Posts Tagged asterisk
Asterisk 1.6.2.22 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the release of Asterisk 1.6.2.22.
This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample related to AST-2011-013:
- The sample file listed *two* values for the ‘nat’ option as being the default. Only ‘yes’ is the default.
- The warning about having differing ‘nat’ settings confusingly referred to both peers and users.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Thank you for your continued support of Asterisk!
Asterisk 10.0.0 Is Released
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is proud to announce the release of Asterisk 10.0.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
Asterisk 10 is the next major release series of Asterisk. It will be a Standard support release, similar to Asterisk 1.6.2. For more information about support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
With the release of the Asterisk 10 branch, the preceding ’1.’ has been removed from the version number per the blog post available at
http://blogs.digium.com/2011/07/21/the-evolution-of-asterisk-or-how-we-a…
The release of Asterisk 10 would not have been possible without the support and contributions of the community.
You can find an overview of the work involved with the 10.0.0 release in the summary:
http://svn.asterisk.org/svn/asterisk/tags/10.0.0/asterisk-10.0.0-summary…
A short list of available features includes:
- T.38 gateway functionality has been added to res_fax.
- Protocol independent out-of-call messaging support. Text messages not associated with an active call can now be routed through the Asterisk dialplan. SIP and XMPP are supported so far.
- New highly optimized and customizable ConfBridge application capable of mixing audio at sample rates ranging from 8kHz-192kHz
- Addition of video_mode option in confbridge.conf to provide basic video conferencing in the ConfBridge() dialplan application.
- Support for defining hints has been added to pbx_lua.
- Replacement of Berkeley DB with SQLite for the Asterisk Database (AstDB).
- Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.asterisk.org/svn/asterisk/branches/10/CHANGES
Also, when upgrading a system between major versions, it is imperative that you read and understand the contents of the UPGRADE.txt file, which is located at:
http://svn.asterisk.org/svn/asterisk/branches/10/UPGRADE.txt
Thank you for your continued support of Asterisk!
Asterisk 1.8.8.0 Now Available
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the release of Asterisk 1.8.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
- Updated SIP 484 handling; added Incomplete control frame
When a SIP phone uses the dial application and receives a 484 Address Incomplete response, if overlapped dialing is enabled for SIP, then the 484 Address Incomplete is forwarded back to the SIP phone and the HANGUPCAUSE channel variable is set to 28. Previously, the Incomplete application dialplan logic was automatically triggered; now, explicit dialplan usage of the application is required.
(Closes ASTERISK-17288. Reported by: Mikael Carlsson Tested by: Matthew Jordan Review: https://reviewboard.asterisk.org/r/1416/) - Prevent IAX2 from getting IPv6 addresses via DNS IAX2 does not support IPv6 and getting such addresses from DNS can cause error messages on the remote end involving bad IPv4 address casts in the presence of IPv6/IPv4 tunnels.
(Closes issue ASTERISK-18090. Patched by Kinsey Moore) - Fix bad RTP media bridges in directmedia calls on peers separated by multiple Asterisk nodes.
(Closes issue ASTERISK-18340. Reported by: Thomas Arimont. Closes issue ASTERISK-17725. Reported by: kwk. Tested by: twilson, jrose) - Fix crashes in ast_rtcp_write()
(Closes issue ASTERISK-18570)
Related issues that look like they are the same problem:
(Issue ASTERISK-17560, ASTERISK-15406, ASTERISK-15257, ASTERISK-13334, ASTERISK-9977, ASTERISK-9716)
Review: https://reviewboard.asterisk.org/r/1444/
Patched by: Russell Bryant - Fix for incorrect voicemail duration in external notifications.
This patch fixes an issue where the voicemail duration was being reported with a duration significantly less than the actual sound file duration.
(Closes ASTERISK-16981. Reported by: Mary Ciuciu, Byron Clark, Brad House, Karsten Wemheuer, KevinH Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/1443) - Prevent segfault if call arrives before Asterisk is fully booted.
(Patched by alecdavis. https://reviewboard.asterisk.org/r/1407/) - Fix remote Crash Vulnerability in SIP channel driver (AST-2011-012)
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
- Fix locking order in app_queue.c which caused deadlocks
(Closes issue ASTERISK-18101. Reported by Paul Rolfe, patched by Gregory Nietsky)
(Closes issue ASTERISK-18487. Reported by Jason Legault, patched by Gregory Nietsky) - Fix regression in configure script for libpri capability checks
(Closes issue ASTERISK-18687. Reported by norbert, patched by Richard Mudgett) - Prevent BLF subscriptions from causing deadlocks.
(Closes issue ASTERISK-18663)
Review: https://reviewboard.asterisk.org/r/1563/ - Fix deadlock if peer is destroyed while sending MWI notice.
(Closes issue ASTERISK-18747)
Reported by: Gregory Hinton Nietsky - Fix issue with setting defaultenabled on categories that are already enabled by default.
(Closes issue ASTERISK-18738)
Reported by: Paul Belanger - Don’t crash on INFO automon request with no channel AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet.
- Fixed crash from orphaned MWI subscriptions in chan_sip This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages.
- Default to nat=yes; warn when nat in general and peer differ AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and
For a full list of changes in this release, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 10.0.0-rc3 Now Available
Posted by admin in asterisk, Release Candidates on December 12, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the third release candidate of Asterisk 10.0.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 10.0.0-rc3 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Add ASTSBINDIR to the list of configurable pathsThis patch also makes astdb2sqlite3 and astcanary use the configured directory instead of relying on $PATH.
- Don’t crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet. - Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages. - Fix a change in behavior in ‘database show’ from 1.8.In 1.8 and previous versions, one could use any fullword portion of the key name, including the full key, to obtain the record. Until this patch, this did not work for the full key.
- Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and
1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport and the other was nat=no.In order to address this problem, it was decided to switch the default behavior to nat=yes/force_rport as it is the most commonly used option and to strongly discourage setting nat per-peer/user when at all possible. - Fixed SendMessage stripping extension from To: header in SIP MESSAGEWhen using the MessageSend application to send a SIP MESSAGE to a non-peer, chan_sip stripped off the extension and failed to add it back to the sip_pvt structure before transmitting. This patch adds the full URI passed in from the message core to the sip_pvt structure.
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.8.8.0-rc5 Now Available
Posted by admin in asterisk, Release Candidates on December 9, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the fifth release candidate of Asterisk 1.8.8.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0-rc5 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release candidate:
- Don’t crash on INFO automon request with no channel
AST-2011-014. When automon was enabled in features.conf, it was possible to crash Asterisk by sending an INFO request if no channel had been created yet. - Fixed crash from orphaned MWI subscriptions in chan_sip
This patch resolves the issue where MWI subscriptions are orphaned by subsequent SIP SUBSCRIBE messages. - Default to nat=yes; warn when nat in general and peer differ
AST-2011-013. It is possible to enumerate SIP usernames when the general and user/peer nat settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport and the other was nat=no.In order to address this problem, it was decided to switch the default behavior to nat=yes/force_rport as it is the most commonly used option and to strongly discourage setting nat per-peer/user when at all possible.
For a full list of changes in this release candidate, please see the ChangeLog:
Thank you for your continued support of Asterisk!
Asterisk 1.4.43, 1.6.2.21, and 1.8.7.2 Now Available (Security Release)
Posted by admin in asterisk, Asterisk Security Releases, Security Advisories on December 8, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced security releases for Asterisk 1.4, 1.6.2 and 1.8. The available security releases are released as versions 1.4.43, 1.6.2.21 and 1.8.7.2.
These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk versions 1.4.43, 1.6.2.21, and 1.8.7.2 resolves an issue with possible remote enumeration of SIP endpoints with differing NAT settings.
The release of Asterisk versions 1.6.2.21 and 1.8.7.2 resolves a remote crash possibility with SIP when the “automon” feature is enabled.
The issues and resolutions are described in the AST-2011-013 and AST-2011-014 security advisories.
For more information about the details of these vulnerabilities, please read the security advisories AST-2011-013 and AST-2011-014, which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-…
Security advisory AST-2011-013 is available at:
Security advisory AST-2011-014 is available at:
Thank you for your continued support of Asterisk!
Asterisk Security Advisories – AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 8, 2011
Asterisk Project Security Advisory - AST-2011-013
|
Product |
Asterisk |
|
Summary |
Possible remote enumeration of SIP endpoints with differing NAT settings |
|
Nature of Advisory |
Unauthorized data disclosure |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Minor |
|
Exploits Known |
Yes |
|
Reported On |
2011-07-18 |
|
Reported By |
Ben Williams |
|
Posted On |
|
|
Last Updated On |
December 8, 2011 |
|
Advisory Contact |
Terry Wilson <twilson@digium.com> |
|
CVE Name |
Asterisk Security Advisories – AST-2011-014: Remote crash possibility with SIP and the “automon” feature enabled
Posted by admin in asterisk, Asterisk Security Advisories, Security Advisories on December 7, 2011
Asterisk Project Security Advisory - AST-2011-014
|
Product |
Asterisk |
|
Summary |
Remote crash possibility with SIP and the “automon” feature enabled |
|
Nature of Advisory |
Remote crash vulnerability in a feature that is disabled by default |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Moderate |
|
Exploits Known |
Yes |
|
Reported On |
November 2, 2011 |
|
Reported By |
Kristijan Vrban |
|
Posted On |
2011-11-03 |
|
Last Updated On |
December 7, 2011 |
|
Advisory Contact |
Terry Wilson <twilson@digium.com> |
|
CVE Name |
Asterisk 1.8.8.0-rc4 Now Available
Posted by admin in asterisk, Release Candidates on November 17, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team has announced the fourth release candidate of Asterisk 1.8.8.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.8.0-rc4 resolves a particular issue with BLF subscriptions. A change in Asterisk 1.8.8.0-rc3 had the potential to cause a segfault, and this release candidate was created to resolve that.
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.8.0-rc4
Thank you for your continued support of Asterisk!
Asterisk 10.0.0-rc2 Now Available
Posted by admin in asterisk, Release Candidates on November 16, 2011
Asterisk The Open Source PBX & Telephony Platform
The Asterisk Development Team is pleased to announce the second release candidate of Asterisk 10.0.0. This release candidate is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/
All Asterisk users are encouraged to participate in the Asterisk 10 testing process. Please report any issues found to the issue tracker, https://issues.asterisk.org/jira. It is also very useful to see successful test reports. Please post those to the asterisk-dev mailing list.
All Asterisk users are invited to participate in the #asterisk-testing channel on IRC to work together in testing the many parts of Asterisk.
Asterisk 10 is the next major release series of Asterisk. It will be a Standard support release, similar to Asterisk 1.6.2. For more information about support time lines for Asterisk releases, see the Asterisk versions page: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
A short list of features includes:
- T.38 gateway functionality has been added to res_fax.
- Protocol independent out-of-call messaging support. Text messages not
associated with an active call can now be routed through the Asterisk
