The NetBSD Project

CVS log for pkgsrc/comms/asterisk16/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / comms / asterisk16

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.43 / (download) - annotate - [select for diffs], Thu Oct 7 13:27:01 2021 UTC (12 days ago) by nia
Branch: MAIN
CVS Tags: HEAD
Changes since 1.42: +1 -5 lines
Diff to previous 1.42 (colored)

comms: Remove SHA1 hashes for distfiles

Revision 1.42 / (download) - annotate - [select for diffs], Mon Aug 9 13:13:14 2021 UTC (2 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base, pkgsrc-2021Q3
Changes since 1.41: +18 -18 lines
Diff to previous 1.41 (colored)

asterisk16: Update to 16.19.0

16.19.0
New Features made in this release:

  * [ASTERISK-29446]         app_confbridge: New ConfKick application
                             (Reported by N A)
  * [ASTERISK-29440]         app_confbridge: Allow ConfBridge answer to be
                             suppressed
                             (Reported by N A)
  * [ASTERISK-29431]         Minimum and maximum dialplan functions
                             (Reported by N A)
  * [ASTERISK-29439]         func_volume: Volume function can  t be read
                             (Reported by N A)

Bugs fixed in this release:

  * [ASTERISK-29475]         SayNumber triggers WARNING if caller hangs up
                             during application execution
                             (Reported by N A)
  * [ASTERISK-29404]         Consolidate res_pjsip_messaging fixes for domain
                             name
                             (Reported by George Joseph)
  * [ASTERISK-29441]         Core reload making TCP endpoints go offline
                             (Reported by Luke Escude)
  * [ASTERISK-29433]         res_rtp_asterisk: Server reflexive candidates use
                             incorrect raddr for RTCP
                             (Reported by Chris)
  * [ASTERISK-28237]           FRACK!, Failed assertion bad magic number
                             happens when unsubscribe an application from an
                             event source
                             (Reported by Lucas Tardioli Silveira)
  * [ASTERISK-28393]         Multidomain support issue
                             (Reported by Andrea Sannucci)
  * [ASTERISK-29397]         pjsip: Asterisk isn  t tolerant of RFC8760 UASs
                             (Reported by George Joseph)
  * [ASTERISK-24601]         Missing RFC4235 tags and attributes in PJSIP
                             NOTIFY event: dialog XML body
                             (Reported by Marco Paland)
  * [ASTERISK-29372]         file.c switch does not account for flash events
                             (Reported by N A)
  * [ASTERISK-29377]         cpool_release_pool   double free or corruption
                             (out)
                             (Reported by Robert Sutton)
  * [ASTERISK-29370]         chan_sip does not recognize application/hook-flash
                             (Reported by N A)
  * [ASTERISK-29358]         chan_pjsip: Trace message for progress is output
                             even if frame is not queued
                             (Reported by Michael Maier)
  * [ASTERISK-29030]         res_rtp_asterisk: Additional RTP-frame (with wrong
                             SSRC) gets inserted when switching from progress
                             to established
                             (Reported by Matthias Hensler)
  * [ASTERISK-29407]         chan_local: Filtering audio formats should not
                             occur on removed streams
                             (Reported by Joshua C. Colp)

Improvements made in this release:

  * [ASTERISK-29450]         Allow setting channel variables using Originate
                             application
                             (Reported by N A)
  * [ASTERISK-29460]         Recognize application/hook-flash in PJSIP
                             (Reported by N A)
  * [ASTERISK-29459]         Missing configuration from PJSIP to SIP conversion
                             script
                             (Reported by N A)
  * [ASTERISK-29434]         Asterisk reveals pjproject version in STUN packets
                             (Reported by Jeremy Lain  )
  * [ASTERISK-29349]         Silent voicemail option is not completely silent
                             (Reported by N A)
  * [ASTERISK-29380]         Add Flash AMI event to handle flash events
                             (Reported by N A)

16.18.0
Bugs fixed in this release:

  * [ASTERISK-29328]         translate.c: possible buffer overflow when
                             upsampling
                             (Reported by Jean Aunis    Prescom)
  * [ASTERISK-29379]         Segfault    ast_channel_is_multistream (chan=0x0)
                             at channel_internal_api.c:1590
                             (Reported by Ross Beer)
  * [ASTERISK-29364]         res_rtp_asterisk: standard deviation
                             miscalculation
                             (Reported by Kevin Harwell)
  * [ASTERISK-29373]         res_rtp_asterisk: Flash events are duplicated
                             (Reported by N A)
  * [ASTERISK-28356]         app_queue: CLI set ringinuse for realtime member
                             not working
                             (Reported by Michael)
  * [ASTERISK-24631]         Incorrect description of option   context   in
                             queues.conf.sample
                             (Reported by Etienne Lessard)
  * [ASTERISK-26614]         app_queue: updatecdr option in queues.conf does
                             effectively nothing
                             (Reported by Alexander Gonchiy)
  * [ASTERISK-25358]         dateformat not read from logger.conf by remote
                             console
                             (Reported by Igor Liferenko)
  * [ASTERISK-27542]         app_queue: When   queue show   CLI command is
                             executed a crash occurs
                             (Reported by Miguel Sanz)
  * [ASTERISK-29215]         res_pjsip_session: NULL active_media_state
                             topology caused asterisk crash
                             (Reported by sungtae kim)
  * [ASTERISK-29355]         app_queue: Queue member status message sent even
                             if status doesn  t change
                             (Reported by Roman Pertsev)
  * [ASTERISK-29035]         chan_local: Multistream support breaks T.38 faxing
                             (Reported by Matthias Hensler)
  * [ASTERISK-29354]         res_pjsip: Allow partial reloading of transports
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29348]         menuselect doesn  t return errors in many cases
                             (Reported by George Joseph)
  * [ASTERISK-29352]         res_rtp_asterisk: Fix frame delivery time when
                             SSRC changes
                             (Reported by Joshua C. Colp)

Improvements made in this release:

  * [ASTERISK-29339]         loader: Let  s output warnings for deprecated
                             modules!
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29337]         menuselect: Add ability to set deprecated in and
                             removed in versions for modules
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29335]         xml: Embed module information into core XML
                             documentation.
                             (Reported by Joshua C. Colp)
  * [ASTERISK-29336]         documentation: Fix inconsistent support levels
                             (Reported by Joshua C. Colp)

Revision 1.41 / (download) - annotate - [select for diffs], Fri Mar 26 00:04:08 2021 UTC (6 months, 3 weeks ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1
Changes since 1.40: +17 -17 lines
Diff to previous 1.40 (colored)

comms/asterisk16: Update to 16.17.0

This is a micro update that is mostly security fixes and bug fixes
with very small improvements.  In addition to this being a security
fix, asterisk16 is a leaf package.

Upstream changes:

Security bugs fixed in this release:
-----------------------------------
 * ASTERISK-29305 - ASTERISK-29203 / AST-2021-002 -- Another
      scenario is causing a crash
      (Reported by Gregory Massel)
 * ASTERISK-29260 - sRTP Replay Protection ignored; even tears
      down long calls
      (Reported by Alexander Traud)
 * ASTERISK-29227 - res_pjsip_diversion: sending multiple 181
      responses causes memory corruption and crash
      (Reported by
      Ivan Poddubny)

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-29215 - res_pjsip_session: NULL active_media_state
      topology caused asterisk crash
      (Reported by sungtae kim)
 * ASTERISK-29035 - chan_local: Multistream support breaks T.38
      faxing
      (Reported by Matthias Hensler)
 * ASTERISK-29071 - app_confbridge: Memory rises when
      jitterbuffer enabled and muting over AMI occurs
      (Reported
      by Stefan Ruf)
 * ASTERISK-29329 - app_dial: DTMF to 'D' option gets duplicated
      if there are multiple progress events
      (Reported by N A)
 * ASTERISK-24434 - Fix differing usage of assignment operators
      in modules.conf
      (Reported by Rusty Newton)
 * ASTERISK-29306 - strings: Incorrect use of
      __attribute__((pure)) in ast_str_to_lower definition

      (Reported by Vitezslav Novy)
 * ASTERISK-29300 - res_rtp_asterisk: When native local bridging
      the remote SSRC becomes permanent
      (Reported by Sebastian
      Damm)
 * ASTERISK-29235 - res_pjsip_nat: Contact is rewritten on
      REGISTER responses with external_signaling_address

      (Reported by Brian Paboojian)
 * ASTERISK-29266 - ICE Role conflict with an unauthorized
      session
      (Reported by Salah Ahmed)
 * ASTERISK-29105 - chan_pjsip: 180 Ringing with SDP not changed
      into progress
      (Reported by Sebastian Damm)
 * ASTERISK-29297 - say: Y2021 problem ãàAsterisk cannot say
      year 2021 in Dutch
      (Reported by Jacek Konieczny)
 * ASTERISK-29315 - res_pjsip: re-registration gets stuck if
      setting initial auth credentials fails
      (Reported by Nick
      French)
 * ASTERISK-29312 - res_fax: asterisk fails to publish the
      Stasis and ReceiveFax status messages if the remote Station ID
      contains invalid UTF-8 characters
      (Reported by Alexei
      Gradinari)
 * ASTERISK-16799 - Callee declined when 'beep' audio file does
      not exist
      (Reported by IAMJames_)
 * ASTERISK-29313 - res_pjsip_refer:  Segfault in progress
      notify
      (Reported by George Joseph)
 * ASTERISK-29293 - res_config_pgsql: Limit realtime_pgsql() to
      return one (no more) record
      (Reported by Boris P. Korzun)
 * ASTERISK-29303 - pjsip: Re-invite occurs when it shouldn't

      (Reported by Benjamin Keith Ford)
 * ASTERISK-29311 - res_odbc_transaction sets forcecommit
      default value based on isolation level instead of forcecommit

      (Reported by Jaco Kroon)
 * ASTERISK-28452 - pjsip: <sess-version> of SDP is not
      incremented though SDP may be changed on reinvite without SDP
      offer
      (Reported by Michael Maier)
 * ASTERISK-29287 - app.h: C++ compatibility broken

      (Reported by Jean Aunis - Prescom)
 * ASTERISK-28369 - app_queue: Member device state "invalid"
      when second call is ringing and hint is used
      (Reported by
      Boolah )
 * ASTERISK-29203 - res_pjsip_t38: Crash when changing state

      (Reported by Gregory Massel)
 * ASTERISK-29205 - res_rtp_asterisk: Asterisk crashes when
      making hold/unhold from webrtc client
      (Reported by Edvin
      Vidmar)
 * ASTERISK-29196 - res_pjsip: Segmentation fault

      (Reported by Mauri de Souza Meneguzzo (3CPlus))
 * ASTERISK-29280 - chan_sip: Allow peers without audio
      (text+video).
      (Reported by Alexander Traud)
 * ASTERISK-29265 - chan_sip: Allow text+video media streams,
      again.
      (Reported by Alexander Traud)
 * ASTERISK-29261 - res_pjsip: user=phone validation fail for
      isup numbers containing *#
      (Reported by Mark Petersen)
 * ASTERISK-29259 - channel: Allow text+video media streams,
      again.
      (Reported by Alexander Traud)
 * ASTERISK-29258 - chan_sip: Audio stream rejected, Other
      stream present: Invalid SDP.
      (Reported by Alexander Traud)
 * ASTERISK-29220 - After T38 reinvite response of 488 a
      subsequent G711 reinvite is not processed correctly. Instead the
      previous T38 session media is used
      (Reported by Robert
      Cripps)
 * ASTERISK-29248 - res_pjsip_session: res sometimes
      uninitialized reported by compiler Clang.
      (Reported by
      Alexander Traud)

Improvements made in this release:
-----------------------------------
 * ASTERISK-29321 - sorcery: Add support for more intelligent
      reloading.
      (Reported by Joshua C. Colp)
 * ASTERISK-29325 - res_pjsip_registrar: Include source IP
      address and port in log messages
      (Reported by Joshua C.
      Colp)
 * ASTERISK-29326 - asterisk: Update copyright/company

      (Reported by Joshua C. Colp)
 * ASTERISK-29244 - Add MixMonitorStart / Stop / Mute AMI
      events
      (Reported by Sébastien Duthil)
 * ASTERISK-29275 - Support of MIME-type for wav16

      (Reported by Boris P. Korzun)
 * ASTERISK-29252 - TRANSFERSTATUSPROTOCOL variable to report
      Transfer (REFER) failure SIP code
      (Reported by Dan Cropp)
 * ASTERISK-29262 - Support of various URL-schemes by MoH

      (Reported by Boris P. Korzun)

Revision 1.40 / (download) - annotate - [select for diffs], Thu Feb 11 11:53:19 2021 UTC (8 months ago) by ryoon
Branch: MAIN
Changes since 1.39: +4 -1 lines
Diff to previous 1.39 (colored)

asterisk16: Fix segfaut under NetBSD/aarch64 9.99.80. Bump PKGREVISION

The problem is reported by Markus Kilbinger on port-arm mailing list.

Revision 1.39 / (download) - annotate - [select for diffs], Thu Feb 11 02:20:18 2021 UTC (8 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.38: +18 -18 lines
Diff to previous 1.38 (colored)

asterisk16: Update to 16.16.0

Changelog:
The following issues are resolved in this release:

Security bugs fixed in this release:

  * [ASTERISK-29219]       res_pjsip_diversion: Crash if Tel URI contains
                             History-Info
                             (Reported by Torrey Searle)

Bugs fixed in this release:

  * [ASTERISK-29229]       Stasis/messaging: text messages not dispatched to
                             all subscribers when using generic subscription
                             (Reported by Jean Aunis  Prescom)
  * [ASTERISK-29238]       chan_sip: SDP: Offers without any enabled stream
                             are accepted.
                             (Reported by Alexander Traud)
  * [ASTERISK-29237]       chan_sip: SDP: m=video is parsed even when
                             disabled.
                             (Reported by Alexander Traud)
  * [ASTERISK-29222]       chan_sip: Hold/Resume an sRTP call on a video
                             enabled user-agent.
                             (Reported by Alexander Traud)
  * [ASTERISK-29240]       chan_pjsip: Incoming PJSIP calls set global
                             SIPDOMAIN instead of a channel variable
                             (Reported by Ivan Poddubny)
  * [ASTERISK-27902]       chan_pjsip isnt updating hangupcause on 4XX
                             responses
                             (Reported by George Joseph)
  * [ASTERISK-28016]       PJSIP sends duplicate 183 Progress responses
                             (Reported by Alex Hermann)
  * [ASTERISK-28185]       chan_pjsip: Subsequent same responses are not
                             stopped
                             (Reported by Julien)
  * [ASTERISK-29230]       pjsip: Asterisk goes crazy and massively spams
                             logfile if registration cant be send
                             (Reported by Michael Maier)
  * [ASTERISK-29231]       pjsip: SIGSEGV in CLI if no trunk is registered
                             (Reported by Michael Maier)
  * [ASTERISK-29217]       LOCK() can grant the same lock to multiple
                             channels spuriously
                             (Reported by Jaco Kroon)
  * [ASTERISK-29201]       Crash occurs when Transfer and execute Hangup
                             before the Transfer result
                             (Reported by Dan Cropp)
  * [ASTERISK-28947]       Segmentation fault in mixmonitor_ds_destroy
                             (Reported by Robert Sutton)
  * [ASTERISK-29191]       tel: URI in Diversion header causes crash
                             (Reported by Mikhail Ivanov)
  * [ASTERISK-28883]       Spyee information ist missing in ChanSpyStop AMI
                             Event
                             (Reported by Hendrik Wedhorn)
  * [ASTERISK-29188]       null media causing the Asterisk crash
                             (Reported by sungtae kim)
  * [ASTERISK-29209]       Debug messages printed by scope trace might be
                             missing newlines
                             (Reported by Alexander Traud)
  * [ASTERISK-29024]       pjsip: Route Header in Cancel request incorrectly
                             set
                             (Reported by Flole Systems)
  * [ASTERISK-29211]       res_musiconhold: Segfault on realtime music on
                             hold without entries
                             (Reported by Nathan Bruning)
  * [ASTERISK-29022]       Crash when manipulating PJSIP invite dlg ref
                             counts
                             (Reported by Sean Bright)
  * [ASTERISK-29173]       Media cache URL requests allow infinite redirects
                             (Reported by Sean Bright)
  * [ASTERISK-29175]       res_pjsip_stir_shaken: Fix module description
                             (Reported by Stanislav Abramenkov)
  * [ASTERISK-29148]       AST_MODULE_INFO no, MODULEINFO depend
                             (Reported by Alexander Traud)
  * [ASTERISK-28798]       chan_sip: TCP/TLS client without server.
                             (Reported by Alexander Traud)
  * [ASTERISK-29165]       res_pjsip: malformed header Accept-Encoding in
                             OPTIONS response
                             (Reported by Alexander Greiner-Baer)
  * [ASTERISK-29161]       Incorrect setup of recall channels
                             (Reported by Boris P. Korzun)
  * [ASTERISK-29155]       app_queue: Deadlock between queues container and
                             individual queues
                             (Reported by George Joseph)

Improvements made in this release:


  * [ASTERISK-28549]       Two repeated 183
                             (Reported by Gant Liu)
  * [ASTERISK-29216]       contrib: systemd asterisk service for centos8 or
                             other newer linux versions
                             (Reported by Mark Petersen)
  * [ASTERISK-29143]       res_http_media_cache: HTTP media cache stored
                             hardcoded in /tmp
                             (Reported by laszlovl)
  * [ASTERISK-29118]       VoiceMail() should have an option to play
                             greetings as Early Media
                             (Reported by Juan Carlos Castro y Castro)

Revision 1.38 / (download) - annotate - [select for diffs], Sun Jan 3 01:21:09 2021 UTC (9 months, 2 weeks ago) by gdt
Branch: MAIN
Changes since 1.37: +17 -17 lines
Diff to previous 1.37 (colored)

asterisk16: Update to 16.15.1

upstream changes: security fixes and bug fixes

Revision 1.37 / (download) - annotate - [select for diffs], Thu Dec 10 13:52:30 2020 UTC (10 months, 1 week ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2020Q4-base, pkgsrc-2020Q4
Changes since 1.36: +18 -18 lines
Diff to previous 1.36 (colored)

asterisk16: Update to 16.15.0

Upstream changes:

  bugfixes
  minor improvements
  STIR/SHAKEN support

Revision 1.36 / (download) - annotate - [select for diffs], Thu Aug 13 09:24:25 2020 UTC (14 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q3-base, pkgsrc-2020Q3
Changes since 1.35: +19 -19 lines
Diff to previous 1.35 (colored)

asterisk16: Update to 16.12.0

Changelog:
 Bugs fixed in this release:

