ASTERWEB Blog

6Gen/15Off

La banda ultralarga che avremo nel 2015

Da pmi.it post di Alessandro Longo articolo originale

Banda-Ultra-larga

Banda ultralarga a 30 Megabit disponibile per metà degli Italiani, nuove offerte per connessioni a 100 Megabit e fibra ottica, investimenti pubblici e degli operatori (Telecom Italia, Fastweb, Vodafone, Metroweb): scenario e prospettive.

La percentuale di Italiani coperta da banda ultralarga a 30 Megabit raddoppierà nel 2015, passando dal 23% (dicembre 2014) al 45%. Avranno un qualche progresso anche le connessioni a 100 Megabit e oltre, grazie a un mix di novità: i piani di investimento degli operatori (Telecom Italia, Fastweb, Vodafone, Metroweb), l’uso del vectoring sul fiber to the cabinet e una possibile espansione della fibra oltre l’armadio.

Possiamo fare queste previsioni mettendo insieme i tanti segnali accumulati negli ultimi scampoli del 2014. Certo è che il pentolone della banda (ultra) larga non è mai stato così carico di novità. Le incognite sono sui tempi di cottura e sui risultati finali.

18Dic/14Off

Rilasciato Asterisk 11.15.0

Il giorno 15 dicembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 12.8.0.

Dal post originale:
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)

Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0

18Dic/14Off

Rilasciato Asterisk 12.8.0

Il giorno 15 dicembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 12.8.0.

Dal post originale:
The Asterisk Development Team has announced the release of Asterisk 12.8.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 12.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-24480 - res_http_websockets: Module reference decrease
below zero (Reported by Corey Farrell)
* ASTERISK-24482 - func_talkdetect: Fix stasis message leak in
audiohook callback (Reported by Corey Farrell)
* ASTERISK-24487 - configuration: sections should be loadable as
template even when not marked (Reported by Scott Griepentrog)
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24438 - res_pjsip_multihomed.so blocks Asterisk reload
when DNS settings invalid (Reported by Melissa Shepherd)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24491 - Memory leak in res_hep (Reported by Zane
Conkle)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24447 - Bridge DTMF hooks: Audio doesn't pass when
waiting for more matching digits. (Reported by Richard Mudgett)
* ASTERISK-24257 - agent must dial acceptdtmf twice to bridge to
queue caller (Reported by Steve Pitts)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24489 - Crash: Asterisk crashes when converting RTCP
packet to JSON for res_hep_rtcp and report blocks are greater
than 1 (Reported by Gregory Malsack)
* ASTERISK-24498 - Segmentation fault in res_hep_rtcp on attended
transfer (Reported by Beppo Mazzucato)
* ASTERISK-24501 - ARI: Moving a channel between bridges followed
by a hangup can cause an ARI client to not receive an expected
ChannelLeftBridge event before StasisEnd (Reported by Matt
Jordan)
* ASTERISK-24336 - PJSIP timer_min_se value under 90 causes crash
(Reported by Leon Rowland)
* ASTERISK-23651 - Reloading some modules that are loaded already,
results in 'No such module' before a successful reload (Reported
by Rusty Newton)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24508 - pjsip - REFER request from SNOM is rejected
with "400 bad request" - DEBUG shows "Received a REFER without a
parseable Refer-To" (Reported by Beppo Mazzucato)
* ASTERISK-24535 - stringfields: Fix regression from fix for
unintentional memory retention and another issue exposed by the
fix (Reported by Corey Farrell)
* ASTERISK-24471 - Crash - assert_fail in libc in
pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
(Reported by yaron nahum)
* ASTERISK-24528 - res_pjsip_refer: Sending INVITE with Replaces
in-dialog with invalid target causes crash (Reported by Joshua
Colp)
* ASTERISK-24531 - res_pjsip_acl: ACLs not applied on initial
module load (Reported by Matt Jordan)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24533 - 2 threads created per chan_sip entry (Reported
by xrobau)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
* ASTERISK-24537 - Stasis: StasisStart/StasisEnd events are not
reliably transmitted during transfers (Reported by Matt Jordan)

Improvements made in this release:
-----------------------------------
* ASTERISK-24279 - Documentation: Clarify the behaviour of the CDR
property 'unanswered' (Reported by Matt Jordan)
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.8.0

18Dic/14Off

Rilasciato Asterisk 13.1.0

Il giorno 15 dicembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.1.0.

