Asterisk Changelog

What's new in Asterisk 16.6.1

Oct 23, 2019
  • pjproject_bundled: Replace earlier reverts with official fixes.
  • Issues in pjproject 2.9 caused us to revert some of their changes as a work around. This introduced another issue where pjproject wouldn't build with older gcc versions such as that found on CentOS 6. This commit replaces the reverts with the official fixes for the original issues and allows pjproject to be built on CentOS 6 again. ASTERISK-28574
  • res_pjsip_mwi: potential double unref, and potential unwanted double link
  • When creating an unsolicited MWI aggregate subscription it was possible for the subscription object to be double unref'ed. This patch removes the explicit unref as it is not needed since the RAII_VAR will handle it at function end. Less concerning there was also a bug that could potentially allow the aggregate subscription object to be added to the unsolicited container twice. This patch ensures it is added only once. ASTERISK-28575

New in Asterisk 16.4.0 (Jun 4, 2019)

  • New Features:
  • ASTERISK-28375 - res_pjsip: New configuration setting to allow disabling norefersub
  • ASTERISK-28320 - Added ARI resource /ari/channels/{channelid}/rtp_statistics
  • Bugs fixed:
  • ASTERISK-28427 - new mwi.h include missing from some dahdi source files, causes build failure
  • ASTERISK-28412 - GCC 9 catches more string formatting issues
  • ASTERISK-28379 - pjsip: show channelstats incorrect information output
  • ASTERISK-28399 - channel.c: Exceptionally long queue length queuing
  • ASTERISK-28392 - The no-partial-inlining flag isn't passed to the bundled pjproject or jansson builds
  • ASTERISK-28402 - res_pjsip_registrar: SEGV in registrar_find_contact
  • ASTERISK-27756 - bridge: Failure to impart a channel results in bad data causing crash
  • ASTERISK-26718 - ARI: Bridge destroying doesn't work as expected
  • ASTERISK-28143 - app_amd: Infinite loop on silent calls
  • ASTERISK-28353 - stasis: Crash at shutdown when statistics enabled
  • ASTERISK-28374 - latest asterisk unconditionally launch gcc --version, even if the compiler is different
  • ASTERISK-28391 - res_indications: Crash requesting autocomplete on indications cli command
  • ASTERISK-27935 - app_voicemail: emailbody per user can't contain commas
  • ASTERISK-17695 - 1.8.3.2 extenpatternmatchnew=yes cannot find extensions with '-' in them
  • ASTERISK-17799 - AEL reload causes loss of control in a macro
  • ASTERISK-18593 - AEL for loops use Macro app and pipe delimiter
  • ASTERISK-14939 - AEL parsers does not find existing label
  • ASTERISK-20182 - Parsing a label beginning with a numeric character in all Goto/GotoIf/GotoIfTime application causes unexpected behavior
  • ASTERISK-28348 - Failed to initialize OOH323 endpoint-OOH323 Disabled
  • ASTERISK-28371 - chan_pjsip: DTMF Mode auto_info fallback lead to both inband and info
  • ASTERISK-28319 - musl: Crash on startup when loading modules
  • ASTERISK-28362 - strtok_r() makes gcc compile warning
  • ASTERISK-28255 - res_rtp_asterisk: REMB RTCP packet sending may be incorrect
  • Improvements:
  • ASTERISK-28401 - app_confbridge: Add *_all remb behavior variants
  • ASTERISK-28400 - res_rtp_asterisk / res_pjsip_sdp_rtp: Add support for transport-cc
  • ASTERISK-28363 - Millisecond-resolution call stats including PDD in channel variables
  • ASTERISK-20207 - Asterisk should clear out any .lock files in the voice mail directory on startup.
  • ASTERISK-28111 - build: CHANGES/UPGRADE are irritating to work with.
  • ASTERISK-28343 - Added app_name, app_data to channel type
  • ASTERISK-28264 - Added topic_all container

New in Asterisk 16.1.1 (Jan 8, 2019)

  • [ASTERISK-28222 1] -||Regression: MWI polling no longer works

New in Asterisk 15.6.1 (Sep 27, 2018)

  • AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker’s request causes Asterisk to run out of stack space and crash.

