Log message:
Update to Asterisk 22.9.0:

## Change Log for Release asterisk-22.9.0

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.9.0.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.8.2...22.9.0)

### Summary:

- Commits: 50
- Commit Authors: 21
- Issues Resolved: 34
- Security Advisories Resolved: 0

### User Notes:

- #### acl: Add ACL support to http and ari
  A new section, type=restriction has been added to http.conf
  to allow an uri prefix based acl to be configured. See
  http.conf.sample for examples and more information.
  The user section of ari.conf can now contain an acl configuration
  to restrict users access. See ari.conf.sample for examples and more
  information

- #### res_rtp_asterisk.c: Fix DTLS packet drop when TURN loopback re-injection \ 
occurs before ICE candidate check
  WebRTC calls using TURN configured in rtp.conf (turnaddr,
  turnusername, turnpassword) will now correctly complete DTLS/SRTP
  negotiation. Previously all DTLS packets were silently dropped due to
  the loopback re-injection address not being in the ICE active candidate
  list.

- #### docs: Add "Provided-by" to doc XML and CLI output.
  The CLI help for applications, functions, manager commands and
  manager events now shows the module that provides its functionality.

- #### CDR/CEL Custom Performance Improvements
  Significant performance improvements have been made to the
  cdr_custom, cdr_sqlite3_custom, cel_custom and cel_sqlite3_custom modules.
  See the new sample config files for those modules to see how to benefit
  from them.

- #### chan_websocket: Add media direction.
  WebSocket now supports media direction, allowing for
  unidirectional media. This is done from the perspective of the
  application and can be set via channel origination, external media, or
  commands sent from the application. Check out
  https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket/ for
  more.

- #### app_queue: Add 'prio' setting to the 'force_longest_waiting_caller' option
  The 'force_longest_waiting_caller' option now supports a 'prio' setting.
  When set to 'prio', calls are offered by priority first, then by wait time.

- #### Upgrade bundled pjproject to 2.16.
  Bundled pjproject has been upgraded to 2.16. For more
  information on what all is included in this change, check out the
  pjproject Github page: https://github.com/pjsip/pjproject/releases

- #### res_pjsip_header_funcs: Add new PJSIP_INHERITABLE_HEADER dialplan function
  A new PJSIP_HEADER option has been added that allows
  inheriting pjsip headers from the inbound to the outbound bridged
  channel.
  Example- same => n,Set(PJSIP_INHERITABLE_HEADER(add,X-custom-1)=alpha)
  will add X-custom-1: alpha to the outbound pjsip channel INVITE
  upon Dial.

- #### app_queue: Fix rN raise_penalty ignoring min_penalty in calc_metric
  Fixes an issue where QUEUE_RAISE_PENALTY=rN could raise a member’s penalty \ 
below QUEUE_MIN_PENALTY during member selection. This could allow members \ 
intended to be excluded to be selected. The queue now consistently respects the \ 
minimum penalty when raising penalties, aligning member selection behavior with \ 
queue empty checks and documented rN semantics.

