--- /dev/null
+<html><head><title>ChangeLog for asterisk-18.26.2</title></head><body>
+<h2>Change Log for Release asterisk-18.26.2</h2>
+<h3>Links:</h3>
+<ul>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.2.html">Full ChangeLog</a> </li>
+<li><a href="https://github.com/asterisk/asterisk/compare/18.26.1...18.26.2">GitHub Diff</a> </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.2.tar.gz">Tarball</a> </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk">Downloads</a> </li>
+</ul>
+<h3>Summary:</h3>
+<ul>
+<li>Commits: 2</li>
+<li>Commit Authors: 1</li>
+<li>Issues Resolved: 0</li>
+<li>Security Advisories Resolved: 2</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw">GHSA-2grh-7mhv-fcfw</a>: Using malformed From header can forge identity with ";" or NULL in name portion</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2">GHSA-c7p6-7mvq-8jq2</a>: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
+</ul>
+<h3>User Notes:</h3>
+<ul>
+<li>
+<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
+ A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.
+ Resolves: #GHSA-c7p6-7mvq-8jq2</li>
+</ul>
+<h3>Upgrade Notes:</h3>
+<h3>Commit Authors:</h3>
+<ul>
+<li>George Joseph: (2)</li>
+</ul>
+<h2>Issue and Commit Detail:</h2>
+<h3>Closed Issues:</h3>
+<ul>
+<li>!GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion</li>
+<li>!GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands</li>
+</ul>
+<h3>Commits By Author:</h3>
+<ul>
+<li>
+<h4>George Joseph (2):</h4>
+</li>
+<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
+<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
+</ul>
+<h3>Commit List:</h3>
+<ul>
+<li>asterisk.c: Add option to restrict shell access from remote consoles.</li>
+<li>res_pjsip_messaging.c: Mask control characters in received From display name</li>
+</ul>
+<h3>Commit Details:</h3>
+<h4>asterisk.c: Add option to restrict shell access from remote consoles.</h4>
+<p>Author: George Joseph
+ Date: 2025-05-19</p>
+<p>UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
+ been added that, when set, will prevent remote consoles from executing
+ shell commands using the '!' prefix.</p>
+<p>Resolves: #GHSA-c7p6-7mvq-8jq2</p>
+<h4>res_pjsip_messaging.c: Mask control characters in received From display name</h4>
+<p>Author: George Joseph
+ Date: 2025-03-24</p>
+<p>Incoming SIP MESSAGEs will now have their From header's display name
+ sanitized by replacing any characters < 32 (space) with a space.</p>
+<p>Resolves: #GHSA-2grh-7mhv-fcfw</p>
+</body></html>
--- /dev/null
+<html><head><title>Readme for asterisk-18.26.2</title></head><body>
+<h1>The Asterisk(R) Open Source PBX</h1>
+<pre><code class="language-text"> By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
+ Copyright (C) 2001-2021 Sangoma Technologies Corporation and other copyright holders.
+</code></pre>
+<h2>SECURITY</h2>
+<p>It is imperative that you read and fully understand the contents of
+the security information document before you attempt to configure and run
+an Asterisk server.</p>
+<p>See <a href="https://docs.asterisk.org/Deployment/Important-Security-Considerations/">Important Security Considerations</a> for more information.</p>
+<h2>WHAT IS ASTERISK ?</h2>
+<p>Asterisk is an Open Source PBX and telephony toolkit. It is, in a
+sense, middleware between Internet and telephony channels on the bottom,
+and Internet and telephony applications at the top. However, Asterisk supports
+more telephony interfaces than just Internet telephony. Asterisk also has a
+vast amount of support for traditional PSTN telephony, as well.</p>
+<p>For more information on the project itself, please visit the Asterisk
+<a href="https://www.asterisk.org">home page</a> and the official <a href="https://docs.asterisk.org/">documentation</a>. In addition you'll find lots
+of information compiled by the Asterisk community at <a href="http://www.voip-info.org/wiki-Asterisk">voip-info.org</a>.</p>
+<p>There is a book on Asterisk published by O'Reilly under the Creative Commons
+License. It is available in book stores as well as in a downloadable version on
+the <a href="http://www.asteriskdocs.org">asteriskdocs.org</a> web site.</p>
+<h2>SUPPORTED OPERATING SYSTEMS</h2>
+<h3>Linux</h3>
+<p>The Asterisk Open Source PBX is developed and tested primarily on the
+GNU/Linux operating system, and is supported on every major GNU/Linux
+distribution.</p>
+<h3>Others</h3>
+<p>Asterisk has also been 'ported' and reportedly runs properly on other
+operating systems as well, including Sun Solaris, Apple's Mac OS X, Cygwin,
+and the BSD variants.</p>
+<h2>GETTING STARTED</h2>
+<p>First, be sure you've got supported hardware (but note that you don't need
+ANY special hardware, not even a sound card) to install and run Asterisk.</p>
+<p>Supported telephony hardware includes:
+* All Analog and Digital Interface cards from <a href="https://www.sangoma.com/">Sangoma</a>
+* QuickNet Internet PhoneJack and LineJack
+* any full duplex sound card supported by ALSA, OSS, or PortAudio
+* any ISDN card supported by mISDN on Linux
+* The Xorcom Astribank channel bank
+* VoiceTronix OpenLine products</p>
+<h3>UPGRADING FROM AN EARLIER VERSION</h3>
+<p>If you are updating from a previous version of Asterisk, make sure you
+read the <a href="UPGRADE.txt">UPGRADE.txt</a> file in the source directory. There are some files
+and configuration options that you will have to change, even though we
+made every effort possible to maintain backwards compatibility.</p>
+<p>In order to discover new features to use, please check the configuration
