Changelog:
The following issues are resolved in this release:
Security bugs fixed in this release:
* [ASTERISK-29219] res_pjsip_diversion: Crash if Tel URI contains
History-Info
(Reported by Torrey Searle)
Bugs fixed in this release:
* [ASTERISK-29229] Stasis/messaging: text messages not dispatched to
all subscribers when using generic subscription
(Reported by Jean Aunis Prescom)
* [ASTERISK-29238] chan_sip: SDP: Offers without any enabled stream
are accepted.
(Reported by Alexander Traud)
* [ASTERISK-29237] chan_sip: SDP: m=video is parsed even when
disabled.
(Reported by Alexander Traud)
* [ASTERISK-29222] chan_sip: Hold/Resume an sRTP call on a video
enabled user-agent.
(Reported by Alexander Traud)
* [ASTERISK-29240] chan_pjsip: Incoming PJSIP calls set global
SIPDOMAIN instead of a channel variable
(Reported by Ivan Poddubny)
* [ASTERISK-27902] chan_pjsip isnt updating hangupcause on 4XX
responses
(Reported by George Joseph)
* [ASTERISK-28016] PJSIP sends duplicate 183 Progress responses
(Reported by Alex Hermann)
* [ASTERISK-28185] chan_pjsip: Subsequent same responses are not
stopped
(Reported by Julien)
* [ASTERISK-29230] pjsip: Asterisk goes crazy and massively spams
logfile if registration cant be send
(Reported by Michael Maier)
* [ASTERISK-29231] pjsip: SIGSEGV in CLI if no trunk is registered
(Reported by Michael Maier)
* [ASTERISK-29217] LOCK() can grant the same lock to multiple
channels spuriously
(Reported by Jaco Kroon)
* [ASTERISK-29201] Crash occurs when Transfer and execute Hangup
before the Transfer result
(Reported by Dan Cropp)
* [ASTERISK-28947] Segmentation fault in mixmonitor_ds_destroy
(Reported by Robert Sutton)
* [ASTERISK-29191] tel: URI in Diversion header causes crash
(Reported by Mikhail Ivanov)
* [ASTERISK-28883] Spyee information ist missing in ChanSpyStop AMI
Event
(Reported by Hendrik Wedhorn)
* [ASTERISK-29188] null media causing the Asterisk crash
(Reported by sungtae kim)
* [ASTERISK-29209] Debug messages printed by scope trace might be
missing newlines
(Reported by Alexander Traud)
* [ASTERISK-29024] pjsip: Route Header in Cancel request incorrectly
set
(Reported by Flole Systems)
* [ASTERISK-29211] res_musiconhold: Segfault on realtime music on
hold without entries
(Reported by Nathan Bruning)
* [ASTERISK-29022] Crash when manipulating PJSIP invite dlg ref
counts
(Reported by Sean Bright)
* [ASTERISK-29173] Media cache URL requests allow infinite redirects
(Reported by Sean Bright)
* [ASTERISK-29175] res_pjsip_stir_shaken: Fix module description
(Reported by Stanislav Abramenkov)
* [ASTERISK-29148] AST_MODULE_INFO no, MODULEINFO depend
(Reported by Alexander Traud)
* [ASTERISK-28798] chan_sip: TCP/TLS client without server.
(Reported by Alexander Traud)
* [ASTERISK-29165] res_pjsip: malformed header Accept-Encoding in
OPTIONS response
(Reported by Alexander Greiner-Baer)
* [ASTERISK-29161] Incorrect setup of recall channels
(Reported by Boris P. Korzun)
* [ASTERISK-29155] app_queue: Deadlock between queues container and
individual queues
(Reported by George Joseph)
Improvements made in this release:
* [ASTERISK-28549] Two repeated 183
(Reported by Gant Liu)
* [ASTERISK-29216] contrib: systemd asterisk service for centos8 or
other newer linux versions
(Reported by Mark Petersen)
* [ASTERISK-29143] res_http_media_cache: HTTP media cache stored
hardcoded in /tmp
(Reported by laszlovl)
* [ASTERISK-29118] VoiceMail() should have an option to play
greetings as Early Media
(Reported by Juan Carlos Castro y Castro)
Changelog:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28878] -
chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16
(Reported by Joseph Ades)
[ASTERISK-28965] -
res_pjsip: Apply outbound proxy to static contacts on AOR
(Reported by Joshua C. Colp)
[ASTERISK-28930] -
./configure --without-ssl build failure
(Reported by Jaco Kroon)
[ASTERISK-28886] -
chan_pjsip: PJSIP_SC_NULL does not exist in pjproject 2.7.2
(Reported by Jared Smith)
[ASTERISK-28957] -
chan_sip: chan_sip does not process 400 response to an INVITE.
(Reported by Frederic LE FOLL)
[ASTERISK-28888] -
res_corosync: causes asterisk crash in huge distributed environment.
