Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
The Asterisk Development Team is proud to announce the release of
Asterisk 10.0.0. This release is available for immediate download
at http://downloads.asterisk.org/pub/telephony/asterisk/
Asterisk 10 is the next major release series of Asterisk. It will
be a Standard support release, similar to Asterisk 1.6.2. For more
information about support time lines for Asterisk releases, see
the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
With the release of the Asterisk 10 branch, the preceding '1.' has
been removed from the version number per the blog post available
at
http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-arrived-at-asterisk-10/
The release of Asterisk 10 would not have been possible without
the support and contributions of the community.
You can find an overview of the work involved with the 10.0.0
release in the summary:
http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary.txt
A short list of available features includes:
* T.38 gateway functionality has been added to res_fax.
* Protocol independent out-of-call messaging support. Text messages not
associated with an active call can now be routed through the Asterisk
dialplan. SIP and XMPP are supported so far.
* New highly optimized and customizable ConfBridge application capable
of mixing audio at sample rates ranging from 8kHz-192kHz
* Addition of video_mode option in confbridge.conf to provide basic video
conferencing in the ConfBridge() dialplan application.
* Support for defining hints has been added to pbx_lua.
* Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
* Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES
Also, when upgrading a system between major versions, it is imperative
that you read and understand the contents of the UPGRADE.txt file,
which is located at:
http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt
Thank you for your continued support of Asterisk!
share/doc/asterisk/AST.{txt,pdf} has been replaced with
share/doc/asterisk/Asterisk_Admin_Guide. You will need a browser
to read the latter.
----- Asterisk 1.8.8.1 -----
The release of Asterisk 1.8.8.1 resolves a regression introduced
in Asterisk 1.8.8.0 reported by the community, and would have not
been possible without your participation. Thank you!
The following is the issue resolved in this release:
* Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop
Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local
bridge loop causes the loop to exit prematurely. This causes a
variety of negative side effects, which may include having Music
On Hold failing during a SIP Hold.
For a full description of the changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.1
Thank you for your continued support of Asterisk!
----- Asterisk 1.8.8.0 -----
The release of Asterisk 1.8.8.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Updated SIP 484 handling; added Incomplete control frame
When a SIP phone uses the dial application and receives a 484
Address Incomplete response, if overlapped dialing is enabled
for SIP, then the 484 Address Incomplete is forwarded back to
the SIP phone and the HANGUPCAUSE channel variable is set to
28. Previously, the Incomplete application dialplan logic was
automatically triggered; now, explicit dialplan usage of the
application is required.
* Prevent IAX2 from getting IPv6 addresses via DNS
IAX2 does not support IPv6 and getting such addresses from DNS
can cause error messages on the remote end involving bad IPv4
address casts in the presence of IPv6/IPv4 tunnels.
* Fix bad RTP media bridges in directmedia calls on peers separated by
multiple Asterisk nodes.
* Fix crashes in ast_rtcp_write()
* Fix for incorrect voicemail duration in external notifications.
This patch fixes an issue where the voicemail duration was being
reported with a duration significantly less than the actual
sound file duration.
* Prevent segfault if call arrives before Asterisk is fully booted.
* Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
* Fix locking order in app_queue.c which caused deadlocks
* Fix regression in configure script for libpri capability checks
* Prevent BLF subscriptions from causing deadlocks.
* Fix deadlock if peer is destroyed while sending MWI notice.
* Fix issue with setting defaultenabled on categories that are already
enabled by default.
* Don't crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it
was possible to crash Asterisk by sending an INFO request if
no channel had been created yet.
* Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned
by subsequent SIP SUBSCRIBE messages.
* Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when
the general and user/peer nat settings differ in whether to
respond to the port a request is sent from or the port listed
for responses in the Via header.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0
Thank you for your continued support of Asterisk!
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:
* The sample file listed *two* values for the 'nat' option as being the default.
Only 'yes' is the default.
* The warning about having differing 'nat' settings confusingly referred to both
peers and users.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22
Thank you for your continued support of Asterisk!
Asterisk Project Security Advisory - AST-2011-013
Product Asterisk
Summary Possible remote enumeration of SIP endpoints with
differing NAT settings
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On 2011-07-18
Reported By Ben Williams
Posted On
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description It is possible to enumerate SIP usernames when the general
and user/peer NAT settings differ in whether to respond to
the port a request is sent from or the port listed for
responses in the Via header. In 1.4 and 1.6.2, this would
mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would
mean when one was nat=force_rport or nat=yes and the other
was nat=no or nat=comedia.
Resolution Handling NAT for SIP over UDP requires the differing
behavior introduced by these options.
To lessen the frequency of unintended username disclosure,
the default NAT setting was changed to always respond to the
port from which we received the request-the most commonly
used option.
