ASTERWEB Blog

12Lug/14Off

Rilasciato Asterisk 1.8.29.0

Il giorno 10 luglio 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 1.8.29.0.

Dal post originale:
The release of Asterisk 1.8.29.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
at Invite, UAC starts counting at 200 OK. (Reported by i2045)
* ASTERISK-23582 - [patch]Inconsistent column length in *odbc
(Reported by Walter Doekes)
* ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
categories but the requested one (Reported by zvision)
* ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
results in several bridges with same conf_name (Reported by
Iñaki Cívico)
* ASTERISK-23683 - #includes - wildcard character in a path more
than one directory deep - results in no config parsing on module
reload (Reported by tootai)
* ASTERISK-23827 - autoservice thread doesn't exit at shutdown
(Reported by Corey Farrell)
* ASTERISK-23814 - No call started after peer dialed (Reported by
Igor Goncharovsky)
* ASTERISK-23673 - Security: DOS by consuming the number of
allowed HTTP connections. (Reported by Richard Mudgett)
* ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
a DEBUG level of zero (Reported by Rusty Newton)
* ASTERISK-23766 - [patch] Specify timeout for database write in
SQLite (Reported by Igor Goncharovsky)
* ASTERISK-23818 - PBX_Lua: after asterisk startup module is
loaded, but dialplan not available (Reported by Dennis Guse)
* ASTERISK-23667 - features.conf.sample is unclear as to which
options can or cannot be set in the general section (Reported by
David Brillert)
* ASTERISK-23790 - [patch] - SIP From headers longer than 256
characters result in dropped call and 'No closing bracket'
warnings. (Reported by uniken1)
* ASTERISK-23908 - [patch]When using FEC error correction,
asterisk tries considers negative sequence numbers as missing
(Reported by Torrey Searle)
* ASTERISK-23921 - refcounter.py uses excessive ram for large refs
files (Reported by Corey Farrell)
* ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
objects that were already freed (Reported by Corey Farrell)
* ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
(Reported by Steve Davies)
* ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
PI) in revision 413765 breaks working environments (Reported by
Pavel Troller)

Improvements made in this release:
-----------------------------------
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23492 - Add option to safe_asterisk to disable
backgrounding (Reported by Walter Doekes)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.29.0

13Giu/14Off

Asterisk Project Security Advisory – AST-2014-008

Il giorno 12 giugno 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle securety release per Asterisk: 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Dal post originale:

Asterisk Project Security Advisory - AST-2014-008

Product Asterisk
Summary Denial of Service in PJSIP Channel Driver
Subscriptions
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions
Severity Moderate
Exploits Known No
Reported On 28 May, 2014
Reported By Mark Michelson
Posted On June 12, 2014
Last Updated On June 12, 2014
Advisory Contact Mark Michelson
CVE Name CVE-2014-4048

Description When a SIP transaction timeout caused a subscription to be
terminated, the action taken by Asterisk was guaranteed to
deadlock the thread on which SIP requests are serviced.

Note that this behavior could only happen on established
subscriptions, meaning that this could only be exploited if
an attacker bypassed authentication and successfully
subscribed to a real resource on the Asterisk server.

Resolution The socket-servicing thread is now no longer capable of
dispatching synchronous tasks to other threads since that
may result in deadlocks.

Affected Versions
Product Release Series
Asterisk Open Source 12.x All versions

Corrected In
Product Release
Asterisk Open Source 12.3.1

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-008-12.diff Asterisk
12

Links https://issues.asterisk.org/jira/browse/ASTERISK-23802

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-008.pdf and
http://downloads.digium.com/pub/security/AST-2014-008.html

13Giu/14Off

Asterisk Project Security Advisory – AST-2014-007

Il giorno 12 giugno 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle securety release per Asterisk: 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Dal post originale:

Asterisk Project Security Advisory - AST-2014-007

Product Asterisk
Summary Exhaustion of Allowed Concurrent HTTP Connections
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On May 25, 2014
Reported By Richard Mudgett
Posted On May 9, 2014
Last Updated On June 12, 2014
Advisory Contact Richard Mudgett
CVE Name CVE-2014-4047

Description Establishing a TCP or TLS connection to the configured HTTP
or HTTPS port respectively in http.conf and then not
sending or completing a HTTP request will tie up a HTTP
session. By doing this repeatedly until the maximum number
of open HTTP sessions is reached, legitimate requests are
blocked.

