493374ea04
* Use bash for configure script. It uses bash-specific syntax. * Use menuselect command to adjust options instead of manually crafted makeopts file. Manually crafted file does not work properly for me and 16.29.1 now. * I have no idea about x11 option's status. It seems that gtk2 config UI is not available in this release at least, if I understand correctly. Changelog: 16.29.1 Bugs fixed in this release: [ASTERISK-30103] chan_ooh323 vulnerability in calling/called party IE (Reported By: Michael Bradeen) [ASTERISK-30176] GetConfig can read files outside of Asterisk (Reported By: shawty) [ASTERISK-30244] Occasional crash when TCP/TLS connection terminated and subscription persistence is removed (Reported By: nappsoft) [ASTERISK-30338] Backport 2.13 security fixes from pjproject 16.29.0 New Features made in this release: * [ASTERISK-30037] Add test support to calling external processes (Reported by Philip Prindeville) * [ASTERISK-30161] locks: add AMI event for deadlock (Reported by N A) * [ASTERISK-30211] app_confbridge: Add end_marked_any option (Reported by N A) * [ASTERISK-30186] res_pjsip: Add support for reloading TLS certificate and key information (Reported by Joshua C. Colp) * [ASTERISK-29899] features: Add advanced transfer initiation options (Reported by N A) Bugs fixed in this release: * [ASTERISK-30235] res_crypto and tests: Memory issues and and uninitialized variable error (Reported by George Joseph) * [ASTERISK-30234] res_geolocation: may be used uninitialized error in geoloc_config.c (Reported by George Joseph) * [ASTERISK-30215] Inbound SIP INVITE with Geo Location causing a Segmentation Fault (Reported by Dan Cropp) * [ASTERISK-30135] [res_musiconhold] Allows the moh only for the answered call (Reported by sungtae kim) * [ASTERISK-26894] pjsip should support tel uri scheme (Reported by Gergely D?ms?di) * [ASTERISK-30210] func_frame_trace: Channel masquerade triggers assertion (Reported by N A) * [ASTERISK-30190] res_geolocation: GEOLOC_PROFILE isn t returning correct values on incoming channel (Reported by George Joseph) * [ASTERISK-29185] chan_pjsip: Endpoint: allow = all is broken. (Reported by Alexander Traud) * [ASTERISK-30192] res_tonedetect: fix typo for frametype (Reported by N A) * [ASTERISK-29453] alembic: incoming_call_offer_pref and outgoing_call_offer_pref missing in ps_endpoints table (Reported by Daniel Th men) * [ASTERISK-26826] testsuite: Add support for Python 3 (Reported by Joshua C. Colp) * [ASTERISK-30167] res_geolocation: Refactor for issues found by users (Reported by George Joseph) * [ASTERISK-28422] Memory Leak in Confbridge menu (Reported by Ted G) * [ASTERISK-29917] ami: FilterList action doesn t exist (Reported by N A) * [ASTERISK-30020] ConfbridgeListRooms Event Not Documented (Reported by Michael Cargile) * [ASTERISK-30018] app_meetme: MeetmeList AMI event not documented (Reported by Michael Cargile) * [ASTERISK-30151] Documentation doesn t include info about field , a 3rd required parameter. (Reported by Chris Young) Improvements made in this release: * [ASTERISK-30241] res_pjsip_gelocation: Downgrade some NOTICE scope trace debugs to DEBUG level (Reported by N A) * [ASTERISK-30178] extend user_eq_phone behavior to local uri s (Reported by Michael Bradeen) * [ASTERISK-30046] Reimplement res/res_crypto.c internals with EVP_PKEY interface to Openssl API s (Reported by Philip Prindeville) * [ASTERISK-30045] Add test coverage to res/res_crypto.c functionality (Reported by Philip Prindeville) * [ASTERISK-30185] res_geolocation: Allow location parameters to be specified in profiles (Reported by George Joseph) * [ASTERISK-30177] res_geolocation: Add option to suppress empty elements (Reported by George Joseph) * [ASTERISK-30182] res_geolocation: Add built-in profiles to use in fully dynamic configurations (Reported by George Joseph) * [ASTERISK-29906] update RLS to reflect the changes to the lists (Reported by Alexei Gradinari) * [ASTERISK-30163] general: fix minor formatting issues (Reported by N A) * [ASTERISK-30164] chan_iax2: Add missing option documentation (Reported by N A) * [ASTERISK-30160] cdr.conf: Remove obsolete app_mysql reference (Reported by N A) * [ASTERISK-30159] general: Remove obsolete SVN references (Reported by N A) * [ASTERISK-30153] logger: Improve log levels (Reported by N A) 16.28.0 The following issues are resolved in this release: Improvements made in this release: * [ASTERISK-30128] Create PJSIP interface module for Geolocation (Reported by George Joseph) * [ASTERISK-30127] Create core Geolocation capability for Asterisk (Reported by George Joseph) * [ASTERISK-30089] general: fix typos (Reported by N A) * [ASTERISK-30050] Upgrade Asterisk to bundled pjproject 2.12.1 (Reported by Stanislav Abramenkov) Bugs fixed in this release: * [ASTERISK-30167] res_geolocation: Refactor for issues found by users (Reported by George Joseph) * [ASTERISK-29966] pbx_variables: ast_str_strlen can be wrong (Reported by N A) * [ASTERISK-29905] OSX: bininstall launchd issue on cross-platfrom build (Reported by Sergey V. Lobanov) * [ASTERISK-30137] manager: Global disabled event filtered is incomplete (Reported by N A) * [ASTERISK-30109] res_pjsip: no contact-status AMI event on register of prune-on-boot contact that uses the same URI as before Asterisk restart (Reported by Michael Neuhauser) * [ASTERISK-30126] Spelling mistake in configs/samples/queues.conf. sample (Reported by Sam Banks) * [ASTERISK-29991] chan_dahdi, callerid: Caller ID does not honor presentation (Reported by N A) * [ASTERISK-29907] res_pjsip, app_confbridge: Video call through ConfBridge with normal endpoints causes infinite loop/crash (Reported by N A) * [ASTERISK-30029] build: Git security vulnerability fix is sad with our accessing git as root during make install (Reported by Joshua C. Colp) * [ASTERISK-30138] Compile failure in res_geolocation/geoloc_ eprofile.c when optimization is enabled (Reported by George Joseph) * [ASTERISK-30096] cel_odbc: Column type 9 (field cdr:cel:eventtime ) is unsupported at this time (Reported by Morvai Szabolcs) * [ASTERISK-30083] chan_iax2: Optional dependency on openssl/ res_crypto is now mandatory (Reported by Dmitry Melekhov) * [ASTERISK-30123] features: Update automixmon documentation to reflect reality (Reported by Trevor Peirce) * [ASTERISK-30117] pbx_lua: Remove compiler warnings (Reported by Boris P. Korzun) * [ASTERISK-30001] db: Removing nonexistent entries shows Database entry removed (Reported by N A) * [ASTERISK-29822] cli: Typing \? freezes the CLI permanently with remote console (Reported by N A) * [ASTERISK-30106] res_calendar_icalendar: Microsoft online ICS calendars no longer work (Reported by N A) * [ASTERISK-30115] app_dial: Allow hook flashes to propogate on outbound dials (Reported by N A) * [ASTERISK-29989] app_dial, chan_dahdi: DIALSTATUS is inconsistent for busy (Reported by N A) * [ASTERISK-30072] res_pjsip: allow TLS verification of wildcard cert-bearing servers (Reported by Kevin Harwell) * [ASTERISK-30075] say: Abort if channel hangs up during playback (Reported by N A) New Features made in this release: * [ASTERISK-30136] db: Add AMI action to retrieve all keys beginning with a prefix (Reported by N