[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6207d3a0-af04-07ce-fcc0-a873b7598ba6@sangoma.com>
Date: Fri, 07 Jul 2023 19:39:14 +0000
From: Asterisk Development Team via Fulldisclosure
<fulldisclosure@...lists.org>
To: asterisk-dev@...ts.digium.com, asterisk-users@...ts.digium.com,
asterisk-announce@...ts.digium.com, asterisk-security@...ts.digium.com,
bugtraq@...urityfocus.com, voipsec@...psa.org,
fulldisclosure@...lists.org, asterisk+news@...coursemail.com
Cc: Asterisk Development Team <asteriskteamsa@...goma.com>
Subject: [FD] Asterisk Release certified-18.9-cert5
The Asterisk Development Team would like to announce security release
Certified Asterisk 18.9-cert5.
The release artifacts are available for immediate download at
https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert5
and
https://downloads.asterisk.org/pub/telephony/certified-asterisk
The following security advisories were resolved in this release:
https://github.com/asterisk/asterisk/security/advisories/GHSA-4xjp-22g4-9fxm
Change Log for Release certified-18.9-cert5
========================================
Links:
----------------------------------------
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-certified-18.9-cert5.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-18.9-cert4...certified-18.9-cert5)
- [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-certified-18.9-cert5.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
Summary:
----------------------------------------
- apply_patches: Use globbing instead of file/sort.
- apply_patches: Sort patch list before applying
- bundled_pjproject: Backport security fixes from pjproject 2.13.1
- .github: Updates for AsteriskReleaser
- res_musiconhold: avoid moh state access on unlocked chan
- utils: add lock timestamps for DEBUG_THREADS
- .github: Back out triggering PROpenedOrUpdated by label
- .github: Move publish docs to new file CreateDocs.yml
- .github: Remove result check from PROpenUpdateGateTests
- .github: Fix use of 'contains'
- .github: Add recheck label test to additional jobs
- .github: Fix recheck label typos
- .github: Fix recheck label manipulation
- .github: Allow PR submit checks to be re-run by label
- res_pjsip_session: Added new function calls to avoid ABI issues.
- test_statis_endpoints: Fix channel_messages test again
- test_stasis_endpoints.c: Make channel_messages more stable
- build: Fix a few gcc 13 issues
- .github: Rework for merge approval
- AMI: Add CoreShowChannelMap action.
- .github: Fix issues with cherry-pick-reminder
- indications: logging changes
- .github Ignore error when adding reviewrs to PR
- .github: Update field descriptions for AsteriskReleaser
- .github: Change title of AsteriskReleaser job
- .github: Don't add cherry-pick reminder if it's already present
- .github: Fix quoting in PROpenedOrUpdated
- .github: Add cherry-pick reminder to new PRs
- core: Cleanup gerrit and JIRA references. (#40) (#61)
- .github: Tweak improvement issue type language.
- .github: Tweak new feature language, and move feature requests elsewhere.
- .github: Fix staleness check to only run on certain labels.
- .github: Add AsteriskReleaser
- cel: add local optimization begin event
- .github: Fix CherryPickTest to only run when it should
- .github: Fix reference to CHERRY_PICK_TESTING_IN_PROGRESS
- .github: Remove separate set labels step from new PR
- .github: Refactor CP progress and add new PR test progress
- .github: Add cherry-pick test progress labels
- .github: Update issue templates
- .github: Remove unnecessary parameter in CherryPickTest
- Initial GitHub PRs
- Initial GitHub Issue Templates
- test.c: Fix counting of tests and add 2 new tests
- res_mixmonitor: MixMonitorMute by MixMonitor ID
- format_sln: add .slin as supported file extension
- bridge_builtin_features: add beep via touch variable
- cli: increase channel column width
- app_senddtmf: Add option to answer target channel.
- app_directory: Add a 'skip call' option.
- app_read: Add an option to return terminator on empty digits.
