pkgsrc.se | The NetBSD package collection

./comms/asterisk21, The Asterisk Software PBX

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 21.12.0nb1, Package name: asterisk-21.12.0nb1, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and IAX.

This is an standard version. It is secheduled to go to security
fixes only on November 18th, 2025, and EOL on November 18th, 2026.
See here for more information about Asterisk versions:
https://docs.asterisk.org/About-the-Project/Asterisk-Versions

Note that many things that have long been deprecated have now been
removed, such as chan_sip and app_macro. See here for a complete
list: http://docs.asterisk.org/Development/Asterisk-Module-Deprecations

Package options: asterisk-config, jabber, ldap, speex

Master sites: (Expand)

Version history: (Expand)

(2026-01-07) Updated to version: asterisk-21.12.0nb1
(2025-12-01) Updated to version: asterisk-21.12.0
(2025-10-27) Updated to version: asterisk-21.11.0
(2025-10-24) Package has been reborn
(2025-10-24) Package deleted from pkgsrc
(2025-10-05) Updated to version: asterisk-21.10.1nb2

CVS history: (Expand)

2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525)

Log message:
*: recursive bump for icu 78.1

2025-12-01 04:42:23 by John Nemeth | Files touched by this commit (3) | Package updated

Log message:
Update to Asterisk 21.12.0.

## Change Log for Release asterisk-21.12.0

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.12.0.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.11.0...21.12.0)

### Summary:

- Commits: 20
- Commit Authors: 10
- Issues Resolved: 13
- Security Advisories Resolved: 0

### User Notes:

- #### func_hangupcause.c: Add access to Reason headers via HANGUPCAUSE()
  Added a new option to HANGUPCAUSE to access additional
  information about hangup reason. Reason headers from pjsip
  could be read using 'tech_extended' cause type.

- #### chan_dahdi: Add DAHDI_CHANNEL function.
  The DAHDI_CHANNEL function allows for getting/setting
  certain properties about DAHDI channels from the dialplan.

### Upgrade Notes:

- #### res_audiosocket: add message types for all slin sample rates
  New audiosocket message types 0x11 - 0x18 has been added
  for slin12, slin16, slin24, slin32, slin44, slin48, slin96, and
  slin192 audio. External applications using audiosocket may need to be
  updated to support these message types if the audiosocket channel is
  created with one of these audio formats.

## Issue and Commit Detail:

### Closed Issues:

  - 1340: [bug]: comfort noise packet corrupted
  - 1419: [bug]: static code analysis issues in app_adsiprog.c
  - 1422: [bug]: static code analysis issues in apps/app_externalivr.c
  - 1425: [bug]: static code analysis issues in apps/app_queue.c
  - 1434: [improvement]: pbx_variables: Create real channel for dialplan eval \ 
CLI command
  - 1436: [improvement]: res_cliexec: Avoid unnecessary cast to char*
  - 1455: [new-feature]: chan_dahdi: Add DAHDI_CHANNEL function
  - 1467: [bug]: Crash in res_pjsip_refer during REFER progress teardown with \ 
PJSIP_TRANSFER_HANDLING(ari-only)
  - 1491: [bug]: Segfault: `channelstorage_cpp` fast lookup without lock \ 
(`get_by_name_exact`/`get_by_uniqueid`) leads to UAF during hangup
  - 1525: [bug]: chan_websocket: fix use of raw payload variable for string \ 
comparison in process_text_message
  - 1539: [bug]: safe_asterisk without TTY doesn't log to file
  - 1554: [bug]: safe_asterisk recurses into subdirectories of startup.d after f97361
  - 1578: [bug]: Deadlock with externalMedia custom channel id and cpp map \ 
channel backend

2025-10-27 05:07:20 by John Nemeth | Files touched by this commit (3) | Package updated

Log message:
Upgrade to Asterisk 21.11.0.

## Change Log for Release asterisk-21.11.0

### Links:

- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.11.0.html)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.2...21.11.0)

### Summary:

- Commits: 54
- Commit Authors: 22
- Issues Resolved: 40
- Security Advisories Resolved: 0

### User Notes:

- #### app_queue.c: Add new global 'log_unpause_on_reason_change'
Add new global option 'log_unpause_on_reason_change' that
is default disabled. When enabled cause addition of UNPAUSE event on
every re-PAUSE with reason changed.