-----------------------------------
[ASTERISK-28878] -
		chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16
(Reported by Joseph Ades)
[ASTERISK-28965] -
		res_pjsip: Apply outbound proxy to static contacts on AOR
(Reported by Joshua C. Colp)
[ASTERISK-28930] -
		./configure --without-ssl build failure
(Reported by Jaco Kroon)
[ASTERISK-28886] -
		chan_pjsip: PJSIP_SC_NULL does not exist in pjproject 2.7.2
(Reported by Jared Smith)
[ASTERISK-28957] -
		chan_sip: chan_sip does not process 400 response to an INVITE.
(Reported by Frederic LE FOLL)
[ASTERISK-28888] -
		res_corosync: causes asterisk crash in huge distributed environment.
(Reported by Università di Bologna - CESIA VoIP)
[ASTERISK-28955] -
		"setvar" doesn't work properly in dahdi-channels.conf
(Reported by Marin Odrljin)
[ASTERISK-28954] -
		StreamEcho() only returns 1 active stream
(Reported by Bill Kervaski)
[ASTERISK-28942] -
		res_sorcery_memory_cache: Individual object expiration behaves unexpectedly with full backend caching
(Reported by Joshua C. Colp)
[ASTERISK-28953] -
		res_pjsip_session: Preserve stream label
(Reported by Joshua C. Colp)
[ASTERISK-28952] -
		Queue wrapuptime sometimes not respected (based on stale lastcall time)
(Reported by Walter Doekes)
[ASTERISK-28950] -
		Stale code in app_queue to check untouched channel
(Reported by Walter Doekes)
[ASTERISK-28644] -
		Stale comment in app_queue about ring_entry exception
(Reported by Walter Doekes)
[ASTERISK-28948] -
		ARI channel create doesn't referencing the channel_id parameter
(Reported by sungtae kim)
[ASTERISK-28938] -
		core_unreal / core_local: Add support for multistream and re-negotiation
(Reported by Joshua C. Colp)
[ASTERISK-28939] -
		res_rtp_asterisk: Don't have send/receive buffers on non-WebRTC
(Reported by Joshua C. Colp)
[ASTERISK-28944] -
		bridge_softmix: Transitioning a stream from inactive -> sendrecv/sendonly doesn't re-negotiation
(Reported by Joshua C. Colp)
[ASTERISK-28923] -
		T.38 Segfaults in chan_pjsip_queryoption
(Reported by Yury Kirsanov)
[ASTERISK-28940] -
		/channels/create doesn't get any parameters from the body
(Reported by sungtae kim)
[ASTERISK-28936] -
		res_pjsip: crash when dialing non-sip uri
(Reported by Walter Doekes)
[ASTERISK-28900] -
		res_fax: Double frame free when gateway in use with off-nominal format usage
(Reported by Gregory Massel)
[ASTERISK-28929] -
		pjproject_bundled: Honor --without-pjproject.
(Reported by Alexander Traud)
[ASTERISK-28932] -
		res_pjsip_logger writing too big packets
(Reported by nappsoft)
[ASTERISK-28921] -
		Wrong return value check for fwrite when writing to pcap file
(Reported by nappsoft)

Improvements made in this release:

-----------------------------------
[ASTERISK-28959] -
		res_pjsip: Added option for disable rport parameter set
(Reported by sungtae kim)
[ASTERISK-28958] -
		Continue reading string when ping received by websocket
(Reported by Nickolay V. Shmyrev)
[ASTERISK-28945] -
		AMI SendText - add Content-Type parameter
(Reported by Kevin Harwell)
[ASTERISK-28949] -
		res_http_websocket: Add masking to websocket client
(Reported by Moises Silva)
[ASTERISK-28899] -
		Upgrade Asterisk to bundled pjproject 2.10
(Reported by Kevin Harwell)

Revision 1.35 / (download) - annotate - [select for diffs], Fri Jun 12 16:23:53 2020 UTC (16 months, 1 week ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2
Changes since 1.34: +17 -17 lines
Diff to previous 1.34 (colored)

asterisk16: Update to 16.11.0

Changelog:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-28940] -
		/channels/create doesn't get any parameters from the body
(Reported by sungtae kim)
[ASTERISK-28932] -
		res_pjsip_logger writing too big packets
(Reported by nappsoft)
[ASTERISK-28921] -
		Wrong return value check for fwrite when writing to pcap file
(Reported by nappsoft)
[ASTERISK-28794] -
		res_pjsip: Crash when escaping during URI printing
(Reported by nappsoft)
[ASTERISK-28884] -
		x-ast-orig-host not filtered out from request URI and To header
(Reported by nappsoft)
[ASTERISK-28871] -
		res_pjsip_session: Unnecessary re-Invite on call answer
(Reported by Alexei Gradinari)
[ASTERISK-28903] -
		res_srtp: Answered Crypto Suite might be wrong in SDP/SDES.
(Reported by Alexander Traud)
[ASTERISK-28898] -
		bridge_softmix: Conference bridge not passing silent rtp packets
(Reported by Jonathan Hunter)
[ASTERISK-28892] -
		res_musiconhold: Module res_musiconhold throws false warning
(Reported by Nicholas John Koch)
[ASTERISK-28904] -
		RTP ICE leaks the memory
(Reported by sungtae kim)
[ASTERISK-26780] -
		res_pjsip: PJSIP Registration Fails when transport=transport-udp6
(Reported by Peter Sokolov)
[ASTERISK-28854] -
		SIGSEGV when pjsip show history encounters IPV6 address
(Reported by Roger James)
[ASTERISK-28804] -
		[patch] app_osplookup.c: Avoid a format truncation.
(Reported by Alexander Traud)
[ASTERISK-28797] -
		[patch] tcptls: Fix notice when TLS is enabled but not configured.
(Reported by Alexander Traud)
[ASTERISK-28776] -
		Non async-signal-safe syscalls used after fork before exec
(Reported by nappsoft)
[ASTERISK-28870] -
		streams: One memory leak and one issue cloning streams
(Reported by George Joseph)
[ASTERISK-28829] -
		app_queue: leaking stasis subscription when Redirecting call
(Reported by lvl)
[ASTERISK-25844] -
		app_queue: Ghost channels in "core show channels" output
(Reported by Etienne Lessard)
[ASTERISK-22920] -
		Crash while Forwarding from TLS extension with CHANNEL args secure_bridge_media and secure_bridge_signaling
(Reported by Shlomi Gutman)
[ASTERISK-28859] -
		pjsip: Increase maximum candidate count
(Reported by Joshua C. Colp)
[ASTERISK-28852] -
		Unprotected access to nochecksums variable, causes build failures
(Reported by Guido Falsi)
[ASTERISK-28848] -
		app_fax: Compile.
(Reported by Alexander Traud)


Improvements made in this release:
-----------------------------------
[ASTERISK-28895] -
		res_pjsip_logger: Add tons'o'functionality
(Reported by Joshua C. Colp)
[ASTERISK-28896] -
		ari: Add support for specifying variables on channel create
(Reported by Joshua C. Colp)
[ASTERISK-28879] -
		pjproject has race conditions in it's build system
(Reported by Guido Falsi)
[ASTERISK-28866] -
		third-party/pjproject/configure.m4 contains bashisms
(Reported by Guido Falsi)
[ASTERISK-28853] -
		Missing include on FreeBSD
(Reported by Guido Falsi)
[ASTERISK-28832] -
		chan_mobile creates PCMA streams that make some VoIP clients crash or not render received audio
(Reported by Peter Turczak)

Revision 1.34 / (download) - annotate - [select for diffs], Fri May 1 07:57:36 2020 UTC (17 months, 2 weeks ago) by ryoon
Branch: MAIN
Changes since 1.33: +18 -18 lines
Diff to previous 1.33 (colored)

asterisk16: Update to 16.10.0

Changelog:
16.10.0:
New Features made in this release:

-----------------------------------
[ASTERISK-6863] -
		[patch] allow Asterisk to set high ToS bits as non-root on Linux
(Reported by Matt Addison)

Bugs fixed in this release:

-----------------------------------
[ASTERISK-28852] -
		Unprotected access to nochecksums variable, causes build failures
(Reported by Guido Falsi)
[ASTERISK-28846] -
		stream: Enforce formats immutability
(Reported by Joshua C. Colp)
[ASTERISK-28847] -
		ARI channels cuts the endpoint string over 80 characters
(Reported by sungtae kim)
[ASTERISK-28811] -
		Crash occurs when fax session switches from T.38 to audio
(Reported by Alexey Vasilyev)
[ASTERISK-28839] -
		Sporadic crashes with Segmentation fault
(Reported by Joeran Vinzens)
[ASTERISK-28835] -
		IPv6 addresses in SDP incorrectly formatted
(Reported by Daniel Heckl)
[ASTERISK-28372] -
		Asterisk REPLY Wrong Contact header port (TCP)
(Reported by Anton Satskiy)
[ASTERISK-24428] -
		Document that Asterisk will use the default SIP ports (5060 for TCP, 5061 for TLS) if the extern option variants aren't used
(Reported by sstream)
[ASTERISK-28838] -
		AST_MODULE_INFO requires, MODULEINFO does not mention
(Reported by Alexander Traud)
[ASTERISK-28841] -
		app_confbridge: Add support for disabling text messaging for a user
(Reported by Joshua C. Colp)
[ASTERISK-28837] -
		pjproject_bundled: Honor --without-pjproject.
(Reported by Alexander Traud)
[ASTERISK-28827] -
		res_rtp_asterisk: Loop when receive buffer is flushed by a received packet that is also in receive buffer with NACK
(Reported by nappsoft)
[ASTERISK-27195] -
		chan_sip: only sets ToS bits on UDP socket, ignoring TCP and TLS sockets
(Reported by Joshua Roys)
[ASTERISK-28826] -
		res_rtp_asterisk: Duplicate seqnos being added to send buffer with NACK
(Reported by nappsoft)
[ASTERISK-28812] -
		First DTMF is not get
(Reported by Bernard Merindol)
[ASTERISK-28758] -
		pjsip startup errors when using "with-ssl" configure option
(Reported by Patrick Wakano)
[ASTERISK-28824] -
		BuildSystem: Search for Python/C API when possibly needed only.
(Reported by Alexander Traud)
[ASTERISK-27717] -
		[patch] BuildSystem: In NetBSD, the Python Programming Language is python-2.7.
(Reported by Alexander Traud)
[ASTERISK-28798] -
		[patch] chan_sip: TCP/TLS client without server.
(Reported by Alexander Traud)
[ASTERISK-28817] -
		chan_pjsip: constant DTMF tone if RTP is not setup yet
(Reported by Kevin Harwell)
[ASTERISK-28819] -
		[patch] bridge_softmix_binaural: Show state in menuselect.
(Reported by Alexander Traud)
[ASTERISK-28816] -
		[patch] BuildSystem: Remove doc/tex and doc/pdf leftovers.
(Reported by Alexander Traud)
[ASTERISK-28818] -
		[patch] BuildSystem: Allow space in path.
(Reported by Alexander Traud)
[ASTERISK-28796] -
		func_channel: cannot read fields exten, context, userfield, channame from dialplan
(Reported by Sébastien Duthil)
[ASTERISK-28809] -
		[patch] res_rtp_asterisk: Avoid absolute value on unsigned subtraction.
(Reported by Alexander Traud)
[ASTERISK-28803] -
		[patch] chan_unistim: Avoid tautological warnings with clang.
(Reported by Alexander Traud)
[ASTERISK-28808] -
		[patch] test_stasis: Avoid always true warning with clang.
(Reported by Alexander Traud)
[ASTERISK-28056] -
		res_pjsip: Incorrect endpoint status after endpoint synchronization for a specific AOR
(Reported by Jason Hord)
[ASTERISK-28795] -
		channel: write to a stream on multi-frame writes
(Reported by Kevin Harwell)
[ASTERISK-28789] -
		test_utils: incorrectly printing error 'declined to load'
(Reported by Alexander Traud)
[ASTERISK-28788] -
		func_aes: incorrectly printing error 'declined to load'
(Reported by Alexander Traud)
[ASTERISK-28790] -
		Crash during conference call using confbridge and video
(Reported by Pascal Cadotte Michaud)
[ASTERISK-16676] -
		DAHDIRAS fails to properly initiate pppd unless asterisk is running as root
(Reported by Jaco Kroon)
[ASTERISK-21205] -
		[patch] dundi_read_result crash due to negative number
(Reported by Jaco Kroon)
[ASTERISK-28784] -
		res_pjsip_sdp_rtp: Only do hold/unhold on first audio stream
(Reported by Joshua C. Colp)
[ASTERISK-28743] -
		Asterisk is crashing if the 200 OK with SDP
(Reported by sungtae kim)
[ASTERISK-28783] -
		res_pjsip_session: Allow default non-audio streams to have reflected state
(Reported by Joshua C. Colp)
[ASTERISK-28774] -
		chan_pjsip's rtptimeout is erroneously triggered during direct-media (native_rtp) bridge
(Reported by Michael Neuhauser)
[ASTERISK-20325] -
		Comments in configs/func_odbc.conf.sample are not consistent with examples. Missing examples.
(Reported by Olivier Krief)
[ASTERISK-28780] -
		app_mixmonitor: Memory leak due to race condition between AMI MixMonitor and hangup
(Reported by Joshua C. Colp)
[ASTERISK-28773] -
		Incorrect Sender SSRC in RTCP when p2p rtp bridge is active
(Reported by Torrey Searle)
[ASTERISK-28769] -
		DTLS Handshake Fails to Occur if ice_support is enabled but not used
(Reported by Torrey Searle)
[ASTERISK-28759] -
		A non negotiated rtp frame causes call disconnection when there is a SSRC change
(Reported by Paulo Vicentini)
[ASTERISK-26711] -
		func_enum: ENUM code wrong case
(Reported by Vitold)
[ASTERISK-23407] -
		Fix the FSF address in the headers of lots of pjproject files
(Reported by Jared Smith)
[ASTERISK-19460] -
		[patch] Function TXTCIDNAME never actually makes DNS calls and always returns an empty string
(Reported by George Joseph)

Improvements made in this release:

-----------------------------------
[ASTERISK-28853] -
		Missing include on FreeBSD
(Reported by Guido Falsi)
[ASTERISK-28813] -
		func_volume: Allow decimal numbers as parameter to improve granularity
(Reported by Jean Aunis - Prescom)
[ASTERISK-27946] -
		dial (API): Storage of dialed target uses AST_MAX_EXTENSION when it shouldn't
(Reported by Joshua Elson)
[ASTERISK-28782] -
		Add support for Content-Disposition header in multi-part INVITES
(Reported by Torrey Searle)
[ASTERISK-28787] -
		res_pjsip_session: Decide more intelligently when to add video
(Reported by Joshua C. Colp)


16.9.0:
Bugs fixed in this release:
-----------------------------------

    [ASTERISK-28766] -

	 	PJSIP blind transfer not completed after using Proceeding()
(Reported by lvl)

    [ASTERISK-28685] -

	 	check_expr2: linking (when hardening) and cross-compiling troubles
(Reported by Sebastian Kemper)

    [ASTERISK-28764] -

	 	res_rtp_asterisk: Improve NACK support and seqno handling
(Reported by Joshua C. Colp)

    [ASTERISK-28755] -

	 	SIP/Stasis: SIP headers not transmitted in the "variables" field
(Reported by Jean Aunis - Prescom)

    [ASTERISK-28754] -

	 	ASTERISK-28738 Causes Audio Issue After Hold
(Reported by Ross Beer)

    [ASTERISK-28697] -

	 	res_pjsip: Named ACL does not update on reload if changed
(Reported by Timothy Vanderaerden)

    [ASTERISK-28746] -

	 	res_pjsip_outbound_registration keeps retrying the first entry in a SRV record set
(Reported by George Joseph)

    [ASTERISK-28716] -

	 	ICE: pjnath shouldn't wait for ICE to complete before allowing sending
(Reported by Benjamin Keith Ford)

    [ASTERISK-28738] -

	 	Incorrect state machine used when MOH_PASSTHRU is used
(Reported by Torrey Searle)

    [ASTERISK-28742] -

	 	res_rtp_asterisk: static for audio due to incomplete dtls/srtp setup
(Reported by Kevin Harwell)

    [ASTERISK-28735] -

	 	Realtime MoH Unknown format '' -- defaulting to SLIN
(Reported by Ross Beer)

    [ASTERISK-28730] -

	 	res_pjsip_session: Fix out of order session refreshes
(Reported by Joshua C. Colp)

    [ASTERISK-28718] -

	 	chan_sip: Returns 403 if RTP ports are depleted, should return 503
(Reported by Walter Doekes)

    [ASTERISK-28719] -

	 	Cannot remove defaultrule from queue using realtime queues
(Reported by EDV O-TON)

    [ASTERISK-28713] -

	 	res_stasis_playback: Error building JSON
(Reported by Sébastien Duthil)

    [ASTERISK-28714] -

	 	REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
(Reported by Ross Beer)

    [ASTERISK-26082] -

	 	res_pjsip_messaging: MessageSend Content-Type can't be changed
(Reported by Alex)

    [ASTERISK-28423] -

	 	ARI causes STASIS Deadlock
(Reported by Ross Beer)

    [ASTERISK-28679] -

	 	stasis application is destroyed after its creation
(Reported by Francois Blackburn)

    [ASTERISK-25421] -

	 	PJSIP. MESSAGE_SEND_STATUS set to SUCCESS in spite of the error when sending
(Reported by Dmitriy Serov)

    [ASTERISK-28686] -

	 	chan_sip strictrtp=yes fails when media source is changed: no audio
(Reported by Walter Doekes)

    [ASTERISK-28139] -

	 	RTP Stream Incorrect Payload Type Causes Asterisk To Drop Calls
(Reported by Paul Brooks)

