The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
The ConfBridge application uses an internal bridging API to implement
conference bridges. This internal API uses a state model for channels within
the conference bridge and transitions between states as different things
occur. Unload load it is possible for some state transitions to be delayed
causing the channel to transition from being hung up to waiting for media. As
the channel has been hung up remotely no further media will arrive and the
channel will stay within ConfBridge indefinitely.
In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
AMI ConfbridgeStartRecord Action
The CONFBRIDGE dialplan function when executed from an external protocol (such
as AMI) can result in a privilege escalation as certain options within that
function can affect the underlying system. Additionally, the AMI
ConfbridgeStartRecord action has options that would allow modification of the
underlying system, and does not require SYSTEM class authorization in AMI.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
... sorry some 300 lines of ChangeLog
=========
20130529 - 1.33.00
[-] * Various translation improvements.
[-] * Improved support for Huawei E173, thanks to Gautier Minster.
[-] * Fixed buffer overflow in MMS decoder.
[-] * Fixed several memory leaks.
[-] * Improved compatibility with Qualcomm devices (bug #1654).
[-] * Various documentation improvements.
[-] * Updated version of sms-gammu2android, thanks to Shadow Walker.
[-] * Fixed compilation on Mac OS X, thanks to Soren Jorvang.
[-] * Fixed SMSD with CheckSecurity = 0 (bug #1672).
20120627 - 1.32.0
[-] * Fixed auto installation of EventLog registry.
[-] * Improved support for Arduino GPRS shield (bug #1592).
[-] * Fixed communication with Cross PD1101wi (bug #1617).
[-] * Ignore another unknown block in Nokia phonebook (bug #1614).
[-] * Do not encode number when setting up diverts.
20120224 - 1.31.90
[-] * Improved compatibility with ES75 (bug #1586).
[!] * Changed API for call diverts.
[+] * Added support for call diverts in Python API.
[+] * AT backend supports manipulating with call diverts.
[+] * Added support for suspending/resuming SMSD using SIGUSR1/2.
[!] * Changed protocol for S60 applet.
[+] * S60 applet now handles SMS with new lines.
[+] * Improved support for Windows Event Log.
20111221 - 1.31.0
[-] * Fixed compilation with latest libusb.
[-] * Improved error handling in SQL backend of SMSD.
[-] * SMSD documentation improvements.
[-] * Indonesian translation updates.
20111213 - 1.30.92
[-] * Improved vCard parser to better handle location for various fields, thanks to Vladimir Serbinenko for initial patch.
[-] * Fixed reading calls from some Nokia phones (bug #1553).
[-] * Improved text mode SMS parsing in AT driver, thanks to Vladimir Serbinenko.
[-] * Use glib's MD5 implementation if available.
20111129 - 1.30.91
[+] * Improved documentation for configuring Gammu.
[-] * Fixed parsing birthday from vCard in some cases.
[+] * Added option not to use configured logging in SMSD inject and monitor (bug #1539).
[+] * Added SMSD configuration LogFacility (bug #1539).
[-] * Fixed reading of data from OBEX phones (LP#891803).
[-] * Fixed double reply detection (bug #1544).
[-] * Increase maximal number of caller groups (bug #1541).
[-] * Cancel all calls on maketerminated call if we don't get call ID.
[-] * Fixed SMSC handling in some cases in SMSD (bug #1547).
20111107 - 1.30.90
[-] * Various documentation improvements.
[-] * Detect Alcatel style reply on CPIN response (bug #1502).
[-] * Fix build on some Win32 systems (bug #1496).
[-] * Make jadmaker handle names with spaces (Rapha l Droz).
[-] * Display 8-bit messages in hex (Nicolas Pitre).
[-] * Do not use AT+CUSD=2 on some phones (bug #1508).
[-] * Fixed gammu-monitor with Windows service (bug #1515).
[-] * Cleanup of contrib directory.
[-] * Better support for Samsung AT phones (bug #1513).
