asterisk
The official Asterisk Project repository.
OTHER License
Bot releases are visible (Hide)
Published by asterisk-org-access-app[bot] about 1 month ago
The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert3.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert3
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert3
Change Log for Release asterisk-certified-20.7-cert3
Links:
Summary:
- Commits: 8
- Commit Authors: 5
- Issues Resolved: 5
- Security Advisories Resolved: 1
- GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
User Notes:
-
res_pjsip_notify: add dialplan application
A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify channel -
channel: Add multi-tenant identifier.
tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
Upgrade Notes:
-
channel: Add multi-tenant identifier.
A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
Commit Authors:
- Ben Ford: (1)
- George Joseph: (4)
- Jean-Denis Girard: (1)
- Mike Bradeen: (1)
- Sean Bright: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
- 740: [new-feature]: Add multi-tenant identifier to chan_pjsip
- 799: [improvement]: Add PJSIPNOTIFY dialplan application
- 831: [bug]: app_voicemail ODBC
- 845: [bug]: Buffer overflow in handling of security mechanisms in res_pjsip
- 854: [bug]: wrong properties in stir_shaken.conf.sample
Commits By Author:
-
Ben Ford (1):
- channel: Add multi-tenant identifier.
-
George Joseph (4):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
- stir_shaken.conf.sample: Fix bad references to private_key_path
- security_agreements.c: Refactor the to_str functions and fix a few other bugs
-
Jean-Denis Girard (1):
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
-
Mike Bradeen (1):
- res_pjsip_notify: add dialplan application
-
Sean Bright (1):
- alembic: Make 'revises' header comment match reality.
Commit List:
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
- security_agreements.c: Refactor the to_str functions and fix a few other bugs
- stir_shaken.conf.sample: Fix bad references to private_key_path
- alembic: Make 'revises' header comment match reality.
- res_pjsip_notify: add dialplan application
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
- channel: Add multi-tenant identifier.
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit Details:
app_voicemail: Fix sql insert mismatch caused by cherry-pick
Author: Jean-Denis Girard
Date: 2024-08-07
When commit e8c9cb80 was cherry-picked in from master, the
fact that the 20 and 18 branches still had the old "macrocontext"
column wasn't taken into account so the number of named parameters
didn't match the number of '?' placeholders. They do now.
We also now use ast_asprintf to create the full mailbox query SQL
statement instead of trying to calculate the proper length ourselves.
Resolves: #831
security_agreements.c: Refactor the to_str functions and fix a few other bugs
Author: George Joseph
Date: 2024-08-17
-
A static array of security mechanism type names was created.
-
ast_sip_str_to_security_mechanism_type() was refactored to do
a lookup in the new array instead of using fixed "if/else if"
statments. -
security_mechanism_to_str() and ast_sip_security_mechanisms_to_str()
were refactored to use ast_str instead of a fixed length buffer
to store the result. -
ast_sip_security_mechanism_type_to_str was removed in favor of
just referencing the new type name array. Despite starting with
"ast_sip_", it was a static function so removing it doesn't affect
ABI. -
Speaking of "ast_sip_", several other static functions that
started with "ast_sip_" were renamed to avoid confusion about
their public availability. -
A few VECTOR free loops were replaced with AST_VECTOR_RESET().
-
Fixed a meomry leak in pjsip_configuration.c endpoint_destructor
caused by not calling ast_sip_security_mechanisms_vector_destroy(). -
Fixed a memory leak in res_pjsip_outbound_registration.c
add_security_headers() caused by not specifying OBJ_NODATA in
an ao2_callback. -
Fixed a few ao2_callback return code misuses.
Resolves: #845
stir_shaken.conf.sample: Fix bad references to private_key_path
Author: George Joseph
Date: 2024-08-22
They should be private_key_file.
Resolves: #854
alembic: Make 'revises' header comment match reality.
Author: Sean Bright
Date: 2024-08-17
res_pjsip_notify: add dialplan application
Author: Mike Bradeen
Date: 2024-07-09
Add dialplan application PJSIPNOTIFY to send either pre-configured
NOTIFY messages from pjsip_notify.conf or with headers defined in
dialplan.