## Issue and Commit Detail:

### Closed Issues:

  - 449: [bug]:  PJSIP confuses media address after INVITE requiring authentication
  - 566: [bug]: core: SIGSEGV on DTMF when no timing modules loaded
  - 1356: [bug]: MESSAGE requests should not contain a Contact header
  - 1524: [bug]: PJSIP if sdp_session is blank the initial INVITE doesn't attach \ 
an SDP offer, worked in chan_sip
  - 1611: [bug]: asterisk deadlocked on start sometimes
  - 1612: [improvement]: pjsip: Upgrade bundled version to pjproject 2.16
  - 1637: [improvement]: force_longest_waiting_caller should also consider \ 
caller priority
  - 1641: [bug]: res_pjsip_config_wizard: Endpoints fail to update when Named \ 
ACLs change after reload
  - 1651: [bug]: Asterisk crashes with munmap_chunk() when using sorcery \ 
realtime for PJSIP registration objects
  - 1657: [bug]: Wrong dtmf payload is used when inbound invite contains 8K and \ 
16K, and outgoing leg is using G722 and SRTP
  - 1670: [new-feature]: Add new option to PJSIP_HEADER to pass headers from the \ 
inbound to outbound channel.
  - 1691: [bug]: force_longest_waiting_caller stops offering calls if a call \ 
joins at the first position
  - 1703: [bug]: res_pjsip_pubsub: ao2 reference leak of subscription tree in \ 
ast_sip_subscription
  - 1707: [bug]: chan_iax2: Crash when processing video frames with negative length
  - 1716: [bug]: Ghost call when UAC didn't respond with 487 for a cancel \ 
request from server even after original call hangup.
  - 1724: [improvement]: say.c - added language support for pashto and dari
  - 1730: [bug]: CPP channel storage get_by_name_prefix does not check prefix match
  - 1755: [bug]: app_dial, utils.h: Compilation failure with \ 
-Wold-style-declaration and -Wdiscarded-qualifiers
  - 1781: [bug]: More discarded-qualifiers errors with gcc 15.2.1
  - 1783: [bug]: Several unused-but-set-variable warnings with gcc 16
  - 1785: [bug]: chan_websocket doesn’t work with genericplc and transcoding
  - 1786: [bug]: chan_dahdi: A few more discarded-qualifiers errors not caught \ 
previously
  - 1795: [bug]: DTLS packets dropped when TURN configured in rtp.conf due to \ 
loopback re-injection occurring before ICE candidate source check
  - 1797: [bug]: Potential logic issue in translated frame write loop (main/file.c)
  - 1802: [improvement]: app_dial: Channel name should be included in warnings \ 
during wait_for_answer
  - 1804: [new-feature]: dsp.c: Add support for R2 signaling
  - 1814: [bug]: A pjsip transport with an invalid config can cause issues with \ 
other transports
  - 1816: [bug]: ARI: RTPAUDIO channel vars aren't set if call hung up by ARI.
  - 1819: [bug]: When a 302 is received from a UAS, the cause and tech_cause \ 
codes set on the channel are incorrect.
  - 1831: [bug]:raise_exception() and EXCEPTION() read use channel datastores \ 
without holding ast_channel_lock
  - 1833: [bug]: Address security vulnerabilities in pjproject
  - 1844: [bug]: cdrel_custom isn't respecting the default time format for CEL \ 
records
  - 1845: [bug]:res_cdrel_custom produces wrong float timestamps
  - 1852: [bug]: res_cdrel_custom: connection to the sqlite3 database closes \ 
from time to time

### Commit List:

-  res_cdrel_custom: do not free config when no new config was loaded
-  res_cdrel_custom: Resolve several formatting issues.
-  res_pjsip: Address pjproject security vulnerabilities
-  pbx: Hold channel lock for exception datastore access
-  xmldoc.c: Fix memory leaks in handling of provided_by.
-  SECURITY.md: Update with additional instructions.
-  res_audiosocket: Fix header read loop to use correct buffer offset
-  manager.c : Fix CLI event display
-  chan_pjsip: Set correct cause codes for non-2XX responses.
-  res_pjsip_config_wizard: Force reload on Named ACL change events
-  rtp: Set RTPAUDIOQOS variables when ast_softhangup is called.
-  channel: Prevent crash during DTMF emulation when no timing module is loaded
-  res_pjsip: Remove temp transport state when a transport fails to load.
-  res_pjsip_messaging: Remove Contact header from out-of-dialog MESSAGE as per \ 
RFC3428
-  acl: Add ACL support to http and ari
-  res_rtp_asterisk.c: Fix DTLS packet drop when TURN loopback re-injection \ 
occurs before ICE candidate check
-  dsp.c: Add support for detecting R2 signaling tones.
-  app_dial: Include channel name in warnings during wait_for_answer.
-  main/file: fix translated-frame write loop to use current frame
-  docs: Add "Provided-by" to doc XML and CLI output.
-  chan_websocket_doc.xml: Add d(media_direction) option.
-  resource_channels.c: Fix validation response for externalMedia with AudioSockets
-  CDR/CEL Custom Performance Improvements
-  chan_websocket: Remove silence generation and frame padding.
-  chan_websocket: Add media direction.
-  fix: Add macOS (Darwin) compatibility for building Asterisk
-  astconfigparser.py: Fix regex pattern error by properly escaping string
-  res_rtp_asterisk: use correct sample rate lookup to account for g722
-  res_pjsip_outbound_registration.c: Prevent crash if load_module() fails
-  pjsip_configuration: Ensure s= and o= lines in SDP are never empty
-  res_pjsip_session: Make sure NAT hook runs when packet is retransmitted for \ 
whatever reason.
-  chan_dahdi: Fix discarded-qualifiers errors.
-  build: Fix unused-but-set-variable warnings with gcc 16.
-  build: Fix another GCC discarded-qualifiers const error.
-  chan_iax2: Fix crash due to negative length frame lengths.
-  build: Fix GCC discarded-qualifiers const errors.
-  endpoints: Allow access to latest snapshot directly.
-  app_dial, utils.h: Avoid old style declaration and discarded qualifier.
-  app_queue: Add 'prio' setting to the 'force_longest_waiting_caller' option
-  Upgrade bundled pjproject to 2.16.
-  res_pjsip_header_funcs: Add new PJSIP_INHERITABLE_HEADER dialplan function
-  app_queue: Queue Timing Parity with Dial() and Accurate Wait Metrics
-  stasis.c: Fix deadlock in stasis_topic_pool_get_topic during module load
-  app_queue: Fix rN raise_penalty ignoring min_penalty in calc_metric
-  app_queue: Only compare calls at 1st position across queues when forcing \ 
longest waiting caller.
-  channelstorage_cpp_map_name_id: Fix get_by_name_prefix prefix match
-  app_amd: Remove errant space in documentation for totalAnalysisTime.
-  say.c: added language support for pashto and dari
-  res_pjsip_session.c: Prevent INVITE failover when session is cancelled
-  res_pjsip_pubsub: Fix ao2 reference leak of subscription tree in \ 
ast_sip_subscription