- #### pbx_builtins: Allow custom tone for WaitExten.
The tone used while waiting for digits in WaitExten
can now be overridden by specifying an argument for the 'd'
option.

- #### res_tonedetect: Add option for TONE_DETECT detection to auto stop.
The 'e' option for TONE_DETECT now allows detection to
be disabled automatically once the desired number of matches have
been fulfilled, which can help prevent race conditions in the
dialplan, since TONE_DETECT does not need to be disabled after
a hit.

- #### sorcery: Prevent duplicate objects and ensure missing objects are created \
on u..
Users relying on Sorcery multiple writable backends configurations
(e.g., astdb + realtime) may now enable update_or_create_on_update_miss = yes
in sorcery.conf to ensure missing objects are recreated after temporary backend
failures. Default behavior remains unchanged unless explicitly enabled.

- #### chan_websocket: Allow additional URI parameters to be added to the \
outgoing URI.
A new WebSocket channel driver option `v` has been added to the
Dial application that allows you to specify additional URI parameters on
outgoing connections. Run `core show application Dial` from the Asterisk CLI
to see how to use it.

- #### app_chanspy: Add option to not automatically answer channel.
ChanSpy and ExtenSpy can now be configured to not
automatically answer the channel by using the 'N' option.

- #### cel: Add STREAM_BEGIN, STREAM_END and DTMF event types.
Enabling the tracking of the
STREAM_BEGIN and the STREAM_END event
types in cel.conf will log media files and
music on hold played to each channel.
The STREAM_BEGIN event's extra field will
contain a JSON with the file details (path,
format and language), or the class name, in
case of music on hold is played. The DTMF
event's extra field will contain a JSON with
the digit and the duration in milliseconds.

- #### res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM
Options are now available in the menuselect "Resource Modules"
category that allow you to enable the AES_192, AES_256 and AES_GCM
cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support
them but modern versions do. Previously, the only way to enable them was
to set the CFLAGS environment variable when running ./configure.
The default setting is to disable them preserving existing behavior.

- #### cdr: add CANCEL dispostion in CDR
A new CDR option "canceldispositionenabled" has been added
that when set to true, the NO ANSWER disposition will be split into
two dispositions: CANCEL and NO ANSWER. The default value is 'no'

- #### func_curl: Allow auth methods to be set.
The httpauth field in CURLOPT now allows the authentication
methods to be set.

- #### Media over Websocket Channel Driver
A new channel driver "chan_websocket" is now available. It can
exchange media over both inbound and outbound websockets and will both frame
and re-time the media it receives.
See http://s.asterisk.net/mow for more information.
The ARI channels/externalMedia API now includes support for the

### Upgrade Notes:

### Developer Notes:

- #### ARI: Add command to indicate progress to a channel
A new ARI endpoint is available at `/channels/{channelId}/progress` to \
indicate progress to a channel.

- #### options: Change ast_options from ast_flags to ast_flags64.
The 32-bit ast_options has no room left to accomodate new
options and so has been converted to an ast_flags64 structure. All internal
references to ast_options have been updated to use the 64-bit flag
manipulation macros. External module references to the 32-bit ast_options
should continue to work on little-endian systems because the
least-significant bytes of a 64 bit integer will be in the same location as a
32-bit integer. Because that's not the case on big-endian systems, we've
swapped the bytes in the flags manupulation macros on big-endian systems
so external modules should still work however you are encouraged to test.