Also adds the ability to send pre-configured NOTIFY commands to a
channel via the CLI.
Resolves: #799
UserNote: A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify channel
manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
Author: George Joseph
Date: 2024-08-08
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
channel: Add multi-tenant identifier.
Author: Ben Ford
Date: 2024-05-21
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
exten => example,1,Set(CHANNEL(tenantid)=My tenant ID)
It can also be accessed via CHANNEL:
exten => example,2,NoOp(CHANNEL(tenantid))
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like .1 or [.1]. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Published by asterisk-org-access-app[bot] about 1 month ago
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert12.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert12
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert12
Change Log for Release asterisk-certified-18.9-cert12
Links:
Summary:
- Commits: 6
- Commit Authors: 5
- Issues Resolved: 3
- Security Advisories Resolved: 1
- GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
User Notes:
-
res_pjsip_notify: add dialplan application
A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify channel -
channel: Add multi-tenant identifier.
tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
Upgrade Notes:
-
channel: Add multi-tenant identifier.
A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
Commit Authors:
- Ben Ford: (1)
- George Joseph: (2)
- Jean-Denis Girard: (1)
- Mike Bradeen: (1)
- Sean Bright: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
- 740: [new-feature]: Add multi-tenant identifier to chan_pjsip
- 799: [improvement]: Add PJSIPNOTIFY dialplan application
- 831: [bug]: app_voicemail ODBC
Commits By Author:
-
Ben Ford (1):
- channel: Add multi-tenant identifier.
-
George Joseph (2):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
-
Jean-Denis Girard (1):
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
-
Mike Bradeen (1):
- res_pjsip_notify: add dialplan application
-
Sean Bright (1):
- alembic: Make 'revises' header comment match reality.
Commit List:
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
- alembic: Make 'revises' header comment match reality.
- res_pjsip_notify: add dialplan application
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
- channel: Add multi-tenant identifier.
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit Details:
app_voicemail: Fix sql insert mismatch caused by cherry-pick
Author: Jean-Denis Girard
Date: 2024-08-07
When commit e8c9cb80 was cherry-picked in from master, the
fact that the 20 and 18 branches still had the old "macrocontext"
column wasn't taken into account so the number of named parameters
didn't match the number of '?' placeholders. They do now.
We also now use ast_asprintf to create the full mailbox query SQL
statement instead of trying to calculate the proper length ourselves.
Resolves: #831
alembic: Make 'revises' header comment match reality.
Author: Sean Bright
Date: 2024-08-17
res_pjsip_notify: add dialplan application
Author: Mike Bradeen
Date: 2024-07-09
Add dialplan application PJSIPNOTIFY to send either pre-configured
NOTIFY messages from pjsip_notify.conf or with headers defined in
dialplan.
Also adds the ability to send pre-configured NOTIFY commands to a
channel via the CLI.
Resolves: #799
UserNote: A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify channel
manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
Author: George Joseph
Date: 2024-08-08
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
channel: Add multi-tenant identifier.
