This release contains a fix for a security vulnerability recently
found in the chan_skinny channel driver (for Cisco SCCP phones).
This vulnerability would enable an attacker to remotely execute
code as the system user running Asterisk (frequently 'root').
The exploit does not require that the skinny.conf contain any
valid phone entries, only that chan_skinny is loaded and operational.
This release also contains a number of bug fixes, and some improvements
to the chan_sip channel driver (for SIP devices) to mitigate the impacts
of a certain class of denial-of-service attacks that have recently been
published.
All Asterisk 1.2 users are urged to update to this release if they use
the chan_skinny channel driver, or to stop loading it if it is not
needed ('noload=>chan_skinny.so' in modules.conf will cause this behavior).
Asterisk 1.2.11 includes a number of bug fixes, along with an update
to the chan_misdn driver for mISDN devices.
Asterisk 1.2.12 includes a number of bug fixes, including fixes for
two regressions that occurred in the 1.2.11 release. Specifically,
the AGI 'GET VARIABLE' command has now gone back to its previous
behavior, and CDR records now reflect the CallerID number instead
of ANI in the situations that this was the case in earlier 1.2 releases.
* Number of bug fixes
* New option to help to avoid a potential denial of service in IAX2 channel driver
* Support for TE407P and TE412P quad T1/E1 interface cards
* apps/app_page.c: oops... let's not set a variable and then
immediately overwrite it while assuming its old value will
magically return
* pbx.c: Bug 6957 - variable names beginning with CALLERID weren't
substituted correctly
* channels/chan_zap.c: disable buggy PRI user-user code until it
can be fixed
* channels/chan_sip.c: Issue 6182 - Don't remove scheduled event
until it's really done.
* channels/chan_sip.c: Issue 6362 - Register without Contact: and
Expires: fails
* ast_expr2.h, ast_expr2f.c, ast_expr2.c: Bug 6072 - Revisions to
the source bison and flex files don't auto-regenerate these files
* channels/chan_zap.c: fix problem with dtmf on e&m (issue #6364)
* channels/chan_sip.c: Issue 5898: Registrations does not get
deleted if there's an active SIP dialog
* channels/chan_sip.c: don't call ast_update_realtime with
uninitialized variables if we get a registration with an expirey
of 0 seconds (issue #6173)
* channels/chan_features.c: fix memory leak (inspired by issue
#6351)
- Replaced absolute directories like /usr/pkg and /var with ${PREFIX} and
${VARBASE}.
- USE_TOOLS+=perl:run, since there is one Perl program installed with the
package.
- Bumped PKGREVISION.
new features, including support for DUNDi. (http://www.dundi.com/ for
more information)
The initial framework and porting of this package upgrade was done by
Martin J. Laubach, with lots of feature/PLIST fixes by me. DragonFly
support added by Joerg Sonnenberger.
-- fix bug in callerid matching in the dialplan that was introduced in 1.0.8
Changes 1.0.8:
-- chan_zap
-- Asterisk will now also look in the regular context for the fax extension
while executing a macro. Previously, for this to work, the fax extension
would have to be included in the macro definition.
-- On some systems, ALERTING will be sent after PROCEEDING, so code has been
added to account for this case.
-- If no extension is specified on an overlap call, the 's' extension will
be used.
-- chan_sip
-- We no longer send a "to" tag on "100 Trying" messages, as it is
inappropriate to do so.
-- We now respond correctly to an invite for T.38 with a "488 Not acceptable
here"
-- We now discard saved tags on 401/407 responses in case the provider we're
talking to tries to pull a dirty trick on us and change it.
-- rtptimeout options will now be correctly set on a peer basis rather than
only global
-- chan_mgcp
-- Fixed setting of accountcode
-- Fixed where *67 to block callerid only worked for first call
-- chan_agent
-- We now will not pass audio until the agent has acked the call if the
configuration
is set up for the agent to do so.
-- chan_alsa
-- Fixed problems with the unloading of this module
-- res_agi
-- A fix has been added to prevent calls from being hung up when more than
one call is executing an AGI script calling the GET DATA command.
-- AGI scripts will now continue to run even if a file was not found with
the GET DATA command.
-- When calling SAY NUMBER with a number like 09, we will now say "nine"
instead of "zero"
-- app_dial
-- There was a problem where text frames would not be forwarded before the
channel has been answered.
-- app_disa
-- Fixed the timeout used when no password is set
-- app_queue
-- Distinctive ring has been fixed to work for queue members
-- rtp
-- Fixed a logic error when setting the "rtpchecksums" option
-- say.c
-- A problem has been fixed with saying the date in Spanish.
-- Makefile
-- A line was missing for the autosupport script that caused "make rpm" to
fail
-- format_wav_gsm
-- Fixed a problem with wav formatting that prevented files from being
played in some media players
-- pbx_spool
-- Fixed if the last line of text in a file for the call spool did not
contain a new line, it would not be processed
-- logger
-- Fixed the logger so that color escape sequences wouldn't be sent to the
logs
-- format_sln
-- A lot of changes were made to correctly handle signed linear format on
big endian machines
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
There are still some features not enabled by default, but this is a
solid foundation upon which to build - a fully-functional PBX can be
built, including PSTN gatewaying using the comms/zaptel-netbsd package.
From the DESCR:
Asterisk is a complete PBX in software. It provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).