Warnings were added on startup to inform administrators of
the risks of having a SIP peer configured with a different
setting than that of the general setting. The documentation
now strongly suggests that peers are no longer configured
for NAT individually, but through the global setting in the
"general" context.
Affected Versions
Product Release Series
Asterisk Open Source All All versions
Corrected In
As this is more of an issue with SIP over UDP in general, there is no
fix supplied other than documentation on how to avoid the problem. The
default NAT setting has been changed to what we believe the most
commonly used setting for the respective version in Asterisk 1.4.43,
1.6.2.21, and 1.8.7.2.
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-013.pdf and
http://downloads.digium.com/pub/security/AST-2011-013.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-013
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
__________________________________________________________________
Asterisk Project Security Advisory - AST-2011-014
Product Asterisk
Summary Remote crash possibility with SIP and the "automon"
feature enabled
Nature of Advisory Remote crash vulnerability in a feature that is
disabled by default
Susceptibility Remote unauthenticated sessions
Severity Moderate
Exploits Known Yes
Reported On November 2, 2011
Reported By Kristijan Vrban
Posted On 2011-11-03
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description When the "automon" feature is enabled in features.conf, it
is possible to send a sequence of SIP requests that cause
Asterisk to dereference a NULL pointer and crash.
Resolution Applying the referenced patches that check that the pointer
is not NULL before accessing it will resolve the issue. The
"automon" feature can be disabled in features.conf as a
workaround.
Affected Versions
Product Release Series
Asterisk Open Source 1.6.2.x All versions
Asterisk Open Source 1.8.x All versions
Corrected In
Product Release
Asterisk Open Source 1.6.2.21, 1.8.7.2
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff 1.8.7.1
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-014.pdf and
http://downloads.digium.com/pub/security/AST-2011-014.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-014
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
in the iLBC codec files.
__________________________________________________________________
Asterisk Project Security Advisory - AST-2011-013
Product Asterisk
Summary Possible remote enumeration of SIP endpoints with
differing NAT settings
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On 2011-07-18
Reported By Ben Williams
Posted On
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description It is possible to enumerate SIP usernames when the general
and user/peer NAT settings differ in whether to respond to
the port a request is sent from or the port listed for
responses in the Via header. In 1.4 and 1.6.2, this would
mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would
mean when one was nat=force_rport or nat=yes and the other
was nat=no or nat=comedia.
Resolution Handling NAT for SIP over UDP requires the differing
behavior introduced by these options.
To lessen the frequency of unintended username disclosure,
the default NAT setting was changed to always respond to the
port from which we received the request-the most commonly
used option.
Warnings were added on startup to inform administrators of
the risks of having a SIP peer configured with a different
setting than that of the general setting. The documentation
now strongly suggests that peers are no longer configured
for NAT individually, but through the global setting in the
"general" context.
Affected Versions
Product Release Series
Asterisk Open Source All All versions
Corrected In
As this is more of an issue with SIP over UDP in general, there is no
fix supplied other than documentation on how to avoid the problem. The
default NAT setting has been changed to what we believe the most
commonly used setting for the respective version in Asterisk 1.4.43,
1.6.2.21, and 1.8.7.2.
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-013.pdf and
http://downloads.digium.com/pub/security/AST-2011-013.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-013
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
__________________________________________________________________
Asterisk Project Security Advisory - AST-2011-014
Product Asterisk
Summary Remote crash possibility with SIP and the "automon"
feature enabled
Nature of Advisory Remote crash vulnerability in a feature that is
disabled by default
Susceptibility Remote unauthenticated sessions
Severity Moderate
Exploits Known Yes
Reported On November 2, 2011
Reported By Kristijan Vrban
Posted On 2011-11-03
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description When the "automon" feature is enabled in features.conf, it
is possible to send a sequence of SIP requests that cause
Asterisk to dereference a NULL pointer and crash.
Resolution Applying the referenced patches that check that the pointer
is not NULL before accessing it will resolve the issue. The
"automon" feature can be disabled in features.conf as a
workaround.
Affected Versions
Product Release Series
Asterisk Open Source 1.6.2.x All versions
Asterisk Open Source 1.8.x All versions
Corrected In
Product Release
Asterisk Open Source 1.6.2.21, 1.8.7.2
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff 1.8.7.1
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-014.pdf and
http://downloads.digium.com/pub/security/AST-2011-014.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-014
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
2) Pass BUILDLINK_CPPFLAGS and BUILDLINK_LDFLAGS to the make process.
3) Have the build variables HAVE_LIBCURSES and HAVE_CURSES needed for the
linux build set the by pkgsrc.