Author: Ben Ford
Date: 2024-05-21
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
exten => example,1,Set(CHANNEL(tenantid)=My tenant ID)
It can also be accessed via CHANNEL:
exten => example,2,NoOp(CHANNEL(tenantid))
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like .1 or [.1]. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Published by asterisk-org-access-app[bot] about 1 month ago
The Asterisk Development Team would like to announce security release
Asterisk 21.4.3.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.3
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.4.3
Change Log for Release asterisk-21.4.3
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
Commits By Author:
-
George Joseph (1):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit List:
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit Details:
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like .1 or [.1]. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Published by asterisk-org-access-app[bot] about 1 month ago
The Asterisk Development Team would like to announce security release
Asterisk 20.9.3.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.3
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.9.3
Change Log for Release asterisk-20.9.3
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
Commits By Author:
-
George Joseph (1):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit List:
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit Details:
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like .1 or [.1]. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Published by asterisk-org-access-app[bot] about 1 month ago
The Asterisk Development Team would like to announce security release
Asterisk 18.24.3.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.24.3
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.24.3
Change Log for Release asterisk-18.24.3
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used
Commits By Author:
-
George Joseph (1):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit List:
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Commit Details:
res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like .1 or [.1]. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Published by asterisk-org-access-app[bot] 2 months ago
The Asterisk Development Team would like to announce security release
Asterisk 21.4.2.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.2
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.4.2
Change Log for Release asterisk-21.4.2
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
Commits By Author:
-
George Joseph (1):
- manager.c: Add entries to Originate blacklist
Commit List:
- manager.c: Add entries to Originate blacklist
Commit Details:
manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Published by asterisk-org-access-app[bot] 2 months ago
The Asterisk Development Team would like to announce security release
Asterisk 20.9.2.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.2
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.9.2
Change Log for Release asterisk-20.9.2
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
Commits By Author:
-
George Joseph (1):
- manager.c: Add entries to Originate blacklist
Commit List:
- manager.c: Add entries to Originate blacklist
Commit Details:
manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Published by asterisk-org-access-app[bot] 2 months ago
The Asterisk Development Team would like to announce security release
Asterisk 18.24.2.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.24.2
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.24.2
Change Log for Release asterisk-18.24.2
Links:
Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
Commits By Author:
-
George Joseph (1):
- manager.c: Add entries to Originate blacklist
Commit List:
- manager.c: Add entries to Originate blacklist
Commit Details:
manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Published by asterisk-org-access-app[bot] 2 months ago
The Asterisk Development Team would like to announce security release
Certified Asterisk 20.7-cert2.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert2
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert2
Change Log for Release asterisk-certified-20.7-cert2
Links:
Summary:
- Commits: 6
- Commit Authors: 2
- Issues Resolved: 5
- Security Advisories Resolved: 1
- GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
User Notes:
-
res_pjsip_config_wizard.c: Refactor load process
The res_pjsip_config_wizard.so module can now be reloaded.
Upgrade Notes:
Commit Authors:
- George Joseph: (5)
- Mike Bradeen: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
- 780: [bug]: Infinite loop of "Indicated Video Update", max CPU usage
- 801: [bug]: res_stasis: Occasional 200ms delay adding channel to a bridge
- 809: [bug]: CLI stir_shaken show verification kills asterisk
- 816: [bug]: res_pjsip_config_wizard doesn't load properly if res_pjsip is loaded first
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when using "make samples"
Commits By Author:
-
George Joseph (5):
- manager.c: Add entries to Originate blacklist
- bridge_softmix: Fix queueing VIDUPDATE control frames
- voicemail.conf.sample: Fix ':' comment typo
- res_pjsip_config_wizard.c: Refactor load process
- stir_shaken: CRL fixes and a new CLI command
-
Mike Bradeen (1):
- res_stasis: fix intermittent delays on adding channel to bridge
Commit List:
- res_stasis: fix intermittent delays on adding channel to bridge
- stir_shaken: CRL fixes and a new CLI command
- res_pjsip_config_wizard.c: Refactor load process
- voicemail.conf.sample: Fix ':' comment typo
- bridge_softmix: Fix queueing VIDUPDATE control frames
- manager.c: Add entries to Originate blacklist
Commit Details:
res_stasis: fix intermittent delays on adding channel to bridge
Author: Mike Bradeen
Date: 2024-07-10
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Resolves: #801
stir_shaken: CRL fixes and a new CLI command
Author: George Joseph
Date: 2024-07-19
-
Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to distinguish them
in the list. -
Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects. -
Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one. -
Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path. - Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
-
Added a new CLI command...
stir_shaken verify certificate_file <certificate_file> [ <profile> ]
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile. -
Updated the XML documentation and the sample config file.
Resolves: #809
res_pjsip_config_wizard.c: Refactor load process
Author: George Joseph
Date: 2024-07-23
The way we have been initializing the config wizard prevented it
from registering its objects if res_pjsip happened to load
before it.
-
We now use the object_type_registered sorcery observer to kick
things off instead of the wizard_mapped observer. -
The load_module function now checks if res_pjsip has been loaded
already and if it was it fires the proper observers so the objects
load correctly.
