AST-2017-003: Crash in PJSIP multi-part body parser
Asterisk Project Security Advisory - AST-2017-003Product Asterisk
Summary Crash in PJSIP multi-part body parser
Nature of Advisory Remote Crash
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On 13 April, 2017
Reported By Sandro Gauci
Posted On
Last Updated On April 13, 2017
Advisory Contact Mark Michelson <mark DOT michelson AT digium DOT
com>
CVE NameDescription The multi-part body parser in PJSIP contains a logical
error that can make certain multi-part body parts attempt
to read memory from outside the allowed boundaries. A
specially-crafted packet can trigger these invalid reads
and potentially induce a crash.The issue is within the PJSIP project and not in Asterisk.
Therefore, the problem can be fixed without upgrading
Asterisk. However, we will be releasing a new version of
Asterisk where the bundled version of PJSIP has been
updated to have the bug patched.If you are using Asterisk with chan_sip, this issue does
not affect you.Resolution We have submitted the error report to the PJProject
maintainers and have coordinated a release...........Affected Versions
Product Release
Series
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Certified Asterisk 13.13 All versionsCorrected In
Product Release
Asterisk Open Source 13.15.1, 14.4.1
Certified Asterisk 13.13-cert4Patches
SVN URL RevisionLinks https://issues.asterisk.org/jira/browse/ASTERISK-26939
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-003.pdf and
http://downloads.digium.com/pub/security/AST-2017-003.htmlRevision History
Date Editor Revisions Made
13 April, 2017 Mark Michelson Initial advisory createdAsterisk Project Security Advisory - AST-2017-003
Copyright (c) 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
AST-2017-002: Buffer Overrun in PJSIP transaction layer
Asterisk Project Security Advisory - AST-2017-002Product Asterisk
Summary Buffer Overrun in PJSIP transaction layer
Nature of Advisory Buffer Overrun/Crash
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On 12 April, 2017
Reported By Sandro Gauci
Posted On
Last Updated On April 13, 2017
Advisory Contact Mark Michelson <mark DOT michelson AT digium DOT
com>
CVE NameDescription A remote crash can be triggered by sending a SIP packet to
Asterisk with a specially crafted CSeq header and a Via
header with no branch parameter. The issue is that the
PJSIP RFC 2543 transaction key generation algorithm does
not allocate a large enough buffer. By overrunning the
buffer, the memory allocation table becomes corrupted,
leading to an eventual crash.This issue is in PJSIP, and so the issue can be fixed
without performing an upgrade of Asterisk at all. However,
we are releasing a new version of Asterisk with the bundled
PJProject updated to include the fix.If you are running Asterisk with chan_sip, this issue does
not affect you.Resolution A patch created by the Asterisk team has been submitted and
accepted by the PJProject maintainers.Affected Versions
Product Release
Series
Asterisk Open Source 11.x Unaffected
Asterisk Open Source 13.x All versions
Asterisk Open Source 14.x All versions
Certified Asterisk 13.13 All versionsCorrected In
Product Release
Asterisk Open Source 13.15.1, 14.4.1
Certified Asterisk 13.13-cert4Patches
SVN URL RevisionLinks https://issues.asterisk.org/jira/browse/ASTERISK-26938
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/securityThis document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-002.pdf and
http://downloads.digium.com/pub/security/AST-2017-002.htmlRevision History
Date Editor Revisions Made
12 April, 2017 Mark Michelson Initial report createdAsterisk Project Security Advisory - AST-2017-002
Copyright (c) 2017 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Rilasciato Asterisk 13.16.0-rc2
Il giorno 24 maggio 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.16.0-rc2.
Dal post originale:
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-26982] -
chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable
(Reported by Stefan Engström)
[ASTERISK-26979] -
res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
(Reported by Javier Riveros )
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.16.0-rc2
Rilasciato Asterisk 14.5.0-rc2
Il giorno 24 maggio 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.5.0-rc2.
Dal post originale:
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-26982] -
chan_sip: rtcp_mux setting may cause ice completion failure/delay if client offers rtcp-mux as negotiable
(Reported by Stefan Engström)
[ASTERISK-26979] -
res_rtp_asterisk: SRTP unprotect failed with authentication failure 10 or 110
(Reported by Javier Riveros )
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.5.0-rc2
Rilasciato Asterisk 13.16.0-rc1
Il giorno 22 maggio 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.16.0-rc1.
Dal post originale:
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-25665] -
Duplicate logging in queue log for EXITEMPTY events
(Reported by Ove Aursand)
[ASTERISK-26998] -
res_pjsip_session: INVITE retransmissions could still setup the same call again.
(Reported by Richard Mudgett)
[ASTERISK-26143] -
res_rtp_asterisk: One way audio when transcoding
(Reported by Henning Holtschneider)
[ASTERISK-26606] -
tcptls: Incorrect OpenSSL function call leads to misleading error report
(Reported by Bob Ham)
[ASTERISK-26983] -
Crash in Manager Reload when TLS Config Changes
(Reported by Joshua Elson)
[ASTERISK-25032] -
[patch]cel_odbc sometimes inserts CEL with wrong eventtime
(Reported by Etienne Lessard)
[ASTERISK-26173] -
func_cdr: CDR function does not permit empty values to be assigned
(Reported by gkloepfer)
[ASTERISK-25506] -
[patch]CONFBRIDGE failure after an app_confbrige.so module reload results in segfault or error/warning messages.
(Reported by Frederic LE FOLL)
[ASTERISK-24529] -
Using AMI Action Bridge to on an already bridged channel causes the incorrect return priority to be used
(Reported by Corey Farrell)
[ASTERISK-26860] -
Upon RTCP reception, netsock2.c:210 ast_sockaddr_split_hostport: Port missing in (null)
(Reported by Evers Lab)
[ASTERISK-26922] -
chan_sip: tcpbind uses wrong source address
(Reported by Ksenia)
[ASTERISK-26974] -
res_pjsip: Deadlock in T.38 framehook
(Reported by Richard Mudgett)
[ASTERISK-26908] -
res_pjsip: The ChanIsAvail causes a res_pjsip session to be leaked.
(Reported by Richard Mudgett)
[ASTERISK-25823] -
SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.
(Reported by Andreas Krüger)
[ASTERISK-26951] -
chan_sip: ACK with SDP does not update a direct media bridge
(Reported by Jean Aunis - Prescom)
[ASTERISK-26930] -
pjproject/Makefile.rules for pjsip 2.6 build fails for non-SSE2 instrunction Linux
(Reported by abelbeck)
[ASTERISK-26926] -
func_speex: Crash caused by frame with no datalen
(Reported by Richard Kenner)
[ASTERISK-26929] -
pjsip: Add database tables for RLS
(Reported by Joshua Colp)
[ASTERISK-26953] -
Asterisk crash if hep.conf have some missing parameters
(Reported by Joel Vandal)
[ASTERISK-26890] -
STUN server with non-default-route transport causes INVITE delay
(Reported by George Joseph)
[ASTERISK-26692] -
res_rtp_asterisk: Crash in dtls_srtp_handle_timeout at res_rtp_asterisk (using chan_sip)
(Reported by scgm11)
[ASTERISK-26835] -
res_rtp_asterisk: Crash when freeing RTCP address string
(Reported by Niklas Larsson)
[ASTERISK-26853] -
res_rtp_asterisk: Crash in pjnath when receiving packet
(Reported by Adagio)
[ASTERISK-26613] -
format_wav: wav16 format read file only by 320 - half of frame
(Reported by Vitaly K)
[ASTERISK-26169] -
format_ogg_vorbis: Memory leak using OGG in MixMonitor
(Reported by Ivan Myalkin)
[ASTERISK-21856] -
STUN never works when asterisk started without internet access
(Reported by Jeremy Kister)
[ASTERISK-20984] -
Audible clicks when playing sox encoded au file with STREAM FILE AGI command
(Reported by Roman S.)
