improvements.
2.2
===
* Documentation improvements.
* Code cleanups.
2.1
===
* Include data required for tests in tarball.
* Include NEWS.rst in tarball.
* Fixed possible crash when changing debug file.
* Fixed various errors found by coverity.
2.0
===
* Separate Python module.
* Compiles using distutils.
* Support Python 3.
ok wiz@.
pkgsrc changes:
* Now comms/gammu depends on devel/libusb1 (instead of devel/libusb)
* Get rid of Makefile.common: it is no more needed now that comms/py-gammu is
distribuited also upstream as a separate package.
Changes:
20150814 - 1.36.4
[-] * Use advisory locking to prevent two Gammu instances share one device.
[!] * Include child process stdout and stderr in SMSD logs to ease debugging.
[-] * Fix string quoting with ODBC driver.
[+] * Added RunOnSent option to SMSD.
[+] * Store message reference in outbox in files SMSD.
[-] * Improved C API documentation in manual.
20150707 - 1.36.3
[-] * Updated list of GSM country codes and networks.
[-] * Fixed bash completition install path (Ville Skyttä).
[-] * Better logging of delivery report failures in SMSD.
[-] * Improved support for Huawei E3372.
20150615 - 1.36.2
[-] * Fixed compilation using MSVC.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Documentation improvements.
[-] * Fixed smsd startup with non existing folders.
[-] * Fixed possible stack overflows on Windows.
20150520 - 1.36.1
[-] * Compatibility with libdbi from git.
[-] * Fix siemenssatnetmon (Daniel Glöckner).
[-] * Fixed reconnecting to SQL server.
[+] * Don't split a surrogate pair between message segments (David Brown).
20150413 - 1.36.0
[!] * The python-gammu module is now shipped separately.
[!] * Removed usage of __TIME__ and __DATE__ macros in codebase.
[-] * Fixed encoding of special chars to iCalendar format.
[-] * Fixed decoding of priority from vTODO.
[-] * Avoid infinite loops with ignored messages.
[-] * Improved stability of checking phone SMS memory.
[-] * Fixed parsing of some backup files.
20150302 - 1.35.0
[-] * Fixed encoding of UTF-8 for higher code points.
[-] * Improved provided udev rules.
[-] * Fixed possible lock while getting network status in SMSD.
[-] * Various localization updates.
20141230 - 1.34.0
[+] * Add phone power ON/OFF function.
[!] * Removed deprecated Python modules gammu.Data and gammu.Worker.
[+] * Store network name and code in SMSD tables.
[-] * Fixed build with recent clang compiler.
[-] * Fixed several possible issues found by Coverity scan.
[-] * Fixed possible crash on SMSD startup.
[-] * Fixed decoding unicode SMS messages.
[-] * Added identification for several Nokia phones.
[-] * Fixed compilation issues on various platforms.
[-] * SMSD now honors loglevel for all logging targets.
[+] * SMSD can automatically hangup incoming calls.
[-] * Correctly detect Network errors.
minor features
pkgsrc changes:
- new version of core sounds
- add options for SNMP and PostgreSQL from Mike Bowie in PR/49661
and by popular demand
- add back support for menuselect personalization as that's how I was
doing menuselect non-interactively
- XXX need to look at a better way of doing this
- disable PJSIP for now as it doesn't work well on NetBSD from Mike Bowie
Since I added an option for PostgreSQL I also looked at adding an
option for directly using MySQL. Turns out that all the MySQL
modules are in the addons directory and are marked as being
deprecated. So I didn't bother. While investigating this, I also
noted that all the pgsql modules are marked as "extended" support.
This basically means that it is supported by the community, but
there is no one person listed as being responsible who would take
the lead for maintaining them. This basically means that they are
unsupported / low priority. See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States .
Also with the pgsql modules, there is no way to do a database query
from the dialplan. Thus it is recommended to use the unixodbc
option as the modules are supported and offer the most functionality.
-----
The Asterisk Development Team has announced the release of Asterisk 11.19.0.
The release of Asterisk 11.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25250 - chan_sip - Despite the channel being answered,
caller on a call established via Local channel continues to hear
ringback (Reported by Etienne Lessard)
* ASTERISK-25247 - choppy audio when spying on a g722 channel,
chan_sip or chan_pjsip (Reported by hristo)
* ASTERISK-24853 - Documentation claims chan_sip outbound
registrations support WS or WSS as valid transports (not true)
(Reported by PSDK)
* ASTERISK-25257 - [patch]channels/sig_pri.h -> sig_pri_span ->
force_restart_unavailable_chans in wrong scope (Reported by
Patric Marschall)
* ASTERISK-25103 - Roundup - investigate Asterisk DTLS crashes
(Reported by Rusty Newton)
* ASTERISK-22805 - res_rtp_asterisk: Crash when calling
BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP
(Reported by Dmitry Burilov)
* ASTERISK-24550 - res_rtp_asterisk: Crash in
ast_rtp_on_ice_complete during DTLS handshake (Reported by
Osaulenko Alexander)
* ASTERISK-24651 - [patch] Fix race condition in DTLS (Reported by
Badalian Vyacheslav)
* ASTERISK-24832 - [patch]DTLS-crashes within openssl (Reported
by Stefan Engström)
* ASTERISK-25127 - DTLS crashes following "Unable to cancel
schedule ID" in dtls_srtp_check_pending (Reported by Dade
Brandon)
* ASTERISK-25213 - [patch]Possibility of deadlock in chan_sip
INVITE early Replace code (Reported by Walter Doekes)
* ASTERISK-25220 - [patch]Closing of fd -1 in chan_mgcp.c
(Reported by Walter Doekes)
* ASTERISK-25219 - [patch]Source and destination overlap in memcpy
in rtp_engine.c (Reported by Walter Doekes)
* ASTERISK-25212 - [patch]Segfault when using DEBUG_FD_LEAKS
(Reported by Walter Doekes)
* ASTERISK-19277 - [patch]endlessly repeating error: "poll failed:
Bad file descriptor" (Reported by Barry Chern)
* ASTERISK-25202 - Hints extension state broken between 13.3.2 and
13.4 (Reported by cervajs)
* ASTERISK-25154 - [patch]fromtag may need to be updated after
successful call dialog match (Reported by Damian Ivereigh)
* ASTERISK-25139 - Malicious transfer sequence locks up Asterisk
(Reported by Gregory Massel)
* ASTERISK-25094 - PBX core: Investigate thread safety issues
(Reported by Corey Farrell)
* ASTERISK-22559 - gcc 4.6 and higher supports weakref attribute
but asterisk doesn't detect it. (Reported by ibercom)
* ASTERISK-24717 - ASAN: global-buffer-overflow codec_{ilbc | gsm
| adpcm | ipc10} (Reported by Badalian Vyacheslav)
* ASTERISK-25100 - asterisk coredump if host has an IPv6 address
that end with ::80 (Reported by Mark Petersen)
Improvements made in this release:
-----------------------------------
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.19.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.18.0.
The release of Asterisk 11.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25112 - Logger: Configuration settings are not reset to
default during reload. (Reported by Corey Farrell)
* ASTERISK-24887 - [patch]tags in a=crypto lines do not accept 2
or more digits (Reported by Makoto Dei)
* ASTERISK-24944 - main/audiohook.c change prevents G722 call
recording (Reported by Ronald Raikes)
* ASTERISK-25083 - Message.c: Message channel becomes saturated
with frames leading to spammy log messages (Reported by Jonathan
Rose)
* ASTERISK-25041 - [patch]Broken column type checking in
res_config_mysql addon (Reported by Alexandre Fournier)
* ASTERISK-21893 - Segfault after call hangup, in
ast_channel_hangupcause_set, at channel_internal_api.c (Reported
by Alexandr Gordeev)
* ASTERISK-25074 - Regression: Recent clang-related change broke
cross compiling of Asterisk (Reported by Sebastian Kemper)
* ASTERISK-25042 - asterisk.conf options override command-line
options. (Reported by Corey Farrell)
* ASTERISK-24442 - Outgoing call files don't work properly when
set in the future (Reported by tootai)
* ASTERISK-25034 - chan_dahdi: Some telco switches occasionally
ignore ISDN RESTART requests. (Reported by Richard Mudgett)
* ASTERISK-25038 - Queue log "EXITWITHTIMEOUT" does not always
contain waiting time (Reported by Etienne Lessard)
* ASTERISK-22708 - res_odbc.conf negative_connection_cache option
not respected, failover between DSNs doesn't work (Reported by
JoshE)
* ASTERISK-25028 - Build System: Unneeded defines in
asterisk/buildopts.h (Reported by Corey Farrell)
* ASTERISK-19608 - Asterisk-1.8.x starts rejecting calls with
cause code 44 after some time. (Reported by Denis Alberto
Martinez)
* ASTERISK-24976 - cdr_odbc not include new columns added on 1.8
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25022 - Memory leak setting up DTLS/SRTP calls
(Reported by Steve Davies)
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by not here)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-24955 - res_fax: v.27ter support baud rate of 2400,
which is disallowed in res_fax's check_modem_rate (Reported by
Matt Jordan)
* ASTERISK-24916 - Increasing memory usage when multiple reinvite
during call (Reported by Christophe Osuna)
* ASTERISK-19538 - Asterisk segfaults on sippeers realtime
redundancy (Reported by Alex)
* ASTERISK-24749 - ConfBridge: Wrong language on playing
conf-hasjoin and conf-hasleft when played to bridge (Reported by
Philippe Bolduc)
* ASTERISK-24991 - Check for ao2_alloc failure in
__ast_channel_internal_alloc (Reported by Corey Farrell)
* ASTERISK-24895 - After hangup on the side of the ISDN network no
HangupRequest event comes for the dahdi channel. (Reported by
Andrew Zherdin)
* ASTERISK-24774 - Segfault in ast_context_destroy with
extensions.ael and extensions.conf (Reported by Corey Farrell)
* ASTERISK-24975 - Enabling 'DEBUG_THREADLOCALS' Causes the Build
to Fail (Reported by Ashley Sanders)
* ASTERISK-24959 - [patch]CLI command cdr show pgsql status
(Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-24954 - Git migration: Asterisk version numbers are
incompatible with the Test Suite (Reported by Matt Jordan)
