Log message:
asterisk16: Update to 16.29.1
* Use bash for configure script. It uses bash-specific syntax.
* Use menuselect command to adjust options instead of manually
crafted makeopts file. Manually crafted file does not work
properly for me and 16.29.1 now.
* I have no idea about x11 option's status. It seems that
gtk2 config UI is not available in this release at least,
if I understand correctly.
Changelog:
16.29.1
Bugs fixed in this release:
[ASTERISK-30103] chan_ooh323 vulnerability in calling/called party IE (Reported \
By: Michael Bradeen)
[ASTERISK-30176] GetConfig can read files outside of Asterisk (Reported By: shawty)
[ASTERISK-30244] Occasional crash when TCP/TLS connection terminated and \
subscription persistence is removed (Reported By: nappsoft)
[ASTERISK-30338] Backport 2.13 security fixes from pjproject
16.29.0
New Features made in this release:
* [ASTERISK-30037] Add test support to calling external processes
(Reported by Philip Prindeville)
* [ASTERISK-30161] locks: add AMI event for deadlock
(Reported by N A)
* [ASTERISK-30211] app_confbridge: Add end_marked_any option
(Reported by N A)
* [ASTERISK-30186] res_pjsip: Add support for reloading TLS
certificate and key information
(Reported by Joshua C. Colp)
* [ASTERISK-29899] features: Add advanced transfer initiation options
(Reported by N A)
Bugs fixed in this release:
* [ASTERISK-30235] res_crypto and tests: Memory issues and and
uninitialized variable error
(Reported by George Joseph)
* [ASTERISK-30234] res_geolocation: may be used uninitialized error
in geoloc_config.c
(Reported by George Joseph)
* [ASTERISK-30215] Inbound SIP INVITE with Geo Location causing a
Segmentation Fault
(Reported by Dan Cropp)
* [ASTERISK-30135] [res_musiconhold] Allows the moh only for the
answered call
(Reported by sungtae kim)
* [ASTERISK-26894] pjsip should support tel uri scheme
(Reported by Gergely D?ms?di)
* [ASTERISK-30210] func_frame_trace: Channel masquerade triggers
assertion
(Reported by N A)
* [ASTERISK-30190] res_geolocation: GEOLOC_PROFILE isn t returning
correct values on incoming channel
(Reported by George Joseph)
* [ASTERISK-29185] chan_pjsip: Endpoint: allow = all is broken.
(Reported by Alexander Traud)
* [ASTERISK-30192] res_tonedetect: fix typo for frametype
(Reported by N A)
* [ASTERISK-29453] alembic: incoming_call_offer_pref and
outgoing_call_offer_pref missing in ps_endpoints
table
(Reported by Daniel Th men)
* [ASTERISK-26826] testsuite: Add support for Python 3
(Reported by Joshua C. Colp)
* [ASTERISK-30167] res_geolocation: Refactor for issues found by
users
(Reported by George Joseph)
* [ASTERISK-28422] Memory Leak in Confbridge menu
(Reported by Ted G)
* [ASTERISK-29917] ami: FilterList action doesn t exist
(Reported by N A)
* [ASTERISK-30020] ConfbridgeListRooms Event Not Documented
(Reported by Michael Cargile)
* [ASTERISK-30018] app_meetme: MeetmeList AMI event not documented
(Reported by Michael Cargile)
* [ASTERISK-30151] Documentation doesn t include info about field
, a 3rd required parameter.
