php-ssdeep: update to 1.1.0

pkgsrc change: remove restriction to PHP versions.

1.1.0 (2018-02-20)

* Patch for PHP 7 support (remicollet)
* Add basic Windows support (weltling)

(taca)

doc: Updated security/php-pecl-mcrypt to 1.0.4

(taca)

security/php-pecl-mcrypt: update to 1.0.4

pkgsrc change: Switch to use PHP_VERSIONS_INCOMPATIBLE.

1.0.4 (2020-12-02)

- Make release to advertise PHP 8 support, which it already had.

(taca)

doc/TODO: remove php-pdflib

- php-pdflib-4.1.4.

(taca)

doc: Updated print/php-pdflib to 4.1.4

(taca)

print/php-pdflib: update to 4.1.4

pkgsrc change: remove restriction to PHP versions.

4.1.4 (2019-12-18)

- add LICENSE file (bug #78947)

(taca)

doc/TODO: remove php-xdebug

- php-xdebug-2.8.1.

(taca)

doc: Updated devel/php-xdebug to 3.0.1

(taca)

devel/php-xdebug: update to 3.0.1

pkgsrc change: Switch to use PHP_VERSIONS_INCOMPATIBLE.

3.0.1 (2020-12-04)

= Fixed bugs:

- Fixed issue #1893: Crash with ext-fiber and xdebug.mode=coverage
- Fixed issue #1896: Segfault with closures that are not created from user
  code
- Fixed issue #1897: Crash when removing a breakpoint
- Fixed issue #1900: Update README and add run-xdebug-tests.php to package
- Fixed issue #1901: Stack traces are shown (with a broken time) when
  Xdebug's mode includes 'debug' but not 'develop' or 'trace'
- Fixed issue #1902: Compillation failure on AIX
- Fixed issue #1903: Constants should always be available, regardless of
  which mode Xdebug is in
- Fixed issue #1904: Profile and trace files using %t or %u do not get the
  right names
- Fixed issue #1905: Debugger does not disable request timeouts

3.0.0 (2020-11-25)

Xdebug 3 includes major changes in functionality compared to Xdebug 2. The
primary way how you turn on functionality is through the new xdebug.mode PHP
configuration setting. This made it possible to massively increase performance
in many of Xdebug's sub systems as Xdebug is now much more conservative in
which hooks are enabled.

Configuration changes, massive performance improvements, and PHP 8 support are
the primary features in Xdebug 3, but there is much more. The upgrade guide
lists the changes in great detail, please read it:

https://xdebug.org/docs/upgrade_guide

(taca)

doc: Updated archivers/php-pecl-zip to 1.19.2

(taca)

archivers/php-pecl-zip: update to 1.19.2

pkgsrc update: Switch to use PHP_VERSIONS_INCOMPATIBLE.

1.19.2 (2020-11-23)

- only display libzip both headers/library versions if they differ
- report about ZSTD compression availability
- Raise E_WARNING on PHP related errors (PHP 8)

(taca)

doc/TODO: one more update

+ php-phrasea2-4.1.2.

(taca)

doc/TODO: add and update various PHP related packages

+ adodb-5.20.19 [security], ampache-4.2.5, cacti-1.2.16, collectd-CGP-1,
  gallery3-3.0.9, geeklog-2.2.1sr1, icinga-base-2.12.3, matcha-sns-1.3.8,
  magento-2.4.1, nagios-base-4.4.6, nagios-nrpe-4.0.3, nagios-ncsa-2.10.0,
  nagios-plugins-2.3.3, pear-SOAP-0.14.0, phoronix-test-suite-10.0.1,
  php-basercms-4.4.2, php-concrete5-8.5.4,
  php-excel-1.8.2 [PHPSpreadsheet is sucessor], php-glpi-9.5.3,
  php-jpgraph-4.3.4, php-mailparse-3.1.1, php-mongo-1.6.16,
  php-mongodb-1.9.0, php-mrbs-1.9.2, php-orangehrm-4.0, php-pdflib-4.1.4,
  php-piwigo-2.10.2, php-ssdeep-1.1.0, php-ssh2-1.2, php-soycms-1.18.2a,
  php-tiki6-21.2, php-tt-rss-17.4, php-uploadprogress-1.1.3,
  phraseanet-4.1.2, roundcube-plugin-carddav-4.0.4, websvn-2.6.0,
  z-push-2.6.1, zoneminder-1.34.21.

(taca)

doc: Updated www/php-http3 to 3.2.3

(taca)

www/php-http3: update to 3.2.1

Update php-http3 to 3.2.1.

pkgsrc change:
* Update supported PHP versions.
* Add a few dependency.

3.2.1, 2019-06-07

* Fixed gh-issue #88: Unable to run test suite (Remi Collet)
* Fixed gh-issue #86: test failure with curl 7.64
* Fixed gh-issue #85: [-Wformat-extra-args] build warnings
* Fixed gh-issue #84: segfault and build failure since curl 7.62
* Fixed gh-issue #82: Test harness improvements (Chris Wright)
* Fixed gh-issue #64: compress and connecttimeout interfere with
  low_speed_limit (@rcanavan)
* Fixed http\QueryString::getGlobalInstance()
* Fixed missing 2nd reflection argument info of http\Client::notify()
* Fixed PHP-7.4 compatibility

3.2.0, 2018-07-19

* PHP-7.2 compatibility
* Fixed gh-issue #73: build fails with libidn and libidn2
* Added brotli compression support
* Implemented gh-issue #58: Notify observers before any request is built

3.2.0RC1, 2018-04-09

* PHP-7.2 compatibility
* Fixed gh-issue #73: build fails with libidn and libidn2
* Added brotli compression support
* Implemented gh-issue #58: Notify observers before any request is built

3.1.0, 2016-12-12

* Added http\Client\Curl\User interface for userland event loops
* Added http\Url::IGNORE_ERRORS, http\Url::SILENT_ERRORS and http\Url::STDFLAGS
* Added http\Client::setDebug(callable $debug)
* Added http\Client\Curl\FEATURES constants and namespace
* Added http\Client\Curl\VERSIONS constants and namespace
* Added share_cookies and share_ssl (libcurl >= 7.23.0) options to
  http\Client::configure()
* http\Client uses curl_share handles to properly share cookies and SSL/TLS
  sessions between requests
* Improved configure checks for default CA bundles
* Improved negotiation precision
* Fixed regression introduced by http\Params::PARSE_RFC5987: negotiation
  using the params parser would receive param keys without the trailing
  asterisk, stripped by http\Params::PARSE_RFC5987.
* Fix gh-issue #50: http\Client::dequeue() within http\Client::setDebug()
  causes segfault (Mike, Maik Wagner)
* Fix gh-issue #47: http\Url: Null pointer deref in sanitize_value() (Mike,
  @rc0r)
* Fix gh-issue #45: HTTP/2 response message parsing broken with libcurl >=
  7.49.1 (Mike)
* Fix gh-issue #43: Joining query with empty original variable in query
  (Mike, Sander Backus)
* Fix gh-issue #42: fatal error when using punycode in URLs (Mike, Sebastian
  Thielen)
* Fix gh-issue #41: Use curl_version_info_data.features when initializing
  options (Mike)
* Fix gh-issue #40: determinde the SSL backend used by curl at runtime
  (Mike, @rcanavan)
* Fix gh-issue #39: Notice: http\Client::enqueue(): Could not set option
  proxy_service_name (Mike, @rcanavan)
* Fix gh-issue #38: Persistent curl handles: error code not properly reset
  (Mike, @afflerbach)
* Fix gh-issue #36: Unexpected cookies sent if persistent_handle_id is used
  (Mike, @rcanavan, @afflerbach)
* Fix gh-issue #34: allow setting multiple headers with the same name (Mike,
  @rcanavan)
* Fix gh-issue #33: allow setting prodyhost request option to NULL (Mike,
  @rcanavan)
* Fix gh-issue #31: add/improve configure checks for default CA bundle/path
  (Mike, @rcanavan)

(taca)

doc: Updated devel/php-gearman to 2.0.6

(taca)

devel/php-gearman: update to 2.0.6

Update php-gearman package to 2.0.6.

pkgsrc change:
* Switch GitHub repository to php's.
* Allow build with PHP 7.2 and 7.3.

Version 2.0.6 (2019-09-05)
-------------
- fixing issue with double calling of zval_dtor in set fail callback

(taca)

doc: Updated security/php-oauth to 2.0.7

(taca)

security/php-oauth: update to 2.0.7

Update php-oauth package to 2.0.7.

pkgsrc change: Update supported PHP versions.

2.0.7 (2020-09-18)

* PHP 8 compatibility

2.0.6 (2020-09-09)

* Fix github issue #14 (Fixes for 7.3/7.4 and opcache)

* Fix PHP-7.4 compatibility of object handler
* Fix memory leaks in OAuthProvider
* Fix crash in OAuthProvider's handler registration methods due to
  unconditional addref
* Fix crash in OAuth::fetch() due to modifying hash tables with a refcount>1

2.0.5 (2020-02-06)

* fix config.w32 (cmb)
* fix 7.3 segfault (rlerdorf)
* replace uint-uint32_t, ulong-zend_ulong (Jan-E)
* handle cases where a passed in array might be a const (keyurdg)
* Fix configure for recent cURL versions (cmb)
* Bug #76722 cURL library headers not recognized on Debian 9 (js361014)

2.0.4 (2019-12-02)

* fix php_pcre_match_impl call in 7.4+ (Remi)

2.0.3 (2018-09-30)

* Use _ex versions to avoid SIGABRT of during use of hash functions in 7.2+

2.0.2 (2016-06-18)

* Fix #72006

(taca)

devel/php-raphf2: update supported PHP version

Update supported PHP version; other than PHP 5.6.

(taca)

doc: Updated www/php-propro2 to 2.1.0

(taca)

www/php-propro2: udpate to 2.1.0

Update php-propro2 package to 2.1.0.

pkgsrc change: Update supported PHP versions.

2.1.0 (2018-04-09)

* PHP-7.2 compatibility

2.0.1 (2016-05-25)

* Fixed leak in write_dimension

(taca)

math/php-stats: update PHP version

Update supported PHP version; other than PHP 5.6.

(taca)

converters/php-iconv: add buildlink3.mk

Add buildlink3.mk file for newer www/php-http3 package.

(taca)

doc: Updated comms/asterisk13 to 13.38.1

(jnemeth)

gdal: Revbump due to geos update

(gdt)

postgis: Revbump for geos update

(gdt)

doc: Updated geography/geos to 3.9.0

(gdt)

geogrpahy/geos: Update to 3.9.0

Upstream NEWS:

Changes in 3.9.0beta1
2020-11-27

- New things:
  - MaximumInscribedCircle and LargestEmptyCircle (JTS-530, Paul Ramsey)
  - CAPI: Fixed precision overlay operations (Sandro Santilli, Paul Ramsey)
  - CAPI: GEOSPreparedNearestPoints (#1007, Sandro Santilli)
  - CAPI: GEOSPreparedDistance (#1066, Sandro Santilli)
  - SimpleSTRTree spatial index implementation (Paul Ramsey)
  - Add support for pkg-config for GEOS C API (#1073, Mike Taves)

- Improvements:
  - Stack allocate segments in OverlapUnion (Paul Ramsey)
  - Improve performance of GEOSisValid (Dan Baston)
  - Update geos-config tool for consistency
    and escape paths (https://git.osgeo.org/gitea/geos/geos/pulls/99)
    changes mostly affect CMake MSVC builds (#1015, Mike Taves)
  - Testing on Rasberry Pi 32-bit (berrie) (#1017, Bruce Rindahl, Regina Obe)
  - Replace ttmath with JTS DD double-double implementation (Paul Ramsey)
  - Fix bug in DistanceOp for geometries with empty components (#1026, Paul Ramsey)
  - Remove undefined behaviour in CAPI (#1021, Greg Troxel)
  - Fix buffering issue (#1022, JTS-525, Paul Ramsey)
  - MinimumBoundingCircle.getMaximumDiameter fix (JTS-533, Paul Ramsey)

- Changes:
  - Drop SWIG bindings, including for Ruby and Python (#1076, Mike Taves)

(gdt)

doc: Updated comms/asterisk15 to 15.4.1nb24

(gdt)

asterisk16: Update to 16.15.1

upstream changes: security fixes and bug fixes

(gdt)

doc: Updated devel/cscope to 15.9

(wiz)

cscope: update to 15.9.

Based on patch by Brad Harder on pkgsrc-users.

Changes not found.

(wiz)

doc: Updated devel/autoconf to 2.70

(js)

Update to Asterisk 13.38.1

-----

The Asterisk Development Team would like to announce security releases for
Asterisk 13, 16, 17 and 18. The available releases are released as versions
13.38.1, 16.15.1, 17.9.1 and 18.1.1.

The following security vulnerabilities were resolved in these versions:

* AST-2020-003: Remote crash in res_pjsip_diversion
  A crash can occur in Asterisk when a SIP message is received that has a
  History-Info header, which contains a tel-uri.

* AST-2020-004: Remote crash in res_pjsip_diversion
  A crash can occur in Asterisk when a SIP 181 response is received that has a
  Diversion header, which contains a tel-uri.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2020-003.pdf
https://downloads.asterisk.org/pub/security/AST-2020-004.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.38.0.

The release of Asterisk 13.38.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-29057 - pjsip: Crash on call rejection during high load
      (Reported by Sandro Gauci)

Improvements made in this release:
-----------------------------------
* ASTERISK-29056 - Increase reg_server column size for
      ps_contacts table realtime
      (Reported by sungtae kim)
* ASTERISK-29055 - Create a Bridge with video_single mode
      (Reported by sungtae kim)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-29013 - res_pjsip: Asterisk doesn't stop sending
      invites (with auth) on 407 replies
      (Reported by Sebastian Damm)
* ASTERISK-29108 - resource_endpoints.c : Memory leak if
      endpoint not found
      (Reported by Jean Aunis - Prescom)
* ASTERISK-29097 - res_pjsip_config_wizard: Crash when freeing
      string when failing to add extension
      (Reported by Vieri)
* ASTERISK-26424 - app_voicemail: Undocumented behavior from VMSayName
      (Reported by Eric Smith)
* ASTERISK-29051 - res_pjsip_sdp_rtp: Does not set correct
      values on RTP instance when "auto" DTMF is used
      (Reported by Sebastian Damm)
* ASTERISK-28311 - dsp: ast_dsp_silence_noise_with_energy wrong
      judgment of frame format
      (Reported by ?????????)
* ASTERISK-24329 - Music On Hold announcement cuts intro of
      music the first time it is played
      (Reported by Thomas Frederiksen)
* ASTERISK-29081 - res_stasis: Add compare function for bridges
      moh container
      (Reported by Hajek Michal)
* ASTERISK-29085 - func_curl: Segmentation fault when using
      CURL after setting httpheader CURLOPT
      (Reported by P??ter Juh??sz)
* ASTERISK-28416 - Unable to get rtp codec payload code for slin
      (Reported by Brian J. Murrell)

New Features made in this release:
-----------------------------------
* ASTERISK-29027 - Implement support for History-Info
      (Reported by Torrey Searle)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.38.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 16, 17 and 18, and Certified Asterisk
16.8. The available releases are released as versions 13.37.1,
16.14.1, 17.8.1, 18.0.1 and 16.8-cert5.

The following security vulnerabilities were resolved in these versions:

* AST-2020-001: Remote crash in res_pjsip_session
  Upon receiving a new SIP Invite, Asterisk did not return the created dialog
  locked or referenced.

* AST-2020-002: Outbound INVITE loop on challenge with different nonce.
  If Asterisk is challenged on an outbound INVITE and the nonce is changed in
  each response, Asterisk will continually send INVITEs in a loop. This causes
  Asterisk to consume more and more memory since the transaction will never
  terminate (even if the call is hung up), ultimately leading to a restart or
  shutdown of Asterisk. Outbound authentication must be configured on the
  endpoint for this to occur.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.37.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2020-001.pdf
https://downloads.asterisk.org/pub/security/AST-2020-002.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.37.0.

The release of Asterisk 13.37.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-25665 - Duplicate logging in queue log for EXITEMPTY events
      (Reported by Ove Aursand)
* ASTERISK-29043 - app_queue: Leave empty sometimes not
      recorded as abandoned
      (Reported by Kfir Itzhak)
* ASTERISK-29042 - res_parking: Parker UUID is no longer copied
      (Reported by Misha Vodsedalek)
* ASTERISK-29029 - Voicemail "pollmailboxes"-option not
      working, bug in function handle_subscribe
      (Reported by Karsten Wemheuer)
* ASTERISK-28878 - chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16
      (Reported by Joseph Ades)
* ASTERISK-29046 - pbx: Deadlock when doing a reload, while
      simultaneously doing an ExtensionState on a pattern match hint
      that ends up adding an extension
      (Reported by Ramarajan)
* ASTERISK-29040 - res_speech: Assertion on format
      (Reported by Nickolay V. Shmyrev)
* ASTERISK-29001 - chan_pjsip does not process or forward 181 responses
      (Reported by Torrey Searle)
* ASTERISK-27273 - app_voicemail: When a voicemail is marked as
      "Urgent", it is not sent by email/processed by the mailcmd command
      (Reported by Leandro Dardini)
* ASTERISK-29033 - res_pjsip_session: Aggressively terminates
      session on failed re-INVITE
      (Reported by Joshua C. Colp)
* ASTERISK-28974 - res_rtp_asterisk: T.140 messages have
      appended RTP string to each message block.
      (Reported by Thomas Johnson)

Improvements made in this release:
-----------------------------------
* ASTERISK-29010 - Allow disabling of FollowMe prompt
      (Reported by Dennis)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.37.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.36.0.

The release of Asterisk 13.36.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-29042 - res_parking: Parker UUID is no longer copied
      (Reported by Misha Vodsedalek)
* ASTERISK-29029 - Voicemail "pollmailboxes"-option not
      working, bug in function handle_subscribe
      (Reported by Karsten Wemheuer)
* ASTERISK-29046 - pbx: Deadlock when doing a reload, while
      simultaneously doing an ExtensionState on a pattern match hint
      that ends up adding an extension
      (Reported by Ramarajan)
* ASTERISK-29011 - chan_sip: ToHost property not cleared on reload
      (Reported by Dennis)
* ASTERISK-28987 - BridgeCreated ARI event shows wrong
      video_mode info
      (Reported by sungtae kim)
* ASTERISK-28927 - Asterisk crash in music on hold
      (Reported by David Cunningham)
* ASTERISK-28973 - Malformed IP address in SDP of 2nd SIP timer
      triggered INVITE when NAT is active (UDP transport with
      external_media_address)
      (Reported by Michael Neuhauser)
* ASTERISK-28995 - res_pjsip_registrar: Expires on statically
      configured contacts is not correct
      (Reported by tootai)
* ASTERISK-28978 - acl: named_acl rule misconfiguration results
      in segfault on reading rule from realtime
      (Reported by Andrew Yager)
* ASTERISK-28975 - res_http_websocket: Text payload data
      doesn't necessary include trailing zero
      (Reported by Nickolay V. Shmyrev)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.36.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.35.0.

The release of Asterisk 13.35.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28878 - chan_pjsip: PJSIP_MEDIA_OFFER Broken asterisk 16
      (Reported by Joseph Ades)
* ASTERISK-28965 - res_pjsip: Apply outbound proxy to static
      contacts on AOR
      (Reported by Joshua C. Colp)
* ASTERISK-28930 - ./configure --without-ssl build failure
      (Reported by Jaco Kroon)
* ASTERISK-28957 - chan_sip: chan_sip does not process 400
      response to an INVITE.
      (Reported by Frederic LE FOLL)
* ASTERISK-28888 - res_corosync: causes asterisk crash in huge
      distributed environment.
      (Reported by Universit?? di Bologna - CESIA VoIP)
* ASTERISK-28955 - "setvar" doesn't work properly in
      dahdi-channels.conf
      (Reported by Marin Odrljin)
* ASTERISK-28942 - res_sorcery_memory_cache: Individual object
      expiration behaves unexpectedly with full backend caching
      (Reported by Joshua C. Colp)
* ASTERISK-28952 - Queue wrapuptime sometimes not respected
      (based on stale lastcall time)
      (Reported by Walter Doekes)
* ASTERISK-28950 - Stale code in app_queue to check untouched channel
      (Reported by Walter Doekes)
* ASTERISK-28644 - Stale comment in app_queue about ring_entry exception
      (Reported by Walter Doekes)
* ASTERISK-28923 - T.38 Segfaults in chan_pjsip_queryoption
      (Reported by Yury Kirsanov)
* ASTERISK-28936 - res_pjsip: crash when dialing non-sip uri
      (Reported by Walter Doekes)
* ASTERISK-28900 - res_fax: Double frame free when gateway in
      use with off-nominal format usage
      (Reported by Gregory Massel)
* ASTERISK-28929 - pjproject_bundled: Honor --without-pjproject.
      (Reported by Alexander Traud)
* ASTERISK-28932 - res_pjsip_logger writing too big packets
      (Reported by nappsoft)
* ASTERISK-28885 - res_rtp_asterisk: Simultaneous termination
      and ICE complete can cause crash
      (Reported by Josep B)
* ASTERISK-28921 - Wrong return value check for fwrite when
      writing to pcap file
      (Reported by nappsoft)

Improvements made in this release:
-----------------------------------
* ASTERISK-28959 - res_pjsip: Added option for disable rport
      parameter set
      (Reported by sungtae kim)
* ASTERISK-28958 - Continue reading string when ping received
      by websocket
      (Reported by Nickolay V. Shmyrev)
* ASTERISK-28945 - AMI SendText - add Content-Type parameter
      (Reported by Kevin Harwell)
* ASTERISK-28949 - res_http_websocket: Add masking to websocket client
      (Reported by Moises Silva)
* ASTERISK-28899 - Upgrade Asterisk to bundled pjproject 2.10
      (Reported by Kevin Harwell)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.35.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.34.0.

The release of Asterisk 13.34.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28932 - res_pjsip_logger writing too big packets
      (Reported by nappsoft)
* ASTERISK-28921 - Wrong return value check for fwrite when
      writing to pcap file
      (Reported by nappsoft)
* ASTERISK-28794 - res_pjsip: Crash when escaping during URI printing
      (Reported by nappsoft)
* ASTERISK-28884 - x-ast-orig-host not filtered out from
      request URI and To header
      (Reported by nappsoft)
* ASTERISK-28898 - bridge_softmix: Conference bridge not
      passing silent rtp packets
      (Reported by Jonathan Hunter)
* ASTERISK-28904 - RTP ICE leaks the memory
      (Reported by sungtae kim)
* ASTERISK-28854 - SIGSEGV when pjsip show history encounters
      IPV6 address
      (Reported by Roger James)
* ASTERISK-28797 - [patch] tcptls: Fix notice when TLS is
      enabled but not configured.
      (Reported by Alexander Traud)
* ASTERISK-28804 - [patch] app_osplookup.c: Avoid a format
      truncation.
      (Reported by Alexander Traud)
* ASTERISK-28776 - Non async-signal-safe syscalls used after
      fork before exec
      (Reported by nappsoft)
* ASTERISK-28829 - app_queue: leaking stasis subscription when
      Redirecting call
      (Reported by lvl)
* ASTERISK-25844 - app_queue: Ghost channels in "core show
      channels" output
      (Reported by Etienne Lessard)
* ASTERISK-22920 - Crash while Forwarding from TLS extension
      with CHANNEL args secure_bridge_media and
      secure_bridge_signaling
      (Reported by Shlomi Gutman)
* ASTERISK-28859 - pjsip: Increase maximum candidate count
      (Reported by Joshua C. Colp)
* ASTERISK-28852 - Unprotected access to nochecksums variable,
      causes build failures
      (Reported by Guido Falsi)

Improvements made in this release:
-----------------------------------
* ASTERISK-28895 - res_pjsip_logger: Add tons'o'functionality
      (Reported by Joshua C. Colp)
* ASTERISK-28879 - pjproject has race conditions in it's build system
      (Reported by Guido Falsi)
* ASTERISK-28866 - third-party/pjproject/configure.m4 contains bashisms
      (Reported by Guido Falsi)
* ASTERISK-28832 - chan_mobile creates PCMA streams that make
      some VoIP clients crash or not render received audio
      (Reported by Peter Turczak)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.34.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.33.0.

The release of Asterisk 13.33.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Improvements made in this release:
-----------------------------------
* ASTERISK-28813 - func_volume: Allow decimal numbers as
      parameter to improve granularity
      (Reported by Jean Aunis - Prescom)
* ASTERISK-27946 - dial (API): Storage of dialed target uses
      AST_MAX_EXTENSION when it shouldn't
      (Reported by Joshua Elson)
* ASTERISK-28782 - Add support for Content-Disposition header
      in multi-part INVITES
      (Reported by Torrey Searle)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28852 - Unprotected access to nochecksums variable,
      causes build failures
      (Reported by Guido Falsi)
* ASTERISK-28847 - ARI channels cuts the endpoint string over
      80 characters
      (Reported by sungtae kim)
* ASTERISK-28835 - IPv6 addresses in SDP incorrectly formatted
      (Reported by Daniel Heckl)
* ASTERISK-28372 - Asterisk REPLY Wrong Contact header port (TCP)
      (Reported by Anton Satskiy)
* ASTERISK-24428 - Document that Asterisk will use the default
      SIP ports (5060 for TCP, 5061 for TLS) if the extern option
      variants aren't used
      (Reported by sstream)
* ASTERISK-28838 - AST_MODULE_INFO requires, MODULEINFO does
      not mention
      (Reported by Alexander Traud)
* ASTERISK-28837 - pjproject_bundled: Honor
      --without-pjproject.
      (Reported by Alexander Traud)
* ASTERISK-27195 - chan_sip: only sets ToS bits on UDP socket,
      ignoring TCP and TLS sockets
      (Reported by Joshua Roys)
* ASTERISK-28812 - First DTMF is not get
      (Reported by Bernard Merindol)
* ASTERISK-28758 - pjsip startup errors when using "with-ssl"
      configure option
      (Reported by Patrick Wakano)
* ASTERISK-28824 - BuildSystem: Search for Python/C API when
      possibly needed only.
      (Reported by Alexander Traud)
* ASTERISK-27717 - [patch] BuildSystem: In NetBSD, the Python
      Programming Language is python-2.7.
      (Reported by Alexander Traud)
* ASTERISK-28798 - [patch] chan_sip: TCP/TLS client without server.
      (Reported by Alexander Traud)
* ASTERISK-28817 - chan_pjsip: constant DTMF tone if RTP is not
      setup yet
      (Reported by Kevin Harwell)
* ASTERISK-28816 - [patch] BuildSystem: Remove doc/tex and
      doc/pdf leftovers.
      (Reported by Alexander Traud)
* ASTERISK-28818 - [patch] BuildSystem: Allow space in path.
      (Reported by Alexander Traud)
* ASTERISK-28801 - [patch] stasis: Avoid always true warnings
      with clang.
      (Reported by Alexander Traud)
* ASTERISK-28796 - func_channel: cannot read fields exten,
      context, userfield, channame from dialplan
      (Reported by S??bastien Duthil)
* ASTERISK-28803 - [patch] chan_unistim: Avoid tautological
      warnings with clang.
      (Reported by Alexander Traud)
* ASTERISK-28808 - [patch] test_stasis: Avoid always true
      warning with clang.
      (Reported by Alexander Traud)
* ASTERISK-28056 - res_pjsip: Incorrect endpoint status after
      endpoint synchronization for a specific AOR
      (Reported by Jason Hord)
* ASTERISK-28789 - test_utils: incorrectly printing error
      'declined to load'
      (Reported by Alexander Traud)
* ASTERISK-28788 - func_aes: incorrectly printing error
      'declined to load'
      (Reported by Alexander Traud)
* ASTERISK-16676 - DAHDIRAS fails to properly initiate pppd
      unless asterisk is running as root
      (Reported by Jaco Kroon)
* ASTERISK-21205 - [patch] dundi_read_result crash due to
      negative number
      (Reported by Jaco Kroon)
* ASTERISK-28743 - Asterisk is crashing if the 200 OK with SDP
      (Reported by sungtae kim)
* ASTERISK-28774 - chan_pjsip's rtptimeout is erroneously
      triggered during direct-media (native_rtp) bridge
      (Reported by Michael Neuhauser)
* ASTERISK-20325 - Comments in configs/func_odbc.conf.sample
      are not consistent with examples. Missing examples.
      (Reported by Olivier Krief)
* ASTERISK-28780 - app_mixmonitor: Memory leak due to race
      condition between AMI MixMonitor and hangup
      (Reported by Joshua C. Colp)
* ASTERISK-28773 - Incorrect Sender SSRC in RTCP when p2p rtp
      bridge is active
      (Reported by Torrey Searle)
* ASTERISK-28759 - A non negotiated rtp frame causes call
      disconnection when there is a SSRC change
      (Reported by Paulo Vicentini)
* ASTERISK-26711 - func_enum: ENUM code wrong case
      (Reported by Vitold)
* ASTERISK-23407 - Fix the FSF address in the headers of lots
      of pjproject files
      (Reported by Jared Smith)
* ASTERISK-28769 - DTLS Handshake Fails to Occur if ice_support
      is enabled but not used
      (Reported by Torrey Searle)
* ASTERISK-19460 - [patch] Function TXTCIDNAME never actually
      makes DNS calls and always returns an empty string
      (Reported by George Joseph)

New Features made in this release:
-----------------------------------
* ASTERISK-6863 - [patch] allow Asterisk to set high ToS bits
      as non-root on Linux
      (Reported by Matt Addison)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.33.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.32.0.

The release of Asterisk 13.32.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28766 - PJSIP blind transfer not completed after
      using Proceeding()
      (Reported by lvl)
* ASTERISK-28685 - check_expr2: linking (when hardening) and
      cross-compiling troubles
      (Reported by Sebastian Kemper)
* ASTERISK-28755 - SIP/Stasis: SIP headers not transmitted in
      the "variables" field
      (Reported by Jean Aunis - Prescom)
* ASTERISK-28754 - ASTERISK-28738 Causes Audio Issue After Hold
      (Reported by Ross Beer)
* ASTERISK-28716 - ICE: pjnath shouldn't wait for ICE to
      complete before allowing sending
      (Reported by Benjamin Keith Ford)
* ASTERISK-28697 - res_pjsip: Named ACL does not update on
      reload if changed
      (Reported by Timothy Vanderaerden)
* ASTERISK-28738 - Incorrect state machine used when
      MOH_PASSTHRU is used
      (Reported by Torrey Searle)
* ASTERISK-28735 - Realtime MoH Unknown format '' -- defaulting
      to SLIN
      (Reported by Ross Beer)
* ASTERISK-26955 - pjsip: SIP Packets with Via "received="
      Containing IPv6 Address Delimited by "[]" Rejected
      (Reported by Peter Sokolov)
* ASTERISK-28718 - chan_sip: Returns 403 if RTP ports are
      depleted, should return 503
      (Reported by Walter Doekes)
* ASTERISK-28719 - Cannot remove defaultrule from queue using
      realtime queues
      (Reported by EDV O-TON)
* ASTERISK-28714 - REGRESSION: Feature
      subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
      (Reported by Ross Beer)
* ASTERISK-26082 - res_pjsip_messaging: MessageSend
      Content-Type can't be changed
      (Reported by Alex)
* ASTERISK-28423 - ARI causes STASIS Deadlock
      (Reported by Ross Beer)
* ASTERISK-28679 - stasis application is destroyed after its creation
      (Reported by Francois Blackburn)
* ASTERISK-25421 - PJSIP. MESSAGE_SEND_STATUS set to SUCCESS in
      spite of the error when sending
      (Reported by Dmitriy Serov)
* ASTERISK-28139 - RTP Stream Incorrect Payload Type Causes
      Asterisk To Drop Calls
      (Reported by Paul Brooks)
* ASTERISK-28686 - chan_sip strictrtp=yes fails when media
      source is changed: no audio
      (Reported by Walter Doekes)

Improvements made in this release:
-----------------------------------
* ASTERISK-28750 - TLS/SSL Key too small error
      (Reported by Martin Zeh)
* ASTERISK-24798 - Documentation - Clarify That Format Is Set
      By File Name Extension In MixMonitor
      (Reported by xrobau)
* ASTERISK-28726 - install_prereq script uses the interactive
      mode when installing aptitude
      (Reported by Sylvain Afchain)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.32.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.31.0.

The release of Asterisk 13.31.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-17491 - CURLOPT() needs a "followlocation" parameter
      / "maxredirs" doesn't do anything
      (Reported by candrews)
* ASTERISK-28639 - res_pjsip_endpoint_identifier_ip: Add
      ability to match on source port
      (Reported by Sean Bright)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28679 - stasis application is destroyed after its creation
      (Reported by Francois Blackburn)
* ASTERISK-28423 - ARI causes STASIS Deadlock
      (Reported by Ross Beer)
* ASTERISK-28714 - REGRESSION: Feature
      subscription_persistence_recreate (ASTERISK-27759) Causes Segfaults
      (Reported by Ross Beer)
* ASTERISK-28677 - CDR billsec is always 0 for transferred calls
      (Reported by Maciej Michno)
* ASTERISK-28706 - silk 24hHz doesn't show up in 'core show
      translation' output
      (Reported by Sean Bright)
* ASTERISK-24484 - Update documentation for statsd module -
      usage requirements unclear
      (Reported by Dan Jenkins)
* ASTERISK-28702 - chan_dahdi: holding a channel via flash to
      dialtone times out after 0:16:40
      (Reported by Andrew Siplas)
* ASTERISK-28695 - core: minmemfree watermark uses free RAM,
      not available RAM
      (Reported by Kevin Flyn)
* ASTERISK-28693 - chan_sip: SIP MESSAGE beginning with a
      whitespace appears empty in the dialplan
      (Reported by Frank Matano)
* ASTERISK-23739 - [patch]Segfault forwarding voicemail with
      ODBC storage enabled and realtime voicemail_data is used
      (Reported by Stas Kobzar)
* ASTERISK-27622 - empty voicemail.conf required for ARA
      (realtime) voicemail to leave message
      (Reported by Jim Van Meggelen)
* ASTERISK-28349 - Pause reason not reported in QueueMember AMI event
      (Reported by Niksa Baldun)
* ASTERISK-21794 - CLI command 'realtime update2' syntax
      failure when using according to usage help
      (Reported by Cedric BASSAGET)
* ASTERISK-25429 - res_pjsip_endpoint_identifier_ip: Document
      support for hostnames
      (Reported by Joshua C. Colp)
* ASTERISK-27775 - res_pjsip_notify: Multiple Event headers can
      be present instead of just one
      (Reported by AvayaXAsterisk)
* ASTERISK-28682 - app_record: Lack of `beep` audio file causes
      application to return error and hangup
      (Reported by Corey Farrell)
* ASTERISK-28507 - Wiki docs missing for MessageWaiting
      (Reported by David M. Lee)
* ASTERISK-27759 - res_pjsip_pubsub: Subscription persistence
      does not preserve XML <dialog-info> version number
      (Reported by Bryan Nelson)
* ASTERISK-28605 - chan_dahdi: Deadlock in Hangup Scenarios
      with concurrent command pri show span X
      (Reported by Dirk Wendland)
* ASTERISK-28633 - stasis bridge topic leak
      (Reported by Joeran Vinzens)
* ASTERISK-28492 - pjsip reload not reloading wizard
      endpoint/pickup_group endpoint/call_group
      (Reported by Jean-Denis Girard)
* ASTERISK-27243 - contrib: valgrind.supp doesn't suppress what
      it's supposed to due to invalid syntax
      (Reported by Richard Kenner)
* ASTERISK-28497 - func_odbc: truncating Unicode string on readsql
      (Reported by Boris P. Korzun)
* ASTERISK-28647 - chan_sip: RTP frames not transmitted after
      emitting a COLP
      (Reported by Jean Aunis - Prescom)
* ASTERISK-28667 - Asterisk ignores parsing of config files if
      a Byte order mark is present
      (Reported by Robin Leffmann)
* ASTERISK-28664 - "trustrpid" is misspelled in
      sip_to_pjsip.py
      (Reported by Pascal Cadotte Michaud)
* ASTERISK-28663 - jansson: Support old versions
      (Reported by Joshua C. Colp)
* ASTERISK-28636 - app_chanisavail+cdr: ChanIsAvail sometimes
      fails to deactivate CDR.
      (Reported by Frederic LE FOLL)
* ASTERISK-28604 - app_meetme, chan_ooh323 and cdr_mysql don't
      build on 17.0.0
      (Reported by George Joseph)
* ASTERISK-28660 - res_fax: wrap Asterisk initiated negotiation
      with config option
      (Reported by Kevin Harwell)
* ASTERISK-28628 - Debian 10.2: Warning when app_voicemail is compiling
      (Reported by Stanislav Abramenkov)
* ASTERISK-28626 - Missing arguments in PJSIP_CONTACT function
      documentation
      (Reported by Pascal Cadotte Michaud)
* ASTERISK-28651 - chan_sip logs errors on tx to non-existent
      TCP connections
      (Reported by Jaco Kroon)
* ASTERISK-28502 - chan_pjsip incorrectly re-writes REGISTER
      200 Response Contact
      (Reported by Ross Beer)

Improvements made in this release:
-----------------------------------
* ASTERISK-28710 - Should be able to disable the /httpstatus
      URI in the built-in HTTP server
      (Reported by Sean Bright)
* ASTERISK-28638 - Simplify dialplan for Dial, Page, and ChanIsAvail
      (Reported by cmaj)
* ASTERISK-28673 - GET FULL VARIABLE documentation clarification
      (Reported by Jonathan Harris)
* ASTERISK-28658 - app_confbridge: Add support for setting
      maximum sample rate
      (Reported by Joshua C. Colp)

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.30.0.

The release of Asterisk 13.30.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-28589 - chan_sip: Depending on configuration an
      INVITE can alter Addr of a peer
      (Reported by Andrey  V.  T.)
* ASTERISK-28580 - Bypass SYSTEM write permission in manager
      action allows system commands execution
      (Reported by Eliel Sarda十ons)

Improvements made in this release:
-----------------------------------
* ASTERISK-28602 - res_pjsip_outbound_registration: Maximum
      retries reached
      (Reported by Daniel)
* ASTERISK-28586 - Typo in README-SERIOUSLY.bestpractices.md
      (Reported by Sam Banks)
* ASTERISK-22192 - [patch] Allow voicemail forwards with ODBC
      backend when format differs from attachfmt column
      (Reported by cmaj)
* ASTERISK-28567 - Problem with ASTERISK-20207: Asterisk should
      clear out any .lock files in the voice mail directory on startup.
      (Reported by Michael)
* ASTERISK-28542 - [patch] add the ability for asterisk to
      generate on-hold re-invites
      (Reported by Torrey Searle)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28663 - jansson: Support old versions
      (Reported by Joshua C. Colp)
* ASTERISK-28604 - app_meetme, chan_ooh323 and cdr_mysql don't build on 17.0.0
      (Reported by George Joseph)
* ASTERISK-28641 - res_pjsip Segfaults when realtime
      configuration to an AOR points to a not existent AOR
      (Reported by Ross Beer)
* ASTERISK-28644 - Stale comment in app_queue about ring_entry exception
      (Reported by Walter Doekes)
* ASTERISK-28637 - chan_sip+native_bridge_rtp: directmedia
      compatibility check failure when negociated ptime is not default ptime.
      (Reported by Frederic LE FOLL)
* ASTERISK-28445 - res_pjsip_session: ast_json_vpack: Invalid
      UTF-8 string on hangup when TEST_FRAMEWORK enabled
      (Reported by Bernhard Schmidt)
* ASTERISK-28631 - res_parking: Doesn't park when parkee and
      parker are the same
      (Reported by Ross Beer)
* ASTERISK-28612 - res_pjsip_t38: crash on reinvite with zero
      port and no c= line
      (Reported by Salah Ahmed)
* ASTERISK-28621 - Enforce T.38 error correction mode at 200 ok received
      (Reported by Salah Ahmed)
* ASTERISK-28615 - chan_dahdi: PRI span status may stay "Down,
      Active" after a short alarm
      (Reported by Frederic LE FOLL)
* ASTERISK-28616 - parking: Deadlock when multi call parking
      (Reported by Joshua C. Colp)
* ASTERISK-28423 - ARI causes STASIS Deadlock
      (Reported by Ross Beer)
* ASTERISK-28608 - app_amd: Use time calculation to calculate timeout
      (Reported by Michael Cargile)
* ASTERISK-28576 - res_rtp_asterisk: ICE Completion Crash when
      sent packet length doesn't match
      (Reported by Joshua Elson)
* ASTERISK-28618 - bridge_softmix: hold not cleared when
      joining a softmix bridge
      (Reported by Kevin Harwell)
* ASTERISK-26481 - FILE function grabs garbage along with read
      data when target line has no newline
      (Reported by Jonathan Harris)
* ASTERISK-28572 - Memory leaks in res_calendar_exchange and
      res_calendar_icalendar
      (Reported by Yoooooo Ha)
* ASTERISK-28585 - ari/resource_events: Crash in event session cleanup
      (Reported by Kevin Harwell)
* ASTERISK-28590 - utils.c throws repeated warnings;
      "pthread_attr_setstacksize: Invalid argument"
      (Reported by Speed Dial Dave)
* ASTERISK-28578 - race condition on pjsip channelstats command
      (Reported by Salah Ahmed)
* ASTERISK-28571 - cdr_pgsql: accesses obsolete (and finally
      removed) column
      (Reported by Christoph Moench-Tegeder)
* ASTERISK-28575 - MWI Send Notify Crash on 16.6
      (Reported by Joshua Elson)
* ASTERISK-28574 - pjproject fails to build on 16.6.0, works on 16.5
      (Reported by Niklas Larsson)
* ASTERISK-28561 - Asterisk Deadlocks
      (Reported by Aheliotech)
* ASTERISK-28086 - chan_pjsip: Crash when initiating PlayDTMF over AMI
      (Reported by Jeremiah Gadd)
* ASTERISK-28552 - res_pjsip_mwi: Frack during unload on
      unsolicited_mwi container
      (Reported by Kevin Harwell)
* ASTERISK-28566 - CDR backend unload problem during active call(s)
      (Reported by Marian Piater)
* ASTERISK-28544 - Wrong contact representation in ipv6 mode
      (Reported by J十rgen H)
* ASTERISK-28534 - Segmentation fault when there is no priority
      for an extension
      (Reported by Timothy Vanderaerden)
* ASTERISK-28463 - res_pjsip_path: Crash when invalid contact
      is configured
      (Reported by Juan Martin)
* ASTERISK-28521 - pjsip: Memory Leak
      (Reported by Mark)
* ASTERISK-28523 - Asterisk 16.5.0 Memory leak
      (Reported by Cyril Rami十re)
* ASTERISK-28538 - chan_pjsip: Deadlock on fax detection
      (Reported by Joshua C. Colp)
* ASTERISK-28536 - Asterisk release candidates fail to build on FreeBSD
      (Reported by Guido Falsi)
* ASTERISK-23756 - setvar directive when used in template and a
      child of said template, results in duplicate variable names
      (Reported by Michael Goryainov)

New Features made in this release:
-----------------------------------
* ASTERISK-28614 - app_senddtmf: Allow "receiving" DTMF with
      PlayDTMF instead of only "sending"
      (Reported by lvl)
* ASTERISK-28613 - func_curl: CURLOPT cannot set Content-Type header
      (Reported by Martin Tomec)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.30.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 16 and 17, and Certified Asterisk 13.21.
The available releases are released as versions 13.29.2, 16.6.2,
17.0.1 and 13.21-cert5.

The following security vulnerabilities were resolved in these versions:

* AST-2019-006: SIP request can change address of a SIP peer.
  A SIP request can be sent to Asterisk that can change a SIP peer十�s IP
  address. A REGISTER does not need to occur, and calls can be hijacked as a
  result. The only thing that needs to be known is the peer十�s name;
  authentication details such as passwords do not need to be known. This
  vulnerability is only exploitable when the 十�nat十� option is set to the
  default, or 十�auto_force_rport十�.

* AST-2019-007: AMI user could execute system commands.
  A remote authenticated Asterisk Manager Interface (AMI) user without
  十�system十� authorization could use a specially crafted 十�Originate十� AMI
  request to execute arbitrary system commands.

* AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
  If Asterisk receives a re-invite initiating T.38 faxing and has a port of 0
  and no c line in the SDP, a crash will occur.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.29.2

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2019-006.pdf
https://downloads.asterisk.org/pub/security/AST-2019-007.pdf
https://downloads.asterisk.org/pub/security/AST-2019-008.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.29.1.

The release of Asterisk 13.29.1 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28574 - pjproject fails to build on 16.6.0, works on 16.5
      (Reported by Niklas Larsson)
* ASTERISK-28575 - MWI Send Notify Crash on 16.6
      (Reported by Joshua Elson)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.29.1

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.29.0.

The release of Asterisk 13.29.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28521 - pjsip: Memory Leak
      (Reported by Mark)
* ASTERISK-28523 - Asterisk 16.5.0 Memory leak
      (Reported by Cyril Rami十re)
* ASTERISK-28538 - chan_pjsip: Deadlock on fax detection
      (Reported by Joshua C. Colp)
* ASTERISK-28536 - Asterisk release candidates fail to build on FreeBSD
      (Reported by Guido Falsi)
* ASTERISK-28527 - ChanIsAvail() creates a CDR if
      unanswered=yes is set in cdr.conf
      (Reported by Frederic LE FOLL)
* ASTERISK-28525 - chan_dahdi: set CHANNEL(hangupsource) when a
      PRI channel hangs up
      (Reported by Frederic LE FOLL)
* ASTERISK-28511 - codec_resample: Bad sound quality when up
      sampling from SLIN16 to SLIN32
      (Reported by Ruddy G)
* ASTERISK-28499 - translate: Crash when frame does not have a
      "src" field set
      (Reported by Gregory Massel)
* ASTERISK-25592 - chan_unistim: Clang Warning: variable sized
      type not at end of a struct
      (Reported by Alexander Traud)
* ASTERISK-28488 - pjsip mwi: n+1 sip notify's sent on re-register
      (Reported by Chris Savinovich)
* ASTERISK-28509 - PJSIP cnonce generated on Linux contains 36
      characters, NEC only supports up to 32 characters
      (Reported by Dan Cropp)
* ASTERISK-28505 - app_voicemail/IMAP: segfault in
      leave_voicemail because not checking mailstream
      (Reported by Alexei Gradinari)
* ASTERISK-28487 - compile menuselect on gentoo
      (Reported by Kilburn)
* ASTERISK-28472 - Asterisk occasionally passes a NULL as
      srtp->session to srtp_protect/unprotect causing SEGV
      (Reported by Jonas Swiatek)
* ASTERISK-28498 - cel / cdr: Event times may be incorrect
      (Reported by Joshua C. Colp)
* ASTERISK-28483 - packet lost on UDPTL wrap around
      (Reported by Torrey Searle)
* ASTERISK-28480 - json integer overflow in ssrc and timestamp
      (Reported by Salah Ahmed)
* ASTERISK-28228 - res_pjsip: pjsip show contacts prints double entries
      (Reported by Ian Jones)
* ASTERISK-28477 - Crash when not specifying "dbfile" in
      res_config_sqlite3.conf
      (Reported by Dennis)
* ASTERISK-28478 - Crash performing "core reload" with modified
      res_config_sqlite3.conf
      (Reported by Dennis)
* ASTERISK-28282 - AST_SCHED_REPLACE_UNREF causes wait-on-self
      deadlocks (in chan_sip)
      (Reported by Walter Doekes)

New Features made in this release:
-----------------------------------
* ASTERISK-17808 - [patch] Unregister a realtime moh class
      (Reported by Byron Clark)
* ASTERISK-28489 - Channel variable SIPFROMDOMAIN for
      chan_pjsip to setup From header URI domain
      (Reported by Stas Kobzar)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.29.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 15 and 16. The available releases are
released as versions 13.28.1, 15.7.4 and 16.5.1.

The following security vulnerabilities were resolved in these versions:

* AST-2019-004: Crash when negotiating for T.38 with a declined stream
  When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint
  responds with a declined media stream a crash will then occur in Asterisk.

* AST-2019-005: Remote Crash Vulnerability in audio transcoding
  When audio frames are given to the audio transcoding support in Asterisk the
  number of samples are examined and as part of this a message is output to
  indicate that no samples are present. A change was done to suppress this
  message for a particular scenario in which the message was not relevant. This
  change assumed that information about the origin of a frame will always exist
  when in reality it may not.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.28.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2019-004.pdf
https://downloads.asterisk.org/pub/security/AST-2019-005.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.28.0

The release of Asterisk 13.28.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-28447 - res_pjsip_messaging: In-dialog MESSAGE with
      no body causes crash
      (Reported by Gil Richard)
* ASTERISK-28465 - Broken SDP can cause a segfault in a T.38 reINVITE
      (Reported by Francesco Castellano)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28457 - [patch] Fix crash in chan_dahdi on 32-bit
      systems caused by ASTERISK-28317
      (Reported by abelbeck)
* ASTERISK-26006 - Show offending IP for TLS setup failures in logs
      (Reported by Oleksandr Natalenko)
* ASTERISK-28444 - chan_pjsip: Peer IP for SSL handshake errors not logged
      (Reported by Bernhard Schmidt)
* ASTERISK-28460 - res_pjsip_sdp_rtp: Fix ICE candidate leak
      with specific usage
      (Reported by Joshua C. Colp)
* ASTERISK-28018 - IP Fragmentation happening instead of DTLS
      fragmentation on handshake server hello certificate
      (Reported by vijay kumar)
* ASTERISK-25371 - Crash in hangup at chan_pjsip.c:1749 when
      Asterisk attempts to generate hangup event
      (Reported by Abhay Gupta)
* ASTERISK-28435 - cdr_pgsql: Unix socket doesn't work
      (Reported by Dmitry Svyatogorov)
* ASTERISK-27981 - res_fax: Fax session leak with fax gatewaying
      (Reported by pasandev)
* ASTERISK-28419 - app_amd: Does not work with silence suppression
      (Reported by Nasir Iqbal)
* ASTERISK-28427 - new mwi.h include missing from some dahdi
      source files, causes build failure
      (Reported by Guido Falsi)
* ASTERISK-27994 - PJSIP: Early media ringback not indicated
      after Progress()
      (Reported by Gregory Massel)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.28.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 15 and 16, and Certified Asterisk 13.21.
The available releases are released as versions 13.27.1, 15.7.3,
16.4.1 and 13.21-cert4.

The following security vulnerabilities were resolved in these versions:

* AST-2019-002: Remote crash vulnerability with MESSAGE messages
  A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.

* AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver
  When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
  endpoint to switch it to T.38. If the endpoint responds with an improperly
  formatted SDP answer including both a T.38 UDPTL stream and an audio or video
  stream containing only codecs not allowed on the SIP peer or user a crash will
  occur. The code incorrectly assumes that there will be at least one common
  codec when T.38 is also in the SDP answer.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.27.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2019-002.pdf
https://downloads.asterisk.org/pub/security/AST-2019-003.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.27.0.

The release of Asterisk 13.27.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-28375 - res_pjsip: New configuration setting to
      allow disabling norefersub
      (Reported by Dan Cropp)
* ASTERISK-28320 - Added ARI resource
      /ari/channels/{channelid}/rtp_statistics
      (Reported by sungtae kim)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28427 - new mwi.h include missing from some dahdi
      source files, causes build failure
      (Reported by Guido Falsi)
* ASTERISK-28412 - GCC 9 catches more string formatting issues
      (Reported by George Joseph)
* ASTERISK-28392 - The no-partial-inlining flag isn't passed to
      the bundled pjproject or jansson builds
      (Reported by George Joseph)
* ASTERISK-28402 - res_pjsip_registrar: SEGV in
      registrar_find_contact
      (Reported by Ross Beer)
* ASTERISK-28143 - app_amd: Infinite loop on silent calls
      (Reported by Abhay Gupta)
* ASTERISK-28353 - stasis: Crash at shutdown when statistics enabled
      (Reported by Joshua C. Colp)
* ASTERISK-28374 - latest asterisk unconditionally launch gcc
      --version, even if the compiler is different
      (Reported by Guido Falsi)
* ASTERISK-28391 - res_indications: Crash requesting
      autocomplete on indications cli command
      (Reported by Lucas Mendes)
* ASTERISK-27935 - app_voicemail: emailbody per user can't
      contain commas
      (Reported by S十bastien Duthil)
* ASTERISK-17695 - 1.8.3.2 extenpatternmatchnew=yes cannot find
      extensions with '-' in them
      (Reported by test011)
* ASTERISK-17799 - AEL reload causes loss of control in a macro
      (Reported by Kirill Katsnelson)
* ASTERISK-18593 - AEL for loops use Macro app and pipe delimiter
      (Reported by Luke-Jr)
* ASTERISK-14939 - AEL parsers does not find existing label
      (Reported by klaus3000)
* ASTERISK-20182 - Parsing a label beginning with a numeric
      character in all Goto/GotoIf/GotoIfTime application causes
      unexpected behavior
      (Reported by Janu)
* ASTERISK-28348 - Failed to initialize OOH323 endpoint-OOH323 Disabled
      (Reported by Dmitry Shubin)
* ASTERISK-28371 - chan_pjsip: DTMF Mode auto_info fallback
      lead to both inband and info
      (Reported by Salah Ahmed)
* ASTERISK-28362 - strtok_r() makes gcc compile warning
      (Reported by sungtae kim)

Improvements made in this release:
-----------------------------------
* ASTERISK-28363 - Millisecond-resolution call stats including
      PDD in channel variables
      (Reported by Antoni Goldstein)
* ASTERISK-20207 - Asterisk should clear out any .lock files in
      the voice mail directory on startup.
      (Reported by Steven Wheeler)
* ASTERISK-28111 - build: CHANGES/UPGRADE are irritating to
      work with.
      (Reported by Corey Farrell)
* ASTERISK-28343 - Added app_name, app_data to channel type
      (Reported by sungtae kim)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.27.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.26.0.

The release of Asterisk 13.26.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-28267 - res_stasis: Add ability to switch
      applications
      (Reported by Benjamin Keith Ford)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-20986 - QUEUE_MEMBER 's description is inaccurate
      (Reported by Olivier Krief)
* ASTERISK-28350 - manager: Stasis backed up due to locking
      (Reported by Joshua C. Colp)
* ASTERISK-25792 - chan_sip: qualifygap bounds checking
      (Reported by Paul Sandys)
* ASTERISK-28341 - res_config_odbc eliminates empty custom (十�@十�
      prefix) variables
      (Reported by Alexei Gradinari)
* ASTERISK-28333 - StasisEnd event makes wrong timestamp value
      (Reported by sungtae kim)
* ASTERISK-28306 - res_pjsip_mwi: MWI NOTIFY occasionally takes
      minutes to be sent
      (Reported by Jared Hull)
* ASTERISK-27964 - app_queue: ring_entry accesses nativeformats
      without channel lock or reference
      (Reported by Francisco Seratti)
* ASTERISK-28314 - ARI: API changed but "apiVersion" in
      rest-api\resources.json did not
      (Reported by Stefan Repke)
* ASTERISK-28335 - stasis: Make topic and maybe subscription
      names unique and more useful
      (Reported by Joshua C. Colp)
* ASTERISK-28321 - res_rtp_asterisk: Fixing possible divide by
      zero for rtcp stat calculation
      (Reported by sungtae kim)
* ASTERISK-28332 - Variable ALTCONF ignored when service is
      used in Debian
      (Reported by Cirillo Ferreira)
* ASTERISK-28322 - chan_pjsip: Add option to allow ignoring of
      183 without SDP
      (Reported by Torrey Searle)
* ASTERISK-28328 - MeetMe global non-admin mute is muting
      admins that subsequently join
      (Reported by Philip Mott)
* ASTERISK-28168 - app_queue: Adding a blank entry into sql
      queue_members crashes asterisk.
      (Reported by Michael)
* ASTERISK-28323 - pjsip: sip.conf to pjsip.conf conversion script fails
      (Reported by Guido Weckwerth)
* ASTERISK-28272 - The basic-pbx config samples don't produce a
      running asterisk
      (Reported by George Joseph)
* ASTERISK-28312 - res_pjsip_diversion: Corrupted SIP Diversion
      field after handling a 302 redirect
      (Reported by Alex Odrov)
* ASTERISK-24173 - File menuselect/menuselect_gtk.c has no
      license header
      (Reported by Jeremy Lain十)
* ASTERISK-28166 - app_voicemail: Asterisk unresponsive after
      changing voicemail password with ODBC
      (Reported by Michael)
* ASTERISK-28309 - res_pjsip: Wrong Contact and Via fields with
      multiple UDP interfaces
      (Reported by Nikolay shakin)
* ASTERISK-27992 - PJSIP: Adding `sends_registrations = yes` to
      pjsip_wizard.conf  causes crash
      (Reported by Jonathan Harris)
* ASTERISK-28213 - res_pjsip: Threads pile up needlessly when
      AOR is blocked
      (Reported by Ross Beer)
* ASTERISK-28301 - Allow voicemail boxes to be subscribed to
      with a presence event package
      (Reported by George Joseph)
* ASTERISK-28303 - res_rtp_asterisk: Interaction between
      smoother and DTMF can cause out of order timestamps
      (Reported by Torrey Searle)
* ASTERISK-28302 - ARI: "Error destroying mutex" when listing
      all ARI applications
      (Reported by Stefan Repke)
* ASTERISK-28300 - AST_PBX_MAX_STACK is too low for some
      applications
      (Reported by George Joseph)
* ASTERISK-28106 - Astricon Feedback: Unable to filter ARI
      events when GETting causes overload of events
      (Reported by George Joseph)
* ASTERISK-28284 - switching between native_bridge and
      simple_bridge can cause one way audio
      (Reported by Torrey Searle)
* ASTERISK-28288 - Resources (udptl fd) leaking for T.38 calls
      (Reported by Paulo Vicentini)
* ASTERISK-28251 - CI: Fix CI so it reverifies commit message changes
      (Reported by George Joseph)
* ASTERISK-28277 - database: Add some basic logging
      (Reported by Joshua C. Colp)
* ASTERISK-28181 - ari: Originating overwrites channel start time
      (Reported by sungtae kim)

Improvements made in this release:
-----------------------------------
* ASTERISK-28326 - ari: Added timestamp for some ari events.
      (Reported by sungtae kim)
* ASTERISK-28317 - Add logical group at DAHDIChannel event and
      create "dahdi_group" at CHANNEL function
      (Reported by Cirillo Ferreira)
* ASTERISK-28279 - Added creation timestamp for bridge
      (Reported by sungtae kim)
* ASTERISK-28292 - Changed to show all channel stats including
      wrong media
      (Reported by sungtae kim)

For a full list of changes in this release, please see the ChangeLog:
https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.26.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.25.0.

The release of Asterisk 13.25.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28288 - Resources (udptl fd) leaking for T.38 calls
      (Reported by Paulo Vicentini)
* ASTERISK-28213 - res_pjsip: Threads pile up needlessly when
      AOR is blocked
      (Reported by Ross Beer)
* ASTERISK-28271 - Opensuse Leap 15 --with-jannson-bundled will not compile
      (Reported by David Wilcox)
* ASTERISK-28104 - AstriCon Feedback:  Automatically create a 1
      line dialplan context for stasis apps
      (Reported by George Joseph)
* ASTERISK-28238 - PJSIP realtime. getcontext not working with DUNDI
      (Reported by Ray)
* ASTERISK-28173 - Deadlock in chan_sip handling subscribe
      request during res_parking reload
      (Reported by Giuseppe Sucameli)
* ASTERISK-28263 - codec_opus: errors setting max_playback_rate
      and bitrate to "sdp"
      (Reported by Gianluca Merlo)
* ASTERISK-28250 - build: Cross-compilation fails for target
      arm-linux-gnueabihf
      (Reported by Jean Aunis - Prescom)
* ASTERISK-28156 - Race condition involving session->media
      (res_pjsip_session) leads to crash.
      (Reported by Paulo Vicentini)
* ASTERISK-28257 - res_http_websocket: PING / PONG opcodes
      break data reception
      (Reported by Jeremy Lain十)
* ASTERISK-28252 - HangupHandler manager events are never thrown
      (Reported by Gerald Schnabel)
* ASTERISK-28231 - res_http_websocket: Not responding to
      Connection Close Frame (opcode 8)
      (Reported by Jeremy Lain十)
* ASTERISK-28249 - res_monitor: Segfault with
      Monitor(wav,file,i)
      (Reported by Valentin Vidi十)
* ASTERISK-28244 - stasis: Filter messages at publishing to AMI/ARI
      (Reported by Joshua C. Colp)
* ASTERISK-28197 - stasis: ast_endpoint struct holds the
      channel_ids of channels past destruction in certain cases
      (Reported by Mohit Dhiman)
* ASTERISK-28232 - core: RAII using clang use-after-scope issue
      (Reported by Diederik de Groot)
* ASTERISK-28225 - app_voicemail: Channel variable
      VM_MESSAGEFILE not updated correctly if message marked "urgent"
      (Reported by boatright)
* ASTERISK-28212 - stasis: Statistics broke ABI under developer mode
      (Reported by Joshua C. Colp)
* ASTERISK-28222 - Regression: MWI polling no longer works
      (Reported by abelbeck)
* ASTERISK-28221 - Bug in ast_coredumper
      (Reported by Andrew Nagy)
* ASTERISK-28162 - [patch] need to reset DTMF last sequence
      number and timestamp on RTP renegotiation
      (Reported by Alexei Gradinari)
* ASTERISK-28215 - app_voicemail: Leaving voicemail sometimes
      doesn't trigger NOTIFYs
      (Reported by George Joseph)
* ASTERISK-27959 - [patch] Asterisk 15.4.1 h264 fmtp
      negotiation problem
      (Reported by David Kuehling)
* ASTERISK-28117 - stasis: Add statistics for usage when in
      developer mode
      (Reported by Joshua C. Colp)
* ASTERISK-28201 - [patch] confbridge: no announce to the
      marked users when they join an empty conference
      (Reported by Alexei Gradinari)
* ASTERISK-28194 - chan_sip: Leak using contact ACL
      (Reported by Giuseppe Sucameli)
* ASTERISK-28186 - stasis: Filter messages at publishing based
      on to_* presence
      (Reported by Joshua C. Colp)
* ASTERISK-27095 - chan_pjsip: When connected_line_method is
      set to invite, we're not trying UPDATE
      (Reported by George Joseph)
* ASTERISK-28182 - chan_pjsip: When connected_line_method is
      set to invite, asterisk is not trying UPDATE
      (Reported by nappsoft)

Improvements made in this release:
-----------------------------------
* ASTERISK-28246 - Support skipping on the g726 format
      (Reported by Eyal Hasson)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.25.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.24.1.

The release of Asterisk 13.24.1 resolves an issue reported by the
community and would have not been possible without your participation.

Thank you!

The following issue is resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28222 - Regression: MWI polling no longer works
      (Reported by abelbeck)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.24.1

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.24.0.

