NB: I'm not game enough to do it in the freeze, but it looks like the
JVM version detection patching could be removed - it appears no longer
necessary now that Pkgsrc passes in the correct RXTX_PATH and JHOME_PATH
itself. At any rate, adding version 8 is not required for the oracle-jdk8
build to complete smoothly.
While here restore old behaviour of not alphabetically sorting memos by default.
Changes since 1.8.1:
1.8.2 - 05/18/14
Many bug fixes
Fixed VCard output
Added export for B-Folders
Added export for KeePassX
Changed the "enye" letter in Manana an "n", got tired of it causing problems
(Ma\303\261ana to Manana)
Made lots of stupid code changes to make the compiler warnings go away
pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only
-----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected. This potentially allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.17.0.
The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
with replaces (Reported by Eelco Brolman)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.16.0.
The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
The ConfBridge application uses an internal bridging API to implement
conference bridges. This internal API uses a state model for channels within
the conference bridge and transitions between states as different things
occur. Unload load it is possible for some state transitions to be delayed
causing the channel to transition from being hung up to waiting for media. As
the channel has been hung up remotely no further media will arrive and the
channel will stay within ConfBridge indefinitely.
In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
AMI ConfbridgeStartRecord Action
The CONFBRIDGE dialplan function when executed from an external protocol (such
as AMI) can result in a privilege escalation as certain options within that
function can affect the underlying system. Additionally, the AMI
ConfbridgeStartRecord action has options that would allow modification of the
underlying system, and does not require SYSTEM class authorization in AMI.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
... sorry some 300 lines of ChangeLog
=========
20130529 - 1.33.00
[-] * Various translation improvements.
[-] * Improved support for Huawei E173, thanks to Gautier Minster.
[-] * Fixed buffer overflow in MMS decoder.
[-] * Fixed several memory leaks.
[-] * Improved compatibility with Qualcomm devices (bug #1654).
[-] * Various documentation improvements.
[-] * Updated version of sms-gammu2android, thanks to Shadow Walker.
[-] * Fixed compilation on Mac OS X, thanks to Soren Jorvang.
[-] * Fixed SMSD with CheckSecurity = 0 (bug #1672).
20120627 - 1.32.0
[-] * Fixed auto installation of EventLog registry.
[-] * Improved support for Arduino GPRS shield (bug #1592).
[-] * Fixed communication with Cross PD1101wi (bug #1617).
[-] * Ignore another unknown block in Nokia phonebook (bug #1614).
[-] * Do not encode number when setting up diverts.
20120224 - 1.31.90
[-] * Improved compatibility with ES75 (bug #1586).
[!] * Changed API for call diverts.
[+] * Added support for call diverts in Python API.
[+] * AT backend supports manipulating with call diverts.
[+] * Added support for suspending/resuming SMSD using SIGUSR1/2.
[!] * Changed protocol for S60 applet.
[+] * S60 applet now handles SMS with new lines.
[+] * Improved support for Windows Event Log.
20111221 - 1.31.0
[-] * Fixed compilation with latest libusb.
[-] * Improved error handling in SQL backend of SMSD.
[-] * SMSD documentation improvements.
[-] * Indonesian translation updates.
20111213 - 1.30.92
[-] * Improved vCard parser to better handle location for various fields, thanks to Vladimir Serbinenko for initial patch.
[-] * Fixed reading calls from some Nokia phones (bug #1553).
[-] * Improved text mode SMS parsing in AT driver, thanks to Vladimir Serbinenko.
[-] * Use glib's MD5 implementation if available.
20111129 - 1.30.91
[+] * Improved documentation for configuring Gammu.
[-] * Fixed parsing birthday from vCard in some cases.
[+] * Added option not to use configured logging in SMSD inject and monitor (bug #1539).
[+] * Added SMSD configuration LogFacility (bug #1539).
[-] * Fixed reading of data from OBEX phones (LP#891803).
[-] * Fixed double reply detection (bug #1544).
[-] * Increase maximal number of caller groups (bug #1541).
[-] * Cancel all calls on maketerminated call if we don't get call ID.
[-] * Fixed SMSC handling in some cases in SMSD (bug #1547).
20111107 - 1.30.90
[-] * Various documentation improvements.
[-] * Detect Alcatel style reply on CPIN response (bug #1502).
[-] * Fix build on some Win32 systems (bug #1496).
[-] * Make jadmaker handle names with spaces (Rapha l Droz).
[-] * Display 8-bit messages in hex (Nicolas Pitre).
[-] * Do not use AT+CUSD=2 on some phones (bug #1508).
[-] * Fixed gammu-monitor with Windows service (bug #1515).
[-] * Cleanup of contrib directory.
[-] * Better support for Samsung AT phones (bug #1513).
[-] * Fixed handling of MMS notification SMSes (bug #1530).
[-] * Fixed CPIN reply handling (bug #1532).
[+] * SMSD checks for PIN status just after connect (bug #1532).
[-] * Fixed various MSVC compilation issues.
20110719 - 1.30.0
[*] * Improved SMSD logging of configuration settings.
[-] * Fix possible crash in fbus2 driver.
[-] * Fix possible crash of ODBC driver on Windows (bug #1482).
[-] * Fixed usage of dbi plugins from Python module.
20110607 - 1.29.93
[-] * Properly initialize atobex driver with Sony-Ericsson phones.
[-] * Updated list of country and network codes.
[-] * Escape fields in SQL queries (bug#1415).
[-] * Escape fields in PostgreSQL SQL script (bug#1415).
[-] * Default to GSM encoding for text messages in SQL backend for SMSD.
[-] * Add option to override which SQL dialect to use in SMSD (bug #1427).
[-] * Improved m-obex protocol support, thanks to Vladimir Serbinenko.
[-] * Various fixes for Samsung B2100, thanks to Vladimir Serbinenko.
[-] * Fix check for AT+CPROT support (bug #1438).
[-] * Fix memory leak in s60 protocol driver (bug #1441).
[-] * Reverted change to SignalStrength because of SQL escaping we have now (bug #1380).
[-] * Improved vCard parser to handle vCards from Gmail.
[-] * Fixed LDIF parser to cope with multiple LDIF in single file.
20110315 - 1.29.92
[-] * Documentation improvements and fixes.
[-] * Saner error handling in Windows serial driver.
[-] * Cleanup in SMSD internals.
[+] * Added ODBC driver to SMSD.
20110225 - 1.29.91
[+] * Added screenshot function for Sony-Ericssonn phones (M rton N meth).
[-] * Fixed parsing of some Nokia SMSes (bug #1402).
[-] * Properly report error on deleting non deletable entries (bug #1396).