Resolution The patched versions now have a session_inactivity timeout
option in http.conf that defaults to 30000 ms. Users should
upgrade to a corrected version, apply the released patches,
or disable HTTP support.

Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Certified Asterisk 1.8.15 All versions
Certified Asterisk 11.6 All versions

Corrected In
Product Release
Asterisk Open Source 1.8.28.1, 11.10.1, 12.3.1
Certified Asterisk 1.8.15-cert6, 11.6-cert3

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-007-1.8.diff Asterisk
1.8
http://downloads.asterisk.org/pub/security/AST-2014-007-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2014-007-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2014-007-1.8.15.diff Certified
Asterisk
1.8.15
http://downloads.asterisk.org/pub/security/AST-2014-007-11.6.diff Certified
Asterisk
11.6

Links https://issues.asterisk.org/jira/browse/ASTERISK-23673

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-007.pdf and
http://downloads.digium.com/pub/security/AST-2014-007.html

13Giu/14Off

Asterisk Project Security Advisory – AST-2014-006

Il giorno 12 giugno 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle securety release per Asterisk: 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Dal post originale:

Asterisk Project Security Advisory - AST-2014-006

Product Asterisk
Summary Asterisk Manager User Unauthorized Shell Access
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On April 9, 2014
Reported By Corey Farrell
Posted On June 12, 2014
Last Updated On June 12, 2014
Advisory Contact Jonathan Rose < jrose AT digium DOT com >
CVE Name CVE-2014-4046

Description Manager users can execute arbitrary shell commands with the
MixMonitor manager action. Asterisk does not require system
class authorization for a manager user to use the
MixMonitor action, so any manager user who is permitted to
use manager commands can potentially execute shell commands
as the user executing the Asterisk process.

Resolution Upgrade to a version with the patch integrated, apply the
patch, or do not allow users who should not have permission
to run shell commands to use AMI.

Affected Versions
Product Release Series
Asterisk Open Source 11.x All
Asterisk Open Source 12.x All
Certified Asterisk 11.6 All

Corrected In
Product Release
Asterisk Open Source 11.10.1, 12.3.1
Certified Asterisk 11.6-cert3

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-006-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2014-006-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2014-006-11.6.diff Certified
Asterisk
11.6

Links https://issues.asterisk.org/jira/browse/ASTERISK-23609

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-006.pdf and
http://downloads.digium.com/pub/security/AST-2014-006.html

13Giu/14Off

Asterisk Project Security Advisory – AST-2014-005

Il giorno 12 giugno 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle securety release per Asterisk: 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Dal post originale:

Asterisk Project Security Advisory - AST-2014-005

Product Asterisk
Summary Remote Crash in PJSIP Channel Driver's
Publish/Subscribe Framework
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On March 17, 2014
Reported By John Bigelow
Posted On June 12, 2014
Last Updated On June 12, 2014
Advisory Contact Kevin Harwell
CVE Name CVE-2014-4045

Description A remotely exploitable crash vulnerability exists in the
PJSIP channel driver's pub/sub framework. If an attempt is
made to unsubscribe when not currently subscribed and the
endpoint's "sub_min_expiry" is set to zero, Asterisk tries
to create an expiration timer with zero seconds, which is
not allowed, so an assertion raised.

Resolution Upgrade to a version with the patch integrated, apply the
patch, or make sure the "sub_min_expiry" endpoint
configuration option is greater than zero.

Affected Versions
Product Release Series
Asterisk Open Source 12.x All

Corrected In
Product Release
Asterisk Open Source 12.x 12.3.1

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-005-12.diff Asterisk
12

Links https://issues.asterisk.org/jira/browse/ASTERISK-23489

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-005.pdf and
http://downloads.digium.com/pub/security/AST-2014-005.html

13Giu/14Off

Asterisk: Security Release 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Il giorno 12 giugno 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio delle securety release per Asterisk: 1.8.15-cert6, 1.8.28.1, 11.6-cert3, 11.10.1, 12.3.1

Dal post originale:
The release of these versions resolves the following issue:

* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
Connections

Establishing a TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP request
will tie up a HTTP session. By doing this repeatedly until the maximum number
of open HTTP sessions is reached, legitimate requests are blocked.

Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the
following issue:

* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
Shell Access

Manager users can execute arbitrary shell commands with the MixMonitor manager
action. Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is permitted to use
manager commands can potentially execute shell commands as the user executing
the Asterisk process.

