Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)
Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.
===========================================================================
1.6.2.18:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Only offer codecs both sides support for directmedia.
* Resolution of several DTMF based attended transfer issues.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve deadlocks related to device states in chan_sip
* Fix channel redirect out of MeetMe() and other issues with channel softhangup
* Fix voicemail sequencing for file based storage.
* Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18
===========================================================================
1.6.2.17.3
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.6.2.17.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17.1:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.16.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.
===========================================================================
1.6.2.18:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Only offer codecs both sides support for directmedia.
* Resolution of several DTMF based attended transfer issues.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve deadlocks related to device states in chan_sip
* Fix channel redirect out of MeetMe() and other issues with channel softhangup
* Fix voicemail sequencing for file based storage.
* Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18
===========================================================================
1.6.2.17.3
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.6.2.17.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17.1:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.
The release of Asterisk 1.6.2.17 resolves several issues reported by the
community and would have not been possible without your participation.
The following is a sample of the issues resolved in this release:
* Resolve duplicated data in the AstDB when using DIALGROUP()
* Correct issue where res_config_odbc could populate fields with invalid data.
* When using cdr_pgsql the billsec field was not populated correctly on
unanswered calls.
* Resolve issue where re-transmissions of SUBSCRIBE could break presence.
* Fix regression causing forwarding voicemails to not work with file storage.
* This version of Asterisk includes the new Compiler Flags option
BETTER_BACKTRACES which uses libbfd to search for better symbol information
within both the Asterisk binary, as well as loaded modules, to assist when
using inline backtraces to track down problems.
* Resolve several issues with DTMF based attended transfers.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve issue where no Music On Hold may be triggered when using
res_timing_dahdi.
* Fix regression that changed behavior of queues when ringing a queue member.
Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
===========================================================================
1.6.2.16.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
=============================================================================
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
The release of Asterisk 1.6.2.16 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Linux and *BSD disagree on the elements within the ucred structure. Detect
which one is in use on the system.
(Closes issue #18384. Reported, patched, tested by bjm, tilghman)
* app_followme: Don't create a Local channel if the target extension does not
exist.
(Closes issue #18126. Reported, patched by junky)
* Revert code that changed SSRC for DTMF.
(Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
Tested by cmbaker82)
* Resolve issue where REGISTER request with a Call-ID matching an existing
transaction is received it was possible that the REGISTER request would
overwrite the initreq of the private structure.
(Closes issue #18051. Reported by eeman. Patched, tested by twilson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
- disable automatic Lua detection for now until lang/lua/builtin.mk exists
The release of Asterisk 1.6.2.15 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* When using chan_skinny, don't crash when parking a non-bridged call.
(Closes issue #17680. Reported, tested by jmhunter. Patched, tested by DEA)
* Add ability for Asterisk to try both the encoded and unencoded subscription
URI for a match in hints.
(Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman)
* Set the caller id on CDRs when it is set on the parent channel.
(Closes issue #17569. Reported, patched by tbelder)
* Ensure user portion of SIP URI matches dialplan when using encoded characters
(Closes issue #17892. Reported by wdoekes. Patched by jpeeler)
* Resolve issue where Party A in an analog 3-way call would continue to hear
ringback after party C answers.
(Patched by rmudgett)
* Fix problem with qualify option packets for realtime peers never stopping.
The option packets not only never stopped, but if a realtime peer was not in
the peer list multiple options dialogs could accumulate over time.
(Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
jpeeler)
* Multiple fixes related to Local channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.15
The release of Asterisk 1.6.2.14 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where session timers would be advertised as supported even
when session-timers=refuse was set in sip.conf. Also fix
interoperability problems with session timer behavior in Asterisk.
(Closes issue #17005. Reported by alexcarey. Patched by dvossel)
* Parse all "Accept" headers for SIP SUBSCRIBE requests.
(Closes issue #17758. Reported by ibc. Patched by dvossel)
* Fix issue where queue stats would be reset on reload.
(Closes issue #17535. Reported by raarts. Patched by tilghman)
* Fix issue where MoH files were no longer rescanned on during a
reload.
(Closes issue #16744. Reported by pj. Patched by Qwell)
* Fix issue with dialplan pattern matching where the specificity for
pattern ranges and pattern characters was inconsistent.
(Closes issue #16903. Reported, patched by Nick_Lewis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14
a feature update, so users that are upgrading should read UPDATE.txt.
pkgsrc changes:
- update to 1.6.2.13
- bury the asterisk-sounds-extra inside this one to keep it in sync
- handle sound tarballs directly (upstream had changed this to do a
download during the install phase and dump files in $HOME)
- add new documentation files:
- asterisk.txt
- building_queues.txt
- database_transactions.txt
- followme.txt
========
1.6.2.13
========
This release resolves an issue where the .version and ChangeLog files were not
updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
other than the .version, ChangeLog and summary files.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13
========
1.6.2.12
========
The release of Asterisk 1.6.2.12 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where DNID does not get cleared on a new call when using
immediate=yes with ISDN signaling.
(Closes issue #17568. Reported by wuwu. Patched by rmudgett)
* Several updates to res_config_ldap.
(Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
Tested by suretec)
* Prevent loss of Caller ID information set on local channel after masquerade.