[-] * Slower switch from m-obex to AT (bug #1382).
[-] * Faster initialization for AT phones without enabled echo.
20110210 - 1.29.90
[-] * Fix detection of MySQL libraries (bug #1370).
[!] * Changed default connection settings to at and ttyACM0 (bug #1078).
[+] * Add new API call to abort existing operation (bug #1155).
[+] * Change database structure to avoid using reserved word Signal (bug #1380).
[+] * Possibility to limit time of day for SMS in SMSD (bug #1203).
[-] * Enforce limits on SMS payload length.
[+] * Made GSM_SMSCounter public (bug #1356).
[+] * Support for S60 phones using Series60 applet (bug #423).
[-] * Do not fail on 0x7b field in Nokia 3600s phonebook (bug #1385).
[!] * Disabled two stage probing for most protocols.
[-] * Fixed saving of SMS backups (bug #1392).
[+] * Screenshot functionality for DCT4 phones (bug #1390).
20110119 - 1.29.0
[+] * Added option to enter new PIN when entering PUK, thanks to Peter
Stuge for pointing out this requirement.
[-] * Improved documentation of SMSD backend services.
20110107 - 1.28.95
[-] * Fix decoding of SMS without date on DCT4 phones (bug #1368).
[+] * Added gammu-detect tool to detect available devices on system.
[-] * Fixed parsing of Philips reply to SPBR (bug #1366).
[-] * Fixed testsuite not to depend on system timezone.
[-] * Check if phone is waiting for requested security code before
entering.
[-] * Fixup invalid international numbers with double prefix (+00) in
SMS (bug #1364).
[-] * Fixed m-obex protocol implementation, thanks to Matthieu Patou (bug #1375).
[-] * Fixed build on Mac OS X, thanks to Matthieu Patou (bug #1374).
[-] * Fixed decoding of some SMS messages on S40 phones (bug #1243).
20101227 - 1.28.94
[+] * New convertbackup command to convert between backup formats.
[+] * Changed database structure to version 12, you need to upgrade it.
[-] * Try harder to find dn for LDIF export (bug #1363).
[-] * Better names for some fields in LDIF export (bug #1363).
[-] * Implement parsing of LDIF for all fields we save (bug #1363).
[-] * Various minor fixes in SMSD SQL backend.
[-] * Improved test suite coverage.
[-] * Improved dummy driver to allow more testing.
20101202 - 1.28.93
[+] * New SMSD configuration RunOnFailure.
[-] * Fix invalid SQL when storing 8bit SMS (bug #1329).
[-] * Probe if phone supports m-obex protocol (bug #1286).
[+] * Experimental support fo m-obex protocol (bug #1286).
[-] * Fix detection of delivery reports in MySQL and PostgreSQL backends
(bug #313).
[+] * Include udev rules for Nokia phones (bug #1251).
[-] * Fix parsing LG VX9200 reply on getting battery state (bug #1264).
[-] * Fix handling of SMS text mode (bug #1189).
[!] * Default to no retries of the send commands on the link.
[-] * Wait for more USSD replies on getussd command (bug #1346).
[!] * New unified SQL SMSD backend handling all SQL databases.
[+] * SQL queries in SQL SMSD backend can be configured.
20101004 - 1.28.92
[+] * New SMSD config option HardResetFrequency.
[+] * Gammu now supports freedesktop.org/XDG specs for config file
locations and reads ~/.config/gammu/config.
[-] * Increase timeout for AT+CMGL (bug #1317).
[+] * Added support for optional delivery report parts as defined by
ETSI 123 040, section 9.2.2.3 (bug #1304).
[+] * SMSD database host configuration is now named "host" not "PC".
20100916 - 1.28.91
[-] * Fixed locales compilation/support.
[-] * Set memory to use for MPBR/SBNR/SPBR commands as well (bug #1128).
[-] * Handle errors from CMGL same way as from CMGR (bug #1211).
[-] * Fixed parsing of AT+CPMS=? reply (bug #1296).
[+] * Implemented matching by serial number.
[+] * SMSD can now be configured just for sending/receiving.
[-] * Fixed battery status for S40 phones (bug #1301).
[-] * Improved compatibility with Motorola phonebook (bug #1128).
[+] * Lot of documentation improvements, check <http://wammu.eu/docs/devel/docs/>.
20100827 - 1.28.90
[-] * Fixed handling of empty reply on CREG/CGREG (bug #1245).
[-] * Prefer storing delivery reports over forwarding them.
[-] * Fix leak and crash when handling MMS notifications in Python.
[-] * Fixed parsing of date from AT phones (bug #1256).
[-] * Simplify handling text comment in SMS backup to keep new lines.
[+] * New command gammu battery.
[-] * Fail to send SMS without set SMSC.
[-] * Avoid updating SMSD backend frequently than StatusFrequency defines.
[-] * Store SIM phonebook to vCard on backup (bug #1281).
[-] * Fixed waiting for multipart messages (bug #1279).
[-] * Fixed crash on too long GPRS access point names in backup (bug #1267).
[-] * Fallback to using SMSC from phone in SMSD if none provided.
[-] * Improved guessing of HEX/GSM charsets for phone number in AT engine.
20100712 - 1.28.0
[+] * Support for adding notes using addnew command.
[-] * Better log errors when moving message in SMSD.
[!] * Removed checkfirmware command as the server is not existing anymore.
[-] * Proper closing of Bluetooth sockets on Windows (bug #1239).
[-] * Properly decode another way of MMS notification SMS.
[+] * Support for selecting USB device to use on Linux.
[-] * Fix storing text in SMS backup comment for multiline SMS.
[-] * Fixed crash when passing invalid parameters to SMS encoder.
20100629 - 1.27.95
[+] * Support for getting packet network state (bug #1220).
[-] * Fix parsing of AT replies from Nokia 2730 (bug #1224).
[-] * Nokia E61 needs encoded USSD requests (bug #1228).
[!] * Rename Port configuration directive to Device.
[-] * Try to reconnect after lost connection to MySQL error.
[-] * Actually enable -f processing in SMSD.
[+] * Configurable number of backend retries.
[-] * Prefer GSM charset for USSD requests (bug #1228).
20100603 - 1.27.94
[-] * Fixed folder detection for Nokia S40 phones (bug #1191).
[-] * Fixed smsd-inject for long messages.
[-] * Fixed waiting for more multipart messages (bug #1193).
[-] * Fixed parsing of cellid reply with different locales (bug #1202).
[-] * Fixed handling of timeouts from libusb (bug #1207).
[-] * Properly detect birthday on Nokia 2700 (bug #1213).
[-] * Provide fallback value for note type (bug #1213).