[-] * Fixed handling of MMS notification SMSes (bug #1530).
[-] * Fixed CPIN reply handling (bug #1532).
[+] * SMSD checks for PIN status just after connect (bug #1532).
[-] * Fixed various MSVC compilation issues.
20110719 - 1.30.0
[*] * Improved SMSD logging of configuration settings.
[-] * Fix possible crash in fbus2 driver.
[-] * Fix possible crash of ODBC driver on Windows (bug #1482).
[-] * Fixed usage of dbi plugins from Python module.
20110607 - 1.29.93
[-] * Properly initialize atobex driver with Sony-Ericsson phones.
[-] * Updated list of country and network codes.
[-] * Escape fields in SQL queries (bug#1415).
[-] * Escape fields in PostgreSQL SQL script (bug#1415).
[-] * Default to GSM encoding for text messages in SQL backend for SMSD.
[-] * Add option to override which SQL dialect to use in SMSD (bug #1427).
[-] * Improved m-obex protocol support, thanks to Vladimir Serbinenko.
[-] * Various fixes for Samsung B2100, thanks to Vladimir Serbinenko.
[-] * Fix check for AT+CPROT support (bug #1438).
[-] * Fix memory leak in s60 protocol driver (bug #1441).
[-] * Reverted change to SignalStrength because of SQL escaping we have now (bug #1380).
[-] * Improved vCard parser to handle vCards from Gmail.
[-] * Fixed LDIF parser to cope with multiple LDIF in single file.
20110315 - 1.29.92
[-] * Documentation improvements and fixes.
[-] * Saner error handling in Windows serial driver.
[-] * Cleanup in SMSD internals.
[+] * Added ODBC driver to SMSD.
20110225 - 1.29.91
[+] * Added screenshot function for Sony-Ericssonn phones (M rton N meth).
[-] * Fixed parsing of some Nokia SMSes (bug #1402).
[-] * Properly report error on deleting non deletable entries (bug #1396).
[-] * Slower switch from m-obex to AT (bug #1382).
[-] * Faster initialization for AT phones without enabled echo.
20110210 - 1.29.90
[-] * Fix detection of MySQL libraries (bug #1370).
[!] * Changed default connection settings to at and ttyACM0 (bug #1078).
[+] * Add new API call to abort existing operation (bug #1155).
[+] * Change database structure to avoid using reserved word Signal (bug #1380).
[+] * Possibility to limit time of day for SMS in SMSD (bug #1203).
[-] * Enforce limits on SMS payload length.
[+] * Made GSM_SMSCounter public (bug #1356).
[+] * Support for S60 phones using Series60 applet (bug #423).
[-] * Do not fail on 0x7b field in Nokia 3600s phonebook (bug #1385).
[!] * Disabled two stage probing for most protocols.
[-] * Fixed saving of SMS backups (bug #1392).
[+] * Screenshot functionality for DCT4 phones (bug #1390).
20110119 - 1.29.0
[+] * Added option to enter new PIN when entering PUK, thanks to Peter
Stuge for pointing out this requirement.
[-] * Improved documentation of SMSD backend services.
20110107 - 1.28.95
[-] * Fix decoding of SMS without date on DCT4 phones (bug #1368).
[+] * Added gammu-detect tool to detect available devices on system.
[-] * Fixed parsing of Philips reply to SPBR (bug #1366).
[-] * Fixed testsuite not to depend on system timezone.
[-] * Check if phone is waiting for requested security code before
entering.
[-] * Fixup invalid international numbers with double prefix (+00) in
SMS (bug #1364).
[-] * Fixed m-obex protocol implementation, thanks to Matthieu Patou (bug #1375).
[-] * Fixed build on Mac OS X, thanks to Matthieu Patou (bug #1374).
[-] * Fixed decoding of some SMS messages on S40 phones (bug #1243).
20101227 - 1.28.94
[+] * New convertbackup command to convert between backup formats.
[+] * Changed database structure to version 12, you need to upgrade it.