Log message:
*: remove OWNER definition

OWNER, when it was introduced, was to protect packages deep in the
infrastructure by emphasizing that they should not be touched by
non-MAINTAINERs.

No infrastructure package still sets OWNER.

Note: non-trivial change to packages should be passed by MAINTAINERs.

As discussed on tech-pkg.

Log message:
update to Asterisk 22.8.2:

## Change Log for Release asterisk-22.8.2

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.8.2.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.8.1...22.8.2)

### Summary:

- Commits: 4
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 4
  - \ 
[GHSA-85x7-54wr-vh42](https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42): \ 
Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
  - \ 
[GHSA-rvch-3jmx-3jf3](https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3): \ 
ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; \ 
potentially leading to privilege escalation
  - \ 
[GHSA-v6hp-wh3r-cwxh](https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh): \ 
The Asterisk embedded web server's /httpstatus page echos user supplied \ 
values(cookie and query string) without sanitization
  - \ 
[GHSA-xpc6-x892-v83c](https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c): \ 
ast_coredumper runs as root, and writes gdb init file to world writeable folder; \ 
leading to potential privilege escalation

### User Notes:

- #### ast_coredumper: check ast_debug_tools.conf permissions
  ast_debug_tools.conf must be owned by root and not be
  writable by other users or groups to be used by ast_coredumper or
  by ast_logescalator or ast_loggrabber when run as root.

### Upgrade Notes:

- #### http.c: Change httpstatus to default disabled and sanitize output.
  To prevent possible security issues, the `/httpstatus` page
  served by the internal web server is now disabled by default.  To explicitly
  enable it, set `enable_status=yes` in http.conf.

Log message:
*: recursive bump for nettle 4.0 shlib major bump

Log message:
*: recursive bump for icu 78.1

Log message:
Update to Asterisk 22.7.0.

## Change Log for Release asterisk-22.7.0

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.7.0.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.6.0...22.7.0)

### Summary:

- Commits: 52
- Commit Authors: 16
- Issues Resolved: 36
- Security Advisories Resolved: 0

### User Notes:

- #### res_stir_shaken: Add STIR_SHAKEN_ATTESTATION dialplan function.
  The STIR_SHAKEN_ATTESTATION dialplan function has been added
  which will allow suppressing attestation on a call-by-call basis
  regardless of the profile attached to the outgoing endpoint.

- #### func_channel: Allow R/W of ADSI CPE capability setting.
  CHANNEL(adsicpe) can now be read or written to change
  the channels' ADSI CPE capability setting.

- #### func_hangupcause.c: Add access to Reason headers via HANGUPCAUSE()
  Added a new option to HANGUPCAUSE to access additional
  information about hangup reason. Reason headers from pjsip
  could be read using 'tech_extended' cause type.