A) * [ASTERISK-30000] chan_dahdi: Add POLARITY function (Reported by N A) * [ASTERISK-30062] cli: Add CLI command to execute a dialplan app (Reported by N A) * [ASTERISK-29999] pjsip: Get information from 200 OK INVITE reply headers (Reported by Jos Lopes) * [ASTERISK-30061] pbx: Add pbx helper application (Reported by N A) 16.27.0 Improvements made in this release: * [ASTERISK-30090] xmldocs: Use example tags for examples (Reported by N A) * [ASTERISK-29906] update RLS to reflect the changes to the lists (Reported by Alexei Gradinari) * [ASTERISK-29891] provide a display name for RLS subscriptions (Reported by Alexei Gradinari) * [ASTERISK-30086] res_parking: Warn when invalid parking space requested (Reported by N A) * [ASTERISK-30058] Evaluate dialplan functions and variables in agi exec (Reported by Shloime Rosenblum) * [ASTERISK-30027] ari: expose channel driver s unique id (i.e. Call-ID for chan_sip/chan_pjsip) in ARI channel resource (Reported by Moritz Fain) * [ASTERISK-29845] res_pjsip_outbound_registration: Show time remaining until registration lapses (Reported by N A) Bugs fixed in this release: * [ASTERISK-30097] console: Recent documentation changes for connecting to remote console are inconsistent (Reported by Matthias Hensler) * [ASTERISK-30043] Wrong party is disconnected when hook-flashing on 3-way bridge (Reported by Josh Alberts) * [ASTERISK-29603] res_pjsip: UPDATE/re-INVITE not sent when timers =always is specified in pjsip.conf (Reported by Ray Crumrine) * [ASTERISK-30092] DateTime application: wrong inflection for one o clock in German (Reported by Christof Efkemann) * [ASTERISK-30064] pbx: iax2 switch causes crash due to deadlock and assertion (Reported by N A) * [ASTERISK-29981] res_calendar: Asterisk crashes when starting, and will not run (Reported by N A) * [ASTERISK-30039] cli: Targeted debug on startup deadlocks and creates unstable system (Reported by N A) * [ASTERISK-30051] res_pjsip: No video after un-hold with moh_passthrough=yes (Reported by Maximilian Fridrich) * [ASTERISK-24601] Missing RFC4235 tags and attributes in PJSIP NOTIFY event: dialog XML body (Reported by Marco Paland) * [ASTERISK-30060] loader: format warnings in dev mode (Reported by N A) * [ASTERISK-30059] menuselect: libxml include fails under Gentoo (Reported by waltermoeller) * [ASTERISK-30065] pjsip: Open Websocket connection is not reused for outgoing requests (Reported by LA) * [ASTERISK-30042] res_pjsip_transport_websocket: Registration over websocket returns a rewritten contact (Reported by Thomas Guebels) * [ASTERISK-29993] chan_dahdi: Operator control option borks both lines involved on callee disconnect (Reported by N A) * [ASTERISK-30044] GCC 12 issues (Reported by George Joseph) New Features made in this release: * [ASTERISK-30063] app_voicemail: Add option to prevent deletion of messages (Reported by N A) * [ASTERISK-30087] res_parking: Add music on hold override option (Reported by N A) * [ASTERISK-29965] res_pjsip_outbound_registration: Make max registration delay configurable (Reported by N A) * [ASTERISK-30036] app_confbridge: Add CONFBRIDGE_CHANNELS function (Reported by N A) 16.26.1 Bugs fixed in this release: * [ASTERISK-30065] pjsip: Open Websocket connection is not reused for outgoing requests (Reported by LA) 16.26.0 Security bugs fixed in this release: * [ASTERISK-29476] res_stir_shaken: Blind SSRF vulnerabilities (Reported by Clint Ruoho) * [ASTERISK-29838] ${SQL_ESC()} not correctly escaping a terminating \ (Reported by Leandro Dardini) * [ASTERISK-29872] res_stir_shaken: Resource exhaustion with large files (Reported by Benjamin Keith