(Reported by Università di Bologna - CESIA VoIP)
[ASTERISK-28955] -
"setvar" doesn't work properly in dahdi-channels.conf
(Reported by Marin Odrljin)
[ASTERISK-28954] -
StreamEcho() only returns 1 active stream
(Reported by Bill Kervaski)
[ASTERISK-28942] -
res_sorcery_memory_cache: Individual object expiration behaves unexpectedly with full backend caching
(Reported by Joshua C. Colp)
[ASTERISK-28953] -
res_pjsip_session: Preserve stream label
(Reported by Joshua C. Colp)
[ASTERISK-28952] -
Queue wrapuptime sometimes not respected (based on stale lastcall time)
(Reported by Walter Doekes)
[ASTERISK-28950] -
Stale code in app_queue to check untouched channel
(Reported by Walter Doekes)
[ASTERISK-28644] -
Stale comment in app_queue about ring_entry exception
(Reported by Walter Doekes)
[ASTERISK-28948] -
ARI channel create doesn't referencing the channel_id parameter
(Reported by sungtae kim)
[ASTERISK-28938] -
core_unreal / core_local: Add support for multistream and re-negotiation
(Reported by Joshua C. Colp)
[ASTERISK-28939] -
res_rtp_asterisk: Don't have send/receive buffers on non-WebRTC
(Reported by Joshua C. Colp)
[ASTERISK-28944] -
bridge_softmix: Transitioning a stream from inactive -> sendrecv/sendonly doesn't re-negotiation
(Reported by Joshua C. Colp)
[ASTERISK-28923] -
T.38 Segfaults in chan_pjsip_queryoption
(Reported by Yury Kirsanov)
[ASTERISK-28940] -
/channels/create doesn't get any parameters from the body
(Reported by sungtae kim)
[ASTERISK-28936] -
res_pjsip: crash when dialing non-sip uri
(Reported by Walter Doekes)
[ASTERISK-28900] -
res_fax: Double frame free when gateway in use with off-nominal format usage
(Reported by Gregory Massel)
[ASTERISK-28929] -
pjproject_bundled: Honor --without-pjproject.
(Reported by Alexander Traud)
[ASTERISK-28932] -
res_pjsip_logger writing too big packets
(Reported by nappsoft)
[ASTERISK-28921] -
Wrong return value check for fwrite when writing to pcap file
(Reported by nappsoft)
Improvements made in this release:
-----------------------------------
[ASTERISK-28959] -
res_pjsip: Added option for disable rport parameter set
(Reported by sungtae kim)
[ASTERISK-28958] -
Continue reading string when ping received by websocket
(Reported by Nickolay V. Shmyrev)
[ASTERISK-28945] -
AMI SendText - add Content-Type parameter
(Reported by Kevin Harwell)
[ASTERISK-28949] -
res_http_websocket: Add masking to websocket client
(Reported by Moises Silva)
[ASTERISK-28899] -
Upgrade Asterisk to bundled pjproject 2.10
(Reported by Kevin Harwell)
Changelog:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28940] -
/channels/create doesn't get any parameters from the body
(Reported by sungtae kim)
[ASTERISK-28932] -
res_pjsip_logger writing too big packets
(Reported by nappsoft)
[ASTERISK-28921] -
Wrong return value check for fwrite when writing to pcap file
(Reported by nappsoft)
[ASTERISK-28794] -
res_pjsip: Crash when escaping during URI printing
(Reported by nappsoft)
[ASTERISK-28884] -
x-ast-orig-host not filtered out from request URI and To header
(Reported by nappsoft)
[ASTERISK-28871] -
res_pjsip_session: Unnecessary re-Invite on call answer
(Reported by Alexei Gradinari)
[ASTERISK-28903] -
res_srtp: Answered Crypto Suite might be wrong in SDP/SDES.
(Reported by Alexander Traud)
[ASTERISK-28898] -
bridge_softmix: Conference bridge not passing silent rtp packets
(Reported by Jonathan Hunter)
[ASTERISK-28892] -
res_musiconhold: Module res_musiconhold throws false warning
(Reported by Nicholas John Koch)
[ASTERISK-28904] -
RTP ICE leaks the memory
(Reported by sungtae kim)
[ASTERISK-26780] -
res_pjsip: PJSIP Registration Fails when transport=transport-udp6
(Reported by Peter Sokolov)
[ASTERISK-28854] -
SIGSEGV when pjsip show history encounters IPV6 address
(Reported by Roger James)
[ASTERISK-28804] -
[patch] app_osplookup.c: Avoid a format truncation.
(Reported by Alexander Traud)
[ASTERISK-28797] -
[patch] tcptls: Fix notice when TLS is enabled but not configured.
(Reported by Alexander Traud)
[ASTERISK-28776] -
Non async-signal-safe syscalls used after fork before exec
(Reported by nappsoft)
[ASTERISK-28870] -
streams: One memory leak and one issue cloning streams
(Reported by George Joseph)
[ASTERISK-28829] -
app_queue: leaking stasis subscription when Redirecting call
(Reported by lvl)
[ASTERISK-25844] -
app_queue: Ghost channels in "core show channels" output
(Reported by Etienne Lessard)
[ASTERISK-22920] -
Crash while Forwarding from TLS extension with CHANNEL args secure_bridge_media and secure_bridge_signaling
(Reported by Shlomi Gutman)
[ASTERISK-28859] -
pjsip: Increase maximum candidate count
(Reported by Joshua C. Colp)
[ASTERISK-28852] -
Unprotected access to nochecksums variable, causes build failures
(Reported by Guido Falsi)
[ASTERISK-28848] -
app_fax: Compile.
(Reported by Alexander Traud)
Improvements made in this release:
-----------------------------------
[ASTERISK-28895] -
res_pjsip_logger: Add tons'o'functionality
(Reported by Joshua C. Colp)
[ASTERISK-28896] -
ari: Add support for specifying variables on channel create
(Reported by Joshua C. Colp)
[ASTERISK-28879] -
pjproject has race conditions in it's build system
(Reported by Guido Falsi)
[ASTERISK-28866] -
third-party/pjproject/configure.m4 contains bashisms
(Reported by Guido Falsi)
[ASTERISK-28853] -
Missing include on FreeBSD
(Reported by Guido Falsi)
[ASTERISK-28832] -
chan_mobile creates PCMA streams that make some VoIP clients crash or not render received audio
(Reported by Peter Turczak)
Changelog:
16.10.0:
New Features made in this release:
-----------------------------------
[ASTERISK-6863] -
[patch] allow Asterisk to set high ToS bits as non-root on Linux
(Reported by Matt Addison)
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28852] -
Unprotected access to nochecksums variable, causes build failures
(Reported by Guido Falsi)
[ASTERISK-28846] -
stream: Enforce formats immutability
(Reported by Joshua C. Colp)
[ASTERISK-28847] -
ARI channels cuts the endpoint string over 80 characters
(Reported by sungtae kim)
[ASTERISK-28811] -
Crash occurs when fax session switches from T.38 to audio
(Reported by Alexey Vasilyev)
[ASTERISK-28839] -
Sporadic crashes with Segmentation fault
(Reported by Joeran Vinzens)
[ASTERISK-28835] -
IPv6 addresses in SDP incorrectly formatted
(Reported by Daniel Heckl)
[ASTERISK-28372] -
Asterisk REPLY Wrong Contact header port (TCP)
(Reported by Anton Satskiy)
[ASTERISK-24428] -
Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used
(Reported by sstream)
[ASTERISK-28838] -
AST_MODULE_INFO requires, MODULEINFO does not mention
(Reported by Alexander Traud)
[ASTERISK-28841] -
app_confbridge: Add support for disabling text messaging for a user
(Reported by Joshua C. Colp)
[ASTERISK-28837] -
pjproject_bundled: Honor --without-pjproject.
(Reported by Alexander Traud)
[ASTERISK-28827] -
res_rtp_asterisk: Loop when receive buffer is flushed by a received packet that is also in receive buffer with NACK
(Reported by nappsoft)
[ASTERISK-27195] -
chan_sip: only sets ToS bits on UDP socket, ignoring TCP and TLS sockets
(Reported by Joshua Roys)
[ASTERISK-28826] -
res_rtp_asterisk: Duplicate seqnos being added to send buffer with NACK
(Reported by nappsoft)
[ASTERISK-28812] -
First DTMF is not get
(Reported by Bernard Merindol)
[ASTERISK-28758] -
pjsip startup errors when using "with-ssl" configure option
(Reported by Patrick Wakano)
[ASTERISK-28824] -
BuildSystem: Search for Python/C API when possibly needed only.
(Reported by Alexander Traud)
[ASTERISK-27717] -
[patch] BuildSystem: In NetBSD, the Python Programming Language is python-2.7.
(Reported by Alexander Traud)
[ASTERISK-28798] -
[patch] chan_sip: TCP/TLS client without server.
(Reported by Alexander Traud)
[ASTERISK-28817] -
chan_pjsip: constant DTMF tone if RTP is not setup yet
(Reported by Kevin Harwell)
[ASTERISK-28819] -
[patch] bridge_softmix_binaural: Show state in menuselect.
(Reported by Alexander Traud)
[ASTERISK-28816] -
[patch] BuildSystem: Remove doc/tex and doc/pdf leftovers.
(Reported by Alexander Traud)
[ASTERISK-28818] -
[patch] BuildSystem: Allow space in path.
(Reported by Alexander Traud)
[ASTERISK-28796] -
func_channel: cannot read fields exten, context, userfield, channame from dialplan
(Reported by Sébastien Duthil)
[ASTERISK-28809] -
[patch] res_rtp_asterisk: Avoid absolute value on unsigned subtraction.
(Reported by Alexander Traud)
[ASTERISK-28803] -
[patch] chan_unistim: Avoid tautological warnings with clang.
(Reported by Alexander Traud)
[ASTERISK-28808] -
[patch] test_stasis: Avoid always true warning with clang.
(Reported by Alexander Traud)
[ASTERISK-28056] -
res_pjsip: Incorrect endpoint status after endpoint synchronization for a specific AOR
(Reported by Jason Hord)
[ASTERISK-28795] -
channel: write to a stream on multi-frame writes
(Reported by Kevin Harwell)
[ASTERISK-28789] -
test_utils: incorrectly printing error 'declined to load'
(Reported by Alexander Traud)
[ASTERISK-28788] -
func_aes: incorrectly printing error 'declined to load'
(Reported by Alexander Traud)
[ASTERISK-28790] -
Crash during conference call using confbridge and video
(Reported by Pascal Cadotte Michaud)
[ASTERISK-16676] -
DAHDIRAS fails to properly initiate pppd unless asterisk is running as root
(Reported by Jaco Kroon)
[ASTERISK-21205] -
[patch] dundi_read_result crash due to negative number
(Reported by Jaco Kroon)
[ASTERISK-28784] -
res_pjsip_sdp_rtp: Only do hold/unhold on first audio stream
(Reported by Joshua C. Colp)
[ASTERISK-28743] -
Asterisk is crashing if the 200 OK with SDP
(Reported by sungtae kim)
[ASTERISK-28783] -
res_pjsip_session: Allow default non-audio streams to have reflected state
(Reported by Joshua C. Colp)
[ASTERISK-28774] -
chan_pjsip's rtptimeout is erroneously triggered during direct-media (native_rtp) bridge
(Reported by Michael Neuhauser)
[ASTERISK-20325] -
Comments in configs/func_odbc.conf.sample are not consistent with examples. Missing examples.