## Issue and Commit Detail:

### Closed Issues:

- 401: [bug]: app_dial: Answer Gosub option passthrough regression
- 927: [bug]: no audio when media source changed during the call
- 1176: [bug]: ast_slinear_saturated_multiply_float produces potentially \
audible distortion artifacts
- 1259: [bug]: New TenantID feature doesn't seem to set CDR for incoming calls
- 1260: [bug]: Asterisk sends RTP audio stream before ICE/DTLS completes
- 1269: [bug]: MixMonitor with D option produces corrupt file
- 1273: [bug]: When executed with GotoIf, the action Redirect does not take \
effect and causes confusion in dialplan execution.
- 1280: [improvement]: logging playback of audio per channel
- 1289: [bug]: sorcery - duplicate objects from multiple backends and backend \
divergence on update
- 1301: [bug]: sig_analog: fgccamamf doesn't handle STP, STP2, or STP3
- 1304: [bug]: FLUSH_MEDIA does not reset frame_queue_length in WebSocket channel
- 1305: [bug]: Realtime incorrectly falls back to next backend on \
record-not-found (SQL_NO_DATA), causing incorrect behavior and delay
- 1307: [improvement]: ast_tls_cert: Allow certificate validity to be configurable
- 1309: [bug]: Crash with C++ alternative storage backend enabled
- 1315: [bug]: When executed with dialplan, the action Redirect does not take \
effect.
- 1317: [bug]: AGI command buffer overflow with long variables
- 1321: [improvement]: app_agent_pool: Remove obsolete documentation
- 1323: [new-feature]: add CANCEL dispostion in CDR
- 1327: [bug]: res_stasis_device_state: can't delete ARI Devicestate after \
asterisk restart
- 1332: [new-feature]: func_curl: Allow auth methods to be set
- 1349: [bug]: Race condition on redirect can cause missing Diversion header
- 1352: [improvement]: Websocket channel with custom URI
- 1353: [bug]: AST_DATA_DIR/sounds/custom directory not searched
- 1358: [new-feature]: app_chanspy: Add option to not automatically answer channel
- 1364: [bug]: bridge.c: BRIDGE_NOANSWER not always obeyed
- 1366: [improvement]: func_frame_drop: Handle allocation failure properly
- 1369: [bug]: test_res_prometheus: Compilation failure in devmode due to \
curlopts not using long type
- 1371: [improvement]: func_frame_drop: Add debug messages for frames that can \
be dropped
- 1375: [improvement]: dsp.c: Improve logging in tone_detect().
- 1378: [bug]: chan_dahdi: dialmode feature is not properly reset between calls
- 1380: [bug]: sig_analog: Segfault due to calling strcmp on NULL
- 1384: [bug]: chan_websocket: asterisk crashes on hangup after \
STOP_MEDIA_BUFFERING command with id
- 1386: [bug]: enabling announceposition_only_up prevents any queue position \
announcements
- 1390: [improvement]: res_tonedetect: Add option to automatically end \
detection in TONE_DETECT
- 1394: [improvement]: sig_analog: Skip Caller ID spill if Caller ID is disabled
- 1396: [new-feature]: pbx_builtins: Make tone option for WaitExten configurable
- 1401: [bug]: app_waitfornoise timeout is always less then configured because \
of time() usage
- 1457: [bug]: segmentation fault because of a wrong ari config
- 1462: [bug]: chan_websocket isn't handling the "opus" codec correctly.
- 1474: [bug]: Media doesn't flow for video conference after res_rtp_asterisk \
change to stop media flow before DTLS completes

### Commit List:

- res_rtp_asterisk.c: Use rtp->dtls in __rtp_sendto when rtcp mux is used.
- chan_websocket: Fix codec validation and add passthrough option.
- res_ari: Ensure outbound websocket config has a websocket_client_id.
- chan_websocket.c: Add DTMF messages
- app_queue.c: Add new global 'log_unpause_on_reason_change'
- app_waitforsilence.c: Use milliseconds to calculate timeout time
- Fix missing ast_test_flag64 in extconf.c
- pbx_builtins: Allow custom tone for WaitExten.
- res_tonedetect: Add option for TONE_DETECT detection to auto stop.
- app_queue: fix comparison for announce-position-only-up
- sig_analog: Skip Caller ID spill if usecallerid=no.
- chan_dahdi: Fix erroneously persistent dialmode.
- chan_websocket: Fix buffer overrun when processing TEXT websocket frames.
- sig_analog: Fix SEGV due to calling strcmp on NULL.
- ARI: Add command to indicate progress to a channel
- dsp.c: Improve debug logging in tone_detect().
- res_stasis_device_state: Fix delete ARI Devicestates after asterisk restart.
- app_chanspy: Add option to not automatically answer channel.
- xmldoc.c: Fix rendering of CLI output.
- func_frame_drop: Add debug messages for dropped frames.
- test_res_prometheus: Fix compilation failure on Debian 13.
- func_frame_drop: Handle allocation failure properly.
- pbx_lua.c: segfault when pass null data to term_color function
- bridge.c: Obey BRIDGE_NOANSWER variable to skip answering channel.
- res_rtp_asterisk: Don't send RTP before DTLS has negotiated.
- app_dial.c: Moved channel lock to prevent deadlock
- file.c: with "sounds_search_custom_dir = yes", search \
"custom" directory
- cel: Add STREAM_BEGIN, STREAM_END and DTMF event types.
- channelstorage_cpp_map_name_id.cc: Refactor iterators for thread-safety.
- res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM
- cdr: add CANCEL dispostion in CDR
- func_curl: Allow auth methods to be set.
- options: Change ast_options from ast_flags to ast_flags64.
- res_config_odbc: Prevent Realtime fallback on record-not-found (SQL_NO_DATA)
- app_agent_pool: Remove documentation for removed option.
- res_agi: Increase AGI command buffer size from 2K to 8K
- ast_tls_cert: Make certificate validity configurable.
- cdr.c: Set tenantid from party_a->base instead of chan->base.
- app_mixmonitor: Update the documentation concerning the "D" option.
- sig_analog: Properly handle STP, ST2P, and ST3P for fgccamamf.
- chan_websocket: Reset frame_queue_length to 0 after FLUSH_MEDIA
- chan_pjsip.c: Change SSRC after media source change
- Media over Websocket Channel Driver
- bundled_pjproject: Avoid deadlock between transport and transaction
- utils.h: Add rounding to float conversion to int.
- res_musiconhold.c: Ensure we're always locked around music state access.
- res_musiconhold.c: Annotate when the channel is locked.
- res_musiconhold: Appropriately lock channel during start.