(Reported by Chris Young)
Improvements made in this release:
* [ASTERISK-30241] res_pjsip_gelocation: Downgrade some NOTICE scope
trace debugs to DEBUG level
(Reported by N A)
* [ASTERISK-30178] extend user_eq_phone behavior to local uri s
(Reported by Michael Bradeen)
* [ASTERISK-30046] Reimplement res/res_crypto.c internals with
EVP_PKEY interface to Openssl API s
(Reported by Philip Prindeville)
* [ASTERISK-30045] Add test coverage to res/res_crypto.c
functionality
(Reported by Philip Prindeville)
* [ASTERISK-30185] res_geolocation: Allow location parameters to be
specified in profiles
(Reported by George Joseph)
* [ASTERISK-30177] res_geolocation: Add option to suppress empty
elements
(Reported by George Joseph)
* [ASTERISK-30182] res_geolocation: Add built-in profiles to use in
fully dynamic configurations
(Reported by George Joseph)
* [ASTERISK-29906] update RLS to reflect the changes to the lists
(Reported by Alexei Gradinari)
* [ASTERISK-30163] general: fix minor formatting issues
(Reported by N A)
* [ASTERISK-30164] chan_iax2: Add missing option documentation
(Reported by N A)
* [ASTERISK-30160] cdr.conf: Remove obsolete app_mysql reference
(Reported by N A)
* [ASTERISK-30159] general: Remove obsolete SVN references
(Reported by N A)
* [ASTERISK-30153] logger: Improve log levels
(Reported by N A)
16.28.0
The following issues are resolved in this release:
Improvements made in this release:
* [ASTERISK-30128] Create PJSIP interface module for
Geolocation
(Reported by George Joseph)
* [ASTERISK-30127] Create core Geolocation capability for
Asterisk
(Reported by George Joseph)
* [ASTERISK-30089] general: fix typos
(Reported by N A)
* [ASTERISK-30050] Upgrade Asterisk to bundled pjproject
2.12.1
(Reported by Stanislav Abramenkov)
Bugs fixed in this release:
* [ASTERISK-30167] res_geolocation: Refactor for issues found by
users
(Reported by George Joseph)
* [ASTERISK-29966] pbx_variables: ast_str_strlen can be wrong
(Reported by N A)
* [ASTERISK-29905] OSX: bininstall launchd issue on cross-platfrom
build
(Reported by Sergey V. Lobanov)
* [ASTERISK-30137] manager: Global disabled event filtered is
incomplete
(Reported by N A)
* [ASTERISK-30109] res_pjsip: no contact-status AMI event on register
of prune-on-boot contact that uses the same URI as
before Asterisk restart
(Reported by Michael Neuhauser)
* [ASTERISK-30126] Spelling mistake in configs/samples/queues.conf.
sample
(Reported by Sam Banks)
* [ASTERISK-29991] chan_dahdi, callerid: Caller ID does not honor
presentation
(Reported by N A)
* [ASTERISK-29907] res_pjsip, app_confbridge: Video call through
ConfBridge with normal endpoints causes infinite
loop/crash
(Reported by N A)
* [ASTERISK-30029] build: Git security vulnerability fix is sad with
our accessing git as root during make install
(Reported by Joshua C. Colp)
* [ASTERISK-30138] Compile failure in res_geolocation/geoloc_
eprofile.c when optimization is enabled
(Reported by George Joseph)
* [ASTERISK-30096] cel_odbc: Column type 9 (field cdr:cel:eventtime
) is unsupported at this time
(Reported by Morvai Szabolcs)
* [ASTERISK-30083] chan_iax2: Optional dependency on openssl/
res_crypto is now mandatory
(Reported by Dmitry Melekhov)
* [ASTERISK-30123] features: Update automixmon documentation to
reflect reality
(Reported by Trevor Peirce)
* [ASTERISK-30117] pbx_lua: Remove compiler warnings
(Reported by Boris P. Korzun)
* [ASTERISK-30001] db: Removing nonexistent entries shows Database
entry removed
(Reported by N A)
* [ASTERISK-29822] cli: Typing \? freezes the CLI permanently with
remote console
(Reported by N A)
* [ASTERISK-30106] res_calendar_icalendar: Microsoft online ICS
calendars no longer work
(Reported by N A)
* [ASTERISK-30115] app_dial: Allow hook flashes to propogate on
outbound dials
(Reported by N A)
* [ASTERISK-29989] app_dial, chan_dahdi: DIALSTATUS is inconsistent
for busy
(Reported by N A)