(Reported by Olivier Krief)
[ASTERISK-28780] -
app_mixmonitor: Memory leak due to race condition between AMI MixMonitor and hangup
(Reported by Joshua C. Colp)
[ASTERISK-28773] -
Incorrect Sender SSRC in RTCP when p2p rtp bridge is active
(Reported by Torrey Searle)
[ASTERISK-28769] -
DTLS Handshake Fails to Occur if ice_support is enabled but not used
(Reported by Torrey Searle)
[ASTERISK-28759] -
A non negotiated rtp frame causes call disconnection when there is a SSRC change
(Reported by Paulo Vicentini)
[ASTERISK-26711] -
func_enum: ENUM code wrong case
(Reported by Vitold)
[ASTERISK-23407] -
Fix the FSF address in the headers of lots of pjproject files
(Reported by Jared Smith)
[ASTERISK-19460] -
[patch] Function TXTCIDNAME never actually makes DNS calls and always returns an empty string
(Reported by George Joseph)
Improvements made in this release:
-----------------------------------
[ASTERISK-28853] -
Missing include on FreeBSD
(Reported by Guido Falsi)
[ASTERISK-28813] -
func_volume: Allow decimal numbers as parameter to improve granularity
(Reported by Jean Aunis - Prescom)
[ASTERISK-27946] -
dial (API): Storage of dialed target uses AST_MAX_EXTENSION when it shouldn't
(Reported by Joshua Elson)
[ASTERISK-28782] -
Add support for Content-Disposition header in multi-part INVITES
(Reported by Torrey Searle)
[ASTERISK-28787] -
res_pjsip_session: Decide more intelligently when to add video
(Reported by Joshua C. Colp)
16.9.0:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28766] -
PJSIP blind transfer not completed after using Proceeding()
(Reported by lvl)
[ASTERISK-28685] -
check_expr2: linking (when hardening) and cross-compiling troubles
(Reported by Sebastian Kemper)
[ASTERISK-28764] -
res_rtp_asterisk: Improve NACK support and seqno handling
(Reported by Joshua C. Colp)
[ASTERISK-28755] -
SIP/Stasis: SIP headers not transmitted in the "variables" field
(Reported by Jean Aunis - Prescom)
[ASTERISK-28754] -
ASTERISK-28738 Causes Audio Issue After Hold
(Reported by Ross Beer)
[ASTERISK-28697] -
res_pjsip: Named ACL does not update on reload if changed
(Reported by Timothy Vanderaerden)
[ASTERISK-28746] -
res_pjsip_outbound_registration keeps retrying the first entry in a SRV record set
(Reported by George Joseph)
[ASTERISK-28716] -
ICE: pjnath shouldn't wait for ICE to complete before allowing sending
(Reported by Benjamin Keith Ford)
[ASTERISK-28738] -
Incorrect state machine used when MOH_PASSTHRU is used
(Reported by Torrey Searle)
[ASTERISK-28742] -
res_rtp_asterisk: static for audio due to incomplete dtls/srtp setup
(Reported by Kevin Harwell)
[ASTERISK-28735] -
Realtime MoH Unknown format '' -- defaulting to SLIN
(Reported by Ross Beer)
[ASTERISK-28730] -
res_pjsip_session: Fix out of order session refreshes
(Reported by Joshua C. Colp)
[ASTERISK-28718] -
chan_sip: Returns 403 if RTP ports are depleted, should return 503
(Reported by Walter Doekes)
[ASTERISK-28719] -
Cannot remove defaultrule from queue using realtime queues
(Reported by EDV O-TON)
[ASTERISK-28713] -
res_stasis_playback: Error building JSON
(Reported by Sébastien Duthil)
[ASTERISK-28714] -
REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
(Reported by Ross Beer)
[ASTERISK-26082] -
res_pjsip_messaging: MessageSend Content-Type can't be changed
(Reported by Alex)
[ASTERISK-28423] -
ARI causes STASIS Deadlock
(Reported by Ross Beer)
[ASTERISK-28679] -
stasis application is destroyed after its creation
(Reported by Francois Blackburn)
[ASTERISK-25421] -
PJSIP. MESSAGE_SEND_STATUS set to SUCCESS in spite of the error when sending
(Reported by Dmitriy Serov)
[ASTERISK-28686] -
chan_sip strictrtp=yes fails when media source is changed: no audio
(Reported by Walter Doekes)
[ASTERISK-28139] -
RTP Stream Incorrect Payload Type Causes Asterisk To Drop Calls
(Reported by Paul Brooks)
[ASTERISK-26955] -
pjsip: SIP Packets with Via "received=" Containing IPv6 Address Delimited by "[]" Rejected
(Reported by Peter Sokolov)
Improvements made in this release:
-----------------------------------
[ASTERISK-28750] -
TLS/SSL Key too small error
(Reported by Martin Zeh)
[ASTERISK-28733] -