The release of Asterisk 13.24.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-28013 - res_http_websocket: Crash when reading HTTP
      Upgrade requests
      (Reported by Sean Bright)

New Features made in this release:
-----------------------------------
* ASTERISK-28087 - add flag to allow CALLERID(num) to be placed
      in Contact header in chan_pjsip
      (Reported by Torrey Searle)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-28125 - app_queue: Revert broken queue channel
      reference patch
      (Reported by lvl)
* ASTERISK-28151 - app_voicemail: MWI fails with
      mailboxes=##@device instead of mailboxes=##@default
      (Reported by Ronald Raikes)
* ASTERISK-28157 - Asterisk crashes when the res_pjsip_* modules unload
      (Reported by sungtae kim)
* ASTERISK-28159 - SIGABRT caused by stack corruption in
      hashkeys_read when no matching keys present
      (Reported by Michael Walton)
* ASTERISK-28140 - repeated segmentation faults
      (Reported by Eyal Hasson)
* ASTERISK-28103 - stasis: Filter messages at publishing to
      reduce work done
      (Reported by Joshua C. Colp)
* ASTERISK-28129 - Incorrect Behavior for rewrite_contact when
      Re-Invite omits routset
      (Reported by Torrey Searle)
* ASTERISK-28158 - Some conditions prevent running of el_end,
      break the terminal.
      (Reported by Corey Farrell)
* ASTERISK-28162 - [patch] need to reset DTMF last sequence
      number and timestamp on voice packet with marker bit
      (Reported by Alexei Gradinari)
* ASTERISK-28110 - rtp: Incorrect Packetization
      (Reported by Robert Cripps)
* ASTERISK-28146 - pbx_config: Only the first [globals] section
      is processed.
      (Reported by Corey Farrell)
* ASTERISK-28150 - Formatting error in documentation
      (Reported by Scott Griepentrog)
* ASTERISK-28081 - chan_sip: Asterisk 12+ chan_sip doesn't
      report AST_CEL_PICKUP in handle_invite_replaces
      (Reported by Luit van Drongelen)
* ASTERISK-28137 - res_pjsip_notify: improve realtime
      performance on CLI completion on the endpoint
      (Reported by Alexei Gradinari)
* ASTERISK-27980 - Caller ID cannot be changed on Attended
      Transfer before dialing out
      (Reported by Alexei Gradinari)
* ASTERISK-28089 - function ast_sendtext() create RTP realtime
      packets with a trailing null byte in the payload
      (Reported by Emmanuel BUU)
* ASTERISK-28076 - bridging: Asterisk crashes when receiving an
      empty realtime text frame
      (Reported by Emmanuel BUU)
* ASTERISK-28084 - app_queue: QueueMemberStatus Event flooding AMI
      (Reported by Andrej)
* ASTERISK-28077 - res_pjsip: improve realtime performance on
      CLI 'pjsip show contacts'
      (Reported by Alexei Gradinari)
* ASTERISK-26094 - stasis: Playing MOH to bridge with ARI does not work
      (Reported by Cameron)
* ASTERISK-27920 - app_queue: Queue member considered inuse
      after immediately hanging up during dialing.
      (Reported by Cao Minh Hiep)
* ASTERISK-28070 - testsuite: Sniffer assumes pjmedia will use
      ports below 10000
      (Reported by Joshua C. Colp)
* ASTERISK-28065 - res_odbc: missing SQL error diagnostic
      (Reported by Alexei Gradinari)
* ASTERISK-27121 - res_pjsip_mwi: Memory leak on reload
      (Reported by Sergej Kasumovic)
* ASTERISK-28059 - PJSIP: Update bundled PJPROJECT to version 2.8
      (Reported by Joshua C. Colp)
* ASTERISK-28057 - chan_sip: SipNotify via AMI behaves differently to CLI
      (Reported by Peter Katzmann)
* ASTERISK-28049 - res_pjproject build failure
      (Reported by Jaco Kroon)
* ASTERISK-28029 - [patch] res_musiconhold : music on hold will
      not start if previous hold just reached end of file
      (Reported by Frederic LE FOLL)
* ASTERISK-28032 - Realtime queuemembers are not updated during retry phase
      (Reported by lvl)
* ASTERISK-27988 - alembic: PJSIP
      "mwi_subscribe_replaces_unsolicited" field is integer not boolean
      (Reported by Joshua C. Colp)
* ASTERISK-28020 - res_pjsip_transport_websocket: Properly set
      'received' for IPv6
      (Reported by Sean Bright)

Improvements made in this release:
-----------------------------------
* ASTERISK-28144 - [patch] New function PJSIP_PARSE_URI to
      parse an URI and return a specified part of the URI
      (Reported by Alexei Gradinari)
* ASTERISK-28136 - Allow the sip_to_pjsip script to be used in a pipe
      (Reported by Pascal Cadotte Michaud)
* ASTERISK-28046 - Remove stale nonoptreq references
      (Reported by Walter Doekes)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.24.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.21.
The available releases are released as versions 13.23.1, 14.7.8,
15.6.1 and 13.21-cert3.

These releases are available for immediate download at

The following security vulnerabilities were resolved in these versions:

* AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
  There is a stack overflow vulnerability in the res_http_websocket.so module of
  Asterisk that allows an attacker to crash Asterisk via a specially crafted
  HTTP request to upgrade the connection to a websocket. The attacker十�s
  request causes Asterisk to run out of stack space and crash.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.23.1

The security advisory is available at:

https://downloads.asterisk.org/pub/security/AST-2018-009.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.23.0.

The release of Asterisk 13.23.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-27881 - PBX calls via chan_sip TCP trunk now get
      authentification error
      (Reported by Ian Gilmour)
* ASTERISK-28022 - res_pjsip realtime: uri column in
      ps_contacts table can be too short
      (Reported by Florian Floimair)
* ASTERISK-28011 - chan_sip: get_refer_info() attempted unlock
      mutex 'peer' without owning it!
      (Reported by Alec Davis)
* ASTERISK-28002 - When T.140 realtime text is negociated, a
      lot of debug traces are generated
      (Reported by Emmanuel BUU)
* ASTERISK-27973 - app_queue: QUEUESTATUS = CONTINUE instead
      LEAVEEMPTY
      (Reported by Valentin Safonov)
* ASTERISK-28007 - rtcp-mux is put in SDP answer regardless of offer
      (Reported by Torrey Searle)
* ASTERISK-27997 - pjproject_bundled: Fix for Solaris builds.
      Do not undef s_addr.
      (Reported by Alexander Traud)
* ASTERISK-28001 - res_pjsip_registrar: Improve performance of
      inbound handling
      (Reported by Joshua Colp)
* ASTERISK-27999 - Wrong SRTP use status report
      (Reported by Salah Ahmed)
* ASTERISK-27966 - pjsip: Race condition in 183 re transmission
      can result in a deadlock
      (Reported by Torrey Searle)
* ASTERISK-15331 - make menuselect fails due to undefined
      symbols (initscr32, w32addch) in menuselect_curses.o
      (Reported by Majdi Bsoul)
* ASTERISK-14935 - [regression] menuselect compilation failure on Solaris 10
      (Reported by Samuel Owens)
* ASTERISK-12382 - menuselect compilation failure on Solaris 10 / gcc 3.4.3
      (Reported by rleasure)
* ASTERISK-9107 - menuselect compilation failure on Solaris 10/gcc-4.1.1
      (Reported by Bob Atkins)
* ASTERISK-27991 - BuildSystem: Enable Jansson in Solaris 11.
      (Reported by Alexander Traud)
* ASTERISK-27548 - res_pjsip_endpoint_identifier_ip only
      matches against "generic string" headers
      (Reported by George Joseph)
* ASTERISK-27990 - res_rtp_asterisk: Requires OpenSSL in Developer Mode.
      (Reported by Alexander Traud)
* ASTERISK-27591 - Frack errors in stasis.c and memory leakage
      (Reported by Siruja Maharjan)
* ASTERISK-27978 - res_pjsip: Change default transport
      keepalive to preserve behavior
      (Reported by Joshua Colp)
* ASTERISK-27957 - PJSIP proposes ICE candidates on answer even
      if not in offer
      (Reported by Torrey Searle)
* ASTERISK-27880 - [patch] pjproject_bundled: Repair
      ./configure --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-25548 - stasis: Improve message type "Use of before
      init/after destruction" error
      (Reported by Joshua Colp)
* ASTERISK-27972 - res_sorcery_config: Allow object name based matching
      (Reported by Joshua Colp)
* ASTERISK-27967 - srtp: rejecting short sdes lifetimes
      incompatible with obihai ATAs
      (Reported by Nick French)
* ASTERISK-27961 - res_pjsip: Spurious ERROR logging when
      printing headers in sip_msg
      (Reported by Nick French)
* ASTERISK-27563 - pjsip modules always get -O2 even when
      DONT_OPTIMIZE is set
      (Reported by George Joseph)
* ASTERISK-27347 - [patch] pjproject_bundled: Disable TCP/TLS keep-alives.
      (Reported by Alexander Traud)
* ASTERISK-27938 - [patch] Compile fails with `IPTOS_MINCOST' undeclared.
      (Reported by Alexander Traud)
* ASTERISK-27956 -  res_pjsip_pubsub: segfault in function publish_expire
      (Reported by Alexei Gradinari)
* ASTERISK-27949 - res_pjsip_rfc3326: A lot of endpoints do not
      correctly handle two Reason headers
      (Reported by Ross Beer)
* ASTERISK-27763 - res_pjsip_session: Initial INVITE with
      audio+fax results in 488 instead of declining stream
      (Reported by Thiago Coutinho)
* ASTERISK-27657 - res_pjsip_t38: ATA fails with hangupcause
      58(Bearer capability not available)
      (Reported by Jared Hull)
* ASTERISK-27080 - res_pjsip_t38: Slow T.38 re-invite rejection
      if remote leg has T.38 disabled
      (Reported by Torrey Searle)
* ASTERISK-26686 - res_pjsip: Lock inversion in transport management
      (Reported by Ross Beer)
* ASTERISK-27944 - res_pjsip_t38: Crash receiving 1xx responses
      other than 100 before 200 for T.38 reINVITE
      (Reported by Joshua Elson)

Improvements made in this release:
-----------------------------------
* ASTERISK-28006 - PJSIP: Missing
      "party=calling"/"party=called" in Remote-Party-ID
      (Reported by Eric Dantie)
* ASTERISK-27995 - pjproject_bundled: Find shared libraries in
      root --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27993 - pjsip_wizard example gives wrong info about
      unsupported SRV records
      (Reported by Jonathan Harris)
* ASTERISK-27970 - res_rtp_asterisk: T.140 packets containing
      backspace or end of line are merged with regular text and it
      causes some UA to break
      (Reported by Emmanuel BUU)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.23.0

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.22.0.

The release of Asterisk 13.22.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27818 - Username bruteforce is possible when using
      ACL with PJSIP
      (Reported by John)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-27783 - res_pjsip_pubsub: apparent crash on shutdown
      (Reported by Kevin Harwell)
* ASTERISK-27870 - app_confbridge: Conference bridge and
      announcer channels are not removed if conference is ended as
      soon as it starts
      (Reported by Robert Mordec)
* ASTERISK-27909 - cdr: Deadlock with submit_scheduled_batch
      and submit_unscheduled_batch
      (Reported by Denis Lebedev)
* ASTERISK-26987 - pbx_dundi: Asterisk crashes when unloading
      module pbx_dundi.so with dundi peers
      (Reported by Kirsty Tyerman)
* ASTERISK-27943 - AMI: Action SendText needs to use the
      correct thread.
      (Reported by Richard Mudgett)
* ASTERISK-27942 - res_pjsip_messaging doesn't accept
      application/* content-types.
      (Reported by George Joseph)
* ASTERISK-27936 - res_pjsip_session doesn't update media when
      a 200 comes in with a different port than a 183
      (Reported by George Joseph)
* ASTERISK-27933 - [patch] uuid: Enable UUID in Solaris 11.
      (Reported by Alexander Traud)
* ASTERISK-27625 - channels: CHECK_BLOCKING is ineffective
      (Reported by Corey Farrell)
* ASTERISK-27931 - [patch] BuildSystem: Enable ./configure in Solaris 11.
      (Reported by Alexander Traud)
* ASTERISK-27926 - [patch] bootstrap.sh: find -maxdepth is not
      POSIX compatible.
      (Reported by Alexander Traud)
* ASTERISK-27903 - menuselect: GCC 8: restrict-qualified
      parameter passed and aliased.
      (Reported by Alexander Traud)
* ASTERISK-27914 - [patch] tests/test_utils: Repair ./configure
      --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27705 - chan_iax2: Stops listening for traffic
      (Reported by Kirsty Tyerman)
* ASTERISK-27908 - [patch] crypto.h: Repair ./configure --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27905 - [patch] res_srtp: Repair ./configure --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27888 - SQL fetch error on query which return 0 columns
      (Reported by Alexei Gradinari)
* ASTERISK-27902 - chan_pjsip isn't updating hangupcause on 4XX responses
      (Reported by George Joseph)
* ASTERISK-27901 - [patch] ooh323c: GCC 8: output truncated
      before terminating nul.
      (Reported by Alexander Traud)
* ASTERISK-27094 - res_fax: Deadlock when using Local channels
      and fax gateway
      (Reported by David Brillert)
* ASTERISK-25261 - Manager events for MeetMe have incorrectly
      documented key name 'Usernum' - should be 'User'
      (Reported by Francois Blackburn)
* ASTERISK-27878 - [patch] tcptls.h: Repair ./configure
      --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27872 - res_pjsip: Modified qualify_frequency
      doesn't effect until pjsip reload
      (Reported by Alexei Gradinari)
* ASTERISK-27876 - [patch] tcptls: Allow OpenSSL configured with no-dh.
      (Reported by Alexander Traud)
* ASTERISK-27874 - [patch] tcptls: Allow OpenSSL 1.1.x
      configured with enable-ssl3-method no-deprecated.
      (Reported by Alexander Traud)
* ASTERISK-27845 - Codec-Change Re-INVITE during DTMF can cause
      marker bit error
      (Reported by Torrey Searle)
* ASTERISK-27863 - config/ast_destroy_realtime_fields:
      successful DELETE is treated as failed
      (Reported by Alexei Gradinari)
* ASTERISK-27865 - [patch]: tcptls: Repair ./configure --with-ssl=PATH.
      (Reported by Alexander Traud)
* ASTERISK-27853 - Incorrect error reported when
      leaving/retrieving a ODBC voicemail
      (Reported by Nic Colledge)
* ASTERISK-27726 - chan_mobile: presents incorrect inbound Caller-ID names
      (Reported by Brian)
* ASTERISK-27861 - [patch] res_pjsip_endpoint_identifier_ip:
      Unregister the module for headers.
      (Reported by Alexander Traud)
* ASTERISK-27860 - [patch] res_pjsip: Register
      pjsip_transport_management not externally but internally.
      (Reported by Alexander Traud)
* ASTERISK-27760 - Asterisk ODBC Voicemail Prompt storage fails
      with recent MariaDB version.
      (Reported by Nic Colledge)
* ASTERISK-27852 - cli: "manager show settings" mislabels HTTP
      timeout as being minutes.
      (Reported by Corey Farrell)
* ASTERISK-27824 - Fix issues exposed by GCC 8
      (Reported by George Joseph)
* ASTERISK-27811 - [patch] sip_to_pjsip: Enable python3 compatibility.
      (Reported by Alexander Traud)
* ASTERISK-27841 - digest over for manager (ami) over http
      fails on too long uris
      (Reported by Jaco Kroon)
* ASTERISK-26570 - Macro allows an infinite loop of dialplan
      inclusion resulting in a crash
      (Reported by Tzafrir Cohen)
* ASTERISK-27801 - Asterisk got stuck while enabling "ari set debug all on"
      (Reported by shaurya jain)
* ASTERISK-26806 - pjsip_options: rework to make more efficient
      (Reported by Kevin Harwell)
* ASTERISK-27814 - translate: interpolated frames are not passed through
      (Reported by Kevin Harwell)
* ASTERISK-27812 - When the  ooh323 debug is on there is no
      ringing signal to incoming calls via H323 trunk.
      (Reported by Dimos)
* ASTERISK-26893 - No "alert" or "progress" in chan_ooh323 if
      debug is enabled only on the module
      (Reported by Marco Giordani)
* ASTERISK-27639 - [patch] BuildSystem: Enable IMAP storage on
      FreeBSD and DragonFly BSD.
      (Reported by Alexander Traud)
* ASTERISK-27808 - [patch] chan_vpb: Avoid GNU old-style field
      designator extension.
      (Reported by Alexander Traud)

Improvements made in this release:
-----------------------------------
* ASTERISK-27929 - [patch] BuildSystem: Enable autotools in Solaris 11.
      (Reported by Alexander Traud)
* ASTERISK-27752 - Ten seconds of silence after mp3 playback
      (Reported by Sam Wierema)
* ASTERISK-27910 - [patch] res_rtp_asterisk: Allow OpenSSL
      configured with no-deprecated.
      (Reported by Alexander Traud)
* ASTERISK-27906 - [patch] res_crypto: Allow OpenSSL configured
      with no-deprecated.
      (Reported by Alexander Traud)
* ASTERISK-27877 - app_confbridge: Add talking indicator for
      ConfBridgeList AMI response
      (Reported by William McCall)
* ASTERISK-27873 - documentation: Error on wiki description of
      Asterisk 13 "MeetmeMute" event
      (Reported by Alessandro Polidori)
* ASTERISK-27846 - ast_coredumper: Fix OUTPUT directory
      (Reported by Ted G)
* ASTERISK-27867 - [patch] libasteriskssl: Allow OpenSSL 1.0.2
      configured with no-deprecated.
      (Reported by Alexander Traud)
* ASTERISK-27796 - res_hep: Allow create_address to resolve a
      provided hostname
      (Reported by Sebastian Gutierrez)
* ASTERISK-27820 - [patch] Add DragonFly BSD.
      (Reported by Alexander Traud)
* ASTERISK-27793 - cppcheck identifies redundant "if"
      (Reported by Ilya Shipitsin)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.22.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 15, 13 and 14, and Certified Asterisk 13.18
and 13.21. The available releases are released as versions 15.4.1,
13.21.1, 14.7.7, 13.18-cert4 and 13.21-cert2.

The following security vulnerabilities were resolved in these versions:

* AST-2018-007: Infinite loop when reading iostreams
  When connected to Asterisk via TCP/TLS if the client abruptly disconnects, or
  sends a specially crafted message then Asterisk gets caught in an infinite
  loop while trying to read the data stream. Thus rendering the system as
  unusable.

* AST-2018-008: PJSIP endpoint presence disclosure when using ACL
  When endpoint specific ACL rules block a SIP request they respond with a 403
  forbidden. However, if an endpoint is not identified then a 401 unauthorized
  response is sent. This vulnerability just discloses which requests hit a
  defined endpoint. The ACL rules cannot be bypassed to gain access to the
  disclosed endpoints.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-15.4.1

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2018-007.pdf
https://downloads.asterisk.org/pub/security/AST-2018-008.pdf

-----

The Asterisk Development Team would like to announce the release
of Asterisk 13.21.0.

The release of Asterisk 13.21.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

New Features made in this release:
-----------------------------------
* ASTERISK-27704 - Add cache_pools debug option to pjproject.conf
      (Reported by Richard Mudgett)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-27809 - [patch] utils/pval: Add -lBlocksRuntime for
      compiler clang conditionally.
      (Reported by Alexander Traud)
* ASTERISK-27774 - res_musiconhold: Music on hold restarts
      after every announcement
      (Reported by lvl)
* ASTERISK-27782 - cdr_mysql: Missing MYSQL_PORT definition
      (Reported by Evandro C辿sar Arruda)
* ASTERISK-27614 - res_pjsip_session: SDP origin does not use
      resolved address
      (Reported by John M.)
* ASTERISK-27740 - chan_sip: New Channel creation from new SIP
      dialog with Replaces failed to be properly tracked and destroyed
      (Reported by Shannon Price)
* ASTERISK-27706 - PJSIP: Deadlock shutting down subscription
      TCP connection and sending subscription message.
      (Reported by Ross Beer)
* ASTERISK-27435 - [patch] configure:
      pjsip_evsub_set_uas_timeout not found.
      (Reported by Alexander Traud)
* ASTERISK-27761 - [patch] BuildSystem: With external editline,
      do not require libs for internal editline.
      (Reported by Alexander Traud)
* ASTERISK-27755 - ConfBridge: raise ConfbridgeTalking when put
      on hold and clear talking status
      (Reported by Kevin Harwell)
* ASTERISK-27688 - res_pjsip: Crash on TCP PJSIP Transport Disconnect
      (Reported by Ross Beer)
* ASTERISK-27743 - Generic PLC doesn't work if the 2 codecs on
      a channel are equal
      (Reported by George Joseph)
* ASTERISK-27745 - [patch] BuildSystem: Remove unused
      dependency on libltdl.
      (Reported by Alexander Traud)
* ASTERISK-12841 - [patch] Make format_ogg_vorbis work on OpenBSD
      (Reported by Michiel van Baak)
* ASTERISK-27720 - [patch] BuildSystem: Enable Advanced Linux
      Sound Architecture (ALSA) in NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27741 - res_pjsip_rfc3326.c
      rfc3326_use_reason_header doesn't account for more than one
      'Reason' header
      (Reported by Ross Beer)
* ASTERISK-27734 - [patch] BuildSystem: Enable IMAP storage on
      openSUSE and Arch Linux.
      (Reported by Alexander Traud)
* ASTERISK-27733 - [patch] res_srtp: Add support for libsrtp2.x on openSUSE.
      (Reported by Alexander Traud)
* ASTERISK-11015 - NetBSD Build Needs RPATH set in 1.2.25
      (Reported by Curt Sampson)
* ASTERISK-27641 - BuildSystem: Enable Better Backtraces in FreeBSD.
      (Reported by Alexander Traud)
* ASTERISK-25586 - uuid_generate_random detection failure
      (Reported by John Nemeth)
* ASTERISK-27721 - [patch] BuildSystem: Enable PortAudio in NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27715 - [patch] BuildSystem: AC_PATH_PROG sets to
      colon character when not found.
      (Reported by Alexander Traud)
* ASTERISK-27703 - AMI Action VoicemailUsersList returns 0 MessageCount
      (Reported by S辿bastien Duthil)
* ASTERISK-27674 - chan_sip: RTP framing issues on outgoing calls
      (Reported by Jean Aunis - Prescom)
* ASTERISK-27554 - res_pjsip_rfc3326: Order of 'Reason' headers
      break many endpoints
      (Reported by Ross Beer)
* ASTERISK-27718 - [patch] BuildSystem: Enable Lua in NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27722 - [patch] BuildSystem: Depend not implicitly
      but explicitly on external libraries.
      (Reported by Alexander Traud)
* ASTERISK-27719 - [patch] res_http_post: Enable GMime in NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27716 - [patch] BuildSystem: Enable autotools in NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27714 - [patch] chan_unistim: NetBSD has an
      incompatible struct in_pktinfo.
      (Reported by Alexander Traud)
* ASTERISK-27713 - [patch] BuildSystem: Cast any intptr_t
      explicitly to its proposed type.
      (Reported by Alexander Traud)
* ASTERISK-27712 - [patch] BuildSystem: Detect whether
      uselocale(.) is available.
      (Reported by Alexander Traud)
* ASTERISK-27711 - [patch] BuildSystem: Avoid re-defining of
      pthread_* on NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27710 - [patch] BuildSystem: Install init scripts on
      openSUSE Tumbleweed.
      (Reported by Alexander Traud)
* ASTERISK-27709 - [patch] BuildSystem: Avoid == for comparison
      in ./configure.
      (Reported by Alexander Traud)
* ASTERISK-27610 - app_amd.so returning TOOLONG before reaching
      the timeout
      (Reported by Michael Cargile)
* ASTERISK-26688 - Documentation: voicemail.conf.sample shows
      512 limit for emailbody field, however this is only true if
      compiled with LOW_MEMORY option
      (Reported by Fran Vicente)
* ASTERISK-27568 - PJSIP: Crash during SIP attended transfer.
      (Reported by Bryan Walters)
* ASTERISK-27686 - [patch] install_prereq: Update FreeBSD libraries.
      (Reported by Alexander Traud)
* ASTERISK-24488 - Wrong remote identity and target in dialog
      package XML in NOTIFY
      (Reported by Alejandro Padilla)
* ASTERISK-27646 - ICE fails with no candidate nominated
      (Reported by Thomas Guebels)
* ASTERISK-27457 - chan_sip: Guests disallowed via TCP (or TLS)
      if existing peer from same IP.
      (Reported by Alexander Traud)

Improvements made in this release:
-----------------------------------
* ASTERISK-27697 - Enable in-dialog NOTIFY on chan_pjsip channels
      (Reported by Nathan Bruning)
* ASTERISK-26540 - cdr_radius: use radcli instead of
      freeradius-client
      (Reported by Tzafrir Cohen)
* ASTERISK-27770 - [patch] install_prereq: Add Slackware (somehow).
      (Reported by Alexander Traud)
* ASTERISK-27769 - [patch] install_prereq: Add Gentoo Linux.
      (Reported by Alexander Traud)
* ASTERISK-27738 - [patch] install_prereq: Add Arch Linux.
      (Reported by Alexander Traud)
* ASTERISK-27736 - [patch] install_prereq: Add SUSE.
      (Reported by Alexander Traud)
* ASTERISK-26976 - libsrtp-2.x.x support
      (Reported by Alex)
* ASTERISK-27728 - [patch] BuildSystem: Add NetBSD.
      (Reported by Alexander Traud)
* ASTERISK-27730 - PJSIP: Update bundled PJPROJECT to version 2.7.2
      (Reported by Richard Mudgett)
* ASTERISK-27729 - [patch] install_prereq: Add NetBSD.
      (Reported by Alexander Traud)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.21.0

-----

The release of Asterisk 13.20.0 resolves several issues reported by the
community and would have not been possible without your participation.

Thank you!

