asterisk 11.25.3

Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.

Tags communication conferencing telephony sip
License GNU GPL
State stable

Recent Releases

11.25.321 Sep 2017 00:45 minor feature: 2017-09-19 16:03 +0000 Asterisk Development Team Asterisk 11.25.3 Released. 2017-09-13 12:07 +0000 fe2ba2f3ca Richard Mudgett. AST-2017-008: Improve RTP and RTCP packet processing. Validate RTCP packets before processing them. Validate that the received packet is of a minimum length and apply the RFC3550 RTCP packet validation checks. Potentially reading garbage beyond the received RTCP record data. Rtp- themssrc only being set once when the remote could change. The SSRC. We would effectively stop handling the RTCP statistic records. Rtp- themssrc to not treat a zero value as special by adding. Rtp- themssrc_valid to indicate if rtp- themssrc is available. ASTERISK-27274. Make strict RTP learning more flexible. Direct media can cause strict RTP to attempt to learn a remote address. Again before it has had a chance to learn the remote address the first Time. Because of the rapid relearn requests, strict RTP could latch onto The first remote address and fail to latch onto the direct media remote Address. As a result, you have one way audio until the call is placed on And off hold. The new algorithm learns remote addresses for a set time (1.5 seconds). Before locking the remote address. In addition, we must see a configured Number of remote packets from the same address in a row before switching. Strict RTP learning from always accepting the first new address. Packet as the new stream. Strict RTP to initialize the expected sequence number with the. Last received sequence number instead of the last transmitted sequence Number. The predicted next sequence number calculation in. Rtp_learning_rtp_seq_update() to handle overflow. ASTERISK-27252. Change-Id: Ia2d3aa6e0f22906c25971e74f10027d96525f31c. 2017-08-31 14:55 +0000 Asterisk Development Team. Asterisk 11.25.2 Released. 2017-07-01 19:24 +0000 8b7dd37abc Corey Farrell. AST-2017-006: app_minivm application MinivmNotify command injection. An admin can configure app_minivm with an externnotify program to be run. When a
11.25.202 Sep 2017 10:05 minor feature: 2017-08-31 14:55 +0000 Asterisk Development Team Asterisk 11.25.2 Released. 2017-07-01 19:24 +0000 8b7dd37abc Corey Farrell. AST-2017-006: app_minivm application MinivmNotify command injection. An admin can configure app_minivm with an externnotify program to be run. When a voicemail is received. The app_minivm application MinivmNotify Uses ast_safe_system() for this purpose which is vulnerable to command Injection since the Caller-ID name and number values given to externnotify Can come from an external untrusted source. Add ast_safe_execvp() function. This gives modules the ability to run. External commands with greater safety compared to ast_safe_system(). Specifically when some parameters are filled by untrusted sources the new. Function does not allow malicious input to break argument encoding. This May be of particular concern where CALLERID(name) or CALLERID(num) may be Used as a parameter to a script run by ast_safe_system() which could Potentially allow arbitrary command execution. Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp(). Instead of ast_safe_system() to avoid command injection. Document code injection potential from untrusted data sources for other. Shell commands that are under user control. ASTERISK-27103. Change-Id: I7552472247a84cde24e1358aaf64af160107aef1. 2017-05-22 10:36 +0000 cb565f9b59 Joshua Colp. Res_rtp_asterisk: Only learn a new source in learn state. This change moves the logic which learns a new source address. For RTP so it only occurs in the learning state. The learning State is entered on initial allocation of RTP or if we are Told that the remote address for the media has changed. While in the learning state if we continue to receive media from. The original source we restart the learning process. It is Only once we receive a sufficient number of RTP packets from The new source that we will switch to it. Once this is done The state is entered where all packets that do not Originate from the expected so
11.25.109 Dec 2016 18:25 minor feature: 2016-12-08 17:23 +0000 Asterisk Development Team Asterisk 11.25.1 Released. 2016-12-08 11:22 +0000 370f5cdc46 Kevin Harwell. Update for 11.25.1. 2016-11-30 09:31 +0000 7c01f1977a Walter Doekes. Chan_sip: Do not allow non-SP/HTAB between header key and colon. RFC says SIP headers look like: HCOLON = *( SP / HTAB ) ":" SWS SWS = LWS ; sep whitespace LWS = *WSP CRLF 1*WSP ; linear whitespace WSP = SP / HTAB ; from rfc2234. Chan_sip implemented this: HCOLON = *( LOWCTL / SP ) ":" SWS LOWCTL = x00-1F ; CTL without DEL. This discrepancy meant that SIP proxies in front of Asterisk with. Chan_sip could pass on unknown headers with x00- x1F in them, which Would be treated by Asterisk as a different (known) header. For Example, the "To x01:" header would gladly be forwarded by some proxies as irrelevant, but chan_sip would treat it as the relevant "To:" header. Those relying on a SIP proxy to scrub certain headers could mistakenly. Get unexpected and unvalidated data fed to Asterisk. This change so chan_sip only considers SP/HTAB as valid tokens. Before the colon, making it agree on the headers with other speakers of SIP. ASTERISK-26433 # AST-2016-009. Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b. cherry picked from commit 26dd464dbd0ad7439bc29ce59ec55903d518ec6e). 2016-11-22 17:16 +0000 Asterisk Development Team. Asterisk 11.25.0 Released. 2016-11-18 18:52 +0000 Asterisk Development Team. Asterisk 11.25.0-rc1 Released. 2016-10-26 07:51 +0000 5fc23415ec Joshua Colp. App_voicemail: Clear voice mailbox in MailboxExists and MAILBOX_EXISTS. When executing the MailboxExists dialplan application and MAILBOX_EXISTS dialplan function the passed in temporary voice. Mailbox was not cleared, causing it to try to free garbage. ASTERISK-26503 # Change-Id: Ie21ccfa1b80b9c59318e596f6b8e17da2b5a7cb3. 2016-10-25 04:09 +0000 304f3278b5 Walter Doekes. Chan_iax2: use of uninited memory in try_transfer. if newip contained the right stack garbage, it would overwrite the. Corr
11.25.025 Nov 2016 05:25 minor feature: 2016-11-22 17:16 +0000 Asterisk Development Team Asterisk 11.25.0 Released. 2016-11-18 18:52 +0000 Asterisk Development Team. Asterisk 11.25.0-rc1 Released. 2016-10-26 07:51 +0000 5fc23415ec Joshua Colp. App_voicemail: Clear voice mailbox in MailboxExists and MAILBOX_EXISTS. When executing the MailboxExists dialplan application and MAILBOX_EXISTS dialplan function the passed in temporary voice. Mailbox was not cleared, causing it to try to free garbage. ASTERISK-26503 # Change-Id: Ie21ccfa1b80b9c59318e596f6b8e17da2b5a7cb3. 2016-10-25 04:09 +0000 304f3278b5 Walter Doekes. Chan_iax2: use of uninited memory in try_transfer. if newip contained the right stack garbage, it would overwrite the. Correct IP Memmove was unnecessary. Reported by: saltsa (on IRC). Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619. 2016-10-18 03:01 +0000 bce0fd4179 Alexander Traud. Cli: Auto-complete File not Module for core set de. Since Asterisk 1.8, the command "core set de" on the command-line interface. Asks not for a file (.c) but a module name. This change shows modules (.so) on The auto-completion via a tabulator or the question mark. Now, when you Partially type a module name, TAB or ?, you get the correct candidiates. ASTERISK-26480. Change-Id: I1213f1dd409bd4ff8de08ad80cb0c73cafb1bae0. 