head 1.12; access; symbols pkgsrc-2026Q1:1.11.0.2 pkgsrc-2026Q1-base:1.11 pkgsrc-2025Q4:1.10.0.2 pkgsrc-2025Q4-base:1.10 pkgsrc-2025Q3:1.8.0.2 pkgsrc-2025Q3-base:1.8 pkgsrc-2025Q2:1.6.0.2 pkgsrc-2025Q2-base:1.6 pkgsrc-2025Q1:1.4.0.2 pkgsrc-2025Q1-base:1.4 pkgsrc-2024Q4:1.3.0.2 pkgsrc-2024Q4-base:1.3 pkgsrc-2024Q3:1.2.0.4 pkgsrc-2024Q3-base:1.2 pkgsrc-2024Q2:1.2.0.2 pkgsrc-2024Q2-base:1.2; locks; strict; comment @# @; 1.12 date 2026.03.30.02.38.39; author jnemeth; state Exp; branches; next 1.11; commitid O4njBEtQZaVEzWzG; 1.11 date 2026.02.16.02.49.34; author jnemeth; state Exp; branches; next 1.10; commitid zfj9t95a91cXYxuG; 1.10 date 2025.12.01.03.42.23; author jnemeth; state Exp; branches; next 1.9; commitid hQQGJc3uNI8YJEkG; 1.9 date 2025.10.27.04.07.20; author jnemeth; state Exp; branches; next 1.8; commitid 9J0M6UjOuSf70agG; 1.8 date 2025.08.04.20.43.24; author jnemeth; state Exp; branches; next 1.7; commitid uJU3BHvG7mjoes5G; 1.7 date 2025.07.21.06.30.02; author jnemeth; state Exp; branches; next 1.6; commitid BewCzcRgcbGsUz3G; 1.6 date 2025.06.02.04.37.03; author jnemeth; state Exp; branches; next 1.5; commitid maEszoROrEUNTgXF; 1.5 date 2025.05.19.06.57.34; author jnemeth; state Exp; branches; next 1.4; commitid ZpeVv2UYZwTG8uVF; 1.4 date 2025.01.17.22.39.53; author gavan; state Exp; branches; next 1.3; commitid uVfHdGXfiKLWgTFF; 1.3 date 2024.10.21.05.09.55; author jnemeth; state Exp; branches; next 1.2; commitid 8qsfUxuXBt6oiuuF; 1.2 date 2024.05.20.03.02.02; author jnemeth; state Exp; branches; next 1.1; commitid dm61DtmkKKrRvGaF; 1.1 date 2024.04.08.03.20.06; author jnemeth; state Exp; branches; next ; commitid o1bJzPWaTgOnZh5F; desc @@ 1.12 log @Update to Asterisk 21.12.2: Security update for PJSIP vulnerabilities. ## Change Log for Release asterisk-21.12.2 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.12.2.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.12.1...21.12.2) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 1 - Security Advisories Resolved: 0 ## Issue and Commit Detail: ### Closed Issues: - 1833: [bug]: Address security vulnerabilities in pjproject ### Commit List: - res_pjsip: Address pjproject security vulnerabilities ### Commit Details: #### res_pjsip: Address pjproject security vulnerabilities Author: Mike Bradeen Date: 2026-03-25 Address the following pjproject security vulnerabilities [GHSA-j29p-pvh2-pvqp - Buffer overflow in ICE with long username](https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp) [GHSA-8fj4-fv9f-hjpc - Heap use-after-free in PJSIP presense subscription termination header](https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc) [GHSA-g88q-c2hm-q7p7 - ICE session use-after-free race conditions](https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7) [GHSA-x5pq-qrp4-fmrj - Out-of-bounds read in SIP multipart parsing](https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj) Resolves: #1833 @ text @$NetBSD: distinfo,v 1.11 2026/02/16 02:49:34 jnemeth Exp $ BLAKE2s (asterisk-21.12.2/asterisk-21.12.2.tar.gz) = ee55a88bf1c85c068dbfc4346ef2cda11cb6ecf61916e046a78cee411f4fe90f SHA512 (asterisk-21.12.2/asterisk-21.12.2.tar.gz) = 821a78ea484fc43d2745a4e261663fcfd776d699df99bc5c995507aacab8c0f852952b217b877d9897f4308e9528d08a4009acb9717eec538ee693e9e9d8eac4 Size (asterisk-21.12.2/asterisk-21.12.2.tar.gz) = 26608590 bytes BLAKE2s (asterisk-21.12.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.12.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.12.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.12.2/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.12.2/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.12.2/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.12.2/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.12.2/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.12.2/pjproject-2.15.1.tar.bz2) = 8492214 bytes SHA1 (patch-Makefile) = 5cf3b6937ec23a82e4d056b91e493a36bc1089b9 SHA1 (patch-addons_chan__ooh323.c) = 1775da7ca2129a962ed460bd1e78ba3ce6afa62c SHA1 (patch-apps_app__adsiprog.c) = 031139e5cd1ef6bb2afb0a74fee3d752eded0a2c SHA1 (patch-apps_app__chanspy.c) = 29a807909645c1ad0c8f81b6513a284b978e7c47 SHA1 (patch-apps_app__directory.c) = 889a78123033709d28b0b805f2a379242ccd7dcc SHA1 (patch-apps_app__dumpchan.c) = 127ac02bdc180ad2334cd095aa6e646feb6fba10 SHA1 (patch-apps_app__followme.c) = c6a5790b5e9b34d07dbfdd66a58e2854c8c72695 SHA1 (patch-apps_app__minivm.c) = 22ee6ebfbe205baf0acf46ab16c94fea1750f2fb SHA1 (patch-apps_app__queue.c) = fdf7cf202b60e24cd9227f7e461bbd541565d602 SHA1 (patch-apps_app__sms.c) = ad65b3cb2a30489551101f7534c691cd1155d18f SHA1 (patch-apps_app__voicemail.c) = 5276457466fde27494bf43fd6d306397bc4ff97f SHA1 (patch-build__tools_make__xml__documentation) = 2c617cfdc96b1ddf51736205b83e1b737c110ad9 SHA1 (patch-build__tools_mkpkgconfig) = 7fab8fcf46d9f8a3b98455674fec6307ec472b23 SHA1 (patch-cdr_cdr__pgsql.c) = 82b002a1f5ed3b7361a98e2bffb5cea8833949b8 SHA1 (patch-cel_cel__pgsql.c) = b280efab2b035ce60be268bac9bc8824910b2b8f SHA1 (patch-channels_chan__pjsip.c) = efd4cbb82133fc5ddf7de70d01c99e185c585211 SHA1 (patch-channels_pjsip_cli__commands.c) = 01baa9d242e3af02a1f3540cfb3064ad68c71d67 SHA1 (patch-channels_pjsip_dialplan__functions.c) = 2cf8199c4ec9d4894eb922c2703d49ecc06188ef SHA1 (patch-configure) = a73d5466342c79be9dac3a46796684cebed5ea10 SHA1 (patch-configure.ac) = 511a3ecbbb404263d4d6c4773b0a0ad44c9adf6e SHA1 (patch-contrib_scripts_vmail.cgi) = 7935ce96ea319eb19cc2ce999813eb837d5357c0 SHA1 (patch-funcs_func__cdr.c) = 79c743df264948e5ea9e1c292012a1f6362d0c1e SHA1 (patch-funcs_func__channel.c) = 9d6ed8a2431fbde6879782d8228030467aabe7eb SHA1 (patch-funcs_func__env.c) = 9305d4dde2509f689e676295d3eb06bf5a74b3cb SHA1 (patch-funcs_func__pjsip__aor.c) = 9874f8d66a8afd26ae1669aa727cb5fa2a788334 SHA1 (patch-funcs_func__pjsip__contact.c) = 9b1fa54ee31a549be40d487c650cc79d625c8092 SHA1 (patch-funcs_func__pjsip__endpoint.c) = 263a4bdb6365bcc9f6392d25a5aef5c607e59d04 SHA1 (patch-funcs_func__strings.c) = 08d313add57c5be822a19311fc70a7555bd63877 SHA1 (patch-include_asterisk_autoconfig.h.in) = 1ea5be5e11841700e41aa101e142b21c89916636 SHA1 (patch-include_asterisk_lock.h) = 85418bcd20f3ed7eb0310f46f3b2d334980bdcef SHA1 (patch-include_asterisk_strings.h) = 9ace78a13131bcb411eda79a98264b5cfcc7789c SHA1 (patch-main_Makefile) = e3b5d261fd15ffd23d81060ff3aafba6b0300e7c SHA1 (patch-main_acl.c) = 06a9d247b19d648e9ff54ac2a234dc8ac8c023bb SHA1 (patch-main_app.c) = 1c12bb207dcb0060017d63ba4f11fcf63d60a45e SHA1 (patch-main_ast__expr2.c) = bad644eb956645e889344810ec315afd430853be SHA1 (patch-main_ast__expr2.y) = 56ac74b5a3ae47bd5bec798e549ec43bd085e0e8 SHA1 (patch-main_asterisk.c) = 1262d792f330fe8a1bb1d1f7ba51bc502d65be42 SHA1 (patch-main_astmm.c) = 26a98d6fbb567ae619041ebd01a31349a847deab SHA1 (patch-main_bridge__basic.c) = b48627e563e20544017fdfcfb4559e868badf41d SHA1 (patch-main_bridge__channel.c) = 72dafc04521fa02e8456c09d5c9be4789d8ac918 SHA1 (patch-main_callerid.c) = 0ea1b3df8aaf3969fcd9e06055c8e6184d50d3d3 SHA1 (patch-main_cdr.c) = 540fbdb354aba100fa37392b879b92a85d1d8620 SHA1 (patch-main_cel.c) = 22fa21db8e0afa0958d34014f52e2c4fe9c73ba2 SHA1 (patch-main_cli.c) = ee72bcaac7dce397354cbc09af4ed7441dbb4650 SHA1 (patch-main_conversions.c) = a516ef4f706fabbd250f66a3159825a2a6085344 SHA1 (patch-main_dns__naptr.c) = 4fa3fe5d2acf7bcd84ca2044280c644e4bd15d7f SHA1 (patch-main_enum.c) = c5f620297cf98f95ce74aa0d98eddc697946a77b SHA1 (patch-main_features.c) = 6e50ea4c6ee26f56edca22611aeed44787459968 SHA1 (patch-main_http.c) = b36f1f3f0da25456a17888d34ea2bf7b61c1acf4 SHA1 (patch-main_indications.c) = 511b4c270e4a4a71517109f959121777caf2aa36 SHA1 (patch-main_logger.c) = 321a52b3015af85ea13055953cec5a5d9da05ec8 SHA1 (patch-main_manager.c) = 2f88c51f4ca62985a1824efd60a39542925adf95 SHA1 (patch-main_pbx.c) = 8e7ced268edb29238f96418e8b21456364c4ae1f SHA1 (patch-main_pbx__builtins.c) = 3e5ede8a62821fda498f2bea94af386aca01798c SHA1 (patch-main_pbx__timing.c) = a4657330086c5b0e8fd271d5676fb897badea452 SHA1 (patch-main_sched.c) = 4219ac1561e8c4fbc5b1facdf38b3e8b764d5def SHA1 (patch-main_stdtime_localtime.c) = 1e3c62d70eab62c46ac29e03e842229cf7587d2b SHA1 (patch-main_taskprocessor.c) = f90805bd78fd4096beb9ee1cf9c794c50b87481a SHA1 (patch-main_tdd.c) = 9f525971938dd4f222622cb3e78a35822bd08389 SHA1 (patch-main_test.c) = f38b370cdb5788304e02c71ef05d2130ead9de98 SHA1 (patch-main_utils.c) = ab6fb7619111f4906ff3797e6d918dd0c8f9f7e2 SHA1 (patch-menuselect_menuselect.c) = 8bae3a2c6b8c6e7927b35bd83147a55e380efd7f SHA1 (patch-pbx_pbx__config.c) = cc5e6d2b383f86abfb354c9bf14fc93374fba0a3 SHA1 (patch-pbx_pbx__dundi.c) = 1bc28ff2412da569f139f245c5223845a2f6cebe