Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Update for certified-18.9-cert14

Browse Source
releases/certified-18.9 certified-18.9-cert14
Asterisk Development Team 1 week ago
parent adcc756d08
commit aa7d07fd56
7 changed files with 348 additions and 4 deletions
Show Stats Download Patch File Download Diff File

2
.version
Unescape View File

@ -1 +1 @@
certified-18.9-cert13
certified-18.9-cert14

1
CHANGES.html
Unescape View File

@ -0,0 +1 @@
ChangeLogs/ChangeLog-certified-18.9-cert14.html

2
CHANGES.md
Unescape View File

@ -1 +1 @@
ChangeLogs/ChangeLog-certified-18.9-cert13.md
ChangeLogs/ChangeLog-certified-18.9-cert14.md

66
ChangeLogs/ChangeLog-certified-18.9-cert14.html
Unescape View File

@ -0,0 +1,66 @@
<html><head><title>ChangeLog for asterisk-certified-18.9-cert14</title></head><body>
<h2>Change Log for Release asterisk-certified-18.9-cert14</h2>
<h3>Links:</h3>
<ul>
<li><a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-18.9-cert14.html">Full ChangeLog</a> </li>
<li><a href="https://github.com/asterisk/asterisk/compare/certified-18.9-cert13...certified-18.9-cert14">GitHub Diff</a> </li>
<li><a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-18.9-cert14.tar.gz">Tarball</a> </li>
<li><a href="https://downloads.asterisk.org/pub/telephony/certified-asterisk">Downloads</a> </li>
</ul>
<h3>Summary:</h3>
<ul>
<li>Commits: 2</li>
<li>Commit Authors: 1</li>
<li>Issues Resolved: 0</li>
<li>Security Advisories Resolved: 2</li>
<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw">GHSA-2grh-7mhv-fcfw</a>: Using malformed From header can forge identity with ";" or NULL in name portion</li>
<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2">GHSA-c7p6-7mvq-8jq2</a>: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
</ul>
<h3>User Notes:</h3>
<ul>
<li>
<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.
Resolves: #GHSA-c7p6-7mvq-8jq2</li>
</ul>
<h3>Upgrade Notes:</h3>
<h3>Commit Authors:</h3>
<ul>
<li>George Joseph: (2)</li>
</ul>
<h2>Issue and Commit Detail:</h2>
<h3>Closed Issues:</h3>
<ul>
<li>!GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion</li>
<li>!GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
</ul>
<h3>Commits By Author:</h3>
<ul>
<li>
<h4>George Joseph (2):</h4>
</li>
<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
</ul>
<h3>Commit List:</h3>
<ul>
<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
</ul>
<h3>Commit Details:</h3>
<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
<p>Author: George Joseph
Date: 2025-05-19</p>
<p>UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.</p>
<p>Resolves: #GHSA-c7p6-7mvq-8jq2</p>
<h4>res_pjsip_messaging.c: Mask control characters in received From display name</h4>
<p>Author: George Joseph
Date: 2025-03-24</p>
<p>Incoming SIP MESSAGEs will now have their From header's display name
sanitized by replacing any characters &lt; 32 (space) with a space.</p>
<p>Resolves: #GHSA-2grh-7mhv-fcfw</p>
</body></html>

75
ChangeLogs/ChangeLog-certified-18.9-cert14.md
Unescape View File

@ -0,0 +1,75 @@
## Change Log for Release asterisk-certified-18.9-cert14
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-18.9-cert14.html)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-18.9-cert13...certified-18.9-cert14)
- [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-18.9-cert14.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk)
### Summary:
- Commits: 2
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 2
- [GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): Using malformed From header can forge identity with ";" or NULL in name portion
- [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands
### User Notes:
- #### asterisk.c: Add option to restrict shell access from remote consoles.
A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.
Resolves: #GHSA-c7p6-7mvq-8jq2
### Upgrade Notes:
### Commit Authors:
- George Joseph: (2)
## Issue and Commit Detail:
### Closed Issues:
- !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion
- !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands
### Commits By Author:
- #### George Joseph (2):
- res_pjsip_messaging.c: Mask control characters in received From display name
- asterisk.c: Add option to restrict shell access from remote consoles.
### Commit List:
- asterisk.c: Add option to restrict shell access from remote consoles.
- res_pjsip_messaging.c: Mask control characters in received From display name
### Commit Details:
#### asterisk.c: Add option to restrict shell access from remote consoles.
Author: George Joseph
Date: 2025-05-19
UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.
Resolves: #GHSA-c7p6-7mvq-8jq2
#### res_pjsip_messaging.c: Mask control characters in received From display name
Author: George Joseph
Date: 2025-03-24
Incoming SIP MESSAGEs will now have their From header's display name
sanitized by replacing any characters < 32 (space) with a space.
Resolves: #GHSA-2grh-7mhv-fcfw