2016-09-11 10:13 +0000 4e2c7776ee Tzafrir Cohen. Menuselect: invalid test for GTK2. Configuire.ac was only checking for the existence of pkg-config. And not the gtk2 package itself. Now it calls AST_PKG_CONFIG_CHECK For gtk+-2.0. ASTERISK-26356 # Change-Id: I8079d515d6ea99f9ab320a7eaa71c2aaa101ccd5. 2016-10-13 14:09 +0000 32d63e016f Leandro Dardini. App_queue: Added initialization for "context" parameter. When using Asterisk Realtime Architecture, empty fields are skipped and the. Default values are used. If the "context" parameter in queue was set and then Cleared from the database, the old value remains in memory and it continues to be used. This change initialize the "context" parameter
11.24.103 Nov 2016 13:05 minor feature: 2016-10-27 18:34 +0000 Asterisk Development Team Asterisk 11.24.1 Released. 2016-10-26 07:51 +0000 a31addea32 Joshua Colp. App_voicemail: Clear voice mailbox in MailboxExists and MAILBOX_EXISTS. When executing the MailboxExists dialplan application and MAILBOX_EXISTS dialplan function the passed in temporary voice. Mailbox was not cleared, causing it to try to free garbage. ASTERISK-26503 # Change-Id: Ie21ccfa1b80b9c59318e596f6b8e17da2b5a7cb3. 2016-10-25 18:53 +0000 Asterisk Development Team. Asterisk 11.24.0 Released. 2016-10-17 16:24 +0000 Asterisk Development Team. Asterisk 11.24.0-rc1 Released. 2016-10-15 04:58 +0000 3f1df969ee Michael Kuron. Chan_sip: Only send video on outgoing channel if incoming channel supports it. Previously, the settings videosupport=always and videosupport=yes behaved. Identically and unconditionally caused a video offer to be sent in the SDP on an outgoing call. This was a regression introduced with commit 5a1d90e1fbfc4b48927aad55311f3b38efbf1f54 in Asterisk 1.6.1. This commit restores correct behavior: videosupport=always causes a video offer to be sent unconditionally, while videosupport=yes will only offer video on an. Outbound channel if the incoming channel it is bridged to also supports video. That way, the device receiving the outgoing call can display the correct user. Interface elements for audio or video and will not unnecessarily show a blank Video window on an audio-only call. ASTERISK-17470 # Change-Id: I782f4409d436114dbc97061c3570c0cd24f7c3ae. 2016-09-29 13:08 +0000 c0c041d9c7 Torrey Searle. Res_fax: a tight race condition causing fax to crash in audio fallback. When T.38 gets rejected and G711 failback occurs there is a period of. Time where neither AST_FAX_TECH_T38 nor AST_FAX_TECH_AUDIO is set, Leading to a crash. Change-Id: Icc3f457b2292d48a9d7843dac0028347420cc982. 2016-09-29 12:52 +0000 847ead5a9a Torrey Searle. Res_rtp_asterisk: infinite DTMF when switching to P2P bridge. If a bridge switched to P2P when a
11.24.026 Oct 2016 17:05 minor feature: 2016-10-25 18:53 +0000 Asterisk Development Team Asterisk 11.24.0 Released. 2016-10-17 16:24 +0000 Asterisk Development Team. Asterisk 11.24.0-rc1 Released. 2016-10-15 04:58 +0000 3f1df969ee Michael Kuron. Chan_sip: Only send video on outgoing channel if incoming channel supports it. Previously, the settings videosupport=always and videosupport=yes behaved. Identically and unconditionally caused a video offer to be sent in the SDP on an outgoing call. This was a regression introduced with commit 5a1d90e1fbfc4b48927aad55311f3b38efbf1f54 in Asterisk 1.6.1. This commit restores correct behavior: videosupport=always causes a video offer to be sent unconditionally, while videosupport=yes will only offer video on an. Outbound channel if the incoming channel it is bridged to also supports video. That way, the device receiving the outgoing call can display the correct user. Interface elements for audio or video and will not unnecessarily show a blank Video window on an audio-only call. ASTERISK-17470 # Change-Id: I782f4409d436114dbc97061c3570c0cd24f7c3ae. 2016-09-29 13:08 +0000 c0c041d9c7 Torrey Searle. Res_fax: a tight race condition causing fax to crash in audio fallback. When T.38 gets rejected and G711 failback occurs there is a period of. Time where neither AST_FAX_TECH_T38 nor AST_FAX_TECH_AUDIO is set, Leading to a crash. Change-Id: Icc3f457b2292d48a9d7843dac0028347420cc982. 