stream: Add support for adding/removing streams during SFU/calls
(Reported by Joshua C. Colp)
[ASTERISK-24798] -
Documentation - Clarify That Format Is Set By File Name Extension In MixMonitor
(Reported by xrobau)
[ASTERISK-28726] -
install_prereq script uses the interactive mode when installing aptitude
(Reported by Sylvain Afchain)
16.8.0:
New Features made in this release:
-----------------------------------
[ASTERISK-17491] -
CURLOPT() needs a "followlocation" parameter / "maxredirs" doesn't do anything
(Reported by candrews)
[ASTERISK-28639] -
res_pjsip_endpoint_identifier_ip: Add ability to match on source port
(Reported by Sean Bright)
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28679] -
stasis application is destroyed after its creation
(Reported by Francois Blackburn)
[ASTERISK-28423] -
ARI causes STASIS Deadlock
(Reported by Ross Beer)
[ASTERISK-28714] -
REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
(Reported by Ross Beer)
[ASTERISK-28677] -
CDR billsec is always 0 for transferred calls
(Reported by Maciej Michno)
[ASTERISK-28702] -
chan_dahdi: holding a channel via flash to dialtone times out after 0:16:40
(Reported by Andrew Siplas)
[ASTERISK-28706] -
silk 24hHz doesn't show up in 'core show translation' output
(Reported by Sean Bright)
[ASTERISK-24484] -
Update documentation for statsd module - usage requirements unclear
(Reported by Dan Jenkins)
[ASTERISK-28695] -
core: minmemfree watermark uses free RAM, not available RAM
(Reported by Kevin Flyn)
[ASTERISK-28693] -
chan_sip: SIP MESSAGE beginning with a whitespace appears empty in the dialplan
(Reported by Frank Matano)
[ASTERISK-23739] -
[patch]Segfault forwarding voicemail with ODBC storage enabled and realtime voicemail_data is used
(Reported by Stas Kobzar)
[ASTERISK-27622] -
empty voicemail.conf required for ARA (realtime) voicemail to leave message
(Reported by Jim Van Meggelen)
[ASTERISK-28349] -
Pause reason not reported in QueueMember AMI event
(Reported by Niksa Baldun)
[ASTERISK-21794] -
CLI command 'realtime update2' syntax failure when using according to usage help
(Reported by Cedric BASSAGET)
[ASTERISK-25429] -
res_pjsip_endpoint_identifier_ip: Document support for hostnames
(Reported by Joshua C. Colp)
[ASTERISK-27775] -
res_pjsip_notify: Multiple Event headers can be present instead of just one
(Reported by AvayaXAsterisk)
[ASTERISK-28682] -
app_record: Lack of `beep` audio file causes application to return error and hangup
(Reported by Corey Farrell)
[ASTERISK-28507] -
Wiki docs missing for MessageWaiting
(Reported by David M. Lee)
[ASTERISK-27759] -
res_pjsip_pubsub: Subscription persistence does not preserve XML version number
(Reported by Bryan Nelson)
[ASTERISK-28605] -
chan_dahdi: Deadlock in Hangup Scenarios with concurrent command pri show span X
(Reported by Dirk Wendland)
[ASTERISK-28633] -
stasis bridge topic leak
(Reported by Joeran Vinzens)
[ASTERISK-28492] -
pjsip reload not reloading wizard endpoint/pickup_group endpoint/call_group
(Reported by Jean-Denis Girard)
[ASTERISK-28562] -
SIP WSS message not processed until next frame arrives
(Reported by Robert Sutton)
[ASTERISK-27243] -
contrib: valgrind.supp doesn't suppress what it's supposed to due to invalid syntax
(Reported by Richard Kenner)
[ASTERISK-28497] -
func_odbc: truncating Unicode string on readsql
(Reported by Boris P. Korzun)
[ASTERISK-28647] -
chan_sip: RTP frames not transmitted after emitting a COLP
(Reported by Jean Aunis - Prescom)
[ASTERISK-28667] -
Asterisk ignores parsing of config files if a Byte order mark is present
(Reported by Robin Leffmann)
[ASTERISK-28664] -
"trustrpid" is misspelled in sip_to_pjsip.py
(Reported by Pascal Cadotte Michaud)
[ASTERISK-28604] -
app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0
(Reported by George Joseph)
[ASTERISK-28659] -
res_pjsip_sdp_rtp: Bundle includes non-existent media stream if codecs create additional streams and offer does not have them
(Reported by nappsoft)
[ASTERISK-28660] -
res_fax: wrap Asterisk initiated negotiation with config option
(Reported by Kevin Harwell)
[ASTERISK-28636] -
app_chanisavail+cdr: ChanIsAvail sometimes fails to deactivate CDR.