The following issues are resolved in this release:

Security bugs fixed in this release:
-----------------------------------
* ASTERISK-27583 - Segmentation fault occurs in asterisk with
      an invalid SDP fmtp attribute
      (Reported by Sandro Gauci)
* ASTERISK-27582 - Segmentation fault occurs in Asterisk with
      an invalid SDP media format description
      (Reported by Sandro Gauci)
* ASTERISK-27618 - Crash occurs when sending a repeated number
      of INVITE messages over TCP or TLS transport
      (Reported by Sandro Gauci)
* ASTERISK-27640 - SUBSCRIBE message with a large Accept value
      causes stack corruption
      (Reported by Sandro Gauci)

New Features made in this release:
-----------------------------------
* ASTERISK-27117 - core: Add support for timelen parsing to
      ast_parse_arg and ACO.
      (Reported by Corey Farrell)

Bugs fixed in this release:
-----------------------------------
* ASTERISK-27703 - AMI Action VoicemailUsersList returns 0
      MessageCount
      (Reported by S辿bastien Duthil)
* ASTERISK-24386 - Asterisk "doc/lang/language-criteria.txt"
      needs update or removal.
      (Reported by Rusty Newton)
* ASTERISK-27689 - [patch] rtp_engine: Load format name / mime
      type in uppercase again.
      (Reported by Alexander Traud)
* ASTERISK-27679 - res_pjsip: Endpoint destruction does not
      free DTLS configuration
      (Reported by Mak Dee)
* ASTERISK-27684 - [patch] install_prereq: Update OpenBSD libraries.
      (Reported by Alexander Traud)
* ASTERISK-27681 - [patch] BuildSystem: Enable IMAP storage on OpenBSD.
      (Reported by Alexander Traud)
* ASTERISK-27680 - [patch] res_calendar: Specialized calendars
      depend on symbols of general calendar.
      (Reported by Alexander Traud)
* ASTERISK-27677 - [patch] BuildSystem: Enable system provided
      libedit on OpenBSD.
      (Reported by Alexander Traud)
* ASTERISK-27670 - [patch] BuildSystem: Remove chan_h323 leftovers.
      (Reported by Alexander Traud)
* ASTERISK-27595 - [patch] BuildSystem: Invoke ldconfig with previous paths.
      (Reported by Alexander Traud)
* ASTERISK-27631 - [patch] BuildSystem: Do not warn when bash
      is not installed.
      (Reported by Alexander Traud)
* ASTERISK-27666 - chan_sip: Crash processing CANCEL request
      (Reported by Leandro Dardini)
* ASTERISK-27584 - Internal pjproject build doesn't disable bcg729
      (Reported by Stuart Henderson)
* ASTERISK-27669 - [patch] codecs: Add support for WebRTC iLBC 2.0.
      (Reported by Alexander Traud)
* ASTERISK-27642 - [patch] backtrace: Avoid
      -Wlogical-not-parentheses.
      (Reported by Alexander Traud)
* ASTERISK-27555 - [patch] install_prereq: Update Debian/Ubuntu libraries.
      (Reported by Alexander Traud)
* ASTERISK-27656 - CDR: Leaking channel snapshots allocated by
      stasis_channel.c
      (Reported by Kristijan Vrban)
* ASTERISK-27426 - chan_console: cannot read and write at the
      same time with alsa backend
      (Reported by Tzafrir Cohen)
* ASTERISK-27621 - (null) string tailing after AsyncAGIEnd AMI event
      (Reported by sungtae kim)
* ASTERISK-27652 - Null pointer Crash in PJSIP MWI
      (Reported by Joshua Elson)
* ASTERISK-27612 - Subscriptions Persist After Expiration and
      TCP/TLS Disconnect
      (Reported by Ross Beer)
* ASTERISK-27571 - res_pjsip: If SIP response is received
      during shutdown a crash may occur
      (Reported by Joshua Colp)
* ASTERISK-27637 - [patch] BuildSystem: Enable autotools in FreeBSD.
      (Reported by Alexander Traud)
* ASTERISK-27635 - [patch] app_voicemail: Avoid always true
      warnings with clang.
      (Reported by Alexander Traud)
* ASTERISK-27599 - [patch] install_prereq: Update
      RHEL/CentOS/Fedora libraries.
      (Reported by Alexander Traud)
* ASTERISK-26563 - core: macOS devmode build fails: variable
      'freeswap' set but not used
      (Reported by David M. Lee)
* ASTERISK-27630 - [patch] editline: Avoid shifting a negative signed value.
      (Reported by Alexander Traud)
* ASTERISK-16172 - Problems with siren14 codec; problems with
      siren7 sound files.
      (Reported by Steve Murphy)
* ASTERISK-16951 - [patch] configure.ac in 1.4.37 broken with autoconf 2.60
      (Reported by St辿phan Kochen)
* ASTERISK-27603 - [patch] install_prereq: Download latest Jansson.
      (Reported by Alexander Traud)
* ASTERISK-27607 - [patch] res_config_mysql: Avoid the header mysql_version.h.
      (Reported by Alexander Traud)
* ASTERISK-24598 - When running
      ./contrib/scripts/install_prereq install-unpackaged pjproject is
      installed in wrong place
      (Reported by PowerPBX)
* ASTERISK-27602 - [patch] BuildSystem: AC_CONFIG_AUX_DIR needs a directory.
      (Reported by Alexander Traud)
* ASTERISK-27600 - [patch] BuildSystem: Allow make clean all again.
      (Reported by Alexander Traud)
* ASTERISK-27598 - [patch] install_prereq: Support package manager DNF.
      (Reported by Alexander Traud)
* ASTERISK-26596 - Placing call on hold temporarily locks up set
      (Reported by Igor Goncharovsky)
* ASTERISK-27596 - [patch] BuildSystem: Use the detected name
      for MD5 everywhere.
      (Reported by Alexander Traud)
* ASTERISK-27594 - [patch] BuildSystem: Invoke install not in
      GNU but POSIX style.
      (Reported by Alexander Traud)
* ASTERISK-27593 - [patch] BuildSystem: In OpenBSD, xmlstarlet is xml.
      (Reported by Alexander Traud)
* ASTERISK-27592 - [patch] BuildSystem: Detect external library
      Lua in version 5.3.
      (Reported by Alexander Traud)
* ASTERISK-26832 - res_pjsip: Segfault when calling
      pjsip_hdr_print_on in sip_msg.c:581
      (Reported by Ross Beer)
* ASTERISK-27589 - [patch] BuildSystem: Avoid $EUID and use id -u instead.
      (Reported by Alexander Traud)
* ASTERISK-27575 - menuselect : remove obsolete TRACE_FRAMES
      compiler flag
      (Reported by Jean Aunis - Prescom)
* ASTERISK-27576 - [patch] res_config_pgsql: Avoid typecasting
      an int to unsigned char.
      (Reported by Alexander Traud)
* ASTERISK-27560 - [patch] clang 5 does not know
      -Wno-format-truncation
      (Reported by Alexander Traud)
* ASTERISK-27578 - [patch] app_osplookup.c: Avoid a format truncation.
      (Reported by Alexander Traud)
* ASTERISK-27577 - [patch] chan_ooh323: Avoid typecasting an
      int to unsigned short.
      (Reported by Alexander Traud)
* ASTERISK-27491 - res_pjsip_endpoint_identifier_ip only
      matches against header if match by ip fails
      (Reported by George Joseph)
* ASTERISK-27549 - [patch] translate: Avoid absolute value on
      unsigned substraction.
      (Reported by Alexander Traud)
* ASTERISK-27553 - [patch] res_curl: Avoid error message on unload.
      (Reported by Alexander Traud)
* ASTERISK-27557 - [patch] clang 5.0: implicit conversion to
      char changes value to negative.
      (Reported by Alexander Traud)
* ASTERISK-27559 - [patch] editline: Avoid comparison between
      pointer and zero character constant.
      (Reported by Alexander Traud)
* ASTERISK-27558 - [patch] codec_gsm: Avoid shifting a negative signed value.
      (Reported by Alexander Traud)
* ASTERISK-25329 - Asterisk configure fails on 'cannot find
      ptlib-config', despite ptlib-config existing
      (Reported by Rusty Newton)
* ASTERISK-27552 - [patch] chan_ooh323: Limit outgoinglimit to
      positive values as intended.
      (Reported by Alexander Traud)
* ASTERISK-27551 - [patch] ooh323cDriver: Fix typo in header guard.
      (Reported by Alexander Traud)
* ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf.
      (Reported by Alexander Traud)
* ASTERISK-27539 - 'cdr submit' fails: batch mode not enabled.
      (Reported by Tzafrir Cohen)
* ASTERISK-27498 - ICE candidate parser - ICE foundation
      parsing too short
      (Reported by Michele Pr� )
* ASTERISK-27366 - Asterisk Turkish Language Set Problem
      (Reported by Halil 聴brahim YILDIZ)
* ASTERISK-23133 - Documentation fix - MASTER_CHANNEL Unexpected Behaviour
      (Reported by Shane Mitchell)
* ASTERISK-27531 - Compiler optimizations can break module load sequence.
      (Reported by abelbeck)
* ASTERISK-27480 - Security: Authenticated SUBSCRIBE without
      Contact crashes asterisk
      (Reported by Ross Beer)
* ASTERISK-24198 - Typo's
      (Reported by Walter Doekes)
* ASTERISK-27229 - bridge: Old channel video source not set to
      NULL after unref
      (Reported by Richard Kenner)

Improvements made in this release:
-----------------------------------
* ASTERISK-27683 - [patch] BuildSystem: Allow newer autotools on OpenBSD.
      (Reported by Alexander Traud)
* ASTERISK-27651 - app_confbridge: Add Muted to ConfbridgeJoin
      and channel snapshot headers to ConfbridgeList AMI events
      (Reported by Richard Mudgett)
* ASTERISK-27647 - app_confbridge/bridge_softmix: When channel
      muted report talking stopped if was talking.
      (Reported by Richard Mudgett)
* ASTERISK-27084 - Reduce verbosity while loading PBX extensions.
      (Reported by Ludovic Gasc (Eyepea))
* ASTERISK-24372 - [patch] Add config option to play a prompt
      to the "winner" in app_followme
      (Reported by Graham Mainwaring)
* ASTERISK-27461 - 3PCC patch for AMI "SIPnotify"
      (Reported by Yasuhiko Kamata)
* ASTERISK-27348 - [patch]contrib/scripts: add a way to migrate
      from chan_sip to chan_pjsip realtime
      (Reported by Torrey Searle)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.20.0

-----

The Asterisk Development Team would like to announce security
releases for Asterisk 13, 14 and 15, and Certified Asterisk 13.18.
The available releases are released as versions 13.19.2, 14.7.6,
15.2.2 and 13.18-cert3.

The following security vulnerabilities were resolved in these versions:

* AST-2018-001: Crash when receiving unnegotiated dynamic payload
  The RTP support in Asterisk maintains its own registry of dynamic codecs and
  desired payload numbers. While an SDP negotiation may result in a codec using
  a different payload number these desired ones are still stored internally.
  When an RTP packet was received this registry would be consulted if the
  payload number was not found in the negotiated SDP. This registry was
  incorrectly consulted for all packets, even those which are dynamic. If the
  payload number resulted in a codec of a different type than the RTP stream
  (for example the payload number resulted in a video codec but the stream
  carried audio) a crash could occur if no stream of that type had been
  negotiated. This was due to the code incorrectly assuming that a stream of the
  type would always exist.

* AST-2018-002: Crash when given an invalid SDP media format description
  By crafting an SDP message with an invalid media format description Asterisk
  crashes when using the pjsip channel driver because pjproject's sdp parsing
  algorithm fails to catch the invalid media format description.

* AST-2018-003: Crash with an invalid SDP fmtp attribute
  By crafting an SDP message body with an invalid fmtp attribute Asterisk
  crashes when using the pjsip channel driver because pjproject's fmtp retrieval
  function fails to check if fmtp value is empty (set empty if previously parsed
  as invalid).

* AST-2018-004: Crash when receiving SUBSCRIBE request
  When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the
  accepted formats present in the Accept headers of the request. This code did
  not limit the number of headers it processed despite having a fixed limit of
  32. If more than 32 Accept headers were present the code would write outside
  of its memory and cause a crash.

* AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
  A crash occurs when a number of authenticated INVITE messages are sent over
  TCP or TLS and then the connection is suddenly closed. This issue leads to a
  segmentation fault.

* AST-2018-006: WebSocket frames with 0 sized payload causes DoS
  When reading a websocket, the length was not being checked. If a payload of
  length 0 was read, it would result in a busy loop that waited for the
  underlying connection to close.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.19.2

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2018-001.pdf
https://downloads.asterisk.org/pub/security/AST-2018-002.pdf
https://downloads.asterisk.org/pub/security/AST-2018-003.pdf
https://downloads.asterisk.org/pub/security/AST-2018-004.pdf
https://downloads.asterisk.org/pub/security/AST-2018-005.pdf
https://downloads.asterisk.org/pub/security/AST-2018-006.pdf

-----

The release of Asterisk 13.19.1 resolves an issue reported by the
community and would have not been possible without your participation.

Thank you!

The following issue is resolved in this release:

Bugs fixed in this release:
-----------------------------------
* ASTERISK-27656 - CDR: Leaking channel snapshots allocated by
      stasis_channel.c
      (Reported by Kristijan Vrban)

For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.19.1

(jnemeth)