[ASTERISK-26851] -
res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport
(Reported by Richard Begg)
[ASTERISK-26903] -
Listening TCP/TLS sockets stop when temporarily out of open files
(Reported by Walter Doekes)
[ASTERISK-26528] -
[UBSAN] strings.h:signed integer overflow in ast_str_case_hash
(Reported by Badalian Vyacheslav)
[ASTERISK-26928] -
pjsip: Add database tables for PUBLISH support
(Reported by Joshua Colp)
[ASTERISK-26927] -
pjproject_bundled: Crash on pj_ssl_get_info() while ioqueue_on_read_complete().
(Reported by Alexander Traud)
[ASTERISK-26905] -
pjproject_bundled: Merge 3 upstream deadlock patches into bundled
(Reported by Ross Beer)
[ASTERISK-26897] -
chan_sip: Security vulnerability with client code header
(Reported by Alex Villacís Lasso)
[ASTERISK-25974] -
Unused realtime MOH classes not purged on 'moh reload'
(Reported by Sébastien Couture)
[ASTERISK-26916] -
res_pjsip: Excessive refcount reached on transport ao2 object
(Reported by Ross Beer)
[ASTERISK-21721] -
SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
[ASTERISK-26915] -
chan_sip: Session Timers required but refused wrongly.
(Reported by Alexander Traud)
[ASTERISK-26363] -
res_pjsip: Bye sent to sip trunk is not authenticated even after receiving a 407 error code
(Reported by Yaacov Akiba Slama)
[ASTERISK-26896] -
Overflow of buffer to PQEscapeStringConn with large app_args causes ABRT
(Reported by twisted)
[ASTERISK-26705] -
libasteriskssl.so not found when asterisk is installed for the 1st time
(Reported by George Joseph)
[ASTERISK-21009] -
xmpp_pubsub_unsubscribe: Could not create IQ when creating pubsub unsubscription on client
(Reported by Marcello Ceschia)
[ASTERISK-25490] -
[patch]SDP crypto tag is validated incorrectly
(Reported by Joerg Sonnenberger)
[ASTERISK-24712] -
xmpp: starttls problem causes connection spew
(Reported by Matthias Urlichs)
[ASTERISK-26086] -
res_musiconhold: format option is not documented adequately
(Reported by Jens Bürger)
[ASTERISK-23996] -
No core dumps because of res_musiconhold chdir.
(Reported by Walter Doekes)
[ASTERISK-26814] -
pjproject_bundled build fails to download pjproject source when using cURL
(Reported by Gergely Dömsödi)
[ASTERISK-23510] -
JABBER_STATUS fails with improper code 7 for unavailable clients
(Reported by Anthony Critelli)
[ASTERISK-21855] -
Asterisk crashes when XMPP message is sent (JabberSend) and no internet connection is available
(Reported by Jeremy Kister)
[ASTERISK-25622] -
WARNING for "JABBER: socket read error" should be more specific
(Reported by Sean Darcy)
[ASTERISK-26818] -
cdr: Problem setting variables in h exten
(Reported by scgm11)
[ASTERISK-26875] -
app_mixmonitor: Recording out of sync when 183 but no RTP
(Reported by Aaron An)
Improvements made in this release:
-----------------------------------
[ASTERISK-26088] -
Investigate heavy memory utilization by res_pjsip_pubsub
(Reported by Richard Mudgett)
[ASTERISK-26427] -
res_hep_rtcp: Asterisk Master will report channel name with res_hep_rtcp when using chan_sip
(Reported by Nir Simionovich (GreenfieldTech - Israel))
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.16.0-rc1
Rilasciato Asterisk 14.5.0-rc1
Il giorno 22 maggio 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.5.0-rc1.
Dal post originale:
The following issues are resolved in this release candidate:
Bugs fixed in this release:
-----------------------------------
[ASTERISK-25665] -
Duplicate logging in queue log for EXITEMPTY events
(Reported by Ove Aursand)
[ASTERISK-26998] -
res_pjsip_session: INVITE retransmissions could still setup the same call again.
(Reported by Richard Mudgett)
[ASTERISK-26143] -
res_rtp_asterisk: One way audio when transcoding
(Reported by Henning Holtschneider)
[ASTERISK-26606] -
tcptls: Incorrect OpenSSL function call leads to misleading error report
(Reported by Bob Ham)
[ASTERISK-26983] -
Crash in Manager Reload when TLS Config Changes
(Reported by Joshua Elson)
[ASTERISK-25032] -
[patch]cel_odbc sometimes inserts CEL with wrong eventtime
(Reported by Etienne Lessard)
[ASTERISK-26173] -
func_cdr: CDR function does not permit empty values to be assigned
(Reported by gkloepfer)
[ASTERISK-25506] -
[patch]CONFBRIDGE failure after an app_confbrige.so module reload results in segfault or error/warning messages.
(Reported by Frederic LE FOLL)
[ASTERISK-24529] -
Using AMI Action Bridge to on an already bridged channel causes the incorrect return priority to be used
(Reported by Corey Farrell)
[ASTERISK-26860] -
Upon RTCP reception, netsock2.c:210 ast_sockaddr_split_hostport: Port missing in (null)
(Reported by Evers Lab)
[ASTERISK-26922] -
chan_sip: tcpbind uses wrong source address
(Reported by Ksenia)
[ASTERISK-26974] -
res_pjsip: Deadlock in T.38 framehook
(Reported by Richard Mudgett)
[ASTERISK-26908] -
res_pjsip: The ChanIsAvail causes a res_pjsip session to be leaked.
(Reported by Richard Mudgett)
[ASTERISK-25823] -
SIGSEGV, Segmentation fault. - ../sysdeps/x86_64/strlen.S: No such file or directory.
(Reported by Andreas Krüger)
[ASTERISK-26951] -
chan_sip: ACK with SDP does not update a direct media bridge
(Reported by Jean Aunis - Prescom)
[ASTERISK-26930] -
pjproject/Makefile.rules for pjsip 2.6 build fails for non-SSE2 instrunction Linux
(Reported by abelbeck)
[ASTERISK-26926] -
func_speex: Crash caused by frame with no datalen
(Reported by Richard Kenner)
[ASTERISK-26929] -
pjsip: Add database tables for RLS
(Reported by Joshua Colp)
[ASTERISK-26953] -
Asterisk crash if hep.conf have some missing parameters
(Reported by Joel Vandal)
[ASTERISK-26890] -
STUN server with non-default-route transport causes INVITE delay
(Reported by George Joseph)
[ASTERISK-26692] -
res_rtp_asterisk: Crash in dtls_srtp_handle_timeout at res_rtp_asterisk (using chan_sip)
(Reported by scgm11)
[ASTERISK-26835] -
res_rtp_asterisk: Crash when freeing RTCP address string
(Reported by Niklas Larsson)
[ASTERISK-26853] -
res_rtp_asterisk: Crash in pjnath when receiving packet
(Reported by Adagio)
[ASTERISK-26613] -
format_wav: wav16 format read file only by 320 - half of frame
(Reported by Vitaly K)
[ASTERISK-26169] -
format_ogg_vorbis: Memory leak using OGG in MixMonitor
(Reported by Ivan Myalkin)
[ASTERISK-21856] -
STUN never works when asterisk started without internet access
(Reported by Jeremy Kister)
[ASTERISK-20984] -
Audible clicks when playing sox encoded au file with STREAM FILE AGI command
(Reported by Roman S.)
