| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
AST-2017-005, AST-2017-006, and AST-2017-008. There was no release
announcement as only security patches were issued. I just found
this update while looking to see what updates I was missing for
more recent versions of Asterisk. The Asterisk 11.x series was
declared end-of-life on Oct. 25th, 2017, so there will not be any
more updates to this package (other then PKGREVISION bumps for
dependencies) before it gets deleted. There is a reasonable chance
that there are unpatched vulnerabilities in this package. Anybody
still using it should upgrade a newer version as soon as possibble.
----- AST-2017-2005 -----
Description The "strictrtp" option in rtp.conf enables a feature of the
RTP stack that learns the source address of media for a
session and drops any packets that do not originate from
the expected address. This option is enabled by default in
Asterisk 11 and above.
The "nat" and "rtp_symmetric" options for chan_sip and
chan_pjsip respectively enable symmetric RTP support in the
RTP stack. This uses the source address of incoming media
as the target address of any sent media. This option is not
enabled by default but is commonly enabled to handle
devices behind NAT.
A change was made to the strict RTP support in the RTP
stack to better tolerate late media when a reinvite occurs.
When combined with the symmetric RTP support this
introduced an avenue where media could be hijacked. Instead
of only learning a new address when expected the new code
allowed a new source address to be learned at all times.
If a flood of RTP traffic was received the strict RTP
support would allow the new address to provide media and
with symmetric RTP enabled outgoing traffic would be sent
to this new address, allowing the media to be hijacked.
Provided the attacker continued to send traffic they would
continue to receive traffic as well.
Resolution The RTP stack will now only learn a new source address if it
has been told to expect the address to change. The RTCP
support has now also been updated to drop RTCP reports that
are not regarding the RTP session currently in progress. The
strict RTP learning progress has also been improved to guard
against a flood of RTP packets attempting to take over the
media stream.
----- AST-2017-006 -----
Description The app_minivm module has an "externnotify" program
configuration option that is executed by the MinivmNotify
dialplan application. The application uses the caller-id
name and number as part of a built string passed to the OS
shell for interpretation and execution. Since the caller-id
name and number can come from an untrusted source, a
crafted caller-id name or number allows an arbitrary shell
command injection.
Resolution Patched Asterisk's app_minivm module to use a different
system call that passes argument strings in an array instead
of having the OS shell determine the application parameter
boundaries.
----- AST-2017-008 -----
Description This is a follow up advisory to AST-2017-005.
Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the "nat" and
"symmetric_rtp" options allow redirecting where Asterisk
sends the next RTCP report.
The RTP stream qualification to learn the source address of
media always accepted the first RTP packet as the new
source and allowed what AST-2017-005 was mitigating. The
intent was to qualify a series of packets before accepting
the new source address.
Resolution The RTP/RTCP stack will now validate RTCP packets before
processing them. Packets failing validation are discarded.
RTP stream qualification now requires the intended series of
packets from the same address without seeing packets from a
different source address to accept a new source address.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
|
|
Asterisk Project Security Advisory - ASTERISK-2016-009
Product Asterisk
Summary
Nature of Advisory Authentication Bypass
Susceptibility Remote unauthenticated sessions
Severity Minor
Exploits Known No
Reported On October 3, 2016
Reported By Walter Doekes
Posted On
Last Updated On December 8, 2016
Advisory Contact Mmichelson AT digium DOT com
CVE Name
Description The chan_sip channel driver has a liberal definition for
whitespace when attempting to strip the content between a
SIP header name and a colon character. Rather than
following RFC 3261 and stripping only spaces and horizontal
tabs, Asterisk treats any non-printable ASCII character as
if it were whitespace. This means that headers such as
Contact\x01:
will be seen as a valid Contact header.
This mostly does not pose a problem until Asterisk is
placed in tandem with an authenticating SIP proxy. In such
a case, a crafty combination of valid and invalid To
headers can cause a proxy to allow an INVITE request into
Asterisk without authentication since it believes the
request is an in-dialog request. However, because of the
bug described above, the request will look like an
out-of-dialog request to Asterisk. Asterisk will then
process the request as a new call. The result is that
Asterisk can process calls from unvetted sources without
any authentication.
If you do not use a proxy for authentication, then this
issue does not affect you.
If your proxy is dialog-aware (meaning that the proxy keeps
track of what dialogs are currently valid), then this issue
does not affect you.
If you use chan_pjsip instead of chan_sip, then this issue
l
does not affect you.