SHA1 (patch-res_ael_pval.c) = 8a238c78403d3098bf8be8ae266162bc05e586f3 SHA1 (patch-res_res__calendar.c) = 45211a3baf8fbd8b201ba0167f8c56fb35728c4a SHA1 (patch-res_res__format__attr__celt.c) = 81d5300b9a2b33e733e30760e2c9858c87b3e554 SHA1 (patch-res_res__format__attr__h263.c) = 4438d544ee028404e407d5ee3229c8f3536135f5 SHA1 (patch-res_res__format__attr__ilbc.c) = f7ff1692eae46b7950665f58317f6e39607dcc01 SHA1 (patch-res_res__format__attr__opus.c) = ba1012f111a7a996f85bbc09fec81569d2179888 SHA1 (patch-res_res__format__attr__silk.c) = d94370f9b09c917f4d68ebfbcc995c1bef1ed675 SHA1 (patch-res_res__format__attr__siren14.c) = 41e997886ca9f554e46f3af36e07e3aea984dd47 SHA1 (patch-res_res__format__attr__siren7.c) = e20e288781d0530049d127731edb8d309049077d SHA1 (patch-res_res__format__attr__vp8.c) = 6257e281c0a29dfd3ef2613bfa5be172d399d2e0 SHA1 (patch-res_res__hep__pjsip.c) = b0c8fed52451ec31a2c77d4abd28640631bb708c SHA1 (patch-res_res__limit.c) = e80f370fe5b84dcdc2f38e2137d5ed6f75ba35a4 SHA1 (patch-res_res__musiconhold.c) = 401999cefa3805f63df33424c635ad18a7d00748 SHA1 (patch-res_res__pjproject.c) = 0326bf12d9f798c8eae2eff4fad8b86d4bbc0589 SHA1 (patch-res_res__pjsip__diversion.c) = b7996a43b4af395392161f75319ab499ceda7f09 SHA1 (patch-res_res__pjsip_pjsip__configuration.c) = 7a9f2c293ad5c8d05df5cc9b304473859ee09d6f SHA1 (patch-res_res__xmpp.c) = f8619721cf0f9d8bed08eb35f529bfaa0c1ac19c SHA1 (patch-sounds_Makefile) = acc15088ae2545f2822246466bfe783b5215fc54 SHA1 (patch-tests_test__locale.c) = f3f1edc86356f2a7b4d3493433c772e164c77f66 SHA1 (patch-tests_test__voicemail__api.c) = c600f726136581e47cf34da2c0bb485b8a5912eb SHA1 (patch-third-party_pjproject_patches_0100-netbsd.patch) = fa82ca5f7340d97f9d6729734b4e698dfd26ed61 SHA1 (patch-third-party_pjproject_patches_0110-netbsd.patch) = 52e84093814dba144f89a2f9f953465f877f1506 SHA1 (patch-third-party_pjproject_patches_0120-netbsd.patch) = 1f6e9d9a1fb12dcf8efeff945a78cb3583f74598 SHA1 (patch-third-party_pjproject_patches_0130-netbsd.patch) = a1ec694ba0e2ebe1e434dc77b45ad441e730998a SHA1 (patch-third-party_pjproject_patches_0140-netbsd.patch) = 0c18adc61339c74dfc3702b5f4428a99cb370252 SHA1 (patch-third-party_pjproject_patches_0150-netbsd.patch) = 97c6a868df8359aa27ef009863c845731a5c03a2 SHA1 (patch-third-party_pjproject_patches_0160-netbsd.patch) = d3b2aa29f368ae53951615030fb5648a12fb3426 SHA1 (patch-utils_Makefile) = 30e22c5d5d740c5531d657f91f7b51fa477d8a74 SHA1 (patch-utils_db1-ast_include_db.h) = 03b43353b7967f999ace3eb160828c530e2e8fae SHA1 (patch-utils_extconf.c) = f35d079c4801fe20132ff52d63d951d9e1658902 SHA1 (patch-utils_smsq.c) = 5c4cd729f1c9cb68291c514a2e54418e9b5a47cb @ 1.11 log @update to Asterisk 21.12.1: this is a security fix ## Change Log for Release asterisk-21.12.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.12.1.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.12.0...21.12.1) ### Summary: - Commits: 4 - Commit Authors: 2 - Issues Resolved: 0 - Security Advisories Resolved: 4 - [GHSA-85x7-54wr-vh42](https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42): Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection - [GHSA-rvch-3jmx-3jf3](https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3): ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation - [GHSA-v6hp-wh3r-cwxh](https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh): The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization - [GHSA-xpc6-x892-v83c](https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c): ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation ### User Notes: - #### ast_coredumper: check ast_debug_tools.conf permissions ast_debug_tools.conf must be owned by root and not be writable by other users or groups to be used by ast_coredumper or by ast_logescalator or ast_loggrabber when run as root. ### Upgrade Notes: - #### http.c: Change httpstatus to default disabled and sanitize output. To prevent possible security issues, the `/httpstatus` page served by the internal web server is now disabled by default. To explicitly enable it, set `enable_status=yes` in http.conf. ## Issue and Commit Detail: ### Closed Issues: - !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection - !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation - !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization - !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation ### Commits By Author: - #### George Joseph (2): - #### Mike Bradeen (2): ### Commit List: - xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile. - ast_coredumper: check ast_debug_tools.conf permissions - http.c: Change httpstatus to default disabled and sanitize output. - ast_coredumper: create gdbinit file with restrictive permissions @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2025/12/01 03:42:23 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = 9dfc85c6f103e8dc7ce4ab535d35cc1bb1707f922393fadec110fd8d3c86285e SHA512 (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = aad2072aa3ea0a1cc31f74204bf2f9a907c2c103b328cba5fb69311f213ca3ddb0862398c8a970a8702a0075b3be38c587e4f944c56aa385eb38397d57b991af Size (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = 26606158 bytes BLAKE2s (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.12.1/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.12.1/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.12.1/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.10 log @Update to Asterisk 21.12.0. ## Change Log for Release asterisk-21.12.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.12.0.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.11.0...21.12.0) ### Summary: - Commits: 20 - Commit Authors: 10 - Issues Resolved: 13 - Security Advisories Resolved: 0 ### User Notes: - #### func_hangupcause.c: Add access to Reason headers via HANGUPCAUSE() Added a new option to HANGUPCAUSE to access additional information about hangup reason. Reason headers from pjsip could be read using 'tech_extended' cause type. - #### chan_dahdi: Add DAHDI_CHANNEL function. The DAHDI_CHANNEL function allows for getting/setting certain properties about DAHDI channels from the dialplan. ### Upgrade Notes: - #### res_audiosocket: add message types for all slin sample rates New audiosocket message types 0x11 - 0x18 has been added for slin12, slin16, slin24, slin32, slin44, slin48, slin96, and slin192 audio. External applications using audiosocket may need to be updated to support these message types if the audiosocket channel is created with one of these audio formats. ## Issue and Commit Detail: ### Closed Issues: - 1340: [bug]: comfort noise packet corrupted - 1419: [bug]: static code analysis issues in app_adsiprog.c - 1422: [bug]: static code analysis issues in apps/app_externalivr.c - 1425: [bug]: static code analysis issues in apps/app_queue.c - 1434: [improvement]: pbx_variables: Create real channel for dialplan eval CLI command - 1436: [improvement]: res_cliexec: Avoid unnecessary cast to char* - 1455: [new-feature]: chan_dahdi: Add DAHDI_CHANNEL function - 1467: [bug]: Crash in res_pjsip_refer during REFER progress teardown with PJSIP_TRANSFER_HANDLING(ari-only) - 1491: [bug]: Segfault: `channelstorage_cpp` fast lookup without lock (`get_by_name_exact`/`get_by_uniqueid`) leads to UAF during hangup - 1525: [bug]: chan_websocket: fix use of raw payload variable for string comparison in process_text_message - 1539: [bug]: safe_asterisk without TTY doesn't log to file - 1554: [bug]: safe_asterisk recurses into subdirectories of startup.d after f97361 - 1578: [bug]: Deadlock with externalMedia custom channel id and cpp map channel backend @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2025/10/27 04:07:20 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = be63cc0ea7b06430c84ddacab68a9e9feae2d976ca898b6e8074385e1a73de14 SHA512 (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = 0d8addd4b16de1b0644b89105c33807127c87e50217403bd26701ff021f47cf2b746cdb047cbb8f0ec961fb5641e9fd93340cb1422a314d0a1215f5e4c169be4 Size (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = 26600343 bytes BLAKE2s (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.12.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.12.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.12.0/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.9 log @Upgrade to Asterisk 21.11.0. ## Change Log for Release asterisk-21.11.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.11.0.