## Change Log for Release asterisk-21.10.2

### Links:

- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.2.html)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.1...21.10.2)

### Summary:

- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- \
[GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): \
A specifically malformed Authorization header in an incoming SIP request can \
cause Asterisk to crash

### Commit Authors:

- George Joseph: (1)

## Issue and Commit Detail:

### Closed Issues:

- !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an \
incoming SIP request can cause Asterisk to crash

### Commit List:

- res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.

### Commit Details:

#### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
Author: George Joseph
Date: 2025-08-28

In the highly-unlikely event that get_authorization_hdr() couldn't find an
Authorization header in a request, trying to get the digest algorithm
would cauase a SEGV. We now check that we have an auth header that matches
the realm before trying to get the algorithm from it.

Resolves: #GHSA-64qc-9x89-rx5j

2025-10-05 21:26:29 by Jonathan Schleifer | Files touched by this commit (485)

Log message:
*: rev bump for curl

2025-08-31 00:46:51 by Thomas Klausner | Files touched by this commit (1355)

Log message:
*: recursive bump for tiff growing lerc dependency

2025-08-04 22:43:25 by John Nemeth | Files touched by this commit (3) | Package updated

Log message:
Update to Asterisk 21.10.1.  This is a security update.

## Change Log for Release asterisk-21.10.1

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.1.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.0...21.10.1)

### Summary:

- Commits: 2
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 2
  - \ 
[GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): \ 
Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
  - \ 
[GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): \ 
Uncontrolled Search-Path Element in safe_asterisk script may allow local \ 
privilege escalation.

### User Notes:

### Upgrade Notes:

- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
  The safe_asterisk script now checks that, if it was run by the
  root user, the /etc/asterisk/startup.d directory and all the files it contains
  are owned by root.  If the checks fail, safe_asterisk will exit with an error
  and Asterisk will not be started.  Additionally, the default logging
  destination is now stderr instead of tty "9" which probably won't exist
  in modern systems.

### Developer Notes:

### Commit Authors:

- George Joseph: (1)
- ThatTotallyRealMyth: (1)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in \ 
asterisk/res/res_stir_shaken/verification.c
  - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk \ 
script may allow local privilege escalation.

### Commits By Author:

- #### George Joseph (1):
  - res_stir_shaken: Test for missing semicolon in Identity header.

- #### ThatTotallyRealMyth (1):
  - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

### Commit List:

-  safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
-  res_stir_shaken: Test for missing semicolon in Identity header.

### Commit Details:

#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
  Author: ThatTotallyRealMyth
  Date:   2025-06-10

  UpgradeNote: The safe_asterisk script now checks that, if it was run by the
  root user, the /etc/asterisk/startup.d directory and all the files it contains
  are owned by root.  If the checks fail, safe_asterisk will exit with an error
  and Asterisk will not be started.  Additionally, the default logging
  destination is now stderr instead of tty "9" which probably won't exist
  in modern systems.

