[asterisk-users] Oddity with FFA

[Mike Diehl]

Hi all,

For the most part, we are finding that Fax for Asterisk works pretty
well.  However, we have seen some wierdness that we'd like to try to
fix.

Once in a while, we will get a partial result report for a given fax
but when we look at the actual .tiff image, it looks to be complete.
This is causing our users to not get a positive acknowledgement when
they send the fax.

Is there anything we can do to mitigate this?

Mike.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Oddity with FFA

[Steve Underwood]

On 03/11/2014 12:36 AM, Mike Diehl wrote:

Hi all,

For the most part, we are finding that Fax for Asterisk works pretty
well.  However, we have seen some wierdness that we'd like to try to
fix.

Once in a while, we will get a partial result report for a given fax
but when we look at the actual .tiff image, it looks to be complete.
This is causing our users to not get a positive acknowledgement when
they send the fax.

Is there anything we can do to mitigate this?

Mike.

How do you know the FAX is complete? If a page was received, the sending 
machine said more pages were to follow, and then it dropped the call, is 
that a complete FAX?


Steve


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Oddity with FFA

[jg]

One of my customers had this problem. The cause turned out to be the other side (one particular 
remote station).


In addition to res_fax, I also installed the Hylafax/iaxmodem combo. Hylafax has the advantage 
of giving nice logs about the signaling. This way it was easy to see what was going on, but I 
have forgotten the details meanwhile.


jg

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Oddity with FFA

[Administrator TOOTAI]

Hi

Le 10/03/2014 17:36, Mike Diehl a écrit :

Hi all,

For the most part, we are finding that Fax for Asterisk works pretty
well.  However, we have seen some wierdness that we'd like to try to
fix.

Once in a while, we will get a partial result report for a given fax
but when we look at the actual .tiff image, it looks to be complete.
This is causing our users to not get a positive acknowledgement when
they send the fax.

Is there anything we can do to mitigate this?


We also faced from time to time a reception problem and improve it like 
this: after faxreceive, if faxopt(status) is different to SUCCESS we 
check if faxpages is greater than zero, if yes, if faxopt(error) = 
NO_ERROR. In this case we consider that fax is well received. Asterisk 1.8


--
Daniel

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] ConfBridge 11.7 and 11.8

[Jerry Geis]

11.7 is working fine for me.

I put on 11.8 and my "confbridge" that should be "muted"
to users now sounds un-muted or like I am getting feedback.

Did something change there???

Jerry
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Oddity with FFA

[Mike Diehl]

Steve,

I BELIEVE the fax is complete because the fax image is a form that appears
to only be a single page.

But, since FFA isn't providing acknowledgement, the sending fax machine is
resending the document multiple times!

Mike.


On Mon, Mar 10, 2014 at 12:49 PM, Steve Underwood wrote:

> On 03/11/2014 12:36 AM, Mike Diehl wrote:
>
>> Hi all,
>>
>> For the most part, we are finding that Fax for Asterisk works pretty
>> well.  However, we have seen some wierdness that we'd like to try to
>> fix.
>>
>> Once in a while, we will get a partial result report for a given fax
>> but when we look at the actual .tiff image, it looks to be complete.
>> This is causing our users to not get a positive acknowledgement when
>> they send the fax.
>>
>> Is there anything we can do to mitigate this?
>>
>> Mike.
>>
>>  How do you know the FAX is complete? If a page was received, the sending
> machine said more pages were to follow, and then it dropped the call, is
> that a complete FAX?
>
> Steve
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>   http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Remote extensions call drops after 20 seconds.

[alp...@gmail.com]

Guys, hi. I have not solved the problem. Outgoing calls to remote
extensions drops on 5-20 seconds. Incoming calls work perfectly.