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.2...21.11.0) ### Summary: - Commits: 54 - Commit Authors: 22 - Issues Resolved: 40 - Security Advisories Resolved: 0 ### User Notes: - #### app_queue.c: Add new global 'log_unpause_on_reason_change' Add new global option 'log_unpause_on_reason_change' that is default disabled. When enabled cause addition of UNPAUSE event on every re-PAUSE with reason changed. - #### pbx_builtins: Allow custom tone for WaitExten. The tone used while waiting for digits in WaitExten can now be overridden by specifying an argument for the 'd' option. - #### res_tonedetect: Add option for TONE_DETECT detection to auto stop. The 'e' option for TONE_DETECT now allows detection to be disabled automatically once the desired number of matches have been fulfilled, which can help prevent race conditions in the dialplan, since TONE_DETECT does not need to be disabled after a hit. - #### sorcery: Prevent duplicate objects and ensure missing objects are created on u.. Users relying on Sorcery multiple writable backends configurations (e.g., astdb + realtime) may now enable update_or_create_on_update_miss = yes in sorcery.conf to ensure missing objects are recreated after temporary backend failures. Default behavior remains unchanged unless explicitly enabled. - #### chan_websocket: Allow additional URI parameters to be added to the outgoing URI. A new WebSocket channel driver option `v` has been added to the Dial application that allows you to specify additional URI parameters on outgoing connections. Run `core show application Dial` from the Asterisk CLI to see how to use it. - #### app_chanspy: Add option to not automatically answer channel. ChanSpy and ExtenSpy can now be configured to not automatically answer the channel by using the 'N' option. - #### cel: Add STREAM_BEGIN, STREAM_END and DTMF event types. Enabling the tracking of the STREAM_BEGIN and the STREAM_END event types in cel.conf will log media files and music on hold played to each channel. The STREAM_BEGIN event's extra field will contain a JSON with the file details (path, format and language), or the class name, in case of music on hold is played. The DTMF event's extra field will contain a JSON with the digit and the duration in milliseconds. - #### res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM Options are now available in the menuselect "Resource Modules" category that allow you to enable the AES_192, AES_256 and AES_GCM cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support them but modern versions do. Previously, the only way to enable them was to set the CFLAGS environment variable when running ./configure. The default setting is to disable them preserving existing behavior. - #### cdr: add CANCEL dispostion in CDR A new CDR option "canceldispositionenabled" has been added that when set to true, the NO ANSWER disposition will be split into two dispositions: CANCEL and NO ANSWER. The default value is 'no' - #### func_curl: Allow auth methods to be set. The httpauth field in CURLOPT now allows the authentication methods to be set. - #### Media over Websocket Channel Driver A new channel driver "chan_websocket" is now available. It can exchange media over both inbound and outbound websockets and will both frame and re-time the media it receives. See http://s.asterisk.net/mow for more information. The ARI channels/externalMedia API now includes support for the ### Upgrade Notes: ### Developer Notes: - #### ARI: Add command to indicate progress to a channel A new ARI endpoint is available at `/channels/{channelId}/progress` to indicate progress to a channel. - #### options: Change ast_options from ast_flags to ast_flags64. The 32-bit ast_options has no room left to accomodate new options and so has been converted to an ast_flags64 structure. All internal references to ast_options have been updated to use the 64-bit flag manipulation macros. External module references to the 32-bit ast_options should continue to work on little-endian systems because the least-significant bytes of a 64 bit integer will be in the same location as a 32-bit integer. Because that's not the case on big-endian systems, we've swapped the bytes in the flags manupulation macros on big-endian systems so external modules should still work however you are encouraged to test. ## Issue and Commit Detail: ### Closed Issues: - 401: [bug]: app_dial: Answer Gosub option passthrough regression - 927: [bug]: no audio when media source changed during the call - 1176: [bug]: ast_slinear_saturated_multiply_float produces potentially audible distortion artifacts - 1259: [bug]: New TenantID feature doesn't seem to set CDR for incoming calls - 1260: [bug]: Asterisk sends RTP audio stream before ICE/DTLS completes - 1269: [bug]: MixMonitor with D option produces corrupt file - 1273: [bug]: When executed with GotoIf, the action Redirect does not take effect and causes confusion in dialplan execution. - 1280: [improvement]: logging playback of audio per channel - 1289: [bug]: sorcery - duplicate objects from multiple backends and backend divergence on update - 1301: [bug]: sig_analog: fgccamamf doesn't handle STP, STP2, or STP3 - 1304: [bug]: FLUSH_MEDIA does not reset frame_queue_length in WebSocket channel - 1305: [bug]: Realtime incorrectly falls back to next backend on record-not-found (SQL_NO_DATA), causing incorrect behavior and delay - 1307: [improvement]: ast_tls_cert: Allow certificate validity to be configurable - 1309: [bug]: Crash with C++ alternative storage backend enabled - 1315: [bug]: When executed with dialplan, the action Redirect does not take effect. - 1317: [bug]: AGI command buffer overflow with long variables - 1321: [improvement]: app_agent_pool: Remove obsolete documentation - 1323: [new-feature]: add CANCEL dispostion in CDR - 1327: [bug]: res_stasis_device_state: can't delete ARI Devicestate after asterisk restart - 1332: [new-feature]: func_curl: Allow auth methods to be set - 1349: [bug]: Race condition on redirect can cause missing Diversion header - 1352: [improvement]: Websocket channel with custom URI - 1353: [bug]: AST_DATA_DIR/sounds/custom directory not searched - 1358: [new-feature]: app_chanspy: Add option to not automatically answer channel - 1364: [bug]: bridge.c: BRIDGE_NOANSWER not always obeyed - 1366: [improvement]: func_frame_drop: Handle allocation failure properly - 1369: [bug]: test_res_prometheus: Compilation failure in devmode due to curlopts not using long type - 1371: [improvement]: func_frame_drop: Add debug messages for frames that can be dropped - 1375: [improvement]: dsp.c: Improve logging in tone_detect(). - 1378: [bug]: chan_dahdi: dialmode feature is not properly reset between calls - 1380: [bug]: sig_analog: Segfault due to calling strcmp on NULL - 1384: [bug]: chan_websocket: asterisk crashes on hangup after STOP_MEDIA_BUFFERING command with id - 1386: [bug]: enabling announceposition_only_up prevents any queue position announcements - 1390: [improvement]: res_tonedetect: Add option to automatically end detection in TONE_DETECT - 1394: [improvement]: sig_analog: Skip Caller ID spill if Caller ID is disabled - 1396: [new-feature]: pbx_builtins: Make tone option for WaitExten configurable - 1401: [bug]: app_waitfornoise timeout is always less then configured because of time() usage - 1457: [bug]: segmentation fault because of a wrong ari config - 1462: [bug]: chan_websocket isn't handling the "opus" codec correctly. - 1474: [bug]: Media doesn't flow for video conference after res_rtp_asterisk change to stop media flow before DTLS completes ### Commit List: - res_rtp_asterisk.c: Use rtp->dtls in __rtp_sendto when rtcp mux is used. - chan_websocket: Fix codec validation and add passthrough option. - res_ari: Ensure outbound websocket config has a websocket_client_id. - chan_websocket.c: Add DTMF messages - app_queue.c: Add new global 'log_unpause_on_reason_change' - app_waitforsilence.c: Use milliseconds to calculate timeout time - Fix missing ast_test_flag64 in extconf.c - pbx_builtins: Allow custom tone for WaitExten. - res_tonedetect: Add option for TONE_DETECT detection to auto stop. - app_queue: fix comparison for announce-position-only-up - sig_analog: Skip Caller ID spill if usecallerid=no. - chan_dahdi: Fix erroneously persistent dialmode. - chan_websocket: Fix buffer overrun when processing TEXT websocket frames. - sig_analog: Fix SEGV due to calling strcmp on NULL. - ARI: Add command to indicate progress to a channel - dsp.c: Improve debug logging in tone_detect(). - res_stasis_device_state: Fix delete ARI Devicestates after asterisk restart. - app_chanspy: Add option to not automatically answer channel. - xmldoc.c: Fix rendering of CLI output. - func_frame_drop: Add debug messages for dropped frames. - test_res_prometheus: Fix compilation failure on Debian 13. - func_frame_drop: Handle allocation