Ford) New Features made in this release: * [ASTERISK-29931] Option to allow a user to not hear the join sound on enter but everyone else can (Reported by Michael Cargile) * [ASTERISK-29968] func_db: Add a function to return cardinality of keys at prefix (Reported by N A) * [ASTERISK-29486] Hint-like extension value lookup function without device state (Reported by N A) * [ASTERISK-29941] chan_pjsip: Add ability to send flash events (Reported by N A) * [ASTERISK-29820] cli: Add command to evaluate a function (Reported by N A) * [ASTERISK-29876] app_queue: Add music on hold option (Reported by N A) Bugs fixed in this release: * [ASTERISK-28518] chan_dahdi: Caller ID FSK Erroneously Sent when Picking Up Dahdi Call On Hold (Reported by Josh Alberts) * [ASTERISK-29990] chan_dahdi: adding ring cadences is not idempotent on dahdi restart (Reported by N A) * [ASTERISK-30007] chan_iax2: Prevent crashes due to attempted encryption with missing secrets (Reported by N A) * [ASTERISK-29728] menuselect: Disabled by default modules that are enabled are always recompiled (Reported by N A) * [ASTERISK-30002] app_meetme: Don t erroneously set global variables when channel is NULL (Reported by N A) * [ASTERISK-29994] chan_dahdi: Round robin array size is too small for max number of groups (Reported by N A) * [ASTERISK-22246] Asterisk s T flag is ignored when used with r or R flags. (documentation bug) (Reported by Rusty Newton) * [ASTERISK-26582] Asterisk seems to ignore the n parameter for disable console colorization (Reported by Sebastian Gutierrez) * [ASTERISK-29843] Session timers get removed on UPDATE (Reported by Mark Petersen) * [ASTERISK-29943] file.c: seeking to negative file offset is not prevented (Reported by N A) * [ASTERISK-29955] chan_sip: SIP route header is missing on UPDATE (Reported by Mark Petersen) * [ASTERISK-29842] Do not change 180 Ringing to 183 Progress even if early_media already enabled (Reported by Mark Petersen) * [ASTERISK-29948] iostream: Infinite TCP timeout writing data (Reported by N A) * [ASTERISK-29253] Incorrect bridging on transfer (Reported by Yury Kirsanov) * [ASTERISK-30024] Failed to sign STIR/SHAKEN payload with functionality not enabled (Reported by Claude Diderich) * [ASTERISK-30006] res_pjsip: UDP transport does not work when async_operations is greater than 1 (Reported by Ross Beer) * [ASTERISK-29655] res_pjsip_session: No video to caller if no camera available (Reported by Michael Auracher) * [ASTERISK-29638] res_pjsip_session: No video after early media (Reported by Michael Auracher) * [ASTERISK-30015] pjsip / WebRTC: Chrome creating large number of SDP attributes (Reported by Josh Hogan) * [ASTERISK-30021] ast_variable_list_replace_variable uses variable with new keyword (Reported by Jasper Hafkenscheid) * [ASTERISK-30023] cdr_adaptive_odbc: does not support DATETIME database columns (Reported by Gregory Massel) * [ASTERISK-29411] Crash in pjsip_msg_find_hdr_by_name (Reported by LA) * [ASTERISK-29535] Segmentation fault in libasteriskpj.so.2 (Reported by Daniel Bonazzi) * [ASTERISK-26719] pbx: Only up to 127 includes in a dialplan context (AST_PBX_MAX_STACK 1) (Reported by Tzafrir Cohen) * [ASTERISK-29988] REGRESSION: The build process is requiring xmllint or xmlstarlet ro be installed when it shouldn t (Reported by George Joseph) * [ASTERISK-29986] build: Asterisk 18.11.0 doesn t compile when wget isn t available (Reported by Stefan Ruijsenaars) * [ASTERISK-29895] chan_iax2: Fix misaligned spacing in iax2 show netstats printout (Reported by N A) * [ASTERISK-29939] agi: Fix xmldoc bug with set music (Reported by N