ASTERWEB Blog

5Feb/16Off

AST-2016-003: Remote crash vulnerability when receiving UDPTL FAX data

               Asterisk Project Security Advisory - AST-2016-003

Product Asterisk
Summary Remote crash vulnerability when receiving UDPTL FAX
data.
Nature of Advisory Denial of Service
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known Yes
Reported On December 2, 2015
Reported By Walter Dokes, Torrey Searle
Posted On February 3, 2016
Last Updated On February 3, 2016
Advisory Contact Richard Mudgett <rmudgett AT digium DOT com>
CVE Name Pending

Description If no UDPTL packets are lost there is no problem. However,
a lost packet causes Asterisk to use the available error
correcting redundancy packets. If those redundancy packets
have zero length then Asterisk uses an uninitialized buffer
pointer and length value which can cause invalid memory
accesses later when the packet is copied.

Resolution Upgrade to a released version with the fix incorporated or
apply patch.

Affected Versions
Product Release
Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Asterisk Open Source 13.x All versions
Certified Asterisk 1.8.28 All versions
Certified Asterisk 11.6 All versions
Certified Asterisk 13.1 All versions

Corrected In
Product Release
Asterisk Open Source 11.21.1, 13.7.1
Certified Asterisk 11.6-cert12, 13.1-cert3

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.28.diff Certified
Asterisk
1.8.28
http://downloads.asterisk.org/pub/security/AST-2016-003-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2016-003-13.1.diff Certified
Asterisk
13.1
http://downloads.asterisk.org/pub/security/AST-2016-003-1.8.diff Asterisk
1.8
http://downloads.asterisk.org/pub/security/AST-2016-003-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2016-003-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2016-003-13.diff Asterisk
13

Links https://issues.asterisk.org/jira/browse/ASTERISK-25603

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2016-003.pdf and
http://downloads.digium.com/pub/security/AST-2016-003.html

5Feb/16Off

AST-2016-002: File descriptor exhaustion in chan_sip

               Asterisk Project Security Advisory - AST-2016-002

Product Asterisk
Summary File descriptor exhaustion in chan_sip
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor
Exploits Known Yes
Reported On September 17, 2015
Reported By Alexander Traud
Posted On February 3, 2016
Last Updated On February 3, 2016
Advisory Contact Richard Mudgett <rmudgett AT digium DOT com>
CVE Name Pending

Description Setting the sip.conf timert1 value to a value higher than
1245 can cause an integer overflow and result in large
retransmit timeout times. These large timeout values hold
system file descriptors hostage and can cause the system to
run out of file descriptors.

Resolution Setting the sip.conf timert1 value to 1245 or lower will not
exhibit the vulnerability. The default timert1 value is 500.
Asterisk has been patched to detect the integer overflow and
calculate the previous retransmission timer value.

Affected Versions
Product Release
Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 11.x All versions
Asterisk Open Source 12.x All versions
Asterisk Open Source 13.x All versions
Certified Asterisk 1.8.28 All versions
Certified Asterisk 11.6 All versions
Certified Asterisk 13.1 All versions

Corrected In
Product Release
Asterisk Open Source 11.21.1, 13.7.1
Certified Asterisk 11.6-cert12, 13.1-cert3

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2016-002-1.8.28.diff Certified
Asterisk
1.8.28
http://downloads.asterisk.org/pub/security/AST-2016-002-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2016-002-13.1.diff Certified
Asterisk
13.1
http://downloads.asterisk.org/pub/security/AST-2016-002-1.8.diff Asterisk
1.8
http://downloads.asterisk.org/pub/security/AST-2016-002-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2016-002-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2016-002-13.diff Asterisk
13

Links https://issues.asterisk.org/jira/browse/ASTERISK-25397

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2016-002.pdf and
http://downloads.digium.com/pub/security/AST-2016-002.html

5Feb/16Off

AST-2016-001: BEAST vulnerability in HTTP server

               Asterisk Project Security Advisory - AST-2016-001

Product Asterisk
Summary BEAST vulnerability in HTTP server
Nature of Advisory Unauthorized data disclosure due to
man-in-the-middle attack
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known Yes
Reported On 04/15/15
Reported By Alex A. Welzl
Posted On 02/03/16
Last Updated On February 3, 2016
Advisory Contact Joshua Colp <jcolp AT digium DOT com>
CVE Name Pending

Description The Asterisk HTTP server currently has a default
configuration which allows the BEAST vulnerability to be
exploited if the TLS functionality is enabled. This can
allow a man-in-the-middle attack to decrypt data passing
through it.