failure properly. - pbx_lua.c: segfault when pass null data to term_color function - bridge.c: Obey BRIDGE_NOANSWER variable to skip answering channel. - res_rtp_asterisk: Don't send RTP before DTLS has negotiated. - app_dial.c: Moved channel lock to prevent deadlock - file.c: with "sounds_search_custom_dir = yes", search "custom" directory - cel: Add STREAM_BEGIN, STREAM_END and DTMF event types. - channelstorage_cpp_map_name_id.cc: Refactor iterators for thread-safety. - res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM - cdr: add CANCEL dispostion in CDR - func_curl: Allow auth methods to be set. - options: Change ast_options from ast_flags to ast_flags64. - res_config_odbc: Prevent Realtime fallback on record-not-found (SQL_NO_DATA) - app_agent_pool: Remove documentation for removed option. - res_agi: Increase AGI command buffer size from 2K to 8K - ast_tls_cert: Make certificate validity configurable. - cdr.c: Set tenantid from party_a->base instead of chan->base. - app_mixmonitor: Update the documentation concerning the "D" option. - sig_analog: Properly handle STP, ST2P, and ST3P for fgccamamf. - chan_websocket: Reset frame_queue_length to 0 after FLUSH_MEDIA - chan_pjsip.c: Change SSRC after media source change - Media over Websocket Channel Driver - bundled_pjproject: Avoid deadlock between transport and transaction - utils.h: Add rounding to float conversion to int. - res_musiconhold.c: Ensure we're always locked around music state access. - res_musiconhold.c: Annotate when the channel is locked. - res_musiconhold: Appropriately lock channel during start. ## Change Log for Release asterisk-21.10.2 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.2.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.1...21.10.2) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash ### Commit Authors: - George Joseph: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an incoming SIP request can cause Asterisk to crash ### Commit List: - res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. ### Commit Details: #### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL. Author: George Joseph Date: 2025-08-28 In the highly-unlikely event that get_authorization_hdr() couldn't find an Authorization header in a request, trying to get the digest algorithm would cauase a SEGV. We now check that we have an auth header that matches the realm before trying to get the algorithm from it. Resolves: #GHSA-64qc-9x89-rx5j @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2025/08/04 20:43:24 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.11.0/asterisk-21.11.0.tar.gz) = a8d5f43ee01e3ca5f6e6a338e285645e8f4c50e4b5da994f9d8eb67a090d5618 SHA512 (asterisk-21.11.0/asterisk-21.11.0.tar.gz) = a3da502b1c2dd1dafa20d7d277586b7fc545a842e62a78732ae67d7fcfd3cd90853ff0f4adfea77d0bbd873f9d189f4cb0ad11ef5f6c542b0167da87c2cf575f Size (asterisk-21.11.0/asterisk-21.11.0.tar.gz) = 26594761 bytes BLAKE2s (asterisk-21.11.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.11.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.11.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.11.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.11.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.11.0/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.11.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.11.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.11.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.8 log @Update to Asterisk 21.10.1. This is a security update. ## Change Log for Release asterisk-21.10.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.1.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.0...21.10.1) ### Summary: - Commits: 2 - Commit Authors: 2 - Issues Resolved: 0 - Security Advisories Resolved: 2 - [GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c - [GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. ### User Notes: ### Upgrade Notes: - #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. The safe_asterisk script now checks that, if it was run by the root user, the /etc/asterisk/startup.d directory and all the files it contains are owned by root. If the checks fail, safe_asterisk will exit with an error and Asterisk will not be started. Additionally, the default logging destination is now stderr instead of tty "9" which probably won't exist in modern systems. ### Developer Notes: ### Commit Authors: - George Joseph: (1) - ThatTotallyRealMyth: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. ### Commits By Author: - #### George Joseph (1): - res_stir_shaken: Test for missing semicolon in Identity header. - #### ThatTotallyRealMyth (1): - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. ### Commit List: - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. - res_stir_shaken: Test for missing semicolon in Identity header. ### Commit Details: #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. Author: ThatTotallyRealMyth Date: 2025-06-10 UpgradeNote: The safe_asterisk script now checks that, if it was run by the root user, the /etc/asterisk/startup.d directory and all the files it contains are owned by root. If the checks fail, safe_asterisk will exit with an error and Asterisk will not be started. Additionally, the default logging destination is now stderr instead of tty "9" which probably won't exist in modern systems. Resolves: #GHSA-v9q8-9j8m-5xwp #### res_stir_shaken: Test for missing semicolon in Identity header. Author: George Joseph Date: 2025-07-31 ast_stir_shaken_vs_verify() now makes sure there's a semicolon in the Identity header to prevent a possible segfault. Resolves: #GHSA-mrq5-74j5-f5cr @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2025/07/21 06:30:02 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 122e9bed801eee42b25c5df2b714c4d093187962df2620eb7d1ae11ebeb0fa1c SHA512 (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 0b972be132f8a3ed67cb880a3255db1bfb7f9c2fc2cf51fcc1a348ff3481588a1896f4041a032dccad10bebeaebdf786ab94ee69389acbf2e7676c2224063601 Size (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 26541550 bytes BLAKE2s (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.10.1/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.10.1/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.10.1/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.7 log @Update to Asterisk 21.10.0: ## Change Log for Release asterisk-21.10.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.0.html) ### Summary: - Commits: 29 - Commit Authors: 14 - Issues Resolved: 19 - Security Advisories Resolved: 1 - [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands ### User Notes: - #### res_stir_shaken.so: Handle X5U certificate chains. The STIR/SHAKEN verification process will now load a full certificate chain retrieved via the X5U URL instead of loading only the end user cert. - #### res_stir_shaken: Add "ignore_sip_date_header" config option. A new STIR/SHAKEN verification option "ignore_sip_date_header" has been added that when set to true, will cause the verification process to not consider a missing or invalid SIP "Date" header to be a failure. This will make the IAT the sole "truth" for Date in the verification process. The option can be set in the "verification" and "profile" sections of stir_shaken.conf. Also fixed a bug in the port match logic. Resolves: #1251 Resolves: #1271 - #### app_record: Add RECORDING_INFO function. The RECORDING_INFO function can now be used to retrieve the duration of a recording. - #### app_queue: queue rules – Add support for QUEUE_RAISE_PENALTY=rN to raise penal.. This change introduces QUEUE_RAISE_PENALTY=rN, allowing selective penalty raises only for members whose current penalty is within the [min_penalty, max_penalty] range. Members with lower or higher penalties are unaffected. This behavior is backward-compatible with existing queue rule configurations. - #### res_odbc: cache_size option to limit the cached connections. New cache_size option for res_odbc to on a per class basis limit the number of cached connections. Please reference the sample configuration for details. - #### res_odbc: cache_type option for res_odbc. When using res_odbc it should be noted that back-end connections to the underlying database can now be configured to re-use the cached connections in a round-robin manner rather than repeatedly re-using the same connection. This helps to keep connections alive, and to purge dead connections from the system, thus more dynamically adjusting to actual load. The downside is that one could keep too many connections active for a longer time resulting in resource also begin consumed on the