* ASTERISK-21777 - Asterisk tries to transcode video instead of
audio (Reported by Nick Ruggles)
* ASTERISK-24380 - core: Native formats are set to h264 with
certain audio/video codec configuration, resulting in path
translation WARNINGs (Reported by Matt Jordan)
* ASTERISK-22352 - [patch] IAX2 custom qualify timer is not taken
into account (Reported by Frederic Van Espen)
* ASTERISK-24894 - [patch] iax2_poke_noanswer expiration timer too
short (Reported by Y Ateya)
* ASTERISK-23319 - Segmentation fault in queue_exec at app_queue.c
(Reported by Vadim)
* ASTERISK-24847 - [security] [patch] tcptls: certificate CN NULL
byte prefix bug (Reported by Matt Jordan)
* ASTERISK-21211 - chan_iax2 - unprotected access of
iaxs[peer->callno] potentially results in segfault (Reported by
Jaco Kroon)
* ASTERISK-18032 - [patch] - IPv6 and IPv4 NAT not working
(Reported by Christoph Timm)
* ASTERISK-24942 - Voicemail API: message is deleted when
destination mailbox is at maxmsg (Reported by Scott Griepentrog)
* ASTERISK-24932 - Asterisk 13.x does not build with GCC 5.0
(Reported by Jeffrey C. Ollie)
* ASTERISK-21854 - Long Asterisk-version strings display
improperly in the 'Connected to ...' line upon remote console
connection (Reported by klaus3000)
* ASTERISK-24155 - [patch]Non-portable and non-reliable recursion
detection in ast_malloc (Reported by Timo Teräs)
* ASTERISK-24142 - CCSS: crash during shutdown due to device
lookup in destroyed container (Reported by David Brillert)
* ASTERISK-24683 - Crash in PBX ast_hashtab_lookup_internal during
core restart now (Reported by Peter Katzmann)
* ASTERISK-24805 - [patch] - ASAN: Race condition
(heap-use-after-free) on asterisk closing (Reported by Badalian
Vyacheslav)
* ASTERISK-24881 - ast_register_atexit should only be used when
absolutely needed (Reported by Corey Farrell)
* ASTERISK-24864 - app_confbridge: file playback blocks dtmf
(Reported by Kevin Harwell)
* ASTERISK-14233 - [patch] Buddies are always auto-registered when
processing the roster (Reported by Simon Arlott)
* ASTERISK-24780 - [patch] - Buddies are always auto-registered
when processing the roster (Reported by Simon Arlott)
Improvements made in this release:
-----------------------------------
* ASTERISK-24744 - Swedish Core Voice prompts (Reported by Tove
Hjelm)
* ASTERISK-25043 - [patch] Avoiding ERR_remove_state in OpenSSL
(Reported by Alexander Traud)
* ASTERISK-24917 - [patch] clang compilation warnings (Reported by
Diederik de Groot)
* ASTERISK-25040 - pbx: Improve performance of reloads by making
hint destruction more performant (Reported by Matt Jordan)
* ASTERISK-24965 - cel_pgsql - log_error string references CDR
instead of CEL (Reported by Rodrigo Ramirez Norambuena)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.18.0
Thank you for your continued support of Asterisk!
---
- Fix buffering for funny sample formats (namely, 24 bit), that do not
fit nicely into 32768 bytes. Effect was a nasty endless loop where
mpg123 needs to be externally killed.
1.22.1
---
- Fix mpg123-id3dump when writing images with funny (manipulated) MIME type.
Stupid mistake in length computation of the fallback file extension caused
junk from memory being appended to the filename if the pointer size
is less than 64 bit. For 64 bit pointers (or longer) it was correct by
accident.
- Fix pedantic build by cleaning up out123 source, also now really showing
the encoding list in --longhelp instead of possibly, again, writing junk
from memory in there.
- Not linking libmpg123 against libltdl anymore (bug 215).
- Update MSVC++ ports a bit to make them work again.
Xfce 4 Modem Lights panel plugin is intended to simplify establishing a ppp
connection via a modem. It is primarily designed to work with the debian ppp
package and the pon/poff scripts provided by that package, but should be usable
with any scripts that create a lock file during dialing and retain it through
the connection.
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
NB: I'm not game enough to do it in the freeze, but it looks like the
JVM version detection patching could be removed - it appears no longer
necessary now that Pkgsrc passes in the correct RXTX_PATH and JHOME_PATH
itself. At any rate, adding version 8 is not required for the oracle-jdk8
build to complete smoothly.
While here restore old behaviour of not alphabetically sorting memos by default.
Changes since 1.8.1:
1.8.2 - 05/18/14
Many bug fixes
Fixed VCard output
Added export for B-Folders
Added export for KeePassX
Changed the "enye" letter in Manana an "n", got tired of it causing problems
(Ma\303\261ana to Manana)
Made lots of stupid code changes to make the compiler warnings go away
pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only
-----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected. This potentially allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.17.0.
The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
with replaces (Reported by Eelco Brolman)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.16.0.
The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
The ConfBridge application uses an internal bridging API to implement
conference bridges. This internal API uses a state model for channels within
the conference bridge and transitions between states as different things
occur. Unload load it is possible for some state transitions to be delayed
causing the channel to transition from being hung up to waiting for media. As
the channel has been hung up remotely no further media will arrive and the
channel will stay within ConfBridge indefinitely.
In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
AMI ConfbridgeStartRecord Action
The CONFBRIDGE dialplan function when executed from an external protocol (such
as AMI) can result in a privilege escalation as certain options within that
function can affect the underlying system. Additionally, the AMI
ConfbridgeStartRecord action has options that would allow modification of the
underlying system, and does not require SYSTEM class authorization in AMI.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
... sorry some 300 lines of ChangeLog
=========
20130529 - 1.33.00
[-] * Various translation improvements.
[-] * Improved support for Huawei E173, thanks to Gautier Minster.
[-] * Fixed buffer overflow in MMS decoder.
[-] * Fixed several memory leaks.
[-] * Improved compatibility with Qualcomm devices (bug #1654).
[-] * Various documentation improvements.
[-] * Updated version of sms-gammu2android, thanks to Shadow Walker.
[-] * Fixed compilation on Mac OS X, thanks to Soren Jorvang.
[-] * Fixed SMSD with CheckSecurity = 0 (bug #1672).
20120627 - 1.32.0
[-] * Fixed auto installation of EventLog registry.
[-] * Improved support for Arduino GPRS shield (bug #1592).
[-] * Fixed communication with Cross PD1101wi (bug #1617).
[-] * Ignore another unknown block in Nokia phonebook (bug #1614).
[-] * Do not encode number when setting up diverts.
20120224 - 1.31.90
[-] * Improved compatibility with ES75 (bug #1586).
[!] * Changed API for call diverts.
[+] * Added support for call diverts in Python API.
[+] * AT backend supports manipulating with call diverts.
[+] * Added support for suspending/resuming SMSD using SIGUSR1/2.
[!] * Changed protocol for S60 applet.
[+] * S60 applet now handles SMS with new lines.
[+] * Improved support for Windows Event Log.
20111221 - 1.31.0
[-] * Fixed compilation with latest libusb.
[-] * Improved error handling in SQL backend of SMSD.
[-] * SMSD documentation improvements.
[-] * Indonesian translation updates.
20111213 - 1.30.92
[-] * Improved vCard parser to better handle location for various fields, thanks to Vladimir Serbinenko for initial patch.
[-] * Fixed reading calls from some Nokia phones (bug #1553).
[-] * Improved text mode SMS parsing in AT driver, thanks to Vladimir Serbinenko.
[-] * Use glib's MD5 implementation if available.
20111129 - 1.30.91
[+] * Improved documentation for configuring Gammu.
[-] * Fixed parsing birthday from vCard in some cases.
[+] * Added option not to use configured logging in SMSD inject and monitor (bug #1539).
[+] * Added SMSD configuration LogFacility (bug #1539).
[-] * Fixed reading of data from OBEX phones (LP#891803).
[-] * Fixed double reply detection (bug #1544).
[-] * Increase maximal number of caller groups (bug #1541).
[-] * Cancel all calls on maketerminated call if we don't get call ID.
[-] * Fixed SMSC handling in some cases in SMSD (bug #1547).
20111107 - 1.30.90
[-] * Various documentation improvements.
[-] * Detect Alcatel style reply on CPIN response (bug #1502).
[-] * Fix build on some Win32 systems (bug #1496).
[-] * Make jadmaker handle names with spaces (Rapha l Droz).
[-] * Display 8-bit messages in hex (Nicolas Pitre).
[-] * Do not use AT+CUSD=2 on some phones (bug #1508).
[-] * Fixed gammu-monitor with Windows service (bug #1515).
[-] * Cleanup of contrib directory.
[-] * Better support for Samsung AT phones (bug #1513).
[-] * Fixed handling of MMS notification SMSes (bug #1530).
[-] * Fixed CPIN reply handling (bug #1532).
[+] * SMSD checks for PIN status just after connect (bug #1532).
[-] * Fixed various MSVC compilation issues.
20110719 - 1.30.0
[*] * Improved SMSD logging of configuration settings.
[-] * Fix possible crash in fbus2 driver.
[-] * Fix possible crash of ODBC driver on Windows (bug #1482).
[-] * Fixed usage of dbi plugins from Python module.
20110607 - 1.29.93
[-] * Properly initialize atobex driver with Sony-Ericsson phones.
[-] * Updated list of country and network codes.
[-] * Escape fields in SQL queries (bug#1415).
[-] * Escape fields in PostgreSQL SQL script (bug#1415).
[-] * Default to GSM encoding for text messages in SQL backend for SMSD.
[-] * Add option to override which SQL dialect to use in SMSD (bug #1427).
[-] * Improved m-obex protocol support, thanks to Vladimir Serbinenko.
[-] * Various fixes for Samsung B2100, thanks to Vladimir Serbinenko.