Additionally, the release of 12.3.1 resolves the following issues:

* AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe
Framework

A remotely exploitable crash vulnerability exists in the PJSIP channel
driver's pub/sub framework. If an attempt is made to unsubscribe when not
currently subscribed and the endpoint's “sub_min_expiry” is set to zero,
Asterisk tries to create an expiration timer with zero seconds, which is not
allowed, so an assertion raised.

* AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions

When a SIP transaction timeout caused a subscription to be terminated, the
action taken by Asterisk was guaranteed to deadlock the thread on which SIP
requests are serviced. Note that this behavior could only happen on
established subscriptions, meaning that this could only be exploited if an
attacker bypassed authentication and successfully subscribed to a real
resource on the Asterisk server.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-005, AST-2014-006, AST-2014-007, and AST-2014-008,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert6
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.28.1
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.3.1

3Giu/14Off

Asterweb: Corso Configurazione Patton Smartnode

Questa la newsletter con cui abbiamo comunicato ai nostri iscritti, Partners e Rivenditori l'organizzazione di questo corso, ad un costo estremamente contenuto (solo 65,00 Euro più iva), che siamo certi aiuterà tutti gli operatori del settore che parteciperanno.

 

Corso: Configurazione Patton Smartnode

Corso OnLine: Configurazione Patton Smartnode

Costo: 65,00 + iva

PRENOTA SUBITO

Omaggio:
file configurazione per i modelli:

4120/1BIS2V, 4120/2BIS4V, 4112/JO, 4114/JO, 4940/1E30V, 4961/1E30V

Potrai finalmente configurarteli da solo!


Unica data (esclusiva) - prenota immediatamente!

Lunedì 16 giugno  dalle 14:00 alle 18:00

 

Corso: € 65,00 + iva Corso + 1 ora di assistenza: € 95,00 + iva







Programma

14:00 - 15:55

Inizio lavori

Panoramica prodotti

Interfaccia CLI

Esempi di configurazione

16:05 - 18:00

Context Switch

IP Context

SIP Gateways and SIP Servers

Debugging


Asterweb

Lo STaff

http://www.asterweb.org

http://www.asterisk-phonebook.com

Visitate il sito CLASS da dove potrete scricare le VM con già installato il software in versione FULL Demo.

Video Class:


2Giu/14Off

Terza sessione del FreeWebinar “Programmazione Asterisk per FreePBX/Elastix”

Questa la newsletter con la quale comunichiamo ai nostri iscritti, Partners e Rivenditori la data della terza sessione del FreeWebinar "Programmazione Asterisk per FreePBX/Elastix".

 

Webinar gratuito: Programmazione Asterisk per FreePBX/Elastix

Prosegue questo venerdì 6 giugno il programma di Webinar gratuiti organizzati da Asterweb che ha l'obiettivo di farvi acquisire le conoscenze per la programmazione di Asterisk (specificamente rivolta all'integrazione con FreePBX/Elastix).

Anche questo terzo Webinar, della durata di 1 ora, avrà inizio alle ore 14:30.

Per l'inscrizione inviare e-mail a: freewebinar@asterweb.org indicando il/i nominativo/i del/i partecipante/i.

Gli utenti già iscritti potranno partecipare direttamente accedendo con le credenziali precedentemente comunicate (senza nuova iscrizione).

Con l'auspicio di avervi numerosi, vi salutiamo cordialmente.

Asterweb

Lo STaff

http://www.asterweb.org

http://www.asterisk-phonebook.com

Visitate il sito CLASS da dove potrete scricare le VM con già installato il software in versione FULL Demo.

Video Class:

30Mag/14Off

Rilasciato Asterisk 12.3.0

Il giorno 29 maggio 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 12.3.0.