    [ASTERISK-26955] -

	 	pjsip: SIP Packets with Via "received=" Containing IPv6 Address Delimited by "[]" Rejected
(Reported by Peter Sokolov)



Improvements made in this release:
-----------------------------------



    [ASTERISK-28750] -

	 	TLS/SSL Key too small error
(Reported by Martin Zeh)

    [ASTERISK-28733] -

	 	stream: Add support for adding/removing streams during SFU/calls
(Reported by Joshua C. Colp)

    [ASTERISK-24798] -

	 	Documentation - Clarify That Format Is Set By File Name Extension In MixMonitor
(Reported by xrobau)

    [ASTERISK-28726] -

	 	install_prereq script uses the interactive mode when installing aptitude
(Reported by Sylvain Afchain)


16.8.0:
 New Features made in this release:

-----------------------------------
[ASTERISK-17491] -
		CURLOPT() needs a "followlocation" parameter / "maxredirs" doesn't do anything
(Reported by candrews)
[ASTERISK-28639] -
		res_pjsip_endpoint_identifier_ip: Add ability to match on source port
(Reported by Sean Bright)

Bugs fixed in this release:

-----------------------------------
[ASTERISK-28679] -
		stasis application is destroyed after its creation
(Reported by Francois Blackburn)
[ASTERISK-28423] -
		ARI causes STASIS Deadlock
(Reported by Ross Beer)
[ASTERISK-28714] -
		REGRESSION: Feature subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
(Reported by Ross Beer)
[ASTERISK-28677] -
		CDR billsec is always 0 for transferred calls
(Reported by Maciej Michno)
[ASTERISK-28702] -
		chan_dahdi: holding a channel via flash to dialtone times out after 0:16:40
(Reported by Andrew Siplas)
[ASTERISK-28706] -
		silk 24hHz doesn't show up in 'core show translation' output
(Reported by Sean Bright)
[ASTERISK-24484] -
		Update documentation for statsd module - usage requirements unclear
(Reported by Dan Jenkins)
[ASTERISK-28695] -
		core: minmemfree watermark uses free RAM, not available RAM
(Reported by Kevin Flyn)
[ASTERISK-28693] -
		chan_sip: SIP MESSAGE beginning with a whitespace appears empty in the dialplan
(Reported by Frank Matano)
[ASTERISK-23739] -
		[patch]Segfault forwarding voicemail with ODBC storage enabled and realtime voicemail_data is used
(Reported by Stas Kobzar)
[ASTERISK-27622] -
		empty voicemail.conf required for ARA (realtime) voicemail to leave message
(Reported by Jim Van Meggelen)
[ASTERISK-28349] -
		Pause reason not reported in QueueMember AMI event
(Reported by Niksa Baldun)
[ASTERISK-21794] -
		CLI command 'realtime update2' syntax failure when using according to usage help
(Reported by Cedric BASSAGET)
[ASTERISK-25429] -
		res_pjsip_endpoint_identifier_ip: Document support for hostnames
(Reported by Joshua C. Colp)
[ASTERISK-27775] -
		res_pjsip_notify: Multiple Event headers can be present instead of just one
(Reported by AvayaXAsterisk)
[ASTERISK-28682] -
		app_record: Lack of `beep` audio file causes application to return error and hangup
(Reported by Corey Farrell)
[ASTERISK-28507] -
		Wiki docs missing for MessageWaiting
(Reported by David M. Lee)
[ASTERISK-27759] -
		res_pjsip_pubsub: Subscription persistence does not preserve XML version number
(Reported by Bryan Nelson)
[ASTERISK-28605] -
		chan_dahdi: Deadlock in Hangup Scenarios with concurrent command pri show span X
(Reported by Dirk Wendland)
[ASTERISK-28633] -
		stasis bridge topic leak
(Reported by Joeran Vinzens)
[ASTERISK-28492] -
		pjsip reload not reloading wizard endpoint/pickup_group endpoint/call_group
(Reported by Jean-Denis Girard)
[ASTERISK-28562] -
		SIP WSS message not processed until next frame arrives
(Reported by Robert Sutton)
[ASTERISK-27243] -
		contrib: valgrind.supp doesn't suppress what it's supposed to due to invalid syntax
(Reported by Richard Kenner)
[ASTERISK-28497] -
		func_odbc: truncating Unicode string on readsql
(Reported by Boris P. Korzun)
[ASTERISK-28647] -
		chan_sip: RTP frames not transmitted after emitting a COLP
(Reported by Jean Aunis - Prescom)
[ASTERISK-28667] -
		Asterisk ignores parsing of config files if a Byte order mark is present
(Reported by Robin Leffmann)
[ASTERISK-28664] -
		"trustrpid" is misspelled in sip_to_pjsip.py
(Reported by Pascal Cadotte Michaud)
[ASTERISK-28604] -
		app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0
(Reported by George Joseph)
[ASTERISK-28659] -
		res_pjsip_sdp_rtp: Bundle includes non-existent media stream if codecs create additional streams and offer does not have them
(Reported by nappsoft)
[ASTERISK-28660] -
		res_fax: wrap Asterisk initiated negotiation with config option
(Reported by Kevin Harwell)
[ASTERISK-28636] -
		app_chanisavail+cdr: ChanIsAvail sometimes fails to deactivate CDR.
(Reported by Frederic LE FOLL)
[ASTERISK-28626] -
		Missing arguments in PJSIP_CONTACT function documentation
(Reported by Pascal Cadotte Michaud)
[ASTERISK-28609] -
		Memory Leak in res_rtp_asterisk.c
(Reported by Ted G)
[ASTERISK-28651] -
		chan_sip logs errors on tx to non-existent TCP connections
(Reported by Jaco Kroon)
[ASTERISK-28502] -
		chan_pjsip incorrectly re-writes REGISTER 200 Response Contact
(Reported by Ross Beer)
[ASTERISK-28625] -
		Playback of local files impacted by large media cache
(Reported by Kevin Reeves)

Improvements made in this release:

-----------------------------------
[ASTERISK-28710] -
		Should be able to disable the /httpstatus URI in the built-in HTTP server
(Reported by Sean Bright)
[ASTERISK-28638] -
		Simplify dialplan for Dial, Page, and ChanIsAvail
(Reported by cmaj)
[ASTERISK-28673] -
		GET FULL VARIABLE documentation clarification
(Reported by Jonathan Harris)
[ASTERISK-28658] -
		app_confbridge: Add support for setting maximum sample rate
(Reported by Joshua C. Colp)

Revision 1.33 / (download) - annotate - [select for diffs], Sun Mar 22 23:09:24 2020 UTC (18 months, 4 weeks ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base, pkgsrc-2020Q1
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (colored)

asterisk16: fix L§énux packaging issues

Revision 1.32 / (download) - annotate - [select for diffs], Sat Jan 11 08:36:13 2020 UTC (21 months, 1 week ago) by ryoon
Branch: MAIN
Changes since 1.31: +18 -18 lines
Diff to previous 1.31 (colored)

asterisk16: Update to 16.7.0

Changelog:
16.7.0
Security bugs fixed in this release:
-----------------------------------
    [ASTERISK-28589] - chan_sip: Depending on configuration an INVITE can alter Addr of a peer (Reported by Andrey V. T.)
    [ASTERISK-28580] - Bypass SYSTEM write permission in manager action allows system commands execution (Reported by Eliel Sardañons)

Improvements made in this release:
-----------------------------------
    [ASTERISK-28602] - res_pjsip_outbound_registration: Maximum retries reached (Reported by Daniel)
    [ASTERISK-28586] - Typo in README-SERIOUSLY.bestpractices.md (Reported by Sam Banks)
    [ASTERISK-22192] - [patch] Allow voicemail forwards with ODBC backend when format differs from attachfmt column (Reported by cmaj)
    [ASTERISK-28567] - Problem with ASTERISK-20207: Asterisk should clear out any .lock files in the voice mail directory on startup.  (Reported by Michael)
    [ASTERISK-28542] - [patch] add the ability for asterisk to generate on-hold re-invites (Reported by Torrey Searle)
    [ASTERISK-28512] - Add pass-through support for H.265 (HEVC) codec (Reported by Florian Floimair)

Bugs fixed in this release:
-----------------------------------
    [ASTERISK-28609] - Memory Leak in res_rtp_asterisk.c (Reported by Ted G)
    [ASTERISK-28604] - app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0 (Reported by George Joseph)
    [ASTERISK-28659] - res_pjsip_sdp_rtp: Bundle includes non-existent media stream if codecs create additional streams and offer does not have them (Reported by nappsoft)
    [ASTERISK-28641] - res_pjsip Segfaults when realtime configuration to an AOR points to a not existent AOR (Reported by Ross Beer)
    [ASTERISK-28644] - Stale comment in app_queue about ring_entry exception (Reported by Walter Doekes)
    [ASTERISK-28445] - res_pjsip_session: ast_json_vpack: Invalid UTF-8 string on hangup when TEST_FRAMEWORK enabled (Reported by Bernhard Schmidt)
    [ASTERISK-28637] - chan_sip+native_bridge_rtp: directmedia compatibility check failure when negociated ptime is not default ptime.  (Reported by Frederic LE FOLL)
    [ASTERISK-28631] - res_parking: Doesn't park when parkee and parker are the same (Reported by Ross Beer)
    [ASTERISK-28621] - Enforce T.38 error correction mode at 200 ok received (Reported by Salah Ahmed)
    [ASTERISK-28624] - res_pjsip_outbound_registration: add SRV failover (Reported by Kevin Harwell)
    [ASTERISK-28608] - app_amd: Use time calculation to calculate timeout (Reported by Michael Cargile)
    [ASTERISK-28615] - chan_dahdi: PRI span status may stay "Down, Active" after a short alarm (Reported by Frederic LE FOLL)
    [ASTERISK-28576] - res_rtp_asterisk: ICE Completion Crash when sent packet length doesn't match (Reported by Joshua Elson)
    [ASTERISK-26481] - FILE function grabs garbage along with read data when target line has no newline (Reported by Jonathan Harris)
    [ASTERISK-28618] - bridge_softmix: hold not cleared when joining a softmix bridge (Reported by Kevin Harwell)
    [ASTERISK-28616] - parking: Deadlock when multi call parking (Reported by Joshua C. Colp)
    [ASTERISK-28423] - ARI causes STASIS Deadlock (Reported by Ross Beer)
    [ASTERISK-28572] - Memory leaks in res_calendar_exchange and res_calendar_icalendar (Reported by Yoooooo Ha)
    [ASTERISK-28585] - ari/resource_events: Crash in event session cleanup (Reported by Kevin Harwell)
    [ASTERISK-28590] - utils.c throws repeated warnings; "pthread_attr_setstacksize: Invalid argument" (Reported by Speed Dial Dave)
    [ASTERISK-28578] - race condition on pjsip channelstats command (Reported by Salah Ahmed)
    [ASTERISK-28571] - cdr_pgsql: accesses obsolete (and finally removed) column (Reported by Christoph Moench-Tegeder)
    [ASTERISK-28575] - MWI Send Notify Crash on 16.6 (Reported by Joshua Elson)
    [ASTERISK-28574] - pjproject fails to build on 16.6.0, works on 16.5 (Reported by Niklas Larsson)
    [ASTERISK-28561] - Asterisk Deadlocks (Reported by Aheliotech)
    [ASTERISK-28552] - res_pjsip_mwi: Frack during unload on unsolicited_mwi container (Reported by Kevin Harwell)
    [ASTERISK-28566] - CDR backend unload problem during active call(s) (Reported by Marian Piater)
    [ASTERISK-28553] - stasis.c: Crash during unload (Reported by Kevin Harwell)
    [ASTERISK-28086] - chan_pjsip: Crash when initiating PlayDTMF over AMI (Reported by Jeremiah Gadd)
    [ASTERISK-28544] - Wrong contact representation in ipv6 mode (Reported by Jørgen H)
    [ASTERISK-28534] - Segmentation fault when there is no priority for an extension (Reported by Timothy Vanderaerden)
    [ASTERISK-28463] - res_pjsip_path: Crash when invalid contact is configured (Reported by Juan Martin)
    [ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
    [ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
    [ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
    [ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
    [ASTERISK-23756] - setvar directive when used in template and a child of said template, results in duplicate variable names (Reported by Michael Goryainov)

New Features made in this release:
-----------------------------------
    [ASTERISK-28614] - app_senddtmf: Allow "receiving" DTMF with PlayDTMF instead of only "sending" (Reported by lvl)
    [ASTERISK-28613] - func_curl: CURLOPT cannot set Content-Type header (Reported by Martin Tomec)
    [ASTERISK-28553] - stasis.c: Crash during unload (Reported by Kevin Harwell)
    [ASTERISK-28086] - chan_pjsip: Crash when initiating PlayDTMF over AMI (Reported by Jeremiah Gadd)
    [ASTERISK-28544] - Wrong contact representation in ipv6 mode (Reported by Jørgen H)
    [ASTERISK-28534] - Segmentation fault when there is no priority for an extension (Reported by Timothy Vanderaerden)
    [ASTERISK-28463] - res_pjsip_path: Crash when invalid contact is configured (Reported by Juan Martin)
    [ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
    [ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
    [ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
    [ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
    [ASTERISK-23756] - setvar directive when used in template and a child of said template, results in duplicate variable names (Reported by Michael Goryainov)

New Features made in this release:
-----------------------------------
    [ASTERISK-28614] - app_senddtmf: Allow "receiving" DTMF with PlayDTMF instead of only "sending" (Reported by lvl)
    [ASTERISK-28613] - func_curl: CURLOPT cannot set Content-Type header (Reported by Martin Tomec)
    [ASTERISK-28533] - func_jitterbuffer: Add support for video synchronization (Reported by Joshua C. Colp)

16.6.0
Security bugs fixed in this release:
-----------------------------------
[ASTERISK-28495] - res_pjsip_t38: 200 OK with SDP answer with declined stream causes crash (Reported by Alexei Gradinari)

Bugs fixed in this release:
-----------------------------------
[ASTERISK-28521] - pjsip: Memory Leak (Reported by Mark)
[ASTERISK-28523] - Asterisk 16.5.0 Memory leak (Reported by Cyril Ramière)
[ASTERISK-28538] - chan_pjsip: Deadlock on fax detection (Reported by Joshua C. Colp)
[ASTERISK-28536] - Asterisk release candidates fail to build on FreeBSD (Reported by Guido Falsi)
[ASTERISK-28511] - codec_resample: Bad sound quality when up sampling from SLIN16 to SLIN32 (Reported by Ruddy G)
[ASTERISK-28525] - chan_dahdi: set CHANNEL(hangupsource) when a PRI channel hangs up (Reported by Frederic LE FOLL)
[ASTERISK-28527] - ChanIsAvail() creates a CDR if unanswered=yes is set in cdr.conf (Reported by Frederic LE FOLL)
[ASTERISK-28499] - translate: Crash when frame does not have a "src" field set (Reported by Gregory Massel)
[ASTERISK-25592] - chan_unistim: Clang Warning: variable sized type not at end of a struct (Reported by Alexander Traud)
[ASTERISK-28488] - pjsip mwi: n+1 sip notify's sent on re-register (Reported by Chris Savinovich)
[ASTERISK-28509] - PJSIP cnonce generated on Linux contains 36 characters, NEC only supports up to 32 characters (Reported by Dan Cropp)
[ASTERISK-28505] - app_voicemail/IMAP: segfault in leave_voicemail because not checking mailstream (Reported by Alexei Gradinari)
[ASTERISK-28487] - compile menuselect on gentoo (Reported by Kilburn)
[ASTERISK-28472] - Asterisk occasionally passes a NULL as srtp->session to srtp_protect/unprotect causing SEGV (Reported by Jonas Swiatek)
[ASTERISK-28498] - cel / cdr: Event times may be incorrect (Reported by Joshua C. Colp)
[ASTERISK-28480] - json integer overflow in ssrc and timestamp (Reported by Salah Ahmed)
[ASTERISK-28228] - res_pjsip: pjsip show contacts prints double entries (Reported by Ian Jones)
[ASTERISK-28483] - packet lost on UDPTL wrap around (Reported by Torrey Searle)
[ASTERISK-28477] - Crash when not specifying "dbfile" in res_config_sqlite3.conf (Reported by Dennis)
[ASTERISK-28478] - Crash performing "core reload" with modified res_config_sqlite3.conf (Reported by Dennis)
[ASTERISK-26968] - chan_pjsip: Transfer() does not result in TRANSFERSTATUS reflecting SIP response to transfer (Reported by Dan Cropp)
[ASTERISK-28282] - AST_SCHED_REPLACE_UNREF causes wait-on-self deadlocks (in chan_sip) (Reported by Walter Doekes)

New Features made in this release:
-----------------------------------
[ASTERISK-17808] - [patch] Unregister a realtime moh class (Reported by Byron Clark)
[ASTERISK-28489] - Channel variable SIPFROMDOMAIN for chan_pjsip to setup From header URI domain (Reported by Stas Kobzar)

Revision 1.31 / (download) - annotate - [select for diffs], Sat Dec 21 23:29:05 2019 UTC (21 months, 4 weeks ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base, pkgsrc-2019Q4
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

Look into ${PREFIX}/lib when checking for libBlocksRuntime.

Revision 1.30 / (download) - annotate - [select for diffs], Tue Aug 20 13:47:42 2019 UTC (2 years, 2 months ago) by ryoon
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.29: +36 -41 lines
Diff to previous 1.29 (colored)

comms/asterisk16: import asterisk-16.5.0

Asterisk is a complete PBX in software.  It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

Revision 1.29, Fri Sep 14 02:41:05 2012 UTC (9 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2, pkgsrc-2012Q4-base, pkgsrc-2012Q4
Changes since 1.28: +1 -1 lines
FILE REMOVED

Remove Asterisk 1.6.  This version series went end-of-line on April
21st, 2012.  It most likely has multiple security issues.  By this
point, all users of this package should have migrated to comms/asterisk18
or comms/asterisk10 as this version has been marked as being
deprecated for some time now.

Note that this directory is likely to re-appear in late 2017 when
Asterisk 16 comes out, assuming the current schedule is followed.
However that will be a vastly different version as Asterisk 11 is
only in the RC stage now (i.e. it will be five major versions after
the one that is expected to be released later this year).