[ASTERISK-26851] -
res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport
(Reported by Richard Begg)
[ASTERISK-26903] -
Listening TCP/TLS sockets stop when temporarily out of open files
(Reported by Walter Doekes)
[ASTERISK-26528] -
[UBSAN] strings.h:signed integer overflow in ast_str_case_hash
(Reported by Badalian Vyacheslav)
[ASTERISK-26928] -
pjsip: Add database tables for PUBLISH support
(Reported by Joshua Colp)
[ASTERISK-26927] -
pjproject_bundled: Crash on pj_ssl_get_info() while ioqueue_on_read_complete().
(Reported by Alexander Traud)
[ASTERISK-26905] -
pjproject_bundled: Merge 3 upstream deadlock patches into bundled
(Reported by Ross Beer)
[ASTERISK-26897] -
chan_sip: Security vulnerability with client code header
(Reported by Alex Villacís Lasso)
[ASTERISK-25974] -
Unused realtime MOH classes not purged on 'moh reload'
(Reported by Sébastien Couture)
[ASTERISK-26916] -
res_pjsip: Excessive refcount reached on transport ao2 object
(Reported by Ross Beer)
[ASTERISK-21721] -
SIP Failed to parse multiple Supported: headers
(Reported by Olle Johansson)
[ASTERISK-26915] -
chan_sip: Session Timers required but refused wrongly.
(Reported by Alexander Traud)
[ASTERISK-26363] -
res_pjsip: Bye sent to sip trunk is not authenticated even after receiving a 407 error code
(Reported by Yaacov Akiba Slama)
[ASTERISK-26896] -
Overflow of buffer to PQEscapeStringConn with large app_args causes ABRT
(Reported by twisted)
[ASTERISK-26705] -
libasteriskssl.so not found when asterisk is installed for the 1st time
(Reported by George Joseph)
[ASTERISK-21009] -
xmpp_pubsub_unsubscribe: Could not create IQ when creating pubsub unsubscription on client
(Reported by Marcello Ceschia)
[ASTERISK-25490] -
[patch]SDP crypto tag is validated incorrectly
(Reported by Joerg Sonnenberger)
[ASTERISK-24712] -
xmpp: starttls problem causes connection spew
(Reported by Matthias Urlichs)
[ASTERISK-26086] -
res_musiconhold: format option is not documented adequately
(Reported by Jens Bürger)
[ASTERISK-23996] -
No core dumps because of res_musiconhold chdir.
(Reported by Walter Doekes)
[ASTERISK-26814] -
pjproject_bundled build fails to download pjproject source when using cURL
(Reported by Gergely Dömsödi)
[ASTERISK-23510] -
JABBER_STATUS fails with improper code 7 for unavailable clients
(Reported by Anthony Critelli)
[ASTERISK-21855] -
Asterisk crashes when XMPP message is sent (JabberSend) and no internet connection is available
(Reported by Jeremy Kister)
[ASTERISK-25622] -
WARNING for "JABBER: socket read error" should be more specific
(Reported by Sean Darcy)
[ASTERISK-26818] -
cdr: Problem setting variables in h exten
(Reported by scgm11)
[ASTERISK-26875] -
app_mixmonitor: Recording out of sync when 183 but no RTP
(Reported by Aaron An)
Improvements made in this release:
-----------------------------------
[ASTERISK-26088] -
Investigate heavy memory utilization by res_pjsip_pubsub
(Reported by Richard Mudgett)
[ASTERISK-26427] -
res_hep_rtcp: Asterisk Master will report channel name with res_hep_rtcp when using chan_sip
(Reported by Nir Simionovich (GreenfieldTech - Israel))
For a full list of changes in this release candidate, please see the ChangeLog:
ISSABEL, il fork di Elastix per mantenere le versioni 2.5 e 4
ISSABEL è stato creato da diverse società con l'intento di mantenere, aggiornare e supportare tutti gli utenti di Elastix 2.5. e 4.
Questo il link del progetto: ISSABEL
ISSABEL, il fork di Elastix per mantenere le versioni 2.5 e 4
OpenELX, il fork di Elastix per mantenere la versione 2.5
OpenELX è stato creato da diverse società con l'intento di mantenere, aggiornare e supportare tutti gli utenti di Elastix 2.5.
Questo il link del progetto: OpenELX
Rilasciato Asterisk 14.4.0
Il giorno 7 aprile 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.4.0.
Dal post originale:
The release of Asterisk 14.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
*Thank you!*
The following issues are resolved in this release:
*New Features made in this release:*
-----------------------------------
- [ASTERISK-26878
- func_channel: Add ability to get the callid so dialplan has access to it.
(Reported by Richard Mudgett)
- [ASTERISK-26863
- res_pjsip: Add endpoint identification scheme based on a configured SIP
header/value
(Reported by Matt Jordan)
- [ASTERISK-17428
- [patch] Allow "Comedian Mail" branding to be removed
(Reported by John Covert)
*Bugs fixed in this release:*
-----------------------------------
- [ASTERISK-26851
- res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport
(Reported by Richard Begg)
- [ASTERISK-26897
- chan_sip: Security vulnerability with client code header
(Reported by Alex Villacís Lasso)
- [ASTERISK-26916
- res_pjsip: Excessive refcount reached on transport ao2 object
(Reported by Ross Beer)
- [ASTERISK-26705
- libasteriskssl.so not found when asterisk is installed for the 1st time
(Reported by George Joseph)
- [ASTERISK-26850
- res_hep_pjsip: Asterisk insert wrong protocol name in "Protocol ID" field
in HEP packets
(Reported by Max Norba)
- [ASTERISK-26484
- res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from'
argument.
(Reported by Vinod Dharashive)
- [ASTERISK-26776
- res_pjsip_pubsub: Crash when generating xpidf content
(Reported by Andrew Green)
- [ASTERISK-26880
- Asterisk crashes when multiple speex users join confbridge with pp_vad
and dtx enabled
(Reported by Kirsty Tyerman)
- [ASTERISK-26862
- app_queue: Queue stops calling members with local interface after
forwarding in previous call
(Reported by Robert Mordec)
- [ASTERISK-26732
- res_rtp_asterisk: Implement RTCP Multiplexing - breaking WebRTC in Chrome
(Reported by Dan Jenkins)
- [ASTERISK-26879
- PJSIP external_media_address ignored if no local_net options are provided
(Reported by Matt Jordan)
- [ASTERISK-26867
- autochan: Locking in a function ast_autochan_destroy() on destroyed
channel (after masquerade).