Dal post originale:
The release of Asterisk 12.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Improvements made in this release:
-----------------------------------
* ASTERISK-23553 - Add ast_spinlock capability to lock.h (Reported
by George Joseph)
* ASTERISK-23649 - [patch]Support for DTLS retransmission
(Reported by NITESH BANSAL)
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-23584 - PJSIP 'Unable to create channel' when
attempting to call from endpoint with UDP transport to one using
WebSockets (Reported by Rusty Newton)
* ASTERISK-23545 - Confbridge talker detection settings
configuration load bug (Reported by John Knott)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-22904 - bridges: lock the bridge when creating bridge
snapshots (Reported by Matt Jordan)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-23616 - Big memory leak in logger.c (Reported by
ibercom)
* ASTERISK-23588 - ARI: Crash when unsubscribing from bridge
(Reported by Matt Jordan)
* ASTERISK-23502 - Channel variable SIPREFERTOHDR not being set
during blind transfer (Reported by John Bigelow)
* ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
(Reported by Sebastian Wiedenroth)
* ASTERISK-23514 - The pjsip.conf aor qualify contact parameters
are not updated on reload. (Reported by Richard Mudgett)
* ASTERISK-23550 - Newer sound sets don't show up in menuselect
(Reported by Rusty Newton)
* ASTERISK-22677 - Playbacks on bridge via ARI are not queued
(Reported by John Bigelow)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-23487 - features.conf cant load from realtime because
features_config.c starts before loader.c (Reported by Denis)
* ASTERISK-23282 - Documentation - Tab completion and CLI usage
documentation do not indicate that 'all' is accepted for
'confbridge kick all' (Reported by Dorian Logan)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23573 - Crash when transferring unbridged call - in
bridge_app_subscribed at stasis/app.c (Reported by Mark
Michelson)
* ASTERISK-23639 - PJSIP Realtime: Alembic migration needed in
order to widen some string columns (Reported by Mark Michelson)
* ASTERISK-23560 - [ARI] MOH doesn't indicate progress (Reported
by Jan Svoboda)
* ASTERISK-23605 - res_http_websocket: Race condition in shutting
down websocket causes crash (Reported by Matt Jordan)
* ASTERISK-23498 - Asterisk PJSIP transport configuration fails on
parsing of 'cipher' option, any valid option is reported as
unsupported (Reported by Anthony Messina)
* ASTERISK-23672 - PJSIP Digium presence notifications are not
sent if only the subtype or message changes (Reported by Mark
Michelson)
* ASTERISK-23501 - Copy 'Referred-By' header to outgoing INVITE
(Reported by John Bigelow)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23675 - [patch] Segmentation Fault on first SIP
registration using res_config_odbc (Reported by Leandro Dardini)
* ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
'spy', if the spied-on channel makes a new call, unable to
barge. (Reported by Robert Moss)
* ASTERISK-23497 - chan_sip SIP protocol attended transfer, with
directmedia=yes results in a simple bridge, typically with no
audio (Reported by Etienne Lessard)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
by Guillaume Maudoux)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
* ASTERISK-23758 - 500 internal server error when answering a
channel with ARI (Reported by Paul Belanger)
* ASTERISK-22912 - res_corosync doesn't build in Asterisk 12 beta2
(Reported by Malcolm Davenport)
* ASTERISK-22372 - res_corosync: Compilation errors and
functionality broken in Asterisk 12 (Reported by Matt Jordan)
* ASTERISK-23721 - Calls to PJSIP endpoints with video enabled
result in leaked RTP ports (Reported by cervajs)

New Features made in this release:
-----------------------------------
* ASTERISK-23433 - ARI: Add 'tones' as a URI scheme for /play
operations on resources that support media (bridges, channels)
(Reported by Matt Jordan)
* ASTERISK-22697 - ARI: Add the ability to raise an arbitrary User
Event from the Asterisk or Applications resource (Reported by
Matt Jordan)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.3.0

30Mag/14Off

Rilasciato Asterisk 11.10.0

Il giorno 29 maggio 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.10.0.

Dal post originale:
The release of Asterisk 11.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-23559 - app_voicemail fails to load after fix to
dialplan functions (Reported by Corey Farrell)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23545 - Confbridge talker detection settings
configuration load bug (Reported by John Knott)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-23616 - Big memory leak in logger.c (Reported by
ibercom)
* ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
(Reported by Sebastian Wiedenroth)
* ASTERISK-23550 - Newer sound sets don't show up in menuselect
(Reported by Rusty Newton)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23605 - res_http_websocket: Race condition in shutting
down websocket causes crash (Reported by Matt Jordan)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
'spy', if the spied-on channel makes a new call, unable to
barge. (Reported by Robert Moss)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)

Improvements made in this release:
-----------------------------------
* ASTERISK-23649 - [patch]Support for DTLS retransmission
(Reported by NITESH BANSAL)
* ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
available in a CLI command (Reported by Patrick Laimbock)
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0

30Mag/14Off

Rilasciato Asterisk 1.8.28.0

Il giorno 29 maggio 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 1.8.28.0.