New in Asterisk 15.5.0 (Jul 17, 2018)

  • Security bugs fixed in this release:
  • ASTERISK-27818 - Username bruteforce is possible when using ACL with PJSIP
  • ASTERISK-27807 - iostreams: Potential DoS when client connection closed prematurely
  • Bugs fixed in this release:
  • ASTERISK-27783 - res_pjsip_pubsub: apparent crash on shutdown
  • ASTERISK-27870 - app_confbridge: Conference bridge and announcer channels are not removed if conference is ended as soon as it starts
  • ASTERISK-27943 - AMI: Action SendText needs to use the correct thread.
  • ASTERISK-27942 - res_pjsip_messaging doesn't accept application/* content-types.
  • ASTERISK-27909 - cdr: Deadlock with submit_scheduled_batch and submit_unscheduled_batch
  • ASTERISK-27936 - res_pjsip_session doesn't update media when a 200 comes in with a different port than a 183
  • ASTERISK-26987 - pbx_dundi: Asterisk crashes when unloading module pbx_dundi.so with dundi peers
  • ASTERISK-27933 - [patch] uuid: Enable UUID in Solaris 11.
  • ASTERISK-27625 - channels: CHECK_BLOCKING is ineffective
  • ASTERISK-27931 - [patch] BuildSystem: Enable ./configure in Solaris 11.
  • ASTERISK-27926 - [patch] bootstrap.sh: find -maxdepth is not POSIX compatible.
  • ASTERISK-27903 - menuselect: GCC 8: restrict-qualified parameter passed and aliased.
  • ASTERISK-27914 - [patch] tests/test_utils: Repair ./configure --with-ssl=PATH.
  • ASTERISK-27705 - chan_iax2: Stops listening for traffic
  • ASTERISK-27908 - [patch] crypto.h: Repair ./configure --with-ssl=PATH.
  • ASTERISK-27905 - [patch] res_srtp: Repair ./configure --with-ssl=PATH.
  • ASTERISK-27888 - SQL fetch error on query which return 0 columns
  • ASTERISK-27902 - chan_pjsip isn't updating hangupcause on 4XX responses
  • ASTERISK-27901 - [patch] ooh323c: GCC 8: output truncated before terminating nul.
  • ASTERISK-27872 - res_pjsip: Modified qualify_frequency doesn't effect until pjsip reload
  • ASTERISK-27094 - res_fax: Deadlock when using Local channels and fax gateway
  • ASTERISK-27848 - rtp: DTMF Breaks With telephony-event/16000
  • ASTERISK-25261 - Manager events for MeetMe have incorrectly documented key name 'Usernum' - should be 'User'
  • ASTERISK-27878 - [patch] tcptls.h: Repair ./configure --with-ssl=PATH.
  • ASTERISK-27876 - [patch] tcptls: Allow OpenSSL configured with no-dh.
  • ASTERISK-27874 - [patch] tcptls: Allow OpenSSL 1.1.x configured with enable-ssl3-method no-deprecated.
  • ASTERISK-27845 - Codec-Change Re-INVITE during DTMF can cause marker bit error
  • ASTERISK-27831 - res_rtp_asterisk: Add support for abs-send-time RTP extension
  • ASTERISK-27863 - config/ast_destroy_realtime_fields: successful DELETE is treated as failed
  • ASTERISK-27865 - [patch]: tcptls: Repair ./configure --with-ssl=PATH.