- #### func_math: Add DIGIT_SUM function.
  The DIGIT_SUM function can be used to return the digit sum of
  a number.

- #### app_sf: Add post-digit timer option to ReceiveSF.
  The 't' option for ReceiveSF now allows for a timer since
  the last digit received, in addition to the number-wide timeout.

- #### app_dial: Allow fractional seconds for dial timeouts.
  The answer and progress dial timeouts now have millisecond
  precision, instead of having to be whole numbers.

- #### chan_dahdi: Add DAHDI_CHANNEL function.
  The DAHDI_CHANNEL function allows for getting/setting
  certain properties about DAHDI channels from the dialplan.

### Upgrade Notes:

- #### app_queue.c: Fix error in Queue parameter documentation.
  As part of Asterisk 21, macros were removed from Asterisk.
  This resulted in argument order changing for the Queue dialplan
  application since the macro argument was removed. Upgrade notice was
  missed when this was done, so this upgrade note has been added to
  provide a record of such and a notice to users who may have not upgraded
  yet.

- #### res_audiosocket: add message types for all slin sample rates
  New audiosocket message types 0x11 - 0x18 has been added
  for slin12, slin16, slin24, slin32, slin44, slin48, slin96, and
  slin192 audio. External applications using audiosocket may need to be
  updated to support these message types if the audiosocket channel is
  created with one of these audio formats.

- #### taskpool: Add taskpool API, switch Stasis to using it.
  The threadpool_* options in stasis.conf have now been deprecated
  though they continue to be read and used. They have been replaced with taskpool
  options that give greater control over the underlying taskpool used for stasis.

### Developer Notes:

- #### chan_pjsip: Add technology-specific off-nominal hangup cause to events.
  A "tech_cause" parameter has been added to the
  ChannelHangupRequest and ChannelDestroyed ARI event messages and a \ 
"TechCause"
  parameter has been added to the HangupRequest, SoftHangupRequest and Hangup
  AMI event messages.  For chan_pjsip, these will be set to the last SIP
  response status code for off-nominally terminated calls.  The parameter is
  suppressed for nominal termination.

- #### ARI: The bridges play and record APIs now handle sample rates > 8K \ 
correctly.
  The ARI /bridges/play and /bridges/record REST APIs have new
  parameters that allow the caller to specify the format to be used on the
  "Announcer" and "Recorder" channels respecitvely.

- #### taskpool: Add taskpool API, switch Stasis to using it.
  The taskpool API has been added for common usage of a
  pool of taskprocessors. It is suggested to use this API instead of the
  threadpool+taskprocessor approach.