Dal post originale:
The release of Asterisk 1.8.28.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-23547 - [patch] app_queue removing callers from queue
when reloading (Reported by Italo Rossi)
* ASTERISK-22846 - testsuite: masquerade super test fails on all
branches (still) (Reported by Matt Jordan)
* ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
(Reported by Walter Doekes)
* ASTERISK-23620 - Code path in app_stack fails to unlock list
(Reported by Bradley Watkins)
* ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
* ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
Krzysztof Chmielewski)
* ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
PGSQL database state and Asterisk state (Reported by Mark
Michelson)
* ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
(Reported by Guillaume Maudoux)
* ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
for INVITE/w/replaces pickup (Reported by Walter Doekes)
* ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
(Reported by Steve Davies)
* ASTERISK-23650 - Intermittent segfault in string functions
(Reported by Roel van Meer)

Improvements made in this release:
-----------------------------------
* ASTERISK-23754 - [patch] Use var/lib directory for log file
configured in asterisk.conf (Reported by Igor Goncharovsky)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.28.0

Thank you for your continued support of Asterisk!

6Mar/14Off

Asterweb: presentato il nuovo software CLASS (phonebook e tanto altro)

Ieri, 05 marzo 2014, abbiamo presentato il nuovo software Class sul sito dedicato http://www.asterisk-phonebook.com.

Questo nuovo prodotto che funziona su tutte le principali distribuzioni (Elastix, FreePBX Distro, Piaf ed anche su compreso RasPBX per Raspberry) è la soluzione ideale per tutti coloro che vogliono avere una gestione semplice ma allo stesso tempo funzionale del proprio PBX Asterisk.

Dalle caratteristiche sotto elencate vi renderete facilmente conto di come Class può e deve diventare uno standard per le vostre installazioni. Ecco le caratteristiche:

Visita il sito www.asterisk-phonebook.com e verifica personalmente le grandi potenzialità
del nuovo software Class.

Queste le caratteristiche:

  • tutto da interfaccia web (Chrome, Firefox, Opera, Safari, IE)
  • funziona su Raspberry, Elastix, FreePBX Distro, PBXInaFlash

  • gestisce "illimitati" utenti
  • gestisce "illimitate" rubriche condivise
  • per ogni contatto delle rubriche è possibile vedere le chiamate fatte e ricevute (anche per un singolo numero di telefono del contatto)
  • ad ogni utente si possono assegnare dinamicamente i BLF (monitoraggio degli interni)
  • Pop UP sulle chiamate in ingresso con la possibilità di:
    • salvare (anche durante la conversazione) delle
      note
      che vengono automaticamente salvate sul CDR
    • aprire automaticamente o manualmente un URL passando in automatico le variabili: numero-chiamante, numero-chiamato (ideale per collegamento con CRM o gestionali)
  • reportistica dettagliata per interno, di facile utilizzo e leggibilità
  • ascolto registrazioni delle chiamate (secondo i permessi assegnati) direttamente dalla
    reportistica
  • task bar per accesso rapido a:
    • BLF
    • ultime 15 chiamate fatte
    • ultime 15 chiamate ricevute
    • ultime 15 chiamate perse
    • abilita/disabilita DND
    • abilita/disabilita Seguimi
  • utilità:
    • controllo con alert occupazione spazio disco della cartella /var/spool/asterisk
    • cancellazione automatica dei files più "vecchi" di x giorni
    • cambio logo (potrete personalizzare col vostro logo il software Class)
  • CHAT (in versione beta) che consente la messaggistica interna senza bisogno di installare e
    configurare "complicati" server

Il software CLASS è oggi in PROMO:
- CLASS per Raspberry (RasPBX) Euro 39,00
- CLASS per "distro" Euro 49,00

Visita subito il sito www.asterisk-phonebook.com e approfitta
di questa straordinaria promozione per il software che cambierà il tuo modo di lavorare consentendoti di sfruttare al meglio il tuo centralino
Asterisk!

Ti aspettiamo. Lo Staff

http://www.asterisk-phonebook.com

6Mar/14Off

Rilasciato Asterisk 12.1.0

Il giorno 3 marzo 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 12.1.0.