[-] * Rewritten parsing of CREG: reply to properly parse all replies (bug #1220).
20100413 - 1.27.93
[-] * Fix crash when SMS in Nokia has too many recipients (bug #1136).
[-] * Better handling of Bluetooth errors on Windows (bug #1146).
[-] * Build with -Wl,--as-needed to avoid not required dependencies.
[-] * Python module now uses more PEP-3 compliant naming.
[-] * Fix compilation while disabling some features.
[-] * Include message reference in FILES backend logs for SMSD.
[-] * Fix crash when adding file to Nokia (bug #1163).
[+] * Added function EncodePDU to python-gammu.
[-] * Fix storing message status on multiple delivery reports (bug #1167).
[-] * Force AT^SBNR support on Siemens AX75.
20100217 - 1.27.92
[+] * Write support for Siemens phonebook (bug #1129).
[-] * Properly decode UTF-8 version 3.0 vCards (bug #1132).
[-] * Fixed wrong counting of favorite messaging numbers (bug #1010).
[+] * Implement SendDTMF in Python bindings.
20100204 - 1.27.91
[-] * Add ID for Nokia 6275i (bug #1096).
[-] * Fix Windows build by not defining MSVC version.
[-] * Correctly use first entry location in MPBR (bug #1076).
[-] * Avoid buffer overrun when parsing SM30 SMS (bug #1110).
[-] * Properly detect user home directory.
[+] * Improved MMS notifications encoding.
[+] * Allow to specify MMS notification class.
[+] * Implemented decoding of MMS notification (bug #1100).
[+] * SMSD now properly groups multipart messages together.
[+] * New NULL service for SMSD.
[+] * RunOnReceive now gets environment variables with SMS data.
[-] * Fixed AT lines splitting to work properly with quotes.
[-] * Separate getting information for Motorola phones (bug #1076).
[-] * Fixed reading of Samsung contacts (bug #1105).
[-] * Re-enable classic AT commands for adding Samsung contact (bug #1105).
[+] * SMSD no longer requires support for SMS status, so it works with Nokia S40 phones.
[-] * Fix finding of empty location for some AT phones (bug #1119).
[-] * Restore phone phonebook also to phones not supporting status (bug #1122).
[-] * Avoid reading phone memory on reading SIM (bug #1123).
20100106 - 1.27.90
[-] * Simplify code in FILES smsd service.
[-] * FILES service can send smsbackup messages.
[+] * Configurable outbox format for SMSD/FILES.
[-] * Improve conversion of boolean settings from Python.
[-] * Do not use MPBR/SPBR for other than phone memory (bug #1076).
[-] * Fix crash with unknown CME error (bug #1082).
[-] * Fixed connecting to Onda devices (LP #501025).
[+] * SMSD can terminate itself after defined number of failures.
[-] * Improved decoding of SM30 Nokia messages (bug #1091).
20091222 - 1.27.0
[+] * Initial support for reading Motorola calendar (bug#338).
[-] * Avoid parsing boolean config values all around the code.
[+] * FILES backend of SMSD now support message injecting.
[-] * Ignore duplicate lines in AT reply (bug#1069).
20091212 - 1.26.93
[-] * Add ID for MTK1/MTK2 phones (bug#1051).
[+] * Add DecodePDU to Python bindings.
[+] * Added sample SQL trigger for SMSD polls.
[-] * Display sent SMS time if it is available (bug#1053).
[-] * Added bunch of new testcases.
[-] * Distinguish silent/tone alarms in own backup format.
[-] * Fixed compilation with Clang compiler.
[-] * Fixed handling of SMS memories with Samsung (bug#1063).
[+] * Reporting location based on OpenCellID database (bug#1039).
20091203 - 1.26.92
[-] * Compare full name of config section.
[-] * Add ID for Nokia 6111 (bug#1045).
[-] * Handle CME error 601 (bug#1044).
[+] * Support for reading birthday from Samsung phonebook (bug#1038).
[+] * Report GPRS state when getting network status (bug#1023).
[-] * Fix reading of Siemens phonebook (bug#1046).
[+] * Make gammu error codes map to GSM_Error.
[-] * Various code cleanups.
[-] * Add ID for Huawei E169.
20091119 - 1.26.91
[-] * Fixed parsing of vCards with lowercase types (bug #1006).
[-] * Handle forward references in Nokia phonebook (bug #1009).
[-] * Save timestamp to SMS backup for all messages.
[-] * Store PDU type in SMS backup.
[+] * More flexible handling of exclude/include lists in SMSD.
[+] * Add support for external list of exclude/include numbers (bug#1008).
[-] * Workaround decoding of messages padded by 0xFF by phone.
[-] * Force enabling of OBEX for SE S312 (bug#1016).
[-] * Recognize Motorola A1200 error replies (bug#1019).
[-] * Disable AT/Obex for Motorola A1200e (bug#1019).
[-] * Properly detect if phone does not support AT+MODE (bug#1019).
[-] * Disable AT/Obex for Motorola E790 (bug#1018).
[+] * Add option to filter messages by SMSC (bug#1020).
[-] * Implement retries when waiting for message prompt.
[-] * Fixed logic of detecting incoming calls.
[-] * Fixed loading of non ASCII messages from files in SMSD (bug#1011).
[+] * Added example showing reading of messages.
[-] * Build Windows release with Python 2.6.
[-] * Fixed compilation in MSVC because of missing S_ISDIR.
[-] * Fixed parsing of different Samsung reply (bug#1038).
[-] * Proper error code when SMSC is empty (bug#1032).
[-] * Fixed compilation of python-gammu in MSVC.
20091012 - 1.26.90
[-] * Fixed parsing of SMS with empty recipient (bug #998).
[-] * Correct setting of time on Huawei phones.
[+] * Addnew command can now change memory type being used.
[-] * Proper handling of locations and memory type in vCards.
[-] * Added IDs for several recent Sony-Ericsson phones.
[-] * Fix decoding of phone numbers in some cases (bug #999).
[-] * Replace MD5 implementation with public domain one (bug #964).
[-] * Huawei E17X has broken UCS-2, do not use it (bug #962).
[-] * Do not fail if phone does not support extended SMS params (bug #927).
[+] * Added support for Samsung calendar (bug #839).
[-] * Do not choke on OK in message text.
[-] * Add ID of Nokia 6020b (bug #1004).
[-] * Fix decoding of SMS with extended characters.
[-] * Fixed handling of DCT4 specific functions.
[-] * Add workaround for especially broken Ubinetics GDC201.