## Issue and Commit Detail:

### Closed Issues:

  - 781: [improvement]: Allow call by call disabling Stir/Shaken header inclusion
  - 1340: [bug]: comfort noise packet corrupted
  - 1419: [bug]: static code analysis issues in app_adsiprog.c
  - 1422: [bug]: static code analysis issues in apps/app_externalivr.c
  - 1425: [bug]: static code analysis issues in apps/app_queue.c
  - 1434: [improvement]: pbx_variables: Create real channel for dialplan eval \ 
CLI command
  - 1436: [improvement]: res_cliexec: Avoid unnecessary cast to char*
  - 1455: [new-feature]: chan_dahdi: Add DAHDI_CHANNEL function
  - 1467: [bug]: Crash in res_pjsip_refer during REFER progress teardown with \ 
PJSIP_TRANSFER_HANDLING(ari-only)
  - 1478: [improvement]: Stasis threadpool -> taskpool
  - 1479: [bug]: The ARI bridge play and record APIs limit audio bandwidth by \ 
forcing the slin8 format.
  - 1483: [improvement]: sig_analog: Eliminate possible timeout for Last Number \ 
Redial
  - 1485: [improvement]: func_scramble: Add example to XML documentation.
  - 1487: [improvement]: app_dial: Allow partial seconds to be used for dial timeouts
  - 1489: [improvement]: config_options.c: Improve misleading error message
  - 1491: [bug]: Segfault: `channelstorage_cpp` fast lookup without lock \ 
(`get_by_name_exact`/`get_by_uniqueid`) leads to UAF during hangup
  - 1493: [new-feature]: app_sf: Add post-digit timer option
  - 1496: [improvement]: dsp.c: Minor fixes to debug log messages
  - 1499: [new-feature]: func_math: Add function to return the digit sum
  - 1501: [improvement]: codec_builtin: Fix some inaccurate quality weights.
  - 1505: [improvement]: res_fax: Add XML documentation for channel variables
  - 1507: [improvement]: res_tonedetect: Minor formatting issue in documentation
  - 1509: [improvement]: res_fax.c — log debug error as debug, not regular log
  - 1510: [new-feature]: sig_analog: Allow '#' to end the inter-digit timeout \ 
when dialing.
  - 1514: [improvement]: func_channel: Allow R/W of ADSI CPE capability setting.
  - 1517: [improvement]: core_unreal: Preserve ADSI capability when dialing \ 
Local channels
  - 1519: [improvement]: app_dial / func_callerid: DNIS information is not \ 
propagated by Dial
  - 1525: [bug]: chan_websocket: fix use of raw payload variable for string \ 
comparison in process_text_message
  - 1534: [bug]: app_queue when using gosub breaks dialplan when going from 20 \ 
to 21, What's new in 21 doesn't mention it's a breaking change,
  - 1535: [bug]: chan_pjsip changes SSRC on WebRTC channels, which is \ 
unsupported by some browsers
  - 1536: [bug]: asterisk -rx connects to console instead of executing a command
  - 1539: [bug]: safe_asterisk without TTY doesn't log to file
  - 1544: [improvement]: While Receiving the MediaConnect Message Using External \ 
Media Over websocket ChannelID is  Details are missing
  - 1554: [bug]: safe_asterisk recurses into subdirectories of startup.d after f97361
  - 1559: [improvement]: Handle TLS handshake attacks in order to resolve the \ 
issue of exceeding the maximum number of HTTPS sessions.
  - 1578: [bug]: Deadlock with externalMedia custom channel id and cpp map \ 
channel backend

### Commit List:

-  channelstorage:  Allow storage driver read locking to be skipped.
-  res_audiosocket: fix temporarily unavailable
-  safe_asterisk: Resolve a POSIX sh problem and restore globbing behavior.
-  res_stir_shaken: Add STIR_SHAKEN_ATTESTATION dialplan function.
-  iostream.c: Handle TLS handshake attacks in order to resolve the issue of \ 
exceeding the maximum number of HTTPS sessions.
-  chan_pjsip: Disable SSRC change for WebRTC endpoints.
-  chan_websocket: Add channel_id to MEDIA_START, DRIVER_STATUS and DTMF_END events.
-  safe_asterisk:  Fix logging and sorting issue.
-  Fix Endianness detection in utils.h for non-Linux
-  app_queue.c: Fix error in Queue parameter documentation.
-  devicestate: Don't publish redundant device state messages.
-  chan_pjsip: Add technology-specific off-nominal hangup cause to events.
-  res_audiosocket: add message types for all slin sample rates
-  res_fax.c: lower FAXOPT read warning to debug level
-  endpoints: Remove need for stasis subscription.
-  app_queue: Allow stasis message filtering to work.
-  taskpool:  Fix some references to threadpool that should be taskpool.
-  Update contact information for anthm
-  chan_websocket.c: Change payload references to command instead.
-  func_callerid: Document limitation of DNID fields.
-  func_channel: Allow R/W of ADSI CPE capability setting.
-  core_unreal: Preserve ADSI capability when dialing Local channels.
-  func_hangupcause.c: Add access to Reason headers via HANGUPCAUSE()
-  sig_analog: Allow '#' to end the inter-digit timeout when dialing.
-  func_math: Add DIGIT_SUM function.
-  app_sf: Add post-digit timer option to ReceiveSF.
-  codec_builtin.c: Adjust some of the quality scores to reflect reality.
-  res_tonedetect: Fix formatting of XML documentation.
-  res_fax: Add XML documentation for channel variables.
-  channelstorage_cpp_map_name_id: Add read locking around retrievals.
-  app_dial: Allow fractional seconds for dial timeouts.
-  dsp.c: Make minor fixes to debug log messages.
-  config_options.c: Improve misleading warning.
-  func_scramble: Add example to XML documentation.
-  sig_analog: Eliminate potential timeout with Last Number Redial.
-  ARI: The bridges play and record APIs now handle sample rates > 8K correctly.
-  res_pjsip_geolocation: Add support for Geolocation loc-src parameter
-  sorcery: Move from threadpool to taskpool.
-  stasis_channels.c: Make protocol_id optional to enable blind transfer via ari
-  Fix some doxygen, typos and whitespace
-  stasis_channels.c: Add null check for referred_by in \ 
ast_ari_transfer_message_create
-  app_queue: Add NULL pointer checks in app_queue
-  app_externalivr: Prevent out-of-bounds read during argument processing.
-  chan_dahdi: Add DAHDI_CHANNEL function.
-  taskpool: Update versions for taskpool stasis options.
-  taskpool: Add taskpool API, switch Stasis to using it.
-  app_adsiprog: Fix possible NULL dereference.
-  manager.c: Fix presencestate object leak
-  audiohook.c: Ensure correct AO2 reference is dereffed.
-  res_cliexec: Remove unnecessary casts to char*.
-  rtp_engine.c: Add exception for comfort noise payload.
-  pbx_variables.c: Create real channel for "dialplan eval function".