Dal post originale:
The release of Asterisk 12.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-23038 - Need config option to enable PJSIP logger at
load time (Reported by Rusty Newton)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-23051 - ARI: channel variables in JSON breaks passing
parameters in JSON (Reported by Matt Jordan)
* ASTERISK-22952 - res_pjsip_pubsub: crash when
subscription_destructor is terminated from a non-PJSIP thread
(Reported by Matt Jordan)
* ASTERISK-22486 - ARI: TCP Reset after 204 response (Reported by
David M. Lee)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-23074 - Crash in ChanIsAvail app (Reported by Kilburn)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-23101 - pjsip: crash when parsing scheme from SIP URI
(Reported by Matt Jordan)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-23053 - The users of ao2_iterator_cleanup() are
violating the ao2_iterator opacity. (Reported by Richard
Mudgett)
* ASTERISK-22924 - PJSIP MESSAGE support does not present the
contact information on outbound messages (Reported by Anthony
Messina)
* ASTERISK-22884 - hangup_handler end with h extension: tests
currently fail in Asterisk 12 + (Reported by Matt Jordan)
* ASTERISK-23128 - res_ari: Memory leak on response headers and
some JSON response messages (Reported by Joshua Colp)
* ASTERISK-23081 - PJSip Tab Expansion erroring (Reported by
xrobau)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23065 - On Asterisk start, device state is INVALID for
previously registered PJSIP endpoints, despite re-registrations
(Reported by Rusty Newton)
* ASTERISK-22790 - check_modem_rate() may return incorrect rate
for V.27 (Reported by Paolo Compagnini)
* ASTERISK-23034 - [patch] manager Originate doesn't abort on
failed format_cap allocation (Reported by Corey Farrell)
* ASTERISK-23062 - res_pjsip AOR config option qualify_frequency
is inconsistently respected (Reported by Rusty Newton)
* ASTERISK-23071 - pjsip: mailboxes documentation is lacking
(Reported by Matt Jordan)
* ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
sip.conf.sample (Reported by Eugene)
* ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
minus signs (Reported by Jeremy Lainé)
* ASTERISK-23046 - Custom CDR fields set during a GoSUB called
from app_queue are not inserted (Reported by Denis Pantsyrev)
* ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
"transferred" (Reported by Jeremy Lainé)
* ASTERISK-23018 - PJSip 'allow=all' results in failed SDP
negotiation (Reported by xrobau)
* ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
channel connects (Reported by Michael Cargile)
* ASTERISK-23051 - ARI: channel variables in JSON breaks passing
parameters in JSON (Reported by Matt Jordan)
* ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
request and request queue may differ - fix for locking (Reported
by adomjan)
* ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
media offer due to invalid or unsupported syntax (Reported by
adomjan)
* ASTERISK-22861 - [patch]Specifying a null time as parameter to
GotoIfTime or ExecIfTime causes segmentation fault (Reported by
Sebastian Murray-Roberts)
* ASTERISK-23177 - [patch] RealTime cant update sipbuddies table
when registering or updating friend (Reported by Denis)
* ASTERISK-23082 - Including g722 in pjsip codec configuration
results in unexpected SDP offers (Reported by xrobau)
* ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
exceeded (Reported by pz)
* ASTERISK-23143 - ARI: subscribing to an already subscribed
resource returns a 500 error (Reported by Matt Jordan)
* ASTERISK-23056 - [patch]INFINITY and NAN undefined (Reported by
capouch)
* ASTERISK-23129 - segfault in res_pjsip_pubsub.so (Reported by
Dan Jenkins)
* ASTERISK-22662 - Documentation fix? - queues.conf says
persistentmembers defaults to yes, it appears to lie (Reported
by Rusty Newton)
* ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
handle selinux port restrictions (Reported by Corey Farrell)
* ASTERISK-23106 - pjsip: ACK to 200 OK sent to private IP address
on outbound channel's INVITE request (Reported by Matt Jordan)
* ASTERISK-23072 - MWI subscription from Cisco SPA fails with
PJSIP (Reported by Bob M)
* ASTERISK-23164 - CDRs: mid-call/pre-dial handlers perturb
context/exten/app/data fields during Dial (Reported by Matt
Jordan)
* ASTERISK-23220 - STACK_PEEK function with no arguments causes
crash/core dump (Reported by James Sharp)
* ASTERISK-23249 - Skinny subchannel locking issues (Reported by
Damien Wedhorn)
* ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
command multiple times on cli_aliases (Reported by Joel Vandal)
* ASTERISK-22757 - segfault in res_clialiases.so on reload when
mapping "module reload" command (Reported by Gareth Blades)
* ASTERISK-23250 - CDR(start) function is broken due to sizeof
dereference (Reported by snuffy)
* ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
(Reported by LN)
* ASTERISK-23168 - Overriding outbound_auth in a pjsip
registration causes ERROR, assert failure. (Reported by George
Joseph)
* ASTERISK-23178 - devicestate.h: device state setting functions
are documented with the wrong return values (Reported by
Jonathan Rose)
* ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
to minrate=2400, then res_fax refuse to load (Reported by David
Brillert)