(Reported by Krzysztof Trempala)
- [ASTERISK-26869
- res_pjsip_refer: blind call transfer w/o a user name doesn't go to the s
extension
(Reported by Torrey Searle)
- [ASTERISK-26668
- core: Malformed pattern matching extension (various factors) results in
crash
(Reported by xrobau)
- [ASTERISK-26865
- chan_iax2: Reload of iax peer results in loss of host address/port
(Reported by Richard Begg)
- [ASTERISK-26872
- Bundled pjproject fails to build when tarball downloaded with curl due to
md5 verification failure in Docker containers (or when there is no terminal)
(Reported by Matt Jordan)
- [ASTERISK-26717
- Document the fact that Asterisk HEP support only works with the PJSIP
channel driver
(Reported by Olivier Krief)
- [ASTERISK-26643
- Extra new line in Device field of DeviceStateChange AMI Event after
restart of Asterisk
(Reported by Roman Bedros)
- [ASTERISK-25237
- stasis_cache.c:845 caching_topic_exec: - misleading ERROR message
(Reported by Smirnov Aleksey)
- [ASTERISK-26857
- chan_pjsip: Dialplan function race condition
(Reported by Joshua Colp)
- [ASTERISK-26841
- chan_sip: Call not cancelled after receiving a 422 response
(Reported by Jean Aunis - Prescom)
- [ASTERISK-26822
- pjsip/cli_commands: pjsip show channelstats shows wrong codec
(Reported by Kevin Harwell)
- [ASTERISK-26353
- res_musiconhold: musiconhold seems to think that the general section is a
class and issues warning
(Reported by Jonathan Harris)
- [ASTERISK-26685
- res_pjsip: Crash when using IPv6 and Transport ws,wss
(Reported by Michael Balen)
- [ASTERISK-24562
- app_voicemail: Cannot set fromstring on a per-mailbox basis
(Reported by Mark Scholten)
- [ASTERISK-26598
- Saynumber is trying to get "and" from "digits/" subfolder
(Reported by Jonathan Harris)
- [ASTERISK-17067
- Long lines in call files cause spurious syntax error
(Reported by Dave Olszewski)
- [ASTERISK-26796
- res_pjsip_transport_websocket: Via header is 'WS' when it should be 'WSS'
(Reported by Jørgen H)
- [ASTERISK-25628
- res_config_pgsql: should match the behavior of other drivers so that
queue_log can disable adaptive logging
(Reported by Dmitry Wagin)
- [ASTERISK-26774
- core: Playback URL fails after some time
(Reported by Igor Gamayunov)
- [ASTERISK-26825
- pjsip.conf.sample: user_agent: still refers to branch 12
(Reported by Tzafrir Cohen)
- [ASTERISK-26823
- PJSIP: Persistent subscriptions can cause FRACKs if endpoint does not
exist
(Reported by Mark Michelson)
- [ASTERISK-26623
- res_pjsip: Crash when calling PJSIPShowEndpoint
(Reported by Jørgen H)
- [ASTERISK-26808
- res_pjsip_outbound_registration doesn't know about network change events
(Reported by George Joseph)
- [ASTERISK-26781
- bridge: Passing the 'p' (play tone) flag to Bridge() application results
in garbled audio
(Reported by Sean Bright)
- [ASTERISK-26782
- res_pjsip: URI requirement for fields is not consistently documented and
error does not provide indication
(Reported by Peter Sokolov)
- [ASTERISK-26812
- [patch] Fix download_externals To Allow The Use Of curl Or wget
(Reported by Michael L. Young)
- [ASTERISK-18271
- Pattern matching with res_config_mysql extensions does not behave as
expected
(Reported by Charlie Smurthwaite)
- [ASTERISK-26669
- PJSIP Segfault 13.13.1 (Bundled PJSIP)
(Reported by Nic Colledge)
- [ASTERISK-18731
- [patch] DUNDi weight parameter not processed correctly
(Reported by Peter Racz)
- [ASTERISK-26799
- res_pjsip: Using an auth object for inbound and outbound authentication
fails.
(Reported by Richard Mudgett)
- [ASTERISK-26738
- Frequent segfaults since activation of DNS SRV, in
pjsip_auth_clt_reinit_req at /pjsip/sip_auth_client.c, and
pj_atomic_inc_and_get at pj/os_core_unix.c
(Reported by Michael Maier)
- [ASTERISK-25893
- Function vmauthenticate accesses uninitialized memory
(Reported by Filip Jenicek)
- [ASTERISK-26580
- [patch] Error during LDAP modify action when user unregisters
(Reported by Nicholas John Koch)
- [ASTERISK-26802
- [patch] Integrity Check Of PJSIP Download Fails
(Reported by Michael L. Young)
- [ASTERISK-15858
- [patch] Fix query with double backslash in string literals and stop log
warnings
(Reported by Humberto Figuera)
- [ASTERISK-26057
- res_config_sqlite3 uses incorrect query - unnecessary escape
(Reported by Stepan)
- [ASTERISK-23457
- SQlite3: Realtime queue loading fails after PRAGMA query result
(Reported by Scott Griepentrog)
- [ASTERISK-26794
- http: Crash on Reload Only in ast_tcptls_server_start
(Reported by Joshua Elson)
- [ASTERISK-26714
- Phone default have not ringing on ARM
(Reported by Igor Goncharovsky)
- [ASTERISK-26696
- pjsip_pubsub: PJSIP Subscription Persistence in AstDB Does not update on
subscription refresh
(Reported by Zach R)
- [ASTERISK-26756
- res_pjsip_mwi: Asterisk does not terminate MWI subscription
(Reported by Carl Fortin)
- [ASTERISK-26109
- Asterisk fails building with OpenSSL 1.1.0
(Reported by Tzafrir Cohen)
- [ASTERISK-26723
- VoiceMailPlayMsg not playing messages via realtime
(Reported by Ryan Rittgarn)
- [ASTERISK-18286
- [patch] 'Silence' is truncated in Record()
(Reported by var)
- [ASTERISK-26248
- chan_pjsip: Error when calling PJSIP client with domain specified
(Reported by Norbert Varga)
- [ASTERISK-26788
- core: Protect flags during ast_waitfor
(Reported by Joshua Colp)
- [ASTERISK-26115
- pbx: AMI Originate ignore "failed" extension on call failure
(Reported by Nasir Iqbal)
- [ASTERISK-26785
- configs/samples: The 'identify' entry is in the wrong section in
sorcery.conf.sample
(Reported by Torrey Searle)
- [ASTERISK-26772
- Crash in srv.c on startup with pjsip
(Reported by nappsoft)
- [ASTERISK-26770
- res_stasis_device_state: Duplicate subscriptions when multiple received
at same time
(Reported by Joshua Colp)
*Improvements made in this release:*
-----------------------------------
- [ASTERISK-26864
- res_pjsip_session: Add support for overlap dialling
(Reported by Richard Begg)
- [ASTERISK-26846
- chan_sip: Add rtcp-mux support
(Reported by Sean Bright)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.4.0
Rilasciato Asterisk 13.15.0
Il giorno 7 aprile 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.15.0.
Dal post originale:
The release of Asterisk 13.15.0 resolves several issues reported by the community and would have not been possible without your participation.
