search for: res_http_websocket

Hello asterisk users, Compiled asterisk-11.13.0 on openSUSE 13.1, however Channel driver chan_sip is XXX in menuselect --- it depends on: chan_local(M), res_crypto(M), res_http_websocket(M) chan_local is [*] chan_local in menuselect, res_crypto is in Resource Modules, Depends on: openssl(E) --- I don't know what (E) means ??? res_http_websocket is [*] res_http_websocket in menuselect. So this means that openssl(E) is holding everything? Can someone give me some...

...20, 2018 Advisory Contact Rmudgett AT digium DOT com CVE Name CVE-2018-17281 Description There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker’s request causes Asterisk to run out of stack sp...

...10 December 2014 Last Updated On December 10, 2014 Advisory Contact Joshua Colp <jcolp AT digium DOT com> CVE Name Description When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would s...

...10 December 2014 Last Updated On December 10, 2014 Advisory Contact Joshua Colp <jcolp AT digium DOT com> CVE Name Description When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would s...

...lo) * ASTERISK-28250 - build: Cross-compilation fails for target arm-linux-gnueabihf (Reported by Jean Aunis - Prescom) * ASTERISK-28156 - Race condition involving session->media (res_pjsip_session) leads to crash. (Reported by Paulo Vicentini) * ASTERISK-28257 - res_http_websocket: PING / PONG opcodes break data reception (Reported by Jeremy Lain��) * ASTERISK-28252 - HangupHandler manager events are never thrown (Reported by Gerald Schnabel) * ASTERISK-28231 - res_http_websocket: Not responding to Connection Close Frame (opcode 8) (Repo...

...orted by Ray) * ASTERISK-28263 - codec_opus: errors setting max_playback_rate and bitrate to "sdp" (Reported by Gianluca Merlo) * ASTERISK-28250 - build: Cross-compilation fails for target arm-linux-gnueabihf (Reported by Jean Aunis - Prescom) * ASTERISK-28257 - res_http_websocket: PING / PONG opcodes break data reception (Reported by Jeremy Lain��) * ASTERISK-28252 - HangupHandler manager events are never thrown (Reported by Gerald Schnabel) * ASTERISK-28249 - res_monitor: Segfault with Monitor(wav,file,i) (Reported by Valentin Vidi��)...

...ted to Asterisk the machine the latest incarnation of this configuration has been updated to Debian Buster and thus to Asterisk 16. Since this upgrade I have a dependency problem related to res_rtp_asterisk.so. So the old config was: [modules] autoload=no load => res_rtp_asterisk.so load => res_http_websocket.so load => chan_local.so load => codec_ulaw.so load => codec_alaw.so load => pbx_config.so load => chan_sip.so load => app_dial.so load => func_callerid.so load => func_cut.so load => func_logic.so [global] Since Asterisk 16 (Debian Buster version) I have a dependency...

On 04/24/2018 09:08 AM, Matt Fredrickson wrote: > On Tue, Apr 24, 2018 at 10:54 AM, Bruce Ferrell <bferrell at baywinds.org> wrote: >> A while back (last year maybe?), there was a Digium blog post on setting up >> WebRTC. >> >> I was never able to get that working. >> >> I was working with Asterisk 15 on a RHEL derived distro and had no idea of >>

...These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability: * AST-2014-019: Remote Crash Vulnerability in WebSocket Server When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the sessio...

...ASTERISK-28995 - res_pjsip_registrar: Expires on statically configured contacts is not correct (Reported by tootai) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.36.0 Thank you for your continued support of...

...ported by tootai) * ASTERISK-28987 - BridgeCreated ARI event shows wrong video_mode info (Reported by sungtae kim) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-16.13.0 Thank you for your continued support of...

...ported by tootai) * ASTERISK-28987 - BridgeCreated ARI event shows wrong video_mode info (Reported by sungtae kim) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-17.7.0 Thank you for your continued support of A...

...p: Fix a bug causing SIP reloads to remove all entries from the registry (Closes issue ASTERISK-20611. Reported by Alisher) * --- confbridge: Fix a bug which made conferences not record with AMI/CLI commands (Closes issue ASTERISK-20601. Reported by Vilius) * --- Fix an issue with res_http_websocket where the chan_sip WebSocket handler could not be registered. (Closes issue ASTERISK-20631. Reported by danjenkins) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1 Thank you for your continued sup...

Hi, i am trying to install asterisk newer version on the Elastix machine, but while installing the chan_sip,c module is not building while make. when i see in make menuselect options it showing "XXX" -- extended , please let me know how to enable it and make build chan_sip module. -- Upendra -------------- next part -------------- An HTML attachment was scrubbed... URL:

...These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolves the following security vulnerability: * AST-2014-019: Remote Crash Vulnerability in WebSocket Server When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the sessio...

...ed by Lorne Gaetz) * ASTERISK-25320 - chan_sip.c: sip_report_security_event searches for wrong or non existent peer on invite (Reported by Kevin Harwell) * ASTERISK-25315 - DAHDI channels send shortened duration DTMF tones. (Reported by Richard Mudgett) * ASTERISK-25312 - res_http_websocket: Terminate connection on fatal cases (Reported by Joshua Colp) * ASTERISK-25265 - [patch]DTLS Failure when calling WebRTC-peer on Firefox 39 - add ECDH support and fallback to prime256v1 (Reported by Stefan Engstr??m) Improvements made in this release: --------------------------...

...rg/pub/telephony/asterisk/releases https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases The following security vulnerabilities were resolved in these versions: * AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attacker���s request causes Asterisk to run out of stack space and crash. For a full list of changes in the current releases, please see the Chan...

...ASTERISK-28995 - res_pjsip_registrar: Expires on statically configured contacts is not correct (Reported by tootai) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.36.0 Thank you for your continued support of...

...ported by tootai) * ASTERISK-28987 - BridgeCreated ARI event shows wrong video_mode info (Reported by sungtae kim) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-16.13.0 Thank you for your continued support of...

...ported by tootai) * ASTERISK-28987 - BridgeCreated ARI event shows wrong video_mode info (Reported by sungtae kim) * ASTERISK-28978 - acl: named_acl rule misconfiguration results in segfault on reading rule from realtime (Reported by Andrew Yager) * ASTERISK-28975 - res_http_websocket: Text payload data doesn't necessary include trailing zero (Reported by Nickolay V. Shmyrev) For a full list of changes in this release, please see the ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-17.7.0 Thank you for your continued support of A...