[-] * Fix check for AT+CPROT support (bug #1438).
[-] * Fix memory leak in s60 protocol driver (bug #1441).
[-] * Reverted change to SignalStrength because of SQL escaping we have now (bug #1380).
[-] * Improved vCard parser to handle vCards from Gmail.
[-] * Fixed LDIF parser to cope with multiple LDIF in single file.
20110315 - 1.29.92
[-] * Documentation improvements and fixes.
[-] * Saner error handling in Windows serial driver.
[-] * Cleanup in SMSD internals.
[+] * Added ODBC driver to SMSD.
20110225 - 1.29.91
[+] * Added screenshot function for Sony-Ericssonn phones (M rton N meth).
[-] * Fixed parsing of some Nokia SMSes (bug #1402).
[-] * Properly report error on deleting non deletable entries (bug #1396).
[-] * Slower switch from m-obex to AT (bug #1382).
[-] * Faster initialization for AT phones without enabled echo.
20110210 - 1.29.90
[-] * Fix detection of MySQL libraries (bug #1370).
[!] * Changed default connection settings to at and ttyACM0 (bug #1078).
[+] * Add new API call to abort existing operation (bug #1155).
[+] * Change database structure to avoid using reserved word Signal (bug #1380).
[+] * Possibility to limit time of day for SMS in SMSD (bug #1203).
[-] * Enforce limits on SMS payload length.
[+] * Made GSM_SMSCounter public (bug #1356).
[+] * Support for S60 phones using Series60 applet (bug #423).
[-] * Do not fail on 0x7b field in Nokia 3600s phonebook (bug #1385).
[!] * Disabled two stage probing for most protocols.
[-] * Fixed saving of SMS backups (bug #1392).
[+] * Screenshot functionality for DCT4 phones (bug #1390).
20110119 - 1.29.0
[+] * Added option to enter new PIN when entering PUK, thanks to Peter
Stuge for pointing out this requirement.
[-] * Improved documentation of SMSD backend services.
20110107 - 1.28.95
[-] * Fix decoding of SMS without date on DCT4 phones (bug #1368).
[+] * Added gammu-detect tool to detect available devices on system.
[-] * Fixed parsing of Philips reply to SPBR (bug #1366).
[-] * Fixed testsuite not to depend on system timezone.
[-] * Check if phone is waiting for requested security code before
entering.
[-] * Fixup invalid international numbers with double prefix (+00) in
SMS (bug #1364).
[-] * Fixed m-obex protocol implementation, thanks to Matthieu Patou (bug #1375).
[-] * Fixed build on Mac OS X, thanks to Matthieu Patou (bug #1374).
[-] * Fixed decoding of some SMS messages on S40 phones (bug #1243).
20101227 - 1.28.94
[+] * New convertbackup command to convert between backup formats.
[+] * Changed database structure to version 12, you need to upgrade it.
[-] * Try harder to find dn for LDIF export (bug #1363).
[-] * Better names for some fields in LDIF export (bug #1363).
[-] * Implement parsing of LDIF for all fields we save (bug #1363).
[-] * Various minor fixes in SMSD SQL backend.
[-] * Improved test suite coverage.
[-] * Improved dummy driver to allow more testing.
20101202 - 1.28.93
[+] * New SMSD configuration RunOnFailure.
[-] * Fix invalid SQL when storing 8bit SMS (bug #1329).
[-] * Probe if phone supports m-obex protocol (bug #1286).
[+] * Experimental support fo m-obex protocol (bug #1286).
[-] * Fix detection of delivery reports in MySQL and PostgreSQL backends
(bug #313).
[+] * Include udev rules for Nokia phones (bug #1251).
[-] * Fix parsing LG VX9200 reply on getting battery state (bug #1264).
[-] * Fix handling of SMS text mode (bug #1189).
[!] * Default to no retries of the send commands on the link.
[-] * Wait for more USSD replies on getussd command (bug #1346).
[!] * New unified SQL SMSD backend handling all SQL databases.
[+] * SQL queries in SQL SMSD backend can be configured.
20101004 - 1.28.92
[+] * New SMSD config option HardResetFrequency.
[+] * Gammu now supports freedesktop.org/XDG specs for config file
locations and reads ~/.config/gammu/config.
[-] * Increase timeout for AT+CMGL (bug #1317).
[+] * Added support for optional delivery report parts as defined by
ETSI 123 040, section 9.2.2.3 (bug #1304).
[+] * SMSD database host configuration is now named "host" not "PC".
20100916 - 1.28.91
[-] * Fixed locales compilation/support.
[-] * Set memory to use for MPBR/SBNR/SPBR commands as well (bug #1128).
[-] * Handle errors from CMGL same way as from CMGR (bug #1211).
[-] * Fixed parsing of AT+CPMS=? reply (bug #1296).
[+] * Implemented matching by serial number.
[+] * SMSD can now be configured just for sending/receiving.
[-] * Fixed battery status for S40 phones (bug #1301).
[-] * Improved compatibility with Motorola phonebook (bug #1128).
[+] * Lot of documentation improvements, check <http://wammu.eu/docs/devel/docs/>.
20100827 - 1.28.90
[-] * Fixed handling of empty reply on CREG/CGREG (bug #1245).
[-] * Prefer storing delivery reports over forwarding them.
[-] * Fix leak and crash when handling MMS notifications in Python.
[-] * Fixed parsing of date from AT phones (bug #1256).
[-] * Simplify handling text comment in SMS backup to keep new lines.
[+] * New command gammu battery.
[-] * Fail to send SMS without set SMSC.
[-] * Avoid updating SMSD backend frequently than StatusFrequency defines.
[-] * Store SIM phonebook to vCard on backup (bug #1281).
[-] * Fixed waiting for multipart messages (bug #1279).
[-] * Fixed crash on too long GPRS access point names in backup (bug #1267).
[-] * Fallback to using SMSC from phone in SMSD if none provided.
[-] * Improved guessing of HEX/GSM charsets for phone number in AT engine.
20100712 - 1.28.0
[+] * Support for adding notes using addnew command.
[-] * Better log errors when moving message in SMSD.
[!] * Removed checkfirmware command as the server is not existing anymore.
[-] * Proper closing of Bluetooth sockets on Windows (bug #1239).
[-] * Properly decode another way of MMS notification SMS.
[+] * Support for selecting USB device to use on Linux.
[-] * Fix storing text in SMS backup comment for multiline SMS.
[-] * Fixed crash when passing invalid parameters to SMS encoder.
20100629 - 1.27.95
[+] * Support for getting packet network state (bug #1220).
[-] * Fix parsing of AT replies from Nokia 2730 (bug #1224).
[-] * Nokia E61 needs encoded USSD requests (bug #1228).
[!] * Rename Port configuration directive to Device.
[-] * Try to reconnect after lost connection to MySQL error.
[-] * Actually enable -f processing in SMSD.
[+] * Configurable number of backend retries.
[-] * Prefer GSM charset for USSD requests (bug #1228).
20100603 - 1.27.94
[-] * Fixed folder detection for Nokia S40 phones (bug #1191).
[-] * Fixed smsd-inject for long messages.
[-] * Fixed waiting for more multipart messages (bug #1193).
[-] * Fixed parsing of cellid reply with different locales (bug #1202).
[-] * Fixed handling of timeouts from libusb (bug #1207).
[-] * Properly detect birthday on Nokia 2700 (bug #1213).
[-] * Provide fallback value for note type (bug #1213).
[-] * Rewritten parsing of CREG: reply to properly parse all replies (bug #1220).
20100413 - 1.27.93
[-] * Fix crash when SMS in Nokia has too many recipients (bug #1136).
[-] * Better handling of Bluetooth errors on Windows (bug #1146).
[-] * Build with -Wl,--as-needed to avoid not required dependencies.
[-] * Python module now uses more PEP-3 compliant naming.
[-] * Fix compilation while disabling some features.
[-] * Include message reference in FILES backend logs for SMSD.
[-] * Fix crash when adding file to Nokia (bug #1163).
[+] * Added function EncodePDU to python-gammu.
[-] * Fix storing message status on multiple delivery reports (bug #1167).
[-] * Force AT^SBNR support on Siemens AX75.
20100217 - 1.27.92
[+] * Write support for Siemens phonebook (bug #1129).
[-] * Properly decode UTF-8 version 3.0 vCards (bug #1132).
[-] * Fixed wrong counting of favorite messaging numbers (bug #1010).
[+] * Implement SendDTMF in Python bindings.
20100204 - 1.27.91
[-] * Add ID for Nokia 6275i (bug #1096).
[-] * Fix Windows build by not defining MSVC version.
[-] * Correctly use first entry location in MPBR (bug #1076).
[-] * Avoid buffer overrun when parsing SM30 SMS (bug #1110).
[-] * Properly detect user home directory.
[+] * Improved MMS notifications encoding.
[+] * Allow to specify MMS notification class.
[+] * Implemented decoding of MMS notification (bug #1100).
[+] * SMSD now properly groups multipart messages together.
[+] * New NULL service for SMSD.
[+] * RunOnReceive now gets environment variables with SMS data.
[-] * Fixed AT lines splitting to work properly with quotes.
[-] * Separate getting information for Motorola phones (bug #1076).
[-] * Fixed reading of Samsung contacts (bug #1105).
[-] * Re-enable classic AT commands for adding Samsung contact (bug #1105).
[+] * SMSD no longer requires support for SMS status, so it works with Nokia S40 phones.
[-] * Fix finding of empty location for some AT phones (bug #1119).
[-] * Restore phone phonebook also to phones not supporting status (bug #1122).
[-] * Avoid reading phone memory on reading SIM (bug #1123).
20100106 - 1.27.90
[-] * Simplify code in FILES smsd service.
[-] * FILES service can send smsbackup messages.
[+] * Configurable outbox format for SMSD/FILES.
[-] * Improve conversion of boolean settings from Python.
[-] * Do not use MPBR/SPBR for other than phone memory (bug #1076).
[-] * Fix crash with unknown CME error (bug #1082).
