Fedora 15 Update: asterisk-1.8.5.0-1.fc15.2
updates at fedoraproject.org
updates at fedoraproject.org
Wed Aug 3 02:34:16 UTC 2011
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9732
2011-07-26 02:57:43
--------------------------------------------------------------------------------
Name : asterisk
Product : Fedora 15
Version : 1.8.5.0
Release : 1.fc15.2
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/
The release of Asterisk 1.8.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix Deadlock with attended transfer of SIP call
(Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
cmaj)
* Fixes thread blocking issue in the sip TCP/TLS implementation.
(Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
rossbeer, kowalma, Freddi_Fonet)
* Be more tolerant of what URI we accept for call completion PUBLISH requests.
(Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
* Fix a nasty chanspy bug which was causing a channel leak every time a spied on
channel made a call.
(Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
* This patch fixes a bug with MeetMe behavior where the 'P' option for always
prompting for a pin is ignored for the first caller.
(Closes issue #18070. Reported by mav3rick. Patched by bbryant)
* Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
the call that the dialplan started an AGI script for is hungup while the AGI
script is in the middle of a command then the AGI script is not notified of
the hangup.
(Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
* Resolve issue where leaving a voicemail, the MWI message is never sent. The
same thing happens when checking a voicemail and marking it as read.
(Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
Mudgett)
* Resolve issue where wait for leader with Music On Hold allows crosstalk
between participants. Parenthesis in the wrong position. Regression from issue
#14365 when expanding conference flags to use 64 bits.
(Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 21 2011 Petr Sabata <contyk at redhat.com> - 1.8.5.0-1.2
- Perl mass rebuild
* Wed Jul 20 2011 Petr Sabata <contyk at redhat.com> - 1.8.5.0-1.1
- Perl mass rebuild
* Mon Jul 11 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.5.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
- the call that the dialplan started an AGI script for is hungup while the AGI
- script is in the middle of a command then the AGI script is not notified of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5.0
* Thu Jul 7 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5-0.2
- Rebuild for net-snmp 5.7
* Fri Jul 1 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5-0.1.rc1
- Fix systemd dependencies in EL6 and F15
* Thu Jun 30 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.5-0.1.rc1
- The Asterisk Development Team has announced the first release candidate of
- Asterisk 1.8.5. This release candidate is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.5-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by Irontec, ZX81,
- cmaj)
-
- * Fixes thread blocking issue in the sip TCP/TLS implementation.
- (Closes issue #18497. Reported by vois. Patched by dvossel. Tested by vois,
- rossbeer, kowalma, Freddi_Fonet)
-
- * Be more tolerant of what URI we accept for call completion PUBLISH requests.
- (Closes issue #18946. Reported by GeorgeKonopacki. Patched by mmichelson)
-
- * Fix a nasty chanspy bug which was causing a channel leak every time a spied on
- channel made a call.
- (Closes issue #18742. Reported by jkister. Tested by jcovert, jrose)
-
- * This patch fixes a bug with MeetMe behavior where the 'P' option for always
- prompting for a pin is ignored for the first caller.
- (Closes issue #18070. Reported by mav3rick. Patched by bbryant)
-
- * Fix issue where Asterisk does not hangup a channel after endpoint hangs up. If
- the call that the dialplan started an AGI script for is hungup while the AGI
- script is in the middle of a command then the AGI script is not notified of
- the hangup.
- (Closes issue #17954, #18492. Reported by mn3250, devmod. Patched by rmudgett)
-
- * Resolve issue where leaving a voicemail, the MWI message is never sent. The
- same thing happens when checking a voicemail and marking it as read.
- (Closes issue ASTERISK-18002. Reported by Leif Madsen. Resolved by Richard
- Mudgett)
-
- * Resolve issue where wait for leader with Music On Hold allows crosstalk
- between participants. Parenthesis in the wrong position. Regression from issue
- #14365 when expanding conference flags to use 64 bits.
- (Closes issue #18418. Reported by MrHanMan. Patched by rmudgett)
-
- * Fix timerfd locking issue.
- (Closes ASTERISK-17867, ASTERISK-17415. Patched by kobaz)
-
- For a full list of changes in this release candidate, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.5-rc1
* Thu Jun 30 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.4-2
- Fedora Directory Server -> 389 Directory Server
* Wed Jun 29 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.4-1
- The Asterisk Development Team has announced the release of Asterisk
- versions 1.4.41.2, 1.6.2.18.2, and 1.8.4.4, which are security
- releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.2, 1.6.2.18.2, and 1.8.4.4 resolves the
- following issue:
-
- AST-2011-011: Asterisk may respond differently to SIP requests from an
- invalid SIP user than it does to a user configured on the system, even
- when the alwaysauthreject option is set in the configuration. This can
- leak information about what SIP users are valid on the Asterisk
- system.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-011, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.4
-
- Security advisory AST-2011-011 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-011.pdf
* Mon Jun 27 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.3-3
- Don't forget stereorize
* Mon Jun 27 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.3-2
- Move /var/run/asterisk to /run/asterisk
- Add comments to systemd service file on how to mimic safe_asterisk functionality
- Build more of the optional binaries
- Install the tmpfiles.d configuration on Fedora 15
* Fri Jun 24 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.3-1
- The Asterisk Development Team has announced the release of Asterisk versions
- 1.4.41.1, 1.6.2.18.1, and 1.8.4.3, which are security releases.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.4.41.1, 1.6.2.18, and 1.8.4.3 resolves several issues
- as outlined below:
-
- * AST-2011-008: If a remote user sends a SIP packet containing a null,
- Asterisk assumes available data extends past the null to the
- end of the packet when the buffer is actually truncated when
- copied. This causes SIP header parsing to modify data past
- the end of the buffer altering unrelated memory structures.