Log message:
Upgrade to Asterisk 22.6.0.

## Change Log for Release asterisk-22.6.0

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.6.0.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.5.2...22.6.0)

### Summary:

- Commits: 54
- Commit Authors: 22
- Issues Resolved: 40
- Security Advisories Resolved: 0

### User Notes:

- #### app_queue.c: Add new global 'log_unpause_on_reason_change'
  Add new global option 'log_unpause_on_reason_change' that
  is default disabled. When enabled cause addition of UNPAUSE event on
  every re-PAUSE with reason changed.

- #### pbx_builtins: Allow custom tone for WaitExten.
  The tone used while waiting for digits in WaitExten
  can now be overridden by specifying an argument for the 'd'
  option.

- #### res_tonedetect: Add option for TONE_DETECT detection to auto stop.
  The 'e' option for TONE_DETECT now allows detection to
  be disabled automatically once the desired number of matches have
  been fulfilled, which can help prevent race conditions in the
  dialplan, since TONE_DETECT does not need to be disabled after
  a hit.

- #### sorcery: Prevent duplicate objects and ensure missing objects are created \ 
on u..
  Users relying on Sorcery multiple writable backends configurations
  (e.g., astdb + realtime) may now enable update_or_create_on_update_miss = yes
  in sorcery.conf to ensure missing objects are recreated after temporary backend
  failures. Default behavior remains unchanged unless explicitly enabled.

- #### chan_websocket: Allow additional URI parameters to be added to the \ 
outgoing URI.
  A new WebSocket channel driver option `v` has been added to the
  Dial application that allows you to specify additional URI parameters on
  outgoing connections. Run `core show application Dial` from the Asterisk CLI
  to see how to use it.

- #### app_chanspy: Add option to not automatically answer channel.
  ChanSpy and ExtenSpy can now be configured to not
  automatically answer the channel by using the 'N' option.

- #### cel: Add STREAM_BEGIN, STREAM_END and DTMF event types.
  Enabling the tracking of the
  STREAM_BEGIN and the STREAM_END event
  types in cel.conf will log media files and
  music on hold played to each channel.
  The STREAM_BEGIN event's extra field will
  contain a JSON with the file details (path,
  format and language), or the class name, in
  case of music on hold is played. The DTMF
  event's extra field will contain a JSON with
  the digit and the duration in milliseconds.

- #### res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM
  Options are now available in the menuselect "Resource Modules"
  category that allow you to enable the AES_192, AES_256 and AES_GCM
  cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support
  them but modern versions do.  Previously, the only way to enable them was
  to set the CFLAGS environment variable when running ./configure.
  The default setting is to disable them preserving existing behavior.

- #### cdr: add CANCEL dispostion in CDR
  A new CDR option "canceldispositionenabled" has been added
  that when set to true, the NO ANSWER disposition will be split into
  two dispositions: CANCEL and NO ANSWER. The default value is 'no'

- #### func_curl: Allow auth methods to be set.
  The httpauth field in CURLOPT now allows the authentication
  methods to be set.

- #### Media over Websocket Channel Driver
  A new channel driver "chan_websocket" is now available. It can
  exchange media over both inbound and outbound websockets and will both frame
  and re-time the media it receives.
  See http://s.asterisk.net/mow for more information.
  The ARI channels/externalMedia API now includes support for the

### Developer Notes:

- #### ARI: Add command to indicate progress to a channel
  A new ARI endpoint is available at `/channels/{channelId}/progress` to \ 
indicate progress to a channel.