(Closes issue #17138. Reported by kobaz, patched by jpeeler)
* Fix SIP peers memory leak.
(Closes issue #17774. Reported, patched by kkm)
* Add Danish support to say.conf.sample
(Closes issue #17836. Reported, patched by RoadKill)
* Ensure SSRC is changed when media source is changed to resolve audio delay.
(Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
* Only do magic pickup when notifycid is enabled.
A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
that a device is ringing. This option should only be enabled when the new
'notifycid' option is set, but this was not the case. Instead the call-id
value was included for every RINGING Notify message, which caused a
regression for people who used other methods for call pickup.
(Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
Tested by: dvossel, urosh, okrief, alecdavis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12
========
1.6.2.11
========
The release of Asterisk 1.6.2.11 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Send DialPlanComplete as a response, not as a separate event. Otherwise, it
goes to all manager sessions and may exclude the current session, if the
Events mask excludes it.
(Closes issue #17504. Reported, patched by rrb3942)
* Allow the "useragent" value to be restored into memory from the realtime
backend. This value is purely informational. It does not alter configuration
at all.
(Closes issue #16029. Reported, patched by Guggemand)
* Fix rt(c)p set debug ip taking wrong argument Also clean up some coding
errors.
(Closes issue #17469. Reported, patched by wdoekes)
* Ensure channel placed in meetme in ringing state is properly hung up. An
outgoing channel placed in meetme while still ringing which was then hung up
would not exit meetme and the channel was not properly destroyed.
(Closes issue #15871. Reported, patched by Ivan)
* Correct how 100, 200, 300, etc. is said. Also add the crazy British numbers.
(Closes issue #16102. Reported, patched by Delvar)
* cdr_pgsql does not detect when a table is found. This change adds an ERROR
message to let you know when a failure exists to get the columns from the
pgsql database, which typically means that the table does not exist.
(Closes issue #17478. Reported, patched by kobaz)
* Avoid crashing when installing a duplicate translation path with a lower
cost.
(Closes issue #17092. Reported, patched by moy)
* Add missing handling for ringing state for use with queue empty options.
(Closes issue #17471. Reported, patched by jazzy)
* Fix reporting estimated queue hold time. Just say the number of seconds
(after minutes) rather than doing some incorrect calculation with respect to
minutes.
(Closes issue #17498. Reported, patched by corruptor)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11
========
1.6.2.10
========
The release of Asterisk 1.6.2.10 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Allow users to specify a port for DUNDI peers.
(Closes issue #17056. Reported, patched by klaus3000)
* Decrease the module ref count in sip_hangup when SIP_DEFER_BYE_ON_TRANSFER is
set.
(Closes issue #16815. Reported, patched by rain)
* If there is realtime configuration, it does not get re-read on reload unless
the config file also changes.
(Closes issue #16982. Reported, patched by dmitri)
* Send AgentComplete manager event for attended transfers.
(Closes issue #16819. Reported, patched by elbriga)
* Correct manager variable 'EventList' case.
(Closes issue #17520. Reported, patched by kobaz)
In addition, changes to res_timing_pthread that should make it more stable have
also been implemented.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.10
=======
1.6.2.9
=======
The release of Asterisk 1.6.2.9 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix the PickupChan() application
(Closes issue #16863. Reported, patched by schern. Patched by cjacobsen.
Tested by Graber, cjacobsen, lathama, rickead2000, dvossel)
* Improve logging by displaying line number
(Closes issue #16303. Reported by dant. Patched by pabelanger. Tested by
dant, pabelanger, lmadsen)
* Notify CLI when modules are loaded/unloaded
(Closes issue #17308. Reported, patched by pabelanger. Tested by russell)
* Make the Makefile logic more explicit and move the Snow Leopard logic down to
where it's not executed on non-Darwin systems
(Closes issue #17028. Reported by pabelanger. Patched by seanbright,
tilghman. Tested by pabelanger)
* Manager cookies are not compatible with RFC2109. Make that no longer true.
(Closes issue #17231. Reported, patched by ecarruda)
* With IMAP backend, messages in INBOX were counted twice for MWI
(Closes issue #17135. Reported by edhorton. Patched by ebroad, tilghman)
* Fix possible segfault when logging
(Closes issue #17331. Reported, patched by under. Patched by dvossel)
* Fix memory hogging behavior of app_queue
(Closes issue #17081. Reported by wliegel. Patched by mmichelson)
* Allow type=user SIP endpoints to be loaded properly from realtime
(Closes issue #16021. Reported, patched by Guggemand)
Additionally, the following issue may be of interest:
* Fix transcode_via_sln option with SIP calls and improve PLC usage
(Review: https://reviewboard.asterisk.org/r/622/)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.9
=======
1.6.2.8
=======
The release of Asterisk 1.6.2.8 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Enable auto complete for CLI command 'logger set level'.
(Closes issue #17152. Reported, patched by pabelanger)
* Make the mixmonitor thread process audio frames faster.
(Closes issue #17078. Reported, tested by geoff2010. Patched by dhubbard)
* Add missing 'useragent' field to sip-friends.sql file.
(Closes issue #17171. Reported, patched by thehar)
* Add example dialplan for dialing ISN numbers (http://www.freenum.org)
(Closes issue #17058. Reported, patched by pprindeville)
* Fix issue with double "sip:" in header field.
(Closes issue #15847. Reported, patched by ebroad)
* Add ability to generate ASCII documentation from the TeX files by running
'make asterisk.txt'.
(Closes issue #17220. Reported by lmadsen. Tested, patched by pabelanger)
* When StopMonitor() is called, ensure that it will not be restarted by a
channel event.
(Closes issue #16590. Reported, patched by kkm)
* Small error in the T.140 RTP port verbose log.
(Closes issue #16998. Reported, patched by frawd. Tested by russell)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.8
=======
1.6.2.7
=======
The release of Asterisk 1.6.2.7 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Include an extra newline after "Aliased CLI command" to get back the prompt.
(Issue #16978. Reported by jw-asterisk. Tested, patched by seanbright)
* Prevent segfault if bad magic number is encountered.
(Issue #17037. Reported, patched by alecdavis)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.7
=======
1.6.2.6
=======
The release of Asterisk 1.6.2.6 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Fix crash in app_voicemail related to message counting.
(Closes issue #16921. Reported, tested by whardier. Patched by seanbright)
* Overlap receiving: Automatically send CALL PROCEEDING when dialplan starts
(Reported, Patched, and Tested by alecdavis)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
* Fix ConfBridge crash when no timing module is loaded.
(Closes issue #16471. Reported, tested by kjotte. Patched, tested by junky)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.6
=======
1.6.2.5
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.5
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
=======
1.6.2.4
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.4
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and 1.6.2.4
include documention describing a possible dialplan string injection with common
usage of the ${EXTEN} (and other expansion variables). The issue and resolution
are described in the AST-2010-002 security advisory.
If you have a channel technology which can accept characters other than numbers
and letters (such as SIP) it may be possible to craft an INVITE which sends data
such as 300&Zap/g1/4165551212 which would create an additional outgoing channel
leg that was not originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or the Dial()
application.
The expansion of variables into programmatically-interpreted strings is a common
behavior in many script or script-like languages, Asterisk included. The ability
for a variable to directly replace components of a command is a feature, not a
bug - that is the entire point of string expansion.
However, it is often the case due to expediency or design misunderstanding that
a developer will not examine and filter string data from external sources before
passing it into potentially harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if the dialplan
designer is not suitably cautious as to how foreign data is allowed to enter the
system unchecked.
This security release is intended to raise awareness of how it is possible to
insert malicious strings into dialplans, and to advise developers to read the
best practices documents so that they may easily avoid these dangers.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-002, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.4
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in the top-level
directory of your Asterisk sources, or available in all Asterisk branches from
1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
=======
1.6.2.3
=======
Was never released.
=======
1.6.2.2
=======
The Asterisk Development Team has announced security releases for Asterisk as
the following versions:
* 1.6.2.2
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix
described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over SIP can remotely
crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash will occur when
the FaxMaxDatagram field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please read the
security advisory AST-2009-009, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
=======
1.6.2.1
=======
The release of Asterisk 1.6.2.1 resolved several issues reported by the
community, and would have not been possible without your participation. Thank
you!
* CLI 'queue show' formatting fix.
(Closes issue #16078. Reported by RoadKill. Tested by dvossel. Patched by
ppyy.)
* Fix misreverting from 177158.
(Closes issue #15725. Reported, Tested by shanermn. Patched by dimas.)
* Fixes subscriptions being lost after 'module reload'.
(Closes issue #16093. Reported by jlaroff. Patched by dvossel.)
* app_queue segfaults if realtime field uniqueid is NULL
(Closes issue #16385. Reported, Tested, Patched by haakon.)
* Fix to Monitor which previously assumed the file to write to did not contain
pathing.
(Closes issue #16377, #16376. Reported by bcnit. Patched by dant.
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.1-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.1
=======
1.6.2.0
=======
The release of Asterisk 1.6.2.0 is the first feature release since Asterisk
1.6.1.0, which was released April 27, 2009. Many new features have been included
in this release. For a complete list of changes, please see the CHANGES file.
For those upgrading from a previous release, please see UPGRADE.txt
It should be explicitly stated that Asterisk 1.6.2.0 is a major upgrade over any
previous release, and special care should be taken when upgrading existing
systems. Please see the UPGRADE.txt file for more information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/UPGRADE.txt
A detailed overview to the new features available in Asterisk 1.6.2.0 are
forthcoming within the next few days. Please watch http://blogs.asterisk.org for
further information!
Below is a summary of several new features available in this release:
* chan_dahdi now supports MFC/R2 signaling when Asterisk is compiled with
support for LibOpenR2. http://www.libopenr2.org/
* Added a new 'faxdetect=yes|no' configuration option to sip.conf. When this
option is enabled, Asterisk will watch for a CNG tone in the incoming audio
for a received call. If it is detected, the channel will jump to the
'fax' extension in the dialplan.
* A new application, Originate, has been introduced, that allows asynchronous
call origination from the dialplan.
* Added ConfBridge dialplan application which does conference bridges without
DAHDI. For information on its use, please see the output of
"core show application ConfBridge" from the CLI.