* [ASTERISK-30072] res_pjsip: allow TLS verification of wildcard
cert-bearing servers
(Reported by Kevin Harwell)
* [ASTERISK-30075] say: Abort if channel hangs up during playback
(Reported by N A)
New Features made in this release:
* [ASTERISK-30136] db: Add AMI action to retrieve all keys beginning
with a prefix
(Reported by N A)
* [ASTERISK-30000] chan_dahdi: Add POLARITY function
(Reported by N A)
* [ASTERISK-30062] cli: Add CLI command to execute a dialplan app
(Reported by N A)
* [ASTERISK-29999] pjsip: Get information from 200 OK INVITE reply
headers
(Reported by Jos Lopes)
* [ASTERISK-30061] pbx: Add pbx helper application
(Reported by N A)
16.27.0
Improvements made in this release:
* [ASTERISK-30090] xmldocs: Use example tags for examples
(Reported by N A)
* [ASTERISK-29906] update RLS to reflect the changes to the lists
(Reported by Alexei Gradinari)
* [ASTERISK-29891] provide a display name for RLS subscriptions
(Reported by Alexei Gradinari)
* [ASTERISK-30086] res_parking: Warn when invalid parking space
requested
(Reported by N A)
* [ASTERISK-30058] Evaluate dialplan functions and variables in agi
exec
(Reported by Shloime Rosenblum)
* [ASTERISK-30027] ari: expose channel driver s unique id (i.e.
Call-ID for chan_sip/chan_pjsip) in ARI channel
resource
(Reported by Moritz Fain)
* [ASTERISK-29845] res_pjsip_outbound_registration: Show time
remaining until registration lapses
(Reported by N A)
Bugs fixed in this release:
* [ASTERISK-30097] console: Recent documentation changes for
connecting to remote console are inconsistent
(Reported by Matthias Hensler)
* [ASTERISK-30043] Wrong party is disconnected when hook-flashing on
3-way bridge
(Reported by Josh Alberts)
* [ASTERISK-29603] res_pjsip: UPDATE/re-INVITE not sent when timers
=always is specified in pjsip.conf
(Reported by Ray Crumrine)
* [ASTERISK-30092] DateTime application: wrong inflection for one o
clock in German
(Reported by Christof Efkemann)
* [ASTERISK-30064] pbx: iax2 switch causes crash due to deadlock and
assertion
(Reported by N A)
* [ASTERISK-29981] res_calendar: Asterisk crashes when starting, and
will not run
(Reported by N A)
* [ASTERISK-30039] cli: Targeted debug on startup deadlocks and
creates unstable system
(Reported by N A)
* [ASTERISK-30051] res_pjsip: No video after un-hold with
moh_passthrough=yes
(Reported by Maximilian Fridrich)
* [ASTERISK-24601] Missing RFC4235 tags and attributes in PJSIP
NOTIFY event: dialog XML body
(Reported by Marco Paland)
* [ASTERISK-30060] loader: format warnings in dev mode
(Reported by N A)
* [ASTERISK-30059] menuselect: libxml include fails under Gentoo
(Reported by waltermoeller)
* [ASTERISK-30065] pjsip: Open Websocket connection is not reused for
outgoing requests
(Reported by LA)
* [ASTERISK-30042] res_pjsip_transport_websocket: Registration over
websocket returns a rewritten contact
(Reported by Thomas Guebels)
* [ASTERISK-29993] chan_dahdi: Operator control option borks both
lines involved on callee disconnect
(Reported by N A)
* [ASTERISK-30044] GCC 12 issues
(Reported by George Joseph)
New Features made in this release:
* [ASTERISK-30063] app_voicemail: Add option to prevent deletion of
messages
(Reported by N A)
* [ASTERISK-30087] res_parking: Add music on hold override option
(Reported by N A)
* [ASTERISK-29965] res_pjsip_outbound_registration: Make max
registration delay configurable
(Reported by N A)
* [ASTERISK-30036] app_confbridge: Add CONFBRIDGE_CHANNELS function
(Reported by N A)
16.26.1
Bugs fixed in this release:
* [ASTERISK-30065] pjsip: Open Websocket connection is not reused for
outgoing requests
(Reported by LA)
16.26.0
Security bugs fixed in this release:
* [ASTERISK-29476] res_stir_shaken: Blind SSRF vulnerabilities
(Reported by Clint Ruoho)
* [ASTERISK-29838] ${SQL_ESC()} not correctly escaping a terminating
\
(Reported by Leandro Dardini)
* [ASTERISK-29872] res_stir_shaken: Resource exhaustion with large
files
(Reported by Benjamin Keith Ford)