2016-09-29 12:52 +0000 847ead5a9a Torrey Searle. Res_rtp_asterisk: infinite DTMF when switching to P2P bridge. If a bridge switched to P2P when a DTMF was in progress it. Was possible for the DTMF to continue being sent indefinitely. Change-Id: I7e2a3efe0d59d4b214ed50cd0b5d0317e2d92e29. 2016-10-09 21:53 +0000 b39763c6d5 Badalyan Vyacheslav. Cel_odbc: memory leak on module unload. Change-Id: Ic7a1236eba2408090fdabb5f717b5fa455ead715. 2016-10-05 04:42 +0000 94bcc8b705 Alexander Traud. Chan_sip: Honor support of Symmetric Response (rport) for SIP requests. In the SIP channel driver chan_si
11.23.110 Sep 2016 02:25 minor feature: 2016-09-08 16:28 +0000 Asterisk Development Team Asterisk 11.23.1 Released. 2016-09-08 11:28 +0000 329694c975 gtjoseph. Release summaries: Remove previous versions. 2016-09-08 11:28 +0000 f1dc619c72 gtjoseph. version: Update for 11.23.1. 2016-09-08 11:28 +0000 8e4b3c15ff gtjoseph. lastclean: Update for 11.23.1. 2016-08-23 06:31 +0000 1e248e309e Corey Farrell (license 5909). Chan_sip: Don't allocate new RTP instances on top of old ones. In some scenarios dialog_initialize_rtp can be called multiple times on. The same dialog. This can cause RTP instances to be leaked along with Multiple file descriptors for each instance. This change makes it so the existing RTP instances are destroyed and. Not overwritten, stopping the memory leak. ASTERISK-26272 # patches: ASTERISK-26272-11.patch submitted by Corey Farrell (license 5909). Change-Id: I3c1d94dea8594fe0702168cb979b898ae0f5fc5d. 2016-07-21 14:56 +0000 Asterisk Development Team. Asterisk 11.23.0 Released. 2016-07-21 09:56 +0000 9a0768384c Joshua Colp. Release summaries: Add summaries for 11.23.0. 2016-07-21 09:55 +0000 ad439c5ffe Joshua Colp. Release summaries: Remove previous versions. 2016-07-21 09:55 +0000 70f9a858a6 Joshua Colp. version: Update for 11.23.0. 2016-07-21 09:55 +0000 4a0378f4ce Joshua Colp. lastclean: Update for 11.23.0. 2016-06-23 14:14 +0000 Asterisk Development Team. Asterisk 11.23.0-rc1 Released. 2016-06-23 09:13 +0000 638b840510 Mark Michelson. Release summaries: Add summaries for 11.23.0-rc1. 2016-06-23 09:12 +0000 6615d6f90e Mark Michelson. version: Update for 11.23.0-rc1. 2016-06-23 09:12 +0000 e97ccd7e0c Mark Michelson. lastclean: Update for 11.23.0-rc1. 2016-06-22 15:04 +0000 d4f0cc5ec5 Corey Farrell. Res_fax: reference leak in fax_v21_session_new. Fax_v21_session_new created a session details object but only released. The allocation reference during error conditions. fax_session_new adds it's own reference to details if needed so the caller is always. Responsible for
11.23.022 Jul 2016 18:05 minor feature: 2016-07-21 14:56 +0000 Asterisk Development Team Asterisk 11.23.0 Released. 2016-07-21 09:56 +0000 9a0768384c Joshua Colp. Release summaries: Add summaries for 11.23.0. 2016-07-21 09:55 +0000 ad439c5ffe Joshua Colp. Release summaries: Remove previous versions. 2016-07-21 09:55 +0000 70f9a858a6 Joshua Colp. version: Update for 11.23.0. 2016-07-21 09:55 +0000 4a0378f4ce Joshua Colp. lastclean: Update for 11.23.0. 2016-06-23 14:14 +0000 Asterisk Development Team. Asterisk 11.23.0-rc1 Released. 2016-06-23 09:13 +0000 638b840510 Mark Michelson. Release summaries: Add summaries for 11.23.0-rc1. 2016-06-23 09:12 +0000 6615d6f90e Mark Michelson. version: Update for 11.23.0-rc1. 2016-06-23 09:12 +0000 e97ccd7e0c Mark Michelson. lastclean: Update for 11.23.0-rc1. 2016-06-22 15:04 +0000 d4f0cc5ec5 Corey Farrell. Res_fax: reference leak in fax_v21_session_new. Fax_v21_session_new created a session details object but only released. The allocation reference during error conditions. fax_session_new adds it's own reference to details if needed so the caller is always. Responsible for cleaning it's own reference. ASTERISK-26141 # Change-Id: Ie7fc52a83b6596ce9ce2d5a2bd9f3e204f48fc88. 