./comms/asterisk18, The Asterisk Software PBX

[ Image CVSweb ] [ Image Homepage ] [ Image RSS ] [ Image Required by ] [ Image Add to tracker ]

Branch: CURRENT, Version: 18.26.4nb3, Package name: asterisk-18.26.4nb3, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

This is a Long Term Support version. It is scheduled to go to
security fixes only on October 20th, 2024, and EOL on October 20th,
2025. See here for more information about Asterisk versions:
https://docs.asterisk.org/About-the-Project/Asterisk-Versions/


Required to run:
[textproc/libxml2] [www/curl] [audio/speex] [lang/perl5] [shells/bash] [devel/libuuid] [textproc/iksemel] [textproc/jansson] [audio/speexdsp] [comms/srtp] [lang/python310]


Package options: asterisk-config, jabber, ldap, speex

Master sites: (Expand)

Version history: (Expand)

CVS history: (Expand)


   2026-02-06 11:06:21 by Thomas Klausner | Files touched by this commit (1305) 
Log message:
*: recursive bump for nettle 4.0 shlib major bump
   2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) 
Log message:
*: recursive bump for icu 78.1
   2025-10-05 21:26:29 by Jonathan Schleifer | Files touched by this commit (485) 
Log message:
*: rev bump for curl
   2025-09-29 05:12:19 by John Nemeth | Files touched by this commit (3) 
Log message:
asterisk18:  Update to Asterisk 18.26.4.

pkgsrc change:
- fix PR pkg/59478

## Change Log for Release asterisk-18.26.4

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.4.html)

### Summary:

- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
  - \ 
[GHSA-557q-795j-wfx2](https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2): \ 
Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP \ 
ports and internal resources

### Commit Authors:

- George Joseph: (1)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-557q-795j-wfx2: Resource exhaustion (DoS) vulnerability: remotely \ 
exploitable leak of RTP UDP ports and internal resources

### Commits By Author:

- #### George Joseph (1):
  - pjproject: Update bundled to 2.15.1.

### Commit List:

-  pjproject: Update bundled to 2.15.1.

### Commit Details:

#### pjproject: Update bundled to 2.15.1.
  Author: George Joseph
  Date:   2025-08-25

  This resolves a security issue where RTP ports weren't being released
  causing possible resource exhaustion issues.

  Resolves: #GHSA-557q-795j-wfx2
   2025-08-31 00:46:51 by Thomas Klausner | Files touched by this commit (1355) 
Log message:
*: recursive bump for tiff growing lerc dependency
   2025-08-04 22:17:18 by John Nemeth | Files touched by this commit (3) | Package updated
Log message:
Update to Asterisk 18.26.3.  This is a security update.

## Change Log for Release asterisk-18.26.3

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.3.html)

### Summary:

- Commits: 2
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 2
  - \ 
[GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): \ 
Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
  - \ 
[GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): \ 
Uncontrolled Search-Path Element in safe_asterisk script may allow local \ 
privilege escalation.

### User Notes:

### Upgrade Notes:

- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
  The safe_asterisk script now checks that, if it was run by the
  root user, the /etc/asterisk/startup.d directory and all the files it contains
  are owned by root.  If the checks fail, safe_asterisk will exit with an error
  and Asterisk will not be started.  Additionally, the default logging
  destination is now stderr instead of tty "9" which probably won't exist
  in modern systems.

### Developer Notes:

### Commit Authors:

- George Joseph: (1)
- ThatTotallyRealMyth: (1)

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in \ 
asterisk/res/res_stir_shaken/verification.c
  - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk \ 
script may allow local privilege escalation.

### Commits By Author:

- #### George Joseph (1):
  - res_stir_shaken: Test for missing semicolon in Identity header.

- #### ThatTotallyRealMyth (1):
  - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

### Commit List:

-  safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
-  res_stir_shaken: Test for missing semicolon in Identity header.

### Commit Details:

#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
  Author: ThatTotallyRealMyth
  Date:   2025-06-10

  UpgradeNote: The safe_asterisk script now checks that, if it was run by the
  root user, the /etc/asterisk/startup.d directory and all the files it contains
  are owned by root.  If the checks fail, safe_asterisk will exit with an error
  and Asterisk will not be started.  Additionally, the default logging
  destination is now stderr instead of tty "9" which probably won't exist
  in modern systems.

  Resolves: #GHSA-v9q8-9j8m-5xwp

#### res_stir_shaken: Test for missing semicolon in Identity header.
  Author: George Joseph
  Date:   2025-07-31

  ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
  the Identity header to prevent a possible segfault.

  Resolves: #GHSA-mrq5-74j5-f5cr
   2025-06-02 05:33:52 by John Nemeth | Files touched by this commit (3) 
Log message:
PR/58978 -- comms/asterisk build fails if prefix is not /usr/pkg

Thanks to Taylor Campbell for the patch.  Ride recent version bump.
No pullup since branching will be soon.
   2025-06-02 05:16:07 by John Nemeth | Files touched by this commit (3) 
Log message:
Update to Asterisk 18.26.2:

pkgsrc changes
- add gsed to USE_TOOLS
- appease pkglint somewhat

## Change Log for Release asterisk-18.26.2

### Links:

 - [Full \ 
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.2.html)
 - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.26.1...18.26.2)

### Summary:

- Commits: 2
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 2
  - \ 
[GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): \ 
Using malformed From header can forge identity with ";" or NULL in \ 
name portion
  - \ 
[GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): \ 
cli_permissions.conf: deny option does not work for disallowing shell commands

### User Notes:

- #### asterisk.c: Add option to restrict shell access from remote consoles.
  A new asterisk.conf option 'disable_remote_console_shell' has
  been added that, when set, will prevent remote consoles from executing
  shell commands using the '!' prefix.
  Resolves: #GHSA-c7p6-7mvq-8jq2

## Issue and Commit Detail:

### Closed Issues:

  - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with \ 
";" or NULL in name portion
  - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for \ 
disallowing shell commands