*Thank you!*
The following issues are resolved in this release:
*New Features made in this release:*
-----------------------------------
- [ASTERISK-26878
- func_channel: Add ability to get the callid so dialplan has access to it.
(Reported by Richard Mudgett)
- [ASTERISK-26863
- res_pjsip: Add endpoint identification scheme based on a configured SIP
header/value
(Reported by Matt Jordan)
- [ASTERISK-17428
- [patch] Allow "Comedian Mail" branding to be removed
(Reported by John Covert)
*Bugs fixed in this release:*
-----------------------------------
- [ASTERISK-26851
- res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport
(Reported by Richard Begg)
- [ASTERISK-26897
- chan_sip: Security vulnerability with client code header
(Reported by Alex Villacís Lasso)
- [ASTERISK-26916
- res_pjsip: Excessive refcount reached on transport ao2 object
(Reported by Ross Beer)
- [ASTERISK-26705
- libasteriskssl.so not found when asterisk is installed for the 1st time
(Reported by George Joseph)
- [ASTERISK-26850
- res_hep_pjsip: Asterisk insert wrong protocol name in "Protocol ID" field
in HEP packets
(Reported by Max Norba)
- [ASTERISK-26484
- res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from'
argument.
(Reported by Vinod Dharashive)
- [ASTERISK-26776
- res_pjsip_pubsub: Crash when generating xpidf content
(Reported by Andrew Green)
- [ASTERISK-26880
- Asterisk crashes when multiple speex users join confbridge with pp_vad
and dtx enabled
(Reported by Kirsty Tyerman)
- [ASTERISK-26862
- app_queue: Queue stops calling members with local interface after
forwarding in previous call
(Reported by Robert Mordec)
- [ASTERISK-26732
- res_rtp_asterisk: Implement RTCP Multiplexing - breaking WebRTC in Chrome
(Reported by Dan Jenkins)
- [ASTERISK-26879
- PJSIP external_media_address ignored if no local_net options are provided
(Reported by Matt Jordan)
- [ASTERISK-26867
- autochan: Locking in a function ast_autochan_destroy() on destroyed
channel (after masquerade).
(Reported by Krzysztof Trempala)
- [ASTERISK-26869
- res_pjsip_refer: blind call transfer w/o a user name doesn't go to the s
extension
(Reported by Torrey Searle)
- [ASTERISK-26668
- core: Malformed pattern matching extension (various factors) results in
crash
(Reported by xrobau)
- [ASTERISK-26865
- chan_iax2: Reload of iax peer results in loss of host address/port
(Reported by Richard Begg)
- [ASTERISK-26872
- Bundled pjproject fails to build when tarball downloaded with curl due to
md5 verification failure in Docker containers (or when there is no terminal)
(Reported by Matt Jordan)
- [ASTERISK-26717
- Document the fact that Asterisk HEP support only works with the PJSIP
channel driver
(Reported by Olivier Krief)
- [ASTERISK-26643
- Extra new line in Device field of DeviceStateChange AMI Event after
restart of Asterisk
(Reported by Roman Bedros)
- [ASTERISK-25237
- stasis_cache.c:845 caching_topic_exec: - misleading ERROR message
(Reported by Smirnov Aleksey)
- [ASTERISK-26857
- chan_pjsip: Dialplan function race condition
(Reported by Joshua Colp)
- [ASTERISK-26841
- chan_sip: Call not cancelled after receiving a 422 response
(Reported by Jean Aunis - Prescom)
- [ASTERISK-26822
- pjsip/cli_commands: pjsip show channelstats shows wrong codec
(Reported by Kevin Harwell)
- [ASTERISK-26685
- res_pjsip: Crash when using IPv6 and Transport ws,wss
(Reported by Michael Balen)
- [ASTERISK-24562
- app_voicemail: Cannot set fromstring on a per-mailbox basis
(Reported by Mark Scholten)
- [ASTERISK-26598
- Saynumber is trying to get "and" from "digits/" subfolder
(Reported by Jonathan Harris)
- [ASTERISK-17067
- Long lines in call files cause spurious syntax error
(Reported by Dave Olszewski)
- [ASTERISK-26796
- res_pjsip_transport_websocket: Via header is 'WS' when it should be 'WSS'
(Reported by Jørgen H)
- [ASTERISK-25628
- res_config_pgsql: should match the behavior of other drivers so that
queue_log can disable adaptive logging
(Reported by Dmitry Wagin)
- [ASTERISK-26825
- pjsip.conf.sample: user_agent: still refers to branch 12
(Reported by Tzafrir Cohen)
- [ASTERISK-26823
- PJSIP: Persistent subscriptions can cause FRACKs if endpoint does not
exist
(Reported by Mark Michelson)
- [ASTERISK-26623
- res_pjsip: Crash when calling PJSIPShowEndpoint
(Reported by Jørgen H)
- [ASTERISK-26808
- res_pjsip_outbound_registration doesn't know about network change events
(Reported by George Joseph)
- [ASTERISK-26313
- chan_sip : Asterisk restart seems to be required for changing encryption
option
(Reported by benasse)
- [ASTERISK-26781
- bridge: Passing the 'p' (play tone) flag to Bridge() application results
in garbled audio
(Reported by Sean Bright)
- [ASTERISK-26782
- res_pjsip: URI requirement for fields is not consistently documented and
error does not provide indication
(Reported by Peter Sokolov)
- [ASTERISK-26812
- [patch] Fix download_externals To Allow The Use Of curl Or wget
(Reported by Michael L. Young)
- [ASTERISK-18271
- Pattern matching with res_config_mysql extensions does not behave as
expected
(Reported by Charlie Smurthwaite)
- [ASTERISK-26669
- PJSIP Segfault 13.13.1 (Bundled PJSIP)
(Reported by Nic Colledge)
- [ASTERISK-18731
- [patch] DUNDi weight parameter not processed correctly
(Reported by Peter Racz)
- [ASTERISK-26580
- [patch] Error during LDAP modify action when user unregisters
(Reported by Nicholas John Koch)
- [ASTERISK-26799
- res_pjsip: Using an auth object for inbound and outbound authentication
fails.