- This vulnerability does not affect TCP/TLS connections.
- -- Resolved in 1.6.2.18.1 and 1.8.4.3
-
- * AST-2011-009: A remote user sending a SIP packet containing a Contact header
- with a missing left angle bracket (<) causes Asterisk to
- access a null pointer.
- -- Resolved in 1.8.4.3
-
- * AST-2011-010: A memory address was inadvertently transmitted over the
- network via IAX2 via an option control frame and the remote party would try
- to access it.
- -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3
-
- The issues and resolutions are described in the AST-2011-008, AST-2011-009, and
- AST-2011-010 security advisories.
-
- For more information about the details of these vulnerabilities, please read
- the security advisories AST-2011-008, AST-2011-009, and AST-2011-010, which were
- released at the same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.41.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.18.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.3
-
- Security advisories AST-2011-008, AST-2011-009, and AST-2011-010 are available
- at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-008.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-009.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-010.pdf
* Tue Jun 21 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.2-2
- Convert to systemd
* Fri Jun 17 2011 Marcela Mašláňová <mmaslano at redhat.com> - 1.8.4.2-1.2
- Perl mass rebuild
* Fri Jun 10 2011 Marcela Mašláňová <mmaslano at redhat.com> - 1.8.4.2-1.1
- Perl 5.14 mass rebuild
* Fri Jun 3 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.8.4.2-1:
-
- The Asterisk Development Team has announced the release of Asterisk
- version 1.8.4.2, which is a security release for Asterisk 1.8.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.4.2 resolves an issue with SIP URI
- parsing which can lead to a remotely exploitable crash:
-
- Remote Crash Vulnerability in SIP channel driver (AST-2011-007)
-
- The issue and resolution is described in the AST-2011-007 security
- advisory.
-
- For more information about the details of this vulnerability, please
- read the security advisory AST-2011-007, which was released at the
- same time as this announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.4.2
-
- Security advisory AST-2011-007 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-007.pdf
-
- The Asterisk Development Team has announced the release of Asterisk 1.8.4.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4.1 resolves several issues reported by the
- community. Without your help this release would not have been possible.
- Thank you!
-
- Below is a list of issues resolved in this release:
-
- * Fix our compliance with RFC 3261 section 18.2.2. (aka Cisco phone fix)
- (Closes issue #18951. Reported by jmls. Patched by wdoekes)
-
- * Resolve a change in IPv6 header parsing due to the Cisco phone fix issue.
- This issue was found and reported by the Asterisk test suite.
- (Closes issue #18951. Patched by mnicholson)
-
- * Resolve potential crash when using SIP TLS support.
- (Closes issue #19192. Reported by stknob. Patched by Chainsaw. Tested by
- vois, Chainsaw)
-
- * Improve reliability when using SIP TLS.
- (Closes issue #19182. Reported by st. Patched by mnicholson)
-
-
- For a full list of changes in this release candidate, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4.1
- The Asterisk Development Team has announced the release of Asterisk 1.8.4. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.4 resolves several issues reported by the community.
- Without your help this release would not have been possible. Thank you!
-
- Below is a sample of the issues resolved in this release:
-
- * Use SSLv23_client_method instead of old SSLv2 only.
- (Closes issue #19095, #19138. Reported, patched by tzafrir. Tested by russell
- and chazzam.
-
- * Resolve crash in ast_mutex_init()
- (Patched by twilson)
-
- * Resolution of several DTMF based attended transfer issues.
- (Closes issue #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
- shihchuan, grecco. Patched by rmudgett)
-
- NOTE: Be sure to read the ChangeLog for more information about these changes.
-
- * Resolve deadlocks related to device states in chan_sip
- (Closes issue #18310. Reported, patched by one47. Patched by jpeeler)
-
- * Resolve an issue with the Asterisk manager interface leaking memory when
- disabled.
- (Reported internally by kmorgan. Patched by russellb)
-
- * Support greetingsfolder as documented in voicemail.conf.sample.
- (Closes issue #17870. Reported by edhorton. Patched by seanbright)
-
- * Fix channel redirect out of MeetMe() and other issues with channel softhangup
- (Closes issue #18585. Reported by oej. Tested by oej, wedhorn, russellb.
- Patched by russellb)
-
- * Fix voicemail sequencing for file based storage.
- (Closes issue #18498, #18486. Reported by JJCinAZ, bluefox. Patched by
- jpeeler)
-
- * Set hangup cause in local_hangup so the proper return code of 486 instead of
- 503 when using Local channels when the far sides returns a busy. Also affects
- CCSS in Asterisk 1.8+.
- (Patched by twilson)
-
- * Fix issues with verbose messages not being output to the console.
- (Closes issue #18580. Reported by pabelanger. Patched by qwell)
-
- * Fix Deadlock with attended transfer of SIP call
- (Closes issue #18837. Reported, patched by alecdavis. Tested by
- alecdavid, Irontec, ZX81, cmaj)
-
- Includes changes per AST-2011-005 and AST-2011-006
- For a full list of changes in this release candidate, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.4
-
- Information about the security releases are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list