202
README.html
Unescape View File

@ -0,0 +1,202 @@
<html><head><title>Readme for asterisk-certified-18.9-cert14</title></head><body>
<h1>The Asterisk(R) Open Source PBX</h1>
<pre><code class="language-text"> By Mark Spencer &lt;markster@digium.com&gt; and the Asterisk.org developer community.
Copyright (C) 2001-2021 Sangoma Technologies Corporation and other copyright holders.
</code></pre>
<h2>SECURITY</h2>
<p>It is imperative that you read and fully understand the contents of
the security information document before you attempt to configure and run
an Asterisk server.</p>
<p>See <a href="https://wiki.asterisk.org/wiki/display/AST/Important+Security+Considerations">Important Security Considerations</a> for more information.</p>
<h2>WHAT IS ASTERISK ?</h2>
<p>Asterisk is an Open Source PBX and telephony toolkit. It is, in a
sense, middleware between Internet and telephony channels on the bottom,
and Internet and telephony applications at the top. However, Asterisk supports
more telephony interfaces than just Internet telephony. Asterisk also has a
vast amount of support for traditional PSTN telephony, as well.</p>
<p>For more information on the project itself, please visit the Asterisk
<a href="https://www.asterisk.org">home page</a> and the official <a href="https://wiki.asterisk.org/">wiki</a>. In addition you'll find lots
of information compiled by the Asterisk community at <a href="http://www.voip-info.org/wiki-Asterisk">voip-info.org</a>.</p>
<p>There is a book on Asterisk published by O'Reilly under the Creative Commons
License. It is available in book stores as well as in a downloadable version on
the <a href="http://www.asteriskdocs.org">asteriskdocs.org</a> web site.</p>
<h2>SUPPORTED OPERATING SYSTEMS</h2>
<h3>Linux</h3>
<p>The Asterisk Open Source PBX is developed and tested primarily on the
GNU/Linux operating system, and is supported on every major GNU/Linux
distribution.</p>
<h3>Others</h3>
<p>Asterisk has also been 'ported' and reportedly runs properly on other
operating systems as well, including Sun Solaris, Apple's Mac OS X, Cygwin,
and the BSD variants.</p>
<h2>GETTING STARTED</h2>
<p>First, be sure you've got supported hardware (but note that you don't need
ANY special hardware, not even a sound card) to install and run Asterisk.</p>
<p>Supported telephony hardware includes:
* All Analog and Digital Interface cards from <a href="https://www.sangoma.com/">Sangoma</a>
* QuickNet Internet PhoneJack and LineJack (http://www.quicknet.net)
* any full duplex sound card supported by ALSA, OSS, or PortAudio
* any ISDN card supported by mISDN on Linux
* The Xorcom Astribank channel bank
* VoiceTronix OpenLine products</p>
<h3>UPGRADING FROM AN EARLIER VERSION</h3>
<p>If you are updating from a previous version of Asterisk, make sure you
read the <a href="UPGRADE.txt">UPGRADE.txt</a> file in the source directory. There are some files
and configuration options that you will have to change, even though we
made every effort possible to maintain backwards compatibility.</p>
<p>In order to discover new features to use, please check the configuration
examples in the <a href="configs">configs</a> directory of the source code distribution. For a
list of new features in this version of Asterisk, see the <a href="CHANGES">CHANGES</a> file.</p>
<h3>NEW INSTALLATIONS</h3>
<p>Ensure that your system contains a compatible compiler and development
libraries. Asterisk requires either the GNU Compiler Collection (GCC) version
4.1 or higher, or a compiler that supports the C99 specification and some of
the gcc language extensions. In addition, your system needs to have the C
library headers available, and the headers and libraries for ncurses.</p>
<p>There are many modules that have additional dependencies. To see what
libraries are being looked for, see <code>./configure --help</code>, or run
<code>make menuselect</code> to view the dependencies for specific modules.</p>
<p>On many distributions, these dependencies are installed by packages with names