- added --with-trust-uds-cred which uses getsockopt() to fetch and
trust the client uid, bypassing password lookups - patch by Anton
Lundin <glance@acc.umu.se>
- missing closedir() causing memory leak - patch by Anton Lundin
<glance@acc.umu.se>
- sending a break signal over IPMI was broken - based on patch by
Alexander Y. Fomichev <git.user@gmail.com>
- IPv6 support (marked as experimental at this point because it's
untested (except by the author), there's a lack of documentation, and
I'm hoping for non-getifaddrs() system support) - patch by Milos
Vyletel <milos.vyletel@gmail.com>
- no more K&R compiler support
version 8.1.20 (Apr 4, 2014):
- IPMI serial over LAN support via FreeIPMI - based on patch by Anton
D. Kachalov <mouse@yandex-team.ru>
- minor cleanup of code, removal of gcc warnings and such that should
have no fuctional change
version 8.1.19 (Sep 26, 2013):
- prevent select/read loop when EOF on non-pty input (console) -
reported by Chris Marget <chris@marget.com>
- "!" syntax prefixing use of group names not honored - reported by
Zonker <consoleteam@gmail.com>
- fixed memory leak using timestamps - patch by Karvendhan M.
<Karvendhan.M@netapp.com>
- deprecated --with-cycladests (noop now) - cross-compilation should
work without it as autologin now expects setpgrp() to take two
arugments instead of testing for it
- no automatic checks for an empty password when using PAM
authentication - based on discussion with Ryan Kirkpatrick
<linux@rkirkpat.net>
- added 'sslcacertificatefile' and 'sslcacertificatepath' client
configuration options - based on patch by Aki Tuomi <cmouse@cmouse.fi>
- added 'sslcacertificatefile' and 'sslreqclientcert' server
configuration options
- added --with-req-server-cert to force clients to require a certificate
from the server when using SSL - based on emails with Thor Simon
<tls@coyotepoint.com>
- added server-side tasks (see conserver.cf man page) that are invoked
by the client (useful for things like IPMI-based power control of
servers, invoking resets of terminal server ports, or anything else
that requires scripting) - ideas from patch by Anton Lundin
<glance@acc.umu.se> and discussion on mailing list (2011)
- added 'confirm' option to break sequences
- added 'breaklist' option to limit exposure of break sequences to
consoles
- sending of break signals is now announced to all attached clients
The Asterisk Development Team has announced the release of Asterisk 11.14.0.
The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.32.0.
The release of Asterisk 1.8.32.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0
Thank you for your continued support of Asterisk!
Bugfix release for 0.4.0, notably for:
* issue with the "oss" plug-in
* less warnings when building with Gtk+ 3
DeforaOS Phone 0.4.0 did bring:
* support for Gtk+ 3 (except for the new "video" plug-in)
* new and updated plug-ins and tools
* additional features and interface updates
* as well as improved documentation (manual pages...)
* and additional improvements under the hood (portability, XDG compliance...)
Also drops the dependency on audio/pulseaudio.
The Asterisk Development Team has announced the release of Asterisk 11.13.0.
The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
warnings and ref leaks (Reported by Walter Doekes)
* ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
if ever not able to resolve (Reported by David Herselman)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
* ASTERISK-23577 - res_rtp_asterisk: Crash in
ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
Jay Jideliov)
* ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
by Roman Skvirsky)
* ASTERISK-24301 - Security: Out of call MESSAGE requests
processed via Message channel driver can crash Asterisk
(Reported by Matt Jordan)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.31.0.
The release of Asterisk 1.8.31.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.
Please note that the release of these versions resolves the following security
vulnerability:
* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
Dialplan Configurations
Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-010.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.30.0.
The release of Asterisk 1.8.30.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.30.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.12.0.
The release of Asterisk 11.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
empty string is a bit over zealous (Reported by Matt Jordan)
* ASTERISK-23985 - PresenceState Action response does not contain
ActionID; duplicates Message Header (Reported by Matt Jordan)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
should not call sip_destroy (Reported by Corey Farrell)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-18345 - [patch] sips connection dropped by asterisk
with a large INVITE (Reported by Stephane Chazelas)
* ASTERISK-23508 - Memory Corruption in
__ast_string_field_ptr_build_va (Reported by Arnd Schmitter)
Improvements made in this release:
-----------------------------------
* ASTERISK-21178 - Improve documentation for manager command
Getvar, Setvar (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.12.0
Thank you for your continued support of Asterisk!
pkgsrc change: MAKE_JOBS_SAFE=NO from joerg@
The Asterisk Development Team has announced the release of Asterisk 11.11.0.
The release of Asterisk 11.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23792 - Mutex left locked in chan_unistim.c (Reported
by Peter Whisker)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23824 - ConfBridge: Users cannot be muted via CLI or
AMI when waiting to enter a conference (Reported by Matt Jordan)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23609 - Security: AMI action MixMonitor allows
arbitrary programs to be run (Reported by Corey Farrell)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23844 - Load of pbx_lua fails on sample extensions.lua
with Lua 5.2 or greater due to addition of goto statement
(Reported by Rusty Newton)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23834 - res_rtp_asterisk debug message gives wrong
length if ICE (Reported by Richard Kenner)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23917 - res_http_websocket: Delay in client processing
large streams of data causes disconnect and stuck socket
(Reported by Matt Jordan)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23916 - [patch]SIP/SDP fmtp line may include whitespace
between attributes (Reported by Alexander Traud)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
* ASTERISK-22961 - [patch] DTLS-SRTP not working with SHA-256
(Reported by Jay Jideliov)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.11.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.29.0.
The release of Asterisk 1.8.29.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23667 - features.conf.sample is unclear as to which
options can or cannot be set in the general section (Reported by
David Brillert)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)
Improvements made in this release:
-----------------------------------
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.29.0
Thank you for your continued support of Asterisk!
* Depend on x11/c++-gtk-utils, instead of x11/gtkmm
Changelog:
Version 3.2.13 (11th April 2014)
--------------
Fix API breakage in GTK+-3.12 (the buttons of GtkDialog objects
have been made internal instead of non-internal children of the
action area box) (dialog.h, dialog.cpp).
Put icon in efax and efax-gtk about dialogs (dialogs.cpp).
Replace AC_CONFIG_HEADER macro with AC_CONFIG_HEADERS when
configuring (Samuli Suominen) (configure.ac).
Update build system to automake-1.13.3 (config.guess, config.sub,
depcomp, INSTALL).
Update desktop file (Samuli Suominen) (efax-gtk.desktop).
Version 3.2.12 (1st June 2013)
--------------
Force GType initialisation of GtkEntry for GtkSettings
(mainwindow.cpp).
Correct entry sizing in settings dialog (settings.cpp).
Improve tray icon sizing (tray_icon.cpp).
Permit the program to build against c++-gtk-utils-2.2 (this
requires increasing the c++-gtk-utils-1.2 dependency to 1.2.13,
and increasing the c++-gtk-utils-2.0 dependency to 2.0.1)
(acinclude.m4, README; mainwindow.h, mainwindow.cpp).
Cause bootstrap.sh to build translation files (bootstrap.sh).
Update build system to automake-1.13.1 (configure.ac,
config.guess, config.sub, depcomp, INSTALL, install-sh, missing;
src/Makefile.am; efax/Makefile.am).
Version 3.2.11 (1st January 2013)
--------------
Workaround for a bug in GtkFileChooserDialog in later versions of
gtk+-2.24 (dialogs.cpp).
Change efax-gtk.desktop to meet
http://specifications.freedesktop.org/menu-spec/menu-spec-latest.html
recommendations (efax-gtk.desktop).
Add French translation (Charlie Ledocq) (po/fr.po, LINGUAS).
Version 3.2.10 (21st October 2012)
--------------
Update build system to automake-1.12.1 and autoconf-2.69.
Suppress gtk+-3 deprecation warnings (acinclude.m4).
Set locale even if NLS not set (main.cpp).
Deal better with GtkMessageDialog format string (dialog.cpp).
Use automake silent rules (configure.ac).
Correct icon entry in efax-gtk.desktop file (efax-gtk.desktop).
Simplify file chooser selection code (dialogs.cpp).
Call atexit() instead of glib's now deprecated g_atexit() (the use
of atexit() in this program is entirely safe) (main.cpp).
Remove unnecessary pointer value check in present_prog()
(main.cpp).
Add Spanish translation (Antonio Trujillo) (po/LINGUAS, po/es.po,
po/efax-gtk.pot; mainwindow.cpp).
Update copyright notices (COPYING, README; addressbook.h,
addressbook.cpp, dialogs.h, dialogs.cpp, efax_controller.h,
efax_controller.cpp, fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cp, gpl.h,
helpfile.h, helpfile.cpp, logger.h, logger.cpp, main.cpp,
mainwindow.h, mainwindow.cpp, prog_defs.h, redial_queue.h,
redial_queue.cpp, settings.h, settings.cpp, settings_help.h,
settings_help.cpp, socket_list.h, socket_list.cpp,
socket_notify.h, socket_notify.cpp, socket_server.h,
socket_server.cpp, tray_icon.h, tray_icon.cpp;
utils/cairo_handle.h, utils/icon_info_handle.h,
utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp,
utils/pango_layout_iter_handle.h, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp, utils/sem_sync.h,
utils/tiff_handle.h, utils/toolbar_append_widget.h,
utils/toolbar_append_widget.cpp, utils/tree_path_handle.h,
utils/tree_row_reference_handle.h, utils/utf8_utils.h,
utils/utf8_utils.cpp;
efax-gtk-faxfilter/efax-gtk-socket-client.cpp.
Update documentation (README).
Update configuration scripts (acinclude.m4).
Version 3.2.9 (21st December 2011)
-------------
Have a hard dependency on c++-gtk-utils-1.2 >= 1.2.7 or
c++-gtk-utils-2.0 >= 2.0.0-rc1, so that C++0x/11 can be more
easily supported, and maintainability is improved (README,
acinclude.m4, configure.ac, src/Makefile.am,
src/utils/Makefile.am, po/POTFILES.in; delete src/internal
directory and its contents.)
Make the settings help dialogs of a reasonable size with GTK+3
(settings_help.cpp).
Permit IPv6 addresses to be specified with a wildcard and only
one, or no, ':' character (socket_server.cpp).
Explicitly set shadow type of fax input frame (mainwindow.cpp).
Change library linking order (src/Makefile.am and
efax/Makefile.am).
Remove unnecessary configure checks (acinclude.m4, configure.ac
and src/Makefile.am)
Upgrade gettext to version 0.18 and include m4 macros
(po/Makefile.in.in, po/Rules-quot, m4 directory, Makefile.am).
Add proper header checks at configuration time (configure.ac).
Version 3.2.8 (30th March 2011)
-------------
Permit IPv6 addresses in domain name form as well as in numeric
format (socket_server.h and socket_server.cpp).
Improve error checking and so suppress gcc-4.6 warning
(mainwindow.cpp; utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version.
Version 3.2.7.1 (16th March 2011)
---------------
Correct style change handling (mainwindow.h, mainwindow.cpp).
Update comments in efax-gtkrc on "SOCK_OTHER_ADDRESSES:" for IPv6
(efax-gtkrc).
Version 3.2.7 (14th March 2011)
-------------
Change default gtk target to gtk+3, and permit
--with-gtk-version=gtk2 and --with=gtk-version=gtk3 as well as
--with-gtk-version=gtk+2 and --with=gtk-version=gtk+3
(acinclude.m4, README).
Provide option for server to accept IPv6 connections (efax-gtkrc;
prog_defs.h, main.cpp, mainwindow.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_server.h and
socket_server.cpp).
Use GtkStyleContext for a GTK+3 compile (acinclude.m4;
addressbook.cpp, dialogs.h, dialogs.cpp, fax_list.cpp,
fax_list-manager.cpp, helpfile.cpp, logger.cpp, main.cpp,
mainwindow.h and mainwindow.cpp).
Correct non-sh-ism in configuration files (acinclude.m4).
Include efax-gtk.png icon in rpm spec file (efax-gtk.spec.in).
Minor adjustments to MonoTiffPrintManager implementation
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Provide some explicit casts for std::pair constructor required by
C++0x (dialogs.cpp, fax_list.cpp, file_list.cpp, socket_list.cpp).
Provide compile option for c++-gtk-utils-2.0 (acinclude.m4,
README; efax_controller.cpp, fax_list.cpp, gpl.h, logger.cpp,
socket_server.h and socket_server.cpp).
Surpress warning about std::auto_ptr being deprecated when
compiling under C++0x (acinclude.m4).
Upgrade internal c++-gtk-utils version to 1.2.12 (and also adjust
the configuration files for that (acinclude.m4, configure.ac;
src/internal/c++-gtk-utils/Makefile.am)).
Version 3.2.6 (13th November 2010)
-------------
Do not require dbus-glib where glib >= 2.26 is installed
(acinclude.4, configure.ac, src/Makefile.am,
src/internal/c++-gtk-utils/Makefile.am with upgraded
c++-gtk-utils).
Fixes for gtk+-2.91 (acinclude.m4, addressbook.cpp, dialogs.cpp,
fax_list.cpp, fax_list_manager.cpp, helpfile.cpp, logger.cpp,
main.cpp, mainwindow.h, mainwindow.cpp, settings.cpp and
socket_notify.cpp).
Improve widget sizing for widgets displaying text
(efax_controller.h, mainwindow.h and mainwindow.cpp).
Fix compilation error with gtk+-2.12 (mainwindow.cpp).
Remove anachronistic comment (utils/mono_tiff_print_manager.cpp).
Upgrade internal c++-gtk-utils version to 1.2.7.
Version 3.2.5 (13th October 2010)
-------------
Fix segfault when printing faxes with cairo-1.10
(utils/mono_tiff_print_manager.h and
utils/mono_tiff_print_manager.cpp).
Use cairo rather than the GDK drawing functions to draw the
indicator of whether there are print jobs from the socket to be
faxed (mainwindow.h, mainwindow.cpp and utils/cairo_handle.h).
Use gtk_tree_view_convert_bin_window_to_widget_coords() instead of
gtk_widget_get_pointer() in order to obtain the pointer position
in widget co-ordinates for tree view motion notify events
(fax_list_manager.cpp).
Modify argument handling for efax message functions to avoid an
invalid double call to vfprintf() on the same va_list value (this
bug is triggered on some systems when using the 'fax' script but
does not directly affect efax-gtk) (efax/efaxmsg.c, efax/PATCHES).
Upgrade internal c++-gtk-utils version to 1.2.6.
Version 3.2.4 (2nd August 2010)
-------------
Fix uncaught exception where a file to be faxed is not in valid
postscript/PDF format (efax_controller.cpp).
Include the former gnome stock_send-fax icon as the standard icon
for efax-gtk (Makefile.am, efax-gtk.desktop, efax-gtk.png,
AUTHORS; main.cpp).
Use XkbBell() rather than XBell() where available (acinclude.m4,
main.cpp).
Include pkg-config test for x11.pc, if available (acinclude.m4 and
src/Makefile.am).
Further build fixes for Debian Hurd (src/efax_controller.cpp and
src/fax_list.cpp; efax/efaxmsg.c).
Update Hungarian translation (László Csordás) (hu.po and
mainwindow.cpp).
Remove redundant anonymous namespace for callbacks with C linkage
(addressbook.h, addressbook.cpp, dialogs.h, dialogs.cpp,
fax_list.h, fax_list.cpp, fax_list_manager.h,
fax_list_manager.cpp, file_list.h, file_list.cpp, helpfile.h,
helpfile.cpp, logger.h, logger.cpp, mainwindow.h, mainwindow.cpp,
redial_queue.h, redial_queue.cpp, settings.h, settings.cpp,
settings_help.h, settings_help.cpp, socket_list.h,
socket_list.cpp, socket_notify.h, socket_notify.cpp, tray_icon.h,
tray_icon.cpp, utils/mono_tiff_print_manager.h,
utils/mono_tiff_print_manager.cpp, utils/selected_rows_handle.h,
utils/selected_rows_handle.cpp).
Correct linkage specification of present_prog() (main.cpp).
Use Cgu::start_timeout_seconds() rather than Cgu::start_timeout()
where available (fax_list_manager.cpp, logger.cpp).
Remove redundant comments (prog_defs.h,
utils/toolbar_append_widget.cpp).
Upgrade internal c++-gtk-utils version to 1.2.4.
numerous general bugs. The vulnerabilities fixed are: AST-2014-001,
AST-2014-002, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
The security patches for AST-2014-007 have been updated with the
fix for the regression, and are available at
http://downloads.asterisk.org/pub/security
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or
HTTPS port respectively in http.conf and then not sending or
completing a HTTP request will tie up a HTTP session. By doing
this repeatedly until the maximum number of open HTTP sessions
is reached, legitimate requests are blocked.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.28.0.
The release of Asterisk 1.8.28.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
* ASTERISK-23650 - Intermittent segfault in string functions
(Reported by Roel van Meer)
Improvements made in this release:
-----------------------------------
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.28.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.27.0.
The release of Asterisk 1.8.27.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23382 - [patch]Build System: make -qp can corrupt
menuselect-tree and related files (Reported by Corey Farrell)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.27.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.26.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk
The release of Asterisk 1.8.26.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
Improvements made in this release:
-----------------------------------
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.26.0
Thank you for your continued support of Asterisk!
with general bug fixes. The security issues fixed are: AST-2014-001,
AST-2014-002, AST-2014-006, and AST-2014-007.
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.
These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.
Please note that the release of these versions resolves the following security
vulnerabilities:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
The release of these versions resolves the following issue:
* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections
Establishing a TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP request
will tie up a HTTP session. By doing this repeatedly until the maximum number
of open HTTP sessions is reached, legitimate requests are blocked.
Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the
following issue:
* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access
Manager users can execute arbitrary shell commands with the MixMonitor manager
action. Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is permitted to use
manager commands can potentially execute shell commands as the user executing
the Asterisk process.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-007.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.10.0.
The release of Asterisk 11.10.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-23559 - app_voicemail fails to load after fix to
dialplan functions (Reported by Corey Farrell)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23545 - Confbridge talker detection settings
configuration load bug (Reported by John Knott)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-23616 - Big memory leak in logger.c (Reported by
ibercom)
* ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
(Reported by Sebastian Wiedenroth)
* ASTERISK-23550 - Newer sound sets don't show up in menuselect
(Reported by Rusty Newton)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23605 - res_http_websocket: Race condition in shutting
down websocket causes crash (Reported by Matt Jordan)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
'spy', if the spied-on channel makes a new call, unable to
barge. (Reported by Robert Moss)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
Improvements made in this release:
-----------------------------------
* ASTERISK-23649 - [patch]Support for DTLS retransmission
(Reported by NITESH BANSAL)
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.9.0.
The release of Asterisk 11.9.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23034 - [patch] manager Originate doesn't abort on
failed format_cap allocation (Reported by Corey Farrell)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23232 - LocalBridge AMI Event LocalOptimization value
is opposite to what's expected (Reported by Leon Roy)
* ASTERISK-23098 - [patch]possible null pointer dereference in
format.c (Reported by Marcello Ceschia)
* ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
res_parking.so is not loaded, or if res_parking.conf has no
configuration (Reported by CJ Oster)
* ASTERISK-23069 - Custom CDR variable not recorded when set in
macro called from app_queue (Reported by Bryan Anderson)
* ASTERISK-19499 - ConfBridge MOH is not working for transferee
after attended transfer (Reported by Timo Teräs)
* ASTERISK-23261 - [patch]Output mixup in
${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
* ASTERISK-23279 - [patch]Asterisk doesn't support the dynamic
payload change in rtp mapping in the 200 OK response (Reported
by NITESH BANSAL)
* ASTERISK-23255 - UUID included for Redhat, but missing for
Debian distros in install_prereq script (Reported by Rusty
Newton)
* ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
variables for subsequent records (Reported by zvision)
* ASTERISK-23141 - Asterisk crashes on Dial(), in
pbx_find_extension at pbx.c (Reported by Maxim)
* ASTERISK-23336 - Asterisk warning "Don't know how to indicate
condition 33 on ooh323c" on outgoing calls from H323 to SIP peer
(Reported by Alexander Semych)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
* ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
handle_response_invite (Reported by Walter Doekes)
* ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
ibercom)
* ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
(Reported by Jeremy Lainé)
* ASTERISK-22911 - [patch]Asterisk fails to resume WebRTC call
from hold (Reported by Vytis Valentinavičius)
* ASTERISK-23104 - Specifying the SetVar AMI without a Channel
cause Asterisk to crash (Reported by Joel Vandal)
* ASTERISK-21930 - [patch]WebRTC over WSS is not working.
