2) Pass BUILDLINK_CPPFLAGS and BUILDLINK_LDFLAGS to the make process.
3) Have the build variables HAVE_LIBCURSES and HAVE_CURSES needed for the
linux build set the by pkgsrc.
Bump PKGREVISION
pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it
Asterisk Project Security Advisory - AST-2011-012
Product Asterisk
Summary Remote crash vulnerability in SIP channel driver
Nature of Advisory Remote crash
Susceptibility Remote authenticated sessions
Severity Critical
Exploits Known No
Reported On October 4, 2011
Reported By Ehsan Foroughi
Posted On October 17, 2011
Last Updated On October 17, 2011
Advisory Contact Terry Wilson <twilson@digium.com>
CVE Name CVE-2011-4063
Description A remote authenticated user can cause a crash with a
malformed request due to an unitialized variable.
Resolution Ensure variables are initialized in all cases when parsing
the request.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions (currently in beta)
Corrected In
Product Release
Asterisk Open Source 1.8.7.1, 10.0.0-rc1
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8
http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-012.pdf and
http://downloads.digium.com/pub/security/AST-2011-012.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-012
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
This update adds a "jabber" option which is enabled by default.
This option pulls in iksemel which is used by the res_jabber.
Doing this allows chan_jingle (jabber) and chan_gtalk to work.
pkgsrc changes:
- adjust for ilbc changes after it was acquired by Google
- install AST.pdf IAX2-security.pdf into share/doc/asterisk
1.8.7.0:
========
The release of Asterisk 1.8.7.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
Please note that a significant numbers of changes and fixes have
gone into features.c in this release (call parking, built-in
transfers, call pickup, etc.).
NOTE:
Recently, we were notified that the mechanism included in our
Asterisk source code releases to download and build support for
the iLBC codec had stopped working correctly; a little investigation
revealed that this occurred because of some changes on the
ilbcfreeware.org website. These changes occurred as a result of
Google's acquisition of GIPS, who produced (and provided licenses
for) the iLBC codec.
If you are a user of Asterisk and iLBC together, and you've already
executed a license agreement with GIPS, we believe you can continue
using iLBC with Asterisk. If you are a user of Asterisk and iLBC
together, but you had not executed a license agreement with GIPS,
we encourage you to research the situation and consult with your
own legal representatives to determine what actions you may want
to take (or avoid taking).
More information is available on the Asterisk blog:
http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googles-acquisition-of-gips/
The following is a sample of the issues resolved in this release:
* Added the 'storesipcause' option to sip.conf to allow the user to
disable the setting of HASH(SIP_CAUSE,) on the channel. Having
chan_sip set HASH(SIP_CAUSE,) on the channel carries a significant
performance penalty because of the usage of the MASTER_CHANNEL()
dialplan function.
We've decided to disable this feature by default in future 1.8
versions. This would be an unexpected behavior change for anyone
depending on that SIP_CAUSE update in their dialplan. Please
refer to the asterisk-dev mailing list more information:
http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
* Significant fixes and improvements to parking lots.
(Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430,
ASTERISK-17452, ASTERISK-17452, ASTERISK-15792.)
* Numerous issues have been reported for deadlocks that are caused
by a blocking read in res_timing_timerfd on a file descriptor
that will never be written to.
A change to Asterisk adds some checks to make sure that the
timerfd is both valid and armed before calling read(). Should
fix: ASTERISK-18142, ASTERISK-18197, ASTERISK-18166 and possibly
others. (In essence, this change should make res_timing_timerfd
usable.)
* Resolve segfault when publishing device states via XMPP and not connected.
(Closes issue ASTERISK-18078.)
* Refresh peer address if DNS unavailable at peer creation.
(Closes issue ASTERISK-18000)
* Fix the missing DAHDI channels when using the newer chan_dahdi.conf
sections for channel configuration.
(Closes issue ASTERISK-18496.)
* Remove unnecessary libpri dependency checks in the configure script.
(Closes issue ASTERISK-18535.)
* Update get_ilbc_source.sh script to work again.
(Closes issue ASTERISK-18412)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
Thank you for your continued support of Asterisk!
1.8.6.0:
========
The release of Asterisk 1.8.6.0 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Fix an issue with Music on Hold classes losing files in playlist
when realtime is used. (Closes issue ASTERISK-17875.)
* Resolve a potential crash in chan_sip when utilizing auth= and
performing a 'sip reload' from the console. (Closes issue
ASTERISK-17939.)
* Address some improper sql statements in res_odbc that would cause
an update to fail on realtime peers due to trying to set as
"(NULL)" rather than an actual NULL. (Closes issue ASTERISK-17791.)
* Resolve issue where 403 Forbidden would always be sent maximum
number of times regardless to receipt of ACK.
* Resolve issue where if a call to MeetMe includes both the dynamic(D)
and always request PIN(P) options, MeetMe will ask for the PIN
two times: once for creating the conference and once for entering
the conference.
* Fix New Zealand indications profile based on
http://www.telepermit.co.nz/TNA102.pdf
(Closes issue ASTERISK-16263.)
* Segfault in shell_helper in func_shell.c
(Closes issue ASTERISK-18109.)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.6.0
Thank you for your continued support of Asterisk!
misuse of function pointer casts and mismatched function calls and
arguments. Now this has some chance at running on something other
than i386.
PKGREVISION -> 12.
require you to use movd (instead of movq) when transferring data
between reg32/64 and an mmx register. No PKGREVISION bump since it
failed to compile on amd64 meaning there was no binary package.
Changes:
0.4, 20110831 - jeagle
Fix packet timeout bug reported by Dave S.
Replace call to die() in __data_to_int with return undef, update docs to
reflect this.
Device::XBee::API is a module designed to encapsulate the Digi XBee API in
object-oriented Perl. This module expects to communicate with an XBee
module using the API firmware via a serial (or serial over USB) device.
1.58 Mon Mar 7 22:31:22 EST 2011
- Fixed RT #48229, an uninitialized value when registering to the network
but getting no answer from the phone.
1.57 Mon Mar 7 20:53:03 EST 2011
- Fixed a bug in send_sms() that prevented it from working at all.
The bug was introduced with the "assume_registered" option.
- Fixed RT #57585. Thanks to Eric Kössldorfer for his patch and
test case.
- Added PDU<->latin1 conversion functions in Device::Gsm::Pdu
- Note to self: first release from Australia!
* Handle device reconnected more smoothly (USB-serial dongles)
* Translation updates: Danish
* Several fixes (see ChangeLog)
Changes 2.4:
* Add -D and -b options to specify device and baud rate on the command
line.
* Do character conversion between local and remote side (-R option)
* Added indonesian translation
* Compatibility fixes for recent build environments
* Remove code that handled very old systems
Changes 2.3:
* Fix build on Mac OS X
* New version of the dial format to be little and big endian as well as
32/64 bit safe
* Support more baud rates
* Handle device disappearances (e.g. serial-USB device unplug)
* Various build and other fixes
Changes 2.2:
* Vietnamese translation added
* Norwegian translation added
* Traditional chinese translation added
* Swedish translation added
* Romanian translation added
* default to 8bit mode if LANG or LC_ALL are set
* default baud rate set to 115200
* Various code cleanups and fixes
The release of Asterisk 1.8.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix Deadlock with attended transfer of SIP call
* Fixes thread blocking issue in the sip TCP/TLS implementation.
* Be more tolerant of what URI we accept for call completion PUBLISH requests.
* Fix a nasty chanspy bug which was causing a channel leak every time a spied on
channel made a call.
* This patch fixes a bug with MeetMe behavior where the 'P' option for always
prompting for a pin is ignored for the first caller.
* Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
the call that the dialplan started an AGI script for is hungup while the AGI
script is in the middle of a command then the AGI script is not notified of
the hangup.
* Resolve issue where leaving a voicemail, the MWI message is never sent. The
same thing happens when checking a voicemail and marking it as read.
* Resolve issue where wait for leader with Music On Hold allows crosstalk
between participants. Parenthesis in the wrong position. Regression from issue
#14365 when expanding conference flags to use 64 bits.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
Thank you for your continued support of Asterisk!
Asterisk Project Security Advisory - AST-2011-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Possible enumeration of SIP users due to |
| | differing authentication responses |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Unauthorized data disclosure |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2011-2536 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Asterisk may respond differently to SIP requests from an |
| | invalid SIP user than it does to a user configured on |
| | the system, even when the alwaysauthreject option is set |
| | in the configuration. This can leak information about |
| | what SIP users are valid on the Asterisk system. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Respond to SIP requests from invalid and valid SIP users |
| | in the same way. Asterisk 1.4 and 1.6.2 do not respond |
| | identically by default due to backward-compatibility |
| | reasons, and must have alwaysauthreject=yes set in |
| | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. |
| | |
| | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 |
| | and 1.6.2 set alwaysauthreject=yes in the general section |
| | of sip.conf. |
+------------------------------------------------------------------------+
Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)
Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, AST-2011-006,
and AST-2011-007.
pkgsrc changes:
- add patch for autosupport script; == -> =
- patch configure to not unconditionally set PBX_LAUNCHD=1
- this allows res_timing_kqueue.so to build
This last change brings a timing source to NetBSD which allows IAX
trunking and allows the bridging modules to work, a rather major
piece that was missing. Note that I haven't extensively tested
it. But, have at it...