database side. - #### ARI Outbound Websockets Asterisk can now establish websocket sessions _to_ your ARI applications as well as accepting websocket sessions _from_ them. Full details: http://s.asterisk.net/ari-outbound-ws - #### res_websocket_client: Create common utilities for websocket clients. A new module "res_websocket_client" and config file "websocket_client.conf" have been added to support several upcoming new capabilities that need common websocket client configuration. - #### asterisk.c: Add option to restrict shell access from remote consoles. A new asterisk.conf option 'disable_remote_console_shell' has been added that, when set, will prevent remote consoles from executing shell commands using the '!' prefix. Resolves: #GHSA-c7p6-7mvq-8jq2 - #### sig_analog: Add Call Waiting Deluxe support. Call Waiting Deluxe can now be enabled for FXS channels by enabling its corresponding option. ### Upgrade Notes: - #### jansson: Upgrade version to jansson 2.14.1 jansson has been upgraded to 2.14.1. For more information visit jansson Github page: https://github.com/akheron/jansson/releases/tag/v2.14.1 Resolves: #1178 - #### Alternate Channel Storage Backends With this release, you can now select an alternate channel storage backend based on C++ Maps. Using the new backend may increase performance and reduce the chances of deadlocks on heavily loaded systems. For more information, see http://s.asterisk.net/dc679ec3 ## Issue and Commit Detail: ### Closed Issues: - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands - 271: [new-feature]: sig_analog: Add Call Waiting Deluxe support. - 548: [improvement]: Get Record() audio duration/length - 1088: [bug]: app_sms: Compilation failure in DEVMODE due to stringop-overflow error in GCC 15 pre-release - 1141: [bug]: res_pjsip: Contact header set incorrectly for call redirect (302 Moved temp.) when external_* set - 1178: [improvement]: jansson: Upgrade version to jansson 2.14.1 - 1230: [bug]: ast_frame_adjust_volume and ast_frame_adjust_volume_float crash on interpolated frames - 1234: [bug]: Set CalllerID lost on DTMF attended transfer - 1240: [bug]: WebRTC invites failing on Chrome 136 - 1243: [bug]: make menuconfig fails due to changes in GTK callbacks - 1251: [improvement]: PJSIP shouldn't require SIP Date header to process full shaken passport which includes iat - 1254: [bug]: ActiveChannels not reported when using AMI command PJSIPShowEndpoint - 1271: [bug]: STIR/SHAKEN not accepting port 8443 in certificate URLs - 1272: [improvement]: STIR/SHAKEN handle X5U certificate chains - 1276: MixMonitor produces broken recordings in bridged calls with asymmetric codecs (e.g., alaw vs G.722) - 1279: [bug]: regression: 20.12.0 downgrades quality of wav16 recordings - 1282: [bug]: Alternate Channel Storage Backends menuselect not enabling it - 1287: [bug]: channelstorage.c: Compilation failure with DEBUG_FD_LEAKS - 1288: [bug]: Crash when destroying channel with C++ alternative storage backend enabled - ASTERISK-30373: sig_analog: Add Call Waiting Deluxe options ### Commit List: - channelstorage: Rename callbacks that conflict with DEBUG_FD_LEAKS. - channelstorage_cpp_map_name_id: Fix callback returning non-matching channels. - channelstorage_makeopts.xml: Remove errant XML character. - res_stir_shaken.so: Handle X5U certificate chains. - res_stir_shaken: Add "ignore_sip_date_header" config option. - app_record: Add RECORDING_INFO function. - app_sms.c: Fix sending and receiving SMS messages in protocol 2 - res_websocket_client: Add more info to the XML documentation. - res_odbc: cache_size option to limit the cached connections. - res_odbc: cache_type option for res_odbc. - res_pjsip: Fix empty `ActiveChannels` property in AMI responses. - ARI Outbound Websockets - res_websocket_client: Create common utilities for websocket clients. - asterisk.c: Add option to restrict shell access from remote consoles. - frame.c: validate frame data length is less than samples when adjusting volume - res_audiosocket.c: Add retry mechanism for reading data from AudioSocket - res_audiosocket.c: Set the TCP_NODELAY socket option - menuselect: Fix GTK menu callbacks for Fedora 42 compatibility - jansson: Upgrade version to jansson 2.14.1 - pjproject: Increase maximum SDP formats and attribute limits - manager.c: Invalid ref-counting when purging events - res_pjsip_nat.c: Do not overwrite transfer host - chan_pjsip: Serialize INVITE creation on DTMF attended transfer - sig_analog: Add Call Waiting Deluxe support. - app_sms: Ignore false positive vectorization warning. - lock.h: Add include for string.h when DEBUG_THREADS is defined. - Alternate Channel Storage Backends @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2025/06/02 04:37:03 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 06e21c3a0e2188008f99ec5f6636a850a00502235162bc1b78f8ce395ceba004 SHA512 (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 99829addcd2f09d9a7135a325252b67c64e4aefb5bfb6d24478e3c06ac5b0ada962aedbc482bde4bc790ae8eb98a4ce58fc7a8e25c5b4269dd0d76f22de5da7f Size (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 26538178 bytes BLAKE2s (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.10.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.10.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.10.0/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.6 log @Upgrade to Asterisk 21.9.1: pkgsrc changes: - add gsed to USE_TOOLS - appease pkglint somewhat - PR/58978 -- comms/asterisk build fails if prefix is not /usr/pkg ## Change Log for Release asterisk-21.9.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.1.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.9.0...21.9.1) ### Summary: - Commits: 2 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 2 - [GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): Using malformed From header can forge identity with ";" or NULL in name portion - [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands ### User Notes: - #### asterisk.c: Add option to restrict shell access from remote consoles. A new asterisk.conf option 'disable_remote_console_shell' has been added that, when set, will prevent remote consoles from executing shell commands using the '!' prefix. Resolves: #GHSA-c7p6-7mvq-8jq2 ### Commit Authors: - George Joseph: (2) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands ### Commits By Author: - #### George Joseph (2): - res_pjsip_messaging.c: Mask control characters in received From display name - asterisk.c: Add option to restrict shell access from remote consoles. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2025/05/19 06:57:34 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.9.1/asterisk-21.9.1.tar.gz) = c60af39bfa030808cef5752b7443d78ffc74e832929a906432b2978f44d06005 SHA512 (asterisk-21.9.1/asterisk-21.9.1.tar.gz) = 7212be039a16602a333c623b76b5f3c829bd058825eec6151b59338bc405f43ae535d92fddcf9e5f2f9f1c0745ceacabda6549580f2d265e44ce088f7fe331e1 Size (asterisk-21.9.1/asterisk-21.9.1.tar.gz) = 26493632 bytes BLAKE2s (asterisk-21.9.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.9.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.9.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.9.1/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.9.1/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.9.1/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.9.1/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.9.1/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.9.1/pjproject-2.15.1.tar.bz2) = 8492214 bytes @ 1.5 log @Update to Asterisk 21.9.0. ## Change Log for Release asterisk-21.9.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.0.