- app_directory: add ability to specify configuration file
User Notes:
----------------------------------------
- ### AMI: Add CoreShowChannelMap action.
New AMI action CoreShowChannelMap has been added.
- ### cel: add local optimization begin event
The new AST_CEL_LOCAL_OPTIMIZE_BEGIN can be used
by itself or in conert with the existing
AST_CEL_LOCAL_OPTIMIZE to book-end local channel optimizaion.
- ### app_read: Add an option to return terminator on empty digits.
A new option 'e' has been added to allow Read() to return the
terminator as the dialed digits in the case where only the terminator
is entered.
- ### format_sln: add .slin as supported file extension
format_sln now recognizes '.slin' as a valid
file extension in addition to the existing
'.sln' and '.raw'.
- ### bridge_builtin_features: add beep via touch variable
Add optional touch variable : TOUCH_MIXMONITOR_BEEP(interval)
Setting TOUCH_MIXMONITOR_BEEP/TOUCH_MONITOR_BEEP to a valid
interval in seconds will result in a periodic beep being
played to the monitored channel upon MixMontior/Monitor
feature start.
If an interval less than 5 seconds is specified, the interval
will default to 5 seconds. If the value is set to an invalid
interval, the default of 15 seconds will be used.
- ### app_directory: Add a 'skip call' option.
A new option 's' has been added to the Directory() application that
will skip calling the extension and instead set the extension as
DIRECTORY_EXTEN channel variable.
- ### res_mixmonitor: MixMonitorMute by MixMonitor ID
It is now possible to specify the MixMonitorID when calling
the manager action: MixMonitorMute. This will allow an
individual MixMonitor instance to be muted via ID.
The MixMonitorID can be stored as a channel variable using
the 'i' MixMonitor option and is returned upon creation if
this option is used.
As part of this change, if no MixMonitorID is specified in
the manager action MixMonitorMute, Asterisk will set the mute
flag on all MixMonitor audiohooks on the channel. Previous
behavior would set the flag on the first MixMonitor audiohook
found.
- ### app_senddtmf: Add option to answer target channel.
A new option has been added to SendDTMF() which will answer the
specified channel if it is not already up. If no channel is specified,
the current channel will be answered instead.
- ### test.c: Fix counting of tests and add 2 new tests
The "tests" attribute of the "testsuite" element in the
output XML now reflects only the tests actually requested
to be executed instead of all the tests registered.
The "failures" attribute was added to the "testsuite"
element.
Also added two new unit tests that just pass and fail
to be used for testing CI itself.
- ### cli: increase channel column width
This change increases the display width on 'core show channels'
amd 'core show channels verbose'
For 'core show channels', the Channel name field is increased to
64 characters and the Location name field is increased to 32
characters.
For 'core show channels verbose', the Channel name field is
increased to 80 characters, the Context is increased to 24
characters and the Extension is increased to 24 characters.
Upgrade Notes:
----------------------------------------
- ### cel: add local optimization begin event
The existing AST_CEL_LOCAL_OPTIMIZE can continue
to be used as-is and the AST_CEL_LOCAL_OPTIMIZE_BEGIN event
can be ignored if desired.
Closed Issues:
----------------------------------------
- #39: [Bug]: Remove .gitreview from repository.
- #52: [improvement]: Add local optimization begin cel event
- #89: [improvement]: indications: logging changes
- #104: [improvement]: Add AMI action to get a list of connected channels
- #110: [improvement]: utils - add lock timing information with DEBUG_THREADS
- #133: [bug]: unlock channel after moh state access
- #145: [bug]: ABI issue with pjproject and pjsip_inv_session
- #155: [bug]: GCC 13 is catching a few new trivial issues
- #158: [bug]: test_stasis_endpoints.c: Unit test channel_messages is unstable
- #188: [improvement]: pjsip: Upgrade bundled version to pjproject 2.13.1 #187
- #193: [bug]: third-party/apply-patches doesn't sort the patch file list before applying
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists