head 1.7; access; symbols pkgsrc-2025Q2:1.6.0.36 pkgsrc-2025Q2-base:1.6 pkgsrc-2025Q1:1.6.0.34 pkgsrc-2025Q1-base:1.6 pkgsrc-2024Q4:1.6.0.32 pkgsrc-2024Q4-base:1.6 pkgsrc-2024Q3:1.6.0.30 pkgsrc-2024Q3-base:1.6 pkgsrc-2024Q2:1.6.0.28 pkgsrc-2024Q2-base:1.6 pkgsrc-2024Q1:1.6.0.26 pkgsrc-2024Q1-base:1.6 pkgsrc-2023Q4:1.6.0.24 pkgsrc-2023Q4-base:1.6 pkgsrc-2023Q3:1.6.0.22 pkgsrc-2023Q3-base:1.6 pkgsrc-2023Q2:1.6.0.20 pkgsrc-2023Q2-base:1.6 pkgsrc-2023Q1:1.6.0.18 pkgsrc-2023Q1-base:1.6 pkgsrc-2022Q4:1.6.0.16 pkgsrc-2022Q4-base:1.6 pkgsrc-2022Q3:1.6.0.14 pkgsrc-2022Q3-base:1.6 pkgsrc-2022Q2:1.6.0.12 pkgsrc-2022Q2-base:1.6 pkgsrc-2022Q1:1.6.0.10 pkgsrc-2022Q1-base:1.6 pkgsrc-2021Q4:1.6.0.8 pkgsrc-2021Q4-base:1.6 pkgsrc-2021Q3:1.6.0.6 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.4 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.6.0.2 pkgsrc-2021Q1-base:1.6 pkgsrc-2020Q4:1.5.0.24 pkgsrc-2020Q4-base:1.5 pkgsrc-2020Q3:1.5.0.22 pkgsrc-2020Q3-base:1.5 pkgsrc-2020Q2:1.5.0.20 pkgsrc-2020Q2-base:1.5 pkgsrc-2020Q1:1.5.0.16 pkgsrc-2020Q1-base:1.5 pkgsrc-2019Q4:1.5.0.18 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.5.0.14 pkgsrc-2019Q3-base:1.5 pkgsrc-2019Q2:1.5.0.12 pkgsrc-2019Q2-base:1.5 pkgsrc-2019Q1:1.5.0.10 pkgsrc-2019Q1-base:1.5 pkgsrc-2018Q4:1.5.0.8 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.6 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.4 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.2 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.4.0.8 pkgsrc-2017Q4-base:1.4 pkgsrc-2017Q3:1.4.0.6 pkgsrc-2017Q3-base:1.4 pkgsrc-2017Q2:1.4.0.2 pkgsrc-2017Q2-base:1.4 pkgsrc-2017Q1:1.3.0.8 pkgsrc-2017Q1-base:1.3 pkgsrc-2016Q4:1.3.0.6 pkgsrc-2016Q4-base:1.3 pkgsrc-2016Q3:1.3.0.4 pkgsrc-2016Q3-base:1.3 pkgsrc-2016Q2:1.3.0.2 pkgsrc-2016Q2-base:1.3 pkgsrc-2016Q1:1.2.0.2 pkgsrc-2016Q1-base:1.2 pkgsrc-2015Q4:1.1.1.1.0.2 pkgsrc-2015Q4-base:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.7 date 2025.07.09.07.16.56; author jnemeth; state dead; branches; next 1.6; commitid kLQuP0CZAP9SB22G; 1.6 date 2021.01.02.22.45.43; author jnemeth; state Exp; branches; next 1.5; commitid ANb1c4VrHyVCKcCC; 1.5 date 2018.01.23.08.26.08; author jnemeth; state Exp; branches; next 1.4; commitid YR4X4Xh9CwWGqYnA; 1.4 date 2017.06.04.07.51.27; author jnemeth; state Exp; branches; next 1.3; commitid Abt5Hg82RiMrM1Uz; 1.3 date 2016.05.06.07.41.06; author jnemeth; state Exp; branches; next 1.2; commitid Af0yz0jKv0qeso5z; 1.2 date 2016.02.07.09.13.34; author jnemeth; state Exp; branches; next 1.1; commitid H66jZzUg75YcOXTy; 1.1 date 2015.12.05.23.29.09; author jnemeth; state Exp; branches 1.1.1.1; next ; commitid HrxiuMojJLTuCOLy; 1.1.1.1 date 2015.12.05.23.29.09; author jnemeth; state Exp; branches; next ; commitid HrxiuMojJLTuCOLy; desc @@ 1.7 log @remove seriously outdated Asterisk 13 as per pkgsrc-users e-mail on May 19th @ text @$NetBSD: patch-Makefile,v 1.6 2021/01/02 22:45:43 jnemeth Exp $ --- Makefile.orig 2019-10-08 17:10:52.000000000 +0000 +++ Makefile @@@@ -145,7 +145,7 @@@@ DEBUG=-g3 # Asterisk.conf is located in ASTETCDIR or by using the -C flag # when starting Asterisk -ASTCONFPATH=$(ASTETCDIR)/asterisk.conf +ASTCONFPATH=$(ASTEXAMPLEDIR)/asterisk.conf AGI_DIR=$(ASTDATADIR)/agi-bin # If you use Apache, you may determine by a grep 'DocumentRoot' of your httpd.conf file @@@@ -182,6 +182,9 @@@@ DAHDI_UDEV_HOOK_DIR = /usr/share/dahdi/s # supported run: # menuselect/menuselect --help +GLOBAL_MAKEOPTS=$(wildcard /etc/asterisk.makeopts) +USER_MAKEOPTS=$(wildcard ~/.asterisk.makeopts) + MOD_SUBDIR_CFLAGS="-I$(ASTTOPDIR)/include" OTHER_SUBDIR_CFLAGS="-I$(ASTTOPDIR)/include" @@@@ -218,12 +221,6 @@@@ ifeq ($(AST_DEVMODE),yes) endif endif -ifeq ($(OSARCH),NetBSD) - _ASTCFLAGS+=-isystem /usr/pkg/include -else ifneq ($(findstring BSD,$(OSARCH)),) - _ASTCFLAGS+=-isystem /usr/local/include -endif - ifeq ($(OSARCH),FreeBSD) # -V is understood by BSD Make, not by GNU make. BSDVERSION=$(shell make -V OSVERSION -f /usr/share/mk/bsd.port.subdir.mk) @@@@ -358,10 +355,10 @@@@ makeopts: configure @@echo "****" @@exit 1 -menuselect.makeopts: menuselect/menuselect menuselect-tree makeopts build_tools/menuselect-deps +menuselect.makeopts: menuselect/menuselect menuselect-tree makeopts build_tools/menuselect-deps $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS) ifeq ($(filter %menuselect,$(MAKECMDGOALS)),) menuselect/menuselect --check-deps $@@ - menuselect/menuselect --check-deps $@@ + menuselect/menuselect --check-deps $@@ $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS) endif $(MOD_SUBDIRS_MENUSELECT_TREE): @@@@ -434,7 +431,6 @@@@ dist-clean: distclean distclean: $(SUBDIRS_DIST_CLEAN) _clean @@$(MAKE) -C menuselect dist-clean - @@$(MAKE) -C sounds dist-clean rm -f menuselect.makeopts makeopts menuselect-tree menuselect.makedeps rm -f config.log config.status config.cache rm -rf autom4te.cache @@@@ -555,7 +551,7 @@@@ update: NEWHEADERS=$(notdir $(wildcard include/asterisk/*.h)) OLDHEADERS=$(filter-out $(NEWHEADERS) $(notdir $(DESTDIR)$(ASTHEADERDIR)),$(notdir $(wildcard $(DESTDIR)$(ASTHEADERDIR)/*.h))) -INSTALLDIRS="$(ASTLIBDIR)" "$(ASTMODDIR)" "$(ASTSBINDIR)" "$(ASTETCDIR)" "$(ASTVARRUNDIR)" \ +INSTALLDIRS="$(ASTLIBDIR)" "$(ASTMODDIR)" "$(ASTSBINDIR)" "$(ASTEXAMPLEDIR)" "$(ASTVARRUNDIR)" \ "$(ASTSPOOLDIR)" "$(ASTSPOOLDIR)/dictate" "$(ASTSPOOLDIR)/meetme" \ "$(ASTSPOOLDIR)/monitor" "$(ASTSPOOLDIR)/system" "$(ASTSPOOLDIR)/tmp" \ "$(ASTSPOOLDIR)/voicemail" "$(ASTSPOOLDIR)/recording" \ @@@@ -761,7 +757,7 @@@@ upgrade: bininstall # (2) the extension to strip off define INSTALL_CONFIGS @@for x in $(1)/*$(2); do \ - dst="$(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x $(2)`"; \ + dst="$(DESTDIR)$(ASTEXAMPLEDIR)/`$(BASENAME) $$x $(2)`"; \ if [ -f "$${dst}" ]; then \ if [ "$(OVERWRITE)" = "y" ]; then \ if cmp -s "$${dst}" "$$x" ; then \ @@@@ -790,9 +786,9 @@@@ define INSTALL_CONFIGS -e 's|^astrundir.*$$|astrundir => $(ASTVARRUNDIR)|' \ -e 's|^astlogdir.*$$|astlogdir => $(ASTLOGDIR)|' \ -e 's|^astsbindir.*$$|astsbindir => $(ASTSBINDIR)|' \ - "$(DESTDIR)$(ASTCONFPATH)" > "$(DESTDIR)$(ASTCONFPATH).tmp" ; \ - $(INSTALL) -m 644 "$(DESTDIR)$(ASTCONFPATH).tmp" "$(DESTDIR)$(ASTCONFPATH)" ; \ - rm -f "$(DESTDIR)$(ASTCONFPATH).tmp" ; \ + "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf" > "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" ; \ + $(INSTALL) -m 644 "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf" ; \ + rm -f "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" ; \ fi endef @@@@ -817,15 +813,15 @@@@ install-configs: # XXX why *.adsi is installed first ? adsi: @@echo Installing adsi config files... - $(INSTALL) -d "$(DESTDIR)$(ASTETCDIR)" + $(INSTALL) -d "$(DESTDIR)$(ASTEXAMPLEDIR)" @@for x in configs/samples/*.adsi; do \ - dst="$(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x`" ; \ + dst="$(DESTDIR)$(ASTEXAMPLEDIR)/`$(BASENAME) $$x`" ; \ if [ -f "$${dst}" ] ; then \ echo "Overwriting $$x" ; \ else \ echo "Installing $$x" ; \ fi ; \ - $(INSTALL) -m 644 "$$x" "$(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x`" ; \ + $(INSTALL) -m 644 "$$x" "$(DESTDIR)$(ASTEXAMPLEDIR)/`$(BASENAME) $$x`" ; \ done samples: adsi @@@@ -858,7 +854,7 @@@@ basic-pbx: webvmail: @@[ -d "$(DESTDIR)$(HTTP_DOCSDIR)/" ] || ( printf "http docs directory not found.\nUpdate assignment of variable HTTP_DOCSDIR in Makefile!\n" && exit 1 ) @@[ -d "$(DESTDIR)$(HTTP_CGIDIR)" ] || ( printf "cgi-bin directory not found.\nUpdate assignment of variable HTTP_CGIDIR in Makefile!\n" && exit 1 ) - $(INSTALL) -m 4755 contrib/scripts/vmail.cgi "$(DESTDIR)$(HTTP_CGIDIR)/vmail.cgi" + $(INSTALL) contrib/scripts/vmail.cgi "$(DESTDIR)$(HTTP_CGIDIR)/vmail" $(INSTALL) -d "$(DESTDIR)$(HTTP_DOCSDIR)/_asterisk" for x in images/*.gif; do \ $(INSTALL) -m 644 $$x "$(DESTDIR)$(HTTP_DOCSDIR)/_asterisk/"; \ @@@@ -908,11 +904,11 @@@@ endif endif install-logrotate: - if [ ! -d "$(DESTDIR)$(ASTETCDIR)/../logrotate.d" ]; then \ - $(INSTALL) -d "$(DESTDIR)$(ASTETCDIR)/../logrotate.d" ; \ + if [ ! -d "$(DESTDIR)$(ASTEXAMPLEDIR)/../logrotate.d" ]; then \ + $(INSTALL) -d "$(DESTDIR)$(ASTEXAMPLEDIR)/../logrotate.d" ; \ fi sed 's#__LOGDIR__#$(ASTLOGDIR)#g' < contrib/scripts/asterisk.logrotate | sed 's#__SBINDIR__#$(ASTSBINDIR)#g' > contrib/scripts/asterisk.logrotate.tmp - $(INSTALL) -m 0644 contrib/scripts/asterisk.logrotate.tmp "$(DESTDIR)$(ASTETCDIR)/../logrotate.d/asterisk" + $(INSTALL) -m 0644 contrib/scripts/asterisk.logrotate.tmp "$(DESTDIR)$(ASTEXAMPLEDIR)/../logrotate.d/asterisk" rm -f contrib/scripts/asterisk.logrotate.tmp config: @@@@ -1039,7 +1035,7 @@@@ uninstall-all: _uninstall uninstall-head rm -rf "$(DESTDIR)$(ASTVARLIBDIR)" rm -rf "$(DESTDIR)$(ASTDATADIR)" rm -rf "$(DESTDIR)$(ASTSPOOLDIR)" - rm -rf "$(DESTDIR)$(ASTETCDIR)" + rm -rf "$(DESTDIR)$(ASTEXAMPLEDIR)" rm -rf "$(DESTDIR)$(ASTLOGDIR)" menuconfig: menuselect @@@@ -1129,6 +1125,7 @@@@ check-alembic: makeopts .PHONY: install-configs .PHONY: install-headers .PHONY: menuselect +.PHONY: menuselect.makeopts .PHONY: main .PHONY: sounds .PHONY: clean @ 1.6 log @Update to Asterisk 13.38.1 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 16, 17 and 18. The available releases are released as versions 13.38.1, 16.15.1, 17.9.1 and 18.1.1. The following security vulnerabilities were resolved in these versions: * AST-2020-003: Remote crash in res_pjsip_diversion A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. * AST-2020-004: Remote crash in res_pjsip_diversion A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2020-003.pdf https://downloads.asterisk.org/pub/security/AST-2020-004.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.38.0. The release of Asterisk 13.38.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-29057 - pjsip: Crash on call rejection during high load (Reported by Sandro Gauci) Improvements made in this release: ----------------------------------- * ASTERISK-29056 - Increase reg_server column size for ps_contacts table realtime (Reported by sungtae kim) * ASTERISK-29055 - Create a Bridge with video_single mode (Reported by sungtae kim) Bugs fixed in this release: ----------------------------------- * ASTERISK-29013 - res_pjsip: Asterisk doesn't stop sending invites (with auth) on 407 replies (Reported by Sebastian Damm) * ASTERISK-29108 - resource_endpoints.c : Memory leak if endpoint not found (Reported by Jean Aunis - Prescom) * ASTERISK-29097 - res_pjsip_config_wizard: Crash when freeing string when failing to add extension (Reported by Vieri) * ASTERISK-26424 - app_voicemail: Undocumented behavior from VMSayName (Reported by Eric Smith) * ASTERISK-29051 - res_pjsip_sdp_rtp: Does not set correct values on RTP instance when "auto" DTMF is used (Reported by Sebastian Damm) * ASTERISK-28311 - dsp: ast_dsp_silence_noise_with_energy wrong judgment of frame format (Reported by ?????????) * ASTERISK-24329 - Music On Hold announcement cuts intro of music the first time it is played (Reported by Thomas Frederiksen) * ASTERISK-29081 - res_stasis: Add compare function for bridges moh container (Reported by Hajek Michal) * ASTERISK-29085 - func_curl: Segmentation fault when using CURL after setting httpheader CURLOPT (Reported by P??ter Juh??sz) * ASTERISK-28416 - Unable to get rtp codec payload code for slin (Reported by Brian J. Murrell) New Features made in this release: ----------------------------------- * ASTERISK-29027 - Implement support for History-Info (Reported by Torrey Searle) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.38.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases are released as versions 13.37.1, 16.14.1, 17.8.1, 18.0.1 and 16.8-cert5. The following security vulnerabilities were resolved in these versions: * AST-2020-001: Remote crash in res_pjsip_session Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. * AST-2020-002: Outbound INVITE loop on challenge with different nonce. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2020-001.pdf https://downloads.asterisk.org/pub/security/AST-2020-002.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.37.0. The release of Asterisk 13.37.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events (Reported by Ove Aursand) * ASTERISK-29043 - app_queue: Leave empty sometimes not recorded as abandoned (Reported by Kfir Itzhak) * ASTERISK-29042 - res_parking: Parker UUID is no longer copied (Reported by Misha Vodsedalek) * ASTERISK-29029 - Voicemail "pollmailboxes"-option not working, bug in function handle_subscribe (Reported by Karsten Wemheuer) * ASTERISK-28878 - chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16 (Reported by Joseph Ades) * ASTERISK-29046 - pbx: Deadlock when doing a reload, while simultaneously doing an ExtensionState on a pattern match hint that ends up adding an extension (Reported by Ramarajan) * ASTERISK-29040 - res_speech: Assertion on format (Reported by Nickolay V. Shmyrev) * ASTERISK-29001 - chan_pjsip does not process or forward 181 responses (Reported by Torrey Searle) * ASTERISK-27273 - app_voicemail: When a voicemail is marked as "Urgent", it is not sent by email/processed by the mailcmd command (Reported by Leandro Dardini) * ASTERISK-29033 - res_pjsip_session: Aggressively terminates session on failed re-INVITE (Reported by Joshua C. Colp) * ASTERISK-28974 - res_rtp_asterisk: T.140 messages have appended RTP string to each message block. (Reported by Thomas Johnson) Improvements made in this release: ----------------------------------- * ASTERISK-29010 - Allow disabling of FollowMe prompt (Reported by Dennis) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.37.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.36.0. The release of Asterisk 13.36.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-29042 - res_parking: Parker UUID is no longer copied (Reported by Misha Vodsedalek) * ASTERISK-29029 - Voicemail "pollmailboxes"-option not working, bug in function handle_subscribe (Reported by Karsten Wemheuer) * ASTERISK-29046 - pbx: Deadlock when doing a reload, while simultaneously doing an ExtensionState on a pattern match hint that ends up adding an extension (Reported by Ramarajan) * ASTERISK-29011 - chan_sip: ToHost property not cleared on reload (Reported by Dennis) * ASTERISK-28987 - BridgeCreated ARI event shows wrong video_mode info (Reported by sungtae kim) * ASTERISK-28927 - Asterisk crash in music on hold (Reported by David Cunningham) * ASTERISK-28973 - Malformed IP address in SDP of 2nd SIP timer triggered INVITE when NAT is active (UDP transport with external_media_address) (Reported by Michael Neuhauser) * ASTERISK-28995 - res_pjsip_registrar: Expires on statically configured contacts is not correct (Reported by tootai) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.36.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.35.0. The release of Asterisk 13.35.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28878 - chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16 (Reported by Joseph Ades) * ASTERISK-28965 - res_pjsip: Apply outbound proxy to static contacts on AOR (Reported by Joshua C. Colp) * ASTERISK-28930 - ./configure --without-ssl build failure (Reported by Jaco Kroon) * ASTERISK-28957 - chan_sip: chan_sip does not process 400 response to an INVITE. (Reported by Frederic LE FOLL) * ASTERISK-28888 - res_corosync: causes asterisk crash in huge distributed environment. (Reported by Universit?? di Bologna - CESIA VoIP) * ASTERISK-28955 - "setvar" doesn't work properly in dahdi-channels.conf (Reported by Marin Odrljin) * ASTERISK-28942 - res_sorcery_memory_cache: Individual object expiration behaves unexpectedly with full backend caching (Reported by Joshua C. Colp) * ASTERISK-28952 - Queue wrapuptime sometimes not respected (based on stale lastcall time) (Reported by Walter Doekes) * ASTERISK-28950 - Stale code in app_queue to check untouched channel (Reported by Walter Doekes) * ASTERISK-28644 - Stale comment in app_queue about ring_entry exception (Reported by Walter Doekes) * ASTERISK-28923 - T.38 Segfaults in chan_pjsip_queryoption (Reported by Yury Kirsanov) * ASTERISK-28936 - res_pjsip: crash when dialing non-sip uri (Reported by Walter Doekes) * ASTERISK-28900 - res_fax: Double frame free when gateway in use with off-nominal format usage (Reported by Gregory Massel) * ASTERISK-28929 - pjproject_bundled: Honor --without-pjproject. (Reported by Alexander Traud) * ASTERISK-28932 - res_pjsip_logger writing too big packets (Reported by nappsoft) * ASTERISK-28885 - res_rtp_asterisk: Simultaneous termination and ICE complete can cause crash (Reported by Josep B) * ASTERISK-28921 - Wrong return value check for fwrite when writing to pcap file (Reported by nappsoft) Improvements made in this release: ----------------------------------- * ASTERISK-28959 - res_pjsip: Added option for disable rport parameter set (Reported by sungtae kim) * ASTERISK-28958 - Continue reading string when ping received by websocket (Reported by Nickolay V. Shmyrev) * ASTERISK-28945 - AMI SendText - add Content-Type parameter (Reported by Kevin Harwell) * ASTERISK-28949 - res_http_websocket: Add masking to websocket client (Reported by Moises Silva) * ASTERISK-28899 - Upgrade Asterisk to bundled pjproject 2.10 (Reported by Kevin Harwell) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.35.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.34.0. The release of Asterisk 13.34.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28932 - res_pjsip_logger writing too big packets (Reported by nappsoft) * ASTERISK-28921 - Wrong return value check for fwrite when writing to pcap file (Reported by nappsoft) * ASTERISK-28794 - res_pjsip: Crash when escaping during URI printing (Reported by nappsoft) * ASTERISK-28884 - x-ast-orig-host not filtered out from request URI and To header (Reported by nappsoft) * ASTERISK-28898 - bridge_softmix: Conference bridge not passing silent rtp packets (Reported by Jonathan Hunter) * ASTERISK-28904 - RTP ICE leaks the memory (Reported by sungtae kim) * ASTERISK-28854 - SIGSEGV when pjsip show history encounters IPV6 address (Reported by Roger James) * ASTERISK-28797 - [patch] tcptls: Fix notice when TLS is enabled but not configured. (Reported by Alexander Traud) * ASTERISK-28804 - [patch] app_osplookup.c: Avoid a format truncation. (Reported by Alexander Traud) * ASTERISK-28776 - Non async-signal-safe syscalls used after fork before exec (Reported by nappsoft) * ASTERISK-28829 - app_queue: leaking stasis subscription when Redirecting call (Reported by lvl) * ASTERISK-25844 - app_queue: Ghost channels in "core show channels" output (Reported by Etienne Lessard) * ASTERISK-22920 - Crash while Forwarding from TLS extension with CHANNEL args secure_bridge_media and secure_bridge_signaling (Reported by Shlomi Gutman) * ASTERISK-28859 - pjsip: Increase maximum candidate count (Reported by Joshua C. Colp) * ASTERISK-28852 - Unprotected access to nochecksums variable, causes build failures (Reported by Guido Falsi) Improvements made in this release: ----------------------------------- * ASTERISK-28895 - res_pjsip_logger: Add tons'o'functionality (Reported by Joshua C. Colp) * ASTERISK-28879 - pjproject has race conditions in it's build system (Reported by Guido Falsi) * ASTERISK-28866 - third-party/pjproject/configure.m4 contains bashisms (Reported by Guido Falsi) * ASTERISK-28832 - chan_mobile creates PCMA streams that make some VoIP clients crash or not render received audio (Reported by Peter Turczak) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.34.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.33.0. The release of Asterisk 13.33.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Improvements made in this release: ----------------------------------- * ASTERISK-28813 - func_volume: Allow decimal numbers as parameter to improve granularity (Reported by Jean Aunis - Prescom) * ASTERISK-27946 - dial (API): Storage of dialed target uses AST_MAX_EXTENSION when it shouldn't (Reported by Joshua Elson) * ASTERISK-28782 - Add support for Content-Disposition header in multi-part INVITES (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-28852 - Unprotected access to nochecksums variable, causes build failures (Reported by Guido Falsi) * ASTERISK-28847 - ARI channels cuts the endpoint string over 80 characters (Reported by sungtae kim) * ASTERISK-28835 - IPv6 addresses in SDP incorrectly formatted (Reported by Daniel Heckl) * ASTERISK-28372 - Asterisk REPLY Wrong Contact header port (TCP) (Reported by Anton Satskiy) * ASTERISK-24428 - Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used (Reported by sstream) * ASTERISK-28838 - AST_MODULE_INFO requires, MODULEINFO does not mention (Reported by Alexander Traud) * ASTERISK-28837 - pjproject_bundled: Honor --without-pjproject. (Reported by Alexander Traud) * ASTERISK-27195 - chan_sip: only sets ToS bits on UDP socket, ignoring TCP and TLS sockets (Reported by Joshua Roys) * ASTERISK-28812 - First DTMF is not get (Reported by Bernard Merindol) * ASTERISK-28758 - pjsip startup errors when using "with-ssl" configure option (Reported by Patrick Wakano) * ASTERISK-28824 - BuildSystem: Search for Python/C API when possibly needed only. (Reported by Alexander Traud) * ASTERISK-27717 - [patch] BuildSystem: In NetBSD, the Python Programming Language is python-2.7. (Reported by Alexander Traud) * ASTERISK-28798 - [patch] chan_sip: TCP/TLS client without server. (Reported by Alexander Traud) * ASTERISK-28817 - chan_pjsip: constant DTMF tone if RTP is not setup yet (Reported by Kevin Harwell) * ASTERISK-28816 - [patch] BuildSystem: Remove doc/tex and doc/pdf leftovers. (Reported by Alexander Traud) * ASTERISK-28818 - [patch] BuildSystem: Allow space in path. (Reported by Alexander Traud) * ASTERISK-28801 - [patch] stasis: Avoid always true warnings with clang. (Reported by Alexander Traud) * ASTERISK-28796 - func_channel: cannot read fields exten, context, userfield, channame from dialplan (Reported by S??bastien Duthil) * ASTERISK-28803 - [patch] chan_unistim: Avoid tautological warnings with clang. (Reported by Alexander Traud) * ASTERISK-28808 - [patch] test_stasis: Avoid always true warning with clang. (Reported by Alexander Traud) * ASTERISK-28056 - res_pjsip: Incorrect endpoint status after endpoint synchronization for a specific AOR (Reported by Jason Hord) * ASTERISK-28789 - test_utils: incorrectly printing error 'declined to load' (Reported by Alexander Traud) * ASTERISK-28788 - func_aes: incorrectly printing error 'declined to load' (Reported by Alexander Traud) * ASTERISK-16676 - DAHDIRAS fails to properly initiate pppd unless asterisk is running as root (Reported by Jaco Kroon) * ASTERISK-21205 - [patch] dundi_read_result crash due to negative number (Reported by Jaco Kroon) * ASTERISK-28743 - Asterisk is crashing if the 200 OK with SDP (Reported by sungtae kim) * ASTERISK-28774 - chan_pjsip's rtptimeout is erroneously triggered during direct-media (native_rtp) bridge (Reported by Michael Neuhauser) * ASTERISK-20325 - Comments in configs/func_odbc.conf.sample are not consistent with examples. Missing examples. (Reported by Olivier Krief) * ASTERISK-28780 - app_mixmonitor: Memory leak due to race condition between AMI MixMonitor and hangup (Reported by Joshua C. Colp) * ASTERISK-28773 - Incorrect Sender SSRC in RTCP when p2p rtp bridge is active (Reported by Torrey Searle) * ASTERISK-28759 - A non negotiated rtp frame causes call disconnection when there is a SSRC change (Reported by Paulo Vicentini) * ASTERISK-26711 - func_enum: ENUM code wrong case (Reported by Vitold) * ASTERISK-23407 - Fix the FSF address in the headers of lots of pjproject files (Reported by Jared Smith) * ASTERISK-28769 - DTLS Handshake Fails to Occur if ice_support is enabled but not used (Reported by Torrey Searle) * ASTERISK-19460 - [patch] Function TXTCIDNAME never actually makes DNS calls and always returns an empty string (Reported by George Joseph) New Features made in this release: ----------------------------------- * ASTERISK-6863 - [patch] allow Asterisk to set high ToS bits as non-root on Linux (Reported by Matt Addison) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.33.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.32.0. The release of Asterisk 13.32.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28766 - PJSIP blind transfer not completed after using Proceeding() (Reported by lvl) * ASTERISK-28685 - check_expr2: linking (when hardening) and cross-compiling troubles (Reported by Sebastian Kemper) * ASTERISK-28755 - SIP/Stasis: SIP headers not transmitted in the "variables" field (Reported by Jean Aunis - Prescom) * ASTERISK-28754 - ASTERISK-28738 Causes Audio Issue After Hold (Reported by Ross Beer) * ASTERISK-28716 - ICE: pjnath shouldn't wait for ICE to complete before allowing sending (Reported by Benjamin Keith Ford) * ASTERISK-28697 - res_pjsip: Named ACL does not update on reload if changed (Reported by Timothy Vanderaerden) * ASTERISK-28738 - Incorrect state machine used when MOH_PASSTHRU is used (Reported by Torrey Searle) * ASTERISK-28735 - Realtime MoH Unknown format '' -- defaulting to SLIN (Reported by Ross Beer) * ASTERISK-26955 - pjsip: SIP Packets with Via "received=" Containing IPv6 Address Delimited by "[]" Rejected (Reported by Peter Sokolov) * ASTERISK-28718 - chan_sip: Returns 403 if RTP ports are depleted, should return 503 (Reported by Walter Doekes) * ASTERISK-28719 - Cannot remove defaultrule from queue using realtime queues (Reported by EDV O-TON) * ASTERISK-28714 - REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults (Reported by Ross Beer) * ASTERISK-26082 - res_pjsip_messaging: MessageSend Content-Type can't be changed (Reported by Alex) * ASTERISK-28423 - ARI causes STASIS Deadlock (Reported by Ross Beer) * ASTERISK-28679 - stasis application is destroyed after its creation (Reported by Francois Blackburn) * ASTERISK-25421 - PJSIP. MESSAGE_SEND_STATUS set to SUCCESS in spite of the error when sending (Reported by Dmitriy Serov) * ASTERISK-28139 - RTP Stream Incorrect Payload Type Causes Asterisk To Drop Calls (Reported by Paul Brooks) * ASTERISK-28686 - chan_sip strictrtp=yes fails when media source is changed: no audio (Reported by Walter Doekes) Improvements made in this release: ----------------------------------- * ASTERISK-28750 - TLS/SSL Key too small error (Reported by Martin Zeh) * ASTERISK-24798 - Documentation - Clarify That Format Is Set By File Name Extension In MixMonitor (Reported by xrobau) * ASTERISK-28726 - install_prereq script uses the interactive mode when installing aptitude (Reported by Sylvain Afchain) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.32.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.31.0. The release of Asterisk 13.31.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-17491 - CURLOPT() needs a "followlocation" parameter / "maxredirs" doesn't do anything (Reported by candrews) * ASTERISK-28639 - res_pjsip_endpoint_identifier_ip: Add ability to match on source port (Reported by Sean Bright) Bugs fixed in this release: ----------------------------------- * ASTERISK-28679 - stasis application is destroyed after its creation (Reported by Francois Blackburn) * ASTERISK-28423 - ARI causes STASIS Deadlock (Reported by Ross Beer) * ASTERISK-28714 - REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults (Reported by Ross Beer) * ASTERISK-28677 - CDR billsec is always 0 for transferred calls (Reported by Maciej Michno) * ASTERISK-28706 - silk 24hHz doesn't show up in 'core show translation' output (Reported by Sean Bright) * ASTERISK-24484 - Update documentation for statsd module - usage requirements unclear (Reported by Dan Jenkins) * ASTERISK-28702 - chan_dahdi: holding a channel via flash to dialtone times out after 0:16:40 (Reported by Andrew Siplas) * ASTERISK-28695 - core: minmemfree watermark uses free RAM, not available RAM (Reported by Kevin Flyn) * ASTERISK-28693 - chan_sip: SIP MESSAGE beginning with a whitespace appears empty in the dialplan (Reported by Frank Matano) * ASTERISK-23739 - [patch]Segfault forwarding voicemail with ODBC storage enabled and realtime voicemail_data is used (Reported by Stas Kobzar) * ASTERISK-27622 - empty voicemail.conf required for ARA (realtime) voicemail to leave message (Reported by Jim Van Meggelen) * ASTERISK-28349 - Pause reason not reported in QueueMember AMI event (Reported by Niksa Baldun) * ASTERISK-21794 - CLI command 'realtime update2' syntax failure when using according to usage help (Reported by Cedric BASSAGET) * ASTERISK-25429 - res_pjsip_endpoint_identifier_ip: Document support for hostnames (Reported by Joshua C. Colp) * ASTERISK-27775 - res_pjsip_notify: Multiple Event headers can be present instead of just one (Reported by AvayaXAsterisk) * ASTERISK-28682 - app_record: Lack of `beep` audio file causes application to return error and hangup (Reported by Corey Farrell) * ASTERISK-28507 - Wiki docs missing for MessageWaiting (Reported by David M. Lee) * ASTERISK-27759 - res_pjsip_pubsub: Subscription persistence does not preserve XML version number (Reported by Bryan Nelson) * ASTERISK-28605 - chan_dahdi: Deadlock in Hangup Scenarios with concurrent command pri show span X (Reported by Dirk Wendland) * ASTERISK-28633 - stasis bridge topic leak (Reported by Joeran Vinzens) * ASTERISK-28492 - pjsip reload not reloading wizard endpoint/pickup_group endpoint/call_group (Reported by Jean-Denis Girard) * ASTERISK-27243 - contrib: valgrind.supp doesn't suppress what it's supposed to due to invalid syntax (Reported by Richard Kenner) * ASTERISK-28497 - func_odbc: truncating Unicode string on readsql (Reported by Boris P. Korzun) * ASTERISK-28647 - chan_sip: RTP frames not transmitted after emitting a COLP (Reported by Jean Aunis - Prescom) * ASTERISK-28667 - Asterisk ignores parsing of config files if a Byte order mark is present (Reported by Robin Leffmann) * ASTERISK-28664 - "trustrpid" is misspelled in sip_to_pjsip.py (Reported by Pascal Cadotte Michaud) * ASTERISK-28663 - jansson: Support old versions (Reported by Joshua C. Colp) * ASTERISK-28636 - app_chanisavail+cdr: ChanIsAvail sometimes fails to deactivate CDR. (Reported by Frederic LE FOLL) * ASTERISK-28604 - app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0 (Reported by George Joseph) * ASTERISK-28660 - res_fax: wrap Asterisk initiated negotiation with config option (Reported by Kevin Harwell) * ASTERISK-28628 - Debian 10.2: Warning when app_voicemail is compiling (Reported by Stanislav Abramenkov) * ASTERISK-28626 - Missing arguments in PJSIP_CONTACT function documentation (Reported by Pascal Cadotte Michaud) * ASTERISK-28651 - chan_sip logs errors on tx to non-existent TCP connections (Reported by Jaco Kroon) * ASTERISK-28502 - chan_pjsip incorrectly re-writes REGISTER 200 Response Contact (Reported by Ross Beer) Improvements made in this release: ----------------------------------- * ASTERISK-28710 - Should be able to disable the /httpstatus URI in the built-in HTTP server (Reported by Sean Bright) * ASTERISK-28638 - Simplify dialplan for Dial, Page, and ChanIsAvail (Reported by cmaj) * ASTERISK-28673 - GET FULL VARIABLE documentation clarification (Reported by Jonathan Harris) * ASTERISK-28658 - app_confbridge: Add support for setting maximum sample rate (Reported by Joshua C. Colp) ----- The Asterisk Development Team would like to announce the release of Asterisk 13.30.0. The release of Asterisk 13.30.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-28589 - chan_sip: Depending on configuration an INVITE can alter Addr of a peer (Reported by Andrey V. T.) * ASTERISK-28580 - Bypass SYSTEM write permission in manager action allows system commands execution (Reported by Eliel Sardaons) Improvements made in this release: ----------------------------------- * ASTERISK-28602 - res_pjsip_outbound_registration: Maximum retries reached (Reported by Daniel) * ASTERISK-28586 - Typo in README-SERIOUSLY.bestpractices.md (Reported by Sam Banks) * ASTERISK-22192 - [patch] Allow voicemail forwards with ODBC backend when format differs from attachfmt column (Reported by cmaj) * ASTERISK-28567 - Problem with ASTERISK-20207: Asterisk should clear out any .lock files in the voice mail directory on startup. (Reported by Michael) * ASTERISK-28542 - [patch] add the ability for asterisk to generate on-hold re-invites (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-28663 - jansson: Support old versions (Reported by Joshua C. Colp) * ASTERISK-28604 - app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0 (Reported by George Joseph) * ASTERISK-28641 - res_pjsip Segfaults when realtime configuration to an AOR points to a not existent AOR (Reported by Ross Beer) * ASTERISK-28644 - Stale comment in app_queue about ring_entry exception (Reported by Walter Doekes) * ASTERISK-28637 - chan_sip+native_bridge_rtp: directmedia compatibility check failure when negociated ptime is not default ptime. (Reported by Frederic LE FOLL) * ASTERISK-28445 - res_pjsip_session: ast_json_vpack: Invalid UTF-8 string on hangup when TEST_FRAMEWORK enabled (Reported by Bernhard Schmidt) * ASTERISK-28631 - res_parking: Doesn't park when parkee and parker are the same (Reported by Ross Beer) * ASTERISK-28612 - res_pjsip_t38: crash on reinvite with zero port and no c= line (Reported by Salah Ahmed) * ASTERISK-28621 - Enforce T.38 error correction mode at 200 ok received (Reported by Salah Ahmed) * ASTERISK-28615 - chan_dahdi: PRI span status may stay "Down, Active" after a short alarm (Reported by Frederic LE FOLL) * ASTERISK-28616 - parking: Deadlock when multi call parking (Reported by Joshua C. Colp) * ASTERISK-28423 - ARI causes STASIS Deadlock (Reported by Ross Beer) * ASTERISK-28608 - app_amd: Use time calculation to calculate timeout (Reported by Michael Cargile) * ASTERISK-28576 - res_rtp_asterisk: ICE Completion Crash when sent packet length doesn't match (Reported by Joshua Elson) * ASTERISK-28618 - bridge_softmix: hold not cleared when joining a softmix bridge (Reported by Kevin Harwell) * ASTERISK-26481 - FILE function grabs garbage along with read data when target line has no newline (Reported by Jonathan Harris) * ASTERISK-28572 - Memory leaks in res_calendar_exchange and res_calendar_icalendar (Reported by Yoooooo Ha) * ASTERISK-28585 - ari/resource_events: Crash in event session cleanup (Reported by Kevin Harwell) * ASTERISK-28590 - utils.c throws repeated warnings; "pthread_attr_setstacksize: Invalid argument" (Reported by Speed Dial Dave) * ASTERISK-28578 - race condition on pjsip channelstats command (Reported by Salah Ahmed) * ASTERISK-28571 - cdr_pgsql: accesses obsolete (and finally removed) column (Reported by Christoph Moench-Tegeder) * ASTERISK-28575 - MWI Send Notify Crash on 16.6 (Reported by Joshua Elson) * ASTERISK-28574 - pjproject fails to build on 16.6.0, works on 16.5 (Reported by Niklas Larsson) * ASTERISK-28561 - Asterisk Deadlocks (Reported by Aheliotech) * ASTERISK-28086 - chan_pjsip: Crash when initiating PlayDTMF over AMI (Reported by Jeremiah Gadd) * ASTERISK-28552 - res_pjsip_mwi: Frack during unload on unsolicited_mwi container (Reported by Kevin Harwell) * ASTERISK-28566 - CDR backend unload problem during active call(s) (Reported by Marian Piater) * ASTERISK-28544 - Wrong contact representation in ipv6 mode (Reported by Jrgen H) * ASTERISK-28534 - Segmentation fault when there is no priority for an extension (Reported by Timothy Vanderaerden) * ASTERISK-28463 - res_pjsip_path: Crash when invalid contact is configured (Reported by Juan Martin) * ASTERISK-28521 - pjsip: Memory Leak (Reported by Mark) * ASTERISK-28523 - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramire) * ASTERISK-28538 - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp) * ASTERISK-28536 - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi) * ASTERISK-23756 - setvar directive when used in template and a child of said template, results in duplicate variable names (Reported by Michael Goryainov) New Features made in this release: ----------------------------------- * ASTERISK-28614 - app_senddtmf: Allow "receiving" DTMF with PlayDTMF instead of only "sending" (Reported by lvl) * ASTERISK-28613 - func_curl: CURLOPT cannot set Content-Type header (Reported by Martin Tomec) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.30.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 16 and 17, and Certified Asterisk 13.21. The available releases are released as versions 13.29.2, 16.6.2, 17.0.1 and 13.21-cert5. The following security vulnerabilities were resolved in these versions: * AST-2019-006: SIP request can change address of a SIP peer. A SIP request can be sent to Asterisk that can change a SIP peers IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peers name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport. * AST-2019-007: AMI user could execute system commands. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. * AST-2019-008: Re-invite with T.38 and malformed SDP causes crash. If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a crash will occur. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.29.2 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2019-006.pdf https://downloads.asterisk.org/pub/security/AST-2019-007.pdf https://downloads.asterisk.org/pub/security/AST-2019-008.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.29.1. The release of Asterisk 13.29.1 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28574 - pjproject fails to build on 16.6.0, works on 16.5 (Reported by Niklas Larsson) * ASTERISK-28575 - MWI Send Notify Crash on 16.6 (Reported by Joshua Elson) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.29.1 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.29.0. The release of Asterisk 13.29.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28521 - pjsip: Memory Leak (Reported by Mark) * ASTERISK-28523 - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramire) * ASTERISK-28538 - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp) * ASTERISK-28536 - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi) * ASTERISK-28527 - ChanIsAvail() creates a CDR if unanswered=yes is set in cdr.conf (Reported by Frederic LE FOLL) * ASTERISK-28525 - chan_dahdi: set CHANNEL(hangupsource) when a PRI channel hangs up (Reported by Frederic LE FOLL) * ASTERISK-28511 - codec_resample: Bad sound quality when up sampling from SLIN16 to SLIN32 (Reported by Ruddy G) * ASTERISK-28499 - translate: Crash when frame does not have a "src" field set (Reported by Gregory Massel) * ASTERISK-25592 - chan_unistim: Clang Warning: variable sized type not at end of a struct (Reported by Alexander Traud) * ASTERISK-28488 - pjsip mwi: n+1 sip notify's sent on re-register (Reported by Chris Savinovich) * ASTERISK-28509 - PJSIP cnonce generated on Linux contains 36 characters, NEC only supports up to 32 characters (Reported by Dan Cropp) * ASTERISK-28505 - app_voicemail/IMAP: segfault in leave_voicemail because not checking mailstream (Reported by Alexei Gradinari) * ASTERISK-28487 - compile menuselect on gentoo (Reported by Kilburn) * ASTERISK-28472 - Asterisk occasionally passes a NULL as srtp->session to srtp_protect/unprotect causing SEGV (Reported by Jonas Swiatek) * ASTERISK-28498 - cel / cdr: Event times may be incorrect (Reported by Joshua C. Colp) * ASTERISK-28483 - packet lost on UDPTL wrap around (Reported by Torrey Searle) * ASTERISK-28480 - json integer overflow in ssrc and timestamp (Reported by Salah Ahmed) * ASTERISK-28228 - res_pjsip: pjsip show contacts prints double entries (Reported by Ian Jones) * ASTERISK-28477 - Crash when not specifying "dbfile" in res_config_sqlite3.conf (Reported by Dennis) * ASTERISK-28478 - Crash performing "core reload" with modified res_config_sqlite3.conf (Reported by Dennis) * ASTERISK-28282 - AST_SCHED_REPLACE_UNREF causes wait-on-self deadlocks (in chan_sip) (Reported by Walter Doekes) New Features made in this release: ----------------------------------- * ASTERISK-17808 - [patch] Unregister a realtime moh class (Reported by Byron Clark) * ASTERISK-28489 - Channel variable SIPFROMDOMAIN for chan_pjsip to setup From header URI domain (Reported by Stas Kobzar) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.29.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 15 and 16. The available releases are released as versions 13.28.1, 15.7.4 and 16.5.1. The following security vulnerabilities were resolved in these versions: * AST-2019-004: Crash when negotiating for T.38 with a declined stream When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk. * AST-2019-005: Remote Crash Vulnerability in audio transcoding When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.28.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2019-004.pdf https://downloads.asterisk.org/pub/security/AST-2019-005.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.28.0 The release of Asterisk 13.28.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-28447 - res_pjsip_messaging: In-dialog MESSAGE with no body causes crash (Reported by Gil Richard) * ASTERISK-28465 - Broken SDP can cause a segfault in a T.38 reINVITE (Reported by Francesco Castellano) Bugs fixed in this release: ----------------------------------- * ASTERISK-28457 - [patch] Fix crash in chan_dahdi on 32-bit systems caused by ASTERISK-28317 (Reported by abelbeck) * ASTERISK-26006 - Show offending IP for TLS setup failures in logs (Reported by Oleksandr Natalenko) * ASTERISK-28444 - chan_pjsip: Peer IP for SSL handshake errors not logged (Reported by Bernhard Schmidt) * ASTERISK-28460 - res_pjsip_sdp_rtp: Fix ICE candidate leak with specific usage (Reported by Joshua C. Colp) * ASTERISK-28018 - IP Fragmentation happening instead of DTLS fragmentation on handshake server hello certificate (Reported by vijay kumar) * ASTERISK-25371 - Crash in hangup at chan_pjsip.c:1749 when Asterisk attempts to generate hangup event (Reported by Abhay Gupta) * ASTERISK-28435 - cdr_pgsql: Unix socket doesn't work (Reported by Dmitry Svyatogorov) * ASTERISK-27981 - res_fax: Fax session leak with fax gatewaying (Reported by pasandev) * ASTERISK-28419 - app_amd: Does not work with silence suppression (Reported by Nasir Iqbal) * ASTERISK-28427 - new mwi.h include missing from some dahdi source files, causes build failure (Reported by Guido Falsi) * ASTERISK-27994 - PJSIP: Early media ringback not indicated after Progress() (Reported by Gregory Massel) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.28.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 15 and 16, and Certified Asterisk 13.21. The available releases are released as versions 13.27.1, 15.7.3, 16.4.1 and 13.21-cert4. The following security vulnerabilities were resolved in these versions: * AST-2019-002: Remote crash vulnerability with MESSAGE messages A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash. * AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.27.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2019-002.pdf https://downloads.asterisk.org/pub/security/AST-2019-003.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.27.0. The release of Asterisk 13.27.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-28375 - res_pjsip: New configuration setting to allow disabling norefersub (Reported by Dan Cropp) * ASTERISK-28320 - Added ARI resource /ari/channels/{channelid}/rtp_statistics (Reported by sungtae kim) Bugs fixed in this release: ----------------------------------- * ASTERISK-28427 - new mwi.h include missing from some dahdi source files, causes build failure (Reported by Guido Falsi) * ASTERISK-28412 - GCC 9 catches more string formatting issues (Reported by George Joseph) * ASTERISK-28392 - The no-partial-inlining flag isn't passed to the bundled pjproject or jansson builds (Reported by George Joseph) * ASTERISK-28402 - res_pjsip_registrar: SEGV in registrar_find_contact (Reported by Ross Beer) * ASTERISK-28143 - app_amd: Infinite loop on silent calls (Reported by Abhay Gupta) * ASTERISK-28353 - stasis: Crash at shutdown when statistics enabled (Reported by Joshua C. Colp) * ASTERISK-28374 - latest asterisk unconditionally launch gcc --version, even if the compiler is different (Reported by Guido Falsi) * ASTERISK-28391 - res_indications: Crash requesting autocomplete on indications cli command (Reported by Lucas Mendes) * ASTERISK-27935 - app_voicemail: emailbody per user can't contain commas (Reported by Sbastien Duthil) * ASTERISK-17695 - 1.8.3.2 extenpatternmatchnew=yes cannot find extensions with '-' in them (Reported by test011) * ASTERISK-17799 - AEL reload causes loss of control in a macro (Reported by Kirill Katsnelson) * ASTERISK-18593 - AEL for loops use Macro app and pipe delimiter (Reported by Luke-Jr) * ASTERISK-14939 - AEL parsers does not find existing label (Reported by klaus3000) * ASTERISK-20182 - Parsing a label beginning with a numeric character in all Goto/GotoIf/GotoIfTime application causes unexpected behavior (Reported by Janu) * ASTERISK-28348 - Failed to initialize OOH323 endpoint-OOH323 Disabled (Reported by Dmitry Shubin) * ASTERISK-28371 - chan_pjsip: DTMF Mode auto_info fallback lead to both inband and info (Reported by Salah Ahmed) * ASTERISK-28362 - strtok_r() makes gcc compile warning (Reported by sungtae kim) Improvements made in this release: ----------------------------------- * ASTERISK-28363 - Millisecond-resolution call stats including PDD in channel variables (Reported by Antoni Goldstein) * ASTERISK-20207 - Asterisk should clear out any .lock files in the voice mail directory on startup. (Reported by Steven Wheeler) * ASTERISK-28111 - build: CHANGES/UPGRADE are irritating to work with. (Reported by Corey Farrell) * ASTERISK-28343 - Added app_name, app_data to channel type (Reported by sungtae kim) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.27.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.26.0. The release of Asterisk 13.26.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-28267 - res_stasis: Add ability to switch applications (Reported by Benjamin Keith Ford) Bugs fixed in this release: ----------------------------------- * ASTERISK-20986 - QUEUE_MEMBER 's description is inaccurate (Reported by Olivier Krief) * ASTERISK-28350 - manager: Stasis backed up due to locking (Reported by Joshua C. Colp) * ASTERISK-25792 - chan_sip: qualifygap bounds checking (Reported by Paul Sandys) * ASTERISK-28341 - res_config_odbc eliminates empty custom (@@ prefix) variables (Reported by Alexei Gradinari) * ASTERISK-28333 - StasisEnd event makes wrong timestamp value (Reported by sungtae kim) * ASTERISK-28306 - res_pjsip_mwi: MWI NOTIFY occasionally takes minutes to be sent (Reported by Jared Hull) * ASTERISK-27964 - app_queue: ring_entry accesses nativeformats without channel lock or reference (Reported by Francisco Seratti) * ASTERISK-28314 - ARI: API changed but "apiVersion" in rest-api\resources.json did not (Reported by Stefan Repke) * ASTERISK-28335 - stasis: Make topic and maybe subscription names unique and more useful (Reported by Joshua C. Colp) * ASTERISK-28321 - res_rtp_asterisk: Fixing possible divide by zero for rtcp stat calculation (Reported by sungtae kim) * ASTERISK-28332 - Variable ALTCONF ignored when service is used in Debian (Reported by Cirillo Ferreira) * ASTERISK-28322 - chan_pjsip: Add option to allow ignoring of 183 without SDP (Reported by Torrey Searle) * ASTERISK-28328 - MeetMe global non-admin mute is muting admins that subsequently join (Reported by Philip Mott) * ASTERISK-28168 - app_queue: Adding a blank entry into sql queue_members crashes asterisk. (Reported by Michael) * ASTERISK-28323 - pjsip: sip.conf to pjsip.conf conversion script fails (Reported by Guido Weckwerth) * ASTERISK-28272 - The basic-pbx config samples don't produce a running asterisk (Reported by George Joseph) * ASTERISK-28312 - res_pjsip_diversion: Corrupted SIP Diversion field after handling a 302 redirect (Reported by Alex Odrov) * ASTERISK-24173 - File menuselect/menuselect_gtk.c has no license header (Reported by Jeremy Lain) * ASTERISK-28166 - app_voicemail: Asterisk unresponsive after changing voicemail password with ODBC (Reported by Michael) * ASTERISK-28309 - res_pjsip: Wrong Contact and Via fields with multiple UDP interfaces (Reported by Nikolay shakin) * ASTERISK-27992 - PJSIP: Adding `sends_registrations = yes` to pjsip_wizard.conf causes crash (Reported by Jonathan Harris) * ASTERISK-28213 - res_pjsip: Threads pile up needlessly when AOR is blocked (Reported by Ross Beer) * ASTERISK-28301 - Allow voicemail boxes to be subscribed to with a presence event package (Reported by George Joseph) * ASTERISK-28303 - res_rtp_asterisk: Interaction between smoother and DTMF can cause out of order timestamps (Reported by Torrey Searle) * ASTERISK-28302 - ARI: "Error destroying mutex" when listing all ARI applications (Reported by Stefan Repke) * ASTERISK-28300 - AST_PBX_MAX_STACK is too low for some applications (Reported by George Joseph) * ASTERISK-28106 - Astricon Feedback: Unable to filter ARI events when GETting causes overload of events (Reported by George Joseph) * ASTERISK-28284 - switching between native_bridge and simple_bridge can cause one way audio (Reported by Torrey Searle) * ASTERISK-28288 - Resources (udptl fd) leaking for T.38 calls (Reported by Paulo Vicentini) * ASTERISK-28251 - CI: Fix CI so it reverifies commit message changes (Reported by George Joseph) * ASTERISK-28277 - database: Add some basic logging (Reported by Joshua C. Colp) * ASTERISK-28181 - ari: Originating overwrites channel start time (Reported by sungtae kim) Improvements made in this release: ----------------------------------- * ASTERISK-28326 - ari: Added timestamp for some ari events. (Reported by sungtae kim) * ASTERISK-28317 - Add logical group at DAHDIChannel event and create "dahdi_group" at CHANNEL function (Reported by Cirillo Ferreira) * ASTERISK-28279 - Added creation timestamp for bridge (Reported by sungtae kim) * ASTERISK-28292 - Changed to show all channel stats including wrong media (Reported by sungtae kim) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.26.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.25.0. The release of Asterisk 13.25.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28288 - Resources (udptl fd) leaking for T.38 calls (Reported by Paulo Vicentini) * ASTERISK-28213 - res_pjsip: Threads pile up needlessly when AOR is blocked (Reported by Ross Beer) * ASTERISK-28271 - Opensuse Leap 15 --with-jannson-bundled will not compile (Reported by David Wilcox) * ASTERISK-28104 - AstriCon Feedback: Automatically create a 1 line dialplan context for stasis apps (Reported by George Joseph) * ASTERISK-28238 - PJSIP realtime. getcontext not working with DUNDI (Reported by Ray) * ASTERISK-28173 - Deadlock in chan_sip handling subscribe request during res_parking reload (Reported by Giuseppe Sucameli) * ASTERISK-28263 - codec_opus: errors setting max_playback_rate and bitrate to "sdp" (Reported by Gianluca Merlo) * ASTERISK-28250 - build: Cross-compilation fails for target arm-linux-gnueabihf (Reported by Jean Aunis - Prescom) * ASTERISK-28156 - Race condition involving session->media (res_pjsip_session) leads to crash. (Reported by Paulo Vicentini) * ASTERISK-28257 - res_http_websocket: PING / PONG opcodes break data reception (Reported by Jeremy Lain) * ASTERISK-28252 - HangupHandler manager events are never thrown (Reported by Gerald Schnabel) * ASTERISK-28231 - res_http_websocket: Not responding to Connection Close Frame (opcode 8) (Reported by Jeremy Lain) * ASTERISK-28249 - res_monitor: Segfault with Monitor(wav,file,i) (Reported by Valentin Vidi) * ASTERISK-28244 - stasis: Filter messages at publishing to AMI/ARI (Reported by Joshua C. Colp) * ASTERISK-28197 - stasis: ast_endpoint struct holds the channel_ids of channels past destruction in certain cases (Reported by Mohit Dhiman) * ASTERISK-28232 - core: RAII using clang use-after-scope issue (Reported by Diederik de Groot) * ASTERISK-28225 - app_voicemail: Channel variable VM_MESSAGEFILE not updated correctly if message marked "urgent" (Reported by boatright) * ASTERISK-28212 - stasis: Statistics broke ABI under developer mode (Reported by Joshua C. Colp) * ASTERISK-28222 - Regression: MWI polling no longer works (Reported by abelbeck) * ASTERISK-28221 - Bug in ast_coredumper (Reported by Andrew Nagy) * ASTERISK-28162 - [patch] need to reset DTMF last sequence number and timestamp on RTP renegotiation (Reported by Alexei Gradinari) * ASTERISK-28215 - app_voicemail: Leaving voicemail sometimes doesn't trigger NOTIFYs (Reported by George Joseph) * ASTERISK-27959 - [patch] Asterisk 15.4.1 h264 fmtp negotiation problem (Reported by David Kuehling) * ASTERISK-28117 - stasis: Add statistics for usage when in developer mode (Reported by Joshua C. Colp) * ASTERISK-28201 - [patch] confbridge: no announce to the marked users when they join an empty conference (Reported by Alexei Gradinari) * ASTERISK-28194 - chan_sip: Leak using contact ACL (Reported by Giuseppe Sucameli) * ASTERISK-28186 - stasis: Filter messages at publishing based on to_* presence (Reported by Joshua C. Colp) * ASTERISK-27095 - chan_pjsip: When connected_line_method is set to invite, we're not trying UPDATE (Reported by George Joseph) * ASTERISK-28182 - chan_pjsip: When connected_line_method is set to invite, asterisk is not trying UPDATE (Reported by nappsoft) Improvements made in this release: ----------------------------------- * ASTERISK-28246 - Support skipping on the g726 format (Reported by Eyal Hasson) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.25.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.24.1. The release of Asterisk 13.24.1 resolves an issue reported by the community and would have not been possible without your participation. Thank you! The following issue is resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-28222 - Regression: MWI polling no longer works (Reported by abelbeck) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.24.1 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.24.0. The release of Asterisk 13.24.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-28013 - res_http_websocket: Crash when reading HTTP Upgrade requests (Reported by Sean Bright) New Features made in this release: ----------------------------------- * ASTERISK-28087 - add flag to allow CALLERID(num) to be placed in Contact header in chan_pjsip (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-28125 - app_queue: Revert broken queue channel reference patch (Reported by lvl) * ASTERISK-28151 - app_voicemail: MWI fails with mailboxes=##@@device instead of mailboxes=##@@default (Reported by Ronald Raikes) * ASTERISK-28157 - Asterisk crashes when the res_pjsip_* modules unload (Reported by sungtae kim) * ASTERISK-28159 - SIGABRT caused by stack corruption in hashkeys_read when no matching keys present (Reported by Michael Walton) * ASTERISK-28140 - repeated segmentation faults (Reported by Eyal Hasson) * ASTERISK-28103 - stasis: Filter messages at publishing to reduce work done (Reported by Joshua C. Colp) * ASTERISK-28129 - Incorrect Behavior for rewrite_contact when Re-Invite omits routset (Reported by Torrey Searle) * ASTERISK-28158 - Some conditions prevent running of el_end, break the terminal. (Reported by Corey Farrell) * ASTERISK-28162 - [patch] need to reset DTMF last sequence number and timestamp on voice packet with marker bit (Reported by Alexei Gradinari) * ASTERISK-28110 - rtp: Incorrect Packetization (Reported by Robert Cripps) * ASTERISK-28146 - pbx_config: Only the first [globals] section is processed. (Reported by Corey Farrell) * ASTERISK-28150 - Formatting error in documentation (Reported by Scott Griepentrog) * ASTERISK-28081 - chan_sip: Asterisk 12+ chan_sip doesn't report AST_CEL_PICKUP in handle_invite_replaces (Reported by Luit van Drongelen) * ASTERISK-28137 - res_pjsip_notify: improve realtime performance on CLI completion on the endpoint (Reported by Alexei Gradinari) * ASTERISK-27980 - Caller ID cannot be changed on Attended Transfer before dialing out (Reported by Alexei Gradinari) * ASTERISK-28089 - function ast_sendtext() create RTP realtime packets with a trailing null byte in the payload (Reported by Emmanuel BUU) * ASTERISK-28076 - bridging: Asterisk crashes when receiving an empty realtime text frame (Reported by Emmanuel BUU) * ASTERISK-28084 - app_queue: QueueMemberStatus Event flooding AMI (Reported by Andrej) * ASTERISK-28077 - res_pjsip: improve realtime performance on CLI 'pjsip show contacts' (Reported by Alexei Gradinari) * ASTERISK-26094 - stasis: Playing MOH to bridge with ARI does not work (Reported by Cameron) * ASTERISK-27920 - app_queue: Queue member considered inuse after immediately hanging up during dialing. (Reported by Cao Minh Hiep) * ASTERISK-28070 - testsuite: Sniffer assumes pjmedia will use ports below 10000 (Reported by Joshua C. Colp) * ASTERISK-28065 - res_odbc: missing SQL error diagnostic (Reported by Alexei Gradinari) * ASTERISK-27121 - res_pjsip_mwi: Memory leak on reload (Reported by Sergej Kasumovic) * ASTERISK-28059 - PJSIP: Update bundled PJPROJECT to version 2.8 (Reported by Joshua C. Colp) * ASTERISK-28057 - chan_sip: SipNotify via AMI behaves differently to CLI (Reported by Peter Katzmann) * ASTERISK-28049 - res_pjproject build failure (Reported by Jaco Kroon) * ASTERISK-28029 - [patch] res_musiconhold : music on hold will not start if previous hold just reached end of file (Reported by Frederic LE FOLL) * ASTERISK-28032 - Realtime queuemembers are not updated during retry phase (Reported by lvl) * ASTERISK-27988 - alembic: PJSIP "mwi_subscribe_replaces_unsolicited" field is integer not boolean (Reported by Joshua C. Colp) * ASTERISK-28020 - res_pjsip_transport_websocket: Properly set 'received' for IPv6 (Reported by Sean Bright) Improvements made in this release: ----------------------------------- * ASTERISK-28144 - [patch] New function PJSIP_PARSE_URI to parse an URI and return a specified part of the URI (Reported by Alexei Gradinari) * ASTERISK-28136 - Allow the sip_to_pjsip script to be used in a pipe (Reported by Pascal Cadotte Michaud) * ASTERISK-28046 - Remove stale nonoptreq references (Reported by Walter Doekes) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.24.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.21. The available releases are released as versions 13.23.1, 14.7.8, 15.6.1 and 13.21-cert3. These releases are available for immediate download at The following security vulnerabilities were resolved in these versions: * AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack space and crash. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.23.1 The security advisory is available at: https://downloads.asterisk.org/pub/security/AST-2018-009.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.23.0. The release of Asterisk 13.23.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-27881 - PBX calls via chan_sip TCP trunk now get authentification error (Reported by Ian Gilmour) * ASTERISK-28022 - res_pjsip realtime: uri column in ps_contacts table can be too short (Reported by Florian Floimair) * ASTERISK-28011 - chan_sip: get_refer_info() attempted unlock mutex 'peer' without owning it! (Reported by Alec Davis) * ASTERISK-28002 - When T.140 realtime text is negociated, a lot of debug traces are generated (Reported by Emmanuel BUU) * ASTERISK-27973 - app_queue: QUEUESTATUS = CONTINUE instead LEAVEEMPTY (Reported by Valentin Safonov) * ASTERISK-28007 - rtcp-mux is put in SDP answer regardless of offer (Reported by Torrey Searle) * ASTERISK-27997 - pjproject_bundled: Fix for Solaris builds. Do not undef s_addr. (Reported by Alexander Traud) * ASTERISK-28001 - res_pjsip_registrar: Improve performance of inbound handling (Reported by Joshua Colp) * ASTERISK-27999 - Wrong SRTP use status report (Reported by Salah Ahmed) * ASTERISK-27966 - pjsip: Race condition in 183 re transmission can result in a deadlock (Reported by Torrey Searle) * ASTERISK-15331 - make menuselect fails due to undefined symbols (initscr32, w32addch) in menuselect_curses.o (Reported by Majdi Bsoul) * ASTERISK-14935 - [regression] menuselect compilation failure on Solaris 10 (Reported by Samuel Owens) * ASTERISK-12382 - menuselect compilation failure on Solaris 10 / gcc 3.4.3 (Reported by rleasure) * ASTERISK-9107 - menuselect compilation failure on Solaris 10/gcc-4.1.1 (Reported by Bob Atkins) * ASTERISK-27991 - BuildSystem: Enable Jansson in Solaris 11. (Reported by Alexander Traud) * ASTERISK-27548 - res_pjsip_endpoint_identifier_ip only matches against "generic string" headers (Reported by George Joseph) * ASTERISK-27990 - res_rtp_asterisk: Requires OpenSSL in Developer Mode. (Reported by Alexander Traud) * ASTERISK-27591 - Frack errors in stasis.c and memory leakage (Reported by Siruja Maharjan) * ASTERISK-27978 - res_pjsip: Change default transport keepalive to preserve behavior (Reported by Joshua Colp) * ASTERISK-27957 - PJSIP proposes ICE candidates on answer even if not in offer (Reported by Torrey Searle) * ASTERISK-27880 - [patch] pjproject_bundled: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-25548 - stasis: Improve message type "Use of before init/after destruction" error (Reported by Joshua Colp) * ASTERISK-27972 - res_sorcery_config: Allow object name based matching (Reported by Joshua Colp) * ASTERISK-27967 - srtp: rejecting short sdes lifetimes incompatible with obihai ATAs (Reported by Nick French) * ASTERISK-27961 - res_pjsip: Spurious ERROR logging when printing headers in sip_msg (Reported by Nick French) * ASTERISK-27563 - pjsip modules always get -O2 even when DONT_OPTIMIZE is set (Reported by George Joseph) * ASTERISK-27347 - [patch] pjproject_bundled: Disable TCP/TLS keep-alives. (Reported by Alexander Traud) * ASTERISK-27938 - [patch] Compile fails with `IPTOS_MINCOST' undeclared. (Reported by Alexander Traud) * ASTERISK-27956 - res_pjsip_pubsub: segfault in function publish_expire (Reported by Alexei Gradinari) * ASTERISK-27949 - res_pjsip_rfc3326: A lot of endpoints do not correctly handle two Reason headers (Reported by Ross Beer) * ASTERISK-27763 - res_pjsip_session: Initial INVITE with audio+fax results in 488 instead of declining stream (Reported by Thiago Coutinho) * ASTERISK-27657 - res_pjsip_t38: ATA fails with hangupcause 58(Bearer capability not available) (Reported by Jared Hull) * ASTERISK-27080 - res_pjsip_t38: Slow T.38 re-invite rejection if remote leg has T.38 disabled (Reported by Torrey Searle) * ASTERISK-26686 - res_pjsip: Lock inversion in transport management (Reported by Ross Beer) * ASTERISK-27944 - res_pjsip_t38: Crash receiving 1xx responses other than 100 before 200 for T.38 reINVITE (Reported by Joshua Elson) Improvements made in this release: ----------------------------------- * ASTERISK-28006 - PJSIP: Missing "party=calling"/"party=called" in Remote-Party-ID (Reported by Eric Dantie) * ASTERISK-27995 - pjproject_bundled: Find shared libraries in root --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27993 - pjsip_wizard example gives wrong info about unsupported SRV records (Reported by Jonathan Harris) * ASTERISK-27970 - res_rtp_asterisk: T.140 packets containing backspace or end of line are merged with regular text and it causes some UA to break (Reported by Emmanuel BUU) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.23.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.22.0. The release of Asterisk 13.22.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-27818 - Username bruteforce is possible when using ACL with PJSIP (Reported by John) Bugs fixed in this release: ----------------------------------- * ASTERISK-27783 - res_pjsip_pubsub: apparent crash on shutdown (Reported by Kevin Harwell) * ASTERISK-27870 - app_confbridge: Conference bridge and announcer channels are not removed if conference is ended as soon as it starts (Reported by Robert Mordec) * ASTERISK-27909 - cdr: Deadlock with submit_scheduled_batch and submit_unscheduled_batch (Reported by Denis Lebedev) * ASTERISK-26987 - pbx_dundi: Asterisk crashes when unloading module pbx_dundi.so with dundi peers (Reported by Kirsty Tyerman) * ASTERISK-27943 - AMI: Action SendText needs to use the correct thread. (Reported by Richard Mudgett) * ASTERISK-27942 - res_pjsip_messaging doesn't accept application/* content-types. (Reported by George Joseph) * ASTERISK-27936 - res_pjsip_session doesn't update media when a 200 comes in with a different port than a 183 (Reported by George Joseph) * ASTERISK-27933 - [patch] uuid: Enable UUID in Solaris 11. (Reported by Alexander Traud) * ASTERISK-27625 - channels: CHECK_BLOCKING is ineffective (Reported by Corey Farrell) * ASTERISK-27931 - [patch] BuildSystem: Enable ./configure in Solaris 11. (Reported by Alexander Traud) * ASTERISK-27926 - [patch] bootstrap.sh: find -maxdepth is not POSIX compatible. (Reported by Alexander Traud) * ASTERISK-27903 - menuselect: GCC 8: restrict-qualified parameter passed and aliased. (Reported by Alexander Traud) * ASTERISK-27914 - [patch] tests/test_utils: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27705 - chan_iax2: Stops listening for traffic (Reported by Kirsty Tyerman) * ASTERISK-27908 - [patch] crypto.h: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27905 - [patch] res_srtp: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27888 - SQL fetch error on query which return 0 columns (Reported by Alexei Gradinari) * ASTERISK-27902 - chan_pjsip isn't updating hangupcause on 4XX responses (Reported by George Joseph) * ASTERISK-27901 - [patch] ooh323c: GCC 8: output truncated before terminating nul. (Reported by Alexander Traud) * ASTERISK-27094 - res_fax: Deadlock when using Local channels and fax gateway (Reported by David Brillert) * ASTERISK-25261 - Manager events for MeetMe have incorrectly documented key name 'Usernum' - should be 'User' (Reported by Francois Blackburn) * ASTERISK-27878 - [patch] tcptls.h: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27872 - res_pjsip: Modified qualify_frequency doesn't effect until pjsip reload (Reported by Alexei Gradinari) * ASTERISK-27876 - [patch] tcptls: Allow OpenSSL configured with no-dh. (Reported by Alexander Traud) * ASTERISK-27874 - [patch] tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated. (Reported by Alexander Traud) * ASTERISK-27845 - Codec-Change Re-INVITE during DTMF can cause marker bit error (Reported by Torrey Searle) * ASTERISK-27863 - config/ast_destroy_realtime_fields: successful DELETE is treated as failed (Reported by Alexei Gradinari) * ASTERISK-27865 - [patch]: tcptls: Repair ./configure --with-ssl=PATH. (Reported by Alexander Traud) * ASTERISK-27853 - Incorrect error reported when leaving/retrieving a ODBC voicemail (Reported by Nic Colledge) * ASTERISK-27726 - chan_mobile: presents incorrect inbound Caller-ID names (Reported by Brian) * ASTERISK-27861 - [patch] res_pjsip_endpoint_identifier_ip: Unregister the module for headers. (Reported by Alexander Traud) * ASTERISK-27860 - [patch] res_pjsip: Register pjsip_transport_management not externally but internally. (Reported by Alexander Traud) * ASTERISK-27760 - Asterisk ODBC Voicemail Prompt storage fails with recent MariaDB version. (Reported by Nic Colledge) * ASTERISK-27852 - cli: "manager show settings" mislabels HTTP timeout as being minutes. (Reported by Corey Farrell) * ASTERISK-27824 - Fix issues exposed by GCC 8 (Reported by George Joseph) * ASTERISK-27811 - [patch] sip_to_pjsip: Enable python3 compatibility. (Reported by Alexander Traud) * ASTERISK-27841 - digest over for manager (ami) over http fails on too long uris (Reported by Jaco Kroon) * ASTERISK-26570 - Macro allows an infinite loop of dialplan inclusion resulting in a crash (Reported by Tzafrir Cohen) * ASTERISK-27801 - Asterisk got stuck while enabling "ari set debug all on" (Reported by shaurya jain) * ASTERISK-26806 - pjsip_options: rework to make more efficient (Reported by Kevin Harwell) * ASTERISK-27814 - translate: interpolated frames are not passed through (Reported by Kevin Harwell) * ASTERISK-27812 - When the ooh323 debug is on there is no ringing signal to incoming calls via H323 trunk. (Reported by Dimos) * ASTERISK-26893 - No "alert" or "progress" in chan_ooh323 if debug is enabled only on the module (Reported by Marco Giordani) * ASTERISK-27639 - [patch] BuildSystem: Enable IMAP storage on FreeBSD and DragonFly BSD. (Reported by Alexander Traud) * ASTERISK-27808 - [patch] chan_vpb: Avoid GNU old-style field designator extension. (Reported by Alexander Traud) Improvements made in this release: ----------------------------------- * ASTERISK-27929 - [patch] BuildSystem: Enable autotools in Solaris 11. (Reported by Alexander Traud) * ASTERISK-27752 - Ten seconds of silence after mp3 playback (Reported by Sam Wierema) * ASTERISK-27910 - [patch] res_rtp_asterisk: Allow OpenSSL configured with no-deprecated. (Reported by Alexander Traud) * ASTERISK-27906 - [patch] res_crypto: Allow OpenSSL configured with no-deprecated. (Reported by Alexander Traud) * ASTERISK-27877 - app_confbridge: Add talking indicator for ConfBridgeList AMI response (Reported by William McCall) * ASTERISK-27873 - documentation: Error on wiki description of Asterisk 13 "MeetmeMute" event (Reported by Alessandro Polidori) * ASTERISK-27846 - ast_coredumper: Fix OUTPUT directory (Reported by Ted G) * ASTERISK-27867 - [patch] libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated. (Reported by Alexander Traud) * ASTERISK-27796 - res_hep: Allow create_address to resolve a provided hostname (Reported by Sebastian Gutierrez) * ASTERISK-27820 - [patch] Add DragonFly BSD. (Reported by Alexander Traud) * ASTERISK-27793 - cppcheck identifies redundant "if" (Reported by Ilya Shipitsin) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.22.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 15, 13 and 14, and Certified Asterisk 13.18 and 13.21. The available releases are released as versions 15.4.1, 13.21.1, 14.7.7, 13.18-cert4 and 13.21-cert2. The following security vulnerabilities were resolved in these versions: * AST-2018-007: Infinite loop when reading iostreams When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or sends a specially crafted message then Asterisk gets caught in an infinite loop while trying to read the data stream. Thus rendering the system as unusable. * AST-2018-008: PJSIP endpoint presence disclosure when using ACL When endpoint specific ACL rules block a SIP request they respond with a 403 forbidden. However, if an endpoint is not identified then a 401 unauthorized response is sent. This vulnerability just discloses which requests hit a defined endpoint. The ACL rules cannot be bypassed to gain access to the disclosed endpoints. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.4.1 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2018-007.pdf https://downloads.asterisk.org/pub/security/AST-2018-008.pdf ----- The Asterisk Development Team would like to announce the release of Asterisk 13.21.0. The release of Asterisk 13.21.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-27704 - Add cache_pools debug option to pjproject.conf (Reported by Richard Mudgett) Bugs fixed in this release: ----------------------------------- * ASTERISK-27809 - [patch] utils/pval: Add -lBlocksRuntime for compiler clang conditionally. (Reported by Alexander Traud) * ASTERISK-27774 - res_musiconhold: Music on hold restarts after every announcement (Reported by lvl) * ASTERISK-27782 - cdr_mysql: Missing MYSQL_PORT definition (Reported by Evandro César Arruda) * ASTERISK-27614 - res_pjsip_session: SDP origin does not use resolved address (Reported by John M.) * ASTERISK-27740 - chan_sip: New Channel creation from new SIP dialog with Replaces failed to be properly tracked and destroyed (Reported by Shannon Price) * ASTERISK-27706 - PJSIP: Deadlock shutting down subscription TCP connection and sending subscription message. (Reported by Ross Beer) * ASTERISK-27435 - [patch] configure: pjsip_evsub_set_uas_timeout not found. (Reported by Alexander Traud) * ASTERISK-27761 - [patch] BuildSystem: With external editline, do not require libs for internal editline. (Reported by Alexander Traud) * ASTERISK-27755 - ConfBridge: raise ConfbridgeTalking when put on hold and clear talking status (Reported by Kevin Harwell) * ASTERISK-27688 - res_pjsip: Crash on TCP PJSIP Transport Disconnect (Reported by Ross Beer) * ASTERISK-27743 - Generic PLC doesn't work if the 2 codecs on a channel are equal (Reported by George Joseph) * ASTERISK-27745 - [patch] BuildSystem: Remove unused dependency on libltdl. (Reported by Alexander Traud) * ASTERISK-12841 - [patch] Make format_ogg_vorbis work on OpenBSD (Reported by Michiel van Baak) * ASTERISK-27720 - [patch] BuildSystem: Enable Advanced Linux Sound Architecture (ALSA) in NetBSD. (Reported by Alexander Traud) * ASTERISK-27741 - res_pjsip_rfc3326.c rfc3326_use_reason_header doesn't account for more than one 'Reason' header (Reported by Ross Beer) * ASTERISK-27734 - [patch] BuildSystem: Enable IMAP storage on openSUSE and Arch Linux. (Reported by Alexander Traud) * ASTERISK-27733 - [patch] res_srtp: Add support for libsrtp2.x on openSUSE. (Reported by Alexander Traud) * ASTERISK-11015 - NetBSD Build Needs RPATH set in 1.2.25 (Reported by Curt Sampson) * ASTERISK-27641 - BuildSystem: Enable Better Backtraces in FreeBSD. (Reported by Alexander Traud) * ASTERISK-25586 - uuid_generate_random detection failure (Reported by John Nemeth) * ASTERISK-27721 - [patch] BuildSystem: Enable PortAudio in NetBSD. (Reported by Alexander Traud) * ASTERISK-27715 - [patch] BuildSystem: AC_PATH_PROG sets to colon character when not found. (Reported by Alexander Traud) * ASTERISK-27703 - AMI Action VoicemailUsersList returns 0 MessageCount (Reported by Sébastien Duthil) * ASTERISK-27674 - chan_sip: RTP framing issues on outgoing calls (Reported by Jean Aunis - Prescom) * ASTERISK-27554 - res_pjsip_rfc3326: Order of 'Reason' headers break many endpoints (Reported by Ross Beer) * ASTERISK-27718 - [patch] BuildSystem: Enable Lua in NetBSD. (Reported by Alexander Traud) * ASTERISK-27722 - [patch] BuildSystem: Depend not implicitly but explicitly on external libraries. (Reported by Alexander Traud) * ASTERISK-27719 - [patch] res_http_post: Enable GMime in NetBSD. (Reported by Alexander Traud) * ASTERISK-27716 - [patch] BuildSystem: Enable autotools in NetBSD. (Reported by Alexander Traud) * ASTERISK-27714 - [patch] chan_unistim: NetBSD has an incompatible struct in_pktinfo. (Reported by Alexander Traud) * ASTERISK-27713 - [patch] BuildSystem: Cast any intptr_t explicitly to its proposed type. (Reported by Alexander Traud) * ASTERISK-27712 - [patch] BuildSystem: Detect whether uselocale(.) is available. (Reported by Alexander Traud) * ASTERISK-27711 - [patch] BuildSystem: Avoid re-defining of pthread_* on NetBSD. (Reported by Alexander Traud) * ASTERISK-27710 - [patch] BuildSystem: Install init scripts on openSUSE Tumbleweed. (Reported by Alexander Traud) * ASTERISK-27709 - [patch] BuildSystem: Avoid == for comparison in ./configure. (Reported by Alexander Traud) * ASTERISK-27610 - app_amd.so returning TOOLONG before reaching the timeout (Reported by Michael Cargile) * ASTERISK-26688 - Documentation: voicemail.conf.sample shows 512 limit for emailbody field, however this is only true if compiled with LOW_MEMORY option (Reported by Fran Vicente) * ASTERISK-27568 - PJSIP: Crash during SIP attended transfer. (Reported by Bryan Walters) * ASTERISK-27686 - [patch] install_prereq: Update FreeBSD libraries. (Reported by Alexander Traud) * ASTERISK-24488 - Wrong remote identity and target in dialog package XML in NOTIFY (Reported by Alejandro Padilla) * ASTERISK-27646 - ICE fails with no candidate nominated (Reported by Thomas Guebels) * ASTERISK-27457 - chan_sip: Guests disallowed via TCP (or TLS) if existing peer from same IP. (Reported by Alexander Traud) Improvements made in this release: ----------------------------------- * ASTERISK-27697 - Enable in-dialog NOTIFY on chan_pjsip channels (Reported by Nathan Bruning) * ASTERISK-26540 - cdr_radius: use radcli instead of freeradius-client (Reported by Tzafrir Cohen) * ASTERISK-27770 - [patch] install_prereq: Add Slackware (somehow). (Reported by Alexander Traud) * ASTERISK-27769 - [patch] install_prereq: Add Gentoo Linux. (Reported by Alexander Traud) * ASTERISK-27738 - [patch] install_prereq: Add Arch Linux. (Reported by Alexander Traud) * ASTERISK-27736 - [patch] install_prereq: Add SUSE. (Reported by Alexander Traud) * ASTERISK-26976 - libsrtp-2.x.x support (Reported by Alex) * ASTERISK-27728 - [patch] BuildSystem: Add NetBSD. (Reported by Alexander Traud) * ASTERISK-27730 - PJSIP: Update bundled PJPROJECT to version 2.7.2 (Reported by Richard Mudgett) * ASTERISK-27729 - [patch] install_prereq: Add NetBSD. (Reported by Alexander Traud) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.21.0 ----- The release of Asterisk 13.20.