Hope you can help me. Attach updated logs: http://pastebin.com/HmKEDAUq

Thanks,


On Thu, Dec 19, 2013 at 8:48 AM, Eric Wieling  wrote:

> See sip.conf.sample in the Asterisk tarball for documentation of valid
> settings.
>
> -Original Message-
> From: asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
> Sent: Wednesday, December 18, 2013 9:30 PM
> To: and...@telesip.net; Asterisk Users Mailing List - Non-Commercial
> Discussion
> Subject: Re: [asterisk-users] Remote extensions call drops after 20
> seconds.
>
> I set canreinvite=very  in the remote extension, and now the call not
> drops. Valid solution?
>
>
> On Wed, Dec 18, 2013 at 6:38 PM, Andres  wrote:
>
>
> On 12/18/13, 3:09 PM, alp...@gmail.com wrote:
>
>
> Hello. I have a problem with the configuration of a remote
> extensions. Calls are truncated at 20 seconds.
>
> I got my my NAT firewall properly configured. Here I
> attached my debug in CLI: http://pastebin.com/gh34E69f
>
>
> When the call is setup I see your Asterisk retransmitting the
> "SIP/2.0 200 OK" packet many times and getting no response.  The other end
> needs to receive the packet and generate an "ACK".  You need to trace where
> that packet is going and figure out why it is not reaching its target, or
> if it is, then why is the ACK not making it back.  Thats your problem.
>
>
> Thank you!
>
> --
>
> Allan Porras
> http://allanPorras.com 
> Google Plus: http://goo.gl/BRkbX
>
> Twitter: @alpocr 
>
>
>
>
>
>
>
>
>
> --
> Technical Support
> http://www.cellroute.net
>
> --
>
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com--
> New to Asterisk? Join us for a live introductory webinar every
> Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
>
> --
>
> Allan Porras
> http://allanPorras.com  Google Plus:
> http://goo.gl/BRkbX
>
> Twitter: @alpocr 
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Allan Porras
http://allanPorras.com 
Google Plus: http://goo.gl/BRkbX
Twitter: @alpocr 
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Remote extensions call drops after 20 seconds.

[Eric Wieling]

Try ulaw instead of g729, set directmedia=no

I see you are using FreePBX.  I cannot help further.
 

-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
Sent: Monday, March 10, 2014 4:15 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Cc: and...@telesip.net
Subject: Re: [asterisk-users] Remote extensions call drops after 20 seconds.

Guys, hi. I have not solved the problem. Outgoing calls to remote extensions 
drops on 5-20 seconds. Incoming calls work perfectly. 

Hope you can help me. Attach updated logs: http://pastebin.com/HmKEDAUq

Thanks,


On Thu, Dec 19, 2013 at 8:48 AM, Eric Wieling  wrote:


See sip.conf.sample in the Asterisk tarball for documentation of valid 
settings.


-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com

Sent: Wednesday, December 18, 2013 9:30 PM
To: and...@telesip.net; Asterisk Users Mailing List - Non-Commercial 
Discussion
Subject: Re: [asterisk-users] Remote extensions call drops after 20 
seconds.


I set canreinvite=very  in the remote extension, and now the call not 
drops. Valid solution?


On Wed, Dec 18, 2013 at 6:38 PM, Andres  wrote:


On 12/18/13, 3:09 PM, alp...@gmail.com wrote:


Hello. I have a problem with the configuration of a 
remote extensions. Calls are truncated at 20 seconds.

I got my my NAT firewall properly configured. Here I 
attached my debug in CLI: http://pastebin.com/gh34E69f


When the call is setup I see your Asterisk retransmitting the 
"SIP/2.0 200 OK" packet many times and getting no response.  The other end 
needs to receive the packet and generate an "ACK".  You need to trace where 
that packet is going and figure out why it is not reaching its target, or if it 
is, then why is the ACK not making it back.  Thats your problem.


Thank you!

--

Allan Porras

http://allanPorras.com 
Google Plus: http://goo.gl/BRkbX

Twitter: @alpocr 










--
Technical Support
http://www.cellroute.net

--

_
-- Bandwidth and Colocation Provided by 
http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every 
Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





--

Allan Porras

http://allanPorras.com  Google Plus: 
http://goo.gl/BRkbX

Twitter: @alpocr 




--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users





-- 

Allan Porras
http://allanPorras.com  Google Plus: 
http://goo.gl/BRkbX  

Twitter: @alpocr  



-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Remote extensions call drops after 20 seconds.

[alp...@gmail.com]

Yes, well, really is Elastix.   Hmmm where I need to pt directmedia=no ?

Thanks,


On Mon, Mar 10, 2014 at 2:38 PM, Eric Wieling  wrote:

> Try ulaw instead of g729, set directmedia=no
>
> I see you are using FreePBX.  I cannot help further.
>
>
> -Original Message-
> From: asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
> Sent: Monday, March 10, 2014 4:15 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Cc: and...@telesip.net
> Subject: Re: [asterisk-users] Remote extensions call drops after 20
> seconds.
>
> Guys, hi. I have not solved the problem. Outgoing calls to remote
> extensions drops on 5-20 seconds. Incoming calls work perfectly.
>
> Hope you can help me. Attach updated logs: http://pastebin.com/HmKEDAUq
>
> Thanks,
>
>
> On Thu, Dec 19, 2013 at 8:48 AM, Eric Wieling  wrote:
>
>
> See sip.conf.sample in the Asterisk tarball for documentation of
> valid settings.
>
>
> -Original Message-
> From: asterisk-users-boun...@lists.digium.com [mailto:
> asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
>
> Sent: Wednesday, December 18, 2013 9:30 PM
> To: and...@telesip.net; Asterisk Users Mailing List -
> Non-Commercial Discussion
> Subject: Re: [asterisk-users] Remote extensions call drops after
> 20 seconds.
>
>
> I set canreinvite=very  in the remote extension, and now the call
> not drops. Valid solution?
>
>
> On Wed, Dec 18, 2013 at 6:38 PM, Andres 
> wrote:
>
>
> On 12/18/13, 3:09 PM, alp...@gmail.com wrote:
>
>
> Hello. I have a problem with the configuration of
> a remote extensions. Calls are truncated at 20 seconds.
>
> I got my my NAT firewall properly configured. Here
> I attached my debug in CLI: http://pastebin.com/gh34E69f
>
>
> When the call is setup I see your Asterisk retransmitting
> the "SIP/2.0 200 OK" packet many times and getting no response.  The other
> end needs to receive the packet and generate an "ACK".  You need to trace
> where that packet is going and figure out why it is not reaching its
> target, or if it is, then why is the ACK not making it back.  Thats your
> problem.
>
>
> Thank you!
>
> --
>
> Allan Porras
>
> http://allanPorras.com  >
> Google Plus: http://goo.gl/BRkbX
>
> Twitter: @alpocr 
>
>
>
>
>
>
>
>
>
>
> --
> Technical Support
> http://www.cellroute.net
>
> --
>
> _
> -- Bandwidth and Colocation Provided by
> http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar
> every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
>
> --
>
> Allan Porras
>
> http://allanPorras.com  Google Plus:
> http://goo.gl/BRkbX
>
> Twitter: @alpocr 
>
>
>
>
> --
>
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com--
> New to Asterisk? Join us for a live introductory webinar every
> Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
>
> --
>
> Allan Porras
> http://allanPorras.com  Google Plus:
> http://goo.gl/BRkbX
>
> Twitter: @alpocr 
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Allan Porras
http://allanPorras.com 
Google Plus: http://goo.gl/BRkbX
Twitter: @alpocr 
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options v

[asterisk-users] Asterisk 1.8.15-cert5, 1.8.26.1, 11.6-cert2, 11.8.1, 12.1.1 Now Available (Security Release)

[Asterisk Development Team]

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security
releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1,
and 12.1.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolve the following issues:

* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.

  Sending a HTTP request that is handled by Asterisk with a large number of
  Cookie headers could overflow the stack.

  Another vulnerability along similar lines is any HTTP request with a
  ridiculous number of headers in the request could exhaust system memory.

* AST-2014-002: chan_sip: Exit early on bad session timers request

  This change allows chan_sip to avoid creation of the channel and
  consumption of associated file descriptors altogether if the inbound
  request is going to be rejected anyway.

Additionally, the release of 12.1.1 resolves the following issue:

* AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a
  request will have an endpoint.

  This change removes the assumption that an outgoing request will always
  have an endpoint and makes the authenticate_qualify option work once again.