  Resolves: #GHSA-v9q8-9j8m-5xwp

#### res_stir_shaken: Test for missing semicolon in Identity header.
  Author: George Joseph
  Date:   2025-07-31

  ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
  the Identity header to prevent a possible segfault.

  Resolves: #GHSA-mrq5-74j5-f5cr

2025-07-21 08:30:02 by John Nemeth | Files touched by this commit (3)

Log message:
Update to Asterisk 21.10.0:

## Change Log for Release asterisk-21.10.0

### Links:

- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.0.html)

### Summary:

- Commits: 29
- Commit Authors: 14
- Issues Resolved: 19
- Security Advisories Resolved: 1
- \
[GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): \
cli_permissions.conf: deny option does not work for disallowing shell commands

### User Notes:

- #### res_stir_shaken.so: Handle X5U certificate chains.
The STIR/SHAKEN verification process will now load a full
certificate chain retrieved via the X5U URL instead of loading only
the end user cert.

- #### res_stir_shaken: Add "ignore_sip_date_header" config option.
A new STIR/SHAKEN verification option "ignore_sip_date_header" has
been added that when set to true, will cause the verification process to
not consider a missing or invalid SIP "Date" header to be a failure. \
This
will make the IAT the sole "truth" for Date in the verification process.
The option can be set in the "verification" and "profile" \
sections of
stir_shaken.conf.
Also fixed a bug in the port match logic.
Resolves: #1251
Resolves: #1271

- #### app_record: Add RECORDING_INFO function.
The RECORDING_INFO function can now be used
to retrieve the duration of a recording.

- #### app_queue: queue rules – Add support for QUEUE_RAISE_PENALTY=rN to \
raise penal..
This change introduces QUEUE_RAISE_PENALTY=rN, allowing selective penalty raises
only for members whose current penalty is within the [min_penalty, \
max_penalty] range.
Members with lower or higher penalties are unaffected.
This behavior is backward-compatible with existing queue rule configurations.

- #### res_odbc: cache_size option to limit the cached connections.
New cache_size option for res_odbc to on a per class basis limit the
number of cached connections. Please reference the sample configuration
for details.

- #### res_odbc: cache_type option for res_odbc.
When using res_odbc it should be noted that back-end
connections to the underlying database can now be configured to re-use
the cached connections in a round-robin manner rather than repeatedly
re-using the same connection. This helps to keep connections alive, and
to purge dead connections from the system, thus more dynamically
adjusting to actual load. The downside is that one could keep too many
connections active for a longer time resulting in resource also begin
consumed on the database side.

- #### ARI Outbound Websockets
Asterisk can now establish websocket sessions _to_ your ARI applications
as well as accepting websocket sessions _from_ them.
Full details: http://s.asterisk.net/ari-outbound-ws

- #### res_websocket_client: Create common utilities for websocket clients.
A new module "res_websocket_client" and config file
"websocket_client.conf" have been added to support several upcoming new
capabilities that need common websocket client configuration.

- #### asterisk.c: Add option to restrict shell access from remote consoles.
A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.
Resolves: #GHSA-c7p6-7mvq-8jq2

- #### sig_analog: Add Call Waiting Deluxe support.
Call Waiting Deluxe can now be enabled for FXS channels
by enabling its corresponding option.

### Upgrade Notes:

- #### jansson: Upgrade version to jansson 2.14.1
jansson has been upgraded to 2.14.1. For more
information visit jansson Github page: \
https://github.com/akheron/jansson/releases/tag/v2.14.1
Resolves: #1178

- #### Alternate Channel Storage Backends
With this release, you can now select an alternate channel
storage backend based on C++ Maps. Using the new backend may increase
performance and reduce the chances of deadlocks on heavily loaded systems.
For more information, see http://s.asterisk.net/dc679ec3