===========================================================================
1.8.4.2:
The Asterisk Development Team has announced the release of Asterisk
version 1.8.4.2, which is a security release for Asterisk 1.8.
The release of Asterisk 1.8.4.2 resolves an issue with SIP URI parsing
which can lead to a remotely exploitable crash:
Remote Crash Vulnerability in SIP channel driver (AST-2011-007)
The issue and resolution is described in the AST-2011-007 security
advisory.
For more information about the details of this vulnerability, please
read the security advisory AST-2011-007, which was released at the same
time as this announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.2
Security advisory AST-2011-007 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-007.pdf
===========================================================================
1.8.4.1:
The Asterisk Development Team has announced the release of Asterisk 1.8.4.1.
The release of Asterisk 1.8.4.1 resolves several issues reported by the
community. Without your help this release would not have been possible.
Thank you!
Below is a list of issues resolved in this release:
* Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
* Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
This issue was found and reported by the Asterisk test suite.
* Resolve potential crash when using SIP TLS support.
* Improve reliability when using SIP TLS.
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1
===========================================================================
1.8.4:
The Asterisk Development Team has announced the release of Asterisk 1.8.4.
The release of Asterisk 1.8.4 resolves several issues reported by the community.
Without your help this release would not have been possible. Thank you!
Below is a sample of the issues resolved in this release:
* Use SSLv23_client_method instead of old SSLv2 only.
* Resolve crash in ast_mutex_init()
* Resolution of several DTMF based attended transfer issues.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve deadlocks related to device states in chan_sip
* Resolve an issue with the Asterisk manager interface leaking memory when
disabled.
* Support greetingsfolder as documented in voicemail.conf.sample.
* Fix channel redirect out of MeetMe() and other issues with channel softhangup
* Fix voicemail sequencing for file based storage.
* Set hangup cause in local_hangup so the proper return code of 486 instead of
503 when using Local channels when the far sides returns a busy. Also affects
CCSS in Asterisk 1.8+.
* Fix issues with verbose messages not being output to the console.
* Fix Deadlock with attended transfer of SIP call
Includes changes per AST-2011-005 and AST-2011-006
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4
Information about the security releases are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.8.3.3:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.8.3.2:
he Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.8.3.1:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.
The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.1
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.8.3:
The Asterisk Development Team has announced the release of Asterisk 1.8.3.
The release of Asterisk 1.8.3 resolves several issues reported by the community
and would have not been possible without your participation. Thank you!
The following is a sample of the issues resolved in this release:
* Resolve duplicated data in the AstDB when using DIALGROUP()
* Ensure the ipaddr field in realtime is large enough to handle IPv6 addresses.
* Reworking parsing of mwi => lines to resolve a segfault. Also add a set of
unit tests for the function that does the parsing.
* When using cdr_pgsql the billsec field was not populated correctly on
unanswered calls.
* Resolve memory leak in iCalendar and Exchange calendaring modules.
* This version of Asterisk includes the new Compiler Flags option
BETTER_BACKTRACES which uses libbfd to search for better symbol information
within both the Asterisk binary, as well as loaded modules, to assist when
using inline backtraces to track down problems.
* Resolve issue where no Music On Hold may be triggered when using
res_timing_dahdi.
* Resolve a memory leak when the Asterisk Manager Interface is disabled.
* Reimplemented fax session reservation to reverse the ABI breakage introduced
in r297486.
* Fix regression that changed behavior of queues when ringing a queue member.
* Resolve deadlock involving REFER.
Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.3
===========================================================================
1.8.2.4:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.4
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.
===========================================================================
1.6.2.18:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Only offer codecs both sides support for directmedia.
* Resolution of several DTMF based attended transfer issues.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve deadlocks related to device states in chan_sip
* Fix channel redirect out of MeetMe() and other issues with channel softhangup
* Fix voicemail sequencing for file based storage.
* Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18
===========================================================================
1.6.2.17.3
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.6.2.17.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17.1:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.16.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.
===========================================================================
1.6.2.18:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.
The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Only offer codecs both sides support for directmedia.
* Resolution of several DTMF based attended transfer issues.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve deadlocks related to device states in chan_sip
* Fix channel redirect out of MeetMe() and other issues with channel softhangup
* Fix voicemail sequencing for file based storage.
* Guard against retransmitting BYEs indefinitely during attended transfers with
chan_sip.
In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18
===========================================================================
1.6.2.17.3
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:
* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)
The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
Security advisory AST-2011-005 and AST-2011-006 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-005.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-006.pdf
===========================================================================
1.6.2.17.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17.1:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdfhttp://downloads.asterisk.org/pub/security/AST-2011-004.pdf
===========================================================================
1.6.2.17:
The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.
The release of Asterisk 1.6.2.17 resolves several issues reported by the
community and would have not been possible without your participation.
The following is a sample of the issues resolved in this release:
* Resolve duplicated data in the AstDB when using DIALGROUP()
* Correct issue where res_config_odbc could populate fields with invalid data.
* When using cdr_pgsql the billsec field was not populated correctly on
unanswered calls.
* Resolve issue where re-transmissions of SUBSCRIBE could break presence.
* Fix regression causing forwarding voicemails to not work with file storage.
* This version of Asterisk includes the new Compiler Flags option
BETTER_BACKTRACES which uses libbfd to search for better symbol information
within both the Asterisk binary, as well as loaded modules, to assist when
using inline backtraces to track down problems.
* Resolve several issues with DTMF based attended transfers.
NOTE: Be sure to read the ChangeLog for more information about these changes.
* Resolve issue where no Music On Hold may be triggered when using
res_timing_dahdi.
* Fix regression that changed behavior of queues when ringing a queue member.
Additionally, this release has the changes related to security bulletin
AST-2011-002 which can be found at
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
===========================================================================
1.6.2.16.2:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.
The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2
Security advisory AST-2011-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
=============================================================================
This package was submited as part of PR pkg/43929 which adds the Koha Integrated Library System
submitted by Edgar Fuß
-------------------------------------
SMS::Send is intended to provide a driver-based single API for sending SMS and
MMS messages. The intent is to provide a single API against which to write the
code to send an SMS message.
At the same time, the intent is to remove the limits of some of the previous
attempts at this sort of API, like "must be free internet-based SMS services".
SMS::Send drivers are installed seperately, and might use the web, email or
physical SMS hardware. It could be a free or paid. The details shouldn't matter.
You should not have to care how it is actually sent, only that it has been sent
(although some drivers may not be able to provide certainty).
sample per second world of E1s, T1s, and higher order PCM channels.
It contains low level functions, such as basic filters. It also
contains higher level functions, such as cadenced supervisory tone
detection, and a complete software FAX machine. The software has
been designed to avoid intellectual property issues, using mature
techniques where all relevant patents have expired. See the file
DueDiligence for important information about these intellectual
property issues.
to enable res_fax_spandsp.so. Don't bother with a PKGREVISION bump since
this doesn't change default builds and there is no need tobother people
that don't need the option.
pkgsrc: fix issue with patch for detecting sys/atomic.h
The Asterisk Development Team has announced the release of Asterisk 1.8.2.3.
The release of Asterisk 1.8.2.3 resolves the following issue:
* Reimplemented fax session reservation to reverse the ABI breakage introduced
in r297486.
(Reported by Jeremy Kister on the asterisk-users mailing list. Patched by
mnicholson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2.3
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
The release of Asterisk 1.8.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* 'sip notify clear-mwi' needs terminating CRLF.
(Closes issue #18275. Reported, patched by klaus3000)
* Patch for deadlock from ordering issue between channel/queue locks in
app_queue (set_queue_variables).
(Closes issue #18031. Reported by rain. Patched by bbryant)
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Fix reloading of peer when a user is requested. Prevent peer reloading from
causing multiple MWI subscriptions to be created when using realtime.
(Closes issue #18342. Reported, patched by nivek.)
* Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
so res_jabber doesn't think there is already an XMPP connection sending
device state. Also clean up CLI commands a bit.
(Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
* Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
setting peer->cdr = NULL, set it to not post.
(Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
* Fixes issue with outbound google voice calls not working. Thanks to az1234
and nevermind_quack for their input in helping debug the issue.
(Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2
The release of Asterisk 1.6.2.16 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Linux and *BSD disagree on the elements within the ucred structure. Detect
which one is in use on the system.
(Closes issue #18384. Reported, patched, tested by bjm, tilghman)
* app_followme: Don't create a Local channel if the target extension does not
exist.
(Closes issue #18126. Reported, patched by junky)
* Revert code that changed SSRC for DTMF.
(Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
Tested by cmbaker82)
* Resolve issue where REGISTER request with a Call-ID matching an existing
transaction is received it was possible that the REGISTER request would
overwrite the initreq of the private structure.
(Closes issue #18051. Reported by eeman. Patched, tested by twilson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
Don't bother bumping the version since it didn't build on DFBSD
before there is no binary package that could have changed, and this
doesn't change the binary packages on other systems.
The release of Asterisk 1.8.1.1 resolves two issues reported by the community
since the release of Asterisk 1.8.1.
* Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
setting peer->cdr = NULL, set it to not post.
(Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
* Fixes issue with outbound google voice calls not working. Thanks to az1234
and nevermind_quack for their input in helping debug the issue.
(Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1.1
Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.
Asterisk 1.8 is a long term support version (i.e. it will be
supported for four years with an additional year of security only
fixes). See:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
What's new:
Asterisk 1.8 is the next major release series of Asterisk.
The release of Asterisk 1.8.0 would not have been possible without the support
and contributions of the community. Since Asterisk 1.6.2, we've had over 500
reporters, more than 300 testers and greater than 200 developers contributed to
this release.
You can find a summary of the work involved with the 1.8.0 release in the
sumary:
http://svn.asterisk.org/svn/asterisk/tags/1.8.0/asterisk-1.8.0-summary.txt
A short list of available features includes:
* Secure RTP
* IPv6 Support in the SIP channel driver
* Connected Party Identification Support
* Calendaring Integration
* A new call logging system, Channel Event Logging (CEL)
* Distributed Device State using Jabber/XMPP PubSub
* Call Completion Supplementary Services support
* Advice of Charge support
* Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.digium.com/view/asterisk/branches/1.8/CHANGES?view=markup
For a full list of changes in the current release candidate, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.0
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.1.
The release of Asterisk 1.8.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue when using directmedia. Asterisk needs to limit the codecs offered
to just the ones that both sides recognize, otherwise they may end up sending
audio that the other side doesn't understand.
(Closes issue #17403. Reported, patched by one47. Tested by one47, falves11)
* Resolve issue where Party A in an analog 3-way call would continue to hear
ringback after party C answers.
(Patched by rmudgett)
* Fix playback failure when using IAX with the timerfd module.
(Closes issue #18110. Reported, tested by tpanton. Patched by jpeeler)
* Fix problem with qualify option packets for realtime peers never stopping.
The option packets not only never stopped, but if a realtime peer was not in
the peer list multiple options dialogs could accumulate over time.
(Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
jpeeler)
* Fix issue where it is possible to crash Asterisk by feeding the curl engine
invalid data.
(Closes issue #18161. Reported by wdoekes. Patched by tilghman)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1
- disable automatic Lua detection for now until lang/lua/builtin.mk exists
The release of Asterisk 1.6.2.15 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* When using chan_skinny, don't crash when parking a non-bridged call.
(Closes issue #17680. Reported, tested by jmhunter. Patched, tested by DEA)
* Add ability for Asterisk to try both the encoded and unencoded subscription
URI for a match in hints.
(Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman)
* Set the caller id on CDRs when it is set on the parent channel.
(Closes issue #17569. Reported, patched by tbelder)
* Ensure user portion of SIP URI matches dialplan when using encoded characters
(Closes issue #17892. Reported by wdoekes. Patched by jpeeler)
* Resolve issue where Party A in an analog 3-way call would continue to hear
ringback after party C answers.
(Patched by rmudgett)
* Fix problem with qualify option packets for realtime peers never stopping.
The option packets not only never stopped, but if a realtime peer was not in
the peer list multiple options dialogs could accumulate over time.
(Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
jpeeler)
* Multiple fixes related to Local channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.15
version 8.1.18 (Nov 11, 2010):
- install man pages read-only and improved the contributed redhat init
script - patches by Eric Biederman <ebiederm@aristanetworks.com>
- spec file improvements in contrib/redhat-rpm - patch by Jodok Ole
Muellers <jodok.muellers@aschendorff.de>
- GSS-API patch for client code - patch by Andras Horvath
<Andras.Horvath@cern.ch>
version 8.1.17 (Sep 29, 2009):
- fix for interface detection when HAVE_SA_LEN is defined - first
detected on NetBSD 5.0 and patched by Chris Ross
<cross+conserver@distal.com>
- first person to connect to a console wanting read/write now gets it
once the active user drops read/write - suggested by Thomas Gardner
<tmg@pobox.com>
- fix typo when setting nonblocking socket for client connections,
fixing stall issues - patch by Eric Biederman
<ebiederm@aristanetworks.com>
- GSS-API patch (--with-gssapi) to help with Kerberos tokens - patch by
Nate Straz <nstraz@redhat.com>
- authenticate username without @REALM when using GSS-API
(--with-striprealm) - based on patch by Andras Horvath
<Andras.Horvath@cern.ch>
- various contrib/redhat-rpm fixes - patch by Fabien Wernli
<wernli@in2p3.fr>
- fix handling of read(stdin) returning -1 in console client - patch by
Ed Swierk <eswierk@arastra.com>
patch-ac has been included upstream.
1.56 Mon Nov 15 21:00:00 CET 2010
- When sending messages in text mode, now we wait a bit
between the +CMSG command and the actual text.
Fixes RT #61729. Thanks to Boris Ivanov for the report.
- Added clear example of logging to a custom file
- Added a warning for not implemented _read_messages_text()
- Added a "assume_registered" option to skip GSM network
registration on buggy/problematic devices.
by Iain Hibbert:
- use libexpat instead of FreeBSD internal libbsdxml
- fix off by one error with busy spinner, which sometimes
resulted in a spurious backspace in the output
- fflush(stdout) for busy spinner
- print streaming statistics after transfers in client mode
- use HAVE_BT_DEVADDR rather than testing for __NetBSD__
- use bdaddr_any() functions instead of memcpy()
- allow server mode to bind to channel 0, indicating to the OS
that the first available channel should be used
- prevent busy loop bug if the socket is remotely closed causing
the read() to return 0 bytes
- fix some [unsigned comparison] compiler warnings
- provide connection ID for all get requests, improves compatibility
with remote windows mobile devices
The release of Asterisk 1.6.2.14 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where session timers would be advertised as supported even
when session-timers=refuse was set in sip.conf. Also fix
interoperability problems with session timer behavior in Asterisk.
(Closes issue #17005. Reported by alexcarey. Patched by dvossel)
* Parse all "Accept" headers for SIP SUBSCRIBE requests.
(Closes issue #17758. Reported by ibc. Patched by dvossel)
* Fix issue where queue stats would be reset on reload.
(Closes issue #17535. Reported by raarts. Patched by tilghman)
* Fix issue where MoH files were no longer rescanned on during a
reload.
(Closes issue #16744. Reported by pj. Patched by Qwell)
* Fix issue with dialplan pattern matching where the specificity for
pattern ranges and pattern characters was inconsistent.
(Closes issue #16903. Reported, patched by Nick_Lewis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14
a feature update, so users that are upgrading should read UPDATE.txt.
pkgsrc changes:
- update to 1.6.2.13
- bury the asterisk-sounds-extra inside this one to keep it in sync
- handle sound tarballs directly (upstream had changed this to do a
download during the install phase and dump files in $HOME)
- add new documentation files:
- asterisk.txt
- building_queues.txt
- database_transactions.txt
- followme.txt
========
1.6.2.13
========
This release resolves an issue where the .version and ChangeLog files were not
updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
other than the .version, ChangeLog and summary files.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13
========
1.6.2.12
========
The release of Asterisk 1.6.2.12 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue where DNID does not get cleared on a new call when using
immediate=yes with ISDN signaling.
(Closes issue #17568. Reported by wuwu. Patched by rmudgett)
* Several updates to res_config_ldap.
(Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
Tested by suretec)
* Prevent loss of Caller ID information set on local channel after masquerade.
(Closes issue #17138. Reported by kobaz, patched by jpeeler)
* Fix SIP peers memory leak.
(Closes issue #17774. Reported, patched by kkm)
* Add Danish support to say.conf.sample
(Closes issue #17836. Reported, patched by RoadKill)
* Ensure SSRC is changed when media source is changed to resolve audio delay.
(Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
* Only do magic pickup when notifycid is enabled.
A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
that a device is ringing. This option should only be enabled when the new
'notifycid' option is set, but this was not the case. Instead the call-id
value was included for every RINGING Notify message, which caused a
regression for people who used other methods for call pickup.
(Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
Tested by: dvossel, urosh, okrief, alecdavis)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12
========
1.6.2.11
========
The release of Asterisk 1.6.2.11 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Send DialPlanComplete as a response, not as a separate event. Otherwise, it
goes to all manager sessions and may exclude the current session, if the
Events mask excludes it.
(Closes issue #17504. Reported, patched by rrb3942)
* Allow the "useragent" value to be restored into memory from the realtime
backend. This value is purely informational. It does not alter configuration
at all.
(Closes issue #16029. Reported, patched by Guggemand)
* Fix rt(c)p set debug ip taking wrong argument Also clean up some coding
errors.
(Closes issue #17469. Reported, patched by wdoekes)
* Ensure channel placed in meetme in ringing state is properly hung up. An
outgoing channel placed in meetme while still ringing which was then hung up
would not exit meetme and the channel was not properly destroyed.
(Closes issue #15871. Reported, patched by Ivan)
* Correct how 100, 200, 300, etc. is said. Also add the crazy British numbers.
(Closes issue #16102. Reported, patched by Delvar)
* cdr_pgsql does not detect when a table is found. This change adds an ERROR
message to let you know when a failure exists to get the columns from the
pgsql database, which typically means that the table does not exist.
(Closes issue #17478. Reported, patched by kobaz)
* Avoid crashing when installing a duplicate translation path with a lower
cost.
(Closes issue #17092. Reported, patched by moy)
* Add missing handling for ringing state for use with queue empty options.
