Asterisk 10.1.0 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the release of Asterisk 10.1.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.1.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- AST-2012-001: prevent crash when an SDP offer is received with an encrypted video stream when support for video is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda - Allow playback of formats that don’t support seeking.ast_streamfile previously did unconditional seeking on files that broke playback of formats that don’t support that functionality. This patch avoids the seek that was causing the problem.
(closes issue ASTERISK-18994) Patched by: Timo Teras - Add pjmedia probation concepts to res_rtp_asterisk’s learning mode.In order to better handle RTP sources with strictrtp enabled (which is the default setting in 10) using the learning mode to figure out new sources when they change is handled by checking for a number of consecutive (by sequence number) packets received to an rtp struct based on a new configurable value called ‘probation’. Also, during learning mode instead
of liberally accepting all packets received, we now reject packets until a clear source has been determined. - Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop causes the loop to exit prematurely. This causes a variety of negative side effects, depending on when the loop exits. This patch handles the frame by essentially swallowing the frame in the local loop, as the current channel drivers expect the RTP bridge to handle the frame, and, in the case of the local bridge loop, no additional action is necessary. (closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested by: Matt Jordan
- Fix timing source dependency issues with MOH.Prior to this patch, res_musiconhold existed at the same module priority level as the timing sources that it depends on. This would cause a problem when music on hold was reloaded, as the timing source could be changed after res_musiconhold was processed. This patch adds a new module priority level, AST_MODPRI_TIMING, that the various timing modules are now loaded at. This now occurs before loading other resource modules, such that the timing source is guaranteed to be set prior to resolving the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H, Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont Patched by elguero - Fix RTP reference leak.If a blind transfer were initiated using a REFER without a prior reINVITE to place the call on hold, AND if Asterisk were sending RTCP reports, then there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali - Fix blind transfers from failing if an ‘h’ extension is present.This prevents the ‘h’ extension from being run on the transferee channel when it is transferred via a native transfer mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by Mark Michelson (license 5049)
- Restore call progress code for analog ports.Extracting sig_analog from chan_dahdi lost call progress detection functionality. Fix analog ports from considering a call answered immediately after dialing has completed if the callprogress option is enabled. (closes issue ASTERISK-18841)
Reported by: Richard Miller Patched by Richard Miller - Fix regression that ‘rtp/rtcp set debup ip’ only works when a port was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by: Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0
Thank you for your continued support of Asterisk!
Asterisk 1.8.9.0 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the release of Asterisk 1.8.9.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.9.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- AST-2012-001: prevent crash when an SDP offer is received with an encrypted video stream when support for video is disabled and res_srtp is loaded.
(closes issue ASTERISK-19202) Reported by: Catalin Sanda - Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop.Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop causes the loop to exit prematurely. This causes a variety of negative side effects, depending on when the loop exits. This patch handles the frame by essentially swallowing the frame in the local loop, as the current channel drivers expect the RTP bridge to handle the frame, and, in the case of the local bridge loop, no additional action is necessary.
(closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested by: Matt Jordan - Fix timing source dependency issues with MOH.Prior to this patch, res_musiconhold existed at the same module priority level as the timing sources that it depends on. This would cause a problem when music on hold was reloaded, as the timing source could be changed after res_musiconhold was processed. This patch adds a new module priority level, AST_MODPRI_TIMING, that the various timing modules are now loaded at. This now occurs before loading other resource modules, such that the timing source is guaranteed to be set prior to resolving the timing source dependencies.
(closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H, Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont
Patched by elguero - Fix RTP reference leak.If a blind transfer were initiated using a REFER without a prior reINVITE to place the call on hold, AND if Asterisk were sending RTCP reports, then there was a reference leak for the RTP instance of the transferrer.
(closes issue ASTERISK-19192) Reported by: Tyuta Vitali - Fix blind transfers from failing if an ‘h’ extension is present.This prevents the ‘h’ extension from being run on the transferee channel when it is transferred via a native transfer mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by Mark Michelson (license 5049)
- Restore call progress code for analog ports.Extracting sig_analog from chan_dahdi lost call progress detection functionality. Fix analog ports from considering a call answered immediately after dialing has completed if the callprogress option is enabled. (closes issue ASTERISK-18841) Reported by: Richard Miller Patched by Richard Miller
- Fix regression that ‘rtp/rtcp set debup ip’ only works when a port was also specified.
(closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by: Walter Doekes
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.9.0
Thank you for your continued support of Asterisk!
Asterisk 1.6.2.22 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.6.2.22.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample related to AST-2011-013:
- The sample file listed *two* values for the ‘nat’ option as being the default. Only ‘yes’ is the default.
- The warning about having differing ‘nat’ settings confusingly referred to both peers and users.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Thank you for your continued support of Asterisk!
Asterisk 10.0.0 Is Released
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is proud to announce the release of Asterisk 10.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
Asterisk 10 is the next major release series of Asterisk. It will be a Standard support release, similar to Asterisk 1.6.2. For more information about support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
With the release of the Asterisk 10 branch, the preceding ’1.’ has been removed from the version number per the blog post available at
http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-a…
The release of Asterisk 10 would not have been possible without the support and contributions of the community.
You can find an overview of the work involved with the 10.0.0 release in the summary:
http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary…
A short list of available features includes:
- T.38 gateway functionality has been added to res_fax.
- Protocol independent out-of-call messaging support. Text messages not associated with an active call can now be routed through the Asterisk dialplan. SIP and XMPP are supported so far.
- New highly optimized and customizable ConfBridge application capable of mixing audio at sample rates ranging from 8kHz-192kHz
- Addition of video_mode option in confbridge.conf to provide basic video conferencing in the ConfBridge() dialplan application.
- Support for defining hints has been added to pbx_lua.
- Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
- Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES
Also, when upgrading a system between major versions, it is imperative that you read and understand the contents of the UPGRADE.txt file, which is located at:
http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt
Thank you for your continued support of Asterisk!
Asterisk 1.8.8.0 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the release of Asterisk 1.8.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Updated SIP 484 handling; added Incomplete control frame
When a SIP phone uses the dial application and receives a 484 Address Incomplete response, if overlapped dialing is enabled for SIP, then the 484 Address Incomplete is forwarded back to the SIP phone and the HANGUPCAUSE channel variable is set to 28. Previously, the Incomplete application dialplan logic was automatically triggered; now, explicit dialplan usage of the application is required.
(Closes ASTERISK-17288. Reported by: Mikael Carlsson Tested by: Matthew Jordan Review: https://reviewboard.asterisk.org/r/1416/) - Prevent IAX2 from getting IPv6 addresses via DNS IAX2 does not support IPv6 and getting such addresses from DNS can cause error messages on the remote end involving bad IPv4 address casts in the presence of IPv6/IPv4 tunnels.
(Closes issue ASTERISK-18090. Patched by Kinsey Moore) - Fix bad RTP media bridges in directmedia calls on peers separated by multiple Asterisk nodes.
(Closes issue ASTERISK-18340. Reported by: Thomas Arimont. Closes issue ASTERISK-17725. Reported by: kwk. Tested by: twilson, jrose) - Fix crashes in ast_rtcp_write()
(Closes issue ASTERISK-18570)
Related issues that look like they are the same problem:
(Issue ASTERISK-17560, ASTERISK-15406, ASTERISK-15257, ASTERISK-13334, ASTERISK-9977, ASTERISK-9716)
Review: https://reviewboard.asterisk.org/r/1444/
Patched by: Russell Bryant - Fix for incorrect voicemail duration in external notifications.
This patch fixes an issue where the voicemail duration was being reported with a duration significantly less than the actual sound file duration.
(Closes ASTERISK-16981. Reported by: Mary Ciuciu, Byron Clark, Brad House, Karsten Wemheuer, KevinH Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1443) - Prevent segfault if call arrives before Asterisk is fully booted.
(Patched by alecdavis. https://reviewboard.asterisk.org/r/1407/) - Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
- Fix locking order in app_queue.c which caused deadlocks
(Closes issue ASTERISK-18101. Reported by Paul Rolfe, patched by Gregory Nietsky)
(Closes issue ASTERISK-18487. Reported by Jason Legault, patched by Gregory Nietsky) - Fix regression in configure script for libpri capability checks
(Closes issue ASTERISK-18687. Reported by norbert, patched by Richard Mudgett) - Prevent BLF subscriptions from causing deadlocks.