  • ASTERISK-27760 - Asterisk ODBC Voicemail Prompt storage fails with recent MariaDB version.
  • ASTERISK-27853 - Incorrect error reported when leaving/retrieving a ODBC voicemail
  • ASTERISK-27726 - chan_mobile: presents incorrect inbound Caller-ID names
  • ASTERISK-27861 - [patch] res_pjsip_endpoint_identifier_ip: Unregister the module for headers.
  • ASTERISK-27860 - [patch] res_pjsip: Register pjsip_transport_management not externally but internally.
  • ASTERISK-27852 - cli: "manager show settings" mislabels HTTP timeout as being minutes.
  • ASTERISK-27824 - Fix issues exposed by GCC 8
  • ASTERISK-27850 - [patch] rtp_engine: Allow Media Formats with add_static_payload(-1) on egress again.
  • ASTERISK-27811 - [patch] sip_to_pjsip: Enable python3 compatibility.
  • ASTERISK-27841 - digest over for manager (ami) over http fails on too long uris
  • ASTERISK-26570 - Macro allows an infinite loop of dialplan inclusion resulting in a crash
  • ASTERISK-27801 - Asterisk got stuck while enabling "ari set debug all on"
  • ASTERISK-27795 - chan_sip: one way / no audio with srtp
  • ASTERISK-27800 - One way audio when calling from Asterisk(sip trunk) to another number where both are connected to a SBC using TLS+SRTP
  • ASTERISK-26806 - pjsip_options: rework to make more efficient
  • ASTERISK-27814 - translate: interpolated frames are not passed through
  • ASTERISK-27812 - When the ooh323 debug is on there is no ringing signal to incoming calls via H323 trunk.
  • ASTERISK-26893 - No "alert" or "progress" in chan_ooh323 if debug is enabled only on the module
  • ASTERISK-27639 - [patch] BuildSystem: Enable IMAP storage on FreeBSD and DragonFly BSD.
  • ASTERISK-27804 - bridge_softmix / app_confbridge: Add support for combining REMB reports
  • ASTERISK-27418 - app_confbridge: "core show profile bridge" does not output "sfu" when video_mode is sfu
  • ASTERISK-27808 - [patch] chan_vpb: Avoid GNU old-style field designator extension.
  • Improvements made in this release:
  • ASTERISK-27929 - [patch] BuildSystem: Enable autotools in Solaris 11.
  • ASTERISK-27752 - Ten seconds of silence after mp3 playback
  • ASTERISK-27910 - [patch] res_rtp_asterisk: Allow OpenSSL configured with no-deprecated.
  • ASTERISK-27906 - [patch] res_crypto: Allow OpenSSL configured with no-deprecated.
  • ASTERISK-27877 - app_confbridge: Add talking indicator for ConfBridgeList AMI response
  • ASTERISK-27873 - documentation: Error on wiki description of Asterisk 13 "MeetmeMute" event
  • ASTERISK-27846 - ast_coredumper: Fix OUTPUT directory
  • ASTERISK-27867 - [patch] libasteriskssl: Allow OpenSSL 1.0.2 configured with no-deprecated.
  • ASTERISK-27796 - res_hep: Allow create_address to resolve a provided hostname
  • ASTERISK-27820 - [patch] Add DragonFly BSD.
  • ASTERISK-27793 - cppcheck identifies redundant "if"