(Closes issue #17471. Reported, patched by jazzy)
* Fix reporting estimated queue hold time. Just say the number of seconds
(after minutes) rather than doing some incorrect calculation with respect to
minutes.
(Closes issue #17498. Reported, patched by corruptor)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11
========
1.6.2.10
========
The release of Asterisk 1.6.2.10 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Allow users to specify a port for DUNDI peers.
(Closes issue #17056. Reported, patched by klaus3000)
* Decrease the module ref count in sip_hangup when SIP_DEFER_BYE_ON_TRANSFER is
set.
(Closes issue #16815. Reported, patched by rain)
* If there is realtime configuration, it does not get re-read on reload unless
the config file also changes.
(Closes issue #16982. Reported, patched by dmitri)
* Send AgentComplete manager event for attended transfers.
(Closes issue #16819. Reported, patched by elbriga)
* Correct manager variable 'EventList' case.
(Closes issue #17520. Reported, patched by kobaz)
In addition, changes to res_timing_pthread that should make it more stable have
also been implemented.
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.10
=======
1.6.2.9
=======
The release of Asterisk 1.6.2.9 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix the PickupChan() application
(Closes issue #16863. Reported, patched by schern. Patched by cjacobsen.
Tested by Graber, cjacobsen, lathama, rickead2000, dvossel)
* Improve logging by displaying line number
(Closes issue #16303. Reported by dant. Patched by pabelanger. Tested by
dant, pabelanger, lmadsen)
* Notify CLI when modules are loaded/unloaded
(Closes issue #17308. Reported, patched by pabelanger. Tested by russell)
* Make the Makefile logic more explicit and move the Snow Leopard logic down to
where it's not executed on non-Darwin systems
(Closes issue #17028. Reported by pabelanger. Patched by seanbright,
tilghman. Tested by pabelanger)
* Manager cookies are not compatible with RFC2109. Make that no longer true.
(Closes issue #17231. Reported, patched by ecarruda)
* With IMAP backend, messages in INBOX were counted twice for MWI
(Closes issue #17135. Reported by edhorton. Patched by ebroad, tilghman)
* Fix possible segfault when logging
(Closes issue #17331. Reported, patched by under. Patched by dvossel)
* Fix memory hogging behavior of app_queue
(Closes issue #17081. Reported by wliegel. Patched by mmichelson)
* Allow type=user SIP endpoints to be loaded properly from realtime
(Closes issue #16021. Reported, patched by Guggemand)
Additionally, the following issue may be of interest:
* Fix transcode_via_sln option with SIP calls and improve PLC usage
(Review: https://reviewboard.asterisk.org/r/622/)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.9
=======
1.6.2.8
=======
The release of Asterisk 1.6.2.8 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Enable auto complete for CLI command 'logger set level'.
(Closes issue #17152. Reported, patched by pabelanger)
* Make the mixmonitor thread process audio frames faster.
(Closes issue #17078. Reported, tested by geoff2010. Patched by dhubbard)
* Add missing 'useragent' field to sip-friends.sql file.
(Closes issue #17171. Reported, patched by thehar)
* Add example dialplan for dialing ISN numbers (http://www.freenum.org)
(Closes issue #17058. Reported, patched by pprindeville)
* Fix issue with double "sip:" in header field.
(Closes issue #15847. Reported, patched by ebroad)
* Add ability to generate ASCII documentation from the TeX files by running
'make asterisk.txt'.
(Closes issue #17220. Reported by lmadsen. Tested, patched by pabelanger)
* When StopMonitor() is called, ensure that it will not be restarted by a
channel event.
(Closes issue #16590. Reported, patched by kkm)
* Small error in the T.140 RTP port verbose log.
(Closes issue #16998. Reported, patched by frawd. Tested by russell)
For a full list of changes in the current release, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.8
=======
1.6.2.7
=======
The release of Asterisk 1.6.2.7 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Include an extra newline after "Aliased CLI command" to get back the prompt.
(Issue #16978. Reported by jw-asterisk. Tested, patched by seanbright)
* Prevent segfault if bad magic number is encountered.
(Issue #17037. Reported, patched by alecdavis)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.7
=======
1.6.2.6
=======
The release of Asterisk 1.6.2.6 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Fix crash in app_voicemail related to message counting.
(Closes issue #16921. Reported, tested by whardier. Patched by seanbright)
* Overlap receiving: Automatically send CALL PROCEEDING when dialplan starts
(Reported, Patched, and Tested by alecdavis)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
* Fix ConfBridge crash when no timing module is loaded.
(Closes issue #16471. Reported, tested by kjotte. Patched, tested by junky)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.6
=======
1.6.2.5
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.5
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
=======
1.6.2.4
=======
The Asterisk Development Team has announced security releases for the following
versions of Asterisk:
* 1.6.2.4
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and 1.6.2.4
include documention describing a possible dialplan string injection with common
usage of the ${EXTEN} (and other expansion variables). The issue and resolution
are described in the AST-2010-002 security advisory.
If you have a channel technology which can accept characters other than numbers
and letters (such as SIP) it may be possible to craft an INVITE which sends data
such as 300&Zap/g1/4165551212 which would create an additional outgoing channel
leg that was not originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or the Dial()
application.
The expansion of variables into programmatically-interpreted strings is a common
behavior in many script or script-like languages, Asterisk included. The ability
for a variable to directly replace components of a command is a feature, not a
bug - that is the entire point of string expansion.
However, it is often the case due to expediency or design misunderstanding that
a developer will not examine and filter string data from external sources before
passing it into potentially harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if the dialplan
designer is not suitably cautious as to how foreign data is allowed to enter the
system unchecked.
This security release is intended to raise awareness of how it is possible to
insert malicious strings into dialplans, and to advise developers to read the
best practices documents so that they may easily avoid these dangers.
For more information about the details of this vulnerability, please read the
security advisory AST-2010-002, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.4
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in the top-level
directory of your Asterisk sources, or available in all Asterisk branches from
1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
=======
1.6.2.3
=======
Was never released.
=======
1.6.2.2
=======
The Asterisk Development Team has announced security releases for Asterisk as
the following versions:
* 1.6.2.2
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix
described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over SIP can remotely
crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value. The same crash will occur when
the FaxMaxDatagram field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please read the
security advisory AST-2009-009, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
=======
1.6.2.1
=======
The release of Asterisk 1.6.2.1 resolved several issues reported by the
community, and would have not been possible without your participation. Thank
you!
* CLI 'queue show' formatting fix.
(Closes issue #16078. Reported by RoadKill. Tested by dvossel. Patched by
ppyy.)
* Fix misreverting from 177158.
(Closes issue #15725. Reported, Tested by shanermn. Patched by dimas.)
* Fixes subscriptions being lost after 'module reload'.
(Closes issue #16093. Reported by jlaroff. Patched by dvossel.)
* app_queue segfaults if realtime field uniqueid is NULL
(Closes issue #16385. Reported, Tested, Patched by haakon.)
* Fix to Monitor which previously assumed the file to write to did not contain
pathing.
(Closes issue #16377, #16376. Reported by bcnit. Patched by dant.
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.1-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.1
=======
1.6.2.0
=======
The release of Asterisk 1.6.2.0 is the first feature release since Asterisk
1.6.1.0, which was released April 27, 2009. Many new features have been included
in this release. For a complete list of changes, please see the CHANGES file.
For those upgrading from a previous release, please see UPGRADE.txt
It should be explicitly stated that Asterisk 1.6.2.0 is a major upgrade over any
previous release, and special care should be taken when upgrading existing
systems. Please see the UPGRADE.txt file for more information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/UPGRADE.txt
A detailed overview to the new features available in Asterisk 1.6.2.0 are
forthcoming within the next few days. Please watch http://blogs.asterisk.org for
further information!
Below is a summary of several new features available in this release:
* chan_dahdi now supports MFC/R2 signaling when Asterisk is compiled with
support for LibOpenR2. http://www.libopenr2.org/
* Added a new 'faxdetect=yes|no' configuration option to sip.conf. When this
option is enabled, Asterisk will watch for a CNG tone in the incoming audio
for a received call. If it is detected, the channel will jump to the
'fax' extension in the dialplan.
* A new application, Originate, has been introduced, that allows asynchronous
call origination from the dialplan.
* Added ConfBridge dialplan application which does conference bridges without
DAHDI. For information on its use, please see the output of
"core show application ConfBridge" from the CLI.
* extensions.conf now allows you to use keyword "same" to define an extension
without actually specifying an extension. It uses exactly the same pattern
as previously used on the last "exten" line. For example:
exten => 123,1,NoOp(something)
same => n,SomethingElse()
* Asterisk now provides the ability to define custom CLI aliases. For example,
if you would like to define short form aliases for frequently used commands,
such as "sh ch" for "core show channels", that is now possible. See the
cli_aliases.conf configuration file for more information.
* Asterisk now has support for subscribing to the state of remote voice
mailboxes via SIP.
* Asterisk now includes expanded HD codec support. G.722.1 and G.722.1C
(Siren7/Siren14) passthrough, recording, and playback is now supported.
Transcoding will be made available via add-on modules soon for this version of
Asterisk.
This is just a subset of the changes available in this release. Please see the
CHANGES file for additional information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/CHANGES
A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.0-summary.txt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.0
1.53 Thu Apr 01 13:49:00 CET 2010
- ***CHANGED*** default log file position
from /var/log/modem.log to /tmp/modem.log.
Too many failed tests and user reports made me
reconsider my poor default choice.
- Added voice dialing. Just dialing though.
You can't perform real voice calls through Device::Modem (yet :)
Thanks to Marek Jaros.
- Added ';' (voice dialing) and 'p' (pause) as valid values
for dial() number.
1.52 Sun Mar 28 15:50:00 CET 2010
- Added automatic port reconnection in the port() method.
This should improve connection reliability and reduce risk
of "Can't call method XXXXXX on undefined value YYYYYY" errors.
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
* Provide compilation option for GTK+3 as well as GTK+2
* Make program configuration check for _POSIX_CLOCK_SELECTION as
well as _POSIX_MONOTONIC_CLOCK when checking the availability of
monotonic clocks for condition variables (corrects BSD builds)
* Ensure PIPE_BUF is defined in mainwindow.cpp (corrects Hurd build).
* Upgrade internal c++-gtk-utils version to 1.2.3.
Changes 3.2.2:
* Update internal copy of c++-gtk-utils to version 1.2.2 and fix
compilation error with gcc-4.5.0.
* Provide an automatic redial option where the modem is in use or
the recipient of a fax is busy.
* Get GUI to deal with a corner case where sending a fax from the
socket server to an empty number (open connection) is cancelled.
* Provide an error dialog if, on program start-up, a connection to
the dbus session message bus cannot be established.
* Use Cgu::start_timeout_seconds() instead of Cgu::start_timeout()
where glib supports it, and so bump c++-gtk-utils requirement to
version 1.2.1.
The Asterisk releases for 1.6.0.28 and 1.6.1.20 are the last maintenance
releases for Asterisk branches 1.6.0 and 1.6.1 and have now moved to security
maintenance only.
The releases of Asterisk 1.6.0.28 and 1.6.1.20 resolves several issues reported
by the community, and would have not been possible without your participation.
Thank you!
The following are a few of the issues resolved by community developers:
* Fix issue where MixMonitor() recordings would be shorter than total duration
.
(Closes issue #17078. Reported,tested by geoff2010. Patched by dhubbard)
* When StopMonitor() is called, ensure it will not be restarted by a channel
event.
(Closes issue #16590. Reported, patched by kkm)
* Allow hidecalleridname feature to work.
(Closes issue #17143. Reported, patched by djensen99)
* Resolve deadlocks in chan_local.
(Closes issue #17185. Reported, tested by schmoozecom, GameGamer43)
* Ensure channel state is not incorrectly set in the case of a very early
answer by chan_dahdi.
(Closes issue #17067. Reported, patched by tzafrir)
* Registration fix for SIP realtime. Make sure realtime fields are not empty.
(Closes issue #17266. Reported, patched by Nick_Lewis. Tested by sberney)
Information about the Asterisk maintenance schedule is available at:
http://www.asterisk.org/asterisk-versions
For a full list of changes in the current release candidates, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.20
bug fix releases. At this point the 1.6.1 series is going to
security fixes only. That means this package will be moving to
the 1.6.2 series in the near future.
-----
1.6.1.18:
The following are a few of the issues resolved by community developers:
* Make sure to clear red alarm after polarity reversal.
(Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
Chainsaw, mikeeccleston)
* Fix problem with duplicate TXREQ packets in chan_iax2.
(Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)
* Update documentation to not imply we support overriding options.
(Closes issue #16855. Reported by davidw)
* Modify queued frames from Local channels to not set the other side to up.
(Closes issue #16816. Reported, tested by jamhed)
* For T.38 reINVITEs treat a 606 the same as a 488.
(Closes issue #16792. Reported, patched by vrban)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.18
-----
1.6.1.19:
The following are a few of the issues resolved by community developers:
* Fix building CDR and CEL SQLite3 modules.
(Closes issue #17017. Reported by alephlg. Patched by seanbright)
* Resolve crash in SLAtrunk when the specified trunk doesn't exist.
(Reported in #asterisk-dev by philipp64. Patched by seanbright)
* Update code to reflect that handle_speechset has 4 arguments.
(Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
mmichelson)
* Pass the PID of the Asterisk process, not the PID of the canary.
(Closes issue #17065. Reported by globalnetinc. Patched by makoto. Tested by
frawd, globalnetinc)
* Resolve a deadlock in chan_local.
(Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.19
systems come with LDAP support built-in. This has no effect on
such systems. However, on older systems, it will pull in
openldap-client. But, a builder may still disable the option if
they wish. This fixes:
PR pkg/41987 - Robert Elz -- comms/asterisk16 PLIST problem
This is to get 0.12.5 out with the new Calendar code so J-Pilot
can get their release out. I will be dropping a 0.12.5.1 release
shortly after this with the patches rolled up from 0.12.4 to current
pushed in.
- mark as destdir ready
XXX The Makefile has a comment saying that "this program" is licensed
under GPL. There is a README file saying that the sounds are licensed
under a BSD licence. Need to check for updates and/or contact upstream
for clarification and a proper licence file.
XXX The PLIST needs some serious TLC.
AST-2010-003. AST-2010-002 was just a warning about dialplan
scripting errors that could lead to security issues.
Asterisk 1.6.1.13: general bug fixes
Asterisk 1.6.1.14: fix AST-2010-001
Asterisk 1.6.1.15: not released, skipped for security releases
Asterisk 1.6.1.16: fix AST-2010-002
Asterisk 1.6.1.17: fix AST-2010-003
Note that the only change in Asterisk 1.6.1.16 was the addtion of
a README file. However, the package doesn't install random docs.
That is planned for a future update seperate from the upstream
updates.
-----
Asterisk 1.6.1.13:
The release of Asterisk 1.6.1.13 resolved several issues reported
by the community, and would have not been possible without your
participation. Thank you!
* Restarts busydetector (if enabled) when DTMF is received after
call is bridged
(Closes issue #16389. Reported, Tested, Patched by alecdavis.)
* Send parking lot announcement to the channel which parked the
call, not the park-ee.
(Closes issue #16234. Reported, Tested by yeshuawatso. Patched
by tilghman.)
* When the field is blank, don't warn about the field being unable
to be coerced just skip the column.
(Closes
http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html)
Reported by Nic Colledge on the -dev list.)
* Don't queue frames to channels that have no means to process
them.
(Closes issue #15609. Reported, Tested by aragon. Patched by
tilghman.)
* Fixes holdtime playback issue in app_queue.
(Closes issue #16168. Reported, Patched by nickilo. Tested by
wonderg, nickilo.)
A summary of changes in this release can be found in the release
summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t
xt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13
-----
Asterisk 1.6.1.14:
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include
the fix described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over
SIP can remotely crash Asterisk by modifying the FaxMaxDatagram
field of the SDP to contain either a negative or exceptionally
large value. The same crash will occur when the FaxMaxDatagram
field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please
read the security advisory AST-2009-009, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
-----
Asterisk 1.6.1.16:
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and
1.6.2.4 include documention describing a possible dialplan string
injection with common usage of the ${EXTEN} (and other expansion
variables). The issue and resolution are described in the AST-2010-002
security advisory.
If you have a channel technology which can accept characters other
than numbers and letters (such as SIP) it may be possible to craft
an INVITE which sends data such as 300&Zap/g1/4165551212 which
would create an additional outgoing channel leg that was not
originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or
the Dial() application.
The expansion of variables into programmatically-interpreted strings
is a common behavior in many script or script-like languages,
Asterisk included. The ability for a variable to directly replace
components of a command is a feature, not a bug - that is the entire
point of string expansion.
However, it is often the case due to expediency or design
misunderstanding that a developer will not examine and filter string
data from external sources before passing it into potentially
harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if
the dialplan designer is not suitably cautious as to how foreign
data is allowed to enter the system unchecked.
This security release is intended to raise awareness of how it is
possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may
easily avoid these dangers.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-002, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in
the top-level directory of your Asterisk sources, or available in
all Asterisk branches from 1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
-----
Asterisk 1.6.1.17:
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve
an issue with invalid parsing of ACL (Access Control List) rules
leading to a possible compromise in security. The issue and resolution
are described in the AST-2010-003 security advisory.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-003, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
-----
- obexapp does not now require GNU libiconv (this was in pkgsrc already)
- compiler errors fixed
- no longer tries to provide username/groupname in file listings (info
not available in chroot)
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010. The
problem in AST-2009-008 is:
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of "403 Authentication user name does not
match account name". If the peer does not exist the response will
be "404 Not Found" if alwaysauthreject is disabled and "401
Unauthorized" if alwaysauthreject is enabled.
-----
And, the problem in AST-2009-010 is:
-----
An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.
-----
and update PLIST for new Music On Hold files.
1.6.1.8 fixes AST-2009-007.
-----
A missing ACL check for handling SIP INVITEs allows a device to
make calls on networks intended to be prohibited as defined by the
"deny" and "permit" lines in sip.conf. The ACL check for handling
SIP registrations was not affected.
-----
1.6.1.9 fixes AST-2009-008 and AST-2009-009.
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of 403 Authentication user name does not
match account name. If the peer does not exist the response will
be 404 Not Found if alwaysauthreject is disabled and 401 Unauthorized
if alwaysauthreject is enabled.