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.8.0...21.9.0) ### Summary: - Commits: 24 - Commit Authors: 18 - Issues Resolved: 12 - Security Advisories Resolved: 0 ### User Notes: - #### stasis/control.c: Set Hangup Cause to No Answer on Dial timeout A Dial timeout on POST /channels/{channelId}/dial will now result in a CANCEL and ChannelDestroyed with cause 19 / User alerting, no answer. Previously no explicit cause was set, resulting in a cause of 16 / Normal Call Clearing. - #### contrib: Add systemd service and timer files for malloc trim. Service and timer files for systemd have been added to the contrib/systemd/ directory. If you are experiencing memory issues, install these files to have "malloc trim" periodically run on the system. - #### Add log-caller-id-name option to log Caller ID Name in queue log This patch adds a global configuration option, log-caller-id-name, to queues.conf to control whether the Caller ID name is logged as parameter 4 when a call enters a queue. When log-caller-id-name=yes, the Caller ID name is included in the queue log, Any '|' characters in the caller ID name will be replaced with '_'. (provided it’s allowed by the existing log_restricted_caller_id rules). When log-caller-id-name=no (the default), the Caller ID name is omitted. - #### asterisk.c: Add "pre-init" and "pre-module" capability to cli.conf. In cli.conf, you can now define startup commands that run before core initialization and before module initialization. - #### audiosocket: added support for DTMF frames The AudioSocket protocol now forwards DTMF frames with payload type 0x03. The payload is a 1-byte ascii representing the DTMF digit (0-9,*,#...). ### Upgrade Notes: - #### ARI: REST over Websocket This commit adds the ability to make ARI REST requests over the same websocket used to receive events. See https://docs.asterisk.org/Configuration/Interfaces/Asterisk-REST-Interface-ARI/ARI-REST-over-WebSocket/ ### Commit Authors: - Albrecht Oster: (1) - Alexei Gradinari: (1) - Allan Nathanson: (1) - Andreas Wehrmann: (1) - Ben Ford: (1) - Florent CHAUVEAU: (1) - George Joseph: (4) - Joshua C. Colp: (1) - Luz Paz: (1) - Mark Murawski: (1) - Mike Bradeen: (1) - Mkmer: (1) - Naveen Albert: (3) - Norm Harrison: (2) - Peter Jannesen: (1) - Phoneben: (1) - Sean Bright: (1) - Zhai Liangliang: (1) ## Issue and Commit Detail: ### Closed Issues: - 505: [bug]: res_pjproject: ast_sockaddr_cmp() always fails on sockaddrs created by ast_sockaddr_from_pj_sockaddr() - 643: [new-feature]: pjsip show contact -- show all details same as AMI PJSIPShowContacts - 963: [bug]: missing hangup cause for ARI ChannelDestroyed when Dial times out - 1091: [improvement]: app queue :add to queue log callerid name - 1144: [bug]: action_redirect don't remove bridge_after_goto data - 1171: [improvement]: Need the capability in audiohook.c for fractional (float) type volume adjustments. - 1181: [bug]: Incorrect PJSIP Endpoint Device States on Multiple Channels - 1190: [bug]: Crash when starting ConfBridge recording over CLI and AMI - 1197: [bug]: ChannelHangupRequest does not show cause code in all cases - 1206: [improvement]: chan_iax2: Minor improvements to documentation and warning messages. - 1220: [bug]: res_pjsip_caller_id: OLI is not parsed if contained in a URI parameter - 1224: [improvement]: app_meetme: Removal version is incorrect ### Commit List: - res_pjsip_caller_id: Also parse URI parameters for ANI2. - app_meetme: Remove inaccurate removal version from xmldocs. - docs: Fix typos in apps/ - stasis/control.c: Set Hangup Cause to No Answer on Dial timeout - chan_iax2: Minor improvements to documentation and warning messages. - pbx_ael: unregister AELSub application and CLI commands on module load failure - res_pjproject: Fix DTLS client check failing on some platforms - Prequisites for ARI Outbound Websockets - contrib: Add systemd service and timer files for malloc trim. - action_redirect: remove after_bridge_goto_info - channel: Always provide cause code in ChannelHangupRequest. - Add log-caller-id-name option to log Caller ID Name in queue log - asterisk.c: Add "pre-init" and "pre-module" capability to cli.conf. - app_confbridge: Prevent crash when publishing channel-less event. - ari_websockets: Fix frack if ARI config fails to load. - ARI: REST over Websocket - audiohook.c: Add ability to adjust volume with float - audiosocket: added support for DTMF frames - asterisk/channel.h: fix documentation for 'ast_waitfor_nandfds()' - audiosocket: fix timeout, fix dialplan app exit, server address in logs - Update config.guess and config.sub - chan_pjsip: set correct Endpoint Device State on multiple channels - file.c: missing "custom" sound files should not generate warning logs ## Change Log for Release asterisk-21.8.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.8.0.html) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.7.0...21.8.0) ### Summary: - Commits: 28 - Commit Authors: 12 - Issues Resolved: 12 - Security Advisories Resolved: 0 ### User Notes: - #### ari/pjsip: Make it possible to control transfers through ARI Call transfers on the PJSIP channel can now be controlled by ARI. This can be enabled by using the PJSIP_TRANSFER_HANDLING(ari-only) dialplan function. ### Commit Authors: - Allan Nathanson: (1) - Ben Ford: (1) - Fabriziopicconi: (1) - George Joseph: (10) - Holger Hans Peter Freyther: (1) - Jeremy Lainé: (1) - Joshua Elson: (1) - Luz Paz: (3) - Maximilian Fridrich: (1) - Mike Bradeen: (1) - Naveen Albert: (1) - Sean Bright: (6) ## Issue and Commit Detail: ### Closed Issues: - 211: [bug]: stasis: Off-nominal channel leave causes bridge to be destroyed - 1085: [bug]: utils: Compilation failure with DEVMODE due to old-style definitions - 1101: [bug]: when setting a var with a double quotes and using Set(HASH) - 1109: [bug]: Off nominal memory leak in res/ari/resource_channels.c - 1112: [bug]: STIR/SHAKEN verification doesn't allow anonymous callerid to be passed to the dialplan. - 1119: [bug]: Realtime database not working after upgrade from 22.0.0 to 22.2.0 - 1122: Need status on CVE-2024-57520 claim. - 1124: [bug]: Race condition between bridge and channel delete can over-write cause code set in hangup. - 1131: [bug]: CHANGES link broken in README.md - 1135: [bug]: Problems with video decoding due to RTP marker bit set - 1149: [bug]: res_pjsip: Mismatch in tcp_keepalive_enable causes not to enable - 1164: [bug]: WARNING Message in messages.log for res_curl.conf [globals] ### Commit List: - documentation: Update Gosub, Goto, and add new documentationtype. - res_config_curl.c: Remove unnecessary warnings. - README.md: Updates and Fixes - res_rtp_asterisk.c: Don't truncate spec-compliant `ice-ufrag` or `ice-pwd`. - fix: Correct default flag for tcp_keepalive_enable option - docs: AMI documentation fixes. - config.c: #include of non-existent file should not crash - manager.c: Check for restricted file in action_createconfig. - swagger_model.py: Fix invalid escape sequence in get_list_parameter_type(). - Revert "res_rtp_asterisk.c: Set Mark on rtp when timestamp skew is too big" - res_rtp_asterisk.c: Use correct timeout value for T.140 RED timer. - docs: Fix typos in cdr/ Found via codespell - bridging: Fix multiple bridging issues causing SEGVs and FRACKs. - res_config_pgsql: Fix regression that removed dbname config. - res_stir_shaken: Allow missing or anonymous CID to continue to the dialplan. - resource_channels.c: Fix memory leak in ast_ari_channels_external_media. - ari/pjsip: Make it possible to control transfers through ARI - channel.c: Remove dead AST_GENERATOR_FD code. - func_strings.c: Prevent SEGV in HASH single-argument mode. - docs: Add version information to AGI command XML elements. - docs: Fix minor typo in MixMonitor AMI action - utils: Disable old style definition warnings for libdb. - rtp.conf.sample: Correct stunaddr example. - docs: Add version information to ARI resources and methods. - docs: Indent tags. ## Change Log for Release asterisk-21.7.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.7.0.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.6.1...21.7.0) ### Summary: - Commits: 53 - Commit Authors: 20 - Issues Resolved: 19 - Security Advisories Resolved: 0 ### User Notes: - #### sig_analog: Add Last Number Redial feature. Users can now redial the last number called if the lastnumredial setting is set to yes. Resolves: #437 - #### Add SHA-256 and SHA-512-256 as authentication digest algorithms The SHA-256 and SHA-512-256 algorithms are now available for authentication as both a UAS and a UAC. - #### Upgrade bundled pjproject to 2.15.1 Resolves: asterisk#1016 Bundled pjproject has been upgraded to 2.15.1. For more information visit pjproject Github page: https://github.com/pjsip/pjproject/releases/tag/2.15.1 - #### res_pjsip: Add new AOR option "qualify_2xx_only" The pjsip.conf AOR section now has a "qualify_2xx_only" option that can be set so that only 2XX responses to OPTIONS requests used to qualify a contact will mark the contact as available. - #### app_queue: allow dynamically adding a queue member in paused state. use the p option of AddQueueMember() for paused member state. Optionally, use the r(reason) option to specify a custom reason for the pause. - #### manager.c: Add Processed Call Count to CoreStatus output The current processed call count is now returned as CoreProcessedCalls from the CoreStatus AMI Action. - #### func_curl.c: Add additional CURL options for SSL requests The following new configuration options are now available in the res_curl.conf file, and the CURL() function: 'ssl_verifyhost' (CURLOPT_SSL_VERIFYHOST), 'ssl_cainfo' (CURLOPT_CAINFO), 'ssl_capath' (CURLOPT_CAPATH), 'ssl_cert' (CURLOPT_SSLCERT), 'ssl_certtype' (CURLOPT_SSLCERTTYPE), 'ssl_key' (CURLOPT_SSLKEY), 'ssl_keytype', (CURLOPT_SSLKEYTYPE) and 'ssl_keypasswd' (CURLOPT_KEYPASSWD). See the libcurl documentation for more details. - #### res_stir_shaken: Allow sending Identity headers for unknown TNs You can now set the "unknown_tn_attest_level" option in the attestation and/or profile objects in stir_shaken.conf to enable sending Identity headers for callerid TNs not explicitly configured. ### Upgrade Notes: - #### alembic: Database updates required. Two commits in this release... 