Resolves: #816
UserNote: The res_pjsip_config_wizard.so module can now be reloaded.
voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
bridge_softmix: Fix queueing VIDUPDATE control frames
Author: George Joseph
Date: 2024-07-17
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
Resolves: #780
manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Published by asterisk-org-access-app[bot] 2 months ago
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert11.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert11
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert11
Change Log for Release asterisk-certified-18.9-cert11
Links:
Summary:
- Commits: 5
- Commit Authors: 2
- Issues Resolved: 4
- Security Advisories Resolved: 1
- GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
User Notes:
-
res_pjsip_config_wizard.c: Refactor load process
The res_pjsip_config_wizard.so module can now be reloaded.
Upgrade Notes:
Commit Authors:
- George Joseph: (4)
- Mike Bradeen: (1)
Issue and Commit Detail:
Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code execution / System() dialplan
- 780: [bug]: Infinite loop of "Indicated Video Update", max CPU usage
- 801: [bug]: res_stasis: Occasional 200ms delay adding channel to a bridge
- 816: [bug]: res_pjsip_config_wizard doesn't load properly if res_pjsip is loaded first
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when using "make samples"
Commits By Author:
-
George Joseph (4):
- manager.c: Add entries to Originate blacklist
- bridge_softmix: Fix queueing VIDUPDATE control frames
- voicemail.conf.sample: Fix ':' comment typo
- res_pjsip_config_wizard.c: Refactor load process
-
Mike Bradeen (1):
- res_stasis: fix intermittent delays on adding channel to bridge
Commit List:
- res_stasis: fix intermittent delays on adding channel to bridge
- res_pjsip_config_wizard.c: Refactor load process
- voicemail.conf.sample: Fix ':' comment typo
- bridge_softmix: Fix queueing VIDUPDATE control frames
- manager.c: Add entries to Originate blacklist
Commit Details:
res_stasis: fix intermittent delays on adding channel to bridge
Author: Mike Bradeen
Date: 2024-07-10
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Resolves: #801
res_pjsip_config_wizard.c: Refactor load process
Author: George Joseph
Date: 2024-07-23
The way we have been initializing the config wizard prevented it
from registering its objects if res_pjsip happened to load
before it.
-
We now use the object_type_registered sorcery observer to kick
things off instead of the wizard_mapped observer. -
The load_module function now checks if res_pjsip has been loaded
already and if it was it fires the proper observers so the objects
load correctly.
Resolves: #816
UserNote: The res_pjsip_config_wizard.so module can now be reloaded.
voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
bridge_softmix: Fix queueing VIDUPDATE control frames
Author: George Joseph
Date: 2024-07-17
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
Resolves: #780
manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-21.4.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.4.1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-21.4.1
Links:
Summary:
- Commits: 2
- Commit Authors: 1
- Issues Resolved: 2
- Security Advisories Resolved: 0
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (2)
Issue and Commit Detail:
Closed Issues:
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when using "make samples"
- 822: [bug]: segfault in main/rtp_engine.c:1489 after updating 20.8.1 -> 20.9.0
Commits By Author:
-
George Joseph (2):
- voicemail.conf.sample: Fix ':' comment typo
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Commit List:
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
- voicemail.conf.sample: Fix ':' comment typo
Commit Details:
rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Author: George Joseph
Date: 2024-07-25
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
Resolves: #822
voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-20.9.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.9.1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-20.9.1
Links:
Summary:
- Commits: 2
- Commit Authors: 1
- Issues Resolved: 2
- Security Advisories Resolved: 0
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (2)
Issue and Commit Detail:
Closed Issues:
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when using "make samples"
- 822: [bug]: segfault in main/rtp_engine.c:1489 after updating 20.8.1 -> 20.9.0
Commits By Author:
-
George Joseph (2):
- voicemail.conf.sample: Fix ':' comment typo
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Commit List:
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
- voicemail.conf.sample: Fix ':' comment typo
Commit Details:
rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Author: George Joseph
Date: 2024-07-25
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
Resolves: #822
voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-18.24.1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.24.1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.24.1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-18.24.1
Links:
Summary:
- Commits: 2
- Commit Authors: 1
- Issues Resolved: 2
- Security Advisories Resolved: 0
User Notes:
Upgrade Notes:
Commit Authors:
- George Joseph: (2)
Issue and Commit Detail:
Closed Issues:
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when using "make samples"