Revision 1.28 / (download) - annotate - [select for diffs], Fri May 4 16:06:13 2012 UTC (9 years, 5 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.27: +2 -1 lines
Diff to previous 1.27 (colored)

Don't override optimizer settings with absurd levels.
Fix inline definitions to work with C99 compiler.

Revision 1.27 / (download) - annotate - [select for diffs], Mon Apr 30 03:19:40 2012 UTC (9 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.26: +13 -13 lines
Diff to previous 1.26 (colored)

Update to Asterisk 1.6.2.24.  This fixes AST-2012-004 and AST-2012-005.
The 1.6.2 series went End of Life on April 21st 2012, so this was
the last update.  This package will be deleted in the not too
distnat future.

The Asterisk Development Team has announced security releases for
Asterisk 1.6.2 , 1.8, and 10. The available security releases are
released as versions 1.6.2.24, 1.8.11.1, and 10.3.1.

The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the
following two issues:

 * A permission escalation vulnerability in Asterisk Manager
   Interface.  This would potentially allow remote authenticated
   users the ability to execute commands on the system shell with
   the privileges of the user running the Asterisk application.

 * A heap overflow vulnerability in the Skinny Channel driver.
   The keypad button message event failed to check the length of
   a fixed length buffer before appending a received digit to the
   end of that buffer.  A remote authenticated user could send
   sufficient keypad button message events that th e buffer would
   be overrun.

These issues and their resolution are described in the security
advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2012-004, AST-2012-005, and
AST-2012-006, which were released at the same time as this
announcement.

For a full list of changes in the current releases, please see the
ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.24

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf
 * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf

Thank you for your continued support of Asterisk!

Revision 1.26 / (download) - annotate - [select for diffs], Sun Mar 25 02:59:53 2012 UTC (9 years, 6 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.25: +13 -13 lines
Diff to previous 1.25 (colored)

Update to 1.6.2.23:

This is a security fix update.  It fixes AST-2012-002.

NOTE NOTE NOTE

This is likely to be the last update to this package.  This version
of Asterisk will be EOLed on April 21st, 2012.  It will probably
be removed from pkgsrc not long after that.  If you are still using
this package, you should consider switching to comms/asterisk18,
the Long Term Support version, or comms/asterisk10 in the near
future.

NOTE NOTE NOTE

The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.

The release of Asterisk 1.4.44 and 1.6.2.23 resolve an issue wherein
app_milliwatt can potentially overrun a buffer on the stack, causing
Asterisk to crash.  This does not have the potential for remote
code execution.

These issues and their resolution are described in the security
advisory.

For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.23

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-002.pdf

Thank you for your continued support of Asterisk!

Revision 1.25 / (download) - annotate - [select for diffs], Thu Feb 16 16:30:03 2012 UTC (9 years, 8 months ago) by hans
Branch: MAIN
Changes since 1.24: +4 -2 lines
Diff to previous 1.24 (colored)

Fix build on SunOS.

Revision 1.24 / (download) - annotate - [select for diffs], Sat Jan 14 08:30:15 2012 UTC (9 years, 9 months ago) by jnemeth
Branch: MAIN
Changes since 1.23: +13 -13 lines
Diff to previous 1.23 (colored)

Update to Asterisk 1.6.2.22:

The release of Asterisk 1.6.2.22 corrects two flaws in sip.conf.sample
related to AST-2011-013:

* The sample file listed *two* values for the 'nat' option as being the default.
   Only 'yes' is the default.

* The warning about having differing 'nat' settings confusingly referred to both
   peers and users.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.22

Thank you for your continued support of Asterisk!

Revision 1.23 / (download) - annotate - [select for diffs], Mon Dec 12 05:05:34 2011 UTC (9 years, 10 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4
Changes since 1.22: +13 -13 lines
Diff to previous 1.22 (colored)

This update fixes AST-2011-013 and AST-2011-014.  It also adapts to changes
in the iLBC codec files.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-013

         Product        Asterisk
         Summary        Possible remote enumeration of SIP endpoints with
                        differing NAT settings
    Nature of Advisory  Unauthorized data disclosure
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    Yes
       Reported On      2011-07-18
       Reported By      Ben Williams
        Posted On
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  It is possible to enumerate SIP usernames when the general
                 and user/peer NAT settings differ in whether to respond to
                 the port a request is sent from or the port listed for
                 responses in the Via header. In 1.4 and 1.6.2, this would
                 mean if one setting was nat=yes or nat=route and the other
                 was either nat=no or nat=never. In 1.8 and 10, this would
                 mean when one was nat=force_rport or nat=yes and the other
                 was nat=no or nat=comedia.

    Resolution  Handling NAT for SIP over UDP requires the differing
                behavior introduced by these options.

                To lessen the frequency of unintended username disclosure,
                the default NAT setting was changed to always respond to the
                port from which we received the request-the most commonly
                used option.

                Warnings were added on startup to inform administrators of
                the risks of having a SIP peer configured with a different
                setting than that of the general setting. The documentation
                now strongly suggests that peers are no longer configured
                for NAT individually, but through the global setting in the
                "general" context.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source             All        All versions

                                  Corrected In
     As this is more of an issue with SIP over UDP in general, there is no
     fix supplied other than documentation on how to avoid the problem. The
        default NAT setting has been changed to what we believe the most
      commonly used setting for the respective version in Asterisk 1.4.43,
                             1.6.2.21, and 1.8.7.2.

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-013.pdf and
    http://downloads.digium.com/pub/security/AST-2011-013.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-013
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

     __________________________________________________________________

               Asterisk Project Security Advisory - AST-2011-014

         Product        Asterisk
         Summary        Remote crash possibility with SIP and the "automon"
                        feature enabled
    Nature of Advisory  Remote crash vulnerability in a feature that is
                        disabled by default
      Susceptibility    Remote unauthenticated sessions
         Severity       Moderate
      Exploits Known    Yes
       Reported On      November 2, 2011
       Reported By      Kristijan Vrban
        Posted On       2011-11-03
     Last Updated On    December 7, 2011
     Advisory Contact   Terry Wilson <twilson at digium.com>

         CVE Name

    Description  When the "automon" feature is enabled in features.conf, it
                 is possible to send a sequence of SIP requests that cause
                 Asterisk to dereference a NULL pointer and crash.

    Resolution  Applying the referenced patches that check that the pointer
                is not NULL before accessing it will resolve the issue. The
                "automon" feature can be disabled in features.conf as a
                workaround.

                               Affected Versions
                Product              Release Series
         Asterisk Open Source           1.6.2.x      All versions
         Asterisk Open Source            1.8.x       All versions

                                  Corrected In
                   Product                              Release
            Asterisk Open Source                   1.6.2.21, 1.8.7.2

                                     Patches
                              Download URL                            Revision
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20
   http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff   1.8.7.1

            Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/AST-2011-014.pdf and
    http://downloads.digium.com/pub/security/AST-2011-014.html

                                Revision History
           Date                 Editor                 Revisions Made

               Asterisk Project Security Advisory - AST-2011-014
              Copyright (c) 2011 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

Revision 1.22 / (download) - annotate - [select for diffs], Tue Jul 5 08:34:47 2011 UTC (10 years, 3 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2
Changes since 1.21: +14 -14 lines
Diff to previous 1.21 (colored)

Update to 1.6.2.19 (fixes several security issues):

Please note that Asterisk 1.6.2.19 is the final maintenance release
from the 1.6.2 branch. Support for security related issues will
continue until April 21, 2012. For more information about support
of the various Asterisk branches, see
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

The release of Asterisk 1.6.2.19 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

The following is a sample of the issues resolved in this release:

* Don't broadcast FullyBooted to every AMI connection
   The FullyBooted event should not be sent to every AMI connection
   every time someone connects via AMI. It should only be sent to
   the user who just connected.
   (Closes issue #18168. Reported, patched by FeyFre)
* Fix thread blocking issue in the sip TCP/TLS implementation.
   (Closes issue #18497. Reported by vois. Tested by vois, rossbeer, kowalma,
   Freddi_Fonet. Patched by dvossel)
* Don't delay DTMF in core bridge while listening for DTMF features.
   (Closes issue #15642, #16625. Reported by jasonshugart, sharvanek. Tested by
   globalnetinc, jde. Patched by oej, twilson)
* Fix chan_local crashs in local_fixup()
   Thanks OEJ for tracking down the issue and submitting the patch.
   (Closes issue #19053. Reported, patched by oej)
* Don't offer video to directmedia callee unless caller offered it as well
   (Closes issue #19195. Reported, patched by one47)

Additionally security announcements AST-2011-008, AST-2011-010, and
AST-2011-011 have been resolved in this release.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.19

Revision 1.21 / (download) - annotate - [select for diffs], Mon Jun 6 06:25:06 2011 UTC (10 years, 4 months ago) by jnemeth
Branch: MAIN
Changes since 1.20: +15 -14 lines
Diff to previous 1.20 (colored)

Upgrade to 1.6.2.18.  This fixes several security issues including:
AST-2011-002, AST-2011-003, AST-2011-004, AST-2011-005, and AST-2011-006.

===========================================================================
1.6.2.18:

The Asterisk Development Team has announced the release of Asterisk 1.6.2.18.

The release of Asterisk 1.6.2.18 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

 * Only offer codecs both sides support for directmedia.

 * Resolution of several DTMF based attended transfer issues.
   NOTE: Be sure to read the ChangeLog for more information about these changes.

 * Resolve deadlocks related to device states in chan_sip

 * Fix channel redirect out of MeetMe() and other issues with channel softhangup

 * Fix voicemail sequencing for file based storage.

 * Guard against retransmitting BYEs indefinitely during attended transfers with
   chan_sip.

In addition to the changes listed above, commits to resolve security issues
AST-2011-005 and AST-2011-006 have been merged into this release. More
information about AST-2011-005 and AST-2011-006 can be found at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.18

===========================================================================
1.6.2.17.3

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf

===========================================================================
1.6.2.17.2:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.

** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
    contained a bug which caused duplicate manager entries (issue #18987).

The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.2

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.6.2.17.1:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.23, 1.6.2.17.1, and 1.8.3.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1 resolve two issues:

  * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
  * Remote crash vulnerability in TCP/TLS server (AST-2011-004)

The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.1

Security advisory AST-2011-003 and AST-2011-004 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf

===========================================================================
1.6.2.16.2:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4.

The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and 1.8.2.4 resolve an
issue that when decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems configured for
T.38 pass through or termination are vulnerable. The issue and resolution are
described in the AST-2011-002 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2011-002, which was released at the same time as this
announcement.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.2

Security advisory AST-2011-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2011-002.pdf

Revision 1.18.2.1 / (download) - annotate - [select for diffs], Tue Jan 25 12:43:16 2011 UTC (10 years, 8 months ago) by tron
Branch: pkgsrc-2010Q4
Changes since 1.18: +14 -14 lines
Diff to previous 1.18 (colored) next main 1.19 (colored)

Pullup ticket #3335 - requested by gls
comms/asterisk16: security update

Revisions pulled up:
- comms/asterisk16/Makefile			1.28-1.29
- comms/asterisk16/distinfo			1.19-1.20
- comms/asterisk16/patches/patch-aq		1.10
---
Module Name:	pkgsrc
Committed By:	jnemeth
Date:		Sun Jan 16 06:30:57 UTC 2011

Modified Files:
	pkgsrc/comms/asterisk16: Makefile distinfo
	pkgsrc/comms/asterisk16/patches: patch-aq

Log Message:
Update to 1.6.2.16:

The release of Asterisk 1.6.2.16 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* Fix cache of device state changes for multiple servers.
   (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched,
tested
   by russellb)

* Resolve issue where channel redirect function (CLI or AMI) hangs up
the call
   instead of redirecting the call.
   (Closes issue #18171. Reported by: SantaFox)
   (Closes issue #18185. Reported by: kwemheuer)
   (Closes issue #18211. Reported by: zahir_koradia)
   (Closes issue #18230. Reported by: vmarrone)
   (Closes issue #18299. Reported by: mbrevda)
   (Closes issue #18322. Reported by: nerbos)

* Linux and *BSD disagree on the elements within the ucred structure. Detect
   which one is in use on the system.
   (Closes issue #18384. Reported, patched, tested by bjm, tilghman)

* app_followme: Don't create a Local channel if the target extension
does not
   exist.
   (Closes issue #18126. Reported, patched by junky)

* Revert code that changed SSRC for DTMF.
   (Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou.
rsw686.
   Tested by cmbaker82)

* Resolve issue where REGISTER request with a Call-ID matching an existing
   transaction is received it was possible that the REGISTER request would
   overwrite the initreq of the private structure.
   (Closes issue #18051. Reported by eeman. Patched, tested by twilson)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
---
Module Name:	pkgsrc
Committed By:	jnemeth
Date:		Fri Jan 21 05:13:12 UTC 2011

Modified Files:
	pkgsrc/comms/asterisk16: Makefile distinfo

Log Message:
Update to 1.6.2.16.1

This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver

               Asterisk Project Security Advisory - AST-2011-001

         Product        Asterisk
         Summary        Stack buffer overflow in SIP channel driver
    Nature of Advisory  Exploitable Stack Buffer Overflow
      Susceptibility    Remote Authenticated Sessions
         Severity       Moderate
      Exploits Known    No
       Reported On      January 11, 2011
       Reported By      Matthew Nicholson
        Posted On       January 18, 2011
     Last Updated On    January 18, 2011
     Advisory Contact   Matthew Nicholson <mnicholson at digium.com>
         CVE Name

   Description When forming an outgoing SIP request while in pedantic
mode, a
               stack buffer can be made to overflow if supplied with
               carefully crafted caller ID information. This vulnerability
               also affects the URIENCODE dialplan function and in some
               versions of asterisk, the AGI dialplan application as well..
               The ast_uri_encode function does not properly respect the
size
               of its output buffer and can write past the end of it when
               encoding URIs.

For full details, see:

http://downloads.digium.com/pub/security/AST-2011-001.html

Revision 1.20 / (download) - annotate - [select for diffs], Fri Jan 21 05:13:12 2011 UTC (10 years, 9 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2011Q1-base, pkgsrc-2011Q1
Changes since 1.19: +13 -13 lines
Diff to previous 1.19 (colored)

Update to 1.6.2.16.1

This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver

               Asterisk Project Security Advisory - AST-2011-001

         Product        Asterisk
         Summary        Stack buffer overflow in SIP channel driver
    Nature of Advisory  Exploitable Stack Buffer Overflow
      Susceptibility    Remote Authenticated Sessions
         Severity       Moderate
      Exploits Known    No
       Reported On      January 11, 2011
       Reported By      Matthew Nicholson
        Posted On       January 18, 2011
     Last Updated On    January 18, 2011
     Advisory Contact   Matthew Nicholson <mnicholson at digium.com>
         CVE Name

   Description When forming an outgoing SIP request while in pedantic mode, a
               stack buffer can be made to overflow if supplied with
               carefully crafted caller ID information. This vulnerability
               also affects the URIENCODE dialplan function and in some
               versions of asterisk, the AGI dialplan application as well.
               The ast_uri_encode function does not properly respect the size
               of its output buffer and can write past the end of it when
               encoding URIs.

For full details, see:

http://downloads.digium.com/pub/security/AST-2011-001.html

Revision 1.19 / (download) - annotate - [select for diffs], Sun Jan 16 06:30:56 2011 UTC (10 years, 9 months ago) by jnemeth
Branch: MAIN
Changes since 1.18: +14 -14 lines
Diff to previous 1.18 (colored)

Update to 1.6.2.16:

The release of Asterisk 1.6.2.16 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* Fix cache of device state changes for multiple servers.
   (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
   by russellb)

* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
   instead of redirecting the call.
   (Closes issue #18171. Reported by: SantaFox)
   (Closes issue #18185. Reported by: kwemheuer)
   (Closes issue #18211. Reported by: zahir_koradia)
   (Closes issue #18230. Reported by: vmarrone)
   (Closes issue #18299. Reported by: mbrevda)
   (Closes issue #18322. Reported by: nerbos)

* Linux and *BSD disagree on the elements within the ucred structure. Detect
   which one is in use on the system.
   (Closes issue #18384. Reported, patched, tested by bjm, tilghman)

* app_followme: Don't create a Local channel if the target extension does not
   exist.
   (Closes issue #18126. Reported, patched by junky)

* Revert code that changed SSRC for DTMF.
   (Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
   Tested by cmbaker82)

* Resolve issue where REGISTER request with a Call-ID matching an existing
   transaction is received it was possible that the REGISTER request would
   overwrite the initreq of the private structure.
   (Closes issue #18051. Reported by eeman. Patched, tested by twilson)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16

Revision 1.18 / (download) - annotate - [select for diffs], Sun Dec 12 10:19:44 2010 UTC (10 years, 10 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base
Branch point for: pkgsrc-2010Q4
Changes since 1.17: +15 -15 lines
Diff to previous 1.17 (colored)

Update to 1.6.2.15.  This is primarily a bugfix release.
- disable automatic Lua detection for now until lang/lua/builtin.mk exists

The release of Asterisk 1.6.2.15 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* When using chan_skinny, don't crash when parking a non-bridged call.
   (Closes issue #17680. Reported, tested by jmhunter. Patched, tested by DEA)

* Add ability for Asterisk to try both the encoded and unencoded subscription
   URI for a match in hints.
   (Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman)

* Set the caller id on CDRs when it is set on the parent channel.
   (Closes issue #17569. Reported, patched by tbelder)

* Ensure user portion of SIP URI matches dialplan when using encoded characters
   (Closes issue #17892. Reported by wdoekes. Patched by jpeeler)

* Resolve issue where Party A in an analog 3-way call would continue to hear
   ringback after party C answers.
   (Patched by rmudgett)

* Fix problem with qualify option packets for realtime peers never stopping.
   The option packets not only never stopped, but if a realtime peer was not in
   the peer list multiple options dialogs could accumulate over time.
   (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
   jpeeler)

* Multiple fixes related to Local channels.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.15

Revision 1.17 / (download) - annotate - [select for diffs], Mon Nov 15 05:18:16 2010 UTC (10 years, 11 months ago) by jnemeth
Branch: MAIN
Changes since 1.16: +15 -21 lines
Diff to previous 1.16 (colored)

Update to 1.6.2.14

The release of Asterisk 1.6.2.14 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

 * Fix issue where session timers would be advertised as supported even
   when session-timers=refuse was set in sip.conf. Also fix
   interoperability problems with session timer behavior in Asterisk.
   (Closes issue #17005. Reported by alexcarey. Patched by dvossel)

 * Parse all "Accept" headers for SIP SUBSCRIBE requests.
   (Closes issue #17758. Reported by ibc. Patched by dvossel)

 * Fix issue where queue stats would be reset on reload.
   (Closes issue #17535. Reported by raarts. Patched by tilghman)

 * Fix issue where MoH files were no longer rescanned on during a
   reload.
   (Closes issue #16744. Reported by pj. Patched by Qwell)

 * Fix issue with dialplan pattern matching where the specificity for
   pattern ranges and pattern characters was inconsistent.
   (Closes issue #16903. Reported, patched by Nick_Lewis)

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14

Revision 1.16 / (download) - annotate - [select for diffs], Thu Sep 23 23:30:38 2010 UTC (11 years ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2010Q3-base, pkgsrc-2010Q3
Changes since 1.15: +26 -17 lines
Diff to previous 1.15 (colored)

     Update to the 1.6.2 series (specifically 1.6.2.13).  This is
a feature update, so users that are upgrading should read UPDATE.txt.

pkgsrc changes:

- update to 1.6.2.13
- bury the asterisk-sounds-extra inside this one to keep it in sync
- handle sound tarballs directly (upstream had changed this to do a
  download during the install phase and dump files in $HOME)
- add new documentation files:
  - asterisk.txt
  - building_queues.txt
  - database_transactions.txt
  - followme.txt

========
1.6.2.13
========

This release resolves an issue where the .version and ChangeLog files were not
updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
other than the .version, ChangeLog and summary files.