[-] * Fixed connecting to Onda devices (LP #501025).
[+] * SMSD can terminate itself after defined number of failures.
[-] * Improved decoding of SM30 Nokia messages (bug #1091).
20091222 - 1.27.0
[+] * Initial support for reading Motorola calendar (bug#338).
[-] * Avoid parsing boolean config values all around the code.
[+] * FILES backend of SMSD now support message injecting.
[-] * Ignore duplicate lines in AT reply (bug#1069).
20091212 - 1.26.93
[-] * Add ID for MTK1/MTK2 phones (bug#1051).
[+] * Add DecodePDU to Python bindings.
[+] * Added sample SQL trigger for SMSD polls.
[-] * Display sent SMS time if it is available (bug#1053).
[-] * Added bunch of new testcases.
[-] * Distinguish silent/tone alarms in own backup format.
[-] * Fixed compilation with Clang compiler.
[-] * Fixed handling of SMS memories with Samsung (bug#1063).
[+] * Reporting location based on OpenCellID database (bug#1039).
20091203 - 1.26.92
[-] * Compare full name of config section.
[-] * Add ID for Nokia 6111 (bug#1045).
[-] * Handle CME error 601 (bug#1044).
[+] * Support for reading birthday from Samsung phonebook (bug#1038).
[+] * Report GPRS state when getting network status (bug#1023).
[-] * Fix reading of Siemens phonebook (bug#1046).
[+] * Make gammu error codes map to GSM_Error.
[-] * Various code cleanups.
[-] * Add ID for Huawei E169.
20091119 - 1.26.91
[-] * Fixed parsing of vCards with lowercase types (bug #1006).
[-] * Handle forward references in Nokia phonebook (bug #1009).
[-] * Save timestamp to SMS backup for all messages.
[-] * Store PDU type in SMS backup.
[+] * More flexible handling of exclude/include lists in SMSD.
[+] * Add support for external list of exclude/include numbers (bug#1008).
[-] * Workaround decoding of messages padded by 0xFF by phone.
[-] * Force enabling of OBEX for SE S312 (bug#1016).
[-] * Recognize Motorola A1200 error replies (bug#1019).
[-] * Disable AT/Obex for Motorola A1200e (bug#1019).
[-] * Properly detect if phone does not support AT+MODE (bug#1019).
[-] * Disable AT/Obex for Motorola E790 (bug#1018).
[+] * Add option to filter messages by SMSC (bug#1020).
[-] * Implement retries when waiting for message prompt.
[-] * Fixed logic of detecting incoming calls.
[-] * Fixed loading of non ASCII messages from files in SMSD (bug#1011).
[+] * Added example showing reading of messages.
[-] * Build Windows release with Python 2.6.
[-] * Fixed compilation in MSVC because of missing S_ISDIR.
[-] * Fixed parsing of different Samsung reply (bug#1038).
[-] * Proper error code when SMSC is empty (bug#1032).
[-] * Fixed compilation of python-gammu in MSVC.
20091012 - 1.26.90
[-] * Fixed parsing of SMS with empty recipient (bug #998).
[-] * Correct setting of time on Huawei phones.
[+] * Addnew command can now change memory type being used.
[-] * Proper handling of locations and memory type in vCards.
[-] * Added IDs for several recent Sony-Ericsson phones.
[-] * Fix decoding of phone numbers in some cases (bug #999).
[-] * Replace MD5 implementation with public domain one (bug #964).
[-] * Huawei E17X has broken UCS-2, do not use it (bug #962).
[-] * Do not fail if phone does not support extended SMS params (bug #927).
[+] * Added support for Samsung calendar (bug #839).
[-] * Do not choke on OK in message text.
[-] * Add ID of Nokia 6020b (bug #1004).
[-] * Fix decoding of SMS with extended characters.
[-] * Fixed handling of DCT4 specific functions.
[-] * Add workaround for especially broken Ubinetics GDC201.
- added --with-trust-uds-cred which uses getsockopt() to fetch and
trust the client uid, bypassing password lookups - patch by Anton
Lundin <glance@acc.umu.se>
- missing closedir() causing memory leak - patch by Anton Lundin
<glance@acc.umu.se>
- sending a break signal over IPMI was broken - based on patch by
Alexander Y. Fomichev <git.user@gmail.com>
- IPv6 support (marked as experimental at this point because it's
untested (except by the author), there's a lack of documentation, and
I'm hoping for non-getifaddrs() system support) - patch by Milos
Vyletel <milos.vyletel@gmail.com>
- no more K&R compiler support
version 8.1.20 (Apr 4, 2014):
- IPMI serial over LAN support via FreeIPMI - based on patch by Anton
D. Kachalov <mouse@yandex-team.ru>
- minor cleanup of code, removal of gcc warnings and such that should
have no fuctional change
version 8.1.19 (Sep 26, 2013):
- prevent select/read loop when EOF on non-pty input (console) -
reported by Chris Marget <chris@marget.com>
- "!" syntax prefixing use of group names not honored - reported by
Zonker <consoleteam@gmail.com>
- fixed memory leak using timestamps - patch by Karvendhan M.
<Karvendhan.M@netapp.com>
- deprecated --with-cycladests (noop now) - cross-compilation should
work without it as autologin now expects setpgrp() to take two
arugments instead of testing for it
- no automatic checks for an empty password when using PAM
authentication - based on discussion with Ryan Kirkpatrick
<linux@rkirkpat.net>
- added 'sslcacertificatefile' and 'sslcacertificatepath' client
configuration options - based on patch by Aki Tuomi <cmouse@cmouse.fi>
- added 'sslcacertificatefile' and 'sslreqclientcert' server
configuration options
- added --with-req-server-cert to force clients to require a certificate
from the server when using SSL - based on emails with Thor Simon
<tls@coyotepoint.com>
- added server-side tasks (see conserver.cf man page) that are invoked
by the client (useful for things like IPMI-based power control of
servers, invoking resets of terminal server ports, or anything else
that requires scripting) - ideas from patch by Anton Lundin
<glance@acc.umu.se> and discussion on mailing list (2011)
- added 'confirm' option to break sequences
- added 'breaklist' option to limit exposure of break sequences to
consoles
- sending of break signals is now announced to all attached clients
The Asterisk Development Team has announced the release of Asterisk 11.14.0.
The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.32.0.
The release of Asterisk 1.8.32.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0
Thank you for your continued support of Asterisk!
Bugfix release for 0.4.0, notably for:
* issue with the "oss" plug-in
* less warnings when building with Gtk+ 3
DeforaOS Phone 0.4.0 did bring:
* support for Gtk+ 3 (except for the new "video" plug-in)
* new and updated plug-ins and tools
* additional features and interface updates
* as well as improved documentation (manual pages...)
* and additional improvements under the hood (portability, XDG compliance...)
Also drops the dependency on audio/pulseaudio.
The Asterisk Development Team has announced the release of Asterisk 11.13.0.
The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
warnings and ref leaks (Reported by Walter Doekes)
* ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
if ever not able to resolve (Reported by David Herselman)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
* ASTERISK-23577 - res_rtp_asterisk: Crash in
ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
Jay Jideliov)
* ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
by Roman Skvirsky)
* ASTERISK-24301 - Security: Out of call MESSAGE requests
processed via Message channel driver can crash Asterisk
(Reported by Matt Jordan)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.31.0.
The release of Asterisk 1.8.31.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.
Please note that the release of these versions resolves the following security
vulnerability:
* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
Dialplan Configurations
Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-010.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.30.0.
The release of Asterisk 1.8.30.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.30.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.12.0.
The release of Asterisk 11.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23985 - PresenceState Action response does not contain
ActionID; duplicates Message Header (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.12.0
Thank you for your continued support of Asterisk!
pkgsrc change: MAKE_JOBS_SAFE=NO from joerg@
The Asterisk Development Team has announced the release of Asterisk 11.11.0.
The release of Asterisk 11.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23792 - Mutex left locked in chan_unistim.c (Reported
by Peter Whisker)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23824 - ConfBridge: Users cannot be muted via CLI or
AMI when waiting to enter a conference (Reported by Matt Jordan)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23609 - Security: AMI action MixMonitor allows
arbitrary programs to be run (Reported by Corey Farrell)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23844 - Load of pbx_lua fails on sample extensions.lua
with Lua 5.2 or greater due to addition of goto statement
(Reported by Rusty Newton)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23834 - res_rtp_asterisk debug message gives wrong
length if ICE (Reported by Richard Kenner)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23917 - res_http_websocket: Delay in client processing
large streams of data causes disconnect and stuck socket
(Reported by Matt Jordan)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23916 - [patch]SIP/SDP fmtp line may include whitespace
between attributes (Reported by Alexander Traud)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
* ASTERISK-22961 - [patch] DTLS-SRTP not working with SHA-256
(Reported by Jay Jideliov)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.11.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.29.0.
The release of Asterisk 1.8.29.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23667 - features.conf.sample is unclear as to which
options can or cannot be set in the general section (Reported by
David Brillert)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.29.0
Thank you for your continued support of Asterisk!
* Depend on x11/c++-gtk-utils, instead of x11/gtkmm
Changelog:
Version 3.2.13 (11th April 2014)
--------------
Fix API breakage in GTK+-3.12 (the buttons of GtkDialog objects
have been made internal instead of non-internal children of the
action area box) (dialog.h, dialog.cpp).
Put icon in efax and efax-gtk about dialogs (dialogs.cpp).
Replace AC_CONFIG_HEADER macro with AC_CONFIG_HEADERS when
configuring (Samuli Suominen) (configure.ac).
Update build system to automake-1.13.3 (config.guess, config.sub,
depcomp, INSTALL).
Update desktop file (Samuli Suominen) (efax-gtk.desktop).
Version 3.2.12 (1st June 2013)
--------------
Force GType initialisation of GtkEntry for GtkSettings
(mainwindow.cpp).
Correct entry sizing in settings dialog (settings.cpp).
Improve tray icon sizing (tray_icon.cpp).