New Features made in this release:
* [ASTERISK-29931] Option to allow a user to not hear the join sound
on enter but everyone else can
(Reported by Michael Cargile)
* [ASTERISK-29968] func_db: Add a function to return cardinality of
keys at prefix
(Reported by N A)
* [ASTERISK-29486] Hint-like extension value lookup function without
device state
(Reported by N A)
* [ASTERISK-29941] chan_pjsip: Add ability to send flash events
(Reported by N A)
* [ASTERISK-29820] cli: Add command to evaluate a function
(Reported by N A)
* [ASTERISK-29876] app_queue: Add music on hold option
(Reported by N A)
Bugs fixed in this release:
* [ASTERISK-28518] chan_dahdi: Caller ID FSK Erroneously Sent when
Picking Up Dahdi Call On Hold
(Reported by Josh Alberts)
* [ASTERISK-29990] chan_dahdi: adding ring cadences is not idempotent
on dahdi restart
(Reported by N A)
* [ASTERISK-30007] chan_iax2: Prevent crashes due to attempted
encryption with missing secrets
(Reported by N A)
* [ASTERISK-29728] menuselect: Disabled by default modules that are
enabled are always recompiled
(Reported by N A)
* [ASTERISK-30002] app_meetme: Don t erroneously set global
variables when channel is NULL
(Reported by N A)
* [ASTERISK-29994] chan_dahdi: Round robin array size is too small
for max number of groups
(Reported by N A)
* [ASTERISK-22246] Asterisk s T flag is ignored when used with
r or R flags. (documentation bug)
(Reported by Rusty Newton)
* [ASTERISK-26582] Asterisk seems to ignore the n parameter for
disable console colorization
(Reported by Sebastian Gutierrez)
* [ASTERISK-29843] Session timers get removed on UPDATE
(Reported by Mark Petersen)
* [ASTERISK-29943] file.c: seeking to negative file offset is not
prevented
(Reported by N A)
* [ASTERISK-29955] chan_sip: SIP route header is missing on UPDATE
(Reported by Mark Petersen)
* [ASTERISK-29842] Do not change 180 Ringing to 183 Progress even if
early_media already enabled
(Reported by Mark Petersen)
* [ASTERISK-29948] iostream: Infinite TCP timeout writing data
(Reported by N A)
* [ASTERISK-29253] Incorrect bridging on transfer
(Reported by Yury Kirsanov)
* [ASTERISK-30024] Failed to sign STIR/SHAKEN payload with
functionality not enabled
(Reported by Claude Diderich)
* [ASTERISK-30006] res_pjsip: UDP transport does not work when
async_operations is greater than 1
(Reported by Ross Beer)
* [ASTERISK-29655] res_pjsip_session: No video to caller if no camera
available
(Reported by Michael Auracher)
* [ASTERISK-29638] res_pjsip_session: No video after early media
(Reported by Michael Auracher)
* [ASTERISK-30015] pjsip / WebRTC: Chrome creating large number of
SDP attributes
(Reported by Josh Hogan)
* [ASTERISK-30021] ast_variable_list_replace_variable uses variable
with new keyword
(Reported by Jasper Hafkenscheid)
* [ASTERISK-30023] cdr_adaptive_odbc: does not support DATETIME
database columns
(Reported by Gregory Massel)
* [ASTERISK-29411] Crash in pjsip_msg_find_hdr_by_name
(Reported by LA)
* [ASTERISK-29535] Segmentation fault in libasteriskpj.so.2
(Reported by Daniel Bonazzi)
* [ASTERISK-26719] pbx: Only up to 127 includes in a dialplan context
(AST_PBX_MAX_STACK 1)
(Reported by Tzafrir Cohen)
* [ASTERISK-29988] REGRESSION: The build process is requiring xmllint
or xmlstarlet ro be installed when it shouldn t
(Reported by George Joseph)
* [ASTERISK-29986] build: Asterisk 18.11.0 doesn t compile when wget
isn t available
(Reported by Stefan Ruijsenaars)
* [ASTERISK-29895] chan_iax2: Fix misaligned spacing in iax2 show
netstats printout
(Reported by N A)
* [ASTERISK-29939] agi: Fix xmldoc bug with set music
(Reported by N A)
* [ASTERISK-28891] documentation: AGICommand_set+music documentation
arguments displayed incorreclty
(Reported by Jonathan Harris)
* [ASTERISK-29048] chan_iax2: iax2 show registry shows host for
perceived
(Reported by David Herselman)
* [ASTERISK-26689] res_pjsip_sdp_rtp: 183 Session in Progress.