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13

========
1.6.2.12
========

The release of Asterisk 1.6.2.12 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

     * Fix issue where DNID does not get cleared on a new call when using
       immediate=yes with ISDN signaling.
       (Closes issue #17568. Reported by wuwu. Patched by rmudgett)
     * Several updates to res_config_ldap.
       (Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
       Tested by suretec)
     * Prevent loss of Caller ID information set on local channel after masquerade.
       (Closes issue #17138. Reported by kobaz, patched by jpeeler)
     * Fix SIP peers memory leak.
       (Closes issue #17774. Reported, patched by kkm)
     * Add Danish support to say.conf.sample
       (Closes issue #17836. Reported, patched by RoadKill)
     * Ensure SSRC is changed when media source is changed to resolve audio delay.
       (Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
     * Only do magic pickup when notifycid is enabled.
       A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
       call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
       that a device is ringing. This option should only be enabled when the new
       'notifycid' option is set, but this was not the case. Instead the call-id
       value was included for every RINGING Notify message, which caused a
       regression for people who used other methods for call pickup.
       (Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
       Tested by: dvossel, urosh, okrief, alecdavis)

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12

========
1.6.2.11
========

The release of Asterisk 1.6.2.11 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are a few of the issues resolved by community developers:

  * Send DialPlanComplete as a response, not as a separate event. Otherwise, it
    goes to all manager sessions and may exclude the current session, if the
    Events mask excludes it.
    (Closes issue #17504. Reported, patched by rrb3942)

  * Allow the "useragent" value to be restored into memory from the realtime
    backend. This value is purely informational. It does not alter configuration
    at all.
    (Closes issue #16029. Reported, patched by Guggemand)

  * Fix rt(c)p set debug ip taking wrong argument Also clean up some coding
    errors.
    (Closes issue #17469. Reported, patched by wdoekes)

  * Ensure channel placed in meetme in ringing state is properly hung up. An
    outgoing channel placed in meetme while still ringing which was then hung up
    would not exit meetme and the channel was not properly destroyed.
    (Closes issue #15871. Reported, patched by Ivan)

  * Correct how 100, 200, 300, etc. is said. Also add the crazy British numbers.
    (Closes issue #16102. Reported, patched by Delvar)

  * cdr_pgsql does not detect when a table is found. This change adds an ERROR
    message to let you know when a failure exists to get the columns from the
    pgsql database, which typically means that the table does not exist.
    (Closes issue #17478. Reported, patched by kobaz)

  * Avoid crashing when installing a duplicate translation path with a lower
    cost.
    (Closes issue #17092. Reported, patched by moy)

  * Add missing handling for ringing state for use with queue empty options.
    (Closes issue #17471. Reported, patched by jazzy)

  * Fix reporting estimated queue hold time. Just say the number of seconds
    (after minutes) rather than doing some incorrect calculation with respect to
    minutes.
    (Closes issue #17498. Reported, patched by corruptor)

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.11

========
1.6.2.10
========

The release of Asterisk 1.6.2.10 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are a few of the issues resolved by community developers:

  * Allow users to specify a port for DUNDI peers.
    (Closes issue #17056. Reported, patched by klaus3000)

  * Decrease the module ref count in sip_hangup when SIP_DEFER_BYE_ON_TRANSFER is
    set.
    (Closes issue #16815. Reported, patched by rain)

  * If there is realtime configuration, it does not get re-read on reload unless
    the config file also changes.
    (Closes issue #16982. Reported, patched by dmitri)

  * Send AgentComplete manager event for attended transfers.
    (Closes issue #16819. Reported, patched by elbriga)

  * Correct manager variable 'EventList' case.
    (Closes issue #17520. Reported, patched by kobaz)

In addition, changes to res_timing_pthread that should make it more stable have
also been implemented.

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.10

=======
1.6.2.9
=======

The release of Asterisk 1.6.2.9 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!

The following are a few of the issues resolved by community developers:

  * Fix the PickupChan() application
    (Closes issue #16863. Reported, patched by schern. Patched by cjacobsen.
     Tested by Graber, cjacobsen, lathama, rickead2000, dvossel)

  * Improve logging by displaying line number
    (Closes issue #16303. Reported by dant. Patched by pabelanger. Tested by
     dant, pabelanger, lmadsen)

  * Notify CLI when modules are loaded/unloaded
    (Closes issue #17308. Reported, patched by pabelanger. Tested by russell)

  * Make the Makefile logic more explicit and move the Snow Leopard logic down to
    where it's not executed on non-Darwin systems
    (Closes issue #17028. Reported by pabelanger. Patched by seanbright,
     tilghman. Tested by pabelanger)

  * Manager cookies are not compatible with RFC2109. Make that no longer true.
    (Closes issue #17231. Reported, patched by ecarruda)

  * With IMAP backend, messages in INBOX were counted twice for MWI
    (Closes issue #17135. Reported by edhorton. Patched by ebroad, tilghman)

  * Fix possible segfault when logging
    (Closes issue #17331. Reported, patched by under. Patched by dvossel)

  * Fix memory hogging behavior of app_queue
    (Closes issue #17081. Reported by wliegel. Patched by mmichelson)

  * Allow type=user SIP endpoints to be loaded properly from realtime
    (Closes issue #16021. Reported, patched by Guggemand)

Additionally, the following issue may be of interest:

  * Fix transcode_via_sln option with SIP calls and improve PLC usage
    (Review: https://reviewboard.asterisk.org/r/622/)


For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.9

=======
1.6.2.8
=======

The release of Asterisk 1.6.2.8 resolves several issues reported by the
community, and would have not been possible without your participation.
Thank you!

The following are a few of the issues resolved by community developers:

   * Enable auto complete for CLI command 'logger set level'.
     (Closes issue #17152. Reported, patched by pabelanger)

   * Make the mixmonitor thread process audio frames faster.
     (Closes issue #17078. Reported, tested by geoff2010. Patched by dhubbard)

   * Add missing 'useragent' field to sip-friends.sql file.
     (Closes issue #17171. Reported, patched by thehar)

   * Add example dialplan for dialing ISN numbers (http://www.freenum.org)
     (Closes issue #17058. Reported, patched by pprindeville)

   * Fix issue with double "sip:" in header field.
     (Closes issue #15847. Reported, patched by ebroad)

   * Add ability to generate ASCII documentation from the TeX files by running
     'make asterisk.txt'.
     (Closes issue #17220. Reported by lmadsen. Tested, patched by pabelanger)

   * When StopMonitor() is called, ensure that it will not be restarted by a
     channel event.
     (Closes issue #16590. Reported, patched by kkm)

   * Small error in the T.140 RTP port verbose log.
     (Closes issue #16998. Reported, patched by frawd. Tested by russell)

For a full list of changes in the current release, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.8

=======
1.6.2.7
=======

The release of Asterisk 1.6.2.7 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!

The following are a few of the issues resolved by community developers:

  * Fix building CDR and CEL SQLite3 modules.
    (Closes issue #17017. Reported by alephlg. Patched by seanbright)

  * Resolve crash in SLAtrunk when the specified trunk doesn't exist.
    (Reported in #asterisk-dev by philipp64. Patched by seanbright)

  * Include an extra newline after "Aliased CLI command" to get back the prompt.
    (Issue #16978. Reported by jw-asterisk. Tested, patched by seanbright)

  * Prevent segfault if bad magic number is encountered.
    (Issue #17037. Reported, patched by alecdavis)

  * Update code to reflect that handle_speechset has 4 arguments.
    (Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
     mmichelson)

  * Resolve a deadlock in chan_local.
    (Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.7

=======
1.6.2.6
=======

The release of Asterisk 1.6.2.6 resolves several issues reported by the
community, and would have not been possible without your participation. Thank
you!

The following are a few of the issues resolved by community developers:

  * Make sure to clear red alarm after polarity reversal.
    (Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
     Chainsaw, mikeeccleston)

  * Fix problem with duplicate TXREQ packets in chan_iax2
    (Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)

  * Fix crash in app_voicemail related to message counting.
    (Closes issue #16921. Reported, tested by whardier. Patched by seanbright)

  * Overlap receiving: Automatically send CALL PROCEEDING when dialplan starts
    (Reported, Patched, and Tested by alecdavis)

  * For T.38 reINVITEs treat a 606 the same as a 488.
    (Closes issue #16792. Reported, patched by vrban)

  * Fix ConfBridge crash when no timing module is loaded.
    (Closes issue #16471. Reported, tested by kjotte. Patched, tested by junky)

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.6

=======
1.6.2.5
=======

The Asterisk Development Team has announced security releases for the following
versions of Asterisk:

* 1.6.2.5

The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with
invalid parsing of ACL (Access Control List) rules leading to a possible
compromise in security. The issue and resolution are described in the
AST-2010-003 security advisory.

For more information about the details of this vulnerability, please read the
security advisory AST-2010-003, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.5

Security advisory AST-2010-003 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-003.pdf

=======
1.6.2.4
=======

The Asterisk Development Team has announced security releases for the following
versions of Asterisk:

* 1.6.2.4

The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and 1.6.2.4
include documention describing a possible dialplan string injection with common
usage of the ${EXTEN} (and other expansion variables). The issue and resolution
are described in the AST-2010-002 security advisory.

If you have a channel technology which can accept characters other than numbers
and letters (such as SIP) it may be possible to craft an INVITE which sends data
such as 300&Zap/g1/4165551212 which would create an additional outgoing channel
leg that was not originally intended by the dialplan programmer.

Please note that this is not limited to an specific protocol or the Dial()
application.

The expansion of variables into programmatically-interpreted strings is a common
behavior in many script or script-like languages, Asterisk included. The ability
for a variable to directly replace components of a command is a feature, not a
bug - that is the entire point of string expansion.

However, it is often the case due to expediency or design misunderstanding that
a developer will not examine and filter string data from external sources before
passing it into potentially harmful areas of their dialplan.

With the flexibility of the design of Asterisk come these risks if the dialplan
designer is not suitably cautious as to how foreign data is allowed to enter the
system unchecked.

This security release is intended to raise awareness of how it is possible to
insert malicious strings into dialplans, and to advise developers to read the
best practices documents so that they may easily avoid these dangers.

For more information about the details of this vulnerability, please read the
security advisory AST-2010-002, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.4

Security advisory AST-2010-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-002.pdf

The README-SERIOUSLY.bestpractices.txt document is available in the top-level
directory of your Asterisk sources, or available in all Asterisk branches from
1.2 and up.

http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt

=======
1.6.2.3
=======

Was never released.

=======
1.6.2.2
=======

The Asterisk Development Team has announced security releases for Asterisk as
the following versions:

* 1.6.2.2

The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix
described in security advisory AST-2010-001.

The issue is that an attacker attempting to negotiate T.38 over SIP can remotely
crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain
either a negative or exceptionally large value.  The same crash will occur when
the FaxMaxDatagram field is omitted from the SDP, as well.

For more information about the details of this vulnerability, please read the
security advisory AST-2009-009, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.2

Security advisory AST-2010-001 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-001.pdf

=======
1.6.2.1
=======

The release of Asterisk 1.6.2.1 resolved several issues reported by the
community, and would have not been possible without your participation. Thank
you!

* CLI 'queue show' formatting fix.
   (Closes issue #16078. Reported by RoadKill. Tested by dvossel. Patched by
    ppyy.)

* Fix misreverting from 177158.
   (Closes issue #15725. Reported, Tested by shanermn. Patched by dimas.)

* Fixes subscriptions being lost after 'module reload'.
   (Closes issue #16093. Reported by jlaroff. Patched by dvossel.)

* app_queue segfaults if realtime field uniqueid is NULL
  (Closes issue #16385. Reported, Tested, Patched by haakon.)

* Fix to Monitor which previously assumed the file to write to did not contain
   pathing.
   (Closes issue #16377, #16376. Reported by bcnit. Patched by dant.


A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.1-summary.txt

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.1

=======
1.6.2.0
=======

The release of Asterisk 1.6.2.0 is the first feature release since Asterisk
1.6.1.0, which was released April 27, 2009. Many new features have been included
in this release. For a complete list of changes, please see the CHANGES file.
For those upgrading from a previous release, please see UPGRADE.txt

It should be explicitly stated that Asterisk 1.6.2.0 is a major upgrade over any
previous release, and special care should be taken when upgrading existing
systems. Please see the UPGRADE.txt file for more information, available at:

http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/UPGRADE.txt

A detailed overview to the new features available in Asterisk 1.6.2.0 are
forthcoming within the next few days. Please watch http://blogs.asterisk.org for
further information!

Below is a summary of several new features available in this release:

  * chan_dahdi now supports MFC/R2 signaling when Asterisk is compiled with
    support for LibOpenR2.  http://www.libopenr2.org/

  * Added a new 'faxdetect=yes|no' configuration option to sip.conf.  When this
    option is enabled, Asterisk will watch for a CNG tone in the incoming audio
    for a received call.  If it is detected, the channel will jump to the
    'fax' extension in the dialplan.

  * A new application, Originate, has been introduced, that allows asynchronous
    call origination from the dialplan.

  * Added ConfBridge dialplan application which does conference bridges without
    DAHDI. For information on its use, please see the output of
    "core show application ConfBridge" from the CLI.

  * extensions.conf now allows you to use keyword "same" to define an extension
    without actually specifying an extension.  It uses exactly the same pattern
    as previously used on the last "exten" line.  For example:
      exten => 123,1,NoOp(something)
      same  =>     n,SomethingElse()

  * Asterisk now provides the ability to define custom CLI aliases.  For example,
    if you would like to define short form aliases for frequently used commands,
    such as "sh ch" for "core show channels", that is now possible.  See the
    cli_aliases.conf configuration file for more information.

  * Asterisk now has support for subscribing to the state of remote voice
    mailboxes via SIP.

  * Asterisk now includes expanded HD codec support.  G.722.1 and G.722.1C
    (Siren7/Siren14) passthrough, recording, and playback is now supported.
    Transcoding will be made available via add-on modules soon for this version of
    Asterisk.

This is just a subset of the changes available in this release. Please see the
CHANGES file for additional information, available at:
http://svn.asterisk.org/svn/asterisk/tags/1.6.2.0/CHANGES

A summary of changes in this release can be found in the release summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.2.0-summary.txt

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.0

Revision 1.15 / (download) - annotate - [select for diffs], Wed Jun 16 08:04:44 2010 UTC (11 years, 4 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2010Q2-base, pkgsrc-2010Q2
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Update patches/patch-bd as per upstream.  No significant difference in
functionality.

Revision 1.14 / (download) - annotate - [select for diffs], Sat May 22 22:21:45 2010 UTC (11 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.13: +11 -11 lines
Diff to previous 1.13 (colored)

Update to 1.6.1.20.  Apparently they decided to do one final bug fix release:

The Asterisk releases for 1.6.0.28 and 1.6.1.20 are the last maintenance
releases for Asterisk branches 1.6.0 and 1.6.1 and have now moved to security
maintenance only.

The releases of Asterisk 1.6.0.28 and 1.6.1.20 resolves several issues reported
by the community, and would have not been possible without your participation.
Thank you!

The following are a few of the issues resolved by community developers:

  * Fix issue where MixMonitor() recordings would be shorter than total duration
.
    (Closes issue #17078. Reported,tested by geoff2010. Patched by dhubbard)

  * When StopMonitor() is called, ensure it will not be restarted by a channel
    event.
    (Closes issue #16590. Reported, patched by kkm)

  * Allow hidecalleridname feature to work.
    (Closes issue #17143. Reported, patched by djensen99)

  * Resolve deadlocks in chan_local.
    (Closes issue #17185. Reported, tested by schmoozecom, GameGamer43)

  * Ensure channel state is not incorrectly set in the case of a very early
    answer by chan_dahdi.
    (Closes issue #17067. Reported, patched by tzafrir)

  * Registration fix for SIP realtime. Make sure realtime fields are not empty.
    (Closes issue #17266. Reported, patched by Nick_Lewis. Tested by sberney)

Information about the Asterisk maintenance schedule is available at:
http://www.asterisk.org/asterisk-versions

For a full list of changes in the current release candidates, please see the
ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.20

Revision 1.13 / (download) - annotate - [select for diffs], Thu May 20 17:14:45 2010 UTC (11 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.12: +14 -14 lines
Diff to previous 1.12 (colored)

Update to Asterisk 1.6.1.19.  1.6.1.18 and 1.6.1.19 are primarily
bug fix releases.  At this point the 1.6.1 series is going to
security fixes only.  That means this package will be moving to
the 1.6.2 series in the near future.