-----
Asterisk includes a demonstration AJAX based manager interface,
ajamdemo.html which uses the prototype.js framework. An issue was
uncovered in this framework which could allow someone to execute
a cross-site AJAX request exploit.
mktemp(1) to avoid symlink vulnerabilities in tmp file/directory
creation/removal (mitre.org CVE-2008-4936). Named 1.1.36nb1 to
emphasize difference from upstream.
Commit ok'd by agc@.
pkgsrc changes:
- Adjusting dependencies
- Adding license definition
Upstream changes:
1.54 Sun Sep 6 10:44:53 CEST 2009
- Fixed RT #31565, incorrect decoding of outgoing messages
due to incorrect removal of zero-length octet in PDU.
Thanks to Svami Dhyan Nataraj.
1.53 Fri Aug 14 21:43:37 CEST 2009
- Fixed RT #48700, deleting SMS message with index 0 didn't work.
Thanks to Vytas M. for reporting the bug.
- 1.6.1.6 fixes AST-2009-006 which is an IAX2 DOS vulnerability
- 1.6.1.5 contains a variety of bug fixes:
Category: Applications/app_chanspy
#15660: ChanSpy "whisper" is broken in 1.4.26
Category: Applications/app_fax
#15606: app_fax.c is not compiling under OpenBSD
#15610: T.38 re-INVITE received after T.38 already negotiated fails
Category: Applications/app_milliwatt
#15386: [patch] Milliwatt() is off by -11dbm
Category: Applications/app_mixmonitor
#15699: [patch] using ast_free instead of mixmonitor_free
Category: Applications/app_queue
#14536: [patch] After a caller is processed by app_queue the queue_log
logs the hangup as TRANSFER
#15664: [patch] QUEUE_MEMBER_LIST() returns member names instead of
Category: Applications/app_stack
#15557: [patch] Gosub() dequotes once more than Macro()
#15617: [patch] crash in LOCAL() if Gosub stack is allocated but empty
Category: Applications/app_voicemail
#15717: MWI is not sent to a SIP phone upon registration, but is after the
mailbox is updated/checked
#15720: opendir() return code is not checked in last_message_index()
Category: Applications/app_voicemail/IMAP
#14496: [patch] IMAP crash multiple callers / callers hangup at beep
#14597: greetings can not be retrieved from IMAP
#14950: [patch] Greetings are stored as IMAP messages even when
imapgreetings=no
#15729: IMAP greetings not stored in dovecot
Category: CDR/General
#15751: [patch] Core dump in ast_bridge_call features.c line 2772
Category: Channels/chan_agent
#15668: AGENTACCEPTDTMF is incorrectly spelled as AGENTACCEPTDMTF in code
to recognize channel variables.
Category: Channels/chan_dahdi
#15655: [patch] Dialplan starts execution before call is accepted
#15727: [patch] Message Waiting Indication(MWI) is randomly generated when
FXO is set to DTMF Caller ID
Category: Channels/chan_misdn
#12113: [patch] asterisk crash at reload chan_misdn.so
Category: Channels/chan_sip/General
#12869: [patch] 'context' doesn't change when 'sip reload' issued when
driven from realtime
#15362: [patch] log message output is truncated
#15596: [patch] all codecs allowed, but textsupport=no crashes on T140RED
enabled call
Category: Channels/chan_sip/Registration
#14366: [patch] Registration expiry not compatible with some ITSP
#15539: [patch] Register request line contains wrong address when domain
and registrar host differ
Category: Channels/chan_sip/T.38
#15182: [patch] T.38 invite does not always comply with RFC 2327
Category: Channels/chan_sip/Video
#15121: [patch] Video support in SIP channel driver appears to be totally
broken
Category: Core/BuildSystem
#15697: most cleaner alaw don't compile
#15698: [patch] If enable DEBUG_FD_LEAKS - h323 can't start.
#15714: [patch] Asterisk won't build with curl unless curl_config is
present
Category: Core/General
#14730: [patch] Fix runlevels in Debian rc files
#15273: [patch] german time (20:01:00 oh clock) is announced wrong
#15649: T38 Faxing failing on 1.6.1 svn
#15667: LOGGER WARNING : error executing after rotate
Category: Core/ManagerInterface
#15397: [patch] segfault in action_coreshowchannels() at manager.c
#15730: [patch] manager keeps creating /tmp/ast-ami-XXXXXX files (without
deleting) when a single manager client remains logged in
Category: Core/PBX
#15242: [patch] log does not indicate which function is missing closing
parenthesis
Category: Documentation
#15755: Description in queues.conf on call recording is slightly
misleading
Category: Functions/func_iconv
#15169: When building with uClibc, configure script mistakenly assumes
iconv is always available
Category: General
#15571: [patch] 'received' typos in trunk, in 6 files
#15595: [patch] fix spelling for typos, mainly in comments.
Category: PBX/pbx_dundi
#15322: [patch] DUNDILOOKUP() does not accept comma as argument separator
Category: Resources/General
#15624: res_ais, communication ok, but wrong state send and receive.
Category: Resources/res_config_ldap
#13725: [patch] ERROR[7387]: res_config_ldap.c:1292 update_ldap: Couldn't
modify dn:cn=1001,dc=xxx,dc=xxx because Invalid syntax
#15710: Typo in LDAP schema files on line 598
Category: Resources/res_musiconhold
#15051: [patch] Moh class set in the dialplan is ignored with realtime moh
----------------------------------------------------------------------
Commits Not Associated with an Issue
[Back to Top]
This is a list of all changes that went into this release that did not
directly close an issue from the issue tracker. The commits may have been
marked as being related to an issue. If that is the case, the issue
numbers are listed here, as well.
+------------------------------------------------------------------------+
| Revision | Author | Summary | Issues |
| | | | Referenced |
|----------+------------+-----------------------------------+------------|
| | | Restore explicit export of | |
| 209058 | kpfleming | ASTCFLAGS/ASTLDFLAGS and | |
| | | underscore-variants to sub-makes. | |
|----------+------------+-----------------------------------+------------|
| 209237 | mmichelson | Gracefully handle malformed RTP | |
| | | text packets. | |
|----------+------------+-----------------------------------+------------|
| 209262 | kpfleming | Make T.38 switchover in | |
| | | ReceiveFAX synchronous. | |
|----------+------------+-----------------------------------+------------|
| 209281 | kpfleming | Cleanup T.38 negotiation changes. | |
|----------+------------+-----------------------------------+------------|
| 209327 | tilghman | Publish French extra sounds | |
|----------+------------+-----------------------------------+------------|
| | | Fix some places where | |
| 209714 | russell | ast_event_type was used instead | |
| | | of ast_event_ie_type. | |
|----------+------------+-----------------------------------+------------|
| 209781 | kpfleming | Minor changes inspired by testing | |
| | | with latest GCC. | |
|----------+------------+-----------------------------------+------------|
| 209900 | russell | Resolve a valgrind warning about | #15396 |
| | | a read from uninitialized memory. | |
|----------+------------+-----------------------------------+------------|
| 211115 | russell | Resolve a deadlock involving | |
| | | app_chanspy and masquerades. | |
|----------+------------+-----------------------------------+------------|
| 211277 | tilghman | Small oops. Clear the flags which | |
| | | have been checked. | |
|----------+------------+-----------------------------------+------------|
| 211569 | tilghman | AST-2009-005 | |
|----------+------------+-----------------------------------+------------|
| 211586 | tilghman | Conversion specifiers, not format | |
| | | specifiers | |
|----------+------------+-----------------------------------+------------|
| | | Check an actual populated | |
| 212069 | file | variable when seeing if we need | |
| | | to do video or not. | |
|----------+------------+-----------------------------------+------------|
| | | Ensure that T38FaxVersion is put | |
| 212115 | kpfleming | into outgoing SDP in the proper | |
| | | case. | |
|----------+------------+-----------------------------------+------------|
| 212386 | seanbright | Handle slin16 for extra sounds as | |
| | | well. | |
|----------+------------+-----------------------------------+------------|
| 212768 | rmudgett | Removed some deadwood and added | |
| | | some doxygen comments. | |
|----------+------------+-----------------------------------+------------|
| | | Make the default extconfig.conf | |
| 212862 | tilghman | match entries with the sample | |
| | | res_mysql.conf. | |
|----------+------------+-----------------------------------+------------|
| 212928 | kpfleming | Convert this branch to Opsound | |
| | | music-on-hold. | |
|----------+------------+-----------------------------------+------------|
| | | Remove some | |
| 212942 | kpfleming | accidentally-committed | |
| | | properties. | |
|----------+------------+-----------------------------------+------------|
| 213449 | twilson | Make LOAD_ORDER actually work | |
|----------+------------+-----------------------------------+------------|
| 213452 | twilson | Oops, committed this first. Make | |
| | | the merged property happy | |
|----------+------------+-----------------------------------+------------|
| | | Make autoheader descriptions | |
| 214365 | tilghman | render correctly in our | #14906 |
| | | autoconfig.h file. | |
|----------+------------+-----------------------------------+------------|
| | | One more build system change, to | |
| 214496 | tilghman | make the descriptions look | |
| | | better, if we have better | |
| | | information. | |
+------------------------------------------------------------------------+
Memory usage was reduced. Tons of bugs were fixed. Support for
reading messages from Motorola phones was improved.