'Add SHA-256 and SHA-512-256 as authentication digest algorithms' 'res_pjsip: Add new AOR option "qualify_2xx_only"' ...have modified alembic scripts for the following database tables: ps_aors, ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update your database, reads from those tables will succeeed but inserts into the ps_contacts table by res_pjsip_registrar will fail. ### Commit Authors: - Abdelkader Boudih: (3) - Alexey Khabulyak: (1) - Alexey Vasilyev: (1) - Allan Nathanson: (2) - Artem Umerov: (1) - George Joseph: (17) - Jaco Kroon: (1) - James Terhune: (1) - Joshua C. Colp: (1) - Kent: (1) - Maksim Nesterov: (1) - Maximilian Fridrich: (1) - Mike Pultz: (3) - Naveen Albert: (6) - Sean Bright: (6) - Sperl Viktor: (2) - Stanislav Abramenkov: (2) - Steffen Arntz: (1) - Tinet-Mucw: (1) - Viktor Litvinov: (1) ## Issue and Commit Detail: ### Closed Issues: - 437: [new-feature]: sig_analog: Add Last Number Redial - 851: [bug]: unable to read audiohook both side when packet lost on one side of the call - 921: [bug]: Stir-Shaken doesn’t allow B or C attestation for unknown callerid which is allowed by ATIS-1000074.v003, §5.2.4 - 927: [bug]: no audio when media source changed during the call - 948: [improvement]: Support SHA-256 algorithm on REGISTER and INVITE challenges - 993: [bug]: sig_analog: Feature Group D / E911 no longer work - 999: [bug]: Crash when setting a global variable with invalid UTF8 characters - 1007: [improvement]: Cannot dynamically add queue member in paused state from dialplan or command line - 1013: [improvement]: chan_pjsip: Send VIDUPDATE RTP frames for H.264 streams on endpoints without WebRTC - 1021: [improvement]: proper queue_log paused state when member added dynamically - 1023: [improvement]: Improve PJSIP_MEDIA_OFFER documentation - 1028: [bug]: "pjsip show endpoints" shows some identifies on endpoints that shouldn't be there - 1029: [bug]: chan_dahdi: Wrong channel state set when RINGING received - 1054: [bug]: chan_iax2: Frames unnecessarily backlogged with jitterbuffer if no voice frames have been received yet - 1058: [bug]: Asterisk fails to compile following commit 71a2e8c on Ubuntu 20.04 - 1064: [improvement]: ast_tls_script: Add option to skip passphrase for CA private key - 1075: [bug]: res_prometheus does not set Content-Type header in HTTP response - 1095: [bug]: res_pjsip missing "Failed to authenticate" log entry for unknown endpoint - 1097: [bug]: res_pjsip/pjsip_options. ODBC: Unknown column 'qualify_2xx_only' ### Commit List: - res_pjsip_authenticator_digest: Make correct error messages appear again. - alembic: Database updates required. - res_pjsip: Fix startup/reload memory leak in config_auth. - docs: Add version information to application and function XML elements - docs: Add version information to manager event instance XML elements - LICENSE: Update company name, email, and address. - res_prometheus.c: Set Content-Type header on /metrics response. - README.md, asterisk.c: Update Copyright Dates - docs: Add version information to configObject and configOption XML elements - res_pjsip_authenticator_digest: Fix issue with missing auth and DONT_OPTIMIZE - ast_tls_cert: Add option to skip passphrase for CA private key. - chan_iax2: Avoid unnecessarily backlogging non-voice frames. - config.c: fix #tryinclude being converted to #include on rewrite - sig_analog: Add Last Number Redial feature. - docs: Various XML fixes - strings.c: Improve numeric detection in `ast_strings_match()`. - docs: Enable since/version handling for XML, CLI and ARI documentation - logger.h: Fix build when AST_DEVMODE is not defined. - dialplan_functions_doc.xml: Document PJSIP_MEDIA_OFFER's `media` argument. - samples: Use "asterisk" instead of "postgres" for username - manager: Add `` tags for all AMI actions. - logger.c fix: malformed JSON template - manager.c: Rename restrictedFile to is_restricted_file. - res_pjproject: Fix typo (OpenmSSL->OpenSSL) - Add SHA-256 and SHA-512-256 as authentication digest algorithms - config.c: retain leading whitespace before comments - config.c: Fix off-nominal reference leak. - normalize contrib/ast-db-manage/queue_log.ini.sample - Add C++ Standard detection to configure and fix a new C++20 compile issue - chan_dahdi: Fix wrong channel state when RINGING recieved. - Upgrade bundled pjproject to 2.15.1 Resolves: asterisk#1016 - gcc14: Fix issues caught by gcc 14 - Header fixes for compiling C++ source files - Add ability to pass arguments to unit tests from the CLI - res_pjsip: Add new AOR option "qualify_2xx_only" - res_odbc: release threads from potential starvation. - Allow C++ source files (as extension .cc) in the main directory - format_gsm.c: Added mime type - func_uuid: Add a new dialplan function to generate UUIDs - app_queue: allow dynamically adding a queue member in paused state. - chan_iax2: Add log message for rejected calls. - chan_pjsip: Send VIDUPDATE RTP frame for all H.264 streams - res_curl.conf.sample: clean up sample configuration and add new SSL options - res_rtp_asterisk.c: Set Mark on rtp when timestamp skew is too big - res_rtp_asterisk.c: Fix bridged_payload matching with sample rate for DTMF - manager.c: Add Processed Call Count to CoreStatus output - func_curl.c: Add additional CURL options for SSL requests - sig_analog: Fix regression with FGD and E911 signaling. - res_stir_shaken: Allow sending Identity headers for unknown TNs ## Change Log for Release asterisk-21.6.1 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.6.1.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.6.0...21.6.1) ### Summary: - Commits: 1 - Commit Authors: 1 - Issues Resolved: 0 - Security Advisories Resolved: 1 - [GHSA-33x6-fj46-6rfh](https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh): Path traversal via AMI ListCategories allows access to outside files ### User Notes: - #### manager.c: Restrict ListCategories to the configuration directory. The ListCategories AMI action now restricts files to the configured configuration directory. ### Commit Authors: - Ben Ford: (1) ## Issue and Commit Detail: ### Closed Issues: - !GHSA-33x6-fj46-6rfh: Path traversal via AMI ListCategories allows access to outside files ### Commit List: - manager.c: Restrict ListCategories to the configuration directory. ### Commit Details: #### manager.c: Restrict ListCategories to the configuration directory. Author: Ben Ford Date: 2024-12-17 When using the ListCategories AMI action, it was possible to traverse upwards through the directories to files outside of the configured configuration directory. This action is now restricted to the configured directory and an error will now be returned if the specified file is outside of this limitation. Resolves: #GHSA-33x6-fj46-6rfh UserNote: The ListCategories AMI action now restricts files to the configured configuration directory. ## Change Log for Release asterisk-21.6.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.6.0.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.5.0...21.6.0) ### Summary: - Commits: 39 - Commit Authors: 9 - Issues Resolved: 22 - Security Advisories Resolved: 0 ### User Notes: - #### res_pjsip: Add new endpoint option "suppress_moh_on_sendonly" The new "suppress_moh_on_sendonly" endpoint option can be used to prevent playing MOH back to a caller if the remote end sends "sendonly" or "inactive" (hold) to Asterisk in an SDP. - #### app_mixmonitor: Add 'D' option for dual-channel audio. The MixMonitor application now has a new 'D' option which interleaves the recorded audio in the output frames. This allows for stereo recording output with one channel being the transmitted audio and the other being the received audio. The 't' and 't' options are compatible with this. - #### manager.c: Restrict ModuleLoad to the configured modules directory. The ModuleLoad AMI action now restricts modules to the configured modules directory. - #### manager: Enhance event filtering for performance You can now perform more granular filtering on events in manager.conf using expressions like `eventfilter(name(Newchannel),header(Channel),method(starts_with)) = PJSIP/` This is much more efficient than `eventfilter = Event: Newchannel.