- 822: [bug]: segfault in main/rtp_engine.c:1489 after updating 20.8.1 -> 20.9.0
Commits By Author:
-
George Joseph (2):
- voicemail.conf.sample: Fix ':' comment typo
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Commit List:
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
- voicemail.conf.sample: Fix ':' comment typo
Commit Details:
rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Author: George Joseph
Date: 2024-07-25
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
Resolves: #822
voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-21.4.0.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.0
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.4.0
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-21.4.0
Links:
Summary:
- Commits: 20
- Commit Authors: 9
- Issues Resolved: 8
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted. -
pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters. -
rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Upgrade Notes:
-
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
Commit Authors:
- Alexei Gradinari: (2)
- Bastian Triller: (1)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-20.9.0.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.0
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.9.0
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-20.9.0
Links:
Summary:
- Commits: 20
- Commit Authors: 9
- Issues Resolved: 8
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted. -
pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters. -
rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Upgrade Notes:
-
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
Commit Authors:
- Alexei Gradinari: (2)
- Bastian Triller: (1)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of asterisk-18.24.0.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/18.24.0
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 18.24.0
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-18.24.0
Links:
Summary:
- Commits: 19
- Commit Authors: 8
- Issues Resolved: 8
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted. -
pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters. -
rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Upgrade Notes:
-
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
Commit Authors:
- Alexei Gradinari: (2)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of Certified asterisk-20.7-cert1.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-20.7-cert1
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-20.7-cert1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-certified-20.7-cert1
Links:
Summary:
- Commits: 1097
- Commit Authors: 114
- Issues Resolved: 891
- Security Advisories Resolved: 1
- GHSA-hxj9-xwr8-w8pq: Asterisk susceptible to Denial of Service via DTLS Hello packets during call initiation
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
tcptls/iostream: Add support for setting SNI on client TLS connections
Secure websocket client connections now send SNI in
the TLS client hello. -
app_dial: Add dial time for progress/ringing.
The timeout argument to Dial now allows
specifying the maximum amount of time to dial if
early media is not received. -
app_voicemail: Allow preventing mark messages as urgent.
The leaveurgent mailbox option can now be used to
control whether callers may leave messages marked as 'Urgent'. -
Stir/Shaken Refactor
Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information. -
Upgrade bundled pjproject to 2.14.
Bundled pjproject has been upgraded to 2.14. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases -
app_speech_utils.c: Allow partial speech results.
The SpeechBackground dialplan application now supports a 'p'
option that will return partial results from speech engines that
provide them when a timeout occurs. -
app_chanspy: Add 'D' option for dual-channel audio
The ChanSpy application now accepts the 'D' option which
will interleave the spied audio within the outgoing frames. The
purpose of this is to allow the audio to be read as a Dual channel
stream with separate incoming and outgoing audio. Setting both the
'o' option and the 'D' option and results in the 'D' option being
ignored. -
chan_dahdi: Allow MWI to be manually toggled on channels.
The 'dahdi set mwi' now allows MWI on channels
to be manually toggled if needed for troubleshooting.
Resolves: #440 -
app_dial: Add option "j" to preserve initial stream topology of caller
The option "j" is now available for the Dial application which
uses the initial stream topology of the caller to create the outgoing
channels. -
logger: Add channel-based filtering.
The console log can now be filtered by
channels or groups of channels, using the
logger filter CLI commands. -
chan_pjsip: Add PJSIPHangup dialplan app and manager action
A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range. -
app_voicemail: Add AMI event for mailbox PIN changes.
The VoicemailPasswordChange event is
now emitted whenever a mailbox password is updated,
containing the mailbox information and the new
password.
Resolves: #398 -
res_speech: allow speech to translate input channel
res_speech now supports translation of an input channel
to a format supported by the speech provider, provided a translation
path is available between the source format and provider capabilites. -
res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 cha..