Also BlueTooth support was improved.
20090709 - 1.25.0
[-] * Retry on timeout of usb transfer (bug #940).
[-] * Disable AT OBEX for Motorola PEBL U6 (bug #939).
[-] * Disable AT OBEX for Samsung J700 (bug #948).
[-] * Empty memory entry has length 0 (bug #947).
[-] * Handle some more fields from Nokia phonebook (bug #946), thanks to Will Sowerbutts.
20090624 - 1.24.92
[-] * Fix distutils build (bug #916).
[-] * Detect when phone does not support ATE1 (bug #918).
[-] * Do not use OBEX on Motorola L7 (bug #912).
[-] * Reinclude full SMS text in comments in backup (bug #905).
[-] * Disable AT OBEX for Samsung J750 and J700 (bug #856).
[-] * Avoid shadowing C++ bool definition (bug #920).
[-] * Do not disable CLIP for all SE phones.
[-] * Add ID for Nokia 1209.
[-] * Catch busy error from Nokia phones (bug #932, thanks to Walter Doekes).
20090527 - 1.24.91
[-] * Fix code problems caught by GCC 4.5.
[-] * Compile static libraries with -fPIC (they might be later linked
into shared ones) (bug #909).
[-] * Handle own number error code in 6510 driver (bug #910).
[-] * Add ID for Nokia 5220 (bug #910).
[-] * Handle SMSC error code in 6510 driver (bug #910).
[-] * Disable gcc warnings about non literal format strings (bug #901).
[-] * Add more fuzzy logic to detect bad encoding from phone (bug #874).
[-] * Add ID for Nokia 7500 and Nokia 7210s.
[-] * Improve searching for Bluetooth stack on OS X.
[-] * Fix ctype compile time warnings on NetBSD (bug #908).
[-] * Nokia 3110c has SMS on filesystem (bug #904).
[-] * Add ID for Nokia 5130 (bug #911).
[-] * Faster reading of Nokia filesystem.
[!] * New PDU decoder which properly parses PDU data.
[!] * AT driver uses new PDU decoder.
[!] * 6510 driver uses new PDU decoder and understands most formats of
filesystem Nokia SMS messages (bug #911).
20090512 - 1.24.90
[-] * Fix checking for MPBR (bug #873).
[-] * Fix reading of calls with wrong timestamp (bug #872).
[-] * Increase timeout for IrDA phonet (bug #867).
[-] * Better detect some weird phone states (bug #866).
[-] * Fix handling of caller group in Python bindings (bug #870).
[-] * Correctly detect empty entries from Motorola.
[-] * Better error reporting from at-charset test.
[+] * smsd-inject now shows ID of injected message.
[-] * Fix decoding of date in Nokia phonebooks (bug #876).
[-] * Fix detection of SMS message memories in AT (bug #875).
[-] * Improve documentation for savefile (bug #893).
[-] * Add stricter check for DBI version (bug #894).
* Fix regression in 3.0.19 which causes incorrect fault handling if
efax-gtk is given an invalid postscript file.
* Provide new Emitter/EmitterArg and SafeEmitter/SafeEmitterArg
classes for thread-safe signalling.
* Provide a Callback::post() function which provides for thread-safe
disconnection of a callback if the object whose method it
encapsulates has been destroyed.
Changes 3.0.19:
* If the gtk+ version is >= 2.8.0 and X11 is the backend, use gdk
X11 functions to move the program window to the current workspace
if the user tries to start another instance.
* Include gtk/gtk.h, gdk/gdk.h and glib.h instead of individual
gtk+/glib header files.
* Correct failure to print or view logfile if the logfile user
setting does not have an absolute path name.
* Allow choice of priorities in Callback::post() function. Provide
Callback::Functor class wrapping Callback objects and further
generalise Callback objects.
* Improve iconified tracking.
* Correct the order in which tests based on the definitions in
config.h are carried out, when choosing header files to be included.
* Include fsync() call after flushing fdoutbuf stream buffer.
* Minor code layout improvements.
pkgsrc change: restore checksums for ilbc files.
This release has been made to address one or more security vulnerabilities
that have been identified. A security advisory document has been published
for each vulnerability that includes additional information. Users of
versions of Asterisk that are affected are strongly encouraged to review
the advisories and determine what action they should take to protect their
systems from these issues.
Security Advisories: AST-2009-004
Last-minute fixes before releasing 0.12.4
Fix for Sony SJ-22 device sync (fixes bug #1957 filed at
bugs.pilot-link.org)
Updated documentation to reflect a cleaner layout and output
(closes bug #1913 in the bugtracker at bugs.pilot-link.org
Integrate jpilot's contacts support. See
http://lists.pilot-link.org/pipermail/pilot-link-devel/2009-February/001762.html
Adding CalendarDB support to pilot-link
Adding minor tweak for m4 macro optimizations
Minor fix for a buffer size miscalculation (from Nicholas Piper)
Adding missing newline at the end of the file.
pi-debug.h, pi-threadsafe.h: Cleaning up unnecessary references
to config.h here.
Added pi-md5.h.in
generates pi-md5.h
Now autogenerated from pi-md5.h.in
Add minor fix for reported segfault when closing down bluetooth
connection. This closes bug #1872
UINT32 was broken on 64-bit systems. This should fix it on most
systems.
Increment ChangeLog to test/validate an LDAP permission issue
with LockDir
Implementing a Zire 22 fix from Tom Billiet
Bump for 0.12.4
Added Aaron's fixes (oof! This has been in the queue for awhile.
Sorry Aaron). This closes bug #1448.
Bluetooth detection on BSD is much improved so the patches are no longer
required. They got it wrong though, so one patch added (I also fed that
upstream)
while here,
include LICENSE=gnu-lgpl-v2
update HOMEPAGE=http://www.openobex.org/
Shared directories can now be created independently by the pacakges
needing them and will be removed automatically by pkg_delete when empty.
Packages needing empty directories can use the @pkgdir command in PLIST.
Discussed and ok'd in thread starting at
http://mail-index.netbsd.org/tech-pkg/2009/06/30/msg003546.html
- Updating package for p5 module Device::Modem from 1.50nb1 to 1.51
- Setting license to perl license (according to module POD)
Upstream changes:
1.51 Sun Jul 5 09:46:08 CEST 2009
- Fixed documentation for answer() method, timeout was declared
to be in seconds instead of milliseconds.
Thanks to Mikko Puisto for reporting.
- Updating package for p5 module asterisk-perl from 0.10nb1 to 1.01
- Adjusting license to artistic
- Fix destdir support
Upstream changes:
1.01 Fix 2 typos in Asterisk::Manager (Thanks Denis Smirnov)
1.00 Fix AGI readresponse so if ReadParse isn't manually run, the first
command output will be returned
Fix AGI say_datetime_all so it works correctly (pointed out by
Sergey Basmanov)
Fix Manager sendcommand problem. Reported by numerous people but
patch used from Tilghman Lesher
Fix warning from being printed if AGI verbose is used without level
------------------------------------------------------------------------------
--- Functionality changes from Asterisk 1.6.0 to Asterisk 1.6.1 -------------
------------------------------------------------------------------------------
Device State Handling
---------------------
* The event infrastructure in Asterisk got another big update to help support
distributed events. It currently supports distributed device state and
distributed Voicemail MWI (Message Waiting Indication). A new module has
been merged, res_ais, which facilitates communicating events between servers.
It uses the SAForum AIS (Service Availability Forum Application Interface
Specification) CLM (Cluster Management) and EVT (Event) services to maintain
a cluster of Asterisk servers, and to share events between them. For more
information on setting this up, see doc/distributed_devstate.txt.
Dialplan Functions
------------------
* Added a new dialplan function, AST_CONFIG(), which allows you to access
variables from an Asterisk configuration file.
* The JACK_HOOK function now has a c() option to supply a custom client name.
* Added two new dialplan functions from libspeex for audio gain control and
denoise, AGC() and DENOISE(). Both functions can be applied to the tx and
rx directions of a channel from the dialplan.
* The SMDI_MSG_RETRIEVE function now has the ability to search for SMDI messages
based on other parameters. The default is still to search based on the
forwarding station ID. However, there are new options that allow you to search
based on the message desk terminal ID, or the message desk number.
* TIMEOUT() has been modified to be accurate down to the millisecond.
* ENUM*() functions now include the following new options:
- 'u' returns the full URI and does not strip off the URI-scheme.
- 's' triggers ISN specific rewriting
- 'i' looks for branches into an Infrastructure ENUM tree
- 'd' for a direct DNS lookup without any flipping of digits.
* TXCIDNAME() has a new zone-suffix parameter (which defaults to 'e164.arpa')
* CHANNEL() now has options for the maximum, minimum, and standard or normal
deviation of jitter, rtt, and loss for a call using chan_sip.
DAHDI channel driver (chan_dahdi) Changes
----------------------------------------
* Channels can now be configured using named sections in chan_dahdi.conf, just
like other channel drivers, including the use of templates.
* The default for pridialplan has changed from 'national' to 'unknown'.