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Security bugs fixed in this release: ----------------------------------- * ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute (Reported by Sandro Gauci) * ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description (Reported by Sandro Gauci) * ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport (Reported by Sandro Gauci) * ASTERISK-27640 - SUBSCRIBE message with a large Accept value causes stack corruption (Reported by Sandro Gauci) New Features made in this release: ----------------------------------- * ASTERISK-27117 - core: Add support for timelen parsing to ast_parse_arg and ACO. (Reported by Corey Farrell) Bugs fixed in this release: ----------------------------------- * ASTERISK-27703 - AMI Action VoicemailUsersList returns 0 MessageCount (Reported by Sébastien Duthil) * ASTERISK-24386 - Asterisk "doc/lang/language-criteria.txt" needs update or removal. (Reported by Rusty Newton) * ASTERISK-27689 - [patch] rtp_engine: Load format name / mime type in uppercase again. (Reported by Alexander Traud) * ASTERISK-27679 - res_pjsip: Endpoint destruction does not free DTLS configuration (Reported by Mak Dee) * ASTERISK-27684 - [patch] install_prereq: Update OpenBSD libraries. (Reported by Alexander Traud) * ASTERISK-27681 - [patch] BuildSystem: Enable IMAP storage on OpenBSD. (Reported by Alexander Traud) * ASTERISK-27680 - [patch] res_calendar: Specialized calendars depend on symbols of general calendar. (Reported by Alexander Traud) * ASTERISK-27677 - [patch] BuildSystem: Enable system provided libedit on OpenBSD. (Reported by Alexander Traud) * ASTERISK-27670 - [patch] BuildSystem: Remove chan_h323 leftovers. (Reported by Alexander Traud) * ASTERISK-27595 - [patch] BuildSystem: Invoke ldconfig with previous paths. (Reported by Alexander Traud) * ASTERISK-27631 - [patch] BuildSystem: Do not warn when bash is not installed. (Reported by Alexander Traud) * ASTERISK-27666 - chan_sip: Crash processing CANCEL request (Reported by Leandro Dardini) * ASTERISK-27584 - Internal pjproject build doesn't disable bcg729 (Reported by Stuart Henderson) * ASTERISK-27669 - [patch] codecs: Add support for WebRTC iLBC 2.0. (Reported by Alexander Traud) * ASTERISK-27642 - [patch] backtrace: Avoid -Wlogical-not-parentheses. (Reported by Alexander Traud) * ASTERISK-27555 - [patch] install_prereq: Update Debian/Ubuntu libraries. (Reported by Alexander Traud) * ASTERISK-27656 - CDR: Leaking channel snapshots allocated by stasis_channel.c (Reported by Kristijan Vrban) * ASTERISK-27426 - chan_console: cannot read and write at the same time with alsa backend (Reported by Tzafrir Cohen) * ASTERISK-27621 - (null) string tailing after AsyncAGIEnd AMI event (Reported by sungtae kim) * ASTERISK-27652 - Null pointer Crash in PJSIP MWI (Reported by Joshua Elson) * ASTERISK-27612 - Subscriptions Persist After Expiration and TCP/TLS Disconnect (Reported by Ross Beer) * ASTERISK-27571 - res_pjsip: If SIP response is received during shutdown a crash may occur (Reported by Joshua Colp) * ASTERISK-27637 - [patch] BuildSystem: Enable autotools in FreeBSD. (Reported by Alexander Traud) * ASTERISK-27635 - [patch] app_voicemail: Avoid always true warnings with clang. (Reported by Alexander Traud) * ASTERISK-27599 - [patch] install_prereq: Update RHEL/CentOS/Fedora libraries. (Reported by Alexander Traud) * ASTERISK-26563 - core: macOS devmode build fails: variable 'freeswap' set but not used (Reported by David M. Lee) * ASTERISK-27630 - [patch] editline: Avoid shifting a negative signed value. (Reported by Alexander Traud) * ASTERISK-16172 - Problems with siren14 codec; problems with siren7 sound files. (Reported by Steve Murphy) * ASTERISK-16951 - [patch] configure.ac in 1.4.37 broken with autoconf 2.60 (Reported by Stéphan Kochen) * ASTERISK-27603 - [patch] install_prereq: Download latest Jansson. (Reported by Alexander Traud) * ASTERISK-27607 - [patch] res_config_mysql: Avoid the header mysql_version.h. (Reported by Alexander Traud) * ASTERISK-24598 - When running ./contrib/scripts/install_prereq install-unpackaged pjproject is installed in wrong place (Reported by PowerPBX) * ASTERISK-27602 - [patch] BuildSystem: AC_CONFIG_AUX_DIR needs a directory. (Reported by Alexander Traud) * ASTERISK-27600 - [patch] BuildSystem: Allow make clean all again. (Reported by Alexander Traud) * ASTERISK-27598 - [patch] install_prereq: Support package manager DNF. (Reported by Alexander Traud) * ASTERISK-26596 - Placing call on hold temporarily locks up set (Reported by Igor Goncharovsky) * ASTERISK-27596 - [patch] BuildSystem: Use the detected name for MD5 everywhere. (Reported by Alexander Traud) * ASTERISK-27594 - [patch] BuildSystem: Invoke install not in GNU but POSIX style. (Reported by Alexander Traud) * ASTERISK-27593 - [patch] BuildSystem: In OpenBSD, xmlstarlet is xml. (Reported by Alexander Traud) * ASTERISK-27592 - [patch] BuildSystem: Detect external library Lua in version 5.3. (Reported by Alexander Traud) * ASTERISK-26832 - res_pjsip: Segfault when calling pjsip_hdr_print_on in sip_msg.c:581 (Reported by Ross Beer) * ASTERISK-27589 - [patch] BuildSystem: Avoid $EUID and use id -u instead. (Reported by Alexander Traud) * ASTERISK-27575 - menuselect : remove obsolete TRACE_FRAMES compiler flag (Reported by Jean Aunis - Prescom) * ASTERISK-27576 - [patch] res_config_pgsql: Avoid typecasting an int to unsigned char. (Reported by Alexander Traud) * ASTERISK-27560 - [patch] clang 5 does not know -Wno-format-truncation (Reported by Alexander Traud) * ASTERISK-27578 - [patch] app_osplookup.c: Avoid a format truncation. (Reported by Alexander Traud) * ASTERISK-27577 - [patch] chan_ooh323: Avoid typecasting an int to unsigned short. (Reported by Alexander Traud) * ASTERISK-27491 - res_pjsip_endpoint_identifier_ip only matches against header if match by ip fails (Reported by George Joseph) * ASTERISK-27549 - [patch] translate: Avoid absolute value on unsigned substraction. (Reported by Alexander Traud) * ASTERISK-27553 - [patch] res_curl: Avoid error message on unload. (Reported by Alexander Traud) * ASTERISK-27557 - [patch] clang 5.0: implicit conversion to char changes value to negative. (Reported by Alexander Traud) * ASTERISK-27559 - [patch] editline: Avoid comparison between pointer and zero character constant. (Reported by Alexander Traud) * ASTERISK-27558 - [patch] codec_gsm: Avoid shifting a negative signed value. (Reported by Alexander Traud) * ASTERISK-25329 - Asterisk configure fails on 'cannot find ptlib-config', despite ptlib-config existing (Reported by Rusty Newton) * ASTERISK-27552 - [patch] chan_ooh323: Limit outgoinglimit to positive values as intended. (Reported by Alexander Traud) * ASTERISK-27551 - [patch] ooh323cDriver: Fix typo in header guard. (Reported by Alexander Traud) * ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf. (Reported by Alexander Traud) * ASTERISK-27539 - 'cdr submit' fails: batch mode not enabled. (Reported by Tzafrir Cohen) * ASTERISK-27498 - ICE candidate parser - ICE foundation parsing too short (Reported by Michele Pr ) * ASTERISK-27366 - Asterisk Turkish Language Set Problem (Reported by Halil İbrahim YILDIZ) * ASTERISK-23133 - Documentation fix - MASTER_CHANNEL Unexpected Behaviour (Reported by Shane Mitchell) * ASTERISK-27531 - Compiler optimizations can break module load sequence. (Reported by abelbeck) * ASTERISK-27480 - Security: Authenticated SUBSCRIBE without Contact crashes asterisk (Reported by Ross Beer) * ASTERISK-24198 - Typo's (Reported by Walter Doekes) * ASTERISK-27229 - bridge: Old channel video source not set to NULL after unref (Reported by Richard Kenner) Improvements made in this release: ----------------------------------- * ASTERISK-27683 - [patch] BuildSystem: Allow newer autotools on OpenBSD. (Reported by Alexander Traud) * ASTERISK-27651 - app_confbridge: Add Muted to ConfbridgeJoin and channel snapshot headers to ConfbridgeList AMI events (Reported by Richard Mudgett) * ASTERISK-27647 - app_confbridge/bridge_softmix: When channel muted report talking stopped if was talking. (Reported by Richard Mudgett) * ASTERISK-27084 - Reduce verbosity while loading PBX extensions. (Reported by Ludovic Gasc (Eyepea)) * ASTERISK-24372 - [patch] Add config option to play a prompt to the "winner" in app_followme (Reported by Graham Mainwaring) * ASTERISK-27461 - 3PCC patch for AMI "SIPnotify" (Reported by Yasuhiko Kamata) * ASTERISK-27348 - [patch]contrib/scripts: add a way to migrate from chan_sip to chan_pjsip realtime (Reported by Torrey Searle) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.20.0 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are released as versions 13.19.2, 14.7.6, 15.2.2 and 13.18-cert3. The following security vulnerabilities were resolved in these versions: * AST-2018-001: Crash when receiving unnegotiated dynamic payload The RTP support in Asterisk maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may result in a codec using a different payload number these desired ones are still stored internally. When an RTP packet was received this registry would be consulted if the payload number was not found in the negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If the payload number resulted in a codec of a different type than the RTP stream (for example the payload number resulted in a video codec but the stream carried audio) a crash could occur if no stream of that type had been negotiated. This was due to the code incorrectly assuming that a stream of the type would always exist. * AST-2018-002: Crash when given an invalid SDP media format description By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. * AST-2018-003: Crash with an invalid SDP fmtp attribute By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). * AST-2018-004: Crash when receiving SUBSCRIBE request When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash. * AST-2018-005: Crash when large numbers of TCP connections are closed suddenly A crash occurs when a number of authenticated INVITE messages are sent over TCP or TLS and then the connection is suddenly closed. This issue leads to a segmentation fault. * AST-2018-006: WebSocket frames with 0 sized payload causes DoS When reading a websocket, the length was not being checked. If a payload of length 0 was read, it would result in a busy loop that waited for the underlying connection to close. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.19.2 The security advisories are available at: https://downloads.asterisk.org/pub/security/AST-2018-001.pdf https://downloads.asterisk.org/pub/security/AST-2018-002.pdf https://downloads.asterisk.org/pub/security/AST-2018-003.pdf https://downloads.asterisk.org/pub/security/AST-2018-004.pdf https://downloads.asterisk.org/pub/security/AST-2018-005.pdf https://downloads.asterisk.org/pub/security/AST-2018-006.pdf ----- The release of Asterisk 13.19.1 resolves an issue reported by the community and would have not been possible without your participation. Thank you! The following issue is resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-27656 - CDR: Leaking channel snapshots allocated by stasis_channel.c (Reported by Kristijan Vrban) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.19.1 @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.5 2018/01/23 08:26:08 jnemeth Exp $ @ 1.5 log @update to Asterisk 13.19.0 -- this contains both security fixes and general bug fixes, fixes AST-2017-005, AST-2017-006, AST-2017-007, AST-2017-008, AST-2017-009, AST-2017-10, AST-2017-11, AST-2017-12, AST-2017-13, and AST-2017-14 (note that a number of these only pertain to PJSIP which isn't used in pkgsrc) ----- 13.19.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.19.0. The release of Asterisk 13.19.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-27478 - PJSIP: Add CHANNEL(pjsip,request_uri) to get incoming INVITE Request-URI. (Reported by Richard Mudgett) * ASTERISK-27413 - Add cache_media_frames debugging option. (Reported by Richard Mudgett) * ASTERISK-27206 - res_pjsip: No mechanism exists to limit endpoint identification to IP only (Reported by Ben Merrills) Bugs fixed in this release: ----------------------------------- * ASTERISK-27531 - Compiler optimizations can break module load sequence. (Reported by abelbeck) * ASTERISK-27480 - Security: Authenticated SUBSCRIBE without Contact crashes asterisk (Reported by Ross Beer) * ASTERISK-27299 - Asterisk Hangs with Bad file descriptor on read() (Reported by Abhay Gupta) * ASTERISK-25079 - AMI bridge of channels results in MOH not destroyed and robotic audio on one channel (Reported by Zane Conkle) * ASTERISK-27490 - chan_console: 'set active' fails to work (Reported by Tzafrir Cohen) * ASTERISK-24756 - ConfBridge sound_muted does not work from CLI or AMI (Reported by Thomas Frederiksen) * ASTERISK-25649 - Transfer application does not work with Local channels - documentation misleading (Reported by Ivan Ullmann) * ASTERISK-25869 - chan_sip: "rejected because extension not found" should be logged as a security event (Reported by Brian J. Murrell) * ASTERISK-27440 - Strictrtp has issues to qualify video rtp streams (Reported by Wim De Vlaminck) * ASTERISK-24329 - Music On Hold announcement cuts intro of music the first time it is played (Reported by Thomas Frederiksen) * ASTERISK-19657 - Coverity Report: Fix issues for error type CHAR_IO (Reported by Matt Jordan) * ASTERISK-27175 - iax.conf demo peer is invalid (Reported by Tzafrir Cohen) * ASTERISK-27430 - README refers to security documents that do not exist. (Reported by Corey Farrell) * ASTERISK-20281 - "core set verbose" behaves strangely, can't alias it, cli.conf example broken (Reported by Tim Ringenbach at Asteria Solutions Group) * ASTERISK-27382 - crash after an invalid rtcp packet from GT48 FXS gateway (Reported by Tzafrir Cohen) * ASTERISK-27429 - res_rtp_asterisk: Multiple reports in an RTCP packet will write past where it should (Reported by Vitezslav Novy) * ASTERISK-27408 - Identify causes and fix pjsip/resolver/srv/failover/in_dialog/transport_tcp (Reported by Corey Farrell) * ASTERISK-18411 - Queue members with hints for state_interface get stuck in "In Use" state. (Reported by Steven T. Wheeler) * ASTERISK-26131 - chan_sip: Crash Asterisk (in sip_request_call at chan_sip.c) by making a call to a single character in a dot pattern match (Reported by Dwayne Hubbard) * ASTERISK-27475 - codec_opus requires libcurl (Reported by Samuel For) * ASTERISK-27467 - pjsip_options: qualify_frequency sometimes not applied on reload (Reported by John Bigelow) * ASTERISK-27465 - CLI Completion Not Working (Reported by Ross Beer) * ASTERISK-27460 - CDR: Deadlock using AMI Originate with Variable CDR(amaflags)=... (Reported by Richard Mudgett) * ASTERISK-27453 - RTP: Blind transfer direct media scenario results in one way audio. (Reported by Richard Mudgett) * ASTERISK-20643 - SIP ICE support - remove hardcoded limitation on SDP size, make ICE support disabled by default in SIP, maybe provide a better warning message (Reported by Roy) * ASTERISK-26980 - pjsip: Clean up WebRTC disables (Reported by abelbeck) * ASTERISK-27452 - Security: chan_skinny: Memory exhaustion if flooded with unauthenticated requests (Reported by George Joseph) * ASTERISK-27454 - res_http_post: Don't require GMIME_MAJOR_VERSION (Reported by Joshua Colp) * ASTERISK-23735 - Transcoding makes bad choice in high-rate translations (Reported by Richard Kenner) * ASTERISK-27445 - ARI: Updating a bridge gives wrong error message. (Reported by Frank Durden) * ASTERISK-24662 - [patch] column and row headers for Signed Linear format variants in output of 'core show translation' are ambiguous (Reported by Rusty Newton) * ASTERISK-27353 - H323 audio starts with a delay of 2 seconds. (Reported by Marco Giordani) * ASTERISK-27442 - pjsip: 183 without To tag does not negotiate media (Reported by Kevin Harwell) * ASTERISK-27437 - [patch] ICE: server-reflexive candidates (srflx) with Dual-Stack. (Reported by Alexander Traud) * ASTERISK-27434 - [patch] chan_sip/ICE: Square brackets around IPv6 addresses. (Reported by Alexander Traud) * ASTERISK-27435 - [patch] configure: pjsip_evsub_set_uas_timeout not found. (Reported by Alexander Traud) * ASTERISK-27431 - Asterisk fails to build when openssl headers are not installed. (Reported by Corey Farrell) * ASTERISK-27332 - Asterisk fails to configure on MacOS Sierra (Reported by Ivan Larionov) * ASTERISK-27421 - RTP source learning not working with devices that have some clock issues (Reported by nappsoft) * ASTERISK-27361 - Attended transfer crashes in Asterisk 13.17.2 (Reported by Alessandro Pimenta) * ASTERISK-27238 - Bridging: Crash freeing a frame that's already been freed (Reported by Richard Kenner) * ASTERISK-27412 - core: Audiohook freeing interpolated frame when it shouldn't. (Reported by Mikhail) * ASTERISK-27423 - app_record: We set the RECORD_STATUS channel variable before closing the file (Reported by George Joseph) * ASTERISK-26758 - res_hep_pjsip: For WebRTC clients Asterisk insert same ip address in "source ip address" and "destination ip address" fields in HEP packets (Reported by Max Norba) * ASTERISK-27363 - res_http_websocket: Wrong LocalAddress (it is equal to RemoteAddress) (Reported by Vasilii Rogin) * ASTERISK-27415 - asterisk.conf: Setting astctl without setting astrundir is ineffective. (Reported by Corey Farrell) * ASTERISK-27411 - pjsip: TCP connections may not be destroyed (Reported by Joshua Colp) * ASTERISK-27345 - res_pjsip_session: RTP instances leak on 488 responses. (Reported by Corey Farrell) * ASTERISK-27337 - chan_sip: Security vulnerability with client code header (revisited) (Reported by Richard Mudgett) * ASTERISK-27319 - (Security) Function in PJSIP 2.7 miscalculates the length of an unsigned long variable in 64bit machines (Reported by Kim youngsung) * ASTERISK-27391 - Regression: Deadlock between AOR named lock and pjproject grp lock (Reported by shaurya jain) * ASTERISK-27393 - res_pjsip: Crash occurs when an empty contact read from astdb or database (Reported by Aaron An) * ASTERISK-27290 - res_pjsip: PIDF contact field has malformed/invalid XML (Reported by basildane) * ASTERISK-27032 - res_pjsip: TLS options do not handle empty values (Reported by seanchann.zhou) * ASTERISK-27394 - [patch] tcptls: Print notice when TLS is enabled but not configured. (Reported by Alexander Traud) * ASTERISK-26426 - format_ogg_opus: remove from source (Reported by Kevin Harwell) * ASTERISK-27378 - Modules: Fix issues with CLI completion. (Reported by Corey Farrell) * ASTERISK-27387 - Regression: pjsip 13.18.0 - from_user - "+" character isn't allowed any more (Reported by Michael Maier) * ASTERISK-27390 - Audit menuselect module dependencies (Reported by Corey Farrell) * ASTERISK-27389 - Optional API modules should not allow unload. (Reported by Corey Farrell) * ASTERISK-27369 - Bridge() dialplan application fails without setting BRIDGERESULT channel variable (Reported by James Terhune) * ASTERISK-27377 - Typo in CHANNEL(dtmf_features) usage documentation (Reported by Igor Goncharovsky) * ASTERISK-27181 - GCC 7 warning: app_voicemail.c: In function 'imap_delete_old_greeting' (Reported by Anthony Messina) * ASTERISK-27194 - jitterbuffer: Does not handle case where translator returns null frame. (Reported by Joshua Elson) * ASTERISK-26639 - core: Disabling xmldoc support does not work. Also results in abort during Asterisk startup. (Reported by Mr Dini) * ASTERISK-27372 - ARI: Node ARI client broken in latest versions of 13 and 14 (Reported by Benjamin Keith Ford) * ASTERISK-18140 - Expires handling in SUBSCRIBE confuses the absence of the Expires header field with an unsubscribe action. (Reported by Jonathan Cloots) * ASTERISK-25960 - The config_hook unit test causes Asterisk to crash if run a second time (Reported by George Joseph) * ASTERISK-27198 - res_pjsip: SDP contains IP4 instead of IP6 when rtp_ipv6 set to yes (Reported by Martin Cisárik) * ASTERISK-27346 - res_xmpp: Crash if OAuth 2.0 is used before curl is loaded (Reported by Ronald Raikes) * ASTERISK-27365 - [patch] chan_sip: Crypto attribute not last but first on SDP media level. (Reported by Alexander Traud) * ASTERISK-24483 - res_pjsip_pubsub.so, res_pjsip_refer.so: Assertion on un/re-load: mod.id == -1 (Reported by Tzafrir Cohen) * ASTERISK-23462 - Cannot disable SIP debugging via CLI after enabling with conf file option - also 'sip set debug off' reports debugging disabled, when it really isn't (Reported by Rusty Newton) * ASTERISK-27328 - Missing openssl dependencies in res_rtp_asterisk and tcptls (Reported by Tzafrir Cohen) * ASTERISK-27341 - [patch] res_pjsip_session: SIP/SDP origin (o=) contains local address. (Reported by Alexander Traud) * ASTERISK-27343 - Fails to build in FreeBSD due to sys/sysmacros.h not existing there (Reported by Guido Falsi) * ASTERISK-27340 - backtrace.c: Crash due to double-free. (Reported by Corey Farrell) * ASTERISK-27339 - [patch] Crash on ast_ssl_teardown when stopping. (Reported by Alexander Traud) * ASTERISK-27333 - sip_to_pjsip not correctly handling disallow=all directive (Reported by Torrey Searle) Improvements made in this release: ----------------------------------- * ASTERISK-24297 - cdr.c: Minor code optimizations. (Reported by Richard Mudgett) * ASTERISK-27449 - [PATCH] When failing to acquire target during attended transfer, display wanted extension (Reported by Niklas Larsson) * ASTERISK-27456 - app_voicemail: Add new object for VoicemailUserEntry (Reported by sungtae kim) * ASTERISK-27380 - ast_coredumper: allow pointing out the asterisk binary explicitly (Reported by Tzafrir Cohen) * ASTERISK-23556 - Compilation warning for invert.c (array subscript is above array bounds) (Reported by Marcello Ceschia) * ASTERISK-27355 - Upgrade bundled PJPROJECT to 2.7 (Reported by Richard Mudgett) * ASTERISK-27335 - CDR performance needs improvement. (Reported by Richard Mudgett) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.19.0 Thank you for your continued support of Asterisk! ----- 13.18.5 ----- The Asterisk Development Team would like to announce security releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18. The available releases are released as versions 13.18.5, 14.7.5, 15.1.5 and 13.18-cert2. The following security vulnerabilities were resolved in these versions: * AST-2017-014: Crash in PJSIP resource when missing a contact header A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point. For a full list of changes in the current releases, please see the ChangeLogs: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.5 The security advisory is available at: https://downloads.asterisk.org/pub/security/AST-2017-014.pdf Thank you for your continued support of Asterisk! ----- 13.18.4 ----- The Asterisk Development Team has announced security releases for Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available security releases are released as versions 13.13-cert9, 13.18.4, 14.7.4 and 15.1.4. The release of these versions resolves the following security vulnerabilities: * AST-2017-012: Remote Crash Vulnerability in RTCP Stack If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.4 The security advisories are available at: http://downloads.asterisk.org/pub/security/AST-2017-012.html http://downloads.asterisk.org/pub/security/AST-2017-012.pdf Thank you for your continued support of Asterisk! ----- 13.18.3 ----- The Asterisk Development Team has announced security releases for Certified Asterisk 13.13 and Asterisk 13, 14 and 15. The available security releases are released as versions 13.13-cert8, 13.18.3, 14.7.3 and 15.1.3. The release of these versions resolves the following security vulnerabilities: * AST-2017-013: DOS Vulnerability in Asterisk chan_skinny If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.18.3 The security advisories are available at: http://downloads.asterisk.org/pub/security/AST-2017-013.pdf Thank you for your continued support of Asterisk! ----- 13.18.2 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.18.2. The release of Asterisk 13.18.2 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-27387 - Regression: pjsip 13.18.0 - from_user - "+" character isn't allowed any more (Reported by Michael Maier) * ASTERISK-27391 - Regression: Deadlock between AOR named lock and pjproject grp lock (Reported by shaurya jain) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.18.2 Thank you for your continued support of Asterisk! ----- 13.18.0 ----- The Asterisk Development Team would like to announce the release of Asterisk 13.18.0. The release of Asterisk 13.18.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Improvements made in this release: ----------------------------------- * ASTERISK-27278 - [patch] chan_sip: Provide access to read the full SIP Request-URI from INVITE (Reported by David J. Pryke) * ASTERISK-27255 - alembic: Add support for Microsoft SQL server (Reported by Florian Floimair) * ASTERISK-27253 - [patch] libsrtp-2.1.x support (Reported by Alexander Traud) * ASTERISK-27220 - Enable CHANNEL function to get from and to tag from SIP Headers (Reported by Andre Nazario) * ASTERISK-27169 - Google OAuth 2.0 support for XMPP / Motif (Reported by Andrey) * ASTERISK-27173 - Support for GMIME 3.0 (Reported by Tzafrir Cohen) * ASTERISK-27092 - [patch] app_queue: Add Priority to AMI QueueStatus (Reported by Niklas Larsson) * ASTERISK-27085 - [patch] chan_pjsip: Port SIPDtmfMode to chan_pjsip (Reported by Torrey Searle) Bugs fixed in this release: ----------------------------------- * ASTERISK-27346 - res_xmpp: Crash if OAuth 2.0 is used before curl is loaded (Reported by Ronald Raikes) * ASTERISK-27372 - ARI: Node ARI client broken in latest versions of 13 and 14 (Reported by Benjamin Keith Ford) * ASTERISK-27047 - res_pjsip: user=phone added to Anonymous caller-id when it shouldn't be. (Reported by dtryba) * ASTERISK-26988 - res_pjsip_session: user_eq_phone adds double user=phone parameters to URIs (Reported by dtryba) * ASTERISK-27270 - cdr_mysql: various crashes at second module reload if cdr_mysql.conf is configured (Reported by Tzafrir Cohen) * ASTERISK-27301 - [patch] app_queue: Music On Hold for real-time queues is not reset to default (Reported by Nathan Bruning) * ASTERISK-25266 - Application Originate returns SUCCESS to ORIGINATE_STATUS upon failure to originate (Reported by Allen Ford) * ASTERISK-27192 - res_pjsip: Loss of SIP registrations causing unavailable endpoints (Reported by Richard Mudgett) * ASTERISK-27305 - res_ari: Memory leaks in ARI when using Content-Type: application/json (Reported by David Hajek) * ASTERISK-26922 - chan_sip: tcpbind uses wrong source address (Reported by Ksenia) * ASTERISK-27324 - [patch] Dual-Stack server cannot be used as IPv4 client via TCP/TLS (Reported by Alexander Traud) * ASTERISK-27317 - vector: multiple evaluation of elem in AST_VECTOR_ADD_SORTED. (Reported by Corey Farrell) * ASTERISK-27318 - res_pjsip_mwi: uninitialized value from ast_strings_match (Reported by Corey Farrell) * ASTERISK-27296 - [patch] False positive busy checks when icalendar's recurrence-id mechanism is involved (Reported by Benoît Dereck-Tricot) * ASTERISK-27284 - Status of RFC 3323 and PJSIP (Reported by dtryba) * ASTERISK-27216 - app_queue: does its check-makeannouncement-logic twice each head-caller-loop (Reported by Stefan Engström) * ASTERISK-27295 - Contact is improperly translated after d178f497 (Reported by Sean Bright) * ASTERISK-27292 - Multiple RTP Stream Created Breaking RFC2833 (SSRC Changes) (Reported by Ross Beer) * ASTERISK-27289 - A codeblock that maintains a bug,but maybe the codeblock will never run (Reported by Huangyx) * ASTERISK-27283 - Realtime config fail with PostgreSQL version before 9.1 (Reported by Rodrigo Ramirez Norambuena) * ASTERISK-27257 - bridge_native_rtp: half-way direct media when using early bridging (Reported by Jean Aunis - Prescom) * ASTERISK-27279 - Crash in pubsub_on_rx_request NULL pointer - Possible PJSIP Vulnerability (Reported by Ross Beer) * ASTERISK-26606 - tcptls: Incorrect OpenSSL function call leads to misleading error report (Reported by Bob Ham) * ASTERISK-16898 - SRTP unprotect: authentication failure when RTP sequence number switches from 65535 -> 0 (Reported by Marcello Ceschia) * ASTERISK-27274 - RTCP needs better packet validation to resist port scans. (Reported by Richard Mudgett) * ASTERISK-27252 - RTP: One way audio with direct media and strictrtp=yes. (Reported by Richard Mudgett) * ASTERISK-25524 - module reload res_calendar.so does not reload everything in calendar.conf (Reported by Jesper) * ASTERISK-24588 - res_calendar does not process CalDAV from Owncloud [fix included] (Reported by Stefan Gofferje) * ASTERISK-25523 - res_calendar: Warning about invalid channel value (for notification) occurs even when event has no notification configured. (Reported by Jesper) * ASTERISK-21399 - RTP Multicast of L16 (type 10): Asterisk and wireshark disagree (Reported by Tzafrir Cohen) * ASTERISK-27248 - [patch]external_media_address and external_signaling_address don't always honor localnet (Reported by Walter Doekes) * ASTERISK-27165 - CDR: CDR(start,u) function won't work in cdr_custom config (Reported by Jacek Konieczny) * ASTERISK-27217 - chan_sip: Asterisk crashing when subscription doesn't get set (Reported by Bryan Walters) * ASTERISK-24066 - res_smdi: convert to astobj2 (Reported by Corey Farrell) * ASTERISK-17540 - SDP origin attribute modified when issuing re-INVITE because of directmedia=yes (Reported by saghul) * ASTERISK-27254 - alembic: prune_on_boot fix erroneous (Reported by Florian Floimair) * ASTERISK-27232 - When in queue on g722 with interruptions, music on hold can get stuck and no longer play (Reported by Jens T.) * ASTERISK-27024 - nat/external_media settings ignored in 14.4.1 (Reported by Christopher van de Sande) * ASTERISK-26879 - PJSIP external_media_address ignored if no local_net options are provided (Reported by Matt Jordan) * ASTERISK-27236 - Segfault ast_channel_name (chan=0x0) at channel_internal_api.c:478 during T.38 Fax Receive (Reported by Ross Beer) * ASTERISK-27225 - Crash when freeing dtls_cfg->cafile (Reported by Richard Kenner) * ASTERISK-27177 - ooh323c: misleading indentation in addons/ooh323c/src/ooSocket.c (Reported by Tzafrir Cohen) * ASTERISK-27241 - libc segfault upon entry into app_directory (Reported by David Moore) * ASTERISK-27152 - Sending a "tel" uri in a From or To header in an unauthenticated message causes asterisk to crash (Reported by Ross Beer) * ASTERISK-27103 - core: ast_safe_system command injection possible. (Reported by Corey Farrell) * ASTERISK-27013 - res_rtp_asterisk: Media can be hijacked even with strict RTP enabled (Reported by Joshua Colp) * ASTERISK-26994 - Confbridge: CBAnn channels intermittently become stuck when caller hangs up before recording name (Reported by James Terhune) * ASTERISK-20858 - app_minivm fails to clean up mkstemp files (Reported by Walter Doekes) * ASTERISK-16777 - several filename bugs in Record() application (Reported by klaus3000) * ASTERISK-27168 - alembic: PJSIP scripts are missing column dtls_fingerprint in ps_endpoints table (Reported by Florian Floimair) * ASTERISK-23608 - ControlPlayback fails to play files with names containing certain non-alpha characters (Reported by Jonathan White) * ASTERISK-19103 - When using realtime queues, function QUEUE_MEMBER_LIST() will return an error if no other app/function has loaded the queues first. This problem does not exist if queues.conf is used. (Reported by Jim Van Meggelen) * ASTERISK-21241 - When using voicemail as announce only (maxmsg=0), the star dtmf to enter the voicemail is not honored (Reported by Eelco Brolman) * ASTERISK-27204 - [patch] app_queue: Wrong queue stat calculation (Reported by sungtae kim) * ASTERISK-27209 - Incorrect SDP in 200 OK when PJSIP_DTMF_MODE is used (Reported by Torrey Searle) * ASTERISK-27207 - XMPP OAuth not working due to inverted logic (Reported by Michael Kuron) * ASTERISK-27174 - res_calendar_icalendar: Recurring events not being loaded from Google calendar using ical (Reported by Mark Thompson) * ASTERISK-27202 - If wget is not installed and "or" is not available, external components (excluding pjsip) are not installed (Reported by Seán C. McCord) * ASTERISK-27147 - Either asterisk or pjproject isn't re-using tcp connections (again) (Reported by George Joseph) * ASTERISK-27193 - IPv6 receive address in message doesn't include brackets (Reported by Scott Griepentrog) * ASTERISK-27158 - [patch] res_rtp_asterisk: RTCP statistics are not available when native bridge is used (Reported by Torrey Searle) * ASTERISK-27110 - RTP session is not fully destroyed on channel hangup (Reported by Matt Jordan) * ASTERISK-26745 - Asymmetric codecs when asymmetric_rtp_codec=no (Reported by Jesse Ross) * ASTERISK-27171 - Asterisk 15.0.0-Beta1 does not compile (Reported by Ira Emus) * ASTERISK-26659 - res_pjsip: PJSIP presence - missing braces around the status element in XML (Reported by Abraham Liebsch) * ASTERISK-27156 - Asterisk won't compile on Fedora 26 with devmode enabled. (Reported by Corey Farrell) * ASTERISK-27130 - Applications ARI: Unsubscribe action for deviceStates does not remove old subscriptions properly (Reported by Sergej Kasumovic) * ASTERISK-25810 - say.c calls for sounds in the subdir "digits" that don't exist (in Core). SayUnixTime or other Say... apps will fail out when they call these sounds. (Reported by Nicolas Riendeau) * ASTERISK-27142 - sounds: Conflict between files in asterisk-sounds-core-1.6 and asterisk-sounds-extra-1.5 (Reported by Corey Farrell) * ASTERISK-27124 - app_playback.c:say_date_generic use timezonename parameter (Reported by Holger Hans Peter Freyther) * ASTERISK-27133 - res_rtp_asterisk: RTCP does not use ICE when RTCP-MUX in use (Reported by Joshua Colp) * ASTERISK-27128 - [patch]res_stasis_snoop: When recording a snoop channel (using ARI) where no media is being received, no recording happens when theres no media (Reported by Dan Jenkins) * ASTERISK-27123 - confbridge: Name recordings are left on filesystem (Reported by Sergej Kasumovic) * ASTERISK-27122 - chan_iax2: On reload MWI taskprocessors keep adding up (Reported by Sergej Kasumovic) * ASTERISK-26807 - sounds: New 3-D Binaural audio features require new sound prompts (Reported by Rusty Newton) * ASTERISK-25816 - French conf-adminmenu, conf-usermenu prompts differ in content from the English files (Reported by Benoit Duverger) * ASTERISK-26274 - Resolve open sounds issues and then create a new sounds release (1.5.1? or 1.6?) (Reported by Rusty Newton) * ASTERISK-27127 - configs: Erroneous load directive in sample configuration results in "Error loading module 'res_pjsip_multihomed.so'" (Reported by HZMI8gkCvPpom0tM) * ASTERISK-27105 - [patch]core: when setting 'maxfiles' in asterisk.conf, a message is printed, even in rasterisk -x (Reported by Tzafrir Cohen) * ASTERISK-27036 - res_pjsip: Asterisk crashes when an extension tries to use PJSIP trunk with from_user containing '@@' (Reported by Maxim Vasilev) * ASTERISK-27023 - res_rtp_asterisk: Deadlock when TURN session in use (Reported by Jatin Jain) * ASTERISK-27093 - ODBC deadlocks when app_directory tries to play back non-existent voicemail greeting (Reported by James Terhune) New Features made in this release: ----------------------------------- * ASTERISK-27215 - [patch]AMI : Add CancelAtxfer Action (Reported by Thomas Sevestre) * ASTERISK-27117 - core: Add support for timelen parsing to ast_parse_arg and ACO. (Reported by Corey Farrell) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.18.0 Thank you for your continued support of Asterisk! ----- 13.17.0 ---- The Asterisk Development Team would like to announce the release of Asterisk 13.17.0. The release of Asterisk 13.17.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-27108 - Crash using 'data get' CLI command (Reported by Sean Bright) * ASTERISK-27106 - [patch] autodomain (SIP Domain Support): Add only really different domain with TLS. (Reported by Alexander Traud) * ASTERISK-27100 - channel: ast_waitfordigit_full fails to clear flag in an error branch. (Reported by Corey Farrell) * ASTERISK-27090 - PJSIP: Deadlock using TCP transport (Reported by Richard Mudgett) * ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events (Reported by Ove Aursand) * ASTERISK-27065 - call hangup after leaving app_queue (Reported by Marek Cervenka) * ASTERISK-26978 - rtp: Crash in ast_rtp_codecs_payload_code() (Reported by Ross Beer) * ASTERISK-27074 - core_local: local channel data not being properly unref'ed and unlocked (Reported by Kevin Harwell) * ASTERISK-27075 - bridge: stuck channel(s) after failed attended transfer (Reported by Kevin Harwell) * ASTERISK-24052 - app_voicemail reloads result in leaked IMAP sockets. (Reported by Louis Jocelyn Paquet) * ASTERISK-27060 - Comment typo format_g729.c (Reported by Matthew Fredrickson) * ASTERISK-27026 - res_ari: Crash when no ari.conf configuration file exists (Reported by Ronald Raikes) * ASTERISK-27041 - Core/PBX: [patch] Deadlock between dialplan execution and application unregistration (Reported by Frederic LE FOLL) * ASTERISK-27057 - Seg Fault in ast_sorcery_object_get_id at sorcery.c (Reported by Ryan Smith) * ASTERISK-27024 - nat/external_media settings ignored in 14.4.1 (Reported by Christopher van de Sande) * ASTERISK-27046 - res_pjsip_transport_websocket: segfault in get_write_timeout (Reported by Jørgen H) * ASTERISK-27022 - res_rtp_asterisk: Incorrect SSRC change for RTCP component (Reported by Michael Walton) * ASTERISK-26923 - bridging: T.38 request is lost when channels are added to bridge (Reported by Torrey Searle) * ASTERISK-27053 - res_pjsip_refer/session: Calls dropped during transfer (Reported by Kevin Harwell) * ASTERISK-27052 - Asterisk build process fails with flag --with-pjproject-bundled with curl download command and slow network (Reported by alex) * ASTERISK-27039 - chan_pjsip: Device state is idle when channel from endpoint is in early media (Reported by Joshua Colp) * ASTERISK-26996 - chan_pjsip: Flipping between codecs (Reported by Michael Maier) * ASTERISK-26281 - chan_pjsip would send INVITE to 'Unreachable' endpoints (Reported by Jacek Konieczny) * ASTERISK-26973 - bridge: Crash when freeing frame and snooping (Reported by Michel R. Vaillancourt) * ASTERISK-19291 - Background in realtime (Reported by Andrew Nowrot) * ASTERISK-27025 - channel / meetme: Fix missing parentheses (Reported by Joshua Colp) * ASTERISK-27021 - GET /recordings/stored returns 500 Internal Server Error (Reported by Tim Morgan) * ASTERISK-24858 - [patch]Asterisk 13 PJSIP sends RTP packets in wrong byte order on Intel platform when using slin codec (Reported by Frankie Chin) * ASTERISK-23951 - Asterisk attempts and fails to build format_mp3 even if mp3lib was not downloaded (Reported by Tzafrir Cohen) * ASTERISK-25294 - srtp's crypto_get_random deprecated (Reported by Tzafrir Cohen) * ASTERISK-23839 - AGI - RECORD FILE - documentation doesn't describe BEEP argument (Reported by Rusty Newton) * ASTERISK-22432 - Async AGI crashes Asterisk when issuing "set variable" command without args (Reported by Antoine Pitrou) * ASTERISK-25662 - Malformed AGI 520 Usage response (Reported by Tony Mountifield) * ASTERISK-25101 - DTLS configuration can not be specified in the general section - documentation (Reported by Ben Langfeld) * ASTERISK-27008 - res_format_attr_h264: SDP parse fails if fmtp optional parameters have a space (Reported by John Harris) * ASTERISK-26399 - app_queue: Agent not called when caller is parked (Reported by wushumasters) * ASTERISK-26400 - app_queue: Queue member stops being called after AMI "Redirect" action for queues with wrapuptime (Reported by Etienne Lessard) * ASTERISK-26715 - app_queue: Member will not receive any new calls after doing a transfer if wrapuptime = greater than 0 and using Local channel (Reported by David Brillert) * ASTERISK-26975 - app_queue: Non-zero wrapup time can cause agents not to receive queue calls after transfer queue call (Reported by Lorne Gaetz) * ASTERISK-27012 - app_confbridge: ConfBridge sometimes does not play user name recording while leaving (Reported by Robert Mordec) * ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110 (Reported by Javier Riveros) * ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable (Reported by Stefan Engström) * ASTERISK-26964 - res_pjsip_session: Wrong From on reinvite when request and To URI differ (Reported by Yasin CANER) * ASTERISK-26789 - Audit manipulation of channel flags without locks (Reported by Joshua Colp) * ASTERISK-26333 - Problems with Blind Transfer, PJSIP (Aastra 6869i) (Reported by Matthias Binder) Improvements made in this release: ----------------------------------- * ASTERISK-26230 - [patch] res_pjsip_mwi: unsolicited mwi could block PJSIP taskprocessor on startup (Reported by Alexei Gradinari) * ASTERISK-27043 - Core/BuildSystem: Add defines to fix build with LibreSSL (Reported by Guido Falsi) * ASTERISK-27042 - Unpatched asterisk sources fail to build on FreeBSD due to missing crypt.h file (Reported by Guido Falsi) * ASTERISK-26419 - audiohooks: Remove redundant codec translations when using audiohooks (Reported by Michael Walton) * ASTERISK-26976 - libsrtp-2.x.x support (Reported by Alex) * ASTERISK-26124 - res_agi: Set audio format for EAGI audio stream (Reported by John Fawcett) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.17.0 Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.4 2017/06/04 07:51:27 jnemeth Exp $ d3 1 a3 1 --- Makefile.orig 2018-01-11 16:44:54.000000000 +0000 d5 1 a5 1 @@@@ -142,7 +142,7 @@@@ DEBUG=-g3 d14 1 a14 1 @@@@ -179,6 +179,9 @@@@ DAHDI_UDEV_HOOK_DIR = /usr/share/dahdi/s d24 1 a24 1 @@@@ -215,10 +218,6 @@@@ ifeq ($(AST_DEVMODE),yes) d28 3 a30 1 -ifneq ($(findstring BSD,$(OSARCH)),) d37 1 a37 1 @@@@ -349,10 +348,10 @@@@ makeopts: configure d50 1 a50 1 @@@@ -425,7 +424,6 @@@@ dist-clean: distclean d58 1 a58 1 @@@@ -542,7 +540,7 @@@@ update: d67 1 a67 1 @@@@ -748,7 +746,7 @@@@ upgrade: bininstall d70 1 a70 1 @@for x in configs/$(1)/*$(2); do \ d76 1 a76 1 @@@@ -777,24 +775,24 @@@@ define INSTALL_CONFIGS d89 1 d108 1 a108 1 @@@@ -827,7 +825,7 @@@@ basic-pbx: d117 1 a117 1 @@@@ -877,11 +875,11 @@@@ endif d132 1 a132 1 @@@@ -993,7 +991,7 @@@@ uninstall-all: _uninstall d141 3 a143 3 @@@@ -1081,6 +1079,7 @@@@ check-alembic: makeopts @@ALEMBIC=$(ALEMBIC) build_tools/make_check_alembic config cdr voicemail >&2 @ 1.4 log @Update to Asterisk 13.16.0: this is mostly a bugfix release. The Asterisk Development Team would like to announce the release of Asterisk 13.16.0. The release of Asterisk 13.16.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following issues are resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-26982 - chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable (Reported by Stefan Engström) * ASTERISK-26979 - res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110 (Reported by Javier Riveros) * ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events (Reported by Ove Aursand) * ASTERISK-26998 - res_pjsip_session: INVITE retransmissions could still setup the same call again. (Reported by Richard Mudgett) * ASTERISK-26143 - res_rtp_asterisk: One way audio when transcoding (Reported by Henning Holtschneider) * ASTERISK-26606 - tcptls: Incorrect OpenSSL function call leads to misleading error report (Reported by Bob Ham) * ASTERISK-26983 - Crash in Manager Reload when TLS Config Changes (Reported by Joshua Elson) * ASTERISK-25032 - [patch]cel_odbc sometimes inserts CEL with wrong eventtime (Reported by Etienne Lessard) * ASTERISK-26173 - func_cdr: CDR function does not permit empty values to be assigned (Reported by gkloepfer) * ASTERISK-25506 - [patch]CONFBRIDGE failure after an app_confbrige.so module reload results in segfault or error/warning messages. (Reported by Frederic LE FOLL) * ASTERISK-24529 - Using AMI Action Bridge to on an already bridged channel causes the incorrect return priority to be used (Reported by Corey Farrell) * ASTERISK-26860 - Upon RTCP reception, netsock2.c:210 ast_sockaddr_split_hostport: Port missing in (null) (Reported by Evers Lab) * ASTERISK-26922 - chan_sip: tcpbind uses wrong source address (Reported by Ksenia) * ASTERISK-26974 - res_pjsip: Deadlock in T.38 framehook (Reported by Richard Mudgett) * ASTERISK-26908 - res_pjsip: The ChanIsAvail causes a res_pjsip session to be leaked. (Reported by Richard Mudgett) * ASTERISK-25823 - SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory. (Reported by Andreas Krüger) * ASTERISK-26951 - chan_sip: ACK with SDP does not update a direct media bridge (Reported by Jean Aunis - Prescom) * ASTERISK-26930 - pjproject/Makefile.rules for pjsip 2.6 build fails for non-SSE2 instrunction Linux (Reported by abelbeck) * ASTERISK-26926 - func_speex: Crash caused by frame with no datalen (Reported by Richard Kenner) * ASTERISK-26929 - pjsip: Add database tables for RLS (Reported by Joshua Colp) * ASTERISK-26953 - Asterisk crash if hep.conf have some missing parameters (Reported by Joel Vandal) * ASTERISK-26890 - STUN server with non-default-route transport causes INVITE delay (Reported by George Joseph) * ASTERISK-26692 - res_rtp_asterisk: Crash in dtls_srtp_handle_timeout at res_rtp_asterisk (using chan_sip) (Reported by scgm11) * ASTERISK-26835 - res_rtp_asterisk: Crash when freeing RTCP address string (Reported by Niklas Larsson) * ASTERISK-26853 - res_rtp_asterisk: Crash in pjnath when receiving packet (Reported by Adagio) * ASTERISK-26613 - format_wav: wav16 format read file only by 320 - half of frame (Reported by Vitaly K) * ASTERISK-26169 - format_ogg_vorbis: Memory leak using OGG in MixMonitor (Reported by Ivan Myalkin) * ASTERISK-21856 - STUN never works when asterisk started without internet access (Reported by Jeremy Kister) * ASTERISK-20984 - Audible clicks when playing sox encoded au file with STREAM FILE AGI command (Reported by Roman S.) * ASTERISK-26851 - res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport (Reported by Richard Begg) * ASTERISK-26903 - Listening TCP/TLS sockets stop when temporarily out of open files (Reported by Walter Doekes) * ASTERISK-26528 - [UBSAN] strings.h:signed integer overflow in ast_str_case_hash (Reported by Badalian Vyacheslav) * ASTERISK-26928 - pjsip: Add database tables for PUBLISH support (Reported by Joshua Colp) * ASTERISK-26927 - pjproject_bundled: Crash on pj_ssl_get_info() while ioqueue_on_read_complete(). (Reported by Alexander Traud) * ASTERISK-26905 - pjproject_bundled: Merge 3 upstream deadlock patches into bundled (Reported by Ross Beer) * ASTERISK-26897 - chan_sip: Security vulnerability with client code header (Reported by Alex Villacís Lasso) * ASTERISK-25974 - Unused realtime MOH classes not purged on 'moh reload' (Reported by Sébastien Couture) * ASTERISK-26916 - res_pjsip: Excessive refcount reached on transport ao2 object (Reported by Ross Beer) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-26915 - chan_sip: Session Timers required but refused wrongly. (Reported by Alexander Traud) * ASTERISK-26363 - res_pjsip: Bye sent to sip trunk is not authenticated even after receiving a 407 error code (Reported by Yaacov Akiba Slama) * ASTERISK-26896 - Overflow of buffer to PQEscapeStringConn with large app_args causes ABRT (Reported by twisted) * ASTERISK-26705 - libasteriskssl.so not found when asterisk is installed for the 1st time (Reported by George Joseph) * ASTERISK-21009 - xmpp_pubsub_unsubscribe: Could not create IQ when creating pubsub unsubscription on client (Reported by Marcello Ceschia) * ASTERISK-25490 - [patch]SDP crypto tag is validated incorrectly (Reported by Joerg Sonnenberger) * ASTERISK-24712 - xmpp: starttls problem causes connection spew (Reported by Matthias Urlichs) * ASTERISK-26086 - res_musiconhold: format option is not documented adequately (Reported by Jens Bürger) * ASTERISK-23996 - No core dumps because of res_musiconhold chdir. (Reported by Walter Doekes) * ASTERISK-26814 - pjproject_bundled build fails to download pjproject source when using cURL (Reported by Gergely Dömsödi) * ASTERISK-23510 - JABBER_STATUS fails with improper code 7 for unavailable clients (Reported by Anthony Critelli) * ASTERISK-21855 - Asterisk crashes when XMPP message is sent (JabberSend) and no internet connection is available (Reported by Jeremy Kister) * ASTERISK-25622 - WARNING for "JABBER: socket read error" should be more specific (Reported by Sean Darcy) * ASTERISK-26818 - cdr: Problem setting variables in h exten (Reported by scgm11) * ASTERISK-26875 - app_mixmonitor: Recording out of sync when 183 but no RTP (Reported by Aaron An) Improvements made in this release: ----------------------------------- * ASTERISK-26088 - Investigate heavy memory utilization by res_pjsip_pubsub (Reported by Richard Mudgett) * ASTERISK-26427 - res_hep_rtcp: Asterisk Master will report channel name with res_hep_rtcp when using chan_sip (Reported by Nir Simionovich (GreenfieldTech - Israel)) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.16.0 Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.3 2016/05/06 07:41:06 jnemeth Exp $ d3 1 a3 1 --- Makefile.orig 2017-05-30 17:44:16.000000000 +0000 d5 1 a5 1 @@@@ -139,7 +139,7 @@@@ DEBUG=-g3 d14 1 a14 1 @@@@ -176,6 +176,9 @@@@ DAHDI_UDEV_HOOK_DIR = /usr/share/dahdi/s d24 2 a25 2 @@@@ -210,10 +213,6 @@@@ ifeq ($(AST_DEVMODE),yes) ADDL_TARGETS+=validate-docs d35 1 a35 1 @@@@ -336,10 +335,10 @@@@ makeopts: configure d48 1 a48 1 @@@@ -412,7 +411,6 @@@@ dist-clean: distclean d56 1 a56 1 @@@@ -527,7 +525,7 @@@@ update: d65 1 a65 1 @@@@ -731,7 +729,7 @@@@ upgrade: bininstall d74 1 a74 1 @@@@ -760,24 +758,24 @@@@ define INSTALL_CONFIGS d105 1 a105 1 @@@@ -810,7 +808,7 @@@@ basic-pbx: d114 1 a114 1 @@@@ -860,11 +858,11 @@@@ endif d129 1 a129 1 @@@@ -976,7 +974,7 @@@@ uninstall-all: _uninstall d138 1 a138 1 @@@@ -1064,6 +1062,7 @@@@ check-alembic: makeopts @ 1.3 log @Update to Asterisk 13.8.2: this is mainly a bug fix release. It also contains fixes for AST-2016-004 and AST-2016-005. However, those issues only affected the pjsip module. Since Asterisk in pkgsrc doesn't (yet) use pjsip, it wasn't affected. ----- 13.8.2 The Asterisk Development Team has announced the release of Asterisk 13.8.2. The release of Asterisk 13.8.2 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-25929 - res_pjsip_registrar: AOR_CONTACT_ADDED events not raised (Reported by Joshua Colp) * ASTERISK-25928 - res_pjsip: URI validation done outside of PJSIP thread (Reported by Joshua Colp) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.8.2 Thank you for your continued support of Asterisk! ----- 13.8.0 The Asterisk Development Team has announced the release of Asterisk 13.8.0. The release of Asterisk 13.8.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-24919 - res_pjsip_config_wizard: Ability to write contents to file (Reported by Ray Crumrine) * ASTERISK-25670 - Add regcontext to PJSIP (Reported by Daniel Journo) * ASTERISK-25480 - [patch]Add field PauseReason on QueueMemberStatus (Reported by Rodrigo Ramirez Norambuena) Bugs fixed in this release: ----------------------------------- * ASTERISK-25849 - chan_pjsip: transfers with direct media sometimes drops audio (Reported by Kevin Harwell) * ASTERISK-25113 - install_prereq in Debian 8 without "standard system utilities" (Reported by Rodrigo Ramirez Norambuena) * ASTERISK-25814 - Segfault at f ip in res_pjsip_refer.so (Reported by Sergio Medina Toledo) * ASTERISK-25023 - Deadlock in chan_sip in update_provisional_keepalive (Reported by Arnd Schmitter) * ASTERISK-25321 - [patch]DeadLock ChanSpy with call over Local channel (Reported by Filip Frank) * ASTERISK-25829 - res_pjsip: PJSIP does not accept spaces when separating multiple AORs (Reported by Mateusz Kowalski) * ASTERISK-25771 - ARI:Crash - Attended transfers of channels into Stasis application. (Reported by Javier Riveros ) * ASTERISK-25830 - Revision 2451d4e breaks NAT (Reported by Sean Bright) * ASTERISK-25582 - Testsuite: Reactor timeout error in tests/fax/pjsip/directmedia_reinvite_t38 (Reported by Matt Jordan) * ASTERISK-25811 - Unable to delete object from sorcery cache (Reported by Ross Beer) * ASTERISK-25800 - [patch] Calculate talktime when is first call answered (Reported by Rodrigo Ramirez Norambuena) * ASTERISK-25727 - RPM build requires OPTIONAL_API cflag due to PJSIP requirement (Reported by Gergely Dömsödi) * ASTERISK-25337 - Crash on PJSIP_HEADER Add P-Asserted-Identity when calling from Gosub (Reported by Jacques Peacock) * ASTERISK-25738 - res_pjsip_pubsub: Crash while executing OutboundSubscriptionDetail ami action (Reported by Kevin Harwell) * ASTERISK-25721 - [patch] res_phoneprov: memory leak and heap-use-after-free (Reported by Badalian Vyacheslav) * ASTERISK-25272 - [patch]The ICONV dialplan function sometimes returns garbage (Reported by Etienne Lessard) * ASTERISK-25751 - res_pjsip: Support pjsip_dlg_create_uas_and_inc_lock (Reported by Joshua Colp) * ASTERISK-25606 - Core dump when using transports in sorcery (Reported by Martin Moučka) * ASTERISK-20987 - non-admin users, who join muted conference are not being muted (Reported by hristo) * ASTERISK-25737 - res_pjsip_outbound_registration: line option not in Alembic (Reported by Joshua Colp) * ASTERISK-25603 - [patch]udptl: Uninitialized lengths and bufs in udptl_rx_packet cause ast_frdup crash (Reported by Walter Doekes) * ASTERISK-25742 - Secondary IFP Packets can result in accessing uninitialized pointers and a crash (Reported by Torrey Searle) * ASTERISK-24972 - Transport Layer Security (TLS) Protocol BEAST Vulnerability - Investigate vulnerability of HTTP server (Reported by Alex A. Welzl) * ASTERISK-25397 - [patch]chan_sip: File descriptor leak with non-default timert1 (Reported by Alexander Traud) * ASTERISK-25702 - PjSip realtime DB and Cache Errors since upgrade to asterisk-13.7.0 from asterisk-13.7.0-rc2 (Reported by Nic Colledge) * ASTERISK-25730 - build: make uninstall after make distclean tries to remove root (Reported by George Joseph) * ASTERISK-25725 - core: Incorrect XML documentation may result in weird behavior (Reported by Joshua Colp) * ASTERISK-25722 - ASAN & testsute: stack-buffer-overflow in sip_sipredirect (Reported by Badalian Vyacheslav) * ASTERISK-25709 - ARI: Crash can occur due to race condition when attempting to operate on a hung up channel (Reported by Mark Michelson) * ASTERISK-25714 - ASAN:heap-buffer-overflow in logger.c (Reported by Badalian Vyacheslav) * ASTERISK-25685 - infrastructure: Run alembic in Jenkins build script (Reported by Joshua Colp) * ASTERISK-25712 - Second call to already-on-call phone and Asterisk sends "Ready" (Reported by Richard Mudgett) * ASTERISK-24801 - ASAN: ast_el_read_char stack-buffer-overflow (Reported by Badalian Vyacheslav) * ASTERISK-25179 - CDR(billsec,f) and CDR(duration,f) report incorrect values (Reported by Gianluca Merlo) * ASTERISK-25611 - core: threadpool thread_timeout_thrash unit test sporadically failing (Reported by Joshua Colp) * ASTERISK-24097 - Documentation - CHANNEL function help text missing 'linkedid' argument (Reported by Steven T. Wheeler) * ASTERISK-25700 - main/config: Clean config maps on shutdown. (Reported by Corey Farrell) * ASTERISK-25696 - bridge_basic: don't cache xferfailsound during a transfer (Reported by Kevin Harwell) * ASTERISK-25697 - bridge_basic: don't play an attended transfer fail sound after target hangs up (Reported by Kevin Harwell) * ASTERISK-25683 - res_ari: Asterisk fails to start if compiled with MALLOC_DEBUG (Reported by yaron nahum) * ASTERISK-25686 - PJSIP: qualify_timeout is a double, database schema is an integer (Reported by Marcelo Terres) * ASTERISK-25690 - Hanging up when executing connected line sub does not cause hangup (Reported by Joshua Colp) * ASTERISK-25687 - res_musiconhold: Concurrent invocations of 'moh reload' cause a crash (Reported by Sean Bright) * ASTERISK-25632 - res_pjsip_sdp_rtp: RTP is sent from wrong IP address when multihomed (Reported by Olivier Krief) * ASTERISK-25637 - Multi homed server using wrong IP (Reported by Daniel Journo) * ASTERISK-25394 - pbx: Incorrect device and presence state when changing hint details (Reported by Joshua Colp) * ASTERISK-25640 - pbx: Deadlock on features reload and state change hint. (Reported by Krzysztof Trempala) * ASTERISK-25681 - devicestate: Engine thread is not shut down (Reported by Corey Farrell) * ASTERISK-25680 - manager: manager_channelvars is not cleaned at shutdown (Reported by Corey Farrell) * ASTERISK-25679 - res_calendar leaks scheduler. (Reported by Corey Farrell) * ASTERISK-25675 - Endpoint not listed as Unreachable (Reported by Daniel Journo) * ASTERISK-25677 - pbx_dundi: leaks during failed load. (Reported by Corey Farrell) * ASTERISK-25673 - res_crypto leaks CLI entries (Reported by Corey Farrell) * ASTERISK-25668 - res_pjsip: Deadlock in distributor (Reported by Mark Michelson) * ASTERISK-25664 - ast_format_cap_append_by_type leaks a reference (Reported by Corey Farrell) * ASTERISK-25647 - bug of cel_radius.c: wrong point of ADD_VENDOR_CODE (Reported by Aaron An) * ASTERISK-25317 - asterisk sends too many stun requests (Reported by Stefan Engström) * ASTERISK-25137 - endpoint stasis messages are delivered twice (Reported by Vitezslav Novy) * ASTERISK-25116 - res_pjsip: Two PeerStatus AMI messages are sent for every status change (Reported by George Joseph) * ASTERISK-25641 - bridge: GOTO_ON_BLINDXFR doesn't work on transfer initiated channel (Reported by Dmitry Melekhov) * ASTERISK-25614 - DTLS negotiation delays (Reported by Dade Brandon) * ASTERISK-25442 - using realtime (mysql) queue members are never updated in wait_our_turn function (app_queue.c) (Reported by Carlos Oliva) * ASTERISK-25625 - res_sorcery_memory_cache: Add full backend caching (Reported by Joshua Colp) * ASTERISK-25601 - json: Audit reference usage and thread safety (Reported by Joshua Colp) * ASTERISK-25624 - AMI Event OriginateResponse bug (Reported by sungtae kim) Improvements made in this release: ----------------------------------- * ASTERISK-25495 - [patch] Prevent old-update packages on repository Debian systems (Reported by Rodrigo Ramirez Norambuena) * ASTERISK-25846 - Gracefully deal with Absent Stasis Apps (Reported by Andrew Nagy) * ASTERISK-25791 - res_pjsip_caller_id: Lack of support for Anonymous (Reported by Anthony Messina) * ASTERISK-24813 - asterisk.c: #if statement in listener() confuses code folding editors (Reported by Corey Farrell) * ASTERISK-25767 - [patch] Add check to configure for sanitizes (Reported by Badalian Vyacheslav) * ASTERISK-25068 - Move commonly used FreePBX extra sounds to the core set (Reported by Rusty Newton) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.8.0 Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.2 2016/02/07 09:13:34 jnemeth Exp $ d3 1 a3 1 --- Makefile.orig 2016-04-20 10:46:18.000000000 +0000 d5 1 a5 1 @@@@ -135,7 +135,7 @@@@ DEBUG=-g3 d14 1 a14 1 @@@@ -172,6 +172,9 @@@@ DAHDI_UDEV_HOOK_DIR = /usr/share/dahdi/s d24 1 a24 1 @@@@ -211,10 +214,6 @@@@ ifeq ($(AST_DEVMODE),yes) d35 1 a35 1 @@@@ -342,10 +341,10 @@@@ makeopts: configure d47 2 a48 2 $(MOD_SUBDIRS_EMBED_LDSCRIPT): @@@@ -445,7 +444,6 @@@@ dist-clean: distclean a53 1 rm -f makeopts.embed_rules d55 2 a56 1 @@@@ -561,7 +559,7 @@@@ update: d65 1 a65 1 @@@@ -688,7 +686,7 @@@@ upgrade: bininstall d74 1 a74 1 @@@@ -717,24 +715,24 @@@@ define INSTALL_CONFIGS d105 1 a105 1 @@@@ -767,7 +765,7 @@@@ basic-pbx: d114 1 a114 1 @@@@ -817,11 +815,11 @@@@ endif d129 1 a129 1 @@@@ -932,7 +930,7 @@@@ uninstall-all: _uninstall d138 1 a138 1 @@@@ -1021,6 +1019,7 @@@@ check-alembic: makeopts @ 1.2 log @Update Asterisk to 13.7.2: this is mainly bug fixes with some minor features and fixes for AST-2016-001, AST-2016-002, and AST-2016-003. Also some pkglinting. ----- 13.7.2 The Asterisk Development Team has announced the release of Asterisk 13.7.2. The release of Asterisk 13.7.2 resolves an issue reported by the community and would have not been possible without your participation. Thank you! The following is the issue resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-25702 - PjSip realtime DB and Cache Errors since upgrade to asterisk-13.7.0 from asterisk-13.7.0-rc2 (Reported by Nic Colledge) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.2 Thank you for your continued support of Asterisk! ----- 13.7.1 The Asterisk Development Team has announced security releases for Certified Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1. The release of these versions resolves the following security vulnerabilities: * AST-2016-001: BEAST vulnerability in HTTP server The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it. * AST-2016-002: File descriptor exhaustion in chan_sip Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors. * AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data. If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.7.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2016-001.pdf * http://downloads.asterisk.org/pub/security/AST-2016-002.pdf * http://downloads.asterisk.org/pub/security/AST-2016-003.pdf Thank you for your continued support of Asterisk! ----- 13.7.0 The Asterisk Development Team has announced the release of Asterisk 13.7.0. The release of Asterisk 13.7.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: New Features made in this release: ----------------------------------- * ASTERISK-25419 - Dialplan Application for Integration of StatsD (Reported by Ashley Sanders) * ASTERISK-25549 - Confbridge: Add participant timeout option (Reported by Mark Michelson) * ASTERISK-24922 - ARI: Add the ability to intercept hold and raise an event (Reported by Matt Jordan) Bugs fixed in this release: ----------------------------------- * ASTERISK-25689 - pjsip show contacts not working in Asterisk 13.7rc2 (Reported by Marcelo Terres) * ASTERISK-25640 - pbx: Deadlock on features reload and state change hint. (Reported by Krzysztof Trempala) * ASTERISK-25664 - ast_format_cap_append_by_type leaks a reference (Reported by Corey Farrell) * ASTERISK-25601 - json: Audit reference usage and thread safety (Reported by Joshua Colp) * ASTERISK-25625 - res_sorcery_memory_cache: Add full backend caching (Reported by Joshua Colp) * ASTERISK-25615 - res_pjsip: Setting transport async_operations > 1 causes segfault on tls transports (Reported by George Joseph) * ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and thread of asterisk is not released (Reported by Hiroaki Komatsu) * ASTERISK-25619 - res_chan_stats not sending the correct information to StatsD (Reported by Tyler Cambron) * ASTERISK-25569 - app_meetme: Audio quality issues (Reported by Corey Farrell) * ASTERISK-25609 - [patch]Asterisk may crash when calling ast_channel_get_t38_state(c) (Reported by Filip Jenicek) * ASTERISK-24146 - [patch]No audio on WebRtc caller side when answer waiting time is more than ~7sec (Reported by Aleksei Kulakov) * ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec (Reported by Alexander Traud) * ASTERISK-25616 - Warning with a Codec Module which supports PLC with FEC (Reported by Alexander Traud) * ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by Dudás József) * ASTERISK-25608 - res_pjsip/contacts/statsd: Lifecycle events aren't consistent (Reported by George Joseph) * ASTERISK-25584 - [patch] format-attribute module: VP8 missing (Reported by Alexander Traud) * ASTERISK-25583 - [patch] format-attribute module: RFC 7587 (Opus Codec) (Reported by Alexander Traud) * ASTERISK-25498 - Asterisk crashes when negotiating g729 without that module installed (Reported by Ben Langfeld) * ASTERISK-25595 - Unescaped : in messge sent to statsd (Reported by Niklas Larsson) * ASTERISK-25476 - chan_sip loses registrations after a while (Reported by Michael Keuter) * ASTERISK-25598 - res_pjsip: Contact status messages are printing a hash instead of the uri (Reported by George Joseph) * ASTERISK-25600 - bridging: Inconsistency in BRIDGEPEER (Reported by Jonathan Rose) * ASTERISK-25582 - Testsuite: Reactor timeout error in tests/fax/pjsip/directmedia_reinvite_t38 (Reported by Matt Jordan) * ASTERISK-25593 - fastagi: record file closed after sending result (Reported by Kevin Harwell) * ASTERISK-25585 - [patch]rasterisk never hits most of main(), but it's assumed to (Reported by Walter Doekes) * ASTERISK-25590 - CLI Usage info for 'pjsip send notify' references incorrect config (Reported by Corey Farrell) * ASTERISK-25165 - Testsuite - Sorcery memory cache leaks (Reported by Corey Farrell) * ASTERISK-25575 - res_pjsip: Dynamic outbound registrations created via ARI are not loaded into memory on Asterisk start/restart (Reported by Matt Jordan) * ASTERISK-25545 - [patch] translation module gets cached not joint format (Reported by Alexander Traud) * ASTERISK-25573 - [patch] H.264 format attribute module: resets whole SDP (Reported by Alexander Traud) * ASTERISK-24958 - Forwarding loop detection inhibits certain desirable scenarios (Reported by Mark Michelson) * ASTERISK-25561 - app_queue.c line 6503 (try_calling): mutex 'qe->chan' freed more times than we've locked! (Reported by Alec Davis) * ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by Joshua Colp) * ASTERISK-25160 - [patch] Opus Codec: SIP/SDP line fmtp missing when called internally (Reported by Alexander Traud) * ASTERISK-25535 - [patch] format creation on module load instead of cache (Reported by Alexander Traud) * ASTERISK-25449 - main/sched: Regression introduced by 5c713fdf18f causes erroneous duplicate RTCP messages; other potential scheduling issues in chan_sip/chan_skinny (Reported by Matt Jordan) * ASTERISK-25546 - threadpool: Race condition between idle timeout and activation (Reported by Joshua Colp) * ASTERISK-25537 - [patch] format-attribute module: RFC or internal defaults? (Reported by Alexander Traud) * ASTERISK-25533 - [patch] buffer for ast_format_cap_get_names only 64 bytes (Reported by Alexander Traud) * ASTERISK-25373 - add documentation for CALLERID(pres) and also the CONNECTEDLINE and REDIRECTING variants (Reported by Walter Doekes) * ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by Walter Doekes) * ASTERISK-24779 - Passthrough OPUS codec not working with chan_pjsip (Reported by PowerPBX) * ASTERISK-25522 - ARI: Crash when creating channel via ARI originate with requesting channel (Reported by Matt Jordan) * ASTERISK-25434 - Compiler flags not reported in 'core show settings' despite usage during compilation (Reported by Rusty Newton) * ASTERISK-24106 - WebSockets Automatically decides what driver it will use (Reported by Andrew Nagy) * ASTERISK-25513 - Crash: malloc failed with high load of subscriptions. (Reported by John Bigelow) * ASTERISK-25505 - res_pjsip_pubsub: Crash on off-nominal when UAS dialog can't be created (Reported by Joshua Colp) * ASTERISK-24543 - Asterisk 13 responds to SIP Invite with all possible codecs configured for peer as opposed to intersection of configured codecs and offered codecs (Reported by Taylor Hawkes) * ASTERISK-25494 - build: GCC 5.1.x catches some new const, array bounds and missing paren issues (Reported by George Joseph) * ASTERISK-25485 - res_pjsip_outbound_registration: registration stops due to 400 response (Reported by Kevin Harwell) * ASTERISK-25486 - res_pjsip: Fix deadlock when validating URIs (Reported by Joshua Colp) * ASTERISK-7803 - [patch] Update the maximum packetization values in frame.c (Reported by dea) * ASTERISK-25484 - [patch] autoframing=yes has no effect (Reported by Alexander Traud) * ASTERISK-25461 - Nested dialplan #includes don't work as expected. (Reported by Richard Mudgett) * ASTERISK-25455 - Deadlock of PJSIP realtime over res_config_pgsql (Reported by mdu113) * ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing (Reported by Olle Johansson) * ASTERISK-25435 - Asterisk periodically hangs. UDP Recv-Q greatly exceeds zero. (Reported by Dmitriy Serov) * ASTERISK-25451 - Broken video - erased rtp marker bit (Reported by Stefan Engström) * ASTERISK-25400 - Hints broken when "CustomPresence" doesn't exist in AstDB (Reported by Andrew Nagy) * ASTERISK-25443 - [patch]IPv6 - Potential issue in via header parsing (Reported by ffs) * ASTERISK-25404 - segfault/crash in chan_pjsip_hangup ... at chan_pjsip.c (Reported by Chet Stevens) * ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON (Reported by Bojan Nemčić) * ASTERISK-25441 - Deadlock in res_sorcery_memory_cache. (Reported by Richard Mudgett) * ASTERISK-25438 - res_rtp_asterisk: ICE role message even when ICE is not enabled (Reported by Joshua Colp) Improvements made in this release: ----------------------------------- * ASTERISK-25618 - res_pjsip: Check for readability of TLS files at startup (Reported by George Joseph) * ASTERISK-25572 - Endpoints: Add StatsD stats for Asterisk endpoints (Reported by Matt Jordan) * ASTERISK-25571 - PJSIP: Add StatsD stats for some common PJSIP objects (Reported by Matt Jordan) * ASTERISK-25518 - taskprocessor: Add high water mark (Reported by Jonathan Rose) * ASTERISK-25477 - pjsip show "command" like [criteria] (Reported by Bryant Zimmerman) * ASTERISK-24718 - [patch]Add inital support of "sanitize" to configure (Reported by Badalian Vyacheslav) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0 Thank you for your continued support of Asterisk! @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.1.1.1 2015/12/05 23:29:09 jnemeth Exp $ d3 1 a3 1 --- Makefile.orig 2016-02-05 20:32:40.000000000 +0000 d5 1 a5 1 @@@@ -132,7 +132,7 @@@@ DEBUG=-g3 d14 1 a14 1 @@@@ -169,6 +169,9 @@@@ DAHDI_UDEV_HOOK_DIR = /usr/share/dahdi/s d24 1 a24 1 @@@@ -208,10 +211,6 @@@@ ifeq ($(AST_DEVMODE),yes) d35 1 a35 1 @@@@ -339,10 +338,10 @@@@ makeopts: configure d48 1 a48 1 @@@@ -440,7 +439,6 @@@@ dist-clean: distclean d56 1 a56 1 @@@@ -556,7 +554,7 @@@@ update: d65 1 a65 1 @@@@ -682,7 +680,7 @@@@ upgrade: bininstall d74 1 a74 1 @@@@ -711,24 +709,24 @@@@ define INSTALL_CONFIGS d105 1 a105 1 @@@@ -761,7 +759,7 @@@@ basic-pbx: d114 1 a114 1 @@@@ -811,11 +809,11 @@@@ endif d129 1 a129 1 @@@@ -926,7 +924,7 @@@@ uninstall-all: _uninstall d138 2 a139 2 @@@@ -1011,6 +1009,7 @@@@ else endif @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD: patch-Makefile,v 1.3 2015/08/09 04:07:13 jnemeth Exp $ d3 1 a3 1 --- Makefile.orig 2015-10-09 21:48:48.000000000 +0000 d65 22 a86 1 @@@@ -673,21 +671,21 @@@@ upgrade: bininstall d105 1 a105 21 @@echo Installing other config files... @@for x in configs/samples/*.sample; do \ - dst="$(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x .sample`" ; \ + dst="$(DESTDIR)$(ASTEXAMPLEDIR)/`$(BASENAME) $$x .sample`" ; \ if [ -f "$${dst}" ]; then \ if [ "$(OVERWRITE)" = "y" ]; then \ if cmp -s "$${dst}" "$$x" ; then \ @@@@ -716,9 +714,9 @@@@ samples: adsi -e 's|^astrundir.*$$|astrundir => $(ASTVARRUNDIR)|' \ -e 's|^astlogdir.*$$|astlogdir => $(ASTLOGDIR)|' \ -e 's|^astsbindir.*$$|astsbindir => $(ASTSBINDIR)|' \ - "$(DESTDIR)$(ASTCONFPATH)" > "$(DESTDIR)$(ASTCONFPATH).tmp" ; \ - $(INSTALL) -m 644 "$(DESTDIR)$(ASTCONFPATH).tmp" "$(DESTDIR)$(ASTCONFPATH)" ; \ - rm -f "$(DESTDIR)$(ASTCONFPATH).tmp" ; \ + "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf" > "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" ; \ + $(INSTALL) -m 644 "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf" ; \ + rm -f "$(DESTDIR)$(ASTEXAMPLEDIR)/asterisk.conf.tmp" ; \ fi ; \ $(INSTALL) -d "$(DESTDIR)$(ASTSPOOLDIR)/voicemail/default/1234/INBOX" build_tools/make_sample_voicemail "$(DESTDIR)/$(ASTDATADIR)" "$(DESTDIR)/$(ASTSPOOLDIR)" @@@@ -744,7 +742,7 @@@@ samples: adsi d114 16 a129 1 @@@@ -909,7 +907,7 @@@@ uninstall-all: _uninstall d138 1 a138 1 @@@@ -994,6 +992,7 @@@@ else @ 1.1.1.1 log @`cat ../comment` @ text @@