(Closes issue ASTERISK-18663)
Review: https://reviewboard.asterisk.org/r/1563/ - Fix deadlock if peer is destroyed while sending MWI notice.
(Closes issue ASTERISK-18747)
Reported by: Gregory Hinton Nietsky - Fix issue with setting defaultenabled on categories that are already enabled by default.
(Closes issue ASTERISK-18738)
Reported by: Paul Belanger - Don’t crash on INFO automon request with no channel AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet.
- Fixed crash from orphaned MWI subscriptions in chan_sip This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages.
- Default to nat=yes; warn when nat in general and peer differ AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and
For a full list of changes in this release, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 10.0.0-rc3 Now Available
Posted by admin in asterisk, Release Candidates on December 12, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the third release candidate of Asterisk 10.0.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.0.0-rc3 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Add ASTSBINDIR to the list of configurable pathsThis patch also makes astdb2sqlite3 and astcanary use the configured directory instead of relying on $PATH.
- Don’t crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet. - Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages. - Fix a change in behavior in ‘database show’ from 1.8.In 1.8 and previous versions, one could use any fullword portion of the key name, including the full key, to obtain the record. Until this patch, this did not work for the full key.
- Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport and the other was nat=no.In order to address this problem, it was decided to switch the default behavior to nat=yes/force_rport as it is the most commonly used option and to strongly discourage setting nat per-peer/user when at all possible. - Fixed SendMessage stripping extension from To: header in SIP MESSAGEWhen using the MessageSend application to send a SIP MESSAGE to a non-peer, chan_sip stripped off the extension and failed to add it back to the sip_pvt structure before transmitting. This patch adds the full URI passed in from the message core to the sip_pvt structure.
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.8.8.0-rc5 Now Available
Posted by admin in asterisk, Release Candidates on December 9, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the fifth release candidate of Asterisk 1.8.8.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0-rc5 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Don’t crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet. - Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages. - Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport and the other was nat=no.In order to address this problem, it was decided to switch the default behavior to nat=yes/force_rport as it is the most commonly used option and to strongly discourage setting nat per-peer/user when at all possible.
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.43, 1.6.2.21, and 1.8.7.2 Now Available (Security Release)
Posted by admin in asterisk, Asterisk Security Releases, Security Advisories on December 8, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for Asterisk 1.4, 1.6.2 and 1.8. The available security releases are released as versions 1.4.43, 1.6.2.21 and 1.8.7.2.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue with possible remote enumeration of SIP endpoints with differing NAT settings.
The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash possibility with SIP when the “automon” feature is enabled.
The issues and resolutions are described in the AST-2011-013 and AST-2011-014 security advisories.
For more information about the details of these vulnerabilities, please read the security advisories AST-2011-013 and AST-2011-014, which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-013 is available at:
Security advisory AST-2011-014 is available at:
Thank you for your continued support of Asterisk!
Asterisk Security Advisories – AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 8, 2011
Asterisk Project Security Advisory - AST-2011-013
|
Product |
Asterisk |
|
Summary |
Possible remote enumeration of SIP endpoints with differing NAT settings |
|
Nature of Advisory |
Unauthorized data disclosure |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Minor |
|
Exploits Known |
Yes |
|
Reported On |
2011-07-18 |
|
Reported By |
Ben Williams |
|
Posted On |
|
|
Last Updated On |
December 8, 2011 |
|
Advisory Contact |
Terry Wilson <twilson@digium.com> |
|
CVE Name |
Asterisk Security Advisories – AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 7, 2011
Asterisk Project Security Advisory - AST-2011-014
|
Product |
Asterisk |
|
Summary |
Remote crash possibility with SIP and the “automon” feature enabled |
|
Nature of Advisory |
Remote crash vulnerability in a feature that is disabled by default |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Moderate |
|
Exploits Known |
Yes |
|
Reported On |
November 2, 2011 |
|
Reported By |
Kristijan Vrban |
|
Posted On |
2011-11-03 |
|
Last Updated On |
December 7, 2011 |
|
Advisory Contact |
Terry Wilson <twilson@digium.com> |
|
CVE Name |