-----
1.6.1.18:

The following are a few of the issues resolved by community developers:

  * Make sure to clear red alarm after polarity reversal.
    (Closes issue #14163. Reported, patched by jedi98. Tested by mattbrown,
     Chainsaw, mikeeccleston)

  * Fix problem with duplicate TXREQ packets in chan_iax2.
    (Closes issue #16904. Reported, patched by rain. Tested by rain, dvossel)

  *  Update documentation to not imply we support overriding options.
     (Closes issue #16855. Reported by davidw)

  * Modify queued frames from Local channels to not set the other side to up.
    (Closes issue #16816. Reported, tested by jamhed)

  *  For T.38 reINVITEs treat a 606 the same as a 488.
     (Closes issue #16792. Reported, patched by vrban)

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.18

-----
1.6.1.19:

The following are a few of the issues resolved by community developers:

  * Fix building CDR and CEL SQLite3 modules.
    (Closes issue #17017. Reported by alephlg. Patched by seanbright)

  * Resolve crash in SLAtrunk when the specified trunk doesn't exist.
    (Reported in #asterisk-dev by philipp64. Patched by seanbright)

  * Update code to reflect that handle_speechset has 4 arguments.
    (Closes issue #17093. Reported, patched by gpatri. Tested by pabelanger,
     mmichelson)

  * Pass the PID of the Asterisk process, not the PID of the canary.
    (Closes issue #17065. Reported by globalnetinc. Patched by makoto. Tested by
     frawd, globalnetinc)

  * Resolve a deadlock in chan_local.
    (Closes issue #16840. Reported, patched by bzing2, russell. Tested by bzing2)

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.19

Revision 1.12 / (download) - annotate - [select for diffs], Fri May 7 03:40:24 2010 UTC (11 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.11: +2 -1 lines
Diff to previous 1.11 (colored)

Fix bug when reloading cdr_odbc.so.

Revision 1.11 / (download) - annotate - [select for diffs], Thu May 6 20:10:17 2010 UTC (11 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.10: +3 -2 lines
Diff to previous 1.10 (colored)

Add a webvmail option which installs the vmail.cgi script accessing
voicemail using a browser.

Revision 1.10 / (download) - annotate - [select for diffs], Mon Mar 1 07:06:48 2010 UTC (11 years, 7 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2010Q1-base, pkgsrc-2010Q1
Changes since 1.9: +11 -11 lines
Diff to previous 1.9 (colored)

     Update to Asterisk 1.6.1.17.  This fixes AST-2010-001 and
AST-2010-003.  AST-2010-002 was just a warning about dialplan
scripting errors that could lead to security issues.

Asterisk 1.6.1.13: general bug fixes
Asterisk 1.6.1.14: fix AST-2010-001
Asterisk 1.6.1.15: not released, skipped for security releases
Asterisk 1.6.1.16: fix AST-2010-002
Asterisk 1.6.1.17: fix AST-2010-003

Note that the only change in Asterisk 1.6.1.16 was the addtion of
a README file.  However, the package doesn't install random docs.
That is planned for a future update seperate from the upstream
updates.

-----

Asterisk 1.6.1.13:

The release of Asterisk 1.6.1.13 resolved several issues reported
by the community, and would have not been possible without your
participation. Thank you!

* Restarts busydetector (if enabled) when DTMF is received after
   call is bridged
   (Closes issue #16389. Reported, Tested, Patched by alecdavis.)

* Send parking lot announcement to the channel which parked the
   call, not the park-ee.
   (Closes issue #16234. Reported, Tested by yeshuawatso.  Patched
    by tilghman.)

* When the field is blank, don't warn about the field being unable
   to be coerced just skip the column.
   (Closes
    http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html)
    Reported by Nic Colledge on the -dev list.)

* Don't queue frames to channels that have no means to process
   them.
   (Closes issue #15609. Reported, Tested by aragon. Patched by
    tilghman.)

* Fixes holdtime playback issue in app_queue.
   (Closes issue #16168. Reported, Patched by nickilo. Tested by
   wonderg, nickilo.)

A summary of changes in this release can be found in the release
summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t
xt

For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13

-----

Asterisk 1.6.1.14:

The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include
the fix described in security advisory AST-2010-001.

The issue is that an attacker attempting to negotiate T.38 over
SIP can remotely crash Asterisk by modifying the FaxMaxDatagram
field of the SDP to contain either a negative or exceptionally
large value.  The same crash will occur when the FaxMaxDatagram
field is omitted from the SDP, as well.

For more information about the details of this vulnerability, please
read the security advisory AST-2009-009, which was released at the
same time as this announcement.

For a full list of changes in the current releases, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14

Security advisory AST-2010-001 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-001.pdf

-----

Asterisk 1.6.1.16:

The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and
1.6.2.4 include documention describing a possible dialplan string
injection with common usage of the ${EXTEN} (and other expansion
variables). The issue and resolution are described in the AST-2010-002
security advisory.

If you have a channel technology which can accept characters other
than numbers and letters (such as SIP) it may be possible to craft
an INVITE which sends data such as 300&Zap/g1/4165551212 which
would create an additional outgoing channel leg that was not
originally intended by the dialplan programmer.

Please note that this is not limited to an specific protocol or
the Dial() application.

The expansion of variables into programmatically-interpreted strings
is a common behavior in many script or script-like languages,
Asterisk included. The ability for a variable to directly replace
components of a command is a feature, not a bug - that is the entire
point of string expansion.

However, it is often the case due to expediency or design
misunderstanding that a developer will not examine and filter string
data from external sources before passing it into potentially
harmful areas of their dialplan.

With the flexibility of the design of Asterisk come these risks if
the dialplan designer is not suitably cautious as to how foreign
data is allowed to enter the system unchecked.

This security release is intended to raise awareness of how it is
possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may
easily avoid these dangers.

For more information about the details of this vulnerability, please
read the security advisory AST-2010-002, which was released at the
same time as this announcement.

For a full list of changes in the current releases, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16

Security advisory AST-2010-002 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-002.pdf

The README-SERIOUSLY.bestpractices.txt document is available in
the top-level directory of your Asterisk sources, or available in
all Asterisk branches from 1.2 and up.

http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt

-----

Asterisk 1.6.1.17:

The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve
an issue with invalid parsing of ACL (Access Control List) rules
leading to a possible compromise in security. The issue and resolution
are described in the AST-2010-003 security advisory.

For more information about the details of this vulnerability, please
read the security advisory AST-2010-003, which was released at the
same time as this announcement.

For a full list of changes in the current releases, please see the
ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17

Security advisory AST-2010-003 is available at:

http://downloads.asterisk.org/pub/security/AST-2010-003.pdf

-----

Revision 1.9 / (download) - annotate - [select for diffs], Wed Dec 30 04:11:02 2009 UTC (11 years, 9 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.8: +13 -13 lines
Diff to previous 1.8 (colored)

     Update to 1.6.1.12.  1.6.1.10 and 1.6.1.12 are general bug
fix releases.  For more information see:

http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.6.1.10-summary.html or http://tinyurl.com/yzyr9tt and

http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.6.1.12-summary.html or http://tinyurl.com/yfxlyjp .

1.6.1.11 fixes AST-2009-010 which allows people to remotely crash the
server.  The description of the issue is:

An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.

    Commit during freeze approved by wiz@.

Revision 1.8 / (download) - annotate - [select for diffs], Fri Nov 20 04:30:08 2009 UTC (11 years, 11 months ago) by jnemeth
Branch: MAIN
Changes since 1.7: +10 -10 lines
Diff to previous 1.7 (colored)

    Fix three security advisories by updating to Asterisk 1.6.1.9
and update PLIST for new Music On Hold files.

1.6.1.8 fixes AST-2009-007.

-----

A missing ACL check for handling SIP INVITEs allows a device to
make calls on networks intended to be prohibited as defined by the
"deny" and "permit" lines in sip.conf. The ACL check for handling
SIP registrations was not affected.

-----

1.6.1.9 fixes AST-2009-008 and AST-2009-009.

-----

It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of 403 Authentication user name does not
match account name. If the peer does not exist the response will
be 404 Not Found if alwaysauthreject is disabled and 401 Unauthorized
if alwaysauthreject is enabled.

-----

Asterisk includes a demonstration AJAX based manager interface,
ajamdemo.html which uses the prototype.js framework. An issue was
uncovered in this framework which could allow someone to execute
a cross-site AJAX request exploit.

Revision 1.7 / (download) - annotate - [select for diffs], Mon Sep 14 08:44:51 2009 UTC (12 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.6: +13 -13 lines
Diff to previous 1.6 (colored)

     Update to Asterisk 1.6.1.6

- 1.6.1.6 fixes AST-2009-006 which is an IAX2 DOS vulnerability
- 1.6.1.5 contains a variety of bug fixes:

  Category: Applications/app_chanspy

   #15660: ChanSpy "whisper" is broken in 1.4.26

  Category: Applications/app_fax

   #15606: app_fax.c is not compiling under OpenBSD
   #15610: T.38 re-INVITE received after T.38 already negotiated fails

  Category: Applications/app_milliwatt

   #15386: [patch] Milliwatt() is off by -11dbm

  Category: Applications/app_mixmonitor

   #15699: [patch] using ast_free instead of mixmonitor_free

  Category: Applications/app_queue

   #14536: [patch] After a caller is processed by app_queue the queue_log
   logs the hangup as TRANSFER
   #15664: [patch] QUEUE_MEMBER_LIST() returns member names instead of

  Category: Applications/app_stack

   #15557: [patch] Gosub() dequotes once more than Macro()
   #15617: [patch] crash in LOCAL() if Gosub stack is allocated but empty

  Category: Applications/app_voicemail

   #15717: MWI is not sent to a SIP phone upon registration, but is after the
   mailbox is updated/checked
   #15720: opendir() return code is not checked in last_message_index()

  Category: Applications/app_voicemail/IMAP

   #14496: [patch] IMAP crash multiple callers / callers hangup at beep
   #14597: greetings can not be retrieved from IMAP
   #14950: [patch] Greetings are stored as IMAP messages even when
   imapgreetings=no
   #15729: IMAP greetings not stored in dovecot

  Category: CDR/General

   #15751: [patch] Core dump in ast_bridge_call features.c line 2772

  Category: Channels/chan_agent

   #15668: AGENTACCEPTDTMF is incorrectly spelled as AGENTACCEPTDMTF in code
   to recognize channel variables.

  Category: Channels/chan_dahdi

   #15655: [patch] Dialplan starts execution before call is accepted
   #15727: [patch] Message Waiting Indication(MWI) is randomly generated when
   FXO is set to DTMF Caller ID

  Category: Channels/chan_misdn

   #12113: [patch] asterisk crash at reload chan_misdn.so

  Category: Channels/chan_sip/General

   #12869: [patch] 'context' doesn't change when 'sip reload' issued when
   driven from realtime
   #15362: [patch] log message output is truncated
   #15596: [patch] all codecs allowed, but textsupport=no crashes on T140RED
   enabled call

  Category: Channels/chan_sip/Registration

   #14366: [patch] Registration expiry not compatible with some ITSP
   #15539: [patch] Register request line contains wrong address when domain
   and registrar host differ

  Category: Channels/chan_sip/T.38

   #15182: [patch] T.38 invite does not always comply with RFC 2327

  Category: Channels/chan_sip/Video

   #15121: [patch] Video support in SIP channel driver appears to be totally
   broken

  Category: Core/BuildSystem

   #15697: most cleaner alaw don't compile
   #15698: [patch] If enable DEBUG_FD_LEAKS - h323 can't start.
   #15714: [patch] Asterisk won't build with curl unless curl_config is
   present

  Category: Core/General

   #14730: [patch] Fix runlevels in Debian rc files
   #15273: [patch] german time (20:01:00 oh clock) is announced wrong
   #15649: T38 Faxing failing on 1.6.1 svn
   #15667: LOGGER WARNING : error executing after rotate

  Category: Core/ManagerInterface

   #15397: [patch] segfault in action_coreshowchannels() at manager.c
   #15730: [patch] manager keeps creating /tmp/ast-ami-XXXXXX files (without
   deleting) when a single manager client remains logged in

  Category: Core/PBX

   #15242: [patch] log does not indicate which function is missing closing
   parenthesis

  Category: Documentation

   #15755: Description in queues.conf on call recording is slightly
   misleading

  Category: Functions/func_iconv

   #15169: When building with uClibc, configure script mistakenly assumes
   iconv is always available

  Category: General

   #15571: [patch] 'received' typos in trunk, in 6 files
   #15595: [patch] fix spelling for typos, mainly in comments.

  Category: PBX/pbx_dundi

   #15322: [patch] DUNDILOOKUP() does not accept comma as argument separator

  Category: Resources/General

   #15624: res_ais, communication ok, but wrong state send and receive.

  Category: Resources/res_config_ldap

   #13725: [patch] ERROR[7387]: res_config_ldap.c:1292 update_ldap: Couldn't
   modify dn:cn=1001,dc=xxx,dc=xxx because Invalid syntax
   #15710: Typo in LDAP schema files on line 598

  Category: Resources/res_musiconhold

   #15051: [patch] Moh class set in the dialplan is ignored with realtime moh

     ----------------------------------------------------------------------

                      Commits Not Associated with an Issue

                                 [Back to Top]

   This is a list of all changes that went into this release that did not
   directly close an issue from the issue tracker. The commits may have been
   marked as being related to an issue. If that is the case, the issue
   numbers are listed here, as well.

   +------------------------------------------------------------------------+
   | Revision | Author     | Summary                           | Issues     |
   |          |            |                                   | Referenced |
   |----------+------------+-----------------------------------+------------|
   |          |            | Restore explicit export of        |            |
   | 209058   | kpfleming  | ASTCFLAGS/ASTLDFLAGS and          |            |
   |          |            | underscore-variants to sub-makes. |            |
   |----------+------------+-----------------------------------+------------|
   | 209237   | mmichelson | Gracefully handle malformed RTP   |            |
   |          |            | text packets.                     |            |
   |----------+------------+-----------------------------------+------------|
   | 209262   | kpfleming  | Make T.38 switchover in           |            |
   |          |            | ReceiveFAX synchronous.           |            |
   |----------+------------+-----------------------------------+------------|
   | 209281   | kpfleming  | Cleanup T.38 negotiation changes. |            |
   |----------+------------+-----------------------------------+------------|
   | 209327   | tilghman   | Publish French extra sounds       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix some places where             |            |
   | 209714   | russell    | ast_event_type was used instead   |            |
   |          |            | of ast_event_ie_type.             |            |
   |----------+------------+-----------------------------------+------------|
   | 209781   | kpfleming  | Minor changes inspired by testing |            |
   |          |            | with latest GCC.                  |            |
   |----------+------------+-----------------------------------+------------|
   | 209900   | russell    | Resolve a valgrind warning about  | #15396     |
   |          |            | a read from uninitialized memory. |            |
   |----------+------------+-----------------------------------+------------|
   | 211115   | russell    | Resolve a deadlock involving      |            |
   |          |            | app_chanspy and masquerades.      |            |
   |----------+------------+-----------------------------------+------------|
   | 211277   | tilghman   | Small oops. Clear the flags which |            |
   |          |            | have been checked.                |            |
   |----------+------------+-----------------------------------+------------|
   | 211569   | tilghman   | AST-2009-005                      |            |
   |----------+------------+-----------------------------------+------------|
   | 211586   | tilghman   | Conversion specifiers, not format |            |
   |          |            | specifiers                        |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Check an actual populated         |            |
   | 212069   | file       | variable when seeing if we need   |            |
   |          |            | to do video or not.               |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Ensure that T38FaxVersion is put  |            |
   | 212115   | kpfleming  | into outgoing SDP in the proper   |            |
   |          |            | case.                             |            |
   |----------+------------+-----------------------------------+------------|
   | 212386   | seanbright | Handle slin16 for extra sounds as |            |
   |          |            | well.                             |            |
   |----------+------------+-----------------------------------+------------|
   | 212768   | rmudgett   | Removed some deadwood and added   |            |
   |          |            | some doxygen comments.            |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Make the default extconfig.conf   |            |
   | 212862   | tilghman   | match entries with the sample     |            |
   |          |            | res_mysql.conf.                   |            |
   |----------+------------+-----------------------------------+------------|
   | 212928   | kpfleming  | Convert this branch to Opsound    |            |
   |          |            | music-on-hold.                    |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Remove some                       |            |
   | 212942   | kpfleming  | accidentally-committed            |            |
   |          |            | properties.                       |            |
   |----------+------------+-----------------------------------+------------|
   | 213449   | twilson    | Make LOAD_ORDER actually work     |            |
   |----------+------------+-----------------------------------+------------|
   | 213452   | twilson    | Oops, committed this first. Make  |            |
   |          |            | the merged property happy         |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Make autoheader descriptions      |            |
   | 214365   | tilghman   | render correctly in our           | #14906     |
   |          |            | autoconfig.h file.                |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | One more build system change, to  |            |
   | 214496   | tilghman   | make the descriptions look        |            |
   |          |            | better, if we have better         |            |
   |          |            | information.                      |            |
   +------------------------------------------------------------------------+

Revision 1.1.1.1.2.1 / (download) - annotate - [select for diffs], Sun Sep 13 14:18:23 2009 UTC (12 years, 1 month ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.1.1.1: +13 -7 lines
Diff to previous 1.1.1.1 (colored) next main 1.2 (colored)

Pullup ticket 2887 - requested by jnemeth
asterisk16: security update

---
Apply patch to update comms/asterisk16 to version 1.6.0.15:

- 1.6.0.11 was never released
- 1.6.0.12 fixes AST-2009-005 which is a remote DOS issue in SIP
- 1.6.0.13 fixes a bug in 1.6.0.12 security fix
- 1.6.0.14 has additional updates for AST-2009-001 and AST-2009-005 plus

SIP Changes
-----------
 * Added a new 'ignoresdpversion' option to sip.conf.  When this is enabled
   (either globally or for a specific peer), chan_sip will treat any SDP data
   it receives as new data and update the media stream accordingly.  By
   default, Asterisk will only modify the media stream if the SDP session
   version received is different from the current SDP session version.  This
   option is required to interoperate with devices that have non-standard SDP
   session version implementations (observed with Microsoft OCS).  This option
   is disabled by default. In addition, this behavior is automatic when the SDP
received
   is in response to a T.38 re-INVITE that Asterisk initiated. In this situation
,
   since the call will fail if Asterisk does not process the incoming SDP, Aster
isk
   will accept the SDP even if the SDP version number is not properly incremente
d,
   but will generate a warning in the log indicating that the SIP peer that sent
   the SDP should have the 'ignoresdpversion' option set.