Dal post originale:
he Asterisk Development Team has announced the release of Asterisk 13.1.0.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk

The release of Asterisk 13.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-24554 - AMI/ARI: Generate events on connected line
changes (Reported by Matt Jordan)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24455 - func_cdr: CDR_PROP leaks payload (Reported by
Corey Farrell)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24437 - Review implementation of ast_bridge_impart for
leaks and document proper usage (Reported by Scott Griepentrog)
* ASTERISK-24453 - manager: acl_change_sub leaks (Reported by
Corey Farrell)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-24458 - chan_phone fails to build on big endian systems
(Reported by Tzafrir Cohen)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24462 - res_pjsip: Stale qualify statistics after
disablementation (Reported by Kevin Harwell)
* ASTERISK-24465 - audiohooks list leaks reference to formats
(Reported by Corey Farrell)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24411 - [patch] Status of outbound registration is not
changed upon unregistering. (Reported by John Bigelow)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24480 - res_http_websockets: Module reference decrease
below zero (Reported by Corey Farrell)
* ASTERISK-24482 - func_talkdetect: Fix stasis message leak in
audiohook callback (Reported by Corey Farrell)
* ASTERISK-24487 - configuration: sections should be loadable as
template even when not marked (Reported by Scott Griepentrog)
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24438 - res_pjsip_multihomed.so blocks Asterisk reload
when DNS settings invalid (Reported by Melissa Shepherd)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24491 - Memory leak in res_hep (Reported by Zane
Conkle)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24447 - Bridge DTMF hooks: Audio doesn't pass when
waiting for more matching digits. (Reported by Richard Mudgett)
* ASTERISK-24257 - agent must dial acceptdtmf twice to bridge to
queue caller (Reported by Steve Pitts)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24250 - [patch] Voicemail with multi-recipients To:
header fix (Reported by abelbeck)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24489 - Crash: Asterisk crashes when converting RTCP
packet to JSON for res_hep_rtcp and report blocks are greater
than 1 (Reported by Gregory Malsack)
* ASTERISK-24498 - Segmentation fault in res_hep_rtcp on attended
transfer (Reported by Beppo Mazzucato)
* ASTERISK-24501 - ARI: Moving a channel between bridges followed
by a hangup can cause an ARI client to not receive an expected
ChannelLeftBridge event before StasisEnd (Reported by Matt
Jordan)
* ASTERISK-24336 - PJSIP timer_min_se value under 90 causes crash
(Reported by Leon Rowland)
* ASTERISK-23651 - Reloading some modules that are loaded already,
results in 'No such module' before a successful reload (Reported
by Rusty Newton)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24508 - pjsip - REFER request from SNOM is rejected
with "400 bad request" - DEBUG shows "Received a REFER without a
parseable Refer-To" (Reported by Beppo Mazzucato)
* ASTERISK-24535 - stringfields: Fix regression from fix for
unintentional memory retention and another issue exposed by the
fix (Reported by Corey Farrell)
* ASTERISK-24471 - Crash - assert_fail in libc in
pjmedia_sdp_neg_negotiate from /usr/local/lib/libpjmedia.so.2
(Reported by yaron nahum)
* ASTERISK-24528 - res_pjsip_refer: Sending INVITE with Replaces
in-dialog with invalid target causes crash (Reported by Joshua
Colp)
* ASTERISK-24531 - res_pjsip_acl: ACLs not applied on initial
module load (Reported by Matt Jordan)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24542 - [patch]Failure showing codecs via 'core show
channeltype ' (Reported by snuffy)
* ASTERISK-24533 - 2 threads created per chan_sip entry (Reported
by xrobau)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
* ASTERISK-24537 - Stasis: StasisStart/StasisEnd events are not
reliably transmitted during transfers (Reported by Matt Jordan)
* ASTERISK-24556 - Asterisk 13 core dumps when calling from pjsip
extension to another pjsip extension (Reported by Abhay Gupta)

Improvements made in this release:
-----------------------------------
* ASTERISK-24279 - Documentation: Clarify the behaviour of the CDR
property 'unanswered' (Reported by Matt Jordan)
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.1.0

15Dic/14Off

AST-2014-019: Remote Crash Vulnerability in WebSocket Server

Il giorno 10 dicembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di AST-2014-019: Remote Crash Vulnerability in WebSocket Server.

Dal post originale:

sterisk Project Security Advisory - AST-2014-019

Product Asterisk
Summary Remote Crash Vulnerability in WebSocket Server
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On 30 October 2014
Reported By Badalian Vyacheslav
Posted On 10 December 2014
Last Updated On December 10, 2014
Advisory Contact Joshua Colp
CVE Name

Description When handling a WebSocket frame the res_http_websocket
module dynamically changes the size of the memory used to
allow the provided payload to fit. If a payload length of
zero was received the code would incorrectly attempt to
resize to zero. This operation would succeed and end up
freeing the memory but be treated as a failure. When the
session was subsequently torn down this memory would get
freed yet again causing a crash.

Users of the WebSocket functionality also did not take into
account that provided text frames are not guaranteed to be
NULL terminated. This has been fixed in chan_sip and
chan_pjsip in the applicable versions.

Resolution Ensure the built-in HTTP server is disabled, upgrade to a
version listed below, or apply the applicable patch.

The change ensures that res_http_websocket does not treat
the freeing of memory when a payload length of zero is
received as fatal.

Affected Versions
Product Release
Series
Certified Asterisk 11.6 All versions
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Asterisk Open Source 13.x All versions

Corrected In
Product Release
Certified Asterisk 11.6-cert9
Asterisk Open Source 11.14.2, 12.7.2, 13.0.2

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-019-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2014-019-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2014-019-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2014-019-13.diff Asterisk
13

Links https://issues.asterisk.org/jira/browse/ASTERISK-24472

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-019.pdf and
http://downloads.digium.com/pub/security/AST-2014-019.html

18Nov/14Off

Nuovo sito per la configurazione OnLine dei Patton Smartnode

Logo Asterweb

Logo Asterweb

Abbiamo il piacere di informarvi che da oggi è on line il nuovo sito:

http://www.patton-smartnode-configuration.com

Dal sito è possibile ottenere i file di configurazione di (quasi) tutti gli Smartnode Patton: analogici, isdn e pri.

Basta semplicemente registrarsi ed inserire pochi dati. Vengono, inoltre, generati i trunk Sip per Asterisk.

In pratica ... copia e incolla.

Vi aspettiamo numerosi.

13Nov/14Off

Free Webinar riservato ai Partners Asterweb “Configuriamo Postfix”

Logo Asterweb

Logo Asterweb

Venerdì 21 novembre 2014 si terrà il Webinar riservato ai Partners Asterweb "Configuriamo Postfix".

Il Webinar si svolgerà dalle ore 14:30 alle ore 15:30.

Cordiali saluti, lo Staff

12Nov/14Off

Partner Asterweb: monitoriamo le nostre installazioni con Nagios

Logo Asterweb

Logo Asterweb

Gentile Partner.

Proseguendo la nostra politica orientata alla formazione ed alla "crescita professionale" dei Partner, abbiamo programmato delle sedute gratuite 1:1, della durata di circa 2/4 ore, finalizzata a:
- installazione server Nagios
- configurazione plugins Nagios sulle macchine client

L'obiettivo è quello di dare "slancio" a questa soluzione di monitoraggio poiché la stessa può garantirvi svariati vantaggi, tecnici e commerciali:
- vantaggi tecnici: provate ad immaginare se anche 1 sola volta l'hd di un vs cliente si riempie e non funziona più nulla (meglio prevenire ...)
- vantaggi commerciali: provate ad immaginare che effetto può avere su un possibile Cliente, far vedere il vostro sistema di monitoraggio (attenzione per il Cliente e professionalità)

Siamo certi che apprezzerete questa nuova attività messa a vostra disposizione e vi inviatimo a schedulare l'attività in tempi estremamente rapidi, così da darci la possibilità di organizzare tempi e risorse.

Cordiali saluti e buon lavoro.

12Nov/14Off

Raspberry Pi A+, ancora piu’ piccolo e piu’ economico

Il Modello A+ ha le stesse caratteristiche del precedente (processore e RAM) ma è molto più compatto nelle dimensioni, consuma meno energia, è dotato di un output audio migliore, ha un connettore GPIO a 40 pin e include una nuova porta "push-push" per schede Micro SD.

Per gli sviluppatori del progetto Raspberry questo è un ulteriore traguardo raggiunto nell'ottica dello sviluppo (ultra) low-cost.

Logo Asterweb

Logo Asterweb

12Nov/14Off

Rilasciato Asterisk 12.7.0

Il giorno 10 novembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 12.7.0.

Dal post originale:
The release of Asterisk 12.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-24339 - Swagger API Docs have incorrect basePath
(Reported by Bradley Watkins)
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-24295 - crash: creating out of dialog OPTIONS request
crashes (Reported by Rogger Padilla)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-24350 - PJSIP shows commands prints unneeded headers
(Reported by snuffy)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24362 - res_hep leaks reference to configuration
(Reported by Corey Farrell)
* ASTERISK-23781 - outgoing missing as enum from
contrib/ast-db-manage/config (Reported by Stephen More)
* ASTERISK-24199 - 'ALL' is specified in pjsip.conf.sample for TLS
cipher but it is not valid (Reported by Joshua Colp)
* ASTERISK-24262 - AMI CoreShowChannel missing several output
fields and event documentation (Reported by Mitch Claborn)
* ASTERISK-24356 - PJSIP: Directed pickup causes deadlock
(Reported by Richard Mudgett)
* ASTERISK-24195 - bridge_native_rtp: Removing mixmonitor from a
native RTP capable smart bridge doesn't cause the bridge to
resume being a native rtp bridge (Reported by Jonathan Rose)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24369 - res_pjsip: Large message on reliable transport
can cause empty messages to be passed from the PJSIP stack up,
causing crashes in multiple locations (Reported by Matt Jordan)
* ASTERISK-24382 - chan_pjsip: Calling PJSIP_MEDIA_OFFER on a
non-PJSIP channel results in an invalid reference of a channel
pvt and a FRACK (Reported by Matt Jordan)
* ASTERISK-24370 - res_pjsip/pjsip_options: OPTIONS request sent
to Asterisk with no user in request is always 404'd (Reported by
Matt Jordan)
* ASTERISK-24224 - When using Bridge() dialplan application,
surrogate channel appears in list and call count is inflated.
(Reported by Mark Michelson)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24398 - Initialize auth_rejection_permanent on client
state to the configuration parameter value (Reported by Matt
Jordan)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24387 - res_pjsip: rport sent from UAS MUST include the
port that the UAC sent the request on (Reported by Matt Jordan)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24394 - CDR: FRACK with PJSIP directed pickup.
(Reported by Richard Mudgett)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24321 - SIP deadlock when running automated queues
tests (Reported by Steve Pitts)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24312 - SIGABRT when improperly configured realtime
pjsip (Reported by Dafi Ni)
* ASTERISK-24426 - CDR Batch mode: size used as time value after
first expire (Reported by Shane Blaser)
* ASTERISK-24327 - bridge_native_rtp: Smart bridge operation to
softmix sometimes fails to properly re-INVITE remotely bridged
participants (Reported by Matt Jordan)
* ASTERISK-24415 - Missing AMI VarSet events when channels inherit
variables. (Reported by Richard Mudgett)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24122 - Documentaton for res_pjsip option use_avpf
needs to be fixed (Reported by James Van Vleet)
* ASTERISK-24381 - res_pjsip_sdp_rtp: Declined media streams are
interpreted, leading to erroneous 488 rejections (Reported by
Matt Jordan)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24437 - Review implementation of ast_bridge_impart for
leaks and document proper usage (Reported by Scott Griepentrog)
* ASTERISK-24453 - manager: acl_change_sub leaks (Reported by
Corey Farrell)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24462 - res_pjsip: Stale qualify statistics after
disablementation (Reported by Kevin Harwell)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24411 - [patch] Status of outbound registration is not
changed upon unregistering. (Reported by John Bigelow)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24487 - configuration: sections should be loadable as
template even when not marked (Reported by Scott Griepentrog)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-12.7.0

12Nov/14Off

Rilasciato Asterisk 11.14.0

Il giorno 10 novembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.14.0.

Dal post originale:
The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
Cohen)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24384 - chan_motif: format capabilities leak on module
load error (Reported by Corey Farrell)
* ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
(Reported by Corey Farrell)
* ASTERISK-24378 - Release AMI connections on shutdown (Reported
by Corey Farrell)
* ASTERISK-24354 - AMI sendMessage closes AMI connection on error
(Reported by Peter Katzmann)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
incorrectly attempted (Reported by Joshua Colp)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
received for component (Reported by Kevin Harwell)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
Corey Farrell)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-23846 - Unistim multilines. Loss of voice after second
call drops (on a second line). (Reported by Rustam Khankishyiev)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
leak (Reported by Corey Farrell)
* ASTERISK-24430 - missing letter "p" in word response in
OriginateResponse event documentation (Reported by Dafi Ni)
* ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
Corey Farrell)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24304 - asterisk crashing randomly because of unistim
channel (Reported by dhanapathy sathya)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24466 - app_queue: fix a couple leaks to struct
call_queue (Reported by Corey Farrell)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0

12Nov/14Off

Rilasciato Asterisk 1.8.32.0

Il giorno 10 novembre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 1.8.32.0.

Dal post originale:
The release of Asterisk 1.8.32.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-24348 - Built-in editline tab complete segfault with
MALLOC_DEBUG (Reported by Walter Doekes)
* ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
INVITE retransmissions of rejected calls (Reported by Torrey
Searle)
* ASTERISK-23768 - [patch] Asterisk man page contains a (new)
unquoted minus sign (Reported by Jeremy Lainé)
* ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
(Reported by Jeremy Lainé)
* ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
realtime peers (Reported by ibercom)
* ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
* ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
high on linux systems with lots of RAM (Reported by Michael
Myles)
* ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
results in a SIP channel leak (Reported by NITESH BANSAL)
* ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
Re-INVITE results in a SIP channel leak (Reported by Torrey
Searle)
* ASTERISK-24406 - Some caller ID strings are parsed differently
since 11.13.0 (Reported by Etienne Lessard)
* ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
(Reported by Tzafrir Cohen)
* ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
Tzafrir Cohen)
* ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
(Reported by Paolo Compagnini)
* ASTERISK-18923 - res_fax_spandsp usage counter is wrong
(Reported by Grigoriy Puzankin)
* ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
(Reported by Dmitry Melekhov)
* ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
when sending qualify requests (Reported by Damian Ivereigh)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
* ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
Nick Adams)
* ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
(Reported by Corey Farrell)
* ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
leaks (Reported by Corey Farrell)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0

26Ott/14Off

Rilasciato Asterisk 13.0.0

Il giorno 25 ottobre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.0.0.

Dal post originale:
Asterisk 13 is the next major release series of Asterisk. It is a Long Term
Support (LTS) release, similar to Asterisk 11. For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

For important information regarding upgrading to Asterisk 13, please see the
Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13

A short list of new features includes:

* Asterisk security events are now provided via AMI, allowing end users to
monitor their Asterisk system in real time for security related issues.

* Both AMI and ARI now allow external systems to control the state of a mailbox.
Using AMI actions or ARI resources, external systems can programmatically
trigger Message Waiting Indicators (MWI) on subscribed phones. This is of
particular use to those who want to build their own VoiceMail application
using ARI.

* ARI now supports the reception/transmission of out of call text messages using
any supported channel driver/protocol stack through ARI. Users receive out of
call text messages as JSON events over the ARI websocket connection, and can
send out of call text messages using HTTP requests.

* The PJSIP stack now supports RFC 4662 Resource Lists, allowing Asterisk to act
as a Resource List Server. This includes defining lists of presence state,
mailbox state, or lists of presence state/mailbox state; managing
subscriptions to lists; and batched delivery of NOTIFY requests to
subscribers.

* The PJSIP stack can now be used as a means of distributing device state or
mailbox state via PUBLISH requests to other Asterisk instances. This is
analogous to Asterisk's clustering support using XMPP or Corosync; unlike
existing clustering mechanisms, using the PJSIP stack to perform the
distribution of state does not rely on another daemon or server to perform the
work.

And much more!

More information about the new features can be found on the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Documentation

A full list of all new features can also be found in the CHANGES file:

http://svnview.digium.com/svn/asterisk/branches/13/CHANGES

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0

21Ott/14Off

AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

Il giorno 20 ottobre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability.