(Reported by Richard Mudgett)
- [ASTERISK-26738
- Frequent segfaults since activation of DNS SRV, in
pjsip_auth_clt_reinit_req at /pjsip/sip_auth_client.c, and
pj_atomic_inc_and_get at pj/os_core_unix.c
(Reported by Michael Maier)
- [ASTERISK-25893
- Function vmauthenticate accesses uninitialized memory
(Reported by Filip Jenicek)
- [ASTERISK-26802
- [patch] Integrity Check Of PJSIP Download Fails
(Reported by Michael L. Young)
- [ASTERISK-15858
- [patch] Fix query with double backslash in string literals and stop log
warnings
(Reported by Humberto Figuera)
- [ASTERISK-26057
- res_config_sqlite3 uses incorrect query - unnecessary escape
(Reported by Stepan)
- [ASTERISK-23457
- SQlite3: Realtime queue loading fails after PRAGMA query result
(Reported by Scott Griepentrog)
- [ASTERISK-26794
- http: Crash on Reload Only in ast_tcptls_server_start
(Reported by Joshua Elson)
- [ASTERISK-26714
- Phone default have not ringing on ARM
(Reported by Igor Goncharovsky)
- [ASTERISK-26696
- pjsip_pubsub: PJSIP Subscription Persistence in AstDB Does not update on
subscription refresh
(Reported by Zach R)
- [ASTERISK-26756
- res_pjsip_mwi: Asterisk does not terminate MWI subscription
(Reported by Carl Fortin)
- [ASTERISK-26109
- Asterisk fails building with OpenSSL 1.1.0
(Reported by Tzafrir Cohen)
- [ASTERISK-26723
- VoiceMailPlayMsg not playing messages via realtime
(Reported by Ryan Rittgarn)
- [ASTERISK-18286
- [patch] 'Silence' is truncated in Record()
(Reported by var)
- [ASTERISK-26248
- chan_pjsip: Error when calling PJSIP client with domain specified
(Reported by Norbert Varga)
- [ASTERISK-26788
- core: Protect flags during ast_waitfor
(Reported by Joshua Colp)
- [ASTERISK-26115
- pbx: AMI Originate ignore "failed" extension on call failure
(Reported by Nasir Iqbal)
- [ASTERISK-26785
- configs/samples: The 'identify' entry is in the wrong section in
sorcery.conf.sample
(Reported by Torrey Searle)
- [ASTERISK-26772
- Crash in srv.c on startup with pjsip
(Reported by nappsoft)
- [ASTERISK-26770
- res_stasis_device_state: Duplicate subscriptions when multiple received
at same time
(Reported by Joshua Colp)
*Improvements made in this release:*
-----------------------------------
- [ASTERISK-26864
- res_pjsip_session: Add support for overlap dialling
(Reported by Richard Begg)
- [ASTERISK-26846
- chan_sip: Add rtcp-mux support
(Reported by Sean Bright)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.15.0
AST-2017-001: Buffer overflow in CDR’s set user
Asterisk Project Security Advisory - AST-2017-001 Product Asterisk Summary Buffer overflow in CDR's set user Nature of Advisory Buffer Overflow Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On March 27, 2017 Reported By Alex Villacis Lasso Posted On Last Updated On April 4, 2017 Advisory Contact kharwell AT digium DOT com CVE Name Description No size checking is done when setting the user field on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. This allows the possibility of remote code injection. This currently affects any system using CDR's that also make use of the following: * The 'X-ClientCode' header within a SIP INFO message when using chan_sip and the 'useclientcode' option is enabled (note, it's disabled by default). * The CDR dialplan function executed from AMI when setting the user field. * The AMI Monitor action when using a long file name/path. Resolution The CDR engine now only copies up to the maximum allowed characters into the user field. Any characters outside the maximum are truncated. Affected Versions Product Release Series Asterisk Open Source 13.x All Releases Asterisk Open Source 14.x All Releases Certified Asterisk 13.13 All Releases Corrected In Product Release Asterisk Open Source 13.14.1,14.3.1 Certified Asterisk 13.13-cert3 Patches SVN URL Revision http://downloads.asterisk.org/pub/security/AST-2017-001-13.diff Asterisk 13 http://downloads.asterisk.org/pub/security/AST-2017-001-14.diff Asterisk 14 http://downloads.asterisk.org/pub/security/AST-2017-001-13.13.diff Certified Asterisk 13.13 Links https://issues.asterisk.org/jira/browse/ASTERISK-26897 Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2017-001.pdf and http://downloads.digium.com/pub/security/AST-2017-001.html Revision History Date Editor Revisions Made March, 27, 2017 Kevin Harwell Initial Revision Asterisk Project Security Advisory - AST-2017-001 Copyright © 2017 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Rilasciato Asterisk 14.4.0-rc1
Il giorno 23 marzo 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 14.4.0-rc1.
Dal post originale:
The release of Asterisk 14.4.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-26878 - func_channel: Add ability to get the callid so dialplan has access to it. (Reported by Richard Mudgett)
* ASTERISK-26863 - res_pjsip: Add endpoint identification scheme based on a configured SIP header/value (Reported by Matt Jordan)
* ASTERISK-17428 - [patch] Allow "Comedian Mail" branding to be removed (Reported by John Covert)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26850 - res_hep_pjsip: Asterisk insert wrong protocol name in "Protocol ID" field in HEP packets (Reported by Max Norba)
* ASTERISK-26484 - res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument. (Reported by Vinod Dharashive)
* ASTERISK-26776 - res_pjsip_pubsub: Crash when generating xpidf content (Reported by Andrew Green)
* ASTERISK-26880 - Asterisk crashes when multiple speex users join confbridge with pp_vad and dtx enabled (Reported by Kirsty Tyerman)
* ASTERISK-26862 - app_queue: Queue stops calling members with local interface after forwarding in previous call (Reported by Robert Mordec)
* ASTERISK-26732 - res_rtp_asterisk: Implement RTCP Multiplexing - breaking WebRTC in Chrome (Reported by Dan Jenkins)
* ASTERISK-26879 - PJSIP external_media_address ignored if no local_net options are provided (Reported by Matt Jordan)
* ASTERISK-26851 - res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport (Reported by Richard Begg)
* ASTERISK-26867 - autochan: Locking in a function ast_autochan_destroy() on destroyed channel (after masquerade). (Reported by Krzysztof Trempala)
* ASTERISK-26869 - res_pjsip_refer: blind call transfer w/o a user name doesn't go to the s extension (Reported by Torrey Searle)
* ASTERISK-26668 - core: Malformed pattern matching extension (various factors) results in crash (Reported by xrobau)
* ASTERISK-26865 - chan_iax2: Reload of iax peer results in loss of host address/port (Reported by Richard Begg)
* ASTERISK-26872 - Bundled pjproject fails to build when tarball downloaded with curl due to md5 verification failure in Docker containers (or when there is no terminal) (Reported by Matt Jordan)
* ASTERISK-26717 - Document the fact that Asterisk HEP support only works with the PJSIP channel driver (Reported by Olivier Krief)
* ASTERISK-26643 - Extra new line in Device field of DeviceStateChange AMI Event after restart of Asterisk (Reported by Roman Bedros)