Improvements made in this release:
-----------------------------------
* ASTERISK-22919 - core show channeltypes slicing (Reported by
outtolunc)
* ASTERISK-22868 - chan_pjsip: 'setvar' should be supported on
endpoints (Reported by Joshua Colp)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)
* ASTERISK-21084 - New SIP Channel Driver - Path Support (Reported
by Matt Jordan)
* ASTERISK-23068 - http: Implement support for chunked
Transfer-Encoding (Reported by Matt Jordan)
* ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
against libfreeradius-client (Reported by Jeremy Lainé)
* ASTERISK-22984 - ari: Transfer messages not being sent out ARI
WebSocket (Reported by David M. Lee)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.1.0

6Mar/14Off

Rilasciato Asterisk 11.8.0

Il giorno 3 marzo 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.8.0.

Dal post originale:
The release of Asterisk 11.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
Asterisk to Chrome (Reported by Shaun Clark)
* ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
DTMF menus in ConfBridge (processed as directive) (Reported by
Nicolas Tanski)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
Melekhov)
* ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
"WIMPy" Harzenetter)
* ASTERISK-22942 - [patch] - Asterisk crashed after
Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)
* ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
- probably introduced in 11.7.0 (Reported by OK)

Improvements made in this release:
-----------------------------------
* ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
When Running "sip show peers" (Reported by Michael L. Young)
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22919 - core show channeltypes slicing (Reported by
outtolunc)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0

6Mar/14Off

Rilasciato Asterisk 1.8.26.0

Il giorno 3 marzo 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 1.8.26.0.

Dal post originale:
The release of Asterisk 1.8.26.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-22544 - Italian prompt vm-options has advertisement in
it (Reported by Rusty Newton)
* ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
every register message (Reported by Pawel Pierscionek)
* ASTERISK-20862 - Asterisk min and max member penalties not
honored when set with 0 (Reported by Schmooze Com)
* ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
read (Reported by Michael Walton)
* ASTERISK-22788 - [patch] main/translate.c: access to variable f
after free in ast_translate() (Reported by Corey Farrell)
* ASTERISK-21242 - Segfault when T.38 re-invite retransmission
receives 200 OK (Reported by Ashley Winters)
* ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
16 bit multipart SMS with app_sms (Reported by Jan Juergens)
* ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
from being executed from external interfaces (Reported by Matt
Jordan)
* ASTERISK-23021 - Typos in code : "avaliable" instead of
"available" (Reported by Jeremy Lainé)
* ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
by Gareth Palmer)
* ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
instead of seconds (Reported by Robert Mordec)
* ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
core_event_dispatcher taskprocessor thread (Reported by Etienne
Lessard)
* ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
memory when is empty (Reported by Gareth Palmer)
* ASTERISK-22871 - cel_pgsql module not loading after "reload" or
"reload cel_pgsql.so" command (Reported by Matteo)
* ASTERISK-23084 - [patch]rasterisk needlessly prints the
AST-2013-007 warning (Reported by Tzafrir Cohen)
* ASTERISK-17138 - [patch] Asterisk not re-registering after it
receives "Forbidden - wrong password on authentication"
(Reported by Rudi)
* ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
lua 5.2 (Reported by George Joseph)
* ASTERISK-22834 - Parking by blind transfer when lot full orphans
channels (Reported by rsw686)
* ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
SIP transfer to parking space (Reported by Tommy Thompson)
* ASTERISK-22946 - Local From tag regression with sipgate.de
(Reported by Stephan Eisvogel)
* ASTERISK-23010 - No BYE message sent when sip INVITE is received
(Reported by Ryan Tilton)

Improvements made in this release:
-----------------------------------
* ASTERISK-22659 - Make a new core and extra sounds release
(Reported by Rusty Newton)
* ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.26.0