Disconnecting channel for lack of RTP activity
(Reported by Dmitriy Serov)
* [ASTERISK-29929] res_pjsip_sdp_rtp: Disconnecting channel for lack
of RTP activity in one way sessions
(Reported by Boris P. Korzun)
* [ASTERISK-29674] Adjust for 64bit time_t
(Reported by Andre Heider)
* [ASTERISK-29961] RLS: domain part of uri list attribute
mismatch with SUBSCRIBE request
(Reported by Alexei Gradinari)
* [ASTERISK-29950] SayNumber can handle 01 to 07 , but not
08 or 09
(Reported by Jim Van Meggelen)
* [ASTERISK-29928] logging messages truncated when using MUSL runtime
(Reported by Philip Prindeville)
* [ASTERISK-29960] ari: Retrieving stored recording can returns wrong
file
(Reported by Arix)
Improvements made in this release:
* [ASTERISK-24827] Missing documentation for chan_dahdi dial string
ring cadences
(Reported by Scott Griepentrog)
* [ASTERISK-29940] general: Add since tags to xmldocs
(Reported by N A)
* [ASTERISK-29951] app_mf, app_sf: Return -1 on hangup
(Reported by N A)
* [ASTERISK-29954] app_meetme: Emit warning if conference not found
(Reported by N A)
* [ASTERISK-29351] Qualify pjproject 2.12 for Asterisk
(Reported by George Joseph)
* [ASTERISK-29877] app_mf: Allow reading a maximum number of digits
(Reported by N A)
* [ASTERISK-29976] Should Readme include information about
install_prereq script?
(Reported by Marcel Wagner)
* [ASTERISK-29970] Use pkg-config to find libxml2 headers and
libraries
(Reported by Hugh McMaster)
* [ASTERISK-25716] Documentation: Document explanations and examples
for possible values of DIALSTATUS
(Reported by Rusty Newton)
* [ASTERISK-29980] build: External binary modules don t use https
(Reported by INVADE International Ltd.)
* [ASTERISK-29967] pbx_builtins: Add missing documentation
(Reported by N A)
16.25.3
Bugs fixed in this release:
* [ASTERISK-30024] Failed to sign STIR/SHAKEN payload with
functionality not enabled
(Reported by Claude Diderich)
16.25.2
The following security vulnerabilities were resolved in 16.25.2:
* AST-2022-001: res_stir_shaken: resource exhaustion with large files
When using STIR/SHAKEN, it's possible to download files that are not
certificates. These files could be much larger than what you would expect
to
download.
* AST-2022-002: res_stir_shaken: SSRF vulnerability with Identity header
When using STIR/SHAKEN, it's possible to send arbitrary requests like GET
to
interfaces such as localhost using the Identity header.