* ASTERISK-25237 - stasis_cache.c:845 caching_topic_exec: - misleading ERROR message (Reported by Smirnov Aleksey)
* ASTERISK-26857 - chan_pjsip: Dialplan function race condition (Reported by Joshua Colp)
* ASTERISK-26841 - chan_sip: Call not cancelled after receiving a 422 response (Reported by Jean Aunis - Prescom)
* ASTERISK-26822 - pjsip/cli_commands: pjsip show channelstats shows wrong codec (Reported by Kevin Harwell)
* ASTERISK-26353 - res_musiconhold: musiconhold seems to think that the general section is a class and issues warning (Reported by Jonathan Harris)
* ASTERISK-26685 - res_pjsip: Crash when using IPv6 and Transport ws,wss (Reported by Michael Balen)
* ASTERISK-24562 - app_voicemail: Cannot set fromstring on a per-mailbox basis (Reported by Mark Scholten)
* ASTERISK-26598 - Saynumber is trying to get "and" from "digits/" subfolder (Reported by Jonathan Harris)
* ASTERISK-17067 - Long lines in call files cause spurious syntax error (Reported by Dave Olszewski)
* ASTERISK-26796 - res_pjsip_transport_websocket: Via header is 'WS' when it should be 'WSS' (Reported by Jørgen H)
* ASTERISK-25628 - res_config_pgsql: should match the behavior of other drivers so that queue_log can disable adaptive logging (Reported by Dmitry Wagin)
* ASTERISK-26774 - core: Playback URL fails after some time (Reported by Igor Gamayunov)
* ASTERISK-26825 - pjsip.conf.sample: user_agent: still refers to branch 12 (Reported by Tzafrir Cohen)
* ASTERISK-26823 - PJSIP: Persistent subscriptions can cause FRACKs if endpoint does not exist (Reported by Mark Michelson)
* ASTERISK-26623 - res_pjsip: Crash when calling PJSIPShowEndpoint (Reported by Jørgen H)
* ASTERISK-26808 - res_pjsip_outbound_registration doesn't know about network change events (Reported by George Joseph)
* ASTERISK-26705 - libasteriskssl.so not found when asterisk is installed for the 1st time (Reported by George Joseph)
* ASTERISK-26781 - bridge: Passing the 'p' (play tone) flag to Bridge() application results in garbled audio (Reported by Sean Bright)
* ASTERISK-26782 - res_pjsip: URI requirement for fields is not consistently documented and error does not provide indication (Reported by Peter Sokolov)
* ASTERISK-26812 - [patch] Fix download_externals To Allow The Use Of curl Or wget (Reported by Michael L. Young)
* ASTERISK-18271 - Pattern matching with res_config_mysql extensions does not behave as expected (Reported by Charlie Smurthwaite)
* ASTERISK-26669 - PJSIP Segfault 13.13.1 (Bundled PJSIP) (Reported by Nic Colledge)
* ASTERISK-18731 - [patch] DUNDi weight parameter not processed correctly (Reported by Peter Racz)
* ASTERISK-26799 - res_pjsip: Using an auth object for inbound and outbound authentication fails. (Reported by Richard Mudgett)
* ASTERISK-26738 - Frequent segfaults since activation of DNS SRV, in pjsip_auth_clt_reinit_req at /pjsip/sip_auth_client.c, and pj_atomic_inc_and_get at pj/os_core_unix.c (Reported by Michael Maier)
* ASTERISK-25893 - Function vmauthenticate accesses uninitialized memory (Reported by Filip Jenicek)
* ASTERISK-26580 - [patch] Error during LDAP modify action when user unregisters (Reported by Nicholas John Koch)
* ASTERISK-26802 - [patch] Integrity Check Of PJSIP Download Fails (Reported by Michael L. Young)
* ASTERISK-15858 - [patch] Fix query with double backslash in string literals and stop log warnings (Reported by Humberto Figuera)
* ASTERISK-26057 - res_config_sqlite3 uses incorrect query - unnecessary escape (Reported by Stepan)
* ASTERISK-23457 - SQlite3: Realtime queue loading fails after PRAGMA query result (Reported by Scott Griepentrog)
* ASTERISK-26794 - http: Crash on Reload Only in ast_tcptls_server_start (Reported by Joshua Elson)
* ASTERISK-26714 - Phone default have not ringing on ARM (Reported by Igor Goncharovsky)
* ASTERISK-26696 - pjsip_pubsub: PJSIP Subscription Persistence in AstDB Does not update on subscription refresh (Reported by Zach R)
* ASTERISK-26756 - res_pjsip_mwi: Asterisk does not terminate MWI subscription (Reported by Carl Fortin)
* ASTERISK-26109 - Asterisk fails building with OpenSSL 1.1.0 (Reported by Tzafrir Cohen)
* ASTERISK-26723 - VoiceMailPlayMsg not playing messages via realtime (Reported by Ryan Rittgarn)
* ASTERISK-18286 - [patch] 'Silence' is truncated in Record() (Reported by var)
* ASTERISK-26248 - chan_pjsip: Error when calling PJSIP client with domain specified (Reported by Norbert Varga)
* ASTERISK-26788 - core: Protect flags during ast_waitfor (Reported by Joshua Colp)
* ASTERISK-26115 - pbx: AMI Originate ignore "failed" extension on call failure (Reported by Nasir Iqbal)
* ASTERISK-26785 - configs/samples: The 'identify' entry is in the wrong section in sorcery.conf.sample (Reported by Torrey Searle)
* ASTERISK-26772 - Crash in srv.c on startup with pjsip (Reported by nappsoft)
* ASTERISK-26770 - res_stasis_device_state: Duplicate subscriptions when multiple received at same time (Reported by Joshua Colp)
Improvements made in this release:
-----------------------------------
* ASTERISK-26864 - res_pjsip_session: Add support for overlap dialling (Reported by Richard Begg)
* ASTERISK-26846 - chan_sip: Add rtcp-mux support (Reported by Sean Bright)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-14.4.0-rc1
Rilasciato Asterisk 13.15.0-rc1
Il giorno 23 marzo 2017, il Team di Sviluppo di Asterisk ha annunciato il rilascio di Asterisk 13.15.0-rc1.
Dal post originale:
he release of Asterisk 13.15.0-rc1 resolves several issues reported by the community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-26878 - func_channel: Add ability to get the callid so dialplan has access to it. (Reported by Richard Mudgett)
* ASTERISK-26863 - res_pjsip: Add endpoint identification scheme based on a configured SIP header/value (Reported by Matt Jordan)
* ASTERISK-17428 - [patch] Allow "Comedian Mail" branding to be removed (Reported by John Covert)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26850 - res_hep_pjsip: Asterisk insert wrong protocol name in "Protocol ID" field in HEP packets (Reported by Max Norba)
* ASTERISK-26484 - res_pjsip_messaging: Crash when using invalid URI in MessageSend 'from' argument. (Reported by Vinod Dharashive)
* ASTERISK-26776 - res_pjsip_pubsub: Crash when generating xpidf content (Reported by Andrew Green)
* ASTERISK-26880 - Asterisk crashes when multiple speex users join confbridge with pp_vad and dtx enabled (Reported by Kirsty Tyerman)
* ASTERISK-26862 - app_queue: Queue stops calling members with local interface after forwarding in previous call (Reported by Robert Mordec)
* ASTERISK-26732 - res_rtp_asterisk: Implement RTCP Multiplexing - breaking WebRTC in Chrome (Reported by Dan Jenkins)
* ASTERISK-26879 - PJSIP external_media_address ignored if no local_net options are provided (Reported by Matt Jordan)
* ASTERISK-26851 - res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport (Reported by Richard Begg)
* ASTERISK-26867 - autochan: Locking in a function ast_autochan_destroy() on destroyed channel (after masquerade). (Reported by Krzysztof Trempala)
* ASTERISK-26869 - res_pjsip_refer: blind call transfer w/o a user name doesn't go to the s extension (Reported by Torrey Searle)
* ASTERISK-26668 - core: Malformed pattern matching extension (various factors) results in crash (Reported by xrobau)
* ASTERISK-26865 - chan_iax2: Reload of iax peer results in loss of host address/port (Reported by Richard Begg)
* ASTERISK-26872 - Bundled pjproject fails to build when tarball downloaded with curl due to md5 verification failure in Docker containers (or when there is no terminal) (Reported by Matt Jordan)
* ASTERISK-26717 - Document the fact that Asterisk HEP support only works with the PJSIP channel driver (Reported by Olivier Krief)
* ASTERISK-26643 - Extra new line in Device field of DeviceStateChange AMI Event after restart of Asterisk (Reported by Roman Bedros)
* ASTERISK-25237 - stasis_cache.c:845 caching_topic_exec: - misleading ERROR message (Reported by Smirnov Aleksey)
* ASTERISK-26857 - chan_pjsip: Dialplan function race condition (Reported by Joshua Colp)
* ASTERISK-26841 - chan_sip: Call not cancelled after receiving a 422 response (Reported by Jean Aunis - Prescom)
* ASTERISK-26822 - pjsip/cli_commands: pjsip show channelstats shows wrong codec (Reported by Kevin Harwell)
* ASTERISK-26685 - res_pjsip: Crash when using IPv6 and Transport ws,wss (Reported by Michael Balen)
* ASTERISK-24562 - app_voicemail: Cannot set fromstring on a per-mailbox basis (Reported by Mark Scholten)
* ASTERISK-26598 - Saynumber is trying to get "and" from "digits/" subfolder (Reported by Jonathan Harris)
* ASTERISK-17067 - Long lines in call files cause spurious syntax error (Reported by Dave Olszewski)
* ASTERISK-26796 - res_pjsip_transport_websocket: Via header is 'WS' when it should be 'WSS' (Reported by Jørgen H)
* ASTERISK-25628 - res_config_pgsql: should match the behavior of other drivers so that queue_log can disable adaptive logging (Reported by Dmitry Wagin)
* ASTERISK-26825 - pjsip.conf.sample: user_agent: still refers to branch 12 (Reported by Tzafrir Cohen)
* ASTERISK-26823 - PJSIP: Persistent subscriptions can cause FRACKs if endpoint does not exist (Reported by Mark Michelson)
* ASTERISK-26623 - res_pjsip: Crash when calling PJSIPShowEndpoint (Reported by Jørgen H)
* ASTERISK-26808 - res_pjsip_outbound_registration doesn't know about network change events (Reported by George Joseph)
* ASTERISK-26313 - chan_sip : Asterisk restart seems to be required for changing encryption option (Reported by benasse)
* ASTERISK-26705 - libasteriskssl.so not found when asterisk is installed for the 1st time (Reported by George Joseph)
* ASTERISK-26781 - bridge: Passing the 'p' (play tone) flag to Bridge() application results in garbled audio (Reported by Sean Bright)
* ASTERISK-26782 - res_pjsip: URI requirement for fields is not consistently documented and error does not provide indication (Reported by Peter Sokolov)
* ASTERISK-26812 - [patch] Fix download_externals To Allow The Use Of curl Or wget (Reported by Michael L. Young)
* ASTERISK-18271 - Pattern matching with res_config_mysql extensions does not behave as expected (Reported by Charlie Smurthwaite)
* ASTERISK-26669 - PJSIP Segfault 13.13.1 (Bundled PJSIP) (Reported by Nic Colledge)
* ASTERISK-18731 - [patch] DUNDi weight parameter not processed correctly (Reported by Peter Racz)
* ASTERISK-26580 - [patch] Error during LDAP modify action when user unregisters (Reported by Nicholas John Koch)
* ASTERISK-26799 - res_pjsip: Using an auth object for inbound and outbound authentication fails. (Reported by Richard Mudgett)
* ASTERISK-26738 - Frequent segfaults since activation of DNS SRV, in pjsip_auth_clt_reinit_req at /pjsip/sip_auth_client.c, and pj_atomic_inc_and_get at pj/os_core_unix.c (Reported by Michael Maier)
* ASTERISK-25893 - Function vmauthenticate accesses uninitialized memory (Reported by Filip Jenicek)
* ASTERISK-26802 - [patch] Integrity Check Of PJSIP Download Fails (Reported by Michael L. Young)
* ASTERISK-15858 - [patch] Fix query with double backslash in string literals and stop log warnings (Reported by Humberto Figuera)
* ASTERISK-26057 - res_config_sqlite3 uses incorrect query - unnecessary escape (Reported by Stepan)
* ASTERISK-23457 - SQlite3: Realtime queue loading fails after PRAGMA query result (Reported by Scott Griepentrog)
* ASTERISK-26794 - http: Crash on Reload Only in ast_tcptls_server_start (Reported by Joshua Elson)
* ASTERISK-26714 - Phone default have not ringing on ARM (Reported by Igor Goncharovsky)
* ASTERISK-26696 - pjsip_pubsub: PJSIP Subscription Persistence in AstDB Does not update on subscription refresh (Reported by Zach R)
* ASTERISK-26756 - res_pjsip_mwi: Asterisk does not terminate MWI subscription (Reported by Carl Fortin)
* ASTERISK-26109 - Asterisk fails building with OpenSSL 1.1.0 (Reported by Tzafrir Cohen)
* ASTERISK-26723 - VoiceMailPlayMsg not playing messages via realtime (Reported by Ryan Rittgarn)
* ASTERISK-18286 - [patch] 'Silence' is truncated in Record() (Reported by var)
* ASTERISK-26248 - chan_pjsip: Error when calling PJSIP client with domain specified (Reported by Norbert Varga)
* ASTERISK-26788 - core: Protect flags during ast_waitfor (Reported by Joshua Colp)
* ASTERISK-26115 - pbx: AMI Originate ignore "failed" extension on call failure (Reported by Nasir Iqbal)
* ASTERISK-26785 - configs/samples: The 'identify' entry is in the wrong section in sorcery.conf.sample (Reported by Torrey Searle)
* ASTERISK-26772 - Crash in srv.c on startup with pjsip (Reported by nappsoft)
* ASTERISK-26770 - res_stasis_device_state: Duplicate subscriptions when multiple received at same time (Reported by Joshua Colp)
Improvements made in this release:
-----------------------------------
* ASTERISK-26864 - res_pjsip_session: Add support for overlap dialling (Reported by Richard Begg)
* ASTERISK-26846 - chan_sip: Add rtcp-mux support (Reported by Sean Bright)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.15.0-rc1
Dal 1 gennaio 2017 il codec g. 729 utilizzato per il VoIP è gratuito
Dal 1° gennaio 2017, la maggior parte dei brevetti del codec g. 729 sono scaduti; quindi, possiamo dire che il codec g. 729 è gratuito.
Il codec g. 729 è famoso nel mondo del VoIP per diversi motivi primo tra tutti che è uno dei codec con il miglior rapporto qualità/larghezza di banda
SiproLAB, la società responsabile per la gestione delle licenze del g. 729 ha reso pubblico che i brevetti del codec g. 729 non sono più validi.
Rilasciato Kamailio 5.0.0
Kamailio ha appena presentato (February 27, 2017) la sua ultima versione 5.0 Kamailio, versione che include non solo miglioramenti ma anche nuove funzionalità che lo rendono ancora più "interessante".
In particolare:
- Tutto il codice sorgente è stato ristrutturato.
- Presentazione del nuovo sistema di KEMI - un framework che consente di scrivere le configurazioni in:
-- LUA
-- Python
-- JavaScript
-- linguaggio nativo di Kamailio
- Una unica interfaccia di gestione (interfaccia RPC)