                                 Closed Issues

   This is a list of all issues from the issue tracker that were closed by
   changes that went into this release.

  Category: Addons/General

   #15269: [patch] memory leak in asterisk some bug fixing and removing
   Redundant condition

  Category: Applications/General

   #15022: [patch] Language handling for numbers, dates, etc is misbehaving
   when utilizing sub-regional languages

  Category: Applications/app_chanspy

   #15660: ChanSpy "whisper" is broken in 1.4.26

  Category: Applications/app_fax

   #15355: app_fax does not compile with iaxmodem 1.2.0
   #15480: [patch] Not all fixes from #14849 are committed
   #15606: app_fax.c is not compiling under OpenBSD
   #15610: T.38 re-INVITE received after T.38 already negotiated fails

  Category: Applications/app_meetme

   #15493: [patch] contrib/scripts/meetme.sql doesn't contain all fields

  Category: Applications/app_milliwatt

   #15386: [patch] Milliwatt() is off by -11dbm

  Category: Applications/app_mixmonitor

   #15259: MixMonitor is not releasing the file handle on the recorded file
   #15699: [patch] using ast_free instead of mixmonitor_free

  Category: Applications/app_queue

   #14536: [patch] After a caller is processed by app_queue the queue_log
   logs the hangup as TRANSFER
   #14631: [patch] Ghost calls with queues and spa942 and 922
   #15664: [patch] QUEUE_MEMBER_LIST() returns member names instead of
   interfaces

  Category: Applications/app_stack

   #15557: [patch] Gosub() dequotes once more than Macro()
   #15617: [patch] crash in LOCAL() if Gosub stack is allocated but empty

  Category: Applications/app_voicemail

   #14554: [patch] # for fastforward goes beyond end of message
   #14932: [patch] asterisk-1.6.0.9-x86_64 segfaults when leaving a voicemail
   internally to another extension
   #15331: [patch] Log message does not match conditional check
   #15333: [patch] add FILE_STORAGE to Voicemail Build Options
   #15720: opendir() return code is not checked in last_message_index()

  Category: Applications/app_voicemail/IMAP

   #14496: [patch] IMAP crash multiple callers / callers hangup at beep
   #14597: greetings can not be retrieved from IMAP
   #14950: [patch] Greetings are stored as IMAP messages even when
   imapgreetings=no

  Category: CDR/General

   #15751: [patch] Core dump in ast_bridge_call features.c line 2772

  Category: Channels/General

   #15330: [patch] Using CHANNEL function from ZOMBIE channel stops Asterisk
   #15416: No voice on PRI calls with asterisk 1.4.25 & 26

  Category: Channels/chan_dahdi

   #13917: [patch] fxo modules incorrectly believes channel is answered, if
   telco reverses line polarity at off hook.
   #14383: priexclusive parameter ignored if pri = pri_cpe ?
   #14434: [patch] Dahdi does not wait for wink on outbound calls before
   dialing DTMF with Signalling type = em_w
   #14434: [patch] Dahdi does not wait for wink on outbound calls before
   dialing DTMF with Signalling type = em_w
   #14477: pseudo channel disappears after dahdi restart
   #14696: reload in console overwrites priindication=outofband setting
   #14726: Conditional compilation of a diagnostic message needs an L
   modifier to %d for a 64 bit integer
   #15248: [patch] Multiple Groups Not working
   #15389: [patch] no audio with SIP call to ISDN PRI, if neither Progress or
   Proceeding are received.
   #15655: [patch] Dialplan starts execution before call is accepted

  Category: Channels/chan_iax2

   #15361: [patch] AST-2009-001 breaks IAX2 RFC5456 compliance - Timestamps
   in POKE/PONG zero in 2 of 4 Bytes
   #15404: [patch] Unrequired Debug Message

  Category: Channels/chan_misdn

   #11974: external lines connected with message !! Got Busy in Connected
   State !?!
   #12113: [patch] asterisk crash at reload chan_misdn.so
   #14355: [patch] Segfault if you transfer a call into a meetme room
   #14692: [patch] ISDN-Transfer causes backcall attempt of attendent phone

  Category: Channels/chan_sip/General

   #11231: [patch] Many retransmits when chan_sip generates multiple
   outstanding requests
   #12434: Handle wrong at offer/answer in sdp in media description(m=)
   #12869: [patch] 'context' doesn't change when 'sip reload' issued when
   driven from realtime
   #13432: [patch] outboundproxy=proxy.mmmydomain.net where domain can not be
   resolved silently removes the sip section
   #13623: Asterisk segfaults when using SIP session timers
   #14239: [patch] 491-request pending is sent out of dialog
   #14464: [patch] lock during simple call processing
   #14575: BYE to 408 Request Timeout
   #14659: [patch] MWI NOTIFY contains a wrong URI if Asterisk listens to
   non-standard port (5060)
   #15213: [patch] asterisk lock in sipsock_read for several seconds and drop
   sip packets
   #15283: [patch] CLI NOTIFY always tries to use UDP, even if the peer is
   connected via TCP
   #15345: [patch] SIP deadlock in 1.4 revision 199472
   #15349: Deadlock in do_monitor() of chan_sip
   #15362: [patch] log message output is truncated
   #15376: SIP option (SIP_OPT_ flag) is not handled correctly
   #15403: [patch] Session timer is not activated

  Category: Channels/chan_sip/Interoperability

   #13958: SDP replies incorrect - 'a=inactive' - replied to with
   'a=sendrecv'
   #14465: [patch] Incorrect From: header information when
   CALLERPRES=PRES_PROHIB
   #14584: [patch] Asterisk does not stop retransmission
   #14725: Asterisk doesn't add Route headers in NOTIFY when the SUBSCRIBE
   came from a proxy
   #15158: [patch] Message: "Unable to handle indication 3"
   Revision: 200362
   #15442: [patch] Asterisk cannot handle SIP 183 "Session Progress" if no
   SDP is contained in it

  Category: Channels/chan_sip/Registration

   #14344: [patch] Outbound proxy not used for registrations
   #14366: [patch] Registration expiry not compatible with some ITSP
   #15102: [patch] Registration Deadlock between Asterisk and Polycom
   Soundpoint IP 450
   #15539: [patch] Register request line contains wrong address when domain
   and registrar host differ

  Category: Channels/chan_sip/T.38

   #14849: [patch] SendFax function not working as expected on > 1.6.0.7
   #15182: [patch] T.38 invite does not always comply with RFC 2327

  Category: Channels/chan_sip/TCP-TLS

   #13865: [patch] SIP/TLS enabled - just one call possible - 481
   Call/Transaction Does Not Exist
   #14452: in "_sip_tcp_helper_thread" Buffer is filled with dirty bytes

  Category: Channels/chan_sip/Video

   #15121: [patch] Video support in SIP channel driver appears to be totally
   broken

  Category: Core/BuildSystem

   #15697: most cleaner alaw don't compile
   #15698: [patch] If enable DEBUG_FD_LEAKS - h323 can't start.
   #15714: [patch] Asterisk won't build with curl unless curl_config is
   present

  Category: Core/Channels

   #14723: ERROR[5003]: channel.c:2043 __ast_read: ast_read() called with no
   recorded file descriptor.

  Category: Core/Configuration

   #14509: [patch] users.conf (and other .conf files) have incorrect
   whitespacing

  Category: Core/General

   #14730: [patch] Fix runlevels in Debian rc files
   #15273: [patch] german time (20:01:00 oh clock) is announced wrong
   #15649: T38 Faxing failing on 1.6.1 svn
   #15667: LOGGER WARNING : error executing after rotate

  Category: Core/Internationalization

   #15346: [patch] TW is not an ISO Language Code

  Category: Core/ManagerInterface

   #15397: [patch] segfault in action_coreshowchannels() at manager.c

  Category: Core/PBX

   #15057: [patch] hints with 2+ devices that include ONHOLD are often set
   wrong
   #15242: [patch] log does not indicate which function is missing closing
   parenthesis
   #15303: new_find_extension arguments in wrong order

  Category: Documentation

   #15518: iax.conf, IP-based access control
   #15755: Description in queues.conf on call recording is slightly
   misleading

  Category: Functions/func_callerid

   #15476: callerid(num) is wrong when username is missing

  Category: Functions/func_devstate

   #15413: [patch] Mapping of extension state to device state is incorrect

  Category: Functions/func_iconv

   #15169: When building with uClibc, configure script mistakenly assumes
   iconv is always available

  Category: Functions/func_realtime

   #15517: [patch] memory leak in func_realtime

  Category: Functions/func_uri

   #15439: [patch] URIENCODE() throws a warning when passed an empty string

  Category: General

   #15420: [patch] No audio on calls from asterisk sip phones to nortel set
   until dtmf from sip phone
   #15571: [patch] 'received' typos in trunk, in 6 files
   #15595: [patch] fix spelling for typos, mainly in comments.
   #15595: [patch] fix spelling for typos, mainly in comments.

  Category: PBX/pbx_dundi

   #15322: [patch] DUNDILOOKUP() does not accept comma as argument separator

  Category: Resources/res_config_ldap

   #13725: [patch] ERROR[7387]: res_config_ldap.c:1292 update_ldap: Couldn't
   modify dn:cn=1001,dc=xxx,dc=xxx because Invalid syntax
   #15710: Typo in LDAP schema files on line 598

  Category: Resources/res_features

   #13794: [patch] CDR for picked up parked call gives answer time < start
   time and no record for parking

  Category: Resources/res_musiconhold

   #15051: [patch] Moh class set in the dialplan is ignored with realtime moh

     ----------------------------------------------------------------------

                      Commits Not Associated with an Issue

   This is a list of all changes that went into this release that did not
   directly close an issue from the issue tracker. The commits may have been
   marked as being related to an issue. If that is the case, the issue
   numbers are listed here, as well.

   +------------------------------------------------------------------------+
   | Revision | Author     | Summary                           | Issues     |
   |          |            |                                   | Referenced |
   |----------+------------+-----------------------------------+------------|
   | 199142   | dvossel    | Additional updates to             |            |
   |          |            | AST-2009-001                      |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | __WORDSIZE is not available on    |            |
   | 199858   | seanbright | all platforms, so use sizeof(void |            |
   |          |            | *) instead.                       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | The 1.6.0 branch was missing all  |            |
   | 199975   | mmichelson | invite_branch logic. It has now   |            |
   |          |            | been added.                       |            |
   |----------+------------+-----------------------------------+------------|
   | 200040   | lmadsen    | Fix path for .flavor and .version | #14737     |
   |----------+------------+-----------------------------------+------------|
   | 200149   | mmichelson | Fix a crash due to a potentially  |            |
   |          |            | NULL p->options.                  |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix all of the parallel build     |            |
   | 200228   | seanbright | warnings issued when running make |            |
   |          |            | -j#.                              |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Add INFO to our allowed methods   |            |
   | 200515   | mmichelson | so that endpoints know they may   |            |
   |          |            | send it to us.                    |            |
   |----------+------------+-----------------------------------+------------|
   | 200729   | kpfleming  | Document the new automatic        |            |
   |          |            | 'ignoresdpversion' behavior.      |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Ensure that configure-script      |            |
   | 200767   | kpfleming  | testing for compiler attributes   |            |
   |          |            | actually works.                   |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix problems with new compiler    |            |
   | 200986   | kpfleming  | attribute checking in configure   |            |
   |          |            | script.                           |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Improve support for media paths   |            |
   | 201093   | kpfleming  | that can generate multiple frames |            |
   |          |            | at once.                          |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | fix issue with build_contact      |            |
   | 201226   | dvossel    | introduced by the "SIP trasnport  |            |
   |          |            | type issues" commit               |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Correct AST_LIST_APPEND_LIST      |            |
   | 201263   | kpfleming  | behavior when list to be appended |            |
   |          |            | is empty.                         |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Change the datastore traversal in |            |
   | 201459   | mmichelson | ast_do_masquerade to use a safe   |            |
   |          |            | list traversal.                   |            |
   |----------+------------+-----------------------------------+------------|
   | 201463   | mmichelson | Fix problem with no audio due to  |            |
   |          |            | ignoring the SDP.                 |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix memory corruption and leakage | #15109,    |
   | 201612   | russell    | related reloads of non files mode | #15123,    |
   |          |            | MoH classes.                      | #15195     |
   |----------+------------+-----------------------------------+------------|
   |          |            | One of the changes in 1.6.1 was   |            |
   | 201786   | tilghman   | to allow app_directory to use     |            |
   |          |            | functionality                     |            |
   |----------+------------+-----------------------------------+------------|
   | 201830   | tilghman   | If the "h" extension fails, give  |            |
   |          |            | it another chance in main/pbx.c.  |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Added deadlock protection to      |            |
   | 202006   | mnicholson | try_suggested_sip_codec in        |            |
   |          |            | chan_sip.c.                       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Standardize return values of      |            |
   | 202259   | russell    | load_config() so reload() doesn't |            |
   |          |            | report an error on success.       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix possibility of crashiness     |            |
   | 202263   | russell    | during reload in custom fields    |            |
   |          |            | handling.                         |            |
   |----------+------------+-----------------------------------+------------|
   | 202416   | russell    | Make Polycom subscription type    |            |
   |          |            | override check more explicit.     |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix lock usage in                 |            |
   | 202471   | seanbright | cdr_sqlite3_custom to avoid       |            |
   |          |            | potential crashes during reload.  |            |
   |----------+------------+-----------------------------------+------------|
   | 202498   | russell    | Report CallerID change during a   |            |
   |          |            | masquerade.                       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | I could have sworn I committed    |            |
   | 202763   | mattf      | this patch ages ago, but... bug   |            |
   |          |            | fix with setting NAI properly on  |            |
   |          |            | linksets in certain situations.   |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Ensure the default settings are   |            |
   | 202926   | file       | applied for T.38 when we set it   |            |
   |          |            | up for a peer.                    |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Use the handy UNLINK macro        |            |
   | 202968   | mmichelson | instead of hand-coding the same   |            |
   |          |            | thing in-line.                    |            |
   |----------+------------+-----------------------------------+------------|
   | 203044   | rmudgett   | Improved chan_dahdi.conf pritimer |            |
   |          |            | error checking.                   |            |
   |----------+------------+-----------------------------------+------------|
   | 203117   | russell    | Resolve a crash related to a T.38 |            |
   |          |            | reinvite race condition.          |            |
   |----------+------------+-----------------------------------+------------|
   | 203387   | twilson    | I didn't see that Mark already    |            |
   |          |            | fixed the underlying issue!       |            |
   |----------+------------+-----------------------------------+------------|
   | 203447   | dvossel    | fixes a few redundant conditions  | #15269     |
   |----------+------------+-----------------------------------+------------|
   |          |            | Improve T.38 negotiation by       |            |
   | 203701   | file       | exchanging session parameters     |            |
   |          |            | between application and channel.  |            |
   |----------+------------+-----------------------------------+------------|
   | 203711   | jpeeler    | whitespace fix                    |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | reverse whitespace change 203711  |            |
   |          |            | that was based on looking at      |            |
   | 203717   | jpeeler    | sig_analog (which has about a     |            |
   |          |            | 1000 line indentation change that |            |
   |          |            | is not worth doing here)          |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix ast_say_counted_noun to       |            |
   | 204476   | qwell      | correctly handle Polish. Fix a    |            |
   |          |            | comment typo in passing.          |            |
   |----------+------------+-----------------------------------+------------|
   | 204652   | dvossel    | removes fake dialog_unref and     |            |
   |          |            | dialog_ref function calls.        |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Improve handling of               |            |
   | 204949   | kpfleming  | AST_CONTROL_T38 and               |            |
   |          |            | AST_CONTROL_T38_PARAMETERS for    |            |
   |          |            | non-T.38-capable channels.        |            |
   |----------+------------+-----------------------------------+------------|
   | 204980   | tilghman   | Restore Hungarian (mistakenly     |            |
   |          |            | removed during merge)             |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Move OpenSSL initialization to a  |            |
   | 205139   | russell    | single place, make library usage  |            |
   |          |            | thread-safe.                      |            |
   |----------+------------+-----------------------------------+------------|
   | 205152   | russell    | Use tabs instead of spaces for    |            |
   |          |            | indentation.                      |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Add redirection warnings for the  |            |
   | 205200   | tilghman   | invalid language codes previously |            |
   |          |            | removed.                          |            |
   |----------+------------+-----------------------------------+------------|
   | 205220   | dvossel    | ast_samp2tv needs floating point  |            |
   |          |            | for 16khz audio                   |            |
   |----------+------------+-----------------------------------+------------|
   | 205224   | tilghman   | oops, fixing build                |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Update config.guess and           |            |
   | 205296   | qwell      | config.sub from the               |            |
   |          |            | savannah.gnu.org git repo.        |            |
   |----------+------------+-----------------------------------+------------|
   | 205415   | dvossel    | moving ast_devstate_to_extenstate |            |
   |          |            | to pbx.c from devicestate.c       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | pthread_self returns a pthread_t  |            |
   | 205533   | mvanbaak   | which is not an unsigned int on   |            |
   |          |            | all                               |            |
   |----------+------------+-----------------------------------+------------|
   | 205597   | dvossel    | Fixes 8khz assumptions            |            |
   |----------+------------+-----------------------------------+------------|
   | 205608   | dvossel    | Changing ast_samp2tv to not use   |            |
   |          |            | floating point.                   |            |
   |----------+------------+-----------------------------------+------------|
   | 205880   | mmichelson | Fix build.                        |            |
   |----------+------------+-----------------------------------+------------|
   | 205940   | kpfleming  | Update comments about the level   |            |
   |          |            | of T.38 support in Asterisk.      |            |
   |----------+------------+-----------------------------------+------------|
   | 206369   | rmudgett   | Fix some memory leaks in          |            |
   |          |            | chan_misdn.                       |            |
   |----------+------------+-----------------------------------+------------|
   | 206387   | russell    | Ensure apathetic replies are sent |            |
   |          |            | out on the proper socket.         |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Only print debug info in          |            |
   | 206637   | seanbright | codec_dahdi if we are asking for  |            |
   |          |            | it.                               |            |
   |----------+------------+-----------------------------------+------------|
   | 206762   | rmudgett   | Merged revision 206700 from       |            |
   |----------+------------+-----------------------------------+------------|
   | 206871   | dvossel    | avoid segfault caused by user     |            |
   |          |            | error                             |            |
   |----------+------------+-----------------------------------+------------|
   | 207097   | jpeeler    | Update some missing allowed       |            |
   |          |            | options for overlapdial           |            |
   |----------+------------+-----------------------------------+------------|
   | 207286   | rmudgett   |                                   |            |
   |----------+------------+-----------------------------------+------------|
   | 207683   | kpfleming  | Ensure that user-provided CFLAGS  |            |
   |          |            | and LDFLAGS are honored.          |            |
   |----------+------------+-----------------------------------+------------|
   | 207725   | mmichelson | Document default timeout for AMI  |            |
   |          |            | originations.                     |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Revert r207636, this approach     |            |
   | 207783   | jpeeler    | could potentially block for an    |            |
   |          |            | unacceptable                      |            |
   |----------+------------+-----------------------------------+------------|
   | 208316   | mmichelson | Remove inaccurate XXX comment.    |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Rework of T.38 negotiation and    |            |
   | 208468   | kpfleming  | UDPTL API to address              |            |
   |          |            | interoperability problems         |            |
   |----------+------------+-----------------------------------+------------|
   | 208502   | kpfleming  | Use correct formatting for T.38   |            |
   |          |            | change note in UPGRADE.txt        |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Resolve a T.38 negotiation issue  |            |
   | 208549   | kpfleming  | left over from the udptl-updates  |            |
   |          |            | merge.                            |            |
   |----------+------------+-----------------------------------+------------|
   | 208594   | russell    | Do not log an ERROR if            |            |
   |          |            | autoservice_stop() returns -1.    |            |
   |----------+------------+-----------------------------------+------------|
   | 208752   | jpeeler    | Fix compiling under dev-mode with |            |
   |          |            | gcc 4.4.0.                        |            |
   |----------+------------+-----------------------------------+------------|
   | 208925   | jpeeler    | Fix logic errors from 208746      |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Restore explicit export of        |            |
   | 209057   | kpfleming  | ASTCFLAGS/ASTLDFLAGS and          |            |
   |          |            | underscore-variants to sub-makes. |            |
   |----------+------------+-----------------------------------+------------|
   | 209061   | dbrooks    | Just replacing typos "recieved"   | #15360     |
   |          |            | with "received".                  |            |
   |----------+------------+-----------------------------------+------------|
   | 209259   | kpfleming  | Make T.38 switchover in           |            |
   |          |            | ReceiveFAX synchronous.           |            |
   |----------+------------+-----------------------------------+------------|
   | 209280   | kpfleming  | Cleanup T.38 negotiation changes. |            |
   |----------+------------+-----------------------------------+------------|
   | 209325   | tilghman   | Publish French extra sounds       |            |
   |----------+------------+-----------------------------------+------------|
   | 209394   | kpfleming  | Correct error in backport of      |            |
   |          |            | latest app_fax fixes.             |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Fix some places where             |            |
   | 209712   | russell    | ast_event_type was used instead   |            |
   |          |            | of ast_event_ie_type.             |            |
   |----------+------------+-----------------------------------+------------|
   | 209762   | kpfleming  | Minor changes inspired by testing |            |
   |          |            | with latest GCC.                  |            |
   |----------+------------+-----------------------------------+------------|
   | 209896   | russell    | Resolve a valgrind warning about  | #15396     |
   |          |            | a read from uninitialized memory. |            |
   |----------+------------+-----------------------------------+------------|
   | 211114   | russell    | Resolve a deadlock involving      |            |
   |          |            | app_chanspy and masquerades.      |            |
   |----------+------------+-----------------------------------+------------|
   | 211276   | tilghman   | Small oops. Clear the flags which |            |
   |          |            | have been checked.                |            |
   |----------+------------+-----------------------------------+------------|
   | 211551   | tilghman   | AST-2009-005                      |            |
   |----------+------------+-----------------------------------+------------|
   | 211587   | tilghman   | Conversion specifiers, not format |            |
   |          |            | specifiers                        |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Check an actual populated         |            |
   | 212068   | file       | variable when seeing if we need   |            |
   |          |            | to do video or not.               |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Ensure that T38FaxVersion is put  |            |
   | 212114   | kpfleming  | into outgoing SDP in the proper   |            |
   |          |            | case.                             |            |
   |----------+------------+-----------------------------------+------------|
   | 212432   | rmudgett   | Fix uninitialized variable.       |            |
   |----------+------------+-----------------------------------+------------|
   | 212765   | rmudgett   | Removed some deadwood and added   |            |
   |          |            | some doxygen comments.            |            |
   |----------+------------+-----------------------------------+------------|
   | 212926   | kpfleming  | Convert this branch to Opsound    |            |
   |          |            | music-on-hold.                    |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Remove some                       |            |
   | 212941   | kpfleming  | accidentally-committed            |            |
   |          |            | properties.                       |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | Make autoheader descriptions      |            |
   | 214361   | tilghman   | render correctly in our           | #14906     |
   |          |            | autoconfig.h file.                |            |
   |----------+------------+-----------------------------------+------------|
   |          |            | One more build system change, to  |            |
   | 214474   | tilghman   | make the descriptions look        |            |
   |          |            | better, if we have better         |            |
   |          |            | information.                      |            |
   +------------------------------------------------------------------------+