A) * [ASTERISK-28891] documentation: AGICommand_set+music documentation arguments displayed incorreclty (Reported by Jonathan Harris) * [ASTERISK-29048] chan_iax2: iax2 show registry shows host for perceived (Reported by David Herselman) * [ASTERISK-26689] res_pjsip_sdp_rtp: 183 Session in Progress. Disconnecting channel for lack of RTP activity (Reported by Dmitriy Serov) * [ASTERISK-29929] res_pjsip_sdp_rtp: Disconnecting channel for lack of RTP activity in one way sessions (Reported by Boris P. Korzun) * [ASTERISK-29674] Adjust for 64bit time_t (Reported by Andre Heider) * [ASTERISK-29961] RLS: domain part of uri list attribute mismatch with SUBSCRIBE request (Reported by Alexei Gradinari) * [ASTERISK-29950] SayNumber can handle 01 to 07 , but not 08 or 09 (Reported by Jim Van Meggelen) * [ASTERISK-29928] logging messages truncated when using MUSL runtime (Reported by Philip Prindeville) * [ASTERISK-29960] ari: Retrieving stored recording can returns wrong file (Reported by Arix) Improvements made in this release: * [ASTERISK-24827] Missing documentation for chan_dahdi dial string ring cadences (Reported by Scott Griepentrog) * [ASTERISK-29940] general: Add since tags to xmldocs (Reported by N A) * [ASTERISK-29951] app_mf, app_sf: Return -1 on hangup (Reported by N A) * [ASTERISK-29954] app_meetme: Emit warning if conference not found (Reported by N A) * [ASTERISK-29351] Qualify pjproject 2.12 for Asterisk (Reported by George Joseph) * [ASTERISK-29877] app_mf: Allow reading a maximum number of digits (Reported by N A) * [ASTERISK-29976] Should Readme include information about install_prereq script? (Reported by Marcel Wagner) * [ASTERISK-29970] Use pkg-config to find libxml2 headers and libraries (Reported by Hugh McMaster) * [ASTERISK-25716] Documentation: Document explanations and examples for possible values of DIALSTATUS (Reported by Rusty Newton) * [ASTERISK-29980] build: External binary modules don t use https (Reported by INVADE International Ltd.) * [ASTERISK-29967] pbx_builtins: Add missing documentation (Reported by N A) 16.25.3 Bugs fixed in this release: * [ASTERISK-30024] Failed to sign STIR/SHAKEN payload with functionality not enabled (Reported by Claude Diderich) 16.25.2 The following security vulnerabilities were resolved in 16.25.2: * AST-2022-001: res_stir_shaken: resource exhaustion with large files When using STIR/SHAKEN, it's possible to download files that are not certificates. These files could be much larger than what you would expect to download. * AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header When using STIR/SHAKEN, it's possible to send arbitrary requests like GET to interfaces such as localhost using the Identity header. * AST-2022-003: func_odbc: Possible SQL Injection Some databases can use backslashes to escape certain characters, such as backticks. If input is provided to func_odbc which includes backslashes it is possible for func_odbc to construct a broken SQL query and the SQL query to fail. 16.25.1 Bugs fixed in this release: * [ASTERISK-29988] REGRESSION: The build process is requiring xmllint or xmlstarlet ro be installed when it shouldn??t (Reported by George Joseph) * [ASTERISK-29986] build: Asterisk 18.11.0 doesn??t compile when wget isn??t available (Reported by Stefan Ruijsenaars) 15.25.0 Security bugs fixed in this release: * [ASTERISK-29945] pjproject: Security fixes for things (Reported by Kevin Harwell) New Features made in this release: * [ASTERISK-29853] ami: Allow events to be globally disabled (Reported by N A) * [ASTERISK-29840] func_channel: Add LASTCONTEXT and LASTEXTEN fields (Reported by N