*Channel: PJSIP/` Full syntax guide is in configs/samples/manager.conf.sample. - #### db.c: Remove limit on family/key length The `ast_db_*()` APIs have had the 253 byte limit on "/family/key" removed and will now accept families and keys with a total length of up to SQLITE_MAX_LENGTH (currently 1e9!). This affects the `DB*` dialplan applications, dialplan functions, manager actions and `databse` CLI commands. Since the media_cache also uses the `ast_db_*()` APIs, you can now store resources with URIs longer than 253 bytes. ### Upgrade Notes: ### Commit Authors: - Allan Nathanson: (1) - Ben Ford: (3) - Chrsmj: (1) - George Joseph: (15) - Jiangxc: (1) - Naveen Albert: (7) - Peter Jannesen: (2) - Sean Bright: (7) - Thomas Guebels: (2) ## Issue and Commit Detail: ### Closed Issues: - 487: [bug]: Segfault possibly in ast_rtp_stop - 821: [bug]: app_dial: The progress timeout doesn't cause Dial to exit - 881: [bug]: Long URLs are being rejected by the media cache because of an astdb key length limit - 882: [bug]: Value CHANNEL(userfield) is lost by BRIDGE_ENTER - 897: [improvement]: Restrict ModuleLoad AMI action to the modules directory - 900: [bug]: astfd.c: NULL pointer passed to fclose with nonnull attribute causes compilation failure - 902: [bug]: app_voicemail: Pager emails are ill-formatted when custom subject is used - 916: [bug]: Compilation errors on FreeBSD - 923: [bug]: Transport monitor shutdown callback only works on the first disconnection - 924: [bug]: dnsmgr.c: dnsmgr_refresh() should not flag change if IP address order changes - 928: [bug]: chan_dahdi: MWI while off-hook when hung up on after recall ring - 932: [bug]: When connected to multiple IP addresses the transport monitor is only set on the first one - 937: [bug]: Wrong format for sample config file 'geolocation.conf.sample' - 938: [bug]: memory leak - CBAnn leaks a small amount format_cap related memory for every confbridge - 945: [improvement]: Add stereo recording support for app_mixmonitor - 951: [new-feature]: func_evalexten: Add `EVAL_SUB` function - 974: [improvement]: change and/or remove some wiki mentions to docs mentions in the sample configs - 979: [improvement]: Add ability to suppress MOH when a remote endpoint sends "sendonly" or "inactive" - 982: [bug]: The addition of tenantid to the ast_sip_endpoint structure broke ABI compatibility - 990: [improvement]: The help for PJSIP_AOR should indicate that you need to call PJSIP_CONTACT to get contact details - 995: [bug]: suppress_moh_on_sendonly should use AST_BOOL_VALUES instead of YESNO_VALUES in alembic script ### Commit List: - res_pjsip: Change suppress_moh_on_sendonly to OPT_BOOL_T - res_pjsip: Add new endpoint option "suppress_moh_on_sendonly" - res_pjsip.c: Fix Contact header rendering for IPv6 addresses. - samples: remove and/or change some wiki mentions - func_pjsip_aor/contact: Fix documentation for contact ID - res_pjsip: Move tenantid to end of ast_sip_endpoint - pjsip_transport_events: handle multiple addresses for a domain - func_evalexten: Add EVAL_SUB function. - res_srtp: Change Unsupported crypto suite msg from verbose to debug - Add res_pjsip_config_sangoma external module. - app_mixmonitor: Add 'D' option for dual-channel audio. - pjsip_transport_events: Avoid monitor destruction - app_dial: Fix progress timeout calculation with no answer timeout. - pjproject_bundled: Tweaks to support out-of-tree development - core_unreal.c: Fix memory leak in ast_unreal_new_channels() - dnsmgr.c: dnsmgr_refresh() incorrectly flags change with DNS round-robin - geolocation.sample.conf: Fix comment marker at end of file - func_base64.c: Ensure we set aside enough room for base64 encoded data. - app_dial: Fix progress timeout. - chan_dahdi: Never send MWI while off-hook. - manager.c: Add unit test for Originate app and appdata permissions - alembic: Drop redundant voicemail_messages index. - res_agi.c: Ensure SIGCHLD handler functions are properly balanced. - main, res, tests: Fix compilation errors on FreeBSD. - res_rtp_asterisk: Fix dtls timer issues causing FRACKs and SEGVs - manager.c: Restrict ModuleLoad to the configured modules directory. - res_agi.c: Prevent possible double free during `SPEECH RECOGNIZE` - cdr_custom: Allow absolute filenames. - astfd.c: Avoid calling fclose with NULL argument. - channel: Preserve CHANNEL(userfield) on masquerade. - cel_custom: Allow absolute filenames. - app_voicemail: Fix ill-formatted pager emails with custom subject. - res_pjsip_pubsub: Persist subscription 'generator_data' in sorcery - Fix application references to Background - manager.conf.sample: Fix mathcing typo - manager: Enhance event filtering for performance - manager.c: Split XML documentation to manager_doc.xml - db.c: Remove limit on family/key length @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.4 2025/01/17 22:39:53 gavan Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.9.0/asterisk-21.9.0.tar.gz) = 6e8c4ed63d421541a7a230645984be397287a7e4c4a85da2e1f95bfc74237511 SHA512 (asterisk-21.9.0/asterisk-21.9.0.tar.gz) = ec9659589897361cfd4c4b8d55c197a6c0b06fe1c2afbf7687a098b04265bc88d9a4f4df08676ef0bc364e7629e0096e528e78a3967510a7ab22c7fdfdcb62b1 Size (asterisk-21.9.0/asterisk-21.9.0.tar.gz) = 26492636 bytes BLAKE2s (asterisk-21.9.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.9.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.9.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.9.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48 SHA512 (asterisk-21.9.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744 Size (asterisk-21.9.0/pjproject-2.15.1.md5) = 172 bytes BLAKE2s (asterisk-21.9.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd SHA512 (asterisk-21.9.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd Size (asterisk-21.9.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes d33 2 a34 2 SHA1 (patch-configure) = 03e0de2aef9ba3143c0c457d9ec658483a2570ab SHA1 (patch-configure.ac) = b972730a2be3bf54502116f1f7e03afee76a02cc @ 1.4 log @asterisk[19,21,22]: Fix invalid XML documentation building @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2024/10/21 05:09:55 jnemeth Exp $ d3 12 a14 12 BLAKE2s (asterisk-21.5.0/asterisk-21.5.0.tar.gz) = 2999afc285612b2df96f5425c134a16091169f5df9ea50bcd814fe0fead974ed SHA512 (asterisk-21.5.0/asterisk-21.5.0.tar.gz) = 4c8200d1e5eba1a3005dc9709be5893ef395c7635df9e64769f4e30c39b8b82be4332a829c0516bd22748f37f5be506d8f3f886381d7d0ea772d0648166c4942 Size (asterisk-21.5.0/asterisk-21.5.0.tar.gz) = 26362808 bytes BLAKE2s (asterisk-21.5.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde SHA512 (asterisk-21.5.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d Size (asterisk-21.5.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes BLAKE2s (asterisk-21.5.0/pjproject-2.14.1.md5) = f384e59ad4f8227cd7131a5c07b68a83b75b319fa60c38d6f9d27af817a0f516 SHA512 (asterisk-21.5.0/pjproject-2.14.1.md5) = 25ce388adcd7eaa2c21d95a58d9fc5e33a6cb96dd99c292574b8f11f6f1f985cf91f91ea252300bd1be192e396ac6c8a35a87b219864339798bf6195a7650c00 Size (asterisk-21.5.0/pjproject-2.14.1.md5) = 172 bytes BLAKE2s (asterisk-21.5.0/pjproject-2.14.1.tar.bz2) = 4b22d553ddafc2d53d866b4936d465c161e2a095a6a75bd4b93be26e4803122c SHA512 (asterisk-21.5.0/pjproject-2.14.1.tar.bz2) = 996116df4a18fb28c8f68d122466f8664958226a38e432b6190b92fbf277b278d370a4b44fabeaf25691e3cdcde28a8879b2738ead5387d119229db01ce121d8 Size (asterisk-21.5.0/pjproject-2.14.1.tar.bz2) = 8379251 bytes d33 1 a33 1 SHA1 (patch-configure) = 7bb72c26abe5c362bf8e415821534b83f6241473 d43 1 a43 1 SHA1 (patch-include_asterisk_autoconfig.h.in) = 23807b08b94f5cf9c2de76c2928f7ae38997d006 a58 1 SHA1 (patch-main_config.c) = 0647c59c4be846e7a9f6d523fbc93c54dc45b664 d95 1 a95 1 SHA1 (patch-res_res__xmpp.c) = 390376180d1fb11a41c16f59dd44f506006a8e5d @ 1.3 log @Upgrade to Asterisk 21.5.0. ## Change Log for Release asterisk-21.5.0 ### Links: - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.5.0.md) - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.4.3...21.5.0) - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.5.0.tar.gz) - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) ### Summary: - Commits: 24 - Commit Authors: 8 - Issues Resolved: 17 - Security Advisories Resolved: 0 ### User Notes: - #### res_pjsip_notify: add dialplan application A new dialplan application PJSIPNotify is now available which can send SIP NOTIFY requests from the dialplan. The pjsip send notify CLI command has also been enhanced to allow sending NOTIFY messages to a specific channel. Syntax: pjsip send notify