(Reported by Frederic LE FOLL)
[ASTERISK-28626] -
Missing arguments in PJSIP_CONTACT function documentation
(Reported by Pascal Cadotte Michaud)
[ASTERISK-28609] -
Memory Leak in res_rtp_asterisk.c
(Reported by Ted G)
[ASTERISK-28651] -
chan_sip logs errors on tx to non-existent TCP connections
(Reported by Jaco Kroon)
[ASTERISK-28502] -
chan_pjsip incorrectly re-writes REGISTER 200 Response Contact
(Reported by Ross Beer)
[ASTERISK-28625] -
Playback of local files impacted by large media cache
(Reported by Kevin Reeves)
Improvements made in this release:
-----------------------------------
[ASTERISK-28710] -
Should be able to disable the /httpstatus URI in the built-in HTTP server
(Reported by Sean Bright)
[ASTERISK-28638] -
Simplify dialplan for Dial, Page, and ChanIsAvail
(Reported by cmaj)
[ASTERISK-28673] -
GET FULL VARIABLE documentation clarification
(Reported by Jonathan Harris)
[ASTERISK-28658] -
app_confbridge: Add support for setting maximum sample rate
(Reported by Joshua C. Colp)
pkglint -r --network --only "migrate"
As a side-effect of migrating the homepages, pkglint also fixed a few
indentations in unrelated lines. These and the new homepages have been
checked manually.
Changelog:
16.7.0
Security bugs fixed in this release:
-----------------------------------
[ASTERISK-28589] - chan_sip: Depending on configuration an INVITE can alter Addr of a peer (Reported by Andrey V. T.)
[ASTERISK-28580] - Bypass SYSTEM write permission in manager action allows system commands execution (Reported by Eliel Sardañons)
Improvements made in this release:
-----------------------------------
[ASTERISK-28602] - res_pjsip_outbound_registration: Maximum retries reached (Reported by Daniel)
[ASTERISK-28586] - Typo in README-SERIOUSLY.bestpractices.md (Reported by Sam Banks)
[ASTERISK-22192] - [patch] Allow voicemail forwards with ODBC backend when format differs from attachfmt column (Reported by cmaj)
[ASTERISK-28567] - Problem with ASTERISK-20207: Asterisk should clear out any .lock files in the voice mail directory on startup. (Reported by Michael)
[ASTERISK-28542] - [patch] add the ability for asterisk to generate on-hold re-invites (Reported by Torrey Searle)
[ASTERISK-28512] - Add pass-through support for H.265 (HEVC) codec (Reported by Florian Floimair)
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28609] - Memory Leak in res_rtp_asterisk.c (Reported by Ted G)
[ASTERISK-28604] - app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0 (Reported by George Joseph)
[ASTERISK-28659] - res_pjsip_sdp_rtp: Bundle includes non-existent media stream if codecs create additional streams and offer does not have them (Reported by nappsoft)
[ASTERISK-28641] - res_pjsip Segfaults when realtime configuration to an AOR points to a not existent AOR (Reported by Ross Beer)
[ASTERISK-28644] - Stale comment in app_queue about ring_entry exception (Reported by Walter Doekes)
[ASTERISK-28445] - res_pjsip_session: ast_json_vpack: Invalid UTF-8 string on hangup when TEST_FRAMEWORK enabled (Reported by Bernhard Schmidt)
[ASTERISK-28637] - chan_sip+native_bridge_rtp: directmedia compatibility check failure when negociated ptime is not default ptime. (Reported by Frederic LE FOLL)
[ASTERISK-28631] - res_parking: Doesn't park when parkee and parker are the same (Reported by Ross Beer)
[ASTERISK-28621] - Enforce T.38 error correction mode at 200 ok received (Reported by Salah Ahmed)
[ASTERISK-28624] - res_pjsip_outbound_registration: add SRV failover (Reported by Kevin Harwell)
[ASTERISK-28608] - app_amd: Use time calculation to calculate timeout (Reported by Michael Cargile)
[ASTERISK-28615] - chan_dahdi: PRI span status may stay "Down, Active" after a short alarm (Reported by Frederic LE FOLL)
[ASTERISK-28576] - res_rtp_asterisk: ICE Completion Crash when sent packet length doesn't match (Reported by Joshua Elson)
[ASTERISK-26481] - FILE function grabs garbage along with read data when target line has no newline (Reported by Jonathan Harris)
[ASTERISK-28618] - bridge_softmix: hold not cleared when joining a softmix bridge (Reported by Kevin Harwell)
[ASTERISK-28616] - parking: Deadlock when multi call parking (Reported by Joshua C. Colp)
[ASTERISK-28423] - ARI causes STASIS Deadlock (Reported by Ross Beer)
[ASTERISK-28572] - Memory leaks in res_calendar_exchange and res_calendar_icalendar (Reported by Yoooooo Ha)
[ASTERISK-28585] - ari/resource_events: Crash in event session cleanup (Reported by Kevin Harwell)
[ASTERISK-28590] - utils.c throws repeated warnings; "pthread_attr_setstacksize: Invalid argument" (Reported by Speed Dial Dave)
[ASTERISK-28578] - race condition on pjsip channelstats command (Reported by Salah Ahmed)
[ASTERISK-28571] - cdr_pgsql: accesses obsolete (and finally removed) column (Reported by Christoph Moench-Tegeder)
[ASTERISK-28575] - MWI Send Notify Crash on 16.6 (Reported by Joshua Elson)
[ASTERISK-28574] - pjproject fails to build on 16.6.0, works on 16.5 (Reported by Niklas Larsson)
[ASTERISK-28561] - Asterisk Deadlocks (Reported by Aheliotech)
[ASTERISK-28552] - res_pjsip_mwi: Frack during unload on unsolicited_mwi container (Reported by Kevin Harwell)
[ASTERISK-28566] - CDR backend unload problem during active call(s) (Reported by Marian Piater)
[ASTERISK-28553] - stasis.c: Crash during unload (Reported by Kevin Harwell)
