Archive for category sip
Asterisk 1.8.8.0-rc1 Now Available
Posted by admin in asterisk, Release Candidates, sip on October 6, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team announces the first release candidate of Asterisk 1.8.8.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Updated SIP 484 handling; added Incomplete control frame When a SIP phone uses the dial application and receives a 484 Address
Incomplete response, if overlapped dialing is enabled for SIP, then the 484 Address Incomplete is forwarded back to the SIP phone and the HANGUPCAUSE channel variable is set to 28. Previously, the Incomplete application dialplan logic was automatically triggered; now, explicit dialplan usage of the application is required.
(Closes ASTERISK-17288. Reported by: Mikael Carlsson Tested by: Matthew Jordan Review: https://reviewboard.asterisk.org/r/1416/) - Prevent IAX2 from getting IPv6 addresses via DNS IAX2 does not support IPv6 and getting such addresses from DNS can cause error messages on the remote end involving bad IPv4 address casts in the presence of IPv6/IPv4 tunnels.
(Closes issue ASTERISK-18090. Patched by Kinsey Moore) - Fix bad RTP media bridges in directmedia calls on peers separated by multiple Asterisk nodes.
(Closes issue ASTERISK-18340. Reported by: Thomas Arimont. Closes issue ASTERISK-17725. Reported by: kwk. Tested by: twilson, jrose) - Fix crashes in ast_rtcp_write()
(Closes issue ASTERISK-18570)
Related issues that look like they are the same problem:
(Issue ASTERISK-17560, ASTERISK-15406, ASTERISK-15257, ASTERISK-13334, ASTERISK-9977, ASTERISK-9716)
Review: https://reviewboard.asterisk.org/r/1444/
Patched by: Russell Bryant - Fix for incorrect voicemail duration in external notifications. This patch fixes an issue where the voicemail duration was being reported with a duration significantly less than the actual sound file duration.
(Closes ASTERISK-16981. Reported by: Mary Ciuciu, Byron Clark, Brad House, Karsten Wemheuer, KevinH Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1443) - Prevent segfault if call arrives before Asterisk is fully booted.
(Patched by alecdavis. https://reviewboard.asterisk.org/r/1407/)
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.8.5.0 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.5.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81, cmaj) - Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois, rossbeer, kowalma, Freddi_Fonet) - Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson) - Fix a nasty chanspy bug which was causing a channel leak every time a spied on channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose) - This patch fixes a bug with MeetMe behavior where the ‘P’ option for always prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant) - Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If the call that the dialplan started an AGI script for is hungup while the AGI script is in the middle of a command then the AGI script is not notified of the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett) - Resolve issue where leaving a voicemail, the MWI message is never sent. The same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard Mudgett) - Resolve issue where wait for leader with Music On Hold allows crosstalk between participants. Parenthesis in the wrong position. Regression from issue #14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
For a full list of changes in this release, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.8.5-rc1 Now Available
Posted by admin in asterisk, Release Candidates, sip on June 29, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team announces the first release candidate of Asterisk 1.8.5. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.5-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81, cmaj) - Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois, rossbeer, kowalma, Freddi_Fonet) - Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson) - Fix a nasty chanspy bug which was causing a channel leak every time a spied on channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose) - This patch fixes a bug with MeetMe behavior where the ‘P’ option for always prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant) - Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If the call that the dialplan started an AGI script for is hungup while the AGI script is in the middle of a command then the AGI script is not notified of the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett) - Resolve issue where leaving a voicemail, the MWI message is never sent. The same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard Mudgett) - Resolve issue where wait for leader with Music On Hold allows crosstalk between participants. Parenthesis in the wrong position. Regression from issue #14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett) - Fix timerfd locking issue.
(Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.41.2, Asterisk 1.6.2.18.2, Asterisk 1.8.4.4 Now Available (Security Release)
Posted by admin in asterisk, Asterisk Security Releases, Security Advisories, sip on June 28, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security releases.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the following issue:
- AST-2011-011: Asterisk may respond differently to SIP requests from an invalid SIP user than it does to a user configured on the system, even when the alwaysauthreject option is set in the configuration. This can leak information about what SIP users are valid on the Asterisk system.
For more information about the details of this vulnerability, please read the security advisory AST-2011-011, which was released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-011 is available at:
Thank you for your continued support of Asterisk!
Asterisk Security Advisories – AST-2011-011: Possible enumeration of SIP users due to differing authentication responses
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on June 28, 2011
Asterisk Project Security Advisory - AST-2011-011
| Product | Asterisk |
| Summary | Possible enumeration of SIP users due to differing authentication responses |
| Nature of Advisory | Unauthorized data disclosure |
| Susceptibility | Remote unauthenticated sessions |
| Severity | Moderate |
| Exploits Known | No |
| Reported On | June 11, 2011 |
| Reported By | |
| Posted On | June 28, 2011 |
| Last Updated On | June 28, 2011 |
| Advisory Contact | Terry Wilson <twilson@digium.com> |
| CVE Name | CVE-2011-2536 |
Asterisk 1.8.4-rc2 Now Available
Posted by admin in asterisk, Release Candidates, sip on February 28, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the second release candidate of Asterisk 1.8.4. This release candidate is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.4-rc2 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes. - Resolve deadlocks related to device states in chan_sip
(Closes issue #18310. Reported, patched by one47. Patched by jpeeler) - Resolve an issue with the Asterisk manager interface leaking memory when disabled.
(Reported internally by kmorgan. Patched by russellb) - Support greetingsfolder as documented in voicemail.conf.sample.