like 'glibc-devel', 'ncurses-devel', 'openssl-devel' and 'zlib-devel'
or similar.</p>
<p>So, let's proceed:
1. Read this file.</p>
<p>There are more documents than this one in the <a href="doc">doc</a> directory. You may also
want to check the configuration files that contain examples and reference
guides in the <a href="configs">configs</a> directory.</p>
<ol>
<li>Run <code>./configure</code></li>
</ol>
<p>Execute the configure script to guess values for system-dependent
variables used during compilation.</p>
<ol>
<li>Run <code>make menuselect</code> <em>[optional]</em></li>
</ol>
<p>This is needed if you want to select the modules that will be compiled and to
check dependencies for various optional modules.</p>
<ol>
<li>Run <code>make</code></li>
</ol>
<p>Assuming the build completes successfully:</p>
<ol>
<li>Run <code>make install</code></li>
</ol>
<p>If this is your first time working with Asterisk, you may wish to install
the sample PBX, with demonstration extensions, etc. If so, run:</p>
<ol>
<li>Run <code>make samples</code></li>
</ol>
<p>Doing so will overwrite any existing configuration files you have installed.</p>
<ol>
<li>Finally, you can launch Asterisk in the foreground mode (not a daemon) with:</li>
</ol>
<pre><code> # asterisk -vvvc
</code></pre>
<p>You'll see a bunch of verbose messages fly by your screen as Asterisk
initializes (that's the "very very verbose" mode). When it's ready, if
you specified the "c" then you'll get a command line console, that looks
like this:</p>
<pre><code> *CLI&gt;
</code></pre>
<p>You can type "core show help" at any time to get help with the system. For help
with a specific command, type "core show help <command>". To start the PBX using
your sound card, you can type "console dial" to dial the PBX. Then you can use
"console answer", "console hangup", and "console dial" to simulate the actions
of a telephone. Remember that if you don't have a full duplex sound card
(and Asterisk will tell you somewhere in its verbose messages if you do/don't)
then it won't work right (not yet).</p>
<p>"man asterisk" at the Unix/Linux command prompt will give you detailed
information on how to start and stop Asterisk, as well as all the command
line options for starting Asterisk.</p>
<p>Feel free to look over the configuration files in <code>/etc/asterisk</code>, where you
will find a lot of information about what you can do with Asterisk.</p>
<h3>ABOUT CONFIGURATION FILES</h3>
<p>All Asterisk configuration files share a common format. Comments are
delimited by ';' (since '#' of course, being a DTMF digit, may occur in
many places). A configuration file is divided into sections whose names
appear in []'s. Each section typically contains two types of statements,
those of the form 'variable = value', and those of the form 'object =&gt;
parameters'. Internally the use of '=' and '=&gt;' is exactly the same, so
they're used only to help make the configuration file easier to
understand, and do not affect how it is actually parsed.</p>
<p>Entries of the form 'variable=value' set the value of some parameter in
asterisk. For example, in <a href="configs/samples/chan_dahdi.conf.sample">chan_dahdi.conf</a>, one might specify:</p>
<pre><code> switchtype=national
</code></pre>
<p>In order to indicate to Asterisk that the switch they are connecting to is
of the type "national". In general, the parameter will apply to
instantiations which occur below its specification. For example, if the
configuration file read:</p>
<pre><code> switchtype = national
channel =&gt; 1-4
channel =&gt; 10-12
switchtype = dms100
channel =&gt; 25-47
</code></pre>
<p>The "national" switchtype would be applied to channels one through
four and channels 10 through 12, whereas the "dms100" switchtype would
apply to channels 25 through 47.</p>
<p>The "object =&gt; parameters" instantiates an object with the given
parameters. For example, the line "channel =&gt; 25-47" creates objects for
the channels 25 through 47 of the card, obtaining the settings
from the variables specified above.</p>
<h3>SPECIAL NOTE ON TIME</h3>