[ASTERISK-28086] - chan_pjsip: Crash when initiating PlayDTMF over AMI (Reported by Jeremiah Gadd)
[ASTERISK-28544] - Wrong contact representation in ipv6 mode (Reported by Jørgen H)
[ASTERISK-28534] - Segmentation fault when there is no priority for an extension (Reported by Timothy Vanderaerden)
[ASTERISK-28463] - res_pjsip_path: Crash when invalid contact is configured (Reported by Juan Martin)
[ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
[ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
[ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
[ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
[ASTERISK-23756] - setvar directive when used in template and a child of said template, results in duplicate variable names (Reported by Michael Goryainov)
New Features made in this release:
-----------------------------------
[ASTERISK-28614] - app_senddtmf: Allow "receiving" DTMF with PlayDTMF instead of only "sending" (Reported by lvl)
[ASTERISK-28613] - func_curl: CURLOPT cannot set Content-Type header (Reported by Martin Tomec)
[ASTERISK-28553] - stasis.c: Crash during unload (Reported by Kevin Harwell)
[ASTERISK-28086] - chan_pjsip: Crash when initiating PlayDTMF over AMI (Reported by Jeremiah Gadd)
[ASTERISK-28544] - Wrong contact representation in ipv6 mode (Reported by Jørgen H)
[ASTERISK-28534] - Segmentation fault when there is no priority for an extension (Reported by Timothy Vanderaerden)
[ASTERISK-28463] - res_pjsip_path: Crash when invalid contact is configured (Reported by Juan Martin)
[ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
[ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
[ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
[ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
[ASTERISK-23756] - setvar directive when used in template and a child of said template, results in duplicate variable names (Reported by Michael Goryainov)
New Features made in this release:
-----------------------------------
[ASTERISK-28614] - app_senddtmf: Allow "receiving" DTMF with PlayDTMF instead of only "sending" (Reported by lvl)
[ASTERISK-28613] - func_curl: CURLOPT cannot set Content-Type header (Reported by Martin Tomec)
[ASTERISK-28533] - func_jitterbuffer: Add support for video synchronization (Reported by Joshua C. Colp)
16.6.0
Security bugs fixed in this release:
-----------------------------------
[ASTERISK-28495] - res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash (Reported by Alexei Gradinari)
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
[ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
[ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
[ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
[ASTERISK-28511] - codec_resample: Bad sound quality when up sampling from SLIN16 to SLIN32 (Reported by Ruddy G)
[ASTERISK-28525] - chan_dahdi: set CHANNEL(hangupsource) when a PRI channel hangs up (Reported by Frederic LE FOLL)
[ASTERISK-28527] - ChanIsAvail() creates a CDR if unanswered=yes is set in cdr.conf (Reported by Frederic LE FOLL)
[ASTERISK-28499] - translate: Crash when frame does not have a "src" field set (Reported by Gregory Massel)
[ASTERISK-25592] - chan_unistim: Clang Warning: variable sized type not at end of a struct (Reported by Alexander Traud)
[ASTERISK-28488] - pjsip mwi: n+1 sip notify's sent on re-register (Reported by Chris Savinovich)
[ASTERISK-28509] - PJSIP cnonce generated on Linux contains 36 characters, NEC only supports up to 32 characters (Reported by Dan Cropp)
[ASTERISK-28505] - app_voicemail/IMAP: segfault in leave_voicemail because not checking mailstream (Reported by Alexei Gradinari)
[ASTERISK-28487] - compile menuselect on gentoo (Reported by Kilburn)
[ASTERISK-28472] - Asterisk occasionally passes a NULL as srtp->session to srtp_protect/unprotect causing SEGV (Reported by Jonas Swiatek)
[ASTERISK-28498] - cel / cdr: Event times may be incorrect (Reported by Joshua C. Colp)
[ASTERISK-28480] - json integer overflow in ssrc and timestamp (Reported by Salah Ahmed)
[ASTERISK-28228] - res_pjsip: pjsip show contacts prints double entries (Reported by Ian Jones)
[ASTERISK-28483] - packet lost on UDPTL wrap around (Reported by Torrey Searle)
[ASTERISK-28477] - Crash when not specifying "dbfile" in res_config_sqlite3.conf (Reported by Dennis)
[ASTERISK-28478] - Crash performing "core reload" with modified res_config_sqlite3.conf (Reported by Dennis)
[ASTERISK-26968] - chan_pjsip: Transfer() does not result in TRANSFERSTATUS reflecting SIP response to transfer (Reported by Dan Cropp)
[ASTERISK-28282] - AST_SCHED_REPLACE_UNREF causes wait-on-self deadlocks (in chan_sip) (Reported by Walter Doekes)
New Features made in this release:
-----------------------------------
[ASTERISK-17808] - [patch] Unregister a realtime moh class (Reported by Byron Clark)
[ASTERISK-28489] - Channel variable SIPFROMDOMAIN for chan_pjsip to setup From header URI domain (Reported by Stas Kobzar)
AUTOFIX: Makefile:290: Replacing "${PKGSRC_COMPILER} == \"clang\"" with "${PKGSRC_COMPILER:Mclang}".
The PKGSRC_COMPILER can be a list of chained compilers, e.g. "ccache
distcc clang". Therefore, comparing it using == or != leads to wrong
results in these cases.
Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.
Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).