Bump PKGREVISION
pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it
Asterisk Project Security Advisory - AST-2011-012
Product Asterisk
Summary Remote crash vulnerability in SIP channel driver
Nature of Advisory Remote crash
Susceptibility Remote authenticated sessions
Severity Critical
Exploits Known No
Reported On October 4, 2011
Reported By Ehsan Foroughi
Posted On October 17, 2011
Last Updated On October 17, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-4063
Description A remote authenticated user can cause a crash with a
malformed request due to an unitialized variable.
Resolution Ensure variables are initialized in all cases when parsing
the request.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions (currently in beta)
Corrected In
Product Release
Asterisk Open Source 1.8.7.1, 10.0.0-rc1
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-012.pdf and
http://downloads.digium.com/pub/security/AST-2011-012.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-012
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
This update adds a "jabber" option which is enabled by default.
This option pulls in iksemel which is used by the res_jabber.
Doing this allows chan_jingle (jabber) and chan_gtalk to work.
pkgsrc changes:
- adjust for ilbc changes after it was acquired by Google
- install AST.pdf IAX2-security.pdf into share/doc/asterisk
1.8.7.0:
========
The release of Asterisk 1.8.7.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
Please note that a significant numbers of changes and fixes have
gone into features.c in this release (call parking, built-in
transfers, call pickup, etc.).
NOTE:
Recently, we were notified that the mechanism included in our
Asterisk source code releases to download and build support for
the iLBC codec had stopped working correctly; a little investigation
revealed that this occurred because of some changes on the
ilbcfreeware.org website. These changes occurred as a result of
Google's acquisition of GIPS, who produced (and provided licenses
for) the iLBC codec.
If you are a user of Asterisk and iLBC together, and you've already
executed a license agreement with GIPS, we believe you can continue
using iLBC with Asterisk. If you are a user of Asterisk and iLBC
together, but you had not executed a license agreement with GIPS,
we encourage you to research the situation and consult with your
own legal representatives to determine what actions you may want
to take (or avoid taking).
More information is available on the Asterisk blog:
http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googles-acquisition-of-gips/
The following is a sample of the issues resolved in this release:
* Added the 'storesipcause' option to sip.conf to allow the user to
disable the setting of HASH(SIP_CAUSE,) on the channel. Having
chan_sip set HASH(SIP_CAUSE,) on the channel carries a significant
performance penalty because of the usage of the MASTER_CHANNEL()
dialplan function.
We've decided to disable this feature by default in future 1.8
versions. This would be an unexpected behavior change for anyone
depending on that SIP_CAUSE update in their dialplan. Please
refer to the asterisk-dev mailing list more information:
http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
* Significant fixes and improvements to parking lots.
(Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430,
ASTERISK-17452, ASTERISK-17452, ASTERISK-15792.)
* Numerous issues have been reported for deadlocks that are caused
by a blocking read in res_timing_timerfd on a file descriptor
that will never be written to.
A change to Asterisk adds some checks to make sure that the
timerfd is both valid and armed before calling read(). Should
fix: ASTERISK-18142, ASTERISK-18197, ASTERISK-18166 and possibly
others. (In essence, this change should make res_timing_timerfd
usable.)
* Resolve segfault when publishing device states via XMPP and not connected.
(Closes issue ASTERISK-18078.)
* Refresh peer address if DNS unavailable at peer creation.
(Closes issue ASTERISK-18000)
* Fix the missing DAHDI channels when using the newer chan_dahdi.conf
sections for channel configuration.
(Closes issue ASTERISK-18496.)
* Remove unnecessary libpri dependency checks in the configure script.
(Closes issue ASTERISK-18535.)
* Update get_ilbc_source.sh script to work again.
(Closes issue ASTERISK-18412)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
Thank you for your continued support of Asterisk!
1.8.6.0:
========
The release of Asterisk 1.8.6.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Fix an issue with Music on Hold classes losing files in playlist
when realtime is used. (Closes issue ASTERISK-17875.)
* Resolve a potential crash in chan_sip when utilizing auth= and
performing a 'sip reload' from the console. (Closes issue
ASTERISK-17939.)
* Address some improper sql statements in res_odbc that would cause
an update to fail on realtime peers due to trying to set as
"(NULL)" rather than an actual NULL. (Closes issue ASTERISK-17791.)
* Resolve issue where 403 Forbidden would always be sent maximum
number of times regardless to receipt of ACK.
* Resolve issue where if a call to MeetMe includes both the dynamic(D)
and always request PIN(P) options, MeetMe will ask for the PIN
two times: once for creating the conference and once for entering
the conference.
* Fix New Zealand indications profile based on
http://www.telepermit.co.nz/TNA102.pdf
(Closes issue ASTERISK-16263.)
* Segfault in shell_helper in func_shell.c
(Closes issue ASTERISK-18109.)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0
Thank you for your continued support of Asterisk!
misuse of function pointer casts and mismatched function calls and
arguments. Now this has some chance at running on something other
than i386.
PKGREVISION -> 12.