[-] * Try harder to find dn for LDIF export (bug #1363).
[-] * Better names for some fields in LDIF export (bug #1363).
[-] * Implement parsing of LDIF for all fields we save (bug #1363).
[-] * Various minor fixes in SMSD SQL backend.
[-] * Improved test suite coverage.
[-] * Improved dummy driver to allow more testing.
20101202 - 1.28.93
[+] * New SMSD configuration RunOnFailure.
[-] * Fix invalid SQL when storing 8bit SMS (bug #1329).
[-] * Probe if phone supports m-obex protocol (bug #1286).
[+] * Experimental support fo m-obex protocol (bug #1286).
[-] * Fix detection of delivery reports in MySQL and PostgreSQL backends
(bug #313).
[+] * Include udev rules for Nokia phones (bug #1251).
[-] * Fix parsing LG VX9200 reply on getting battery state (bug #1264).
[-] * Fix handling of SMS text mode (bug #1189).
[!] * Default to no retries of the send commands on the link.
[-] * Wait for more USSD replies on getussd command (bug #1346).
[!] * New unified SQL SMSD backend handling all SQL databases.
[+] * SQL queries in SQL SMSD backend can be configured.
20101004 - 1.28.92
[+] * New SMSD config option HardResetFrequency.
[+] * Gammu now supports freedesktop.org/XDG specs for config file
locations and reads ~/.config/gammu/config.
[-] * Increase timeout for AT+CMGL (bug #1317).
[+] * Added support for optional delivery report parts as defined by
ETSI 123 040, section 9.2.2.3 (bug #1304).
[+] * SMSD database host configuration is now named "host" not "PC".
20100916 - 1.28.91
[-] * Fixed locales compilation/support.
[-] * Set memory to use for MPBR/SBNR/SPBR commands as well (bug #1128).
[-] * Handle errors from CMGL same way as from CMGR (bug #1211).
[-] * Fixed parsing of AT+CPMS=? reply (bug #1296).
[+] * Implemented matching by serial number.
[+] * SMSD can now be configured just for sending/receiving.
[-] * Fixed battery status for S40 phones (bug #1301).
[-] * Improved compatibility with Motorola phonebook (bug #1128).
[+] * Lot of documentation improvements, check <http://wammu.eu/docs/devel/docs/>.
20100827 - 1.28.90
[-] * Fixed handling of empty reply on CREG/CGREG (bug #1245).
[-] * Prefer storing delivery reports over forwarding them.
[-] * Fix leak and crash when handling MMS notifications in Python.
[-] * Fixed parsing of date from AT phones (bug #1256).
[-] * Simplify handling text comment in SMS backup to keep new lines.
[+] * New command gammu battery.
[-] * Fail to send SMS without set SMSC.
[-] * Avoid updating SMSD backend frequently than StatusFrequency defines.
[-] * Store SIM phonebook to vCard on backup (bug #1281).
[-] * Fixed waiting for multipart messages (bug #1279).
[-] * Fixed crash on too long GPRS access point names in backup (bug #1267).
[-] * Fallback to using SMSC from phone in SMSD if none provided.
[-] * Improved guessing of HEX/GSM charsets for phone number in AT engine.
20100712 - 1.28.0
[+] * Support for adding notes using addnew command.
[-] * Better log errors when moving message in SMSD.
[!] * Removed checkfirmware command as the server is not existing anymore.
[-] * Proper closing of Bluetooth sockets on Windows (bug #1239).
[-] * Properly decode another way of MMS notification SMS.
[+] * Support for selecting USB device to use on Linux.
[-] * Fix storing text in SMS backup comment for multiline SMS.
[-] * Fixed crash when passing invalid parameters to SMS encoder.
20100629 - 1.27.95
[+] * Support for getting packet network state (bug #1220).
[-] * Fix parsing of AT replies from Nokia 2730 (bug #1224).
[-] * Nokia E61 needs encoded USSD requests (bug #1228).