Resolution chan_sip has been patched to only treat spaces and
horizontal tabs as whitespace following a header name. This
allows for Asterisk and authenticating proxies to view
requests the same way
Affected Versions
Product Release
Series
Asterisk Open Source 11.x All Releases
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Certified Asterisk 13.8 All Releases
Corrected In
Product Release
Asterisk Open Source 11.25.1, 13.13.1, 14.2.1
Certified Asterisk 11.6-cert16, 13.8-cert4
Patches
SVN URL Revision
Links
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/ASTERISK-2016-009.pdf and
http://downloads.digium.com/pub/security/ASTERISK-2016-009.html
Revision History
Date Editor Revisions Made
November 28, 2016 Mark Michelson Initial writeup
Asterisk Project Security Advisory - ASTERISK-2016-009
Copyright (c) 2016 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 11.25.0.
The release of Asterisk 11.25.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26503 - app_voicemail: Asterisk crashes when
MailboxExists is used (Reported by Doug Lytle)
* ASTERISK-26480 - [patch] CLI: core set debug: Auto-completes
File not Module (Reported by Alexander Traud)
* ASTERISK-26356 - menuselect: invalid test for GTK2 (Reported by
Tzafrir Cohen)
* ASTERISK-26462 - [patch] app_queue: While using queues with
realtime, setting back to an empty context doesn't stop the exit
key usage (Reported by Leandro Dardini)
* ASTERISK-26457 - [patch] force_rport,auto_comedia: No NAT
detection triggered. (Reported by Alexander Traud)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.25.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced the release of Asterisk 11.24.1.
The release of Asterisk 11.24.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26503 - app_voicemail: Asterisk crashes when
MailboxExists is used (Reported by Doug Lytle)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.24.1
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced the release of Asterisk 11.24.0.
The release of Asterisk 11.24.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26438 - [patch] chan_sip: auto_force_rport: No NAT = No
Symmetric Response. (Reported by Alexander Traud)
* ASTERISK-18232 - Broken REGISTER sent to IPv4 server when
bindaddr=[::] (Reported by Jacek)
* ASTERISK-26359 - [patch] cdr_mysql: fails to use UTC if so
instructed (Reported by Tzafrir Cohen)
* ASTERISK-19968 - TCP Session-Timers not dropping call (Reported
by Aaron Hamstra)
* ASTERISK-26360 - app_queue: "queue show" output gets "failed to
extend from 240 to 327" msgs. (Reported by Richard Mudgett)
* ASTERISK-26272 - chan_sip: File descriptors leak (UDP sockets)
(Reported by Etienne Lessard)
* ASTERISK-26288 - followme: fails to reset config items to
default values on reload (Reported by Tzafrir Cohen)
* ASTERISK-26282 - AEL: macro-call in Dial application, macro
"lacks 's' extension" (Reported by chris de rock)
* ASTERISK-26226 - pbx: Asterisk crash on AMI action
"ShowDialplan" when there's a circular dependency between
contexts (Reported by Etienne Lessard)
* ASTERISK-26299 - app_queue: Queue application sometimes stops
calling members with Local interface (Reported by Etienne
Lessard)
* ASTERISK-26306 - channel: Hang-up crashes, chan_pjsip not
cleaning up properly (Reported by Alexander Traud)
* ASTERISK-26203 - res_fax: Deadlock when using
FAXOPT(gateway)=yes with Local channels (Reported by Etienne
Lessard)
* ASTERISK-24822 - Deadlock: Fax Gateway framehook creates locking
inversion in T.38 query option with features bridging code
(Reported by David Brillert)
* ASTERISK-22732 - Deadlock potential in res_fax and CCSS with
local channels. (Reported by Richard Mudgett)
* ASTERISK-24841 - ConfBridge: Strange sampling rates chosen when
channels have multiple native formats (Reported by Matt Jordan)
* ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
abelbeck)
* ASTERISK-25706 - pbx: Abort asterisk on features reload
(handle_hint_change) (Reported by Krzysztof Trempala)
* ASTERISK-26233 - pbx: Failure to remove inconsistent extension
names (Reported by Corey Farrell)
* ASTERISK-26267 - ast_register_atexit callbacks should be run on
failed startup. (Reported by Corey Farrell)
* ASTERISK-26265 - Errors ignored from some parts of system
initialization. (Reported by Corey Farrell)
* ASTERISK-25996 - Remove "live_dangerously" requirement on
DB(read) (Reported by Andrew Nagy)
* ASTERISK-26237 - Fax is detected on regular calls. (Reported by
Richard Mudgett)
* ASTERISK-23013 - [patch] Deadlock between 'sip show channels'
command and attended transfer handling (Reported by Ben
Smithurst)
* ASTERISK-26211 - Unit tests: AST_TEST_DEFINE should be used in
conditional code. (Reported by Corey Farrell)
* ASTERISK-26207 - [patch] sRTP: Count a roll-over of the sequence
number even on lost packets. (Reported by Alexander Traud)
* ASTERISK-26038 - 'make install' doesn't seem to install OS/X
init files (Reported by Tzafrir Cohen)
* ASTERISK-26133 - app_queue: Queue members receive multiple calls
(Reported by Richard Miller)
* ASTERISK-26196 - pbx: Time based includes can leak timezone
string (Reported by Corey Farrell)
* ASTERISK-25659 - res_rtp_asterisk: ECDH not negotiated causing
DTLS failure occurred on RTP instance (Reported by Edwin
Vandamme)
* ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf.