* AST-2022-003: func_odbc: Possible SQL Injection
Some databases can use backslashes to escape certain characters, such as
backticks. If input is provided to func_odbc which includes backslashes it
is
possible for func_odbc to construct a broken SQL query and the SQL query to
fail.
16.25.1
Bugs fixed in this release:
* [ASTERISK-29988] REGRESSION: The build process is requiring xmllint
or xmlstarlet ro be installed when it shouldn??t
(Reported by George Joseph)
* [ASTERISK-29986] build: Asterisk 18.11.0 doesn??t compile when wget
isn??t available
(Reported by Stefan Ruijsenaars)
15.25.0
Security bugs fixed in this release:
* [ASTERISK-29945] pjproject: Security fixes for
things
(Reported by Kevin Harwell)
New Features made in this release:
* [ASTERISK-29853] ami: Allow events to be globally disabled
(Reported by N A)
* [ASTERISK-29840] func_channel: Add LASTCONTEXT and LASTEXTEN
fields
(Reported by N A)
Bugs fixed in this release:
* [ASTERISK-29924] res_config_pgsql: omit unsupported column type
text' error
(Reported by Boris P. Korzun)
* [ASTERISK-29923] docs, LICENSE: pbx.digium.com no longer exists
(Reported by N A)
* [ASTERISK-29904] RLS: Batched Notifications stop working
(Reported by Alexei Gradinari)
* [ASTERISK-29365] taskprocessor: Can cause assert at shutdown
(Reported by Joshua C. Colp)
* [ASTERISK-29873] Queue Realtime load
(Reported by Alexei Gradinari)
* [ASTERISK-18416] Realtime queue agents unavailable via AMI before a
call event.
(Reported by kwk)
* [ASTERISK-27597] AMI Queuestatus not working (with realtime queue)
(Reported by cagdas kopuz)
* [ASTERISK-29886] Asterisk AMI sends not-valid XML
(Reported by Napadailo Yaroslav)
Improvements made in this release:
* [ASTERISK-29906] update RLS to reflect the changes to the lists
(Reported by Alexei Gradinari)
* [ASTERISK-29909] app_queue: Add support for withdrawing a call
(Reported by Kfir Itzhak)
* [ASTERISK-29353] Qualify jansson 2.14 for asterisk
(Reported by George Joseph)
* [ASTERISK-29897] channels: Increase core debug levels for chatty
debugs
(Reported by N A)
* [ASTERISK-29896] xmldocs: Add since tag
(Reported by N A)
* [ASTERISK-29861] asterisk.h: add macro for curl user agent
(Reported by N A)
* [ASTERISK-29920] app_voicemail: Warn if trying to manage
nonexistent mailbox
(Reported by N A)
* [ASTERISK-29925] func_db: Warn about malformed key names
(Reported by N A)
* [ASTERISK-29809] curl, stir_shaken: refactor curl code
(Reported by N A)
* [ASTERISK-29891] provide a display name for RLS subscriptions
(Reported by Alexei Gradinari)
* [ASTERISK-29866] cli: add core dump information to core show
settings
(Reported by N A)
* [ASTERISK-29898] documentation: Add default attributes to
documentation
(Reported by N A)
* [ASTERISK-29900] app_mp3: Document and warn about https
incompatibility
(Reported by N A)
16.24.1
The following security vulnerabilities were resolved in 16.24.1:
* AST-2022-004: pjproject: integer underflow on STUN message
The header length on incoming STUN messages that contain an ERROR-CODE
attribute is not properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use with a malicious
remote
party.
* AST-2022-005: pjproject: undefined behavior after freeing a dialog set
When acting as a UAC, and when placing an outgoing call to a target that
then
forks Asterisk may experience undefined behavior (crashes, hangs, etc??)
after a dialog set is prematurely freed.
* AST-2022-006: pjproject: unconstrained malformed multipart SIP message
If an incoming SIP message contains a malformed multi-part body an out of
bounds read access may occur, which can result in undefined behavior. Note,
it??s currently uncertain if there is any externally exploitable vector
within Asterisk for this issue, but providing this as a security issue out
of
caution.[cleardot]
|