Asterisk is an open source framework for building communications applications. Asterisk turns an ordinary computer into a communications server. Asterisk powers IP PBX systems, VoIP gateways, conference servers and other custom solutions. It is used by small businesses, large businesses, call centers, carriers and government agencies, worldwide. Asterisk is free and open source.
19.8.013 Jan 2023 09:25
19.7.103 Dec 2022 01:45
Update CHANGES and UPGRADE.txt for 19.7.1
Update for 19.7.1.
pjproject: 2.13 security
Backports two security (c4d3498 and 450baca) from pjproject 2.13. pjsip_transport_events: possible use after free on transport.
It was possible for a module that registered for transport monitor.
Events to pass in a pjsip_transport that had already been freed.
This caused pjsip_transport_events to crash when looking up the.
Monitor for the transport. The is a two pronged approach.
1. We now increment the reference count on pjsip_transports when we.
Create monitors for them, then decrement the count when the
Transport is going to be destroyed.
2. There are now APIs to register and unregister monitor callbacks
by "transport key" which is a string concatenation of the remote ip.
Address and port. This way the module needing to monitor the
Transport doesn't have to hold on to the transport object itself to
Unregister. It just has to save the transport_key.
Added the pjsip_transport reference increment and decrement.
Changed the internal transport monitor container key from the.
Transport- obj_name (which may not be unique anyway) to the
Added a helper macro AST_SIP_MAKE_REMOTE_IPADDR_PORT_STR() that.
Fills a buffer with the transport_key using a passed-in
Added the following functions:
And marked their non-key counterparts as deprecated.
Updated res_pjsip_pubsub and res_pjsip_outbound_register to use.
The new "key" monitor functions.
NOTE: res_pjsip_registrar also uses the transport monitor.
Functionality but doesn't have a persistent object other than
Contact to store a transport key. At this time, it continues to
Use the non-key monitor functions. manager: prevent file access outside of config dir
Add live_dangerously flag to manager and use this flag to.
Determine if a configuation file outside of AST_CONFIG_DIR
Should be rea
19.7.020 Oct 2022 13:25
19.6.019 Aug 2022 10:45
19.5.024 Jun 2022 08:25
19.4.121 May 2022 16:05
Res_pjsip_transport_websocket: Also set the remote name.
As part of PJSIP 2.11 a behavior change was done to require
a matching remote hostname on an established transport for.
Secure transports. Since the Websocket transport is considered
a secure transport this caused the existing connection to not
be found and used.
We now set the remote hostname and the transport can be found.
19.4.013 May 2022 03:25
19.3.327 Apr 2022 11:05
Res_pjsip_stir_shaken.c: enabled when not configured.
There was an with the conditional where STIR/SHAKEN would be.
Enabled even when not configured. It has been changed to ensure that if
a profile does not exist and stir_shaken is not set in pjsip.conf, then.
The conditional will return from the function without performing
19.3.215 Apr 2022 06:45
Doing a fresh summary
Update for 19.3.2.
Update CHANGES and UPGRADE.txt for 19.3.2.
AST-2022-002 - res_stir_shaken/curl: Add ACL checks for Identity header.
Adds a new configuration option, stir_shaken_profile, in pjsip.conf that.
Can be specified on a per endpoint basis. This option will reference a
Stir_shaken_profile that can be configured in stir_shaken.conf. The type
of this option must be 'profile'. The stir_shaken option can be.
Specified on this object with the same values as before (attest, verify,
on), but it cannot be off since having the profile itself implies wanting
STIR/SHAKEN support. You can also specify an ACL from acl.conf (along.
With permit and deny lines in the object itself) that will be used to
Limit what interfaces Asterisk will attempt to retrieve information from
When reading the Identity header. AST-2022-001 - res_stir_shaken/curl: Limit file size and check start.
Put checks in place to limit how much we will actually download, as well
as a check for the data we receive at the start to ensure it begins with.
What we would expect a certificate to begin with. func_odbc: Add SQL_ESC_BACKSLASHES dialplan function.
Some databases depending on their configuration using backslashes.
For escaping. When combined with the use of ' this can result in
a broken func_odbc query.
This change adds a SQL_ESC_BACKSLASHES dialplan function which can
be used to escape the backslashes.
This is done as a dialplan function instead of being always done
as some databases do not require this, and always doing it would.
Result in incorrect data being put into the database.
19.3.102 Apr 2022 20:45
Make_xml_documentation: Remove usage of get_sourceable_makeopts
Get_sourceable_makeopts wasn't handling variables with embedded.
Double quotes in them very well. One example was the DOWNLOAD
Variable when curl was being used instead of wget. Rather than
Trying to get_sourceable_makeopts, it's just been removed. Makefile: Disable XML doc validation
Make_xml_documentation was being called with the --validate.
Flag set when it shouldn't have been. This was causing
Build failures if neither xmllint nor xmlstarlet were installed.
The correct behavior is to simply print a message that either.
One of those tools should be installed for validation and
Continue with the build.
19.3.025 Mar 2022 07:05
19.2.105 Mar 2022 12:25
AST-2022-006: pjproject - unconstrained malformed multipart SIP message
AST-2022-005: pjproject - undefined behavior after freeing a dialog set.
AST-2022-004: pjproject - possible integer underflow on STUN message.
19.2.011 Feb 2022 03:25
19.1.010 Dec 2021 09:15
2021-12-09 16:52 +0000 Asterisk Development Team
* asterisk 19.1.0 Released.