Resolution Additional configuration options have been added to Asterisk
which allow configuration of the HTTP server to not be
susceptible to the BEAST vulnerability. These include
options to confirm the permitted ciphers, to control what
TLS protocols are allowed, and to use server cipher
preference order instead of client preference order. The
default configuration has also been changed for the HTTP
server to use a configuration which is not susceptible to
the BEAST vulnerability.

Affected Versions
Product Release
Series
Asterisk Open Source 1.8.x All Versions
Asterisk Open Source 11.x All Versions
Asterisk Open Source 12.x All Versions
Asterisk Open Source 13.x All Versions
Certified Asterisk 1.8.28 All Versions
Certified Asterisk 11.6 All Versions
Certified Asterisk 13.1 All Versions

Corrected In
Product Release
Asterisk Open Source 11.21.1, 13.7.1
Certified Asterisk 11.6-cert12, 13.1-cert3

Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2016-001-1.8.28.diff Certified
Asterisk
1.8.28
http://downloads.asterisk.org/pub/security/AST-2016-001-11.6.diff Certified
Asterisk
11.6
http://downloads.asterisk.org/pub/security/AST-2016-001-13.1.diff Certified
Asterisk
13.1
http://downloads.asterisk.org/pub/security/AST-2016-001-11.diff Asterisk
11
http://downloads.asterisk.org/pub/security/AST-2016-001-12.diff Asterisk
12
http://downloads.asterisk.org/pub/security/AST-2016-001-13.diff Asterisk
13

Links https://issues.asterisk.org/jira/browse/ASTERISK-24972

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2016-001.pdf and
http://downloads.digium.com/pub/security/AST-2016-001.html

5Feb/16Off

Rilasciati Asterisk 11.6-cert12, 11.21.1, 13.1-cert3, 13.7.1 (Security Release)

Il giorno 15 gennaio 2016, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.6-cert12, 11.21.1, 13.1-cert3, 13.7.1.

Dal post originale:

The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2016-001: BEAST vulnerability in HTTP server

The Asterisk HTTP server currently has a default configuration which allows
the BEAST vulnerability to be exploited if the TLS functionality is enabled.
This can allow a man-in-the-middle attack to decrypt data passing through it.

* AST-2016-002: File descriptor exhaustion in chan_sip

Setting the sip.conf timert1 value to a value higher than 1245 can cause an
integer overflow and result in large retransmit timeout times. These large
timeout values hold system file descriptors hostage and can cause the system
to run out of file descriptors.

* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.

If no UDPTL packets are lost there is no problem. However, a lost packet
causes Asterisk to use the available error correcting redundancy packets. If
those redundancy packets have zero length then Asterisk uses an uninitialized
buffer pointer and length value which can cause invalid memory accesses later
when the packet is copied.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-11.6-cert12
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.21.1
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-13.1-cert3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.7.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-003.pdf

21Gen/16Off

Sangoma presenta tre modelli di telefoni VoIP

sangoma_logo

Sangoma ha presentato tre modelli di telefoni VoIP che ha mio parere hanno una estetica molto simile a quella dei telefoni Yealink.

18Gen/16Off

Rilasciato Asterisk 13.7.0

Il giorno 15 gennaio 2016, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.7.0.