2016-06-22 13:41 +0000 9548ccca0e gtjoseph. Res_rtp_asterisk: a self-comparison identified by gcc 6. Gcc 6 caught a previously unidentified self-comparison in. Ice_candidate_cmp. it and re-ordered the predicates for better Short-circuiting. ASTERISK-26140 # Change-Id: I3da713c568e24064430257b3502fbdafd35af7a7. 2016-06-22 10:37 +0000 de169f14e6 gtjoseph. Chan_unistim: memcpy in get_to_address. A code block only enabled when HAVE_PKTINFO is not defined (FreeBSD). Was using a pointer to a pointer as the destination of a memcpy and a instead of '*' in the sizeof. ASTERISK-26138 # Change-Id: Id4927ff256c0e470bdf7bcfc025146a2f656e708. 2016-06-22 10:55 +0000 877502a396 Alexander Traud. BuildSystem: Avoid obsolete warning with AC_FUNC_SETVBUF_REVERSED on autoconf. Removed the obsolete macro
11.22.010 Apr 2016 03:33 minor feature: The configuration unsigned integer option handler sets flags for the. Parser as if the option should be a signed integer (PARSE_INT32), Leading to errors on "out of range" values. flags (PARSE_UINT32). Func_aes: misuse of strlen on binary data. The encryption code for AES_ENCRYPT evaluates the length of the data to be encoded in base64 using strlen. The data is binary, thus the length of it can be underestimated at the first NULL character. Reuse the write pointer offset to evaluate it, instead. Chan_sip.c: Simplify sip_pvt destructor call levels. Remove destructor calling destroy_it calling really_destroy_it. For no benefit. Just make the destructor the really_destroy_it Function. Chan_sip.c: Made sip_reinvite_retry() call sip_pvt_lock_full(). App_chanspy: occasional deadlock with ChanSpy and Local channels. Channel masquerading had a conflict with autochannel locking. When locking autochannel- channel, the channel is fetched from the. Autochannel and then locked. During the fetch, the autochannel -- which Has no locks itself -- can be modified by someone who owns the channel Lock. That means that the value of autochan- channel cannot be trusted Until you hold the lock. In practice, this caused problems with Local channels getting. Masqueraded away while the ChanSpy attempted to get info from that Channel. The old channel which was about to get removed got locked, but The new (replaced) channel got unlocked (no-op). Because the replaced Channel was now locked (and would never get unlocked), it couldn't get Removed from the channel list in a timely manner, and would now cause Deadlocks when iterating over the channel list. This change checks the autochannel after locking the channel for changes to the autochannel. If the channel had been changed, the lock is. Reobtained on the new channel.
11.21.224 Mar 2016 08:11 minor feature: 2016-02-10 11:05 +0000 886911ec5c Kevin Harwell * Release summaries: Remove previous versions 2016-02-10 11:05 +0000 f594015df0 Kevin Harwell * .version: Update for 11.21.2 2016-02-10 11:05 +0000 1524003a45 Kevin Harwell * .lastclean: Update for 11.21.2 2016-02-04 16:17 +0000 e4138cca63 Mark Michelson * Check for OpenSSL defines before trying to use them. The SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 defines did not exist prior to OpenSSL version 1.0.1. A recent commit attempts to, by default, set these options, which can cause problems on systems with older OpenSSL installations. This commit adds a configure script check for those defines and will not attempt to make use of those if they do not exist. We will print a warning urging the user to upgrade their OpenSSL installation if those defines are not present. Change-Id: I6a2eb9a43fd0738b404d8f6f2cf4b5c22d9d752d (cherry picked from commit f9068438188712e50899d6e7b90664791315f8a0)