A) Bugs fixed in this release: * [ASTERISK-29924] res_config_pgsql: omit unsupported column type text' error (Reported by Boris P. Korzun) * [ASTERISK-29923] docs, LICENSE: pbx.digium.com no longer exists (Reported by N A) * [ASTERISK-29904] RLS: Batched Notifications stop working (Reported by Alexei Gradinari) * [ASTERISK-29365] taskprocessor: Can cause assert at shutdown (Reported by Joshua C. Colp) * [ASTERISK-29873] Queue Realtime load (Reported by Alexei Gradinari) * [ASTERISK-18416] Realtime queue agents unavailable via AMI before a call event. (Reported by kwk) * [ASTERISK-27597] AMI Queuestatus not working (with realtime queue) (Reported by cagdas kopuz) * [ASTERISK-29886] Asterisk AMI sends not-valid XML (Reported by Napadailo Yaroslav) Improvements made in this release: * [ASTERISK-29906] update RLS to reflect the changes to the lists (Reported by Alexei Gradinari) * [ASTERISK-29909] app_queue: Add support for withdrawing a call (Reported by Kfir Itzhak) * [ASTERISK-29353] Qualify jansson 2.14 for asterisk (Reported by George Joseph) * [ASTERISK-29897] channels: Increase core debug levels for chatty debugs (Reported by N A) * [ASTERISK-29896] xmldocs: Add since tag (Reported by N A) * [ASTERISK-29861] asterisk.h: add macro for curl user agent (Reported by N A) * [ASTERISK-29920] app_voicemail: Warn if trying to manage nonexistent mailbox (Reported by N A) * [ASTERISK-29925] func_db: Warn about malformed key names (Reported by N A) * [ASTERISK-29809] curl, stir_shaken: refactor curl code (Reported by N A) * [ASTERISK-29891] provide a display name for RLS subscriptions (Reported by Alexei Gradinari) * [ASTERISK-29866] cli: add core dump information to core show settings (Reported by N A) * [ASTERISK-29898] documentation: Add default attributes to documentation (Reported by N A) * [ASTERISK-29900] app_mp3: Document and warn about https incompatibility (Reported by N A) 16.24.1 The following security vulnerabilities were resolved in 16.24.1: * AST-2022-004: pjproject: integer underflow on STUN message The header length on incoming STUN messages that contain an ERROR-CODE attribute is not properly checked. This can result in an integer underflow. Note, this requires ICE or WebRTC support to be in use with a malicious remote party. * AST-2022-005: pjproject: undefined behavior after freeing a dialog set When acting as a UAC, and when placing an outgoing call to a target that then forks Asterisk may experience undefined behavior (crashes, hangs, etc??) after a dialog set is prematurely freed. * AST-2022-006: pjproject: unconstrained malformed multipart SIP message If an incoming SIP message contains a malformed multi-part body an out of bounds read access may occur, which can result in undefined behavior. Note, it??s currently uncertain if there is any externally exploitable vector within Asterisk for this issue, but providing this as a security issue out of caution.[cleardot] |
||
---|---|---|
.. | ||
patch-build__tools_mkpkgconfig | ||
patch-channels_Makefile | ||
patch-configure | ||
patch-configure.ac | ||
patch-contrib_scripts_vmail.cgi | ||
patch-include_asterisk_autoconfig.h.in | ||
patch-include_asterisk_sha1.h | ||
patch-main_acl.c | ||
patch-main_bridge__channel.c | ||
patch-main_Makefile | ||
patch-main_pbx__builtins.c | ||
patch-main_stdtime_localtime.c | ||
patch-main_taskprocessor.c | ||
patch-main_utils.c | ||
patch-Makefile | ||
patch-pbx_pbx__dundi.c | ||
patch-res_res__rtp__asterisk.c | ||
patch-res_res__xmpp.c | ||
patch-sounds_Makefile | ||
patch-tests_test__locale.c | ||
patch-utils_db1-ast_include_db.h | ||
patch-utils_Makefile |