With this update, the PJSIP realm lengths have been extended
to support up to 255 characters. -
res_stasis: signal when new command is queued
Call setup times should be significantly improved
when using ARI. -
lock.c: Separate DETECT_DEADLOCKS from DEBUG_THREADS
You no longer need to select DEBUG_THREADS to use
DETECT_DEADLOCKS. This removes a significant amount of overhead
if you just want to detect possible deadlocks vs needing full
lock tracing. -
file.c: Add ability to search custom dir for sounds
A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/ directory. -
make_buildopts_h, et. al. Allow adding all cflags to buildopts.h
The "Build Options" entry in the "core show settings"
CLI command has been renamed to "ABI related Build Options" and
a new entry named "All Build Options" has been added that shows
both breaking and non-breaking options. -
chan_rtp: Implement RTP glue for UnicastRTP channels
The dial string option 'g' was added to the UnicastRTP channel
which enables RTP glue and therefore native RTP bridges with those
channels. -
app_queue: periodic announcement configurable start time.
Introduce a new queue configuration option called
'periodic-announce-startdelay' which will vary the normal (historic)
behavior of starting the periodic announcement cycle at
periodic-announce-frequency seconds after entering the queue to start
the periodic announcement cycle at period-announce-startdelay seconds
after joining the queue. The default behavior if this config option is
not set remains unchanged.
Signed-off-by: Jaco Kroon [email protected] -
variables: Add additional variable dialplan functions.
Four new dialplan functions have been added.
GLOBAL_DELETE and DELETE have been added which allows
the deletion of global and channel variables.
GLOBAL_EXISTS and VARIABLE_EXISTS have been added
which checks whether a global or channel variable has
been set. -
sig_analog: Add Called Subscriber Held capability.
Called Subscriber Held is now supported for analog
FXS channels, using the calledsubscriberheld option. This allows
a station user to go on hook when receiving an incoming call
and resume from another phone on the same line by going on hook,
without disconnecting the call. -
res_pjsip_header_funcs: Make prefix argument optional.
The prefix argument to PJSIP_HEADERS is now
optional. If not specified, all header names will be
returned. -
core/ari/pjsip: Add refer mechanism
There is a new ARI endpoint
/endpoints/referfor referring
an endpoint to some URI or endpoint. -
chan_dahdi: Allow autoreoriginating after hangup.
The autoreoriginate setting now allows for kewlstart FXS
channels to automatically reoriginate and provide dial tone to the
user again after all calls on the line have cleared. This saves users
from having to manually hang up and pick up the receiver again before
making another call. -
sig_analog: Allow three-way flash to time out to silence.
The threewaysilenthold option now allows the three-way
dial tone to time out to silence, rather than continuing forever. -
res_pjsip: Enable TLS v1.3 if present.
res_pjsip now allows TLS v1.3 to be enabled if supported by
the underlying PJSIP library. The bundled version of PJSIP supports
TLS v1.3. -
app_queue: Add support for applying caller priority change immediately.
The 'queue priority caller' CLI command and
'QueueChangePriorityCaller' AMI action now have an 'immediate'
argument which allows the caller priority change to be reflected
immediately, causing the position of a caller to move within the
queue depending on the priorities of the other callers. -
Adds manager actions to allow move/remove/forward individual messages in a par..
The following manager actions have been added
VoicemailBoxSummary - Generate message list for a given mailbox
VoicemailRemove - Remove a message from a mailbox folder
VoicemailMove - Move a message from one folder to another within a mailbox
VoicemailForward - Copy a message from one folder in one mailbox
to another folder in another or the same mailbox. -
app_voicemail: add CLI commands for message manipulation
The following CLI commands have been added to app_voicemail
voicemail show mailbox
Show contents of mailbox @
voicemail remove <from_folder>
Remove message from <from_folder> in mailbox @
voicemail move <from_folder> <to_folder>
Move message in mailbox & from <from_folder> to <to_folder>
voicemail forward <from_mailbox> <from_context> <from_folder> <to_mailbox> <to_context> <to_folder>
Forward message in mailbox @ <from_folder> to
mailbox @ <to_folder> -
sig_analog: Allow immediate fake ring to be suppressed.
The immediatering option can now be set to no to suppress
the fake audible ringback provided when immediate=yes on FXS channels. -
AMI: Add parking position parameter to Park action
New ParkingSpace parameter has been added to AMI action Park.
-
res_musiconhold: Add option to loop last file.