Finally, a security advisory, AST-2014-004, was released for a vulnerability
fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to
12.1.1 to resolve both vulnerabilities.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-003.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-004.pdf

Thank you for your continued support of Asterisk!



-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] AST-2014-002: Denial of Service Through File Descriptor Exhaustion with chan_sip Session-Timers

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-002

 ProductAsterisk  
 SummaryDenial of Service Through File Descriptor Exhaustion  
with chan_sip Session-Timers  
Nature of Advisory  Denial of Service 
  SusceptibilityRemote Authenticated or Anonymous Sessions
 Severity   Moderate  
  Exploits KnownNo
   Reported On  2014/02/25
   Reported By  Corey Farrell 
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Kinsey Moore
 CVE Name   CVE-2014-2287 

Description  An attacker can use all available file descriptors using 
 SIP INVITE requests. 
  
 Knowledge required to achieve the attack:
  
 * Valid account credentials or anonymous dial in 
  
 * A valid extension that can be dialed from the SIP account  
  
 Trigger conditions:  
  
 * chan_sip configured with "session-timers" set to   
 "originate" or "accept"  
  
 ** The INVITE request must contain either a Session-Expires  
 or a Min-SE header with malformed values or values   
 disallowed by the system's configuration.
  
 * chan_sip configured with "session-timers" set to "refuse"  
  
 ** The INVITE request must offer "timer" in the "Supported"  
 header   
  
 Asterisk will respond with code 400, 420, or 422 for 
 INVITEs meeting this criteria. Each INVITE meeting these 
 conditions will leak a channel and several file  
 descriptors. The file descriptors cannot be released 
 without restarting Asterisk which may allow intrusion
 detection systems to be bypassed by sending the requests 
 slowly.  

Resolution  Upgrade to a version with the patch integrated or apply the   
appropriate patch.

   Affected Versions
 Product   Release Series  
  Asterisk Open Source 1.8.x   All
  Asterisk Open Source  11.x   All
  Asterisk Open Source  12.x   All
   Certified Asterisk  1.8.15  All
   Certified Asterisk   11.6   All

  Corrected In  
 Product  Release 
Asterisk Open Source 1.8.x1.8.26.1
Asterisk Open Source 11.x  11.8.1 
Asterisk Open Source 12.x  12.1.1 
Certified Asterisk 1.8.15   1.8.15-cert5  
 Certified Asterisk 11.6 11.6-cert2   

  Patches  
 SVN URL   Revision 
 
   http://downloads.asterisk.org/pub/security/AST-2014-002-1.8.diffAsterisk 
 
   1.8  
 
   http://downloads.asterisk.org/pub/security/AST-2014-

[asterisk-users] AST-2014-001: Stack Overflow in HTTP Processing of Cookie Headers.

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-001

 ProductAsterisk  
 SummaryStack Overflow in HTTP Processing of Cookie Headers.  
Nature of Advisory  Denial Of Service 
  SusceptibilityRemote Unauthenticated Sessions   
 Severity   Moderate  
  Exploits KnownNo
   Reported On  February 21, 2014 
   Reported By  Lucas Molas, researcher at Programa STIC, Fundacion   
  
Dr. Manuel Sadosky, Buenos Aires, Argentina   
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Richard Mudgett   
 CVE Name   CVE-2014-2286 

Description  Sending a HTTP request that is handled by Asterisk with a
 large number of Cookie headers could overflow the stack. 
 You could even exhaust memory if you sent an unlimited   
 number of headers in the request.

Resolution  The patched versions now handle headers in a fashion that 
prevents a stack overflow. Users should upgrade to a  
corrected version, apply the released patches, or disable 
HTTP support. 

   Affected Versions
Product  Release Series  
 Asterisk Open Source1.8.x   All versions 
 Asterisk Open Source 11.x   All versions 
 Asterisk Open Source 12.x   All versions 
  Certified Asterisk 1.8.x   All versions 
  Certified Asterisk  11.x   All versions 

  Corrected In
 Product  Release 
  Asterisk Open Source   1.8.26.1, 11.8.1, 12.1.1 
   Certified Asterisk1.8.15-cert5, 11.6-cert2 

  Patches  
 SVN URL   Revision 
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.diffAsterisk 
 
   1.8  
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-11.diff Asterisk 
 
   11   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-12.diff Asterisk 
 
   12   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-1.8.15.diff 
Certified 
   Asterisk 
 
   1.8.15   
 
   http://downloads.asterisk.org/pub/security/AST-2014-001-11.6.diff   
Certified 
   Asterisk 
 
   11.6 
 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23340   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-001.pdf and 
http://downloads.digium.com/pub/security/AST-2014-001.html

Revision History
  Date  Editor Revisions Made 
03/10/14   Richard Mudgett   Initial Revision.

   Asterisk Project Security Advisory - AST-2014-001
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a li

[asterisk-users] AST-2014-003: Remote Crash Vulnerability in PJSIP channel driver

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-003

  ProductAsterisk 
  SummaryRemote Crash Vulnerability in PJSIP channel driver   
Nature of Advisory   Denial of Service
  Susceptibility Remote Unauthenticated Sessions  
 SeverityModerate 
  Exploits Known No   
Reported On  January 29, 2014 
Reported By  Joshua Colp 
 Posted On   March 10, 2014   
  Last Updated OnMarch 10, 2014   
 Advisory ContactJoshua Colp 
 CVE NameCVE-2014-2288

Description  A remotely exploitable crash vulnerability exists in the 
 PJSIP channel driver if the "qualify_frequency"  
 configuration option is enabled on an AOR and the remote 
 SIP server challenges for authentication of the resulting
 OPTIONS request. The response handling code wrongly assumes  
 that a PJSIP endpoint will always be associated with an  
 outgoing request which is incorrect. 

Resolution  This patch adds a check when handling responses challenging   
for authentication. If no endpoint is associated with the 
request no retry with authentication will occur.  

   Affected Versions
 Product   Release Series  
  Asterisk Open Source  12.x   All

  Corrected In
  Product  Release
 Asterisk Open Source 12.x  12.1.1

Patches
   SVN URL  Revision  
   http://downloads.asterisk.org/pub/security/AST-2014-003-12.diff Asterisk   
   12 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23210   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-003.pdf and 
http://downloads.digium.com/pub/security/AST-2014-003.html

Revision History
  Date Editor  Revisions Made 
03/05/14   Joshua Colp  Document Creation 

   Asterisk Project Security Advisory - AST-2014-003
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] AST-2014-004: Remote Crash Vulnerability in PJSIP Channel Driver Subscription Handling

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-004

 ProductAsterisk  
 SummaryRemote Crash Vulnerability in PJSIP Channel Driver
Subscription Handling 
Nature of Advisory  Denial of Service 
  SusceptibilityRemote Authenticated Sessions 
 Severity   Moderate  
  Exploits KnownNo
   Reported On  January 14th, 2014
   Reported By  Mark Michelson
Posted On   March 10, 2014
 Last Updated OnMarch 10, 2014
 Advisory Contact   Matt Jordan
 CVE Name   CVE-2014-2289 

Description  A remotely exploitable crash vulnerability exists in the 
 PJSIP channel driver's handling of SUBSCRIBE requests. If a  
 SUBSCRIBE request is received for the presence Event, and
 that request has no Accept headers, Asterisk will attempt
 to access an invalid pointer to the header location. 
  
 Note that this issue was fixed during a re-architecture of   
 the res_pjsip_pubsub module in Asterisk 12.1.0. As such, 
 this issue has already been resolved in a released version   
 of Asterisk. This notification is being released for users   
 of Asterisk 12.0.0.  

Resolution  Upgrade to Asterisk 12.1.0, or apply the patch noted below
to Asterisk 12.0.0.   