21st, 2012. It most likely has multiple security issues. By this
point, all users of this package should have migrated to comms/asterisk18
or comms/asterisk10 as this version has been marked as being
deprecated for some time now.
Note that this directory is likely to re-appear in late 2017 when
Asterisk 16 comes out, assuming the current schedule is followed.
However that will be a vastly different version as Asterisk 11 is
only in the RC stage now (i.e. it will be five major versions after
the one that is expected to be released later this year).
This package has not been patched for DragonFly.
There are two newer packages, asterisk10 and asterisk18
According to commit messages, this package will be removed in
"not too distant future" due to being EOL.
The 1.6.2 series went End of Life on April 21st 2012, so this was
the last update. This package will be deleted in the not too
distnat future.
The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.
The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:
* A permission escalation vulnerability in Asterisk Manager
Interface. This would potentially allow remote authenticated
users the ability to execute commands on the system shell with
the privileges of the user running the Asterisk application.
* A heap overflow vulnerability in the Skinny Channel driver.
The keypad button message event failed to check the length of
a fixed length buffer before appending a received digit to the
end of that buffer. A remote authenticated user could send
sufficient keypad button message events that th e buffer would
be overrun.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-005.pdf
Thank you for your continued support of Asterisk!
This is a security fix update. It fixes AST-2012-002.
NOTE NOTE NOTE
This is likely to be the last update to this package. This version
of Asterisk will be EOLed on April 21st, 2012. It will probably
be removed from pkgsrc not long after that. If you are still using
this package, you should consider switching to comms/asterisk18,
the Long Term Support version, or comms/asterisk10 in the near
future.
NOTE NOTE NOTE
The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.
The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein
app_milliwatt can potentially overrun a buffer on the stack, causing
Asterisk to crash. This does not have the potential for remote
code execution.
These issues and their resolution are described in the security
advisory.
For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.23
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
Thank you for your continued support of Asterisk!
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:
* The sample file listed *two* values for the 'nat' option as being the default.
Only 'yes' is the default.
* The warning about having differing 'nat' settings confusingly referred to both
peers and users.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22
Thank you for your continued support of Asterisk!
in the iLBC codec files.
__________________________________________________________________
Asterisk Project Security Advisory - AST-2011-013
Product Asterisk
Summary Possible remote enumeration of SIP endpoints with
differing NAT settings
Nature of Advisory Unauthorized data disclosure
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On 2011-07-18
Reported By Ben Williams
Posted On
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description It is possible to enumerate SIP usernames when the general
and user/peer NAT settings differ in whether to respond to
the port a request is sent from or the port listed for
responses in the Via header. In 1.4 and 1.6.2, this would
mean if one setting was nat=yes or nat=route and the other
was either nat=no or nat=never. In 1.8 and 10, this would
mean when one was nat=force_rport or nat=yes and the other
was nat=no or nat=comedia.
Resolution Handling NAT for SIP over UDP requires the differing
behavior introduced by these options.
To lessen the frequency of unintended username disclosure,
the default NAT setting was changed to always respond to the
port from which we received the request-the most commonly
used option.
Warnings were added on startup to inform administrators of
the risks of having a SIP peer configured with a different
setting than that of the general setting. The documentation
now strongly suggests that peers are no longer configured
for NAT individually, but through the global setting in the
"general" context.
Affected Versions
Product Release Series
Asterisk Open Source All All versions
Corrected In
As this is more of an issue with SIP over UDP in general, there is no
fix supplied other than documentation on how to avoid the problem. The
default NAT setting has been changed to what we believe the most
commonly used setting for the respective version in Asterisk 1.4.43,
1.6.2.21, and 1.8.7.2.
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-013.pdf and
http://downloads.digium.com/pub/security/AST-2011-013.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-013
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
__________________________________________________________________
Asterisk Project Security Advisory - AST-2011-014
Product Asterisk
Summary Remote crash possibility with SIP and the "automon"
feature enabled
Nature of Advisory Remote crash vulnerability in a feature that is
disabled by default
Susceptibility Remote unauthenticated sessions
Severity Moderate
Exploits Known Yes
Reported On November 2, 2011
Reported By Kristijan Vrban
Posted On 2011-11-03
Last Updated On December 7, 2011
Advisory Contact Terry Wilson <twilson at digium.com>
CVE Name
Description When the "automon" feature is enabled in features.conf, it
is possible to send a sequence of SIP requests that cause
Asterisk to dereference a NULL pointer and crash.
Resolution Applying the referenced patches that check that the pointer
is not NULL before accessing it will resolve the issue. The
"automon" feature can be disabled in features.conf as a
workaround.
Affected Versions
Product Release Series
Asterisk Open Source 1.6.2.x All versions
Asterisk Open Source 1.8.x All versions
Corrected In
Product Release
Asterisk Open Source 1.6.2.21, 1.8.7.2
Patches
Download URL Revision
http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff 1.8.7.1
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-014.pdf and
http://downloads.digium.com/pub/security/AST-2011-014.html
Revision History
Date Editor Revisions Made
Asterisk Project Security Advisory - AST-2011-014
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* Don't broadcast FullyBooted to every AMI connection
The FullyBooted event should not be sent to every AMI connection
every time someone connects via AMI. It should only be sent to
the user who just connected.
(Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
(Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
Thanks OEJ for tracking down the issue and submitting the patch.
(Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
(Closes issue #19195. Reported, patched by one47)
Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19