(Reported by Alexander Traud)
* ASTERISK-25289 - Build System does not respect CFLAGS and
CXXFLAGS when building menuselect (Reported by Jeffrey Walton)
* ASTERISK-26119 - [patch] fix: memory leaks, resource leaks, out
of bounds and bugs (Reported by Alexei Gradinari)
* ASTERISK-26179 - chan_sip: Second T.38 request fails (Reported
by Joshua Colp)
* ASTERISK-26157 - Build: Fix errors highlighted by GCC 6.x
(Reported by George Joseph)
Improvements made in this release:
-----------------------------------
* ASTERISK-26220 - Add support for noreturn function attributes.
(Reported by Corey Farrell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.24.0
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
AST-2016-007. Note that on Oct. 25th, this branch of Asterisk will
switch to security fixes, and one year later it will read end-of-life.
pkgsrc changes:
- don't use gethostbyname_r on NetBSD
- eliminate conflict with new hmac(1) function on NetBSd
----- AST-2016-007
The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and
more digits are required. If this functionality is used with a
device that has performed username/password authentication RTP
resources are leaked. This occurs because the code fails to release
the old RTP resources before allocating new ones in this scenario.
If all resources are used then RTP port exhaustion will occur and
no RTP sessions are able to be set up.
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 11.23.0.
The release of Asterisk 11.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-26141 - res_fax: fax_v21_session_new leaks reference to
v21_details (Reported by Corey Farrell)
* ASTERISK-26140 - res_rtp_asterisk: gcc 6 caught a
self-comparison (Reported by George Joseph)
* ASTERISK-26138 - chan_unistim: Under FreeBSD, chan_unistim
generates a compile error (Reported by George Joseph)
* ASTERISK-26130 - [patch] WebRTC: Should use latest DTLS version.
(Reported by Alexander Traud)
* ASTERISK-26126 - [patch] leverage 'bindaddr' for TLS in
http.conf (Reported by Alexander Traud)
* ASTERISK-26069 - Asterisk truncates To: header, dropping the
closing '>' (Reported by Vasil Kolev)
* ASTERISK-26097 - [patch] CLI: show maximum file descriptors
(Reported by Alexander Traud)
* ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
against libsrtp-1.5.0 (Reported by Patrick Laimbock)
* ASTERISK-26091 - [patch] ar cru creates warning, instead use ar
cr (Reported by Alexander Traud)
* ASTERISK-26038 - 'make install' doesn't seem to install OS/X
init files (Reported by Tzafrir Cohen)
* ASTERISK-26034 - T.38 passthrough problem behind firewall due to
early nosignal packet (Reported by George Joseph)
* ASTERISK-26030 - call cut because of double Session-Expires
header in re-invite after proxy authentication is required
(Reported by George Joseph)
* ASTERISK-26008 - app_followme does not delete recorded name
prompt (Reported by Tzafrir Cohen)
* ASTERISK-24463 - Voicemail email address corrupt or not sent
when message is in the process of being recorded during reload
(Reported by John Campbell)
* ASTERISK-25917 - [patch]app_voicemail: passwordlocation=spooldir
only works if you manually add secret.conf yourself (Reported by
Jonathan R. Rose)
* ASTERISK-25954 - Manager QueueSummary and QueueStatus Actions
are case sensitive to QueueName (Reported by Javier Acosta)
* ASTERISK-16115 - [patch] problem with ringinuse=no, queue
members receive sometimes two calls (Reported by nik600)
* ASTERISK-25934 - chan_sip should not require sipregs or
updateable sippeers table unless rt (Reported by Jaco Kroon)
* ASTERISK-25888 - Frequent segfaults in function can_ring_entry()
of app_queue.c (Reported by Sébastien Couture)
* ASTERISK-25874 - app_voicemail: Stack buffer overflow in
test_voicemail_notify_endl (Reported by Badalian Vyacheslav)
* ASTERISK-25912 - chan_local passes AST_CONTROL_PVT_CAUSE_CODE
without adding them to the local hangupcauses via
ast_channel_hangupcause_hash_set (Reported by Jaco Kroon)
* ASTERISK-25407 - Asterisk fails to log to multiple syslog
destinations (Reported by Elazar Broad)
* ASTERISK-25510 - [patch]Log to syslog failing (Reported by
Michael Newton)
Improvements made in this release:
-----------------------------------
* ASTERISK-25444 - [patch]Music On Hold Warning misleading
(Reported by Conrad de Wet)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.23.0
Thank you for your continued support of Asterisk!