* extensions.conf now allows you to use keyword "same" to define an extension
without actually specifying an extension. It uses exactly the same pattern
as previously used on the last "exten" line. For example:
exten => 123,1,NoOp(something)
same => n,SomethingElse()
* Asterisk now provides the ability to define custom CLI aliases. For example,
if you would like to define short form aliases for frequently used commands,
such as "sh ch" for "core show channels", that is now possible. See the
cli_aliases.conf configuration file for more information.
* Asterisk now has support for subscribing to the state of remote voice
mailboxes via SIP.
* Asterisk now includes expanded HD codec support. G.722.1 and G.722.1C
(Siren7/Siren14) passthrough, recording, and playback is now supported.
Transcoding will be made available via add-on modules soon for this version of
Asterisk.
This is just a subset of the changes available in this release. Please see the
CHANGES file for additional information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/CHANGES
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.0-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.0
The Asterisk releases for 1.6.0.28 and 1.6.1.20 are the last maintenance
releases for Asterisk branches 1.6.0 and 1.6.1 and have now moved to security
maintenance only.
The releases of Asterisk 1.6.0.28 and 1.6.1.20 resolves several issues reported
by the community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix issue where MixMonitor() recordings would be shorter than total duration
.
(Closes issue #17078. Reported,tested by geoff2010. Patched by dhubbard)
* When StopMonitor() is called, ensure it will not be restarted by a channel
event.
(Closes issue #16590. Reported, patched by kkm)
* Allow hidecalleridname feature to work.
(Closes issue #17143. Reported, patched by djensen99)
* Resolve deadlocks in chan_local.
(Closes issue #17185. Reported, tested by schmoozecom, GameGamer43)
* Ensure channel state is not incorrectly set in the case of a very early
answer by chan_dahdi.
(Closes issue #17067. Reported, patched by tzafrir)
* Registration fix for SIP realtime. Make sure realtime fields are not empty.
(Closes issue #17266. Reported, patched by Nick_Lewis. Tested by sberney)
Information about the Asterisk maintenance schedule is available at:
http://www.asterisk.org/asterisk-versions
For a full list of changes in the current release candidates, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.20
bug fix releases. At this point the 1.6.1 series is going to
security fixes only. That means this package will be moving to
the 1.6.2 series in the near future.
-----
1.6.1.18:
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2.
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Update documentation to not imply we support overriding options.
(Closes issue #16855. Reported by davidw)
* Modify queued frames from Local channels to not set the other side to up.
(Closes issue #16816. Reported, tested by jamhed)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.18
-----
1.6.1.19:
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Pass the PID of the Asterisk process, not the PID of the canary.
(Closes issue #17065. Reported by globalnetinc. Patched by makoto. Tested by
frawd, globalnetinc)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.19
systems come with LDAP support built-in. This has no effect on
such systems. However, on older systems, it will pull in
openldap-client. But, a builder may still disable the option if
they wish. This fixes:
PR pkg/41987 - Robert Elz -- comms/asterisk16 PLIST problem
AST-2010-003. AST-2010-002 was just a warning about dialplan
scripting errors that could lead to security issues.
Asterisk 1.6.1.13: general bug fixes
Asterisk 1.6.1.14: fix AST-2010-001
Asterisk 1.6.1.15: not released, skipped for security releases
Asterisk 1.6.1.16: fix AST-2010-002
Asterisk 1.6.1.17: fix AST-2010-003
Note that the only change in Asterisk 1.6.1.16 was the addtion of
a README file. However, the package doesn't install random docs.
That is planned for a future update seperate from the upstream
updates.
-----
Asterisk 1.6.1.13:
The release of Asterisk 1.6.1.13 resolved several issues reported
by the community, and would have not been possible without your
participation. Thank you!
* Restarts busydetector (if enabled) when DTMF is received after
call is bridged
(Closes issue #16389. Reported, Tested, Patched by alecdavis.)
* Send parking lot announcement to the channel which parked the
call, not the park-ee.
(Closes issue #16234. Reported, Tested by yeshuawatso. Patched
by tilghman.)
* When the field is blank, don't warn about the field being unable
to be coerced just skip the column.
(Closes
http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html)
Reported by Nic Colledge on the -dev list.)
* Don't queue frames to channels that have no means to process
them.
(Closes issue #15609. Reported, Tested by aragon. Patched by
tilghman.)
* Fixes holdtime playback issue in app_queue.
(Closes issue #16168. Reported, Patched by nickilo. Tested by
wonderg, nickilo.)
A summary of changes in this release can be found in the release
summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t
xt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13
-----
Asterisk 1.6.1.14:
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include
the fix described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over
SIP can remotely crash Asterisk by modifying the FaxMaxDatagram
field of the SDP to contain either a negative or exceptionally
large value. The same crash will occur when the FaxMaxDatagram
field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please
read the security advisory AST-2009-009, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
-----
Asterisk 1.6.1.16:
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and
1.6.2.4 include documention describing a possible dialplan string
injection with common usage of the ${EXTEN} (and other expansion
variables). The issue and resolution are described in the AST-2010-002
security advisory.
If you have a channel technology which can accept characters other
than numbers and letters (such as SIP) it may be possible to craft
an INVITE which sends data such as 300&Zap/g1/4165551212 which
would create an additional outgoing channel leg that was not
originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or
the Dial() application.
The expansion of variables into programmatically-interpreted strings
is a common behavior in many script or script-like languages,
Asterisk included. The ability for a variable to directly replace
components of a command is a feature, not a bug - that is the entire
point of string expansion.
However, it is often the case due to expediency or design
misunderstanding that a developer will not examine and filter string
data from external sources before passing it into potentially
harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if
the dialplan designer is not suitably cautious as to how foreign
data is allowed to enter the system unchecked.
This security release is intended to raise awareness of how it is
possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may
easily avoid these dangers.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-002, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in
the top-level directory of your Asterisk sources, or available in
all Asterisk branches from 1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
-----
Asterisk 1.6.1.17:
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve
an issue with invalid parsing of ACL (Access Control List) rules
leading to a possible compromise in security. The issue and resolution
are described in the AST-2010-003 security advisory.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-003, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
-----
and update PLIST for new Music On Hold files.
1.6.1.8 fixes AST-2009-007.
-----
A missing ACL check for handling SIP INVITEs allows a device to
make calls on networks intended to be prohibited as defined by the
"deny" and "permit" lines in sip.conf. The ACL check for handling
SIP registrations was not affected.
-----
1.6.1.9 fixes AST-2009-008 and AST-2009-009.
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of 403 Authentication user name does not
match account name. If the peer does not exist the response will
be 404 Not Found if alwaysauthreject is disabled and 401 Unauthorized
if alwaysauthreject is enabled.
-----
Asterisk includes a demonstration AJAX based manager interface,
ajamdemo.html which uses the prototype.js framework. An issue was
uncovered in this framework which could allow someone to execute
a cross-site AJAX request exploit.
- 1.6.1.6 fixes AST-2009-006 which is an IAX2 DOS vulnerability
- 1.6.1.5 contains a variety of bug fixes:
Category: Applications/app_chanspy
#15660: ChanSpy "whisper" is broken in 1.4.26
Category: Applications/app_fax
#15606: app_fax.c is not compiling under OpenBSD
#15610: T.38 re-INVITE received after T.38 already negotiated fails
Category: Applications/app_milliwatt
#15386: [patch] Milliwatt() is off by -11dbm
Category: Applications/app_mixmonitor
#15699: [patch] using ast_free instead of mixmonitor_free
Category: Applications/app_queue
#14536: [patch] After a caller is processed by app_queue the queue_log
logs the hangup as TRANSFER
#15664: [patch] QUEUE_MEMBER_LIST() returns member names instead of
Category: Applications/app_stack
#15557: [patch] Gosub() dequotes once more than Macro()
#15617: [patch] crash in LOCAL() if Gosub stack is allocated but empty
Category: Applications/app_voicemail
#15717: MWI is not sent to a SIP phone upon registration, but is after the
mailbox is updated/checked
#15720: opendir() return code is not checked in last_message_index()
Category: Applications/app_voicemail/IMAP
#14496: [patch] IMAP crash multiple callers / callers hangup at beep
#14597: greetings can not be retrieved from IMAP
#14950: [patch] Greetings are stored as IMAP messages even when
imapgreetings=no
#15729: IMAP greetings not stored in dovecot
Category: CDR/General
#15751: [patch] Core dump in ast_bridge_call features.c line 2772
Category: Channels/chan_agent
#15668: AGENTACCEPTDTMF is incorrectly spelled as AGENTACCEPTDMTF in code
to recognize channel variables.
Category: Channels/chan_dahdi
#15655: [patch] Dialplan starts execution before call is accepted
#15727: [patch] Message Waiting Indication(MWI) is randomly generated when
FXO is set to DTMF Caller ID
Category: Channels/chan_misdn
#12113: [patch] asterisk crash at reload chan_misdn.so
Category: Channels/chan_sip/General
#12869: [patch] 'context' doesn't change when 'sip reload' issued when
driven from realtime
#15362: [patch] log message output is truncated
#15596: [patch] all codecs allowed, but textsupport=no crashes on T140RED
enabled call
Category: Channels/chan_sip/Registration
#14366: [patch] Registration expiry not compatible with some ITSP
#15539: [patch] Register request line contains wrong address when domain
and registrar host differ
Category: Channels/chan_sip/T.38
#15182: [patch] T.38 invite does not always comply with RFC 2327
Category: Channels/chan_sip/Video
#15121: [patch] Video support in SIP channel driver appears to be totally
broken
Category: Core/BuildSystem
#15697: most cleaner alaw don't compile
#15698: [patch] If enable DEBUG_FD_LEAKS - h323 can't start.
#15714: [patch] Asterisk won't build with curl unless curl_config is
present
Category: Core/General
#14730: [patch] Fix runlevels in Debian rc files
#15273: [patch] german time (20:01:00 oh clock) is announced wrong
#15649: T38 Faxing failing on 1.6.1 svn
#15667: LOGGER WARNING : error executing after rotate
Category: Core/ManagerInterface
#15397: [patch] segfault in action_coreshowchannels() at manager.c
#15730: [patch] manager keeps creating /tmp/ast-ami-XXXXXX files (without
deleting) when a single manager client remains logged in
Category: Core/PBX
#15242: [patch] log does not indicate which function is missing closing
parenthesis
Category: Documentation
#15755: Description in queues.conf on call recording is slightly
misleading
Category: Functions/func_iconv
#15169: When building with uClibc, configure script mistakenly assumes
iconv is always available
Category: General
#15571: [patch] 'received' typos in trunk, in 6 files
#15595: [patch] fix spelling for typos, mainly in comments.