- 1.6.0.15 fixes AST-2009-006 which is a remote DOS issue in IAX2

Revision 1.6 / (download) - annotate - [select for diffs], Fri Aug 21 08:45:43 2009 UTC (12 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.5: +10 -10 lines
Diff to previous 1.5 (colored)

regen (for DIST_SUBDIR change)

Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 20 20:37:06 2009 UTC (12 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.4: +4 -4 lines
Diff to previous 1.4 (colored)

Digium in their infinite wisdom decided to replace the Music-On-Hold
sounds files in all release tarballs of Asterisk.  This is just an
update for the new sound files.

Revision 1.4 / (download) - annotate - [select for diffs], Wed Aug 12 03:27:48 2009 UTC (12 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.3: +10 -10 lines
Diff to previous 1.3 (colored)

Update to 1.6.1.4.  This fixes AST-2009-005, which is a DOS problem with
chan_sip.

Revision 1.3 / (download) - annotate - [select for diffs], Mon Aug 10 06:51:06 2009 UTC (12 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.2: +10 -4 lines
Diff to previous 1.2 (colored)

Update to 1.6.1.2.

pkgsrc change: restore checksums for ilbc files.

   This release has been made to address one or more security vulnerabilities
   that have been identified. A security advisory document has been published
   for each vulnerability that includes additional information. Users of
   versions of Asterisk that are affected are strongly encouraged to review
   the advisories and determine what action they should take to protect their
   systems from these issues.

   Security Advisories: AST-2009-004

Revision 1.2 / (download) - annotate - [select for diffs], Tue Jul 7 08:14:42 2009 UTC (12 years, 3 months ago) by jnemeth
Branch: MAIN
Changes since 1.1: +11 -11 lines
Diff to previous 1.1 (colored)

Update to Asterisk 1.6.1.1

------------------------------------------------------------------------------
--- Functionality changes from Asterisk 1.6.0 to Asterisk 1.6.1  -------------
------------------------------------------------------------------------------

Device State Handling
---------------------
 * The event infrastructure in Asterisk got another big update to help support
    distributed events.  It currently supports distributed device state and
    distributed Voicemail MWI (Message Waiting Indication).  A new module has
    been merged, res_ais, which facilitates communicating events between servers.
    It uses the SAForum AIS (Service Availability Forum Application Interface
    Specification) CLM (Cluster Management) and EVT (Event) services to maintain
    a cluster of Asterisk servers, and to share events between them.  For more
    information on setting this up, see doc/distributed_devstate.txt.

Dialplan Functions
------------------
 * Added a new dialplan function, AST_CONFIG(), which allows you to access
   variables from an Asterisk configuration file.
 * The JACK_HOOK function now has a c() option to supply a custom client name.
 * Added two new dialplan functions from libspeex for audio gain control and
   denoise, AGC() and DENOISE(). Both functions can be applied to the tx and
   rx directions of a channel from the dialplan.
 * The SMDI_MSG_RETRIEVE function now has the ability to search for SMDI messages
   based on other parameters.  The default is still to search based on the
   forwarding station ID.  However, there are new options that allow you to search
   based on the message desk terminal ID, or the message desk number.
 * TIMEOUT() has been modified to be accurate down to the millisecond.
 * ENUM*() functions now include the following new options:
     - 'u' returns the full URI and does not strip off the URI-scheme.
     - 's' triggers ISN specific rewriting
     - 'i' looks for branches into an Infrastructure ENUM tree
     - 'd' for a direct DNS lookup without any flipping of digits.
 * TXCIDNAME() has a new zone-suffix parameter (which defaults to 'e164.arpa')
 * CHANNEL() now has options for the maximum, minimum, and standard or normal
   deviation of jitter, rtt, and loss for a call using chan_sip.

DAHDI channel driver (chan_dahdi) Changes
----------------------------------------
 * Channels can now be configured using named sections in chan_dahdi.conf, just
   like other channel drivers, including the use of templates.
 * The default for pridialplan has changed from 'national' to 'unknown'.

PBX Changes
-----------
 * It is now possible to specify a pattern match as a hint. Once a phone subscribes
   to something that matches the pattern a hint will be created using the contents
   and variables evaluated.
 * Dialplan matching has been extended to allow an extension to return to the
   PBX core to wait for more digits.  This is done by using the new dialplan
   application called "Incomplete".  This will permit a whole new level of
   extension control, by giving the administrator more control over early
   matches employing one of the short-circuit pattern match operators.  Note
   that custom applications can trigger this same behavior by returning the
   special value AST_PBX_INCOMPLETE.

The dial() application
----------------------
 * Dial has a new option: F(context^extension^pri), which permits a callee to
   continue in the dialplan, at the specified label, if the caller hangs up.
 * The Dial() application no longer copies the language used by the caller to the callee's
   channel. If you desire for the caller's channel's language to be used for file playback
   to the callee, then the file specified may be prepended with "${CHANNEL(language)}/" .

The chanspy() application
-------------------------
 * ChanSpy and ExtenSpy have a new option, 's' which suppresses speaking the
   technology name (e.g. SIP, IAX, etc) of the channel being spied on.
 * Chanspy has a new option, 'B', which can be used to "barge" on a call. This is
   like the pre-existing whisper mode, except that the spy can also talk to the
   participant on the bridged channel as well.
 * Chanspy has a new option, 'n', which will allow for the spied-on party's name
   to be spoken instead of the channel name or number. For more information on the
   use of this option, issue the command "core show application ChanSpy" from the
   Asterisk CLI.
 * Chanspy has a new option, 'd', which allows the spy to use DTMF to swap between
   spy modes. Use of this feature overrides the typical use of numeric DTMF. In other
   words, if using the 'd' option, it is not possible to enter a number to append to
   the first argument to Chanspy(). Pressing 4 will change to spy mode, pressing 5 will
   change to whisper mode, and pressing 6 will change to barge mode.

Other Application Changes
-------------------------
 * Directory now permits both first and last names to be matched at the same
   time.  In addition, the number of digits to enter of the name can be set in
   the arguments to Directory; previously, you could enter only 3, regardless
   of how many names are in your company.  For large companies, this should be
   quite helpful.
 * Voicemail now permits a mailbox setting to wrap around from first to last
   messages, if the "messagewrap" option is set to a true value.
 * Voicemail now permits an external script to be run, for password validation.
   The script should output "VALID" or "INVALID" on stdout, depending upon the
   wish to validate or invalidate the password given.  Arguments are:
   "mailbox" "context" "oldpass" "newpass".  See the sample voicemail.conf for
   more details
 * The voicemail externnotify script now accepts an additional (last) parameter
   containing the number of urgent messages in the INBOX.
 * The Jack application now has a c() option to supply a custom client name.
 * ExternalIVR now takes several options that affect the way it performs, as
   well as having several new commands.  Please see doc/externalivr.txt for the
   complete documentation.
 * Added ability to communicate over a TCP socket instead of forking a child process for the
   ExternalIVR application.
 * ChanIsAvail has a new option, 'a', which will return all available channels instead
   of just the first one if you give the function more then one channel to check.
 * PrivacyManager now takes an option where you can specify a context where the
   given number will be matched. This way you have more control over who is allowed
   and it stops the people who blindly enter 10 digits.
 * ForkCDR has new options: 'a' updates the answer time on the new CDR; 'A' locks
   answer times, disposition, on orig CDR against updates; 'D' Copies the disposition
   from the orig CDR to the new CDR after reset; 'e' sets the 'end' time on the
   original CDR; 'R' prevents the new CDR from being reset; 's(var=val)' adds/changes
   the 'var' variable on the original CDR; 'T' forces ast_cdr_end(), ast_cdr_answer(),
   obey the LOCKED flag on cdr's in the chain, and also the ast_cdr_setvar() func.
 * SendImage() no longer hangs up the channel on error; instead, it sets the
   status variable SENDIMAGESTATUS to one of 'SUCCESS', 'FAILURE', or
   'UNSUPPORTED'.  This change makes SendImage() more consistent with other
   applications.
 * Park has a new option, 's', which silences the announcement of the parking space number.
 * A non-numeric, zero, or negative timeout specified to Dial() will now be interpreted as
   invalid input and will be assumed to mean that no timeout is desired.

SIP Changes
-----------
 * Added DNS manager support to registrations for peers referencing peer entries.
   DNS manager runs in the background which allows DNS lookups to be run asynchronously
   as well as periodically updating the IP address. These properties allow for
   better performance as well as recovery in the event of an IP change.
 * Performance improvements via using hash tables (astobj2) and doubly-linked lists to improve
   load/reload of large numbers of peers/users by ~40x (for large lists of peers.
   Initially, we saw 4x improvement in call setup/destruction, but at the time
   of merging, this gain has disappeared; further research will be done to try
   and restore this performance improvement. Astobj2 refcounting is now used
   for users, peers, and dialogs.  Users are encouraged to assist in regression
   testing and problem reporting!
 * Added ability to specify registration expiry time on a per registration basis in
   the register line.
 * Added support for Realtime Text redundancy - T140 RED - in T.140 to
   prevent text loss due to lost packets.
 * Added t38pt_usertpsource option. See sip.conf.sample for details.
 * Added SIPnotify AMI command, for sending arbitrary SIP notify commands.
 * 'sip show peers' and 'sip show users' display their entries sorted in
   alphabetical order, as opposed to the order they were in, in the config
   file or database.
 * Videosupport now supports an additional option, "always", which always sets
   up video RTP ports, even on clients that don't support it.  This helps with
   callfiles and certain transfers to ensure that if two video phones are
   connected, they will always share video feeds.

IAX Changes
-----------
 * Existing DNS manager lookups extended to check for SRV records.
 * IAX2 encryption support has been improved to support periodic key rotation
   within a call for enhanced security.  The option "keyrotate" has been
   provided to disable this functionality to preserve backwards compatibility
   with older versions of IAX2 that do not support key rotation.

CLI Changes
-----------
  * New CLI command, "config reload <file.conf>" which reloads any module that
    references that particular configuration file.  Also added "config list"
    which shows which configuration files are in use.
  * New CLI commands, "pri show version" and "ss7 show version" that will
    display which version of libpri and libss7 are being used, respectively.
    A new API call was added so trunk will now have to be compiled against
    a versions of libpri and libss7 that have them or it will not know that
    these libraries exist.
  * The commands "core show globals", "core set global" and "core set chanvar" has
    been deprecated in favor of the more semanticly correct "dialplan show globals",
    "dialplan set chanvar" and "dialplan set global".
  * New CLI command "dialplan show chanvar" to list all variables associated
    with a given channel.

DNS manager changes
-------------------
  * Addresses managed by DNS manager now can check to see if there is a DNS
    SRV record for a given domain and will use that hostname/port if present.

AMI - The manager (TCP/TLS/HTTP)
--------------------------------
  * The Status action now takes an optional list of variables to display
    along with channel status.

ODBC Changes
------------
  * res_odbc no longer has a limit of 1023 total possible unshared connections,
    as some people were running into this limit.  This limit has been increased
    to 4.2 billion.

Queue changes
-------------
  * The TRANSFER queue log entry now includes the caller's original position in
    the transferred-from queue.
  * A new configuration option, "timeoutpriority" has been added. Please see the section
    labeled "QUEUE TIMING OPTIONS" in configs/queues.conf.sample for a detailed explanation
    of the option as well as an explanation about timeout options in general

Realtime changes
----------------
  * Several (ODBC, Postgres, MySQL, SQLite) realtime drivers have been given
    adaptive capabilities.  What this means in practical terms is that if your
    realtime table lacks critical fields, Asterisk will now emit warnings to
    that effect.  Also, some of the realtime drivers have the ability (if
    configured) to automatically add those columns to the table with the
    correct type and length.

Miscellaneous
-------------
  * The channel variable ATTENDED_TRANSFER_COMPLETE_SOUND can now be set using
    the 'setvar' option to cause a given audio file to be played upon completion
    of an attended transfer.  Currently it works for DAHDI, IAX2, SIP, and
    Skinny channels only.
  * You can now compile Asterisk against the Hoard Memory Allocator, see doc/hoard.txt
    for more information.
  * Config file variables may now be appended to, by using the '+=' append
    operator.  This is most helpful when working with long SQL queries in
    func_odbc.conf, as the queries no longer need to be specified on a single
    line.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Fri Jun 12 09:04:56 2009 UTC (12 years, 4 months ago) by jnemeth
Branch: TNF
CVS Tags: pkgsrc-base, pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Add Asterisk 1.6.0.10.  At the moment, this version doesn't have any
hardware support, so it can't replace comms/asterisk.  However,
apparently there is demand for this version, so wiz@ suggested it
be imported here into comms/asterisk16.  The latest version is
1.6.1.1, but I won't have time to update all the patches before the
freeze.  I'll update to that version sometime after the freeze when
I get a chance.

Revision 1.1 / (download) - annotate - [select for diffs], Fri Jun 12 09:04:56 2009 UTC (12 years, 4 months ago) by jnemeth
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>