|
|
|
|
----- 11.22.0
The Asterisk Development Team has announced the release of Asterisk 11.22.0.
The release of Asterisk 11.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25857 - func_aes: incorrect use of strlen() leads to
data corruption (Reported by Gianluca Merlo)
* ASTERISK-25321 - [patch]DeadLock ChanSpy with call over Local
channel (Reported by Filip Frank)
* ASTERISK-25800 - [patch] Calculate talktime when is first call
answered (Reported by Rodrigo Ramirez Norambuena)
* ASTERISK-25272 - [patch]The ICONV dialplan function sometimes
returns garbage (Reported by Etienne Lessard)
* ASTERISK-20987 - non-admin users, who join muted conference are
not being muted (Reported by hristo)
* ASTERISK-24972 - Transport Layer Security (TLS) Protocol BEAST
Vulnerability - Investigate vulnerability of HTTP server
(Reported by Alex A. Welzl)
* ASTERISK-25603 - [patch]udptl: Uninitialized lengths and bufs in
udptl_rx_packet cause ast_frdup crash (Reported by Walter
Doekes)
* ASTERISK-25742 - Secondary IFP Packets can result in accessing
uninitialized pointers and a crash (Reported by Torrey Searle)
* ASTERISK-25397 - [patch]chan_sip: File descriptor leak with
non-default timert1 (Reported by Alexander Traud)
* ASTERISK-25730 - build: make uninstall after make distclean
tries to remove root (Reported by George Joseph)
* ASTERISK-25722 - ASAN & testsute: stack-buffer-overflow in
sip_sipredirect (Reported by Badalian Vyacheslav)
* ASTERISK-25714 - ASAN:heap-buffer-overflow in logger.c (Reported
by Badalian Vyacheslav)
* ASTERISK-24801 - ASAN: ast_el_read_char stack-buffer-overflow
(Reported by Badalian Vyacheslav)
* ASTERISK-25701 - core: Endless loop in "core show
taskprocessors" (Reported by ibercom)
* ASTERISK-25700 - main/config: Clean config maps on shutdown.
(Reported by Corey Farrell)
* ASTERISK-25690 - Hanging up when executing connected line sub
does not cause hangup (Reported by Joshua Colp)
* ASTERISK-25687 - res_musiconhold: Concurrent invocations of 'moh
reload' cause a crash (Reported by Sean Bright)
* ASTERISK-25394 - pbx: Incorrect device and presence state when
changing hint details (Reported by Joshua Colp)
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25681 - devicestate: Engine thread is not shut down
(Reported by Corey Farrell)
* ASTERISK-25680 - manager: manager_channelvars is not cleaned at
shutdown (Reported by Corey Farrell)
* ASTERISK-25679 - res_calendar leaks scheduler. (Reported by
Corey Farrell)
* ASTERISK-25677 - pbx_dundi: leaks during failed load. (Reported
by Corey Farrell)
* ASTERISK-25673 - res_crypto leaks CLI entries (Reported by Corey
Farrell)
* ASTERISK-25647 - bug of cel_radius.c: wrong point of
ADD_VENDOR_CODE (Reported by Aaron An)
* ASTERISK-25614 - DTLS negotiation delays (Reported by Dade
Brandon)
* ASTERISK-25442 - using realtime (mysql) queue members are never
updated in wait_our_turn function (app_queue.c) (Reported by
Carlos Oliva)
* ASTERISK-25624 - AMI Event OriginateResponse bug (Reported by
sungtae kim)
Improvements made in this release:
-----------------------------------
* ASTERISK-24813 - asterisk.c: #if statement in listener()
confuses code folding editors (Reported by Corey Farrell)
* ASTERISK-25767 - [patch] Add check to configure for sanitizes
(Reported by Badalian Vyacheslav)
* ASTERISK-25068 - Move commonly used FreePBX extra sounds to the
core set (Reported by Rusty Newton)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.22.0
Thank you for your continued support of Asterisk!
----- 11.21.2
The Asterisk Development Team has announced the release of Asterisk 11.21.2.
The release of Asterisk 11.21.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25770 - Check for OpenSSL defines before trying to use
them. (Reported by Kevin Harwell)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.2
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
|
fixes for AST-2016-001, AST-2016-002, and AST-2016-003. Also some
pkglinting.
----- 11.21.1
The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2016-001: BEAST vulnerability in HTTP server
The Asterisk HTTP server currently has a default configuration which allows
the BEAST vulnerability to be exploited if the TLS functionality is enabled.
This can allow a man-in-the-middle attack to decrypt data passing through it.
* AST-2016-002: File descriptor exhaustion in chan_sip
Setting the sip.conf timert1 value to a value higher than 1245 can cause an
integer overflow and result in large retransmit timeout times. These large
timeout values hold system file descriptors hostage and can cause the system
to run out of file descriptors.
* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.
If no UDPTL packets are lost there is no problem. However, a lost packet
causes Asterisk to use the available error correcting redundancy packets. If
those redundancy packets have zero length then Asterisk uses an uninitialized
buffer pointer and length value which can cause invalid memory accesses later
when the packet is copied.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.21.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2016-003.pdf
Thank you for your continued support of Asterisk!
----- 11.21.0
The Asterisk Development Team has announced the release of Asterisk 11.21.0.
The release of Asterisk 11.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-25640 - pbx: Deadlock on features reload and state
change hint. (Reported by Krzysztof Trempala)
* ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
thread of asterisk is not released (Reported by Hiroaki Komatsu)
* ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
Corey Farrell)
* ASTERISK-25609 - [patch]Asterisk may crash when calling
ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
* ASTERISK-24146 - [patch]No audio on WebRtc caller side when
answer waiting time is more than ~7sec (Reported by Aleksei
Kulakov)
* ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
(Reported by Alexander Traud)
* ASTERISK-25616 - Warning with a Codec Module which supports PLC
with FEC (Reported by Alexander Traud)
* ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
Dudás József)
* ASTERISK-25498 - Asterisk crashes when negotiating g729 without
that module installed (Reported by Ben Langfeld)
* ASTERISK-25476 - chan_sip loses registrations after a while
(Reported by Michael Keuter)
* ASTERISK-25593 - fastagi: record file closed after sending
result (Reported by Kevin Harwell)
* ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
it's assumed to (Reported by Walter Doekes)
* ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
Joshua Colp)
* ASTERISK-25449 - main/sched: Regression introduced by
5c713fdf18f causes erroneous duplicate RTCP messages; other
potential scheduling issues in chan_sip/chan_skinny (Reported by
Matt Jordan)
* ASTERISK-25537 - [patch] format-attribute module: RFC or
internal defaults? (Reported by Alexander Traud)
* ASTERISK-25373 - add documentation for CALLERID(pres) and also
the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
Doekes)
* ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
Walter Doekes)
* ASTERISK-25434 - Compiler flags not reported in 'core show
settings' despite usage during compilation (Reported by Rusty
Newton)
* ASTERISK-25494 - build: GCC 5.1.x catches some new const, array
bounds and missing paren issues (Reported by George Joseph)
* ASTERISK-7803 - [patch] Update the maximum packetization values
in frame.c (Reported by dea)
* ASTERISK-25461 - Nested dialplan #includes don't work as
expected. (Reported by Richard Mudgett)
* ASTERISK-25455 - Deadlock of PJSIP realtime over
res_config_pgsql (Reported by mdu113)
* ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
(Reported by Olle Johansson)
* ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
exist in AstDB (Reported by Andrew Nagy)
* ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
parsing (Reported by ffs)
* ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
(Reported by Bojan Nemčić)
* ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
ICE is not enabled (Reported by Joshua Colp)
Improvements made in this release:
-----------------------------------
* ASTERISK-24718 - [patch]Add inital support of "sanitize" to
configure (Reported by Badalian Vyacheslav)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