Category: PBX/pbx_dundi
#15322: [patch] DUNDILOOKUP() does not accept comma as argument separator
Category: Resources/General
#15624: res_ais, communication ok, but wrong state send and receive.
Category: Resources/res_config_ldap
#13725: [patch] ERROR[7387]: res_config_ldap.c:1292 update_ldap: Couldn't
modify dn:cn=1001,dc=xxx,dc=xxx because Invalid syntax
#15710: Typo in LDAP schema files on line 598
Category: Resources/res_musiconhold
#15051: [patch] Moh class set in the dialplan is ignored with realtime moh
----------------------------------------------------------------------
Commits Not Associated with an Issue
[Back to Top]
This is a list of all changes that went into this release that did not
directly close an issue from the issue tracker. The commits may have been
marked as being related to an issue. If that is the case, the issue
numbers are listed here, as well.
+------------------------------------------------------------------------+
| Revision | Author | Summary | Issues |
| | | | Referenced |
|----------+------------+-----------------------------------+------------|
| | | Restore explicit export of | |
| 209058 | kpfleming | ASTCFLAGS/ASTLDFLAGS and | |
| | | underscore-variants to sub-makes. | |
|----------+------------+-----------------------------------+------------|
| 209237 | mmichelson | Gracefully handle malformed RTP | |
| | | text packets. | |
|----------+------------+-----------------------------------+------------|
| 209262 | kpfleming | Make T.38 switchover in | |
| | | ReceiveFAX synchronous. | |
|----------+------------+-----------------------------------+------------|
| 209281 | kpfleming | Cleanup T.38 negotiation changes. | |
|----------+------------+-----------------------------------+------------|
| 209327 | tilghman | Publish French extra sounds | |
|----------+------------+-----------------------------------+------------|
| | | Fix some places where | |
| 209714 | russell | ast_event_type was used instead | |
| | | of ast_event_ie_type. | |
|----------+------------+-----------------------------------+------------|
| 209781 | kpfleming | Minor changes inspired by testing | |
| | | with latest GCC. | |
|----------+------------+-----------------------------------+------------|
| 209900 | russell | Resolve a valgrind warning about | #15396 |
| | | a read from uninitialized memory. | |
|----------+------------+-----------------------------------+------------|
| 211115 | russell | Resolve a deadlock involving | |
| | | app_chanspy and masquerades. | |
|----------+------------+-----------------------------------+------------|
| 211277 | tilghman | Small oops. Clear the flags which | |
| | | have been checked. | |
|----------+------------+-----------------------------------+------------|
| 211569 | tilghman | AST-2009-005 | |
|----------+------------+-----------------------------------+------------|
| 211586 | tilghman | Conversion specifiers, not format | |
| | | specifiers | |
|----------+------------+-----------------------------------+------------|
| | | Check an actual populated | |
| 212069 | file | variable when seeing if we need | |
| | | to do video or not. | |
|----------+------------+-----------------------------------+------------|
| | | Ensure that T38FaxVersion is put | |
| 212115 | kpfleming | into outgoing SDP in the proper | |
| | | case. | |
|----------+------------+-----------------------------------+------------|
| 212386 | seanbright | Handle slin16 for extra sounds as | |
| | | well. | |
|----------+------------+-----------------------------------+------------|
| 212768 | rmudgett | Removed some deadwood and added | |
| | | some doxygen comments. | |
|----------+------------+-----------------------------------+------------|
| | | Make the default extconfig.conf | |
| 212862 | tilghman | match entries with the sample | |
| | | res_mysql.conf. | |
|----------+------------+-----------------------------------+------------|
| 212928 | kpfleming | Convert this branch to Opsound | |
| | | music-on-hold. | |
|----------+------------+-----------------------------------+------------|
| | | Remove some | |
| 212942 | kpfleming | accidentally-committed | |
| | | properties. | |
|----------+------------+-----------------------------------+------------|
| 213449 | twilson | Make LOAD_ORDER actually work | |
|----------+------------+-----------------------------------+------------|
| 213452 | twilson | Oops, committed this first. Make | |
| | | the merged property happy | |
|----------+------------+-----------------------------------+------------|
| | | Make autoheader descriptions | |
| 214365 | tilghman | render correctly in our | #14906 |
| | | autoconfig.h file. | |
|----------+------------+-----------------------------------+------------|
| | | One more build system change, to | |
| 214496 | tilghman | make the descriptions look | |
| | | better, if we have better | |
| | | information. | |
+------------------------------------------------------------------------+
pkgsrc change: restore checksums for ilbc files.
This release has been made to address one or more security vulnerabilities
that have been identified. A security advisory document has been published
for each vulnerability that includes additional information. Users of
versions of Asterisk that are affected are strongly encouraged to review
the advisories and determine what action they should take to protect their
systems from these issues.
Security Advisories: AST-2009-004
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 1.6.0 to Asterisk 1.6.1 -------------
------------------------------------------------------------------------------
Device State Handling
---------------------
* The event infrastructure in Asterisk got another big update to help support
distributed events. It currently supports distributed device state and
distributed Voicemail MWI (Message Waiting Indication). A new module has
been merged, res_ais, which facilitates communicating events between servers.
It uses the SAForum AIS (Service Availability Forum Application Interface
Specification) CLM (Cluster Management) and EVT (Event) services to maintain
a cluster of Asterisk servers, and to share events between them. For more
information on setting this up, see doc/distributed_devstate.txt.
Dialplan Functions
------------------
* Added a new dialplan function, AST_CONFIG(), which allows you to access
variables from an Asterisk configuration file.
* The JACK_HOOK function now has a c() option to supply a custom client name.
* Added two new dialplan functions from libspeex for audio gain control and
denoise, AGC() and DENOISE(). Both functions can be applied to the tx and
rx directions of a channel from the dialplan.
* The SMDI_MSG_RETRIEVE function now has the ability to search for SMDI messages
based on other parameters. The default is still to search based on the
forwarding station ID. However, there are new options that allow you to search
based on the message desk terminal ID, or the message desk number.
* TIMEOUT() has been modified to be accurate down to the millisecond.
* ENUM*() functions now include the following new options:
- 'u' returns the full URI and does not strip off the URI-scheme.
- 's' triggers ISN specific rewriting
- 'i' looks for branches into an Infrastructure ENUM tree
- 'd' for a direct DNS lookup without any flipping of digits.
* TXCIDNAME() has a new zone-suffix parameter (which defaults to 'e164.arpa')
* CHANNEL() now has options for the maximum, minimum, and standard or normal
deviation of jitter, rtt, and loss for a call using chan_sip.
DAHDI channel driver (chan_dahdi) Changes
----------------------------------------
* Channels can now be configured using named sections in chan_dahdi.conf, just
like other channel drivers, including the use of templates.
* The default for pridialplan has changed from 'national' to 'unknown'.
PBX Changes
-----------
* It is now possible to specify a pattern match as a hint. Once a phone subscribes
to something that matches the pattern a hint will be created using the contents
and variables evaluated.
* Dialplan matching has been extended to allow an extension to return to the
PBX core to wait for more digits. This is done by using the new dialplan
application called "Incomplete". This will permit a whole new level of
extension control, by giving the administrator more control over early
matches employing one of the short-circuit pattern match operators. Note
that custom applications can trigger this same behavior by returning the
special value AST_PBX_INCOMPLETE.
The dial() application
----------------------
* Dial has a new option: F(context^extension^pri), which permits a callee to
continue in the dialplan, at the specified label, if the caller hangs up.
* The Dial() application no longer copies the language used by the caller to the callee's
channel. If you desire for the caller's channel's language to be used for file playback
to the callee, then the file specified may be prepended with "${CHANNEL(language)}/" .
The chanspy() application
-------------------------
* ChanSpy and ExtenSpy have a new option, 's' which suppresses speaking the
technology name (e.g. SIP, IAX, etc) of the channel being spied on.
* Chanspy has a new option, 'B', which can be used to "barge" on a call. This is
like the pre-existing whisper mode, except that the spy can also talk to the
participant on the bridged channel as well.
* Chanspy has a new option, 'n', which will allow for the spied-on party's name
to be spoken instead of the channel name or number. For more information on the
use of this option, issue the command "core show application ChanSpy" from the
Asterisk CLI.
* Chanspy has a new option, 'd', which allows the spy to use DTMF to swap between
spy modes. Use of this feature overrides the typical use of numeric DTMF. In other
words, if using the 'd' option, it is not possible to enter a number to append to
the first argument to Chanspy(). Pressing 4 will change to spy mode, pressing 5 will
change to whisper mode, and pressing 6 will change to barge mode.
Other Application Changes
-------------------------
* Directory now permits both first and last names to be matched at the same
time. In addition, the number of digits to enter of the name can be set in
the arguments to Directory; previously, you could enter only 3, regardless
of how many names are in your company. For large companies, this should be
quite helpful.
* Voicemail now permits a mailbox setting to wrap around from first to last
messages, if the "messagewrap" option is set to a true value.
* Voicemail now permits an external script to be run, for password validation.
The script should output "VALID" or "INVALID" on stdout, depending upon the
wish to validate or invalidate the password given. Arguments are:
"mailbox" "context" "oldpass" "newpass". See the sample voicemail.conf for
more details
* The voicemail externnotify script now accepts an additional (last) parameter
containing the number of urgent messages in the INBOX.
* The Jack application now has a c() option to supply a custom client name.
* ExternalIVR now takes several options that affect the way it performs, as
well as having several new commands. Please see doc/externalivr.txt for the
complete documentation.
* Added ability to communicate over a TCP socket instead of forking a child process for the
ExternalIVR application.
* ChanIsAvail has a new option, 'a', which will return all available channels instead
of just the first one if you give the function more then one channel to check.
* PrivacyManager now takes an option where you can specify a context where the
given number will be matched. This way you have more control over who is allowed
and it stops the people who blindly enter 10 digits.