Dal post originale:
Asterisk Project Security Advisory - AST-2014-011

Product Asterisk
Summary Asterisk Susceptibility to POODLE Vulnerability
Nature of Advisory Unauthorized Data Disclosure
Susceptibility Remote Unauthenticated Sessions
Severity Medium
Exploits Known No
Reported On 16 October 2014
Reported By abelbeck
Posted On 20 October 2014
Last Updated On October 20, 2014
Advisory Contact Matt Jordan
CVE Name CVE-2014-3566

Description The POODLE vulnerability - described under CVE-2014-3566 - is
described at
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.
This advisory describes the Asterisk's project susceptibility
to this vulnerability.

The POODLE vulnerability consists of two issues:

1) A vulnerability in the SSL protocol version 3.0. This
vulnerability has no known solution.

2) The ability to force a fallback to SSLv3 when a TLS
connection is negotiated.

Asterisk is susceptible to both portions of the vulnerability
in different places.

1) The res_jabber and res_xmpp module both use SSLv3
exclusively, and are hence susceptible to POODLE.

2) The core TLS handling, used by the chan_sip channel driver,
Asterisk Manager Interface (AMI), and the Asterisk HTTP
server, defaults to allowing SSLv3/SSLv2 fallback. This allows
a MITM to potentially force a connection to fallback to SSLv3,
exposing it to the POODLE vulnerability.

Resolution Asterisk has been patched such that it no longer uses SSLv3
for the res_jabber/res_xmpp modules. Additionally, when the
encryption method is not specified, the default handling in
the TLS core no longer allows for a fallback to SSLv3 or
SSLv2.

1) Users of Asterisk's res_jabber or res_xmpp modules should
upgrade to the versions of Asterisk specified in this
advisory.

2) Users of Asterisk's chan_sip channel driver, AMI, and
HTTP server may set the "tlsclientmethod" or
"sslclientmethod" to "tlsv1" to force TLSv1 as the only
allowed encryption method. Alternatively, they may also
upgrade to the versions of Asterisk specified in this
advisory. Users of Asterisk are encouraged to NOT specify
"sslv2" or "sslv3". Doing so will now emit a WARNING.

Affected Versions
Product Release
Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Certified Asterisk 1.8.28 All versions
Certified Asterisk 11.6 All versions

Corrected In
Product Release
Asterisk Open Source 1.8.31.1, 11.13.1, 12.6.1
Certified Asterisk 1.8.28-cert2, 11.6-cert7

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.diff Asterisk
1.8
http://downloads.asterisk.org/pub/security/AST-2014-011-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2014-011-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2014-011-1.8.28.diff Certified
Asterisk
1.8.28
http://downloads.asterisk.org/pub/security/AST-2014-011-11.6.diff Certified
Asterisk
11.6

Links https://issues.asterisk.org/jira/browse/ASTERISK-24425

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2014-011.pdf and
http://downloads.digium.com/pub/security/AST-2014-011.html

Revision History
Date Editor Revisions Made
October 19 Matt Jordan Initial Revision

21Ott/14Off

Rilasciate Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release)

Il giorno 20 ottobre 2014, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk Asterisk 1.8.28-cert2, 1.8.31.1, 11.6-cert7, 11.13.1, 12.6.1, 13.0.0-beta3 Now Available (Security Release).

Dal post originale:
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolves the following security vulnerability:

* AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability

Asterisk is susceptible to the POODLE vulnerability in two ways:
1) The res_jabber and res_xmpp module both use SSLv3 exclusively for their
encrypted connections.
2) The core TLS handling in Asterisk, which is used by the chan_sip channel
driver, Asterisk Manager Interface (AMI), and Asterisk HTTP Server, by
default allow a TLS connection to fallback to SSLv3. This allows for a
MITM to potentially force a connection to fallback to SSLv3, exposing it
to the POODLE vulnerability.

These issues have been resolved in the versions released in conjunction with
this security advisory.

For more information about the details of this vulnerability, please read
security advisory AST-2014-011, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert2
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert7
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.31.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.13.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.6.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.0-beta3

The security advisory is available at:

http://downloads.asterisk.org/pub/security/AST-2014-011.pdf