[!] * Rename Port configuration directive to Device.
[-] * Try to reconnect after lost connection to MySQL error.
[-] * Actually enable -f processing in SMSD.
[+] * Configurable number of backend retries.
[-] * Prefer GSM charset for USSD requests (bug #1228).
20100603 - 1.27.94
[-] * Fixed folder detection for Nokia S40 phones (bug #1191).
[-] * Fixed smsd-inject for long messages.
[-] * Fixed waiting for more multipart messages (bug #1193).
[-] * Fixed parsing of cellid reply with different locales (bug #1202).
[-] * Fixed handling of timeouts from libusb (bug #1207).
[-] * Properly detect birthday on Nokia 2700 (bug #1213).
[-] * Provide fallback value for note type (bug #1213).
[-] * Rewritten parsing of CREG: reply to properly parse all replies (bug #1220).
20100413 - 1.27.93
[-] * Fix crash when SMS in Nokia has too many recipients (bug #1136).
[-] * Better handling of Bluetooth errors on Windows (bug #1146).
[-] * Build with -Wl,--as-needed to avoid not required dependencies.
[-] * Python module now uses more PEP-3 compliant naming.
[-] * Fix compilation while disabling some features.
[-] * Include message reference in FILES backend logs for SMSD.
[-] * Fix crash when adding file to Nokia (bug #1163).
[+] * Added function EncodePDU to python-gammu.
[-] * Fix storing message status on multiple delivery reports (bug #1167).
[-] * Force AT^SBNR support on Siemens AX75.
20100217 - 1.27.92
[+] * Write support for Siemens phonebook (bug #1129).
[-] * Properly decode UTF-8 version 3.0 vCards (bug #1132).
[-] * Fixed wrong counting of favorite messaging numbers (bug #1010).
[+] * Implement SendDTMF in Python bindings.
20100204 - 1.27.91
[-] * Add ID for Nokia 6275i (bug #1096).
[-] * Fix Windows build by not defining MSVC version.
[-] * Correctly use first entry location in MPBR (bug #1076).
[-] * Avoid buffer overrun when parsing SM30 SMS (bug #1110).
[-] * Properly detect user home directory.
[+] * Improved MMS notifications encoding.
[+] * Allow to specify MMS notification class.
[+] * Implemented decoding of MMS notification (bug #1100).
[+] * SMSD now properly groups multipart messages together.
[+] * New NULL service for SMSD.
[+] * RunOnReceive now gets environment variables with SMS data.
[-] * Fixed AT lines splitting to work properly with quotes.
[-] * Separate getting information for Motorola phones (bug #1076).
[-] * Fixed reading of Samsung contacts (bug #1105).
[-] * Re-enable classic AT commands for adding Samsung contact (bug #1105).
[+] * SMSD no longer requires support for SMS status, so it works with Nokia S40 phones.
[-] * Fix finding of empty location for some AT phones (bug #1119).
[-] * Restore phone phonebook also to phones not supporting status (bug #1122).
[-] * Avoid reading phone memory on reading SIM (bug #1123).
20100106 - 1.27.90
[-] * Simplify code in FILES smsd service.
[-] * FILES service can send smsbackup messages.
[+] * Configurable outbox format for SMSD/FILES.
[-] * Improve conversion of boolean settings from Python.
[-] * Do not use MPBR/SPBR for other than phone memory (bug #1076).
[-] * Fix crash with unknown CME error (bug #1082).
[-] * Fixed connecting to Onda devices (LP #501025).
[+] * SMSD can terminate itself after defined number of failures.
[-] * Improved decoding of SM30 Nokia messages (bug #1091).
20091222 - 1.27.0
[+] * Initial support for reading Motorola calendar (bug#338).
[-] * Avoid parsing boolean config values all around the code.
[+] * FILES backend of SMSD now support message injecting.
[-] * Ignore duplicate lines in AT reply (bug#1069).
20091212 - 1.26.93
[-] * Add ID for MTK1/MTK2 phones (bug#1051).