Permit the program to build against c++-gtk-utils-2.2 (this
requires increasing the c++-gtk-utils-1.2 dependency to 1.2.13,
and increasing the c++-gtk-utils-2.0 dependency to 2.0.1)
(acinclude.m4, README; mainwindow.h, mainwindow.cpp).
Cause bootstrap.sh to build translation files (bootstrap.sh).
Update build system to automake-1.13.1 (configure.ac,
config.guess, config.sub, depcomp, INSTALL, install-sh, missing;
src/Makefile.am; efax/Makefile.am).
Version 3.2.11 (1st January 2013)
--------------
Workaround for a bug in GtkFileChooserDialog in later versions of
gtk+-2.24 (dialogs.cpp).
Change efax-gtk.desktop to meet
http://specifications.freedesktop.org/menu-spec/menu-spec-latest.html
recommendations (efax-gtk.desktop).
Add French translation (Charlie Ledocq) (po/fr.po, LINGUAS).
Version 3.2.10 (21st October 2012)
--------------
Update build system to automake-1.12.1 and autoconf-2.69.
Suppress gtk+-3 deprecation warnings (acinclude.m4).
Set locale even if NLS not set (main.cpp).
Deal better with GtkMessageDialog format string (dialog.cpp).
Use automake silent rules (configure.ac).
Correct icon entry in efax-gtk.desktop file (efax-gtk.desktop).
Simplify file chooser selection code (dialogs.cpp).
Call atexit() instead of glib's now deprecated g_atexit() (the use
of atexit() in this program is entirely safe) (main.cpp).
Remove unnecessary pointer value check in present_prog()
(main.cpp).
Add Spanish translation (Antonio Trujillo) (po/LINGUAS, po/es.po,
po/efax-gtk.pot; mainwindow.cpp).
Update copyright notices (COPYING, README; addressbook.h,
addressbook.cpp, dialogs.h, dialogs.cpp, efax_controller.h,
efax_controller.cpp, fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cp, gpl.h,
helpfile.h, helpfile.cpp, logger.h, logger.cpp, main.cpp,
mainwindow.h, mainwindow.cpp, prog_defs.h, redial_queue.h,
redial_queue.cpp, settings.h, settings.cpp, settings_help.h,
settings_help.cpp, socket_list.h, socket_list.cpp,
socket_notify.h, socket_notify.cpp, socket_server.h,
socket_server.cpp, tray_icon.h, tray_icon.cpp;
utils/cairo_handle.h, utils/icon_info_handle.h,
utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp,
utils/pango_layout_iter_handle.h, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp, utils/sem_sync.h,
utils/tiff_handle.h, utils/toolbar_append_widget.h,
utils/toolbar_append_widget.cpp, utils/tree_path_handle.h,
utils/tree_row_reference_handle.h, utils/utf8_utils.h,
utils/utf8_utils.cpp;
efax-gtk-faxfilter/efax-gtk-socket-client.cpp.
Update documentation (README).
Update configuration scripts (acinclude.m4).
Version 3.2.9 (21st December 2011)
-------------
Have a hard dependency on c++-gtk-utils-1.2 >= 1.2.7 or
c++-gtk-utils-2.0 >= 2.0.0-rc1, so that C++0x/11 can be more
easily supported, and maintainability is improved (README,
acinclude.m4, configure.ac, src/Makefile.am,
src/utils/Makefile.am, po/POTFILES.in; delete src/internal
directory and its contents.)
Make the settings help dialogs of a reasonable size with GTK+3
(settings_help.cpp).
Permit IPv6 addresses to be specified with a wildcard and only
one, or no, ':' character (socket_server.cpp).
Explicitly set shadow type of fax input frame (mainwindow.cpp).
Change library linking order (src/Makefile.am and
efax/Makefile.am).
Remove unnecessary configure checks (acinclude.m4, configure.ac
and src/Makefile.am)
Upgrade gettext to version 0.18 and include m4 macros
(po/Makefile.in.in, po/Rules-quot, m4 directory, Makefile.am).
Add proper header checks at configuration time (configure.ac).
Version 3.2.8 (30th March 2011)
-------------
Permit IPv6 addresses in domain name form as well as in numeric
format (socket_server.h and socket_server.cpp).
Improve error checking and so suppress gcc-4.6 warning
(mainwindow.cpp; utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version.
Version 3.2.7.1 (16th March 2011)
---------------
Correct style change handling (mainwindow.h, mainwindow.cpp).
Update comments in efax-gtkrc on "SOCK_OTHER_ADDRESSES:" for IPv6
(efax-gtkrc).
Version 3.2.7 (14th March 2011)
-------------
Change default gtk target to gtk+3, and permit
--with-gtk-version=gtk2 and --with=gtk-version=gtk3 as well as
--with-gtk-version=gtk+2 and --with=gtk-version=gtk+3
(acinclude.m4, README).
Provide option for server to accept IPv6 connections (efax-gtkrc;
prog_defs.h, main.cpp, mainwindow.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_server.h and
socket_server.cpp).
Use GtkStyleContext for a GTK+3 compile (acinclude.m4;
addressbook.cpp, dialogs.h, dialogs.cpp, fax_list.cpp,
fax_list-manager.cpp, helpfile.cpp, logger.cpp, main.cpp,
mainwindow.h and mainwindow.cpp).
Correct non-sh-ism in configuration files (acinclude.m4).
Include efax-gtk.png icon in rpm spec file (efax-gtk.spec.in).
Minor adjustments to MonoTiffPrintManager implementation
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Provide some explicit casts for std::pair constructor required by
C++0x (dialogs.cpp, fax_list.cpp, file_list.cpp, socket_list.cpp).
Provide compile option for c++-gtk-utils-2.0 (acinclude.m4,
README; efax_controller.cpp, fax_list.cpp, gpl.h, logger.cpp,
socket_server.h and socket_server.cpp).
Surpress warning about std::auto_ptr being deprecated when
compiling under C++0x (acinclude.m4).
Upgrade internal c++-gtk-utils version to 1.2.12 (and also adjust
the configuration files for that (acinclude.m4, configure.ac;
src/internal/c++-gtk-utils/Makefile.am)).
Version 3.2.6 (13th November 2010)
-------------
Do not require dbus-glib where glib >= 2.26 is installed
(acinclude.4, configure.ac, src/Makefile.am,
src/internal/c++-gtk-utils/Makefile.am with upgraded
c++-gtk-utils).
Fixes for gtk+-2.91 (acinclude.m4, addressbook.cpp, dialogs.cpp,
fax_list.cpp, fax_list_manager.cpp, helpfile.cpp, logger.cpp,
main.cpp, mainwindow.h, mainwindow.cpp, settings.cpp and
socket_notify.cpp).
Improve widget sizing for widgets displaying text
(efax_controller.h, mainwindow.h and mainwindow.cpp).
Fix compilation error with gtk+-2.12 (mainwindow.cpp).
Remove anachronistic comment (utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version to 1.2.7.
Version 3.2.5 (13th October 2010)
-------------
Fix segfault when printing faxes with cairo-1.10
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Use cairo rather than the GDK drawing functions to draw the
indicator of whether there are print jobs from the socket to be
faxed (mainwindow.h, mainwindow.cpp and utils/cairo_handle.h).
Use gtk_tree_view_convert_bin_window_to_widget_coords() instead of
gtk_widget_get_pointer() in order to obtain the pointer position
in widget co-ordinates for tree view motion notify events
(fax_list_manager.cpp).
Modify argument handling for efax message functions to avoid an
invalid double call to vfprintf() on the same va_list value (this
bug is triggered on some systems when using the 'fax' script but
does not directly affect efax-gtk) (efax/efaxmsg.c, efax/PATCHES).
Upgrade internal c++-gtk-utils version to 1.2.6.
Version 3.2.4 (2nd August 2010)
-------------
Fix uncaught exception where a file to be faxed is not in valid
postscript/PDF format (efax_controller.cpp).
Include the former gnome stock_send-fax icon as the standard icon
for efax-gtk (Makefile.am, efax-gtk.desktop, efax-gtk.png,
AUTHORS; main.cpp).
Use XkbBell() rather than XBell() where available (acinclude.m4,
main.cpp).
Include pkg-config test for x11.pc, if available (acinclude.m4 and
src/Makefile.am).
Further build fixes for Debian Hurd (src/efax_controller.cpp and
src/fax_list.cpp; efax/efaxmsg.c).
Update Hungarian translation (László Csordás) (hu.po and
mainwindow.cpp).
Remove redundant anonymous namespace for callbacks with C linkage
(addressbook.h, addressbook.cpp, dialogs.h, dialogs.cpp,
fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cpp, helpfile.h,
helpfile.cpp, logger.h, logger.cpp, mainwindow.h, mainwindow.cpp,
redial_queue.h, redial_queue.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_list.h,
socket_list.cpp, socket_notify.h, socket_notify.cpp, tray_icon.h,
tray_icon.cpp, utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp).
Correct linkage specification of present_prog() (main.cpp).
Use Cgu::start_timeout_seconds() rather than Cgu::start_timeout()
where available (fax_list_manager.cpp, logger.cpp).
Remove redundant comments (prog_defs.h,
utils/toolbar_append_widget.cpp).
Upgrade internal c++-gtk-utils version to 1.2.4.
numerous general bugs. The vulnerabilities fixed are: AST-2014-001,
AST-2014-002, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
The security patches for AST-2014-007 have been updated with the
fix for the regression, and are available at
http://downloads.asterisk.org/pub/security
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or
HTTPS port respectively in http.conf and then not sending or
completing a HTTP request will tie up a HTTP session. By doing
this repeatedly until the maximum number of open HTTP sessions
is reached, legitimate requests are blocked.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.28.0.
The release of Asterisk 1.8.28.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
* ASTERISK-23650 - Intermittent segfault in string functions
(Reported by Roel van Meer)
Improvements made in this release:
-----------------------------------
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.28.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.27.0.
The release of Asterisk 1.8.27.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23382 - [patch]Build System: make -qp can corrupt
menuselect-tree and related files (Reported by Corey Farrell)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.27.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.26.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.26.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
Improvements made in this release:
-----------------------------------
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.26.0
Thank you for your continued support of Asterisk!
with general bug fixes. The security issues fixed are: AST-2014-001,
AST-2014-002, AST-2014-006, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP request
will tie up a HTTP session. By doing this repeatedly until the maximum number
of open HTTP sessions is reached, legitimate requests are blocked.
Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the
following issue:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
Manager users can execute arbitrary shell commands with the MixMonitor manager
action. Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is permitted to use
manager commands can potentially execute shell commands as the user executing
the Asterisk process.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.10.0.
The release of Asterisk 11.10.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-23559 - app_voicemail fails to load after fix to
dialplan functions (Reported by Corey Farrell)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23545 - Confbridge talker detection settings
configuration load bug (Reported by John Knott)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-23616 - Big memory leak in logger.c (Reported by
ibercom)
* ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
(Reported by Sebastian Wiedenroth)
* ASTERISK-23550 - Newer sound sets don't show up in menuselect
(Reported by Rusty Newton)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23605 - res_http_websocket: Race condition in shutting
down websocket causes crash (Reported by Matt Jordan)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
'spy', if the spied-on channel makes a new call, unable to
barge. (Reported by Robert Moss)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
Improvements made in this release:
-----------------------------------
* ASTERISK-23649 - [patch]Support for DTLS retransmission
(Reported by NITESH BANSAL)
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.9.0.
The release of Asterisk 11.9.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23034 - [patch] manager Originate doesn't abort on
failed format_cap allocation (Reported by Corey Farrell)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23232 - LocalBridge AMI Event LocalOptimization value
is opposite to what's expected (Reported by Leon Roy)
* ASTERISK-23098 - [patch]possible null pointer dereference in
format.c (Reported by Marcello Ceschia)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23279 - [patch]Asterisk doesn't support the dynamic
payload change in rtp mapping in the 200 OK response (Reported
by NITESH BANSAL)
* ASTERISK-23255 - UUID included for Redhat, but missing for
Debian distros in install_prereq script (Reported by Rusty
Newton)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23336 - Asterisk warning "Don't know how to indicate
condition 33 on ooh323c" on outgoing calls from H323 to SIP peer
(Reported by Alexander Semych)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-22911 - [patch]Asterisk fails to resume WebRTC call
from hold (Reported by Vytis Valentinavičius)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-21930 - [patch]WebRTC over WSS is not working.
(Reported by John)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-20149 - Crash when faxing SIP to SIP with strictrtp set
to yes (Reported by Alexandr Gordeev)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23311 - Manager - MoH Stop Event fails to show up when
leaving Conference (Reported by Benjamin Keith Ford)
* ASTERISK-23420 - [patch]Memory leak in manager_add_filter
function in manager.c (Reported by Etienne Lessard)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-23461 - Only first user is muted when joining
confbridge with 'startmuted=yes' (Reported by Chico Manobela)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23103 - [patch]Crash in ast_format_cmp, in ao2_find
(Reported by JoshE)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
* ASTERISK-23460 - ooh323 channel stuck if call is placed directly
and gatekeeper is not available (Reported by Dmitry Melekhov)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
* ASTERISK-23099 - [patch] WSS: enable ast_websocket_read()
function to read the whole available data at first and then wait
for any fragmented packets (Reported by Thava Iyer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.9.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.8.0.
The release of Asterisk 11.8.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
Asterisk to Chrome (Reported by Shaun Clark)
* ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
DTMF menus in ConfBridge (processed as directive) (Reported by
Nicolas Tanski)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
Melekhov)
* ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
"WIMPy" Harzenetter)
* ASTERISK-22942 - [patch] - Asterisk crashed after
Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
Improvements made in this release:
-----------------------------------
* ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
When Running "sip show peers" (Reported by Michael L. Young)
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22919 - core show channeltypes slicing (Reported by
outtolunc)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
Thank you for your continued support of Asterisk!
Changes since version 0.4:
0.7, 20130330 - jeagle
Add ability to allow users to specify their own frame allocation routines.
Update API mode 2 with latest version from jdodgen
0.6, 20120624 - jeagle
Update documentation.
Add support for API mode 2 escapes. Needs testing.
Add constant for the "BD" baud rate table.
0.5, 20120401 - jeagle
Add support for Win32::SerialPort to enable Windows support. (Thanks Jerry)
Fix issue with tx() in async mode. (Thanks Vicente)
Add support for "explicit rx indicator" packets. (Thanks Vicente)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
These releases are maintenance releases, and do not contain any new
features or functionality, but only contain bugfixes:
* Re-order library files in fchmod() configure check
* faxalter: Wire up the nissing page range -Z options
* man: JobReqError/JobRetryError were missing in hylafax-config.4
* typerules: adding missing comma to typeNames array
* Do not warn about one of the Fontpath directories not existing
* Reworked how faxsetup looks for Fontmap
* Use a private Fontmap.HylaFAX file of .pfb files
* Combine all Fontmap files in memory, including new Fontmap.HylaFAX
* Bug 934: We need to avoid a 0-index in playList
* hfaxd: Eliminte extraneous debug logging
* hfaxd: Make source port for active connections be ctrl port - 1
* hfaxd: Release old accept fd
* Support libtiff 4.0
* faxsend: JobRetryOther/JobRequeueOther weren't actually being used
* Make sure not to cut faxq FIFO messages in two when reaching end of buffer
* hfaxd: Port is network byte order, correct logging of it
This fixes abuild failure when a version of the package is already
installed.
Not bumping PKGREVISION because the resulting package should be unchanged.
Revision history for Perl extension Device::Modem.
1.57 Sun Jan 26 11:36:11 CET 2014
- Added a "handshake" option to the connect() method.
Allowed values are "xoff", "rts" or "none" (default).
Thanks to Ezio Bonsi for suggesting the idea.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Version 2.7 2013-10-17
---------------------------
- Win32: setRTS and setDTR can be called before the port is opened and it will
set the initial state on port open.
- Posix: add platform specific method: outWaiting (already present for Win32)
- Posix: rename flowControl to setXON to match name on Win32, add
flowControlOut function
- rfc2217: zero polls value (baudrate, data size, stop bits, parity) (Erik
Lundh)
- Posix: [Patch pyserial:28] Accept any speed on Linux [update]
- Posix: [Patch pyserial:29] PosixSerial.read() should "ignore" errno.EINTR
- OSX: [Patch pyserial:27] Scan by VendorID/Product ID for USB Serial devices
- Ensure working with bytes in write() calls
Bugfixes:
- [Bug 3540332] SerialException not returned
- [Bug pyserial:145] Error in socket_connection.py
- [Bug pyserial:135] reading from socket with timeout=None causes TypeError
- [Bug pyserial:130] setup.py should not append py3k to package name
- [Bug pyserial:117] no error on lost conn w/socket://
Bugfixes (posix):
- [Patch 3462364] Fix: NameError: global name 'base' is not defined
- list_ports and device() for BSD updated (Anders Langworthy)
- [Bug 3518380] python3.2 -m serial.tools.list_ports error
- [Bug pyserial:137] Patch to add non-standard baudrates to Cygwin
- [Bug pyserial:141] open: Pass errno from IOError to SerialException
- [Bug pyserial:125] Undefined 'base' on list_ports_posix.py, function usb_lsusb
- [Bug pyserial:151] Serial.write() without a timeout uses 100% CPU on POSIX
- [Patch pyserial:30] [PATCH 1/1] serial.Serial() should not raise IOError.
Bugfixes (win32):
- [Bug 3444941] ctypes.WinError() unicode error
- [Bug 3550043] on Windows in tools global name 'GetLastError' is not defined
- [Bug pyserial:146] flush() does nothing in windows (despite docs)
- [Bug pyserial:144] com0com ports ignored due to missing "friendly name"
- [Bug pyserial:152] Cannot configure port, some setting was wrong. Can leave
port handle open but port not accessible
The Asterisk Development Team has announced the release of Asterisk 1.8.25.0.
The release of Asterisk 1.8.25.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- chan_sip: Fix an issue where an incompatible audio format may be
added to SDP.
* --- cdr_adaptive_odbc: Also apply a filter when the CDR value is
empty.
* --- app_queue: Fix Queuelog EXITWITHKEY only logging two of four
fields
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.25.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.7.0.
The release of Asterisk 11.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_confbridge: Can now set the language used for announcements
to the conference.
* --- app_queue: Fix CLI "queue remove member" queue_log entry.
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007, and a minor bug fix update.
pkgsrc change: disable SRTP on NetBSD as it doesn't link
---- 11.6.1 ----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
----- 11.6.0 -----
The Asterisk Development Team has announced the release of Asterisk 11.6.0.
The release of Asterisk 11.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Confbridge: empty conference not being torn down
(Closes issue ASTERISK-21859. Reported by Chris Gentle)
* --- Let Queue wrap up time influence member availability
(Closes issue ASTERISK-22189. Reported by Tony Lewis)
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
(Closes issue ASTERISK-21117. Reported by Rafael Angulo)
* --- chan_iax2: Fix saving the wrong expiry time in astdb.
(Closes issue ASTERISK-22504. Reported by Stefan Wachtler)
* --- Fix segfault for certain invalid WebSocket input.
(Closes issue ASTERISK-21825. Reported by Alfred Farrugia)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.24.0.
The release of Asterisk 1.8.24.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
* --- Fix Not Storing Current Incoming Recv Address
* --- Fix Segfault When Syntax Of A Line Under [applicationmap] Is
Invalid
* --- Tolerate presence of RFC2965 Cookie2 header by ignoring it
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.24.0
Thank you for your continued support of Asterisk!
Changes since 1.8.0:
1.8.1 - 04/05/11
Added a jpilot-merge utility for merging unsynced records into a pdb file
Fixes Debian bug #574030: jpilot: can't delete appointments
Resolve bug 2012 where small months in Postcript printout overlapped a calendar event.