<p>Those using SIP phones should be aware that Asterisk is sensitive to
large jumps in time. Manually changing the system time using date(1)
(or other similar commands) may cause SIP registrations and other
internal processes to fail. If your system cannot keep accurate time
by itself use <a href="http://www.ntp.org/">NTP</a> to keep the system clock
synchronized to "real time". NTP is designed to keep the system clock
synchronized by speeding up or slowing down the system clock until it
is synchronized to "real time" rather than by jumping the time and
causing discontinuities. Most Linux distributions include precompiled
versions of NTP. Beware of some time synchronization methods that get
the correct real time periodically and then manually set the system
clock.</p>
<p>Apparent time changes due to daylight savings time are just that,
apparent. The use of daylight savings time in a Linux system is
purely a user interface issue and does not affect the operation of the
Linux kernel or Asterisk. The system clock on Linux kernels operates
on UTC. UTC does not use daylight savings time.</p>
<p>Also note that this issue is separate from the clocking of TDM
channels, and is known to at least affect SIP registrations.</p>
<h3>FILE DESCRIPTORS</h3>
<p>Depending on the size of your system and your configuration,
Asterisk can consume a large number of file descriptors. In UNIX,
file descriptors are used for more than just files on disk. File
descriptors are also used for handling network communication
(e.g. SIP, IAX2, or H.323 calls) and hardware access (e.g. analog and
digital trunk hardware). Asterisk accesses many on-disk files for
everything from configuration information to voicemail storage.</p>
<p>Most systems limit the number of file descriptors that Asterisk can
have open at one time. This can limit the number of simultaneous
calls that your system can handle. For example, if the limit is set
at 1024 (a common default value) Asterisk can handle approximately 150
SIP calls simultaneously. To change the number of file descriptors
follow the instructions for your system below:</p>
<h4>PAM-BASED LINUX SYSTEM</h4>
<p>If your system uses PAM (Pluggable Authentication Modules) edit
<code>/etc/security/limits.conf</code>. Add these lines to the bottom of the file:</p>
<pre><code class="language-text">root soft nofile 4096
root hard nofile 8196
asterisk soft nofile 4096
asterisk hard nofile 8196
</code></pre>
<p>(adjust the numbers to taste). You may need to reboot the system for
these changes to take effect.</p>
<h4>GENERIC UNIX SYSTEM</h4>
<p>If there are no instructions specifically adapted to your system
above you can try adding the command <code>ulimit -n 8192</code> to the script
that starts Asterisk.</p>
<h2>MORE INFORMATION</h2>
<p>See the <a href="doc">doc</a> directory for more documentation on various features.
Again, please read all the configuration samples that include documentation
on the configuration options.</p>
<p>Finally, you may wish to visit the <a href="https://www.asterisk.org/support">support</a> site and join the <a href="http://lists.digium.com/mailman/listinfo/asterisk-users">mailing
list</a> if you're interested in getting more information.</p>
<p>Welcome to the growing worldwide community of Asterisk users!</p>
<pre><code> Mark Spencer, and the Asterisk.org development community
</code></pre>
<hr>
<p>Asterisk is a trademark of Sangoma Technologies Corporation</p>
</body></html>

4
contrib/realtime/mysql/mysql_config.sql
Unescape View File

@ -58,7 +58,7 @@ CREATE TABLE sippeers (
regexten VARCHAR(40),
fromdomain VARCHAR(40),
fromuser VARCHAR(40),
`qualify` VARCHAR(40),
qualify VARCHAR(40),
defaultip VARCHAR(45),
rtptimeout INTEGER,
rtpholdtimeout INTEGER,
@ -146,7 +146,7 @@ CREATE TABLE iaxfriends (
disallow VARCHAR(200),
allow VARCHAR(200),
codecpriority VARCHAR(40),
`qualify` VARCHAR(10),
qualify VARCHAR(10),
qualifysmoothing ENUM('yes','no'),
qualifyfreqok VARCHAR(10),
qualifyfreqnotok VARCHAR(10),

Write Preview
Loading…
Cancel
Save