[+] * Add DecodePDU to Python bindings.
[+] * Added sample SQL trigger for SMSD polls.
[-] * Display sent SMS time if it is available (bug#1053).
[-] * Added bunch of new testcases.
[-] * Distinguish silent/tone alarms in own backup format.
[-] * Fixed compilation with Clang compiler.
[-] * Fixed handling of SMS memories with Samsung (bug#1063).
[+] * Reporting location based on OpenCellID database (bug#1039).
20091203 - 1.26.92
[-] * Compare full name of config section.
[-] * Add ID for Nokia 6111 (bug#1045).
[-] * Handle CME error 601 (bug#1044).
[+] * Support for reading birthday from Samsung phonebook (bug#1038).
[+] * Report GPRS state when getting network status (bug#1023).
[-] * Fix reading of Siemens phonebook (bug#1046).
[+] * Make gammu error codes map to GSM_Error.
[-] * Various code cleanups.
[-] * Add ID for Huawei E169.
20091119 - 1.26.91
[-] * Fixed parsing of vCards with lowercase types (bug #1006).
[-] * Handle forward references in Nokia phonebook (bug #1009).
[-] * Save timestamp to SMS backup for all messages.
[-] * Store PDU type in SMS backup.
[+] * More flexible handling of exclude/include lists in SMSD.
[+] * Add support for external list of exclude/include numbers (bug#1008).
[-] * Workaround decoding of messages padded by 0xFF by phone.
[-] * Force enabling of OBEX for SE S312 (bug#1016).
[-] * Recognize Motorola A1200 error replies (bug#1019).
[-] * Disable AT/Obex for Motorola A1200e (bug#1019).
[-] * Properly detect if phone does not support AT+MODE (bug#1019).
[-] * Disable AT/Obex for Motorola E790 (bug#1018).
[+] * Add option to filter messages by SMSC (bug#1020).
[-] * Implement retries when waiting for message prompt.
[-] * Fixed logic of detecting incoming calls.
[-] * Fixed loading of non ASCII messages from files in SMSD (bug#1011).
[+] * Added example showing reading of messages.
[-] * Build Windows release with Python 2.6.
[-] * Fixed compilation in MSVC because of missing S_ISDIR.
[-] * Fixed parsing of different Samsung reply (bug#1038).
[-] * Proper error code when SMSC is empty (bug#1032).
[-] * Fixed compilation of python-gammu in MSVC.
20091012 - 1.26.90
[-] * Fixed parsing of SMS with empty recipient (bug #998).
[-] * Correct setting of time on Huawei phones.
[+] * Addnew command can now change memory type being used.
[-] * Proper handling of locations and memory type in vCards.
[-] * Added IDs for several recent Sony-Ericsson phones.
[-] * Fix decoding of phone numbers in some cases (bug #999).
[-] * Replace MD5 implementation with public domain one (bug #964).
[-] * Huawei E17X has broken UCS-2, do not use it (bug #962).
[-] * Do not fail if phone does not support extended SMS params (bug #927).
[+] * Added support for Samsung calendar (bug #839).
[-] * Do not choke on OK in message text.
[-] * Add ID of Nokia 6020b (bug #1004).
[-] * Fix decoding of SMS with extended characters.
[-] * Fixed handling of DCT4 specific functions.
[-] * Add workaround for especially broken Ubinetics GDC201.
- added --with-trust-uds-cred which uses getsockopt() to fetch and
trust the client uid, bypassing password lookups - patch by Anton
Lundin <glance@acc.umu.se>
- missing closedir() causing memory leak - patch by Anton Lundin
<glance@acc.umu.se>
- sending a break signal over IPMI was broken - based on patch by
Alexander Y. Fomichev <git.user@gmail.com>
- IPv6 support (marked as experimental at this point because it's
untested (except by the author), there's a lack of documentation, and
I'm hoping for non-getifaddrs() system support) - patch by Milos
Vyletel <milos.vyletel@gmail.com>
- no more K&R compiler support
version 8.1.20 (Apr 4, 2014):
- IPMI serial over LAN support via FreeIPMI - based on patch by Anton
D. Kachalov <mouse@yandex-team.ru>
- minor cleanup of code, removal of gcc warnings and such that should
have no fuctional change
version 8.1.19 (Sep 26, 2013):
- prevent select/read loop when EOF on non-pty input (console) -
reported by Chris Marget <chris@marget.com>
- "!" syntax prefixing use of group names not honored - reported by
Zonker <consoleteam@gmail.com>
- fixed memory leak using timestamps - patch by Karvendhan M.
<Karvendhan.M@netapp.com>
- deprecated --with-cycladests (noop now) - cross-compilation should
work without it as autologin now expects setpgrp() to take two
arugments instead of testing for it
- no automatic checks for an empty password when using PAM
authentication - based on discussion with Ryan Kirkpatrick
<linux@rkirkpat.net>
- added 'sslcacertificatefile' and 'sslcacertificatepath' client
configuration options - based on patch by Aki Tuomi <cmouse@cmouse.fi>
- added 'sslcacertificatefile' and 'sslreqclientcert' server
configuration options
- added --with-req-server-cert to force clients to require a certificate
from the server when using SSL - based on emails with Thor Simon
<tls@coyotepoint.com>
- added server-side tasks (see conserver.cf man page) that are invoked
by the client (useful for things like IPMI-based power control of
servers, invoking resets of terminal server ports, or anything else
that requires scripting) - ideas from patch by Anton Lundin
<glance@acc.umu.se> and discussion on mailing list (2011)
- added 'confirm' option to break sequences
- added 'breaklist' option to limit exposure of break sequences to
consoles
- sending of break signals is now announced to all attached clients
The Asterisk Development Team has announced the release of Asterisk 11.14.0.
The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.32.0.
The release of Asterisk 1.8.32.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0
Thank you for your continued support of Asterisk!
Bugfix release for 0.4.0, notably for:
* issue with the "oss" plug-in
* less warnings when building with Gtk+ 3
DeforaOS Phone 0.4.0 did bring:
* support for Gtk+ 3 (except for the new "video" plug-in)
* new and updated plug-ins and tools
* additional features and interface updates
* as well as improved documentation (manual pages...)
* and additional improvements under the hood (portability, XDG compliance...)
Also drops the dependency on audio/pulseaudio.
The Asterisk Development Team has announced the release of Asterisk 11.13.0.
The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
warnings and ref leaks (Reported by Walter Doekes)
* ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
if ever not able to resolve (Reported by David Herselman)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
* ASTERISK-23577 - res_rtp_asterisk: Crash in
ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
Jay Jideliov)
* ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
by Roman Skvirsky)
* ASTERISK-24301 - Security: Out of call MESSAGE requests
processed via Message channel driver can crash Asterisk
(Reported by Matt Jordan)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced the release of Asterisk 1.8.31.0.
The release of Asterisk 1.8.31.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24032 - Gentoo compilation emits warning:
"_FORTIFY_SOURCE" redefined (Reported by Kilburn)
* ASTERISK-24225 - Dial option z is broken (Reported by
dimitripietro)
* ASTERISK-24178 - [patch]fromdomainport used even if not set
(Reported by Elazar Broad)
* ASTERISK-24019 - When a Music On Hold stream starts it restarts
at beginning of file. (Reported by Jason Richards)
* ASTERISK-24211 - testsuite: Fix the dial_LS_options test
(Reported by Matt Jordan)
* ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
Mohod)
Improvements made in this release:
-----------------------------------
* ASTERISK-24171 - [patch] Provide a manpage for the aelparse
utility (Reported by Jeremy Lainé)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0
Thank you for your continued support of Asterisk!
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.
Please note that the release of these versions resolves the following security
vulnerability:
* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
Dialplan Configurations
Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-010.pdf
Thank you for your continued support of Asterisk!