Fix multiple memory leaks all over code base
Added a VCard export format optimized for GMail/Android import
Correct iCal export for repeating events with an end date
Add Category and Location fields to Calendar iCal export
Add categories to left-hand side of Calendar application
Add "cancel sync" button and icon to main jpilot window
use CRLF for ToDo iCal export per RFC
Add new "future" button to repeat appt. modification dialog so that changes only affect future occurrences
Ability to install files directly to SDCARD, hardcoded to /PALM/Launcher/ directory
Keyboard shortcuts to set priority of ToDo items with Alt+# where # is 1-5
Add ability to launch external editor to quickly edit memo or note text. Bound to Ctrl-E.
- Alternative hex output (to be improved)
- Print creation date of serial device file (if < 20 hrs), useful for
identifying just plugged in USB-Serial adapters
- Support ':' (colon) in device path names. Note, that this changes old
behaviour which used ':' as a device path delimiter.
- Several language updates.
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
pkgsrc change: disable detection of broken IP_PKTINFO on NetBSD
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.23.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add work around for NetBSD's incompatible implementation of IP_PKTINFO
- core sounds package was updated to 1.4.24
The Asterisk Development Team has announced the release of Asterisk 1.8.23.0.
The release of Asterisk 1.8.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a memory copying bug in slinfactory which was causing
mixmonitor issues.
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix crash in chan_sip when a core initiated op occurs at the
same time as a BYE
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- chan_sip: Session-Expires: Set timer to correctly expire at
(~2/3) of the interval when not the refresher
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add dependency on libuuid
- work around NetBSD's incompatible implementation of IP_PKTINFO
The Asterisk Development Team has announced the release of Asterisk 11.5.0.
The release of Asterisk 11.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Segfault In app_queue When "persistentmembers" Is Enabled
And Using Realtime
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls
Initiated By PBX
* --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent
out after retries fail
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0
Thank you for your continued support of Asterisk!
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
- improvements to the user interface
- better phone log support
- support for changing the SIM PIN code (via the new "password" plug-in)
- optional "pulseaudio" plug-in (instead of builtin to the "profiles" plug-in)
- fixes to the "video" plug-in
- new manual pages
- more portable Makefiles
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@
Commented 2/3 patches. Added gsed to USE_TOOLS. Buildlink'd pthread. Added
fortran77 to USE_LANGUAGES. Included options.mk file to enable the user to
build with mmx, sse, and "tests" option, which uses pcap, X11, sndfile,
libxml2, fltk, and fftw to run some tests. All of these options are
disabled by default. Some of these changes were already present in
wip/spandsp and were merged into this package after its removal. All
PKG_OPTIONS are disabled by default. There are no noticeable changes to
the package from this update.
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
Added libgcrypt support
Added support for Calendar app
Export function for KeyRing data
Overhaul of Expense plugin
Overhaul VCARD export including adding IM, Birthday, Website fields
GUI changes: ToDo items due today are marked by a soft green color
GUI changes: new alarm clock and lock icons
GUI changes: radio buttons to select between timed and untimed events
Fixed Mac OS X bugs/crash
Resolve segmentation fault when editing Contacts with attached pictures
Resolve error where Contacts created on Palm could not be deleted with Jpilot
Resolve sync error with simultaneously modified Contacts
Fix Bug 1991 : Categories are lost during first sync
The Asterisk Development Team has announced the release of Asterisk 11.4.0.
The release of Asterisk 11.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Fix StopMixMonitor Hanging Up When Unable To Stop MixMonitor On
A Channel
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix white noise on SRTP decryption
* --- Fix reload skinny with active devices.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.22.0.
The release of Asterisk 1.8.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Make ParkAndAnnounce return to priority + 1 when return context
is not defined
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix several unreleased mutex locks that cause problem with
processing calls
* --- Fix crash when AMI redirect action redirects two channels out of
a bridge.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.22.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.3.0.
The release of Asterisk 11.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Retain XMPP filters across reconnections so external modules
continue to function as expected.
* --- Ensure that a declined media stream is terminated with a '\r\n'
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.3.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.21.0.
The release of Asterisk 1.8.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix station ringback; trunk hangup issues in SLA
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Fix Record-Route parsing for large headers.
* --- Fix AMI redirect action with two channels failing to redirect
both channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.21.0
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
pkglint warnings aren't gospel! They need to be verified in an
intelligent manner. After variable substitution, the lines will
be shorter then 80 characters, thus there was no need to shorten
them.
COMMENT should not be longer than 70 characters.
COMMENT should not begin with 'A'.
COMMENT should not begin with 'An'.
COMMENT should not begin with 'a'.
COMMENT should not end with a period.
COMMENT should start with a capital letter.
pkglint warnings. Some files also got minor formatting, spelling, and style
corrections.
There is a new maintainer, Hendrik Sattler and the sources are held
at gitorius.org. Build is changed to CMake and although it does not appear
in the ChangeLog below, I forwarded all the NetBSD related patches that
pkgsrc had (and more in fact, to get it working) although I would still say
that obexapp is the better program.
From the ChangeLog:
ObexFTP 0.24 (released 2013-03-05)
----------------------------------
* Maintainer changed from Christian to Hendrik
* change build system to using CMake
* integrate obexfs-0.12
* fix build for OpenOBEX-1.7
ObexFTP 0.23 (released 2009-02-17)
----------------------------------
* allow win32 to use hci src names
* adding a simpler connect wrapper
* show OBEX_HandleInput errors
* catch errors and let the user know
* print timeout stats if available
* sdp unregister more verbose
* upgrading btkit
* fix for win32 without bt
* replacing deprecated automake vars
* sizeof() fixes
* removing bdaddr_t reference from obexftpd.c
* adding bootstrap helper
* concurrency bug in extconf.rb generated Makefile (fix by Alin Năstac)
* switching from POD to asciidoc
* clearing gnu-style implicit rules
ObexFTP 0.22 (released 2008-06-15)
----------------------------------
* added proper unicode support
* added support for transparent OBEX-over-AT mode
* rewritten at-command function
* added specific error messages
* refactored to flexible bt_kit layer
* fixed cache root duplicates
* fixed off-by-one and unfreed mem in cache layer
* added pkg-config file
* added example code
* switched to doxygen
* added python binding callbacks
* portable packed structs
* enabled linux hci dev names for source selection
* Python binding uses distutils now, tested by Adam Williamson
* removed exit from bt discovery
* Better autodetection for possible language bindings
* reworked win32 support
* Motorola SLVR L2 cobex fix by Andrey Rahmatullin
* now using AC_HELP_STRING for compat with autoconf <=2.57
* added hci selection support, drafted by Manuel Naranjo
* switched obexftp cli to new discovery api
* prefer PCSUITE over FTP, req. by Martin Storsjö for Series 60 2nd Ed.
* fixed compile error with >=swig-1.3.28
* renamed sdp browse function
* fixed month/day swapping in atotime, spotted by Dr. Johannes Zellner
* added BFC compatibility for newer Siemens phones
* added PCSOFTWARE uuid support for SHARP phones
* added motorola support
* end bfb mode properly
* added CPROT=0 support from 3GPP 27.007
* fixed ericsson init
* fixed invalid conn_id in disconnect rep. by Alan J. McFarlane
* better create flag handling in setpath
* Changed LDADD to LIBADD sug. by Sergey Vlasov <vsu@altlinux.ru>
* obexftpd clean up by Hendrik Sattler
* 64-bit fixes by Hendrik Sattler
* Removed all (dangerous) obex_headerdata_t casts
* Reorganized all swig-dependant Makefiles
* Applied cobex write patch from Simon Ruggier <Simon80@gmail.com>
* Applied from Frode Isaksen <fisaksen@bewan.com>
ObexFTP 0.21 (released 2006-06-27)
----------------------------------
2006-05-26 Christian W. Zuckschwerdt <zany@triq.net>
* Fixes to obexftpd suggested by Hendrik Sattler
2006-05-24 Christian W. Zuckschwerdt <zany@triq.net>
* Added ruby binding
* Added preliminary discovery function
and the sources are now stored at gitorius.org. The build system is changed
to CMake
From the ChangeLog:
ver 1.7:
Add support for CMake config files
Internal code reorganisation and rewrite
Add new function set for better control than OBEX_HandleInput():
* OBEX_SetTimeout(),
* OBEX_Work() and
* OBEX_GetDataDirection()
ver 1.6:
Change ABI from 1 to 2 because:
* Redo the USB changes from version 1.4
* Remove InOBEX_* function, use the TcpOBEX_* functions instead
* Remove the simple Unicode<->ASCII functions
Add support for Single Response Mode
Add manpages for all example applications
Add udev support
Add new example app to find IrDA and USB OBEX devices
Add fixes for FreeBSD
Add support for libusb-1.x
Add support for close-on-exec
RXTX is a Java library, using a native implementation (via JNI), providing
serial and parallel communication for the Java Development Toolkit (JDK).
It is based on the specification for Sun's Java Communications API, though
while many of the class descriptions are the same the package used it not,
since gnu.io is used instead. A certain amount of compatibility is intended
with API, though this project should be considered as a fork and therefore
compatible in spirit, but not in implementation.
----- 11.2.1:
The Asterisk Development Team has announced the release of Asterisk 11.2.1.
The release of Asterisk 11.2.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.1
Thank you for your continued support of Asterisk!
----- 11.2.0:
The Asterisk Development Team has announced the release of Asterisk 11.2.0.
The release of Asterisk 11.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Add missing support for "who hung up" to chan_motif.
* --- Remove a fixed size limitation for producing SDP and change how
ICE support is disabled by default.
* --- Fix chan_sip websocket payload handling
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0
Thank you for your continued support of Asterisk!
----- 10.12.1
The Asterisk Development Team has announced the release of Asterisk 10.12.1.
The release of Asterisk 10.12.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.1
Thank you for your continued support of Asterisk!
----- 10.12.0
The Asterisk Development Team has announced the release of Asterisk 10.12.0.
The release of Asterisk 10.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Improve Code Readability And Fix Setting natdetected Flag
* --- Fix extension matching with the '-' char.
* --- Fix call files when astspooldir is relative.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0
Thank you for your continued support of Asterisk!
----- 1.8.20.1
The Asterisk Development Team has announced the release of Asterisk 1.8.20.1.