## Issue and Commit Detail:

### Closed Issues:

- !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for \
disallowing shell commands
- 271: [new-feature]: sig_analog: Add Call Waiting Deluxe support.
- 548: [improvement]: Get Record() audio duration/length
- 1088: [bug]: app_sms: Compilation failure in DEVMODE due to \
stringop-overflow error in GCC 15 pre-release
- 1141: [bug]: res_pjsip: Contact header set incorrectly for call redirect \
(302 Moved temp.) when external_* set
- 1178: [improvement]: jansson: Upgrade version to jansson 2.14.1
- 1230: [bug]: ast_frame_adjust_volume and ast_frame_adjust_volume_float crash \
on interpolated frames
- 1234: [bug]: Set CalllerID lost on DTMF attended transfer
- 1240: [bug]: WebRTC invites failing on Chrome 136
- 1243: [bug]: make menuconfig fails due to changes in GTK callbacks
- 1251: [improvement]: PJSIP shouldn't require SIP Date header to process full \
shaken passport which includes iat
- 1254: [bug]: ActiveChannels not reported when using AMI command PJSIPShowEndpoint
- 1271: [bug]: STIR/SHAKEN not accepting port 8443 in certificate URLs
- 1272: [improvement]: STIR/SHAKEN handle X5U certificate chains
- 1276: MixMonitor produces broken recordings in bridged calls with asymmetric \
codecs (e.g., alaw vs G.722)
- 1279: [bug]: regression: 20.12.0 downgrades quality of wav16 recordings
- 1282: [bug]: Alternate Channel Storage Backends menuselect not enabling it
- 1287: [bug]: channelstorage.c: Compilation failure with DEBUG_FD_LEAKS
- 1288: [bug]: Crash when destroying channel with C++ alternative storage \
backend enabled
- ASTERISK-30373: sig_analog: Add Call Waiting Deluxe options

### Commit List:

- channelstorage: Rename callbacks that conflict with DEBUG_FD_LEAKS.
- channelstorage_cpp_map_name_id: Fix callback returning non-matching channels.
- channelstorage_makeopts.xml: Remove errant XML character.
- res_stir_shaken.so: Handle X5U certificate chains.
- res_stir_shaken: Add "ignore_sip_date_header" config option.
- app_record: Add RECORDING_INFO function.
- app_sms.c: Fix sending and receiving SMS messages in protocol 2
- res_websocket_client: Add more info to the XML documentation.
- res_odbc: cache_size option to limit the cached connections.
- res_odbc: cache_type option for res_odbc.
- res_pjsip: Fix empty `ActiveChannels` property in AMI responses.
- ARI Outbound Websockets
- res_websocket_client: Create common utilities for websocket clients.
- asterisk.c: Add option to restrict shell access from remote consoles.
- frame.c: validate frame data length is less than samples when adjusting volume
- res_audiosocket.c: Add retry mechanism for reading data from AudioSocket
- res_audiosocket.c: Set the TCP_NODELAY socket option
- menuselect: Fix GTK menu callbacks for Fedora 42 compatibility
- jansson: Upgrade version to jansson 2.14.1
- pjproject: Increase maximum SDP formats and attribute limits
- manager.c: Invalid ref-counting when purging events
- res_pjsip_nat.c: Do not overwrite transfer host
- chan_pjsip: Serialize INVITE creation on DTMF attended transfer
- sig_analog: Add Call Waiting Deluxe support.
- app_sms: Ignore false positive vectorization warning.
- lock.h: Add include for string.h when DEBUG_THREADS is defined.
- Alternate Channel Storage Backends

2025-06-02 06:37:03 by John Nemeth | Files touched by this commit (5)

Log message:
Upgrade to Asterisk 21.9.1:

pkgsrc changes:
- add gsed to USE_TOOLS
- appease pkglint somewhat
- PR/58978 -- comms/asterisk build fails if prefix is not /usr/pkg

## Change Log for Release asterisk-21.9.1

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.1.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.9.0...21.9.1)

### Summary:

- Commits: 2
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 2
  - \ 
[GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): \ 
Using malformed From header can forge identity with ";" or NULL in \ 
name portion
  - \ 
[GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): \ 
cli_permissions.conf: deny option does not work for disallowing shell commands

### User Notes:

- #### asterisk.c: Add option to restrict shell access from remote consoles.
  A new asterisk.conf option 'disable_remote_console_shell' has
  been added that, when set, will prevent remote consoles from executing
  shell commands using the '!' prefix.
  Resolves: #GHSA-c7p6-7mvq-8jq2

### Commit Authors:

- George Joseph: (2)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with \ 
";" or NULL in name portion
  - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for \ 
disallowing shell commands

### Commits By Author:

- #### George Joseph (2):
  - res_pjsip_messaging.c: Mask control characters in received From display name
  - asterisk.c: Add option to restrict shell access from remote consoles.