(Reported by John)
* ASTERISK-23383 - Wrong sense test on stat return code causes
unchanged config check to break with include files. (Reported by
David Woolley)
* ASTERISK-20149 - Crash when faxing SIP to SIP with strictrtp set
to yes (Reported by Alexandr Gordeev)
* ASTERISK-17523 - Qualify for static realtime peers does not work
(Reported by Maciej Krajewski)
* ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
unload_module and do_monitor (Reported by Corey Farrell)
* ASTERISK-23373 - [patch]Security: Open FD exhaustion with
chan_sip Session-Timers (Reported by Corey Farrell)
* ASTERISK-23340 - Security Vulnerability: stack allocation of
cookie headers in loop allows for unauthenticated remote denial
of service attack (Reported by Matt Jordan)
* ASTERISK-23311 - Manager - MoH Stop Event fails to show up when
leaving Conference (Reported by Benjamin Keith Ford)
* ASTERISK-23420 - [patch]Memory leak in manager_add_filter
function in manager.c (Reported by Etienne Lessard)
* ASTERISK-23488 - Logic error in callerid checksum processing
(Reported by Russ Meyerriecks)
* ASTERISK-23461 - Only first user is muted when joining
confbridge with 'startmuted=yes' (Reported by Chico Manobela)
* ASTERISK-20841 - fromdomain not honored on outbound INVITE
request (Reported by Kelly Goedert)
* ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
at astobj2.c:120 (Reported by Jamuel Starkey)
* ASTERISK-23509 - [patch]SayNumber for Polish language tries to
play empty files for numbers divisible by 100 (Reported by
zvision)
* ASTERISK-23103 - [patch]Crash in ast_format_cmp, in ao2_find
(Reported by JoshE)
* ASTERISK-23391 - Audit dialplan function usage of channel
variable (Reported by Corey Farrell)
* ASTERISK-23548 - POST to ARI sometimes returns no body on
success (Reported by Scott Griepentrog)
* ASTERISK-23460 - ooh323 channel stuck if call is placed directly
and gatekeeper is not available (Reported by Dmitry Melekhov)
Improvements made in this release:
-----------------------------------
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
not have a call in progress (Reported by Chris Hillman)
* ASTERISK-23099 - [patch] WSS: enable ast_websocket_read()
function to read the whole available data at first and then wait
for any fragmented packets (Reported by Thava Iyer)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.9.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.
The release of these versions resolve the following issues:
* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.
Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.
* AST-2014-002: chan_sip: Exit early on bad session timers request
This change allows chan_sip to avoid creation of the channel and
consumption of associated file descriptors altogether if the inbound
request is going to be rejected anyway.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.8.0.
The release of Asterisk 11.8.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
Asterisk to Chrome (Reported by Shaun Clark)
* ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
DTMF menus in ConfBridge (processed as directive) (Reported by
Nicolas Tanski)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
Melekhov)
* ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
"WIMPy" Harzenetter)
* ASTERISK-22942 - [patch] - Asterisk crashed after
Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when <replace-char> is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)
Improvements made in this release:
-----------------------------------
* ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
When Running "sip show peers" (Reported by Michael L. Young)
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22919 - core show channeltypes slicing (Reported by
outtolunc)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0
Thank you for your continued support of Asterisk!
Changes since version 0.4:
0.7, 20130330 - jeagle
Add ability to allow users to specify their own frame allocation routines.
Update API mode 2 with latest version from jdodgen
0.6, 20120624 - jeagle
Update documentation.
Add support for API mode 2 escapes. Needs testing.
Add constant for the "BD" baud rate table.
0.5, 20120401 - jeagle
Add support for Win32::SerialPort to enable Windows support. (Thanks Jerry)
Fix issue with tx() in async mode. (Thanks Vicente)
Add support for "explicit rx indicator" packets. (Thanks Vicente)
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
These releases are maintenance releases, and do not contain any new
features or functionality, but only contain bugfixes:
* Re-order library files in fchmod() configure check
* faxalter: Wire up the nissing page range -Z options
* man: JobReqError/JobRetryError were missing in hylafax-config.4
* typerules: adding missing comma to typeNames array
* Do not warn about one of the Fontpath directories not existing
* Reworked how faxsetup looks for Fontmap
* Use a private Fontmap.HylaFAX file of .pfb files
* Combine all Fontmap files in memory, including new Fontmap.HylaFAX
* Bug 934: We need to avoid a 0-index in playList
* hfaxd: Eliminte extraneous debug logging
* hfaxd: Make source port for active connections be ctrl port - 1
* hfaxd: Release old accept fd
* Support libtiff 4.0
* faxsend: JobRetryOther/JobRequeueOther weren't actually being used
* Make sure not to cut faxq FIFO messages in two when reaching end of buffer
* hfaxd: Port is network byte order, correct logging of it
This fixes abuild failure when a version of the package is already
installed.
Not bumping PKGREVISION because the resulting package should be unchanged.
Revision history for Perl extension Device::Modem.
1.57 Sun Jan 26 11:36:11 CET 2014
- Added a "handshake" option to the connect() method.
Allowed values are "xoff", "rts" or "none" (default).
Thanks to Ezio Bonsi for suggesting the idea.
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE= 33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE= 33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.
Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.
Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.
Whitespace cleanups and other nits corrected, where necessary.
Version 2.7 2013-10-17
---------------------------
- Win32: setRTS and setDTR can be called before the port is opened and it will
set the initial state on port open.