The release of Asterisk 1.8.20.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.1
Thank you for your continued support of Asterisk!
----- 1.8.20.0
The Asterisk Development Team has announced the release of Asterisk 1.8.20.0.
The release of Asterisk 1.8.20.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Improve Code Readability And Fix Setting natdetected Flag
* --- Fix extension matching with the '-' char.
* --- Fix call files when astspooldir is relative.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.20.0
Thank you for your continued support of Asterisk!
and AST-2012-015. Apparently the last update didn't completely
fix the issues.
The Asterisk Development Team has announced a security release for
Asterisk 11, Asterisk 11.1.2. This release addresses the security
vulnerabilities reported in AST-2012-014 and AST-2012-015, and
replaces the previous version of Asterisk 11 released for these
security vulnerabilities. The prior release left open a vulnerability
in res_xmpp that exists only in Asterisk 11; as such, other versions
of Asterisk were resolved correctly by the previous releases.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions. The vulnerabilities in SIP and HTTP were corrected in a prior
release of Asterisk; the vulnerability in XMPP is resolved in this release.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of. Handling the cachability of device states
aggregated via XMPP is handled in this release.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk - and we apologize for having
to do this twice!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
Note that Asterisk 10.* will be going into security fix only mode
on Dec. 15th, 2012. Users may wish to consider moving to one of
the Long Term Support versions: comms/asterisk18 (Asterisk 1.8.*)
or comms/asterisk (which currently has Asterisk 11.*). See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions for
information on Asterisk versions.
----- 10.11.0:
The Asterisk Development Team has announced the release of Asterisk 10.11.0.
The release of Asterisk 10.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Do not use a FILE handle when doing SIP TCP reads.
* --- Fix ConfBridge crash if no timing module loaded.
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix execution of 'i' extension due to uninitialized variable.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.11.0
Thank you for your continued support of Asterisk!
----- 10.10.1:
The Asterisk Development Team has announced the release of Asterisk 10.10.1.
The release of Asterisk 10.10.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- chan_local: Fix local_pvt ref leak in local_devicestate().
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.1
Thank you for your continued support of Asterisk!
----- 1.8.19.0:
The Asterisk Development Team has announced the release of Asterisk 1.8.19.0.
The release of Asterisk 1.8.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Do not use a FILE handle when doing SIP TCP reads.
* --- Fix execution of 'i' extension due to uninitialized variable.
* --- Ensure that the Queue application tracks busy members in off
nominal situations
* --- Properly extract the Body information of an EWS calendar item
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.19.0
Thank you for your continued support of Asterisk!
----- 1.8.18.1:
The Asterisk Development Team has announced the release of Asterisk 1.8.18.1.
The release of Asterisk 1.8.18.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- chan_local: Fix local_pvt ref leak in local_devicestate().
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.18.1
Thank you for your continued support of Asterisk!
Relevant ChangeLog entries since 2.5:
* src/main.c, src/minicom.c: iconv: Handle the case that iconv
did not convert anything. Reported by Mike Crowe, Debian #659351.
* src/ipc.c: Formatting cleanup.
* src/main.c: ETIME -> ETIMEDOUT as ETIME is not available on BSDs
* src/main.c: Fix invalid memory used, reported by Larry Baker
* src/config.c, src/rwconf.c: Do not set modem init and reset string
anymore, define them empty. Instead, when editing those offer
them as a default.
* src/minicom.h, src/main.c, src/dial.c: only update statusline
if there's a change (e.g. for updates times)
* src/updown.c: Flush before forking helper program,
patch by Domen Puncer, thanks!
* src/minicom.c, src/minicom.h, src/vt100.c: Add timestamps with
milliseconds, based on patch by Rapha�l Ass�nat, thanks!
* src/dial.c, src/minicom.c, src/main.c: Cleanups. Print
basename of current device to statusline if online time is disabled.
* configure.in, src/Makefile.am, src/main.c, src/minicom.c,
src/minicom.h, src/updown.c: Add lockdev support,
by Ludwig Nussel <ludwig.nussel@suse.de>
* src/dial.c: add a dialdir version 6 which does not save the
pointer on disk and should now work on 32 and 64 bit
systems equally.
* configure.in: Use AM_ICONV_LINK...
* src/script.c: Fix a buffer overflow problem. Thanks Frederic Germain.
* src/minicom.c: Do not use iconv-functions if iconv is not available.
* src/config.c, src/main.c, src/vt100.c, src/vt100.h: Add transmit
delay for every character, based on patch by Nicolas PILLON.
* src/config.c: Do not extend tilde to home directory for
non-path arguments. Debian bug #621741
* configure.in, src/Makefile.am: Add workaround and then use
libiconv for linking, fixes build issue on Mac OS X.
* src/main.c: Increase serial port open timeout, by
Lubomir Rintel
* src/main.c: Set sensible errno if port open times out,
by Lubomir Rintel
* src/help.c: Help fix for timestamp toggle by Mark Einon
* src/minicom.c: Code consolidation.
* src/minicom.c, src/minicom.h, src/vt100.c, man/minicom.1: Make
line timestamps three value: every line, every second, and off.
* man/minicom.1: Wording fix.
* src/vt100.c: Cleanups: Delete everything that was in OLD blocks.
Do not explicitly set global variables to 0.
* src/vt100.c, man/minicom.1: Change timestamp style, prepend every
line. Add in manpage.
* src/dial.c src/help.c src/ipc.c src/minicom.c src/minicom.h
src/vt100.c src/vt100.h: Addition by Mark Einon
<mark.einon@gmail.com> to add current date/time to each line.
* src/file.c: Only enter directory if we have read permissions to
get directory listings, by Jan Görig.
* src/file.c, src/getsdir.c: Cleanup and simplify.
* man/runscript.1, man/minicom.1: Fixes by John Bradshaw
* src/main.c: Avoid redraw of status line in Offline mode when
nothing changed.
* src/minicom.c: Do not lose line wrap setting over terminal resizes.
* src/main.c: Simplify status line update, also makes status
messages display the amount of time they are actually supposed
to display.
As this is a major release, you should read the information about updating:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
You can also find documentation in: /usr/pkg/share/doc/asterisk
----- 11.1.0:
The Asterisk Development Team has announced the release of Asterisk 11.1.0.
The release of Asterisk 11.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix execution of 'i' extension due to uninitialized variable.
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Fix ConfBridge crash if no timing module loaded.
* --- Fix the Park 'r' option when a channel parks itself.
* --- Fix an issue where outgoing calls would fail to establish audio
due to ICE negotiation failures.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.1.0
----- 11.0.1:
The Asterisk Development Team has announced the release of Asterisk 11.0.1.
The release of Asterisk 11.0.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- chan_sip: Fix a bug causing SIP reloads to remove all entries
from the registry
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix an issue with res_http_websocket where the chan_sip
WebSocket handler could not be registered.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1
Thank you for your continued support of Asterisk!
----- 11.0.0:
The Asterisk Development Team is pleased to announce the release of
Asterisk 11.0.0.
Asterisk 11 is the next major release series of Asterisk. It is a Long Term
Support (LTS) release, similar to Asterisk 1.8. For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
For important information regarding upgrading to Asterisk 11, please see the
Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11
A short list of new features includes:
* A new channel driver named chan_motif has been added which provides support
for Google Talk and Jingle in a single channel driver. This new channel
driver includes support for both audio and video, RFC2833 DTMF, all codecs
supported by Asterisk, hold, unhold, and ringing notification. It is also
compliant with the current Jingle specification, current Google Jingle
specification, and the original Google Talk protocol.
* Support for the WebSocket transport for chan_sip.
* SIP peers can now be configured to support negotiation of ICE candidates.
* The app_page application now no longer depends on DAHDI or app_meetme. It
has been re-architected to use app_confbridge internally.
* Hangup handlers can be attached to channels using the CHANNEL() function.
Hangup handlers will run when the channel is hung up similar to the h
extension; however, unlike an h extension, a hangup handler is associated with
the actual channel and will execute anytime that channel is hung up,
regardless of where it is in the dialplan.
* Added pre-dial handlers for the Dial and Follow-Me applications. Pre-dial
allows you to execute a dialplan subroutine on a channel before a call is
placed but after the application performing a dial action is invoked. This
means that the handlers are executed after the creation of the callee
channels, but before any actions have been taken to actually dial the callee
channels.
* Log messages can now be easily associated with a certain call by looking at
a new unique identifier, "Call Id". Call ids are attached to log messages for
just about any case where it can be determined that the message is related
to a particular call.
* Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in
Asterisk. Unlike traditional ACLs defined in specific module configuration
files, Named ACLs can be shared across multiple modules.
* The Hangup Cause family of functions and dialplan applications allow for
inspection of the hangup cause codes for each channel involved in a call.
This allows a dialplan writer to determine, for each channel, who hung up and
for what reason(s).
* Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE()
lets you set some of the configuration options from the general section
of features.conf on a per-channel basis. FEATUREMAP() lets you customize
the key sequence used to activate built-in features, such as blindxfer,
and automon.
* Support for DTLS-SRTP in chan_sip.
* Support for named pickupgroups/callgroups, allowing any number of pickupgroups
and callgroups to be defined for several channel drivers.
* IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework.
More information about the new features can be found on the Asterisk wiki:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation
A full list of all new features can also be found in the CHANGES file.
http://svnview.digium.com/svn/asterisk/branches/11/CHANGES
For a full list of changes in the current release, please see the ChangeLog.
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.0.0
Thank you for your continued support of Asterisk!
the environment's SHELL to be patched into a dozen or so installed scripts,
instead of a bourne-like shell. Needed after 1.13 of patches/patch-ab (fix
for building on Solaris). Sh scripts don't work well with /bin/tcsh...
Bump revision to recognize whether the fixed one is installed.
LIRC is a package that supports receiving and sending IR signals of
the most common IR remote controls. It contains a daemon that decodes
and sends IR signals, a mouse daemon that translates IR signals to
mouse movements and a couple of user programs that allow to control
your computer with a remote control.
Tested on RHEL.