PBX Changes
-----------
* It is now possible to specify a pattern match as a hint. Once a phone subscribes
to something that matches the pattern a hint will be created using the contents
and variables evaluated.
* Dialplan matching has been extended to allow an extension to return to the
PBX core to wait for more digits. This is done by using the new dialplan
application called "Incomplete". This will permit a whole new level of
extension control, by giving the administrator more control over early
matches employing one of the short-circuit pattern match operators. Note
that custom applications can trigger this same behavior by returning the
special value AST_PBX_INCOMPLETE.
The dial() application
----------------------
* Dial has a new option: F(context^extension^pri), which permits a callee to
continue in the dialplan, at the specified label, if the caller hangs up.
* The Dial() application no longer copies the language used by the caller to the callee's
channel. If you desire for the caller's channel's language to be used for file playback
to the callee, then the file specified may be prepended with "${CHANNEL(language)}/" .
The chanspy() application
-------------------------
* ChanSpy and ExtenSpy have a new option, 's' which suppresses speaking the
technology name (e.g. SIP, IAX, etc) of the channel being spied on.
* Chanspy has a new option, 'B', which can be used to "barge" on a call. This is
like the pre-existing whisper mode, except that the spy can also talk to the
participant on the bridged channel as well.
* Chanspy has a new option, 'n', which will allow for the spied-on party's name
to be spoken instead of the channel name or number. For more information on the
use of this option, issue the command "core show application ChanSpy" from the
Asterisk CLI.
* Chanspy has a new option, 'd', which allows the spy to use DTMF to swap between
spy modes. Use of this feature overrides the typical use of numeric DTMF. In other
words, if using the 'd' option, it is not possible to enter a number to append to
the first argument to Chanspy(). Pressing 4 will change to spy mode, pressing 5 will
change to whisper mode, and pressing 6 will change to barge mode.
Other Application Changes
-------------------------
* Directory now permits both first and last names to be matched at the same
time. In addition, the number of digits to enter of the name can be set in
the arguments to Directory; previously, you could enter only 3, regardless
of how many names are in your company. For large companies, this should be
quite helpful.
* Voicemail now permits a mailbox setting to wrap around from first to last
messages, if the "messagewrap" option is set to a true value.
* Voicemail now permits an external script to be run, for password validation.
The script should output "VALID" or "INVALID" on stdout, depending upon the
wish to validate or invalidate the password given. Arguments are:
"mailbox" "context" "oldpass" "newpass". See the sample voicemail.conf for
more details
* The voicemail externnotify script now accepts an additional (last) parameter
containing the number of urgent messages in the INBOX.
* The Jack application now has a c() option to supply a custom client name.
* ExternalIVR now takes several options that affect the way it performs, as
well as having several new commands. Please see doc/externalivr.txt for the
complete documentation.
* Added ability to communicate over a TCP socket instead of forking a child process for the
ExternalIVR application.
* ChanIsAvail has a new option, 'a', which will return all available channels instead
of just the first one if you give the function more then one channel to check.
* PrivacyManager now takes an option where you can specify a context where the
given number will be matched. This way you have more control over who is allowed
and it stops the people who blindly enter 10 digits.
* ForkCDR has new options: 'a' updates the answer time on the new CDR; 'A' locks
answer times, disposition, on orig CDR against updates; 'D' Copies the disposition
from the orig CDR to the new CDR after reset; 'e' sets the 'end' time on the
original CDR; 'R' prevents the new CDR from being reset; 's(var=val)' adds/changes
the 'var' variable on the original CDR; 'T' forces ast_cdr_end(), ast_cdr_answer(),
obey the LOCKED flag on cdr's in the chain, and also the ast_cdr_setvar() func.
* SendImage() no longer hangs up the channel on error; instead, it sets the
status variable SENDIMAGESTATUS to one of 'SUCCESS', 'FAILURE', or
'UNSUPPORTED'. This change makes SendImage() more consistent with other
applications.
* Park has a new option, 's', which silences the announcement of the parking space number.
* A non-numeric, zero, or negative timeout specified to Dial() will now be interpreted as
invalid input and will be assumed to mean that no timeout is desired.
SIP Changes
-----------
* Added DNS manager support to registrations for peers referencing peer entries.
DNS manager runs in the background which allows DNS lookups to be run asynchronously
as well as periodically updating the IP address. These properties allow for
better performance as well as recovery in the event of an IP change.
* Performance improvements via using hash tables (astobj2) and doubly-linked lists to improve
load/reload of large numbers of peers/users by ~40x (for large lists of peers.
Initially, we saw 4x improvement in call setup/destruction, but at the time
of merging, this gain has disappeared; further research will be done to try
and restore this performance improvement. Astobj2 refcounting is now used
for users, peers, and dialogs. Users are encouraged to assist in regression
testing and problem reporting!
* Added ability to specify registration expiry time on a per registration basis in
the register line.
* Added support for Realtime Text redundancy - T140 RED - in T.140 to
prevent text loss due to lost packets.
* Added t38pt_usertpsource option. See sip.conf.sample for details.
* Added SIPnotify AMI command, for sending arbitrary SIP notify commands.
* 'sip show peers' and 'sip show users' display their entries sorted in
alphabetical order, as opposed to the order they were in, in the config
file or database.
* Videosupport now supports an additional option, "always", which always sets
up video RTP ports, even on clients that don't support it. This helps with
callfiles and certain transfers to ensure that if two video phones are
connected, they will always share video feeds.
IAX Changes
-----------
* Existing DNS manager lookups extended to check for SRV records.
* IAX2 encryption support has been improved to support periodic key rotation
within a call for enhanced security. The option "keyrotate" has been
provided to disable this functionality to preserve backwards compatibility
with older versions of IAX2 that do not support key rotation.
CLI Changes
-----------
* New CLI command, "config reload <file.conf>" which reloads any module that
references that particular configuration file. Also added "config list"
which shows which configuration files are in use.
* New CLI commands, "pri show version" and "ss7 show version" that will
display which version of libpri and libss7 are being used, respectively.
A new API call was added so trunk will now have to be compiled against
a versions of libpri and libss7 that have them or it will not know that
these libraries exist.
* The commands "core show globals", "core set global" and "core set chanvar" has
been deprecated in favor of the more semanticly correct "dialplan show globals",
"dialplan set chanvar" and "dialplan set global".
* New CLI command "dialplan show chanvar" to list all variables associated
with a given channel.
DNS manager changes
-------------------
* Addresses managed by DNS manager now can check to see if there is a DNS
SRV record for a given domain and will use that hostname/port if present.
AMI - The manager (TCP/TLS/HTTP)
--------------------------------
* The Status action now takes an optional list of variables to display
along with channel status.
ODBC Changes
------------
* res_odbc no longer has a limit of 1023 total possible unshared connections,
as some people were running into this limit. This limit has been increased
to 4.2 billion.
Queue changes
-------------
* The TRANSFER queue log entry now includes the caller's original position in
the transferred-from queue.
* A new configuration option, "timeoutpriority" has been added. Please see the section
labeled "QUEUE TIMING OPTIONS" in configs/queues.conf.sample for a detailed explanation
of the option as well as an explanation about timeout options in general
Realtime changes
----------------
* Several (ODBC, Postgres, MySQL, SQLite) realtime drivers have been given
adaptive capabilities. What this means in practical terms is that if your
realtime table lacks critical fields, Asterisk will now emit warnings to
that effect. Also, some of the realtime drivers have the ability (if
configured) to automatically add those columns to the table with the
correct type and length.
Miscellaneous
-------------
* The channel variable ATTENDED_TRANSFER_COMPLETE_SOUND can now be set using
the 'setvar' option to cause a given audio file to be played upon completion
of an attended transfer. Currently it works for DAHDI, IAX2, SIP, and
Skinny channels only.
* You can now compile Asterisk against the Hoard Memory Allocator, see doc/hoard.txt
for more information.
* Config file variables may now be appended to, by using the '+=' append
operator. This is most helpful when working with long SQL queries in
func_odbc.conf, as the queries no longer need to be specified on a single
line.
hardware support, so it can't replace comms/asterisk. However,
apparently there is demand for this version, so wiz@ suggested it
be imported here into comms/asterisk16. The latest version is
1.6.1.1, but I won't have time to update all the patches before the
freeze. I'll update to that version sometime after the freeze when
I get a chance.
Python bindings for Gammu library. The bindings currently do not
support all Gammu features, but the range of covered functions is
increasing. If you need something specific, feel free to use the
bug tracking system for feature requests.
- do not build the python bindings, they're python version dependant
and should be built separately
- move common parts from Makefile into Makefile.common for use by
the python binding package Makefile
- add a patch for python/setup.py to add smsd.c to the sources
which was obviously forgotten by the gammu team because they are
building the extension with cmake.
- add a buildlink3.mk for the python bindings package
From Joachim König in private mail.
PKGREVISION++.
While here, make sure that some optional dependencies are not found
and that the bash completion script is not installed.
Gammu is a command line utility and library to work with mobile phones
from many vendors. Support for different models differs, but basic
functions should work with majority of them. The program can work with
contacts, messages (SMS, EMS and MMS), calendar, todos, file system,
integrated radio, camera, etc. It also supports a daemon mode to send
and receive SMS messages.
Gammu includes Python bindings, which allows easy scripting of
desired functionality using core functions.