- Posix: add platform specific method: outWaiting (already present for Win32)
- Posix: rename flowControl to setXON to match name on Win32, add
flowControlOut function
- rfc2217: zero polls value (baudrate, data size, stop bits, parity) (Erik
Lundh)
- Posix: [Patch pyserial:28] Accept any speed on Linux [update]
- Posix: [Patch pyserial:29] PosixSerial.read() should "ignore" errno.EINTR
- OSX: [Patch pyserial:27] Scan by VendorID/Product ID for USB Serial devices
- Ensure working with bytes in write() calls
Bugfixes:
- [Bug 3540332] SerialException not returned
- [Bug pyserial:145] Error in socket_connection.py
- [Bug pyserial:135] reading from socket with timeout=None causes TypeError
- [Bug pyserial:130] setup.py should not append py3k to package name
- [Bug pyserial:117] no error on lost conn w/socket://
Bugfixes (posix):
- [Patch 3462364] Fix: NameError: global name 'base' is not defined
- list_ports and device() for BSD updated (Anders Langworthy)
- [Bug 3518380] python3.2 -m serial.tools.list_ports error
- [Bug pyserial:137] Patch to add non-standard baudrates to Cygwin
- [Bug pyserial:141] open: Pass errno from IOError to SerialException
- [Bug pyserial:125] Undefined 'base' on list_ports_posix.py, function usb_lsusb
- [Bug pyserial:151] Serial.write() without a timeout uses 100% CPU on POSIX
- [Patch pyserial:30] [PATCH 1/1] serial.Serial() should not raise IOError.
Bugfixes (win32):
- [Bug 3444941] ctypes.WinError() unicode error
- [Bug 3550043] on Windows in tools global name 'GetLastError' is not defined
- [Bug pyserial:146] flush() does nothing in windows (despite docs)
- [Bug pyserial:144] com0com ports ignored due to missing "friendly name"
- [Bug pyserial:152] Cannot configure port, some setting was wrong. Can leave
port handle open but port not accessible
The Asterisk Development Team has announced the release of Asterisk 1.8.25.0.
The release of Asterisk 1.8.25.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- chan_sip: Fix an issue where an incompatible audio format may be
added to SDP.
* --- cdr_adaptive_odbc: Also apply a filter when the CDR value is
empty.
* --- app_queue: Fix Queuelog EXITWITHKEY only logging two of four
fields
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.25.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.7.0.
The release of Asterisk 11.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_confbridge: Can now set the language used for announcements
to the conference.
* --- app_queue: Fix CLI "queue remove member" queue_log entry.
* --- chan_sip: Do not increment the SDP version between 183 and 200
responses.
* --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls
* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
And Expires Header In 200ok
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007, and a minor bug fix update.
pkgsrc change: disable SRTP on NetBSD as it doesn't link
---- 11.6.1 ----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
----- 11.6.0 -----
The Asterisk Development Team has announced the release of Asterisk 11.6.0.
The release of Asterisk 11.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Confbridge: empty conference not being torn down
(Closes issue ASTERISK-21859. Reported by Chris Gentle)
* --- Let Queue wrap up time influence member availability
(Closes issue ASTERISK-22189. Reported by Tony Lewis)
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
(Closes issue ASTERISK-21117. Reported by Rafael Angulo)
* --- chan_iax2: Fix saving the wrong expiry time in astdb.
(Closes issue ASTERISK-22504. Reported by Stefan Wachtler)
* --- Fix segfault for certain invalid WebSocket input.
(Closes issue ASTERISK-21825. Reported by Alfred Farrugia)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.24.0.
The release of Asterisk 1.8.24.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a longstanding issue with MFC-R2 configuration that
prevented users
* --- Fix Not Storing Current Incoming Recv Address
* --- Fix Segfault When Syntax Of A Line Under [applicationmap] Is
Invalid
* --- Tolerate presence of RFC2965 Cookie2 header by ignoring it
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.24.0
Thank you for your continued support of Asterisk!
Changes since 1.8.0:
1.8.1 - 04/05/11
Added a jpilot-merge utility for merging unsynced records into a pdb file
Fixes Debian bug #574030: jpilot: can't delete appointments
Resolve bug 2012 where small months in Postcript printout overlapped a calendar event.
Fix multiple memory leaks all over code base
Added a VCard export format optimized for GMail/Android import
Correct iCal export for repeating events with an end date
Add Category and Location fields to Calendar iCal export
Add categories to left-hand side of Calendar application
Add "cancel sync" button and icon to main jpilot window
use CRLF for ToDo iCal export per RFC
Add new "future" button to repeat appt. modification dialog so that changes only affect future occurrences
Ability to install files directly to SDCARD, hardcoded to /PALM/Launcher/ directory
Keyboard shortcuts to set priority of ToDo items with Alt+# where # is 1-5
Add ability to launch external editor to quickly edit memo or note text. Bound to Ctrl-E.
- Alternative hex output (to be improved)
- Print creation date of serial device file (if < 20 hrs), useful for
identifying just plugged in USB-Serial adapters
- Support ':' (colon) in device path names. Note, that this changes old
behaviour which used ':' as a device path delimiter.
- Several language updates.
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
pkgsrc change: disable detection of broken IP_PKTINFO on NetBSD
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.23.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add work around for NetBSD's incompatible implementation of IP_PKTINFO
- core sounds package was updated to 1.4.24
The Asterisk Development Team has announced the release of Asterisk 1.8.23.0.
The release of Asterisk 1.8.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a memory copying bug in slinfactory which was causing
mixmonitor issues.
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix crash in chan_sip when a core initiated op occurs at the
same time as a BYE
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- chan_sip: Session-Expires: Set timer to correctly expire at
(~2/3) of the interval when not the refresher
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0
Thank you for your continued support of Asterisk!
pkgsrc changes:
- add dependency on libuuid
- work around NetBSD's incompatible implementation of IP_PKTINFO
The Asterisk Development Team has announced the release of Asterisk 11.5.0.
The release of Asterisk 11.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Segfault In app_queue When "persistentmembers" Is Enabled
And Using Realtime
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls
Initiated By PBX
* --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent
out after retries fail
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0
Thank you for your continued support of Asterisk!
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
- improvements to the user interface
- better phone log support
- support for changing the SIM PIN code (via the new "password" plug-in)
- optional "pulseaudio" plug-in (instead of builtin to the "profiles" plug-in)
- fixes to the "video" plug-in
- new manual pages
- more portable Makefiles
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@
Commented 2/3 patches. Added gsed to USE_TOOLS. Buildlink'd pthread. Added
fortran77 to USE_LANGUAGES. Included options.mk file to enable the user to
build with mmx, sse, and "tests" option, which uses pcap, X11, sndfile,
libxml2, fltk, and fftw to run some tests. All of these options are
disabled by default. Some of these changes were already present in
wip/spandsp and were merged into this package after its removal. All
PKG_OPTIONS are disabled by default. There are no noticeable changes to
the package from this update.