New in Asterisk 15.3.0 (Mar 21, 2018)

  • Security bugs fixed in this release:
  • ASTERISK-27658 - WebSocket frames with 0 sized payload causes DoS
  • ASTERISK-27583 - Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute
  • ASTERISK-27582 - Segmentation fault occurs in Asterisk with an invalid SDP media format description
  • ASTERISK-27618 - Crash occurs when sending a repeated number of INVITE messages over TCP or TLS transport
  • ASTERISK-27640 - SUBSCRIBE message with a large Accept value causes stack corruption
  • New Features made in this release:
  • ASTERISK-27117 - core: Add support for timelen parsing to ast_parse_arg and ACO.
  • Bugs fixed in this release:
  • ASTERISK-27703 - AMI Action VoicemailUsersList returns 0 MessageCount
  • ASTERISK-27659 - Output from rawman truncated if output is long enough
  • ASTERISK-27692 - bridging: Sometimes cloning the stream topology causes a crash
  • ASTERISK-27488 - core: If frame with unnegotiated format is read crash will occur
  • ASTERISK-24386 - Asterisk "doc/lang/language-criteria.txt" needs update or removal.
  • ASTERISK-27689 - [patch] rtp_engine: Load format name / mime type in uppercase again.
  • ASTERISK-27679 - res_pjsip: Endpoint destruction does not free DTLS configuration
  • ASTERISK-27684 - [patch] install_prereq: Update OpenBSD libraries.
  • ASTERISK-27681 - [patch] BuildSystem: Enable IMAP storage on OpenBSD.
  • ASTERISK-27680 - [patch] res_calendar: Specialized calendars depend on symbols of general calendar.
  • ASTERISK-27677 - [patch] BuildSystem: Enable system provided libedit on OpenBSD.
  • ASTERISK-27670 - [patch] BuildSystem: Remove chan_h323 leftovers.
  • ASTERISK-27595 - [patch] BuildSystem: Invoke ldconfig with previous paths.
  • ASTERISK-27631 - [patch] BuildSystem: Do not warn when bash is not installed.
  • ASTERISK-27666 - chan_sip: Crash processing CANCEL request
  • ASTERISK-27584 - Internal pjproject build doesn't disable bcg729
  • ASTERISK-27669 - [patch] codecs: Add support for WebRTC iLBC 2.0.
  • ASTERISK-27642 - [patch] backtrace: Avoid -Wlogical-not-parentheses.
  • ASTERISK-27555 - [patch] install_prereq: Update Debian/Ubuntu libraries.
  • ASTERISK-27656 - CDR: Leaking channel snapshots allocated by stasis_channel.c
  • ASTERISK-27426 - chan_console: cannot read and write at the same time with alsa backend
  • ASTERISK-27621 - (null) string tailing after AsyncAGIEnd AMI event
  • ASTERISK-27652 - Null pointer Crash in PJSIP MWI
  • ASTERISK-27571 - res_pjsip: If SIP response is received during shutdown a crash may occur
  • ASTERISK-27612 - Subscriptions Persist After Expiration and TCP/TLS Disconnect
  • ASTERISK-27637 - [patch] BuildSystem: Enable autotools in FreeBSD.
  • ASTERISK-27635 - [patch] app_voicemail: Avoid always true warnings with clang.
  • ASTERISK-27599 - [patch] install_prereq: Update RHEL/CentOS/Fedora libraries.
  • ASTERISK-26563 - core: macOS devmode build fails: variable 'freeswap' set but not used
  • ASTERISK-27630 - [patch] editline: Avoid shifting a negative signed value.
  • ASTERISK-16172 - Problems with siren14 codec; problems with siren7 sound files.
  • ASTERISK-16951 - [patch] configure.ac in 1.4.37 broken with autoconf 2.60
  • ASTERISK-27603 - [patch] install_prereq: Download latest Jansson.
  • ASTERISK-27607 - [patch] res_config_mysql: Avoid the header mysql_version.h.
  • ASTERISK-24598 - When running ./contrib/scripts/install_prereq install-unpackaged pjproject is installed in wrong place
  • ASTERISK-27602 - [patch] BuildSystem: AC_CONFIG_AUX_DIR needs a directory.