   Affected Versions
 Product   Release Series  
  Asterisk Open Source  12.x   12.0.0 

  Corrected In  
 Product  Release 
   Asterisk Open Source12.1.0 

Patches
   SVN URL  Revision  
   http://downloads.asterisk.org/pub/security/AST-2014-004-12.diff Asterisk   
   12 

   Links https://issues.asterisk.org/jira/browse/ASTERISK-23139   

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-004.pdf and 
http://downloads.digium.com/pub/security/AST-2014-004.html

Revision History
  Date Editor  Revisions Made 
03/05/14   Matt Jordan  Initial Revision  

   Asterisk Project Security Advisory - AST-2014-004
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] asterisk11.5.1 module not load why ? any help

[Rusty Newton]

On Fri, Mar 7, 2014 at 12:38 AM, hkc323  wrote:
> ===
> Core was generated by `/usr/sbin/asterisk -f -vvvg -c'.
> Program terminated with signal 11, Segmentation fault.

For the developers who can interpret an Asterisk backtrace, they often
need more information than just the backtrace itself.

If you can reproduce the crash on the latest version of the 11 branch
then you'll want to follow the guidelines here
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines
and post the issue on the bug tracker. Be sure to provide instructions
and configuration that would allow us to reproduce the issue.

-- 
Rusty Newton
Digium, Inc. | Community Support Manager
445 Jan Davis Drive NW - Huntsville, AL 35806 - US
direct: +1 256 428 6200

Check us out at: http://digium.com & http://asterisk.org

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Remote extensions call drops after 20 seconds.

[Steve Totaro]

Check here:
http://www.freepbx.org/forum/freepbx/installation/incoming-calls-drop-30-seconds-on-fpbx-2-9-0-1-8-7-0

Thanks,
Steve Totaro


On Mon, Mar 10, 2014 at 4:43 PM, alp...@gmail.com  wrote:

> Yes, well, really is Elastix.   Hmmm where I need to pt directmedia=no ?
>
> Thanks,
>
>
> On Mon, Mar 10, 2014 at 2:38 PM, Eric Wieling  wrote:
>
>> Try ulaw instead of g729, set directmedia=no
>>
>> I see you are using FreePBX.  I cannot help further.
>>
>>
>> -Original Message-
>> From: asterisk-users-boun...@lists.digium.com [mailto:
>> asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
>> Sent: Monday, March 10, 2014 4:15 PM
>> To: Asterisk Users Mailing List - Non-Commercial Discussion
>> Cc: and...@telesip.net
>> Subject: Re: [asterisk-users] Remote extensions call drops after 20
>> seconds.
>>
>> Guys, hi. I have not solved the problem. Outgoing calls to remote
>> extensions drops on 5-20 seconds. Incoming calls work perfectly.
>>
>> Hope you can help me. Attach updated logs: http://pastebin.com/HmKEDAUq
>>
>> Thanks,
>>
>>
>> On Thu, Dec 19, 2013 at 8:48 AM, Eric Wieling  wrote:
>>
>>
>> See sip.conf.sample in the Asterisk tarball for documentation of
>> valid settings.
>>
>>
>> -Original Message-
>> From: asterisk-users-boun...@lists.digium.com [mailto:
>> asterisk-users-boun...@lists.digium.com] On Behalf Of alp...@gmail.com
>>
>> Sent: Wednesday, December 18, 2013 9:30 PM
>> To: and...@telesip.net; Asterisk Users Mailing List -
>> Non-Commercial Discussion
>> Subject: Re: [asterisk-users] Remote extensions call drops after
>> 20 seconds.
>>
>>
>> I set canreinvite=very  in the remote extension, and now the call
>> not drops. Valid solution?
>>
>>
>> On Wed, Dec 18, 2013 at 6:38 PM, Andres 
>> wrote:
>>
>>
>> On 12/18/13, 3:09 PM, alp...@gmail.com wrote:
>>
>>
>> Hello. I have a problem with the configuration of
>> a remote extensions. Calls are truncated at 20 seconds.
>>
>> I got my my NAT firewall properly configured.
>> Here I attached my debug in CLI: http://pastebin.com/gh34E69f
>>
>>
>> When the call is setup I see your Asterisk retransmitting
>> the "SIP/2.0 200 OK" packet many times and getting no response.  The other
>> end needs to receive the packet and generate an "ACK".  You need to trace
>> where that packet is going and figure out why it is not reaching its
>> target, or if it is, then why is the ACK not making it back.  Thats your
>> problem.
>>
>>
>> Thank you!
>>
>> --
>>
>> Allan Porras
>>
>> http://allanPorras.com <
>> http://www.AllanPorras.com>
>> Google Plus: http://goo.gl/BRkbX
>>
>> Twitter: @alpocr 
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>> Technical Support
>> http://www.cellroute.net
>>
>> --
>>
>> _
>> -- Bandwidth and Colocation Provided by
>> http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar
>> every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>>
>>
>> --
>>
>> Allan Porras
>>
>> http://allanPorras.com  Google Plus:
>> http://goo.gl/BRkbX
>>
>> Twitter: @alpocr 
>>
>>
>>
>>
>> --
>>
>> _
>> -- Bandwidth and Colocation Provided by
>> http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every
>> Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
>>
>>
>>
>> --
>>
>> Allan Porras
>> http://allanPorras.com  Google Plus:
>> http://goo.gl/BRkbX
>>
>> Twitter: @alpocr 
>>
>>
>>
>> --
>> _
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> Allan Porras
> http://allanPorras.com 
> Google Plus: http://goo.gl/BRkbX
>