- #### options:  Change ast_options from ast_flags to ast_flags64.
  The 32-bit ast_options has no room left to accomodate new
  options and so has been converted to an ast_flags64 structure. All internal
  references to ast_options have been updated to use the 64-bit flag
  manipulation macros.  External module references to the 32-bit ast_options
  should continue to work on little-endian systems because the
  least-significant bytes of a 64 bit integer will be in the same location as a
  32-bit integer.  Because that's not the case on big-endian systems, we've
  swapped the bytes in the flags manupulation macros on big-endian systems
  so external modules should still work however you are encouraged to test.

## Issue and Commit Detail:

### Closed Issues:

  - 401: [bug]: app_dial: Answer Gosub option passthrough regression
  - 927: [bug]: no audio when media source changed during the call
  - 1176: [bug]: ast_slinear_saturated_multiply_float produces potentially \ 
audible distortion artifacts
  - 1259: [bug]: New TenantID feature doesn't seem to set CDR for incoming calls
  - 1260: [bug]: Asterisk sends RTP audio stream before ICE/DTLS completes
  - 1269: [bug]: MixMonitor with D option produces corrupt file
  - 1273: [bug]: When executed with GotoIf, the action Redirect does not take \ 
effect and causes confusion in dialplan execution.
  - 1280: [improvement]: logging playback of audio per channel
  - 1289: [bug]: sorcery - duplicate objects from multiple backends and backend \ 
divergence on update
  - 1301: [bug]: sig_analog: fgccamamf doesn't handle STP, STP2, or STP3
  - 1304: [bug]: FLUSH_MEDIA does not reset frame_queue_length in WebSocket channel
  - 1305: [bug]: Realtime incorrectly falls back to next backend on \ 
record-not-found (SQL_NO_DATA), causing incorrect behavior and delay
  - 1307: [improvement]: ast_tls_cert: Allow certificate validity to be configurable
  - 1309: [bug]: Crash with C++ alternative storage backend enabled
  - 1315:  [bug]: When executed with dialplan, the action Redirect does not take \ 
effect.
  - 1317: [bug]: AGI command buffer overflow with long variables
  - 1321: [improvement]: app_agent_pool: Remove obsolete documentation
  - 1323: [new-feature]: add CANCEL dispostion in CDR
  - 1327: [bug]: res_stasis_device_state: can't delete ARI Devicestate after \ 
asterisk restart
  - 1332: [new-feature]: func_curl: Allow auth methods to be set
  - 1349: [bug]: Race condition on redirect can cause missing Diversion header
  - 1352: [improvement]: Websocket channel with custom URI
  - 1353: [bug]: AST_DATA_DIR/sounds/custom directory not searched
  - 1358: [new-feature]: app_chanspy: Add option to not automatically answer channel
  - 1364: [bug]: bridge.c: BRIDGE_NOANSWER not always obeyed
  - 1366: [improvement]: func_frame_drop: Handle allocation failure properly
  - 1369: [bug]: test_res_prometheus: Compilation failure in devmode due to \ 
curlopts not using long type
  - 1371: [improvement]: func_frame_drop: Add debug messages for frames that can \ 
be dropped
  - 1375: [improvement]: dsp.c: Improve logging in tone_detect().
  - 1378: [bug]: chan_dahdi: dialmode feature is not properly reset between calls
  - 1380: [bug]: sig_analog: Segfault due to calling strcmp on NULL
  - 1384: [bug]: chan_websocket: asterisk crashes on hangup after \ 
STOP_MEDIA_BUFFERING command with id
  - 1386: [bug]: enabling announceposition_only_up prevents any queue position \ 
announcements
  - 1390: [improvement]: res_tonedetect: Add option to automatically end \ 
detection in TONE_DETECT
  - 1394: [improvement]: sig_analog: Skip Caller ID spill if Caller ID is disabled
  - 1396: [new-feature]: pbx_builtins: Make tone option for WaitExten configurable
  - 1401: [bug]: app_waitfornoise timeout is always less then configured because \ 
of time() usage
  - 1457: [bug]: segmentation fault because of a wrong ari config
  - 1462: [bug]: chan_websocket isn't handling the "opus" codec correctly.
  - 1474: [bug]: Media doesn't flow for video conference after res_rtp_asterisk \ 
change to stop media flow before DTLS completes