  • ASTERISK-27600 - [patch] BuildSystem: Allow make clean all again.
  • ASTERISK-27598 - [patch] install_prereq: Support package manager DNF.
  • ASTERISK-26596 - Placing call on hold temporarily locks up set
  • ASTERISK-27596 - [patch] BuildSystem: Use the detected name for MD5 everywhere.
  • ASTERISK-27594 - [patch] BuildSystem: Invoke install not in GNU but POSIX style.
  • ASTERISK-27593 - [patch] BuildSystem: In OpenBSD, xmlstarlet is xml.
  • ASTERISK-27592 - [patch] BuildSystem: Detect external library Lua in version 5.3.
  • ASTERISK-26832 - res_pjsip: Segfault when calling pjsip_hdr_print_on in sip_msg.c:581
  • ASTERISK-27589 - [patch] BuildSystem: Avoid $EUID and use id -u instead.
  • ASTERISK-27585 - [patch] BuildSystem: Resolve resolv.h not via Generic but Particular Header-Check.
  • ASTERISK-27575 - menuselect : remove obsolete TRACE_FRAMES compiler flag
  • ASTERISK-27576 - [patch] res_config_pgsql: Avoid typecasting an int to unsigned char.
  • ASTERISK-27560 - [patch] clang 5 does not know -Wno-format-truncation
  • ASTERISK-27578 - [patch] app_osplookup.c: Avoid a format truncation.
  • ASTERISK-27577 - [patch] chan_ooh323: Avoid typecasting an int to unsigned short.
  • ASTERISK-27491 - res_pjsip_endpoint_identifier_ip only matches against header if match by ip fails
  • ASTERISK-27534 - chan_sip: Assumes iostream is non-NULL when it may not be
  • ASTERISK-27549 - [patch] translate: Avoid absolute value on unsigned substraction.
  • ASTERISK-27566 - res_pjsip_session: Improve WebRTC interop with bundling during renegotiation
  • ASTERISK-27553 - [patch] res_curl: Avoid error message on unload.
  • ASTERISK-27557 - [patch] clang 5.0: implicit conversion to char changes value to negative.
  • ASTERISK-27550 - [patch] bridge_softmix: Avoid warning about an uninitialized variable.
  • ASTERISK-27559 - [patch] editline: Avoid comparison between pointer and zero character constant.
  • ASTERISK-27558 - [patch] codec_gsm: Avoid shifting a negative signed value.
  • ASTERISK-25329 - Asterisk configure fails on 'cannot find ptlib-config', despite ptlib-config existing
  • ASTERISK-27552 - [patch] chan_ooh323: Limit outgoinglimit to positive values as intended.
  • ASTERISK-27551 - [patch] ooh323cDriver: Fix typo in header guard.
  • ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf.
  • ASTERISK-27539 - 'cdr submit' fails: batch mode not enabled.
  • ASTERISK-27498 - ICE candidate parser - ICE foundation parsing too short
  • ASTERISK-27366 - Asterisk Turkish Language Set Problem
  • ASTERISK-23133 - Documentation fix - MASTER_CHANNEL Unexpected Behaviour
  • ASTERISK-27531 - Compiler optimizations can break module load sequence.
  • ASTERISK-27480 - Security: Authenticated SUBSCRIBE without Contact crashes asterisk
  • ASTERISK-24198 - Typo's
  • ASTERISK-27229 - bridge: Old channel video source not set to NULL after unref
  • Improvements made in this release:
  • ASTERISK-27683 - [patch] BuildSystem: Allow newer autotools on OpenBSD.
  • ASTERISK-27348 - [patch]contrib/scripts: add a way to migrate from chan_sip to chan_pjsip realtime
  • ASTERISK-27651 - app_confbridge: Add Muted to ConfbridgeJoin and channel snapshot headers to ConfbridgeList AMI events
  • ASTERISK-27647 - app_confbridge/bridge_softmix: When channel muted report talking stopped if was talking.
  • ASTERISK-27084 - Reduce verbosity while loading PBX extensions.
  • ASTERISK-24372 - [patch] Add config option to play a prompt to the "winner" in app_followme
  • ASTERISK-27461 - 3PCC patch for AMI "SIPnotify"