Dal post originale:

The release of Asterisk 13.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-25419 - Dialplan Application for Integration of StatsD
(Reported by Ashley Sanders)
* ASTERISK-25549 - Confbridge: Add participant timeout option
(Reported by Mark Michelson)
* ASTERISK-24922 - ARI: Add the ability to intercept hold and
raise an event (Reported by Matt Jordan)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-25689 - pjsip show contacts not working in Asterisk
13.7rc2 (Reported by Marcelo Terres)
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25664 - ast_format_cap_append_by_type leaks a reference
(Reported by Corey Farrell)
* ASTERISK-25601 - json: Audit reference usage and thread safety
(Reported by Joshua Colp)
* ASTERISK-25625 - res_sorcery_memory_cache: Add full backend
caching (Reported by Joshua Colp)
* ASTERISK-25615 - res_pjsip: Setting transport async_operations >
1 causes segfault on tls transports (Reported by George Joseph)
* ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
thread of asterisk is not released (Reported by Hiroaki Komatsu)
* ASTERISK-25619 - res_chan_stats not sending the correct
information to StatsD (Reported by Tyler Cambron)
* ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
Corey Farrell)
* ASTERISK-25609 - [patch]Asterisk may crash when calling
ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
* ASTERISK-24146 - [patch]No audio on WebRtc caller side when
answer waiting time is more than ~7sec (Reported by Aleksei
Kulakov)
* ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
(Reported by Alexander Traud)
* ASTERISK-25616 - Warning with a Codec Module which supports PLC
with FEC (Reported by Alexander Traud)
* ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
Dudás József)
* ASTERISK-25608 - res_pjsip/contacts/statsd: Lifecycle events
aren't consistent (Reported by George Joseph)
* ASTERISK-25584 - [patch] format-attribute module: VP8 missing
(Reported by Alexander Traud)
* ASTERISK-25583 - [patch] format-attribute module: RFC 7587 (Opus
Codec) (Reported by Alexander Traud)
* ASTERISK-25498 - Asterisk crashes when negotiating g729 without
that module installed (Reported by Ben Langfeld)
* ASTERISK-25595 - Unescaped : in messge sent to statsd (Reported
by Niklas Larsson)
* ASTERISK-25476 - chan_sip loses registrations after a while
(Reported by Michael Keuter)
* ASTERISK-25598 - res_pjsip: Contact status messages are
printing a hash instead of the uri (Reported by George Joseph)
* ASTERISK-25600 - bridging: Inconsistency in BRIDGEPEER (Reported
by Jonathan Rose)
* ASTERISK-25582 - Testsuite: Reactor timeout error in
tests/fax/pjsip/directmedia_reinvite_t38 (Reported by Matt
Jordan)
* ASTERISK-25593 - fastagi: record file closed after sending
result (Reported by Kevin Harwell)
* ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
it's assumed to (Reported by Walter Doekes)
* ASTERISK-25590 - CLI Usage info for 'pjsip send notify'
references incorrect config (Reported by Corey Farrell)
* ASTERISK-25165 - Testsuite - Sorcery memory cache leaks
(Reported by Corey Farrell)
* ASTERISK-25575 - res_pjsip: Dynamic outbound registrations
created via ARI are not loaded into memory on Asterisk
start/restart (Reported by Matt Jordan)
* ASTERISK-25545 - [patch] translation module gets cached not
joint format (Reported by Alexander Traud)
* ASTERISK-25573 - [patch] H.264 format attribute module: resets
whole SDP (Reported by Alexander Traud)
* ASTERISK-24958 - Forwarding loop detection inhibits certain
desirable scenarios (Reported by Mark Michelson)
* ASTERISK-25561 - app_queue.c line 6503 (try_calling): mutex
'qe->chan' freed more times than we've locked! (Reported by Alec
Davis)
* ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
Joshua Colp)
* ASTERISK-25160 - [patch] Opus Codec: SIP/SDP line fmtp missing
when called internally (Reported by Alexander Traud)
* ASTERISK-25535 - [patch] format creation on module load instead
of cache (Reported by Alexander Traud)
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25546 - threadpool: Race condition between idle timeout
and activation (Reported by Joshua Colp)
* ASTERISK-25537 - [patch] format-attribute module: RFC or
internal defaults? (Reported by Alexander Traud)
* ASTERISK-25533 - [patch] buffer for ast_format_cap_get_names
only 64 bytes (Reported by Alexander Traud)
* ASTERISK-25373 - add documentation for CALLERID(pres) and also
the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
Doekes)
* ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
Walter Doekes)
* ASTERISK-24779 - Passthrough OPUS codec not working with
chan_pjsip (Reported by PowerPBX)
* ASTERISK-25522 - ARI: Crash when creating channel via ARI
originate with requesting channel (Reported by Matt Jordan)
* ASTERISK-25434 - Compiler flags not reported in 'core show
settings' despite usage during compilation (Reported by Rusty
Newton)
* ASTERISK-24106 - WebSockets Automatically decides what driver it
will use (Reported by Andrew Nagy)
* ASTERISK-25513 - Crash: malloc failed with high load of
subscriptions. (Reported by John Bigelow)
* ASTERISK-25505 - res_pjsip_pubsub: Crash on off-nominal when UAS
dialog can't be created (Reported by Joshua Colp)
* ASTERISK-24543 - Asterisk 13 responds to SIP Invite with all
possible codecs configured for peer as opposed to intersection
of configured codecs and offered codecs (Reported by Taylor
Hawkes)
* ASTERISK-25494 - build: GCC 5.1.x catches some new const, array
bounds and missing paren issues (Reported by George Joseph)
* ASTERISK-25485 - res_pjsip_outbound_registration: registration
stops due to 400 response (Reported by Kevin Harwell)
* ASTERISK-25486 - res_pjsip: Fix deadlock when validating URIs
(Reported by Joshua Colp)
* ASTERISK-7803 - [patch] Update the maximum packetization values
in frame.c (Reported by dea)
* ASTERISK-25484 - [patch] autoframing=yes has no effect (Reported
by Alexander Traud)
* ASTERISK-25461 - Nested dialplan #includes don't work as
expected. (Reported by Richard Mudgett)
* ASTERISK-25455 - Deadlock of PJSIP realtime over
res_config_pgsql (Reported by mdu113)
* ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
(Reported by Olle Johansson)
* ASTERISK-25435 - Asterisk periodically hangs. UDP Recv-Q greatly
exceeds zero. (Reported by Dmitriy Serov)
* ASTERISK-25451 - Broken video - erased rtp marker bit (Reported
by Stefan Engström)
* ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
exist in AstDB (Reported by Andrew Nagy)
* ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
parsing (Reported by ffs)
* ASTERISK-25404 - segfault/crash in chan_pjsip_hangup ... at
chan_pjsip.c (Reported by Chet Stevens)
* ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
(Reported by Bojan Nemčić)
* ASTERISK-25441 - Deadlock in res_sorcery_memory_cache. (Reported
by Richard Mudgett)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)

Improvements made in this release:
-----------------------------------
* ASTERISK-25618 - res_pjsip: Check for readability of TLS files
at startup (Reported by George Joseph)
* ASTERISK-25572 - Endpoints: Add StatsD stats for Asterisk
endpoints (Reported by Matt Jordan)
* ASTERISK-25571 - PJSIP: Add StatsD stats for some common PJSIP
objects (Reported by Matt Jordan)
* ASTERISK-25518 - taskprocessor: Add high water mark (Reported by
Jonathan Rose)
* ASTERISK-25477 - pjsip show "command" like [criteria] (Reported
by Bryant Zimmerman)
* ASTERISK-24718 - [patch]Add inital support of "sanitize" to
configure (Reported by Badalian Vyacheslav)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0

18Gen/16Off

Rilasciato Asterisk 11.21.0

Il giorno 15 gennaio 2016, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.21.0.

Dal post originale:

The release of Asterisk 11.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
thread of asterisk is not released (Reported by Hiroaki Komatsu)
* ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
Corey Farrell)
* ASTERISK-25609 - [patch]Asterisk may crash when calling
ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
* ASTERISK-24146 - [patch]No audio on WebRtc caller side when
answer waiting time is more than ~7sec (Reported by Aleksei
Kulakov)
* ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
(Reported by Alexander Traud)
* ASTERISK-25616 - Warning with a Codec Module which supports PLC
with FEC (Reported by Alexander Traud)
* ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
Dudás József)
* ASTERISK-25498 - Asterisk crashes when negotiating g729 without
that module installed (Reported by Ben Langfeld)
* ASTERISK-25476 - chan_sip loses registrations after a while
(Reported by Michael Keuter)
* ASTERISK-25593 - fastagi: record file closed after sending
result (Reported by Kevin Harwell)
* ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
it's assumed to (Reported by Walter Doekes)
* ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
Joshua Colp)
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25537 - [patch] format-attribute module: RFC or
internal defaults? (Reported by Alexander Traud)
* ASTERISK-25373 - add documentation for CALLERID(pres) and also
the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
Doekes)
* ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
Walter Doekes)
* ASTERISK-25434 - Compiler flags not reported in 'core show
settings' despite usage during compilation (Reported by Rusty
Newton)
* ASTERISK-25494 - build: GCC 5.1.x catches some new const, array
bounds and missing paren issues (Reported by George Joseph)
* ASTERISK-7803 - [patch] Update the maximum packetization values
in frame.c (Reported by dea)
* ASTERISK-25461 - Nested dialplan #includes don't work as
expected. (Reported by Richard Mudgett)
* ASTERISK-25455 - Deadlock of PJSIP realtime over
res_config_pgsql (Reported by mdu113)
* ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
(Reported by Olle Johansson)
* ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
exist in AstDB (Reported by Andrew Nagy)
* ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
parsing (Reported by ffs)
* ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
(Reported by Bojan Nemčić)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)

Improvements made in this release:
-----------------------------------
* ASTERISK-24718 - [patch]Add inital support of "sanitize" to
configure (Reported by Badalian Vyacheslav)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0

20Dic/15Off

Kamailio lancia il nuovo logo

Kamailio lancia il nuovo logo, simile a quello utilizzato nel mondo Kamailio ma con un nuovo tipo di carattere che mostra più personalità e stile.

kamailio-logo-nuovo

19Dic/15Off

Rilasciato Asterisk 13.7.0-rc2

Il giorno 18 dicembre 2015, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.7.0-rc2.

Dal post originale:

Bug

[ASTERISK-25601] - json: Audit reference usage and thread safety
[ASTERISK-25625] - res_sorcery_memory_cache: Add full backend caching

Per la lista completa, questo il link al ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0-rc2

16Dic/15Off

Rilasciato Asterisk 13.7.0-rc1

Il giorno 15 dicembre 2015, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.7.0-rc1.

Dal post originale:

Bug

[ASTERISK-7803] - [patch] Update the maximum packetization values in frame.c
[ASTERISK-24106] - WebSockets Automatically decides what driver it will use
[ASTERISK-24146] - [patch]No audio on WebRtc caller side when answer waiting time is more than ~7sec
[ASTERISK-24543] - Asterisk 13 responds to SIP Invite with all possible codecs configured for peer as opposed to intersection of configured codecs and offered codecs
[ASTERISK-24779] - Passthrough OPUS codec not working with chan_pjsip
[ASTERISK-24958] - Forwarding loop detection inhibits certain desirable scenarios
[ASTERISK-25135] - [patch]RTP Timeout hangup cause code missing
[ASTERISK-25160] - [patch] Opus Codec: SIP/SDP line fmtp missing when called internally
[ASTERISK-25165] - Testsuite - Sorcery memory cache leaks
[ASTERISK-25364] - [patch]Issue a TCP connection(kernel) and thread of asterisk is not released
[ASTERISK-25373] - add documentation for CALLERID(pres) and also the CONNECTEDLINE and REDIRECTING variants
[ASTERISK-25391] - AMI GetConfigJSON returns invalid JSON
[ASTERISK-25400] - Hints broken when "CustomPresence" doesn't exist in AstDB
[ASTERISK-25404] - segfault/crash in chan_pjsip_hangup ... at chan_pjsip.c
[ASTERISK-25434] - Compiler flags not reported in 'core show settings' despite usage during compilation
[ASTERISK-25435] - Asterisk periodically hangs. UDP Recv-Q greatly exceeds zero.
[ASTERISK-25438] - res_rtp_asterisk: ICE role message even when ICE is not enabled
[ASTERISK-25441] - Deadlock in res_sorcery_memory_cache.
[ASTERISK-25443] - [patch]IPv6 - Potential issue in via header parsing
[ASTERISK-25449] - main/sched: Regression introduced by 5c713fdf18f causes erroneous duplicate RTCP messages; other potential scheduling issues in chan_sip/chan_skinny
[ASTERISK-25451] - Broken video - erased rtp marker bit
[ASTERISK-25455] - Deadlock of PJSIP realtime over res_config_pgsql
[ASTERISK-25461] - Nested dialplan #includes don't work as expected.
[ASTERISK-25476] - chan_sip loses registrations after a while
[ASTERISK-25484] - [patch] autoframing=yes has no effect
[ASTERISK-25485] - res_pjsip_outbound_registration: registration stops due to 400 response
[ASTERISK-25486] - res_pjsip: Fix deadlock when validating URIs
[ASTERISK-25494] - build: GCC 5.1.x catches some new const, array bounds and missing paren issues
[ASTERISK-25498] - Asterisk crashes when negotiating g729 without that module installed
[ASTERISK-25505] - res_pjsip_pubsub: Crash on off-nominal when UAS dialog can't be created
[ASTERISK-25513] - Crash: malloc failed with high load of subscriptions.
[ASTERISK-25522] - ARI: Crash when creating channel via ARI originate with requesting channel
[ASTERISK-25527] - Quirky xmldoc description wrapping
[ASTERISK-25533] - [patch] buffer for ast_format_cap_get_names only 64 bytes
[ASTERISK-25535] - [patch] format creation on module load instead of cache
[ASTERISK-25537] - [patch] format-attribute module: RFC or internal defaults?
[ASTERISK-25545] - [patch] translation module gets cached not joint format
[ASTERISK-25546] - threadpool: Race condition between idle timeout and activation
[ASTERISK-25552] - hashtab: Improve NULL tolerance
[ASTERISK-25561] - app_queue.c line 6503 (try_calling): mutex 'qe->chan' freed more times than we've locked!
[ASTERISK-25569] - app_meetme: Audio quality issues
[ASTERISK-25573] - [patch] H.264 format attribute module: resets whole SDP
[ASTERISK-25575] - res_pjsip: Dynamic outbound registrations created via ARI are not loaded into memory on Asterisk start/restart
[ASTERISK-25582] - Testsuite: Reactor timeout error in tests/fax/pjsip/directmedia_reinvite_t38
[ASTERISK-25583] - [patch] format-attribute module: RFC 7587 (Opus Codec)
[ASTERISK-25584] - [patch] format-attribute module: VP8 missing
[ASTERISK-25585] - [patch]rasterisk never hits most of main(), but it's assumed to
[ASTERISK-25590] - CLI Usage info for 'pjsip send notify' references incorrect config
[ASTERISK-25593] - fastagi: record file closed after sending result
[ASTERISK-25595] - Unescaped : in messge sent to statsd
[ASTERISK-25598] - res_pjsip: Contact status messages are printing a hash instead of the uri
[ASTERISK-25599] - [patch] SLIN Resampling Codec only 80 msec
[ASTERISK-25600] - bridging: Inconsistency in BRIDGEPEER
[ASTERISK-25608] - res_pjsip/contacts/statsd: Lifecycle events aren't consistent
[ASTERISK-25609] - [patch]Asterisk may crash when calling ast_channel_get_t38_state(c)
[ASTERISK-25610] - Asterisk crash during "sip reload"
[ASTERISK-25615] - res_pjsip: Setting transport async_operations > 1 causes segfault on tls transports
[ASTERISK-25616] - Warning with a Codec Module which supports PLC with FEC
[ASTERISK-25619] - res_chan_stats not sending the correct information to StatsD

Improvement

[ASTERISK-24718] - [patch]Add inital support of "sanitize" to configure
[ASTERISK-25477] - pjsip show "command" like [criteria] [ASTERISK-25518] - taskprocessor: Add high water mark
[ASTERISK-25571] - PJSIP: Add StatsD stats for some common PJSIP objects
[ASTERISK-25572] - Endpoints: Add StatsD stats for Asterisk endpoints
[ASTERISK-25618] - res_pjsip: Check for readability of TLS files at startup

New Feature

[ASTERISK-24922] - ARI: Add the ability to intercept hold and raise an event
[ASTERISK-25419] - Dialplan Application for Integration of StatsD
[ASTERISK-25549] - Confbridge: Add participant timeout option

Per la lista completa, questo il link al ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.7.0-rc1

16Dic/15Off

Rilasciato Asterisk 11.21.0-rc1

Il giorno 15 dicembre 2015, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 11.21.0-rc1.

Dal post originale:

Bug

[ASTERISK-7803] - [patch] Update the maximum packetization values in frame.c
[ASTERISK-24146] - [patch]No audio on WebRtc caller side when answer waiting time is more than ~7sec
[ASTERISK-25135] - [patch]RTP Timeout hangup cause code missing
[ASTERISK-25364] - [patch]Issue a TCP connection(kernel) and thread of asterisk is not released
[ASTERISK-25373] - add documentation for CALLERID(pres) and also the CONNECTEDLINE and REDIRECTING variants
[ASTERISK-25391] - AMI GetConfigJSON returns invalid JSON
[ASTERISK-25400] - Hints broken when "CustomPresence" doesn't exist in AstDB
[ASTERISK-25434] - Compiler flags not reported in 'core show settings' despite usage during compilation
[ASTERISK-25438] - res_rtp_asterisk: ICE role message even when ICE is not enabled
[ASTERISK-25443] - [patch]IPv6 - Potential issue in via header parsing
[ASTERISK-25449] - main/sched: Regression introduced by 5c713fdf18f causes erroneous duplicate RTCP messages; other potential scheduling issues in chan_sip/chan_skinny
[ASTERISK-25455] - Deadlock of PJSIP realtime over res_config_pgsql
[ASTERISK-25461] - Nested dialplan #includes don't work as expected.
[ASTERISK-25476] - chan_sip loses registrations after a while
[ASTERISK-25494] - build: GCC 5.1.x catches some new const, array bounds and missing paren issues
[ASTERISK-25498] - Asterisk crashes when negotiating g729 without that module installed
[ASTERISK-25527] - Quirky xmldoc description wrapping
[ASTERISK-25537] - [patch] format-attribute module: RFC or internal defaults?
[ASTERISK-25552] - hashtab: Improve NULL tolerance
[ASTERISK-25569] - app_meetme: Audio quality issues
[ASTERISK-25585] - [patch]rasterisk never hits most of main(), but it's assumed to
[ASTERISK-25593] - fastagi: record file closed after sending result
[ASTERISK-25599] - [patch] SLIN Resampling Codec only 80 msec
[ASTERISK-25609] - [patch]Asterisk may crash when calling ast_channel_get_t38_state(c)
[ASTERISK-25610] - Asterisk crash during "sip reload"
[ASTERISK-25616] - Warning with a Codec Module which supports PLC with FEC

Improvement

[ASTERISK-24718] - [patch]Add inital support of "sanitize" to configure

Per la lista completa, questo il link al ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0-rc1

12Dic/15Off

Foto di gruppo a fine “Corso Asterisk 13 Avanzato”

Ringraziamo tutti i partecipanti al corso.

corsisti_01

fateattenzione

9Dic/15Off

Bridges, T.38, and other good times

Matt Jordan, il 06 dicembre 2915, ha pubblicato un "lunghissimo" post con una accurata "discussione" circa il (non)funzionamento di fax/pjsip/directmedia_reinvite_t38

Questo il link del post:
https://www.mail-archive.com/asterisk-dev@lists.digium.com/msg42520.html

4Dic/15Off

Feedback sui ​​miglioramenti ODBC in Asterisk by Mark Michelson

Mark Michelson, il 30 novembre 2915, ha pubblicato una richiesta di un feedback sui ​​miglioramenti ODBC in Asterisk ed ha affrontato interessanti tematiche relative all'utilizzo del pjsip rispetto alle commessioni tramite ODBX.

Questo il link del post:
https://www.mail-archive.com/asterisk-dev@lists.digium.com/msg42512.html

12Nov/15Off

Rilasciato Asterisk 14.1.2

Il giorno 10 novembre 2016, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.1.2.

Dal post originale:

The release of Asterisk 14.1.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!

The following is the issue resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-26523 - chan_sip: Asterisk 13.12.1 disconnects incoming
calls after 2 minutes - rtptimeout behaving badly - regression
(Reported by Michael Keuter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.1.2