The loop_last option in musiconhold.conf now
allows the last file in the directory to be looped once reached. -
AMI: Add CoreShowChannelMap action.
New AMI action CoreShowChannelMap has been added.
-
sig_analog: Add fuller Caller ID support.
Additional Caller ID properties are now supported on
incoming calls to FXS stations, namely the
redirecting reason and call qualifier. -
res_stasis.c: Add new type 'sdp_label' for bridge creation.
When creating a bridge using the ARI the 'type' argument now
accepts a new value 'sdp_label' which will configure the bridge to add
labels for each stream in the SDP with the corresponding channel id. -
app_queue: Preserve reason for realtime queues
Make paused reason in realtime queues persist an
Asterisk restart. This was fixed for non-realtime
queues in ASTERISK_25732. -
cel: add local optimization begin event
The new AST_CEL_LOCAL_OPTIMIZE_BEGIN can be used
by itself or in conert with the existing
AST_CEL_LOCAL_OPTIMIZE to book-end local channel optimizaion. -
chan_dahdi: Add dialmode option for FXS lines.
A "dialmode" option has been added which allows
specifying, on a per-channel basis, what methods of
subscriber dialing (pulse and/or tone) are permitted.
Additionally, this can be changed on a channel
at any point during a call using the CHANNEL
function.
Upgrade Notes:
-
pbx_variables.c: Prevent SEGV due to stack overflow.
The maximum amount of dialplan recursion
using variable substitution (such as by using EVAL_EXTEN)
is capped at 15. -
Stir/Shaken Refactor
The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added. Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure. -
app.c: Allow ampersands in playback lists to be escaped.
Ampersands in URLs passed to the
Playback(),
Background(),SpeechBackground(),Read(),Authenticate(), or
Queue()applications as filename arguments can now be escaped by
single quoting the filename. Additionally, this is also possible when
using theCONFBRIDGEdialplan function, or configuring various
features inconfbridge.confandqueues.conf. -
pjsip_configuration.c: Disable DTLS renegotiation if WebRTC is enabled.
The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted. -
res_pjsip: Expanding PJSIP endpoint ID and relevant resource length to 255 cha..
As part of this update, the maximum allowable length
for PJSIP endpoints and relevant resources has been increased from
40 to 255 characters. To take advantage of this enhancement, it is
recommended to run the necessary procedures (e.g., Alembic) to
update your schemas. -
app_queue: Preserve reason for realtime queues
Add a new column to the queue_member table:
reason_paused VARCHAR(80) so the reason can be preserved. -
cel: add local optimization begin event
The existing AST_CEL_LOCAL_OPTIMIZE can continue
to be used as-is and the AST_CEL_LOCAL_OPTIMIZE_BEGIN event
can be ignored if desired.
Commit Authors:
- Alex2grad: (1)
- Alexander Greiner-Baer: (1)
- Alexander Traud: (67)
- Alexandre Fournier: (1)
- Alexei Gradinari: (12)
- Andre Barbosa: (3)
- Andrew Siplas: (1)
- Bastian Triller: (2)
- Ben Ford: (27)
- Bernd Zobl: (2)
- Boris P. Korzun: (10)
- Brad Smith: (4)
- Carlos Oliva: (1)
- Christof Efkemann: (1)
- Cmaj: (3)
- Dan Cropp: (2)
- Dennis Buteyn: (1)
- Dovid Bender: (1)
- Dustin Marquess: (1)
- Eduardo: (1)
- Evandro C��Sar Arruda: (1)
- Evgenios_Greek: (1)
- Fabrice Fontaine: (2)
- Florentin Mayer: (1)
- Frederic LE FOLL: (1)
- Frederic Van Espen: (1)
- George Joseph: (139)
- Gitea: (1)
- Guido Falsi: (1)
- Henning Westerholt: (3)
- Holger Hans Peter Freyther: (9)
- Hugh McMaster: (1)
- Igor Goncharovsky: (5)
- Ivan Poddubny: (1)
- Ivan Poddubnyi: (5)
- Jaco Kroon: (22)
- Jason D. McCormick: (1)
- Jasper Hafkenscheid: (1)
- Jasper Van Der Neut: (1)
- Jean Aunis: (4)
- Jeremy Lain��: (1)
- Jiajian Zhou: (1)
- Joe Searle: (1)
- Jose Lopes: (1)
- Joseph Nadiv: (3)
- Josh Soref: (25)
- Joshua C. Colp: (85)
- Joshua Colp: (1)
- Kevin Harwell: (28)
- Kfir Itzhak: (2)
- Luke Escude: (1)
- Lvl: (2)
- Marcel Wagner: (3)
- Mark Murawski: (4)
- Mark Petersen: (10)
- Martin Nystroem: (1)
- Matthew Fredrickson: (4)
- Matthew Kern: (1)
- Maximilian Fridrich: (13)
- Michael Cargile: (1)
- Michael Kuron: (2)
- Michael Neuhauser: (2)
- Michal Hajek: (1)
- Micha�� G��Rny: (5)
- Miguel Angel Nubla: (1)
- Mike Bradeen: (44)
- MikeNaso: (1)
- Moritz Fain: (1)
- Nathan Bruning: (2)
- Naveen Albert: (268)
- Nick French: (4)
- Nickolay Shmyrev: (1)
- Nico Kooijman: (1)
- Niklas Larsson: (1)
- Olaf Titz: (1)
- Patrick Verzele: (1)
- Peter Fern: (1)
- PeterHolik: (2)
- Philip Prindeville: (14)
- Phoneben: (1)
- Pirmin Walthert: (1)
- Richard Mudgett: (2)
- Rijnhard Hessel: (1)
- Roadkill: (1)
- Robert Cripps: (1)
- Rodrigo Ram��Rez Norambuena: (1)
- Romryz: (1)
- Salah Ahmed: (1)
- Sam Banks: (1)
- Samuel Olaechea: (1)
- Sarah Autumn: (1)
- Sean Bright: (155)
- Sebastian Jennen: (1)
- Sebastien Duthil: (4)
- Sergey V. Lobanov: (1)
- Shaaah: (1)
- Shloime Rosenblum: (3)
- Shyju Kanaprath: (1)
- Spiridonov Dmitry: (1)
- Stanislav Abramenkov: (2)
- Stanislav: (1)
- Steve Davies: (1)
- Sungtae Kim: (10)
- The_Blode: (1)
- Thomas Guebels: (1)
- Tinet-Mucw: (1)
- Torrey Searle: (6)
- Trevor Peirce: (2)
- Under: (1)
- Vitezslav Novy: (1)
- Walter Doekes: (1)
- Yury Kirsanov: (1)
- Zhengsh: (3)
- Zhou_jiajian: (1)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
the release of Certified asterisk-18.9-cert10.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert10
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
Repository: https://github.com/asterisk/asterisk
Tag: certified-18.9-cert10
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-certified-18.9-cert10
Links:
Summary:
- Commits: 4
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
Upgrade Notes:
Commit Authors:
- George Joseph: (2)
- Sean Bright: (2)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
release candidate 1 of asterisk-21.4.0.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/21.4.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 21.4.0-rc1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-21.4.0-rc1
Links:
Summary:
- Commits: 20
- Commit Authors: 9
- Issues Resolved: 8
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted. -
pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters. -
rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Upgrade Notes:
-
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
Commit Authors:
- Alexei Gradinari: (2)
- Bastian Triller: (1)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)
Published by asterisk-org-access-app[bot] 3 months ago
The Asterisk Development Team would like to announce
release candidate 1 of asterisk-20.9.0.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/20.9.0-rc1
and
https://downloads.asterisk.org/pub/telephony/asterisk
Repository: https://github.com/asterisk/asterisk
Tag: 20.9.0-rc1
This release resolves issues reported by the community
and would have not been possible without your participation.
Thank You!
Change Log for Release asterisk-20.9.0-rc1
Links:
Summary:
- Commits: 20
- Commit Authors: 9
- Issues Resolved: 8
- Security Advisories Resolved: 0
User Notes:
-
app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file. -
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted. -
pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters. -
rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Upgrade Notes:
-
app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
Commit Authors:
- Alexei Gradinari: (2)
- Bastian Triller: (1)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)