* ForkCDR has new options: 'a' updates the answer time on the new CDR; 'A' locks
answer times, disposition, on orig CDR against updates; 'D' Copies the disposition
from the orig CDR to the new CDR after reset; 'e' sets the 'end' time on the
original CDR; 'R' prevents the new CDR from being reset; 's(var=val)' adds/changes
the 'var' variable on the original CDR; 'T' forces ast_cdr_end(), ast_cdr_answer(),
obey the LOCKED flag on cdr's in the chain, and also the ast_cdr_setvar() func.
* SendImage() no longer hangs up the channel on error; instead, it sets the
status variable SENDIMAGESTATUS to one of 'SUCCESS', 'FAILURE', or
'UNSUPPORTED'. This change makes SendImage() more consistent with other
applications.
* Park has a new option, 's', which silences the announcement of the parking space number.
* A non-numeric, zero, or negative timeout specified to Dial() will now be interpreted as
invalid input and will be assumed to mean that no timeout is desired.
SIP Changes
-----------
* Added DNS manager support to registrations for peers referencing peer entries.
DNS manager runs in the background which allows DNS lookups to be run asynchronously
as well as periodically updating the IP address. These properties allow for
better performance as well as recovery in the event of an IP change.
* Performance improvements via using hash tables (astobj2) and doubly-linked lists to improve
load/reload of large numbers of peers/users by ~40x (for large lists of peers.
Initially, we saw 4x improvement in call setup/destruction, but at the time
of merging, this gain has disappeared; further research will be done to try
and restore this performance improvement. Astobj2 refcounting is now used
for users, peers, and dialogs. Users are encouraged to assist in regression
testing and problem reporting!
* Added ability to specify registration expiry time on a per registration basis in
the register line.
* Added support for Realtime Text redundancy - T140 RED - in T.140 to
prevent text loss due to lost packets.
* Added t38pt_usertpsource option. See sip.conf.sample for details.
* Added SIPnotify AMI command, for sending arbitrary SIP notify commands.
* 'sip show peers' and 'sip show users' display their entries sorted in
alphabetical order, as opposed to the order they were in, in the config
file or database.
* Videosupport now supports an additional option, "always", which always sets
up video RTP ports, even on clients that don't support it. This helps with
callfiles and certain transfers to ensure that if two video phones are
connected, they will always share video feeds.
IAX Changes
-----------
* Existing DNS manager lookups extended to check for SRV records.
* IAX2 encryption support has been improved to support periodic key rotation
within a call for enhanced security. The option "keyrotate" has been
provided to disable this functionality to preserve backwards compatibility
with older versions of IAX2 that do not support key rotation.
CLI Changes
-----------
* New CLI command, "config reload <file.conf>" which reloads any module that
references that particular configuration file. Also added "config list"
which shows which configuration files are in use.
* New CLI commands, "pri show version" and "ss7 show version" that will
display which version of libpri and libss7 are being used, respectively.
A new API call was added so trunk will now have to be compiled against
a versions of libpri and libss7 that have them or it will not know that
these libraries exist.
* The commands "core show globals", "core set global" and "core set chanvar" has
been deprecated in favor of the more semanticly correct "dialplan show globals",
"dialplan set chanvar" and "dialplan set global".
* New CLI command "dialplan show chanvar" to list all variables associated
with a given channel.
DNS manager changes
-------------------
* Addresses managed by DNS manager now can check to see if there is a DNS
SRV record for a given domain and will use that hostname/port if present.
AMI - The manager (TCP/TLS/HTTP)
--------------------------------
* The Status action now takes an optional list of variables to display
along with channel status.
ODBC Changes
------------
* res_odbc no longer has a limit of 1023 total possible unshared connections,
as some people were running into this limit. This limit has been increased
to 4.2 billion.
Queue changes
-------------
* The TRANSFER queue log entry now includes the caller's original position in
the transferred-from queue.
* A new configuration option, "timeoutpriority" has been added. Please see the section
labeled "QUEUE TIMING OPTIONS" in configs/queues.conf.sample for a detailed explanation
of the option as well as an explanation about timeout options in general
Realtime changes
----------------
* Several (ODBC, Postgres, MySQL, SQLite) realtime drivers have been given
adaptive capabilities. What this means in practical terms is that if your
realtime table lacks critical fields, Asterisk will now emit warnings to
that effect. Also, some of the realtime drivers have the ability (if
configured) to automatically add those columns to the table with the
correct type and length.
Miscellaneous
-------------
* The channel variable ATTENDED_TRANSFER_COMPLETE_SOUND can now be set using
the 'setvar' option to cause a given audio file to be played upon completion
of an attended transfer. Currently it works for DAHDI, IAX2, SIP, and
Skinny channels only.
* You can now compile Asterisk against the Hoard Memory Allocator, see doc/hoard.txt
for more information.
* Config file variables may now be appended to, by using the '+=' append
operator. This is most helpful when working with long SQL queries in
func_odbc.conf, as the queries no longer need to be specified on a single
line.
hardware support, so it can't replace comms/asterisk. However,
apparently there is demand for this version, so wiz@ suggested it
be imported here into comms/asterisk16. The latest version is
1.6.1.1, but I won't have time to update all the patches before the
freeze. I'll update to that version sometime after the freeze when
I get a chance.
jnemeth
obache
wiz
joerg