+examples in the <a href="configs">configs</a> directory of the source code distribution. For a
+list of new features in this version of Asterisk, see the <a href="CHANGES">CHANGES</a> file.</p>
+<h3>NEW INSTALLATIONS</h3>
+<p>Ensure that your system contains a compatible compiler and development
+libraries. Asterisk requires either the GNU Compiler Collection (GCC) version
+4.1 or higher, or a compiler that supports the C99 specification and some of
+the gcc language extensions. In addition, your system needs to have the C
+library headers available, and the headers and libraries for ncurses.</p>
+<p>There are many modules that have additional dependencies. To see what
+libraries are being looked for, see <code>./configure --help</code>, or run
+<code>make menuselect</code> to view the dependencies for specific modules.</p>
+<p>On many distributions, these dependencies are installed by packages with names
+like 'glibc-devel', 'ncurses-devel', 'openssl-devel' and 'zlib-devel'
+or similar.</p>
+<p>So, let's proceed:
+1. Read this file.</p>
+<p>There are more documents than this one in the <a href="doc">doc</a> directory. You may also
+want to check the configuration files that contain examples and reference
+guides in the <a href="configs">configs</a> directory.</p>
+<ol>
+<li>Run <code>./configure</code></li>
+</ol>
+<p>Execute the configure script to guess values for system-dependent
+variables used during compilation. If the script indicates that some required
+components are missing, you can run <code>./contrib/scripts/install_prereq install</code>
+to install the necessary components. Note that this will install all dependencies for every functionality of Asterisk. After running the script, you will need
+to rerun <code>./configure</code>.</p>
+<ol>
+<li>Run <code>make menuselect</code> <em>[optional]</em></li>
+</ol>
+<p>This is needed if you want to select the modules that will be compiled and to
+check dependencies for various optional modules.</p>
+<ol>
+<li>Run <code>make</code></li>
+</ol>
+<p>Assuming the build completes successfully:</p>
+<ol>
+<li>Run <code>make install</code></li>
+</ol>
+<p>If this is your first time working with Asterisk, you may wish to install
+the sample PBX, with demonstration extensions, etc. If so, run:</p>
+<ol>
+<li>Run <code>make samples</code></li>
+</ol>
+<p>Doing so will overwrite any existing configuration files you have installed.</p>
+<ol>
+<li>Finally, you can launch Asterisk in the foreground mode (not a daemon) with:</li>
+</ol>
+<pre><code> # asterisk -vvvc
+</code></pre>
+<p>You'll see a bunch of verbose messages fly by your screen as Asterisk
+initializes (that's the "very very verbose" mode). When it's ready, if
+you specified the "c" then you'll get a command line console, that looks
+like this:</p>
+<pre><code> *CLI>
+</code></pre>
+<p>You can type "core show help" at any time to get help with the system. For help
+with a specific command, type "core show help <command>". To start the PBX using
+your sound card, you can type "console dial" to dial the PBX. Then you can use
+"console answer", "console hangup", and "console dial" to simulate the actions
+of a telephone. Remember that if you don't have a full duplex sound card
+(and Asterisk will tell you somewhere in its verbose messages if you do/don't)
+then it won't work right (not yet).</p>
+<p>"man asterisk" at the Unix/Linux command prompt will give you detailed
+information on how to start and stop Asterisk, as well as all the command
+line options for starting Asterisk.</p>
+<p>Feel free to look over the configuration files in <code>/etc/asterisk</code>, where you
+will find a lot of information about what you can do with Asterisk.</p>
+<h3>ABOUT CONFIGURATION FILES</h3>
+<p>All Asterisk configuration files share a common format. Comments are
+delimited by ';' (since '#' of course, being a DTMF digit, may occur in
+many places). A configuration file is divided into sections whose names
+appear in []'s. Each section typically contains two types of statements,
+those of the form 'variable = value', and those of the form 'object =>
+parameters'. Internally the use of '=' and '=>' is exactly the same, so
+they're used only to help make the configuration file easier to
+understand, and do not affect how it is actually parsed.</p>
+<p>Entries of the form 'variable=value' set the value of some parameter in
+asterisk. For example, in <a href="configs/samples/chan_dahdi.conf.sample">chan_dahdi.conf</a>, one might specify:</p>
+<pre><code> switchtype=national
+</code></pre>
+<p>In order to indicate to Asterisk that the switch they are connecting to is
+of the type "national". In general, the parameter will apply to
+instantiations which occur below its specification. For example, if the
+configuration file read:</p>
+<pre><code> switchtype = national
+ channel => 1-4
+ channel => 10-12
+ switchtype = dms100
+ channel => 25-47
+</code></pre>
+<p>The "national" switchtype would be applied to channels one through
+four and channels 10 through 12, whereas the "dms100" switchtype would
+apply to channels 25 through 47.</p>
+<p>The "object => parameters" instantiates an object with the given
+parameters. For example, the line "channel => 25-47" creates objects for
+the channels 25 through 47 of the card, obtaining the settings
+from the variables specified above.</p>
+<h3>SPECIAL NOTE ON TIME</h3>
+<p>Those using SIP phones should be aware that Asterisk is sensitive to
+large jumps in time. Manually changing the system time using date(1)
+(or other similar commands) may cause SIP registrations and other