### Commit List:

-  res_rtp_asterisk.c: Use rtp->dtls in __rtp_sendto when rtcp mux is used.
-  chan_websocket: Fix codec validation and add passthrough option.
-  res_ari: Ensure outbound websocket config has a websocket_client_id.
-  chan_websocket.c: Add DTMF messages
-  app_queue.c: Add new global 'log_unpause_on_reason_change'
-  app_waitforsilence.c: Use milliseconds to calculate timeout time
-  Fix missing ast_test_flag64 in extconf.c
-  pbx_builtins: Allow custom tone for WaitExten.
-  res_tonedetect: Add option for TONE_DETECT detection to auto stop.
-  app_queue: fix comparison for announce-position-only-up
-  sig_analog: Skip Caller ID spill if usecallerid=no.
-  chan_dahdi: Fix erroneously persistent dialmode.
-  chan_websocket: Fix buffer overrun when processing TEXT websocket frames.
-  sig_analog: Fix SEGV due to calling strcmp on NULL.
-  ARI: Add command to indicate progress to a channel
-  dsp.c: Improve debug logging in tone_detect().
-  res_stasis_device_state: Fix delete ARI Devicestates after asterisk restart.
-  app_chanspy: Add option to not automatically answer channel.
-  xmldoc.c: Fix rendering of CLI output.
-  func_frame_drop: Add debug messages for dropped frames.
-  test_res_prometheus: Fix compilation failure on Debian 13.
-  func_frame_drop: Handle allocation failure properly.
-  pbx_lua.c: segfault when pass null data to term_color function
-  bridge.c: Obey BRIDGE_NOANSWER variable to skip answering channel.
-  res_rtp_asterisk: Don't send RTP before DTLS has negotiated.
-  app_dial.c: Moved channel lock to prevent deadlock
-  file.c: with "sounds_search_custom_dir = yes", search \ 
"custom" directory
-  cel: Add STREAM_BEGIN, STREAM_END and DTMF event types.
-  channelstorage_cpp_map_name_id.cc: Refactor iterators for thread-safety.
-  res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM
-  cdr: add CANCEL dispostion in CDR
-  func_curl: Allow auth methods to be set.
-  options:  Change ast_options from ast_flags to ast_flags64.
-  res_config_odbc: Prevent Realtime fallback on record-not-found (SQL_NO_DATA)
-  app_agent_pool: Remove documentation for removed option.
-  res_agi: Increase AGI command buffer size from 2K to 8K
-  ast_tls_cert: Make certificate validity configurable.
-  cdr.c: Set tenantid from party_a->base instead of chan->base.
-  app_mixmonitor:  Update the documentation concerning the "D" option.
-  sig_analog: Properly handle STP, ST2P, and ST3P for fgccamamf.
-  chan_websocket: Reset frame_queue_length to 0 after FLUSH_MEDIA
-  chan_pjsip.c: Change SSRC after media source change
-  Media over Websocket Channel Driver
-  bundled_pjproject: Avoid deadlock between transport and transaction
-  utils.h: Add rounding to float conversion to int.
-  res_musiconhold.c: Ensure we're always locked around music state access.
-  res_musiconhold.c: Annotate when the channel is locked.
-  res_musiconhold: Appropriately lock channel during start.

## Change Log for Release asterisk-22.5.2

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.5.2.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.5.1...22.5.2)

### Summary:

- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
  - \ 
[GHSA-64qc-9x89-rx5j](https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j): \ 
A specifically malformed Authorization header in an incoming SIP request can \ 
cause Asterisk to crash

### Commit Authors:

- George Joseph: (1)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-64qc-9x89-rx5j: A specifically malformed Authorization header in an \ 
incoming SIP request can cause Asterisk to crash

### Commit Details:

#### res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
  Author: George Joseph
  Date:   2025-08-28

  In the highly-unlikely event that get_authorization_hdr() couldn't find an
  Authorization header in a request, trying to get the digest algorithm
  would cauase a SEGV.  We now check that we have an auth header that matches
  the realm before trying to get the algorithm from it.

  Resolves: #GHSA-64qc-9x89-rx5j

Log message:
*: rev bump for curl