(Closes issue #17870. Reported by edhorton. Patched by seanbright) - Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb. Patched by russellb) - Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by jpeeler) - Set hangup cause in local_hangup so the proper return code of 486 instead of 503 when using Local channels when the far sides returns a busy. Also affects CCSS in Asterisk 1.8+.
(Patched by twilson) - Fix issues with verbose messages not being output to the console.
(Closes issue #18580. Reported by pabelanger. Patched by qwell)
Asterisk 1.8.4-rc1 was not released due to a blocking issue found prior to release. An additional fix was merged into Asterisk 1.8.4-rc2:
- Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by alecdavid, Irontec, ZX81, cmaj)
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.6.2.18-rc1 Now Available
Posted by admin in asterisk, Release Candidates, sip on February 28, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the first release candidate of Asterisk 1.6.2.18. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.2.18-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Only offer codecs both sides support for directmedia.
(Closes issue #17403. Reported, patched by one47) - Resolution of several DTMF based attended transfer issues.
(Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo, shihchuan, grecco. Patched by rmudgett)
NOTE: Be sure to read the ChangeLog for more information about these changes. - Resolve deadlocks related to device states in chan_sip
(Closes issue #18310. Reported, patched by one47. Patched by jpeeler) - Fix channel redirect out of MeetMe() and other issues with channel softhangup
(Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb. Patched by russellb) - Fix voicemail sequencing for file based storage.
(Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by jpeeler) - Guard against retransmitting BYEs indefinitely during attended transfers with chan_sip.
(Review: https://reviewboard.asterisk.org/r/1077/)
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
AST-2011-001: Stack buffer overflow in SIP channel driver
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories, sip on January 11, 2011
Asterisk Project Security Advisory - AST-2011-001
| Product | Asterisk |
| Summary | Stack buffer overflow in SIP channel driver |
| Nature of Advisory | Exploitable Stack Buffer Overflow |
| Susceptibility | Remote Authenticated Sessions |
| Severity | Moderate |
| Exploits Known | No |
| Reported On | January 11, 2011 |
| Reported By | Matthew Nicholson |
| Posted On | January 18, 2011 |
| Last Updated On | January 20, 2011 |
| Advisory Contact | Matthew Nicholson <mnicholson@digium.com> |
| CVE Name | CVE-2011-0495 |
| Description | When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well. The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs. |
Asterisk 1.4.38 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.4.38. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.4.38 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Add ability for Asterisk to try both the encoded and unencoded subscription URI for a match in hints.
(Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman) - Set the caller id on CDRs when it is set on the parent channel.
(Closes issue #17569. Reported, patched by tbelder) - Ensure user portion of SIP URI matches dialplan when using encoded characters
(Closes issue #17892. Reported by wdoekes. Patched by jpeeler) - Fix a crash in res_jabber by ensuring that we don’t alter memory after it’s freed.
(Closes issue #17387. Reported, tested by jmls. Patched by tilghman) - Fix problem with qualify option packets for realtime peers never stopping. The option packets not only never stopped, but if a realtime peer was not in the peer list multiple options dialogs could accumulate over time.
(Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by jpeeler) - Multiple fixes related to Local channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.4.38
Thank you for your continued support of Asterisk!
Asterisk 1.8.0-Beta3 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.8.0-beta3.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
All interested users of Asterisk are encouraged to participate in the 1.8 testing process. Please report any issues found to the issue tracker, http://issues.asterisk.org/. It is also very useful to see successful test reports. Please post those to the asterisk-dev mailing list.
Asterisk 1.8 is the next major release series of Asterisk. It will be a Long Term Support (LTS) release, similar to Asterisk 1.4. For more information about support time lines for Asterisk releases, see the Asterisk versions page.
http://www.asterisk.org/asterisk-versions
This release contains fixes since the last beta release as reported by the community. A sampling of the changes in this release include:
- Fix a regression where HTTP would always be enabled regardless of setting.
(Closes issue #17708. Reported, patched by pabelanger) - ACL errors displayed on screen when using dynamic_exclude_static in sip.conf
(Closes issue #17717. Reported by Dennis DeDonatis. Patched by mmichelson) - Support “channels” in addition to “channel” in chan_dahdi.conf.
(https://reviewboard.asterisk.org/r/804) - Fix parsing error in sip_sipredirect(). The code was written in a way that did a bad job of parsing the port out of a URI. Specifically, it would do badly when dealing with an IPv6 address.
(Closes issue #17661. Reported by oej. Patched by mmichelson) - Fix inband DTMF detection on outgoing ISDN calls.
(Patched by russellb and rmudgett) - Fixes issue with translator frame not getting freed. This issue prevented g729 licenses from being freed up.
(Closes issue #17630. Reported by manvirr. Patched by dvossel) - Fixed IPv6-related SIP parsing bugs and updated documention.
(Reported by oej. Patched by sperreault) - Add new, self-contained feature FIELDNUM(). Returns a 1-based index into a list of a specified item. Matches up with FIELDQTY() and CUT().
(Closes #17713. Reported, patched by gareth. Tested by tilghman)
Asterisk 1.8 contains many new features over previous releases of Asterisk.
A short list of included features includes:
- Secure RTP
- IPv6 Support in the SIP Channel
- Connected Party Identification Support
- Calendaring Integration
- A new call logging system, Channel Event Logging (CEL)
- Distributed Device State using Jabber/XMPP PubSub
- Call Completion Supplementary Services support
- Advice of Charge support
- Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.digium.com/view/asterisk/branches/1.8/CHANGES?view=checkout
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.0-beta3
Thank you for your continued support of Asterisk!
-
You are currently browsing the archives for the sip category.