New in Asterisk 14.6.0 (Jul 13, 2017)

  • These releases resolve several issues reported by the community and would have not been possible without your participation.

New in Asterisk 14.2.1 (Dec 14, 2016)

  • AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
  • If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters.
  • This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
  • AST-2016-009: Remote unauthenticated sessions in chan_sip
  • The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as
  • Contactx01:
  • will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication.
  • If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

New in Asterisk 14.2.0 (Nov 29, 2016)

  • Improvements made in this release:
  • ASTERISK-26558 - app_queue: add variable to know if the call is not answered after a queue
  • ASTERISK-26176 - chan_sip: Add AccountCode to AMI PeerEntry
  • ASTERISK-26538 - codec_opus: Add sample to configs/samples/codecs.conf.sample
  • ASTERISK-26488 - ARI: Add 'ari show app', 'ari show apps', and 'ari set debug' CLI commands
  • ASTERISK-26418 - res_rtp_asterisk: Speed up ICE resolution by blacklisting host subnets that are not involved in RTP
  • Bugs fixed in this release:
  • ASTERISK-26608 - Compile and link failures on OpenBSD
  • ASTERISK-26520 - codec_opus: Generated fmtp line has no content
  • ASTERISK-26605 - codec_opus: Spammed warning when Opus negotiated but codec_opus not loaded.
  • ASTERISK-26516 - pjsip: Memory corruption with possible memory leak.
  • ASTERISK-26556 - manager: AMI version report same in Ast 13 & 14, despite Ast 14 syntax changes
  • ASTERISK-26343 - ASTERISK-25951 causes issues for callerid manipulation through agi
  • ASTERISK-26592 - Latest libedit (3.1) defaults to unicode and makes asterisk CLI read garbage
  • ASTERISK-26565 - chan_unistim on 11, 13, 14 placing call on hold temporarily locks up set
  • ASTERISK-26575 - testsuite: Need to check PJSIP functionality when res_srtp is not loaded.
  • ASTERISK-26571 - res_pjsip: Resolution incorrect when explicit IPv6 transport configuredASTERISK-26468 - ari: Bridge events stop working after this sequence of ARI calls
  • ASTERISK-24400 - ooh323 sends wrong hangup code
  • ASTERISK-26555 - Multi-party Video: Fix some post Asterisk-11 regressions
  • ASTERISK-26412 - build: Prepare for gcc 6.2
  • ASTERISK-26509 - A few non-critical deprecation warnings when building on Ubuntu 16.10
  • ASTERISK-26523 - chan_sip: Asterisk 13.12.1 disconnects incoming calls after 2 minutes - rtptimeout behaving badly - regression
  • ASTERISK-26549 - app_dial: When PickupChan() is used some channels may have incorrect device state
  • ASTERISK-24274 - [patch]Codec Format Is Not Included in the SDP Media Attributes When SLIN48 Codec Is Used
  • ASTERISK-26311 - [patch] rtp_engine: Allow more than 32 dynamic payload types.
  • ASTERISK-26506 - [patch]res_pjsip_outbound_publish: Crash when publishing, in publisher_client_send at res_pjsip_outbound_publish.c
  • ASTERISK-25070 - Fix FTBFS on Hurd
  • ASTERISK-26476 - chan_sip: Incorrect display option "Outbound reg. retry 403" in "sip show settings"
  • ASTERISK-26541 - res_pjsip_sdp_rtp: Restrict number of formats to maximum
  • ASTERISK-26537 - AMI: NewConnectedLine event is not documented
  • ASTERISK-26526 - [UBSAN] vector.h: null pointer can be passed as argument 2 to memcpy
  • ASTERISK-26524 - astobj2: data_size variable is wasted space when AO2_DEBUG is not enabled.
  • ASTERISK-26344 - Asterisk 13.11.0 + PJSIP crash
  • ASTERISK-26387 - Asterisk segfaults shortly after starting even with no active calls.
  • ASTERISK-26513 - tests/channels/pjsip/qualify/auth: Crashing enough to be a nuisance
  • ASTERISK-26514 - Super Awesome Company: Don't specify transport in pjsip.conf
  • ASTERISK-26510 - pjproject_bundled uses the --strip-components option of tar which isn't supported in older versions
  • ASTERISK-22480 - Embedded pjproject: build.mak contains hardcoded full path to version.mak
  • ASTERISK-26307 - res_pjsip_caller_id: Crash on outgoing change
  • ASTERISK-26503 - app_voicemail: Asterisk crashes when MailboxExists is used
  • ASTERISK-26423 - res_pjsip_sdp_rtp: Asymmetric RTP codec can cause audio loss and wonkiness
  • ASTERISK-26309 - [patch] res_pjsip: Allow IPv4/IPv6 (Dual Stack) installations.
  • ASTERISK-26482 - [patch] chan_pjsip: segfault on already disconnected session
  • ASTERISK-26421 - Segmentation Fault with ARI originate into mixing bridge with 43 clients
  • ASTERISK-26444 - 'features show' command in CLI does not return prompt.
  • ASTERISK-26480 - [patch] CLI: core set debug: Auto-completes File not Module
  • ASTERISK-26356 - menuselect: invalid test for GTK2
  • ASTERISK-26462 - [patch] app_queue: While using queues with realtime, setting back to an empty context doesn't stop the exit key usage
  • ASTERISK-26439 - chan_rtp: Crash when originating
  • ASTERISK-26457 - [patch] force_rport,auto_comedia: No NAT detection triggered.
  • ASTERISK-26618 - build: Backport addition of librt check to configure.ac
  • New Features made in this release:
  • ASTERISK-26595 - ARI: Add the ability to control the source of video in a multi-party mixing bridge
  • ASTERISK-26492 - ARI: Add ability to specify channel variables on websocket events
  • ASTERISK-26470 - ARI: Add an 'asterisk_id' field to outgoing events

New in Asterisk 13.0.1 (Dec 4, 2014)