[asterisk-users] what is actually a trunk in a sip trunk?

[Thomas Rechberger]

no trunking or bonding involved, so why just everybody calls this a trunk?


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] what is actually a trunk in a sip trunk?

[Adrian Serafini]

On 03/10/2014 07:39 PM, Thomas Rechberger wrote:

no trunking or bonding involved, so why just everybody calls this a trunk?


It is just another SIP peer.  You tend to route more than one extension 
down/from it.


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] what is actually a trunk in a sip trunk?

[Eric Wieling]

Because sometimes marketing overcomes technical correctness.   

-Original Message-
From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Thomas Rechberger
Sent: Monday, March 10, 2014 7:39 PM
To: asterisk-users@lists.digium.com
Subject: [asterisk-users] what is actually a trunk in a sip trunk?

no trunking or bonding involved, so why just everybody calls this a trunk?


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Oddity with FFA

[Steve Underwood]

Hi Mike,

If the sending machine keeps trying it might be the call has been hung 
up by asterisk before its own acknowledgement message has finished being 
sent. There have been bugs like this in the past, and people can be 
pretty casual about making changes which hang up aggressively. A FAX 
system should really wait for the final DCN message before 
disconnecting, to ensure both sides have seen what they need. Spandsp 
does that, but I am not sure about FFA.


Regards,
Steve

On 03/11/2014 03:03 AM, Mike Diehl wrote:

Steve,

I BELIEVE the fax is complete because the fax image is a form that 
appears to only be a single page.


But, since FFA isn't providing acknowledgement, the sending fax 
machine is resending the document multiple times!


Mike.


On Mon, Mar 10, 2014 at 12:49 PM, Steve Underwood > wrote:


On 03/11/2014 12:36 AM, Mike Diehl wrote:

Hi all,

For the most part, we are finding that Fax for Asterisk works
pretty
well.  However, we have seen some wierdness that we'd like to
try to
fix.

Once in a while, we will get a partial result report for a
given fax
but when we look at the actual .tiff image, it looks to be
complete.
This is causing our users to not get a positive
acknowledgement when
they send the fax.

Is there anything we can do to mitigate this?

Mike.

How do you know the FAX is complete? If a page was received, the
sending machine said more pages were to follow, and then it
dropped the call, is that a complete FAX?

Steve


-- 
_

-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users







--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
  http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] JABBER_STATUS issue

[Slava Bendersky]

Hello Everyone, 
I am using this bash script to pull resource id 
http://fpaste.org/84173/51169913/ 
this whole macro http://fpaste.org/84174/51176013/ 
that what I see when dialplan ran 
Executing [s@macro-missed-call-in:3] Set("SIP/babytel-0022", "RES=9c32ecc4 
-- ") in new stack 
-- Executing [s@macro-missed-call-in:4] GotoIf("SIP/babytel-0022", 
"0?unavailable") in new stac 
Here I reproduced error 7 
http://fpaste.org/84175/94512106/ 
If I will hardcode resource id it will work and report user online which is 1 


Any help thank you. 

Slava. 
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
   http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users