  • AST-2014-012: Fix error with mixed address family ACLs. Prior to this commit, the address family of the first item in an ACL was used to compare all incoming traffic. This could lead to traffic of other IP address families bypassing ACLs.
  • AST-2014-013: Fix PJSIP ACLs not loading on startup and apply/ACL issues on contact The biggest problem this patch fixes is that ACLs weren't previously being loaded when the res_pjsip_acl module was loaded. In addition, the ACL options contact_permit and contact_acl were effectively interpreted as contact_deny and this patch fixes that as well.
  • AST-2014-015: Fix race condition in chan_pjsip when sending responses after a CANCEL has been received. Due to the serialized architecture of chan_pjsip there exists a race condition where a CANCEL may be received and processed before responses (such as 180 Ringing, 183 Session Progress, and 200 OK) are sent. Since the session is in an unexpected state PJSIP will assert when this is attempted. This change makes it so that these responses are not sent on disconnected sessions.
  • AST-2014-016: Fix crash when receiving an in-dialog INVITE with Replaces in res_pjsip_refer. The implementation of INVITE with Replaces in res_pjsip_refer did not expect them to occur in-dialog. As a result it would incorrectly attempt to hang up a channel it thought was under its control. In reality the channel would be under the control of another thread. When the other thread accessed the channel it would be accessing freed memory and could crash. This change makes res_pjsip_refer not act on an in-dialog INVITE with Replaces.
  • AST-2014-017 - app_confbridge: permission escalation/ class authorization. Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord” could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed to execute under a user with system level access.
  • AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Asterisk now inhibits the DB function from being executed from an external interface if the live_dangerously option is set to no.

New in Asterisk 1.8.12.0 (May 8, 2012)

  • Prevent chanspy from binding to zombie channels
  • (Closes issue ASTERISK-19493. Reported by lvl)
  • Fix Dial m and r options and forked calls generating warnings for voice frames.
  • (Closes issue ASTERISK-16901. Reported by Chris Gentle)
  • Remove ISDN hold restriction for non-bridged calls.
  • (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
  • Fix copying of CDR(accountcode) to local channels.
  • (Closes issue ASTERISK-19384. Reported by jamicque)
  • Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
  • (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
  • Eliminate double close of file descriptor in manager.c
  • (Closes issue ASTERISK-18453. Reported by Jaco Kroon)

New in Asterisk 1.8.10.1 (Mar 23, 2012)

  • The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun on the stack, but no remote code execution is possible. Second, they resolve an issue in HTTP AMI where digest authentication information can be used to overrun a buffer on the stack, allowing for code injection and execution.
  • These issues and their resolution are described in the security advisory.

New in Asterisk 1.8.0 (Oct 28, 2010)

  • This release includes new features. For a list of new features that have been included with this release, please see the CHANGES file inside the source package. Since this is new major release, users are encouraged to do extended testing before upgrading to this version in a production environment.

New in Asterisk 1.4.24 (Mar 18, 2009)

  • The Asterisk Development Team is proud to announce release of Asterisk 1.4.24, and is available for immediate download at http://downloads.digium.com/
  • In addition to other bug fixes, this release candidate fixes several crash issues, and resolved some remaining issues related to call pickup and call parking that were discovered after the release of Asterisk 1.4.23. In addition, issues related to chan_iax2, and regressions introduced to the 'h' extension have been resolved.
  • This release marks the first inclusion of the release summary files which will be included in all future releases. The purpose is to give a clearer overview of the changes that have taken place between the current and previous release, which issues have been closed, and which community members were involved with issue submission, code commits, and issue testing. Additionally, a diffstat at the end of the file shows at a brief glance the number of changes made to files between the previous and current releases.
  • For a summary of the changes in this release, please see the release summary. For a full list of changes in this release, please see the ChangeLog.
  • The following list of bugs were resolved with the participation of the community, and this release would not have been possible without your help!
  • Paging application crashes asterisk. Closes issue #14308. Submitted by bluefox. Tested by kc0bvu. Patched by seanbright.
  • Crash in VoiceMailMain if hangup occurs before a valid mailbox number is entered (IMAP only). Closes issue #14473. Submitted by, and patch provided by dwpaul.
  • Incoming Gtalk calls fail. Closes issue #13984. Submitted by, tested, and patched by jcovert.
  • Realtime peers are never qualified after 'sip reload'. Closes issue #14196. Submitted by, tested, and patched by pdf.
  • SIP Attended Transfer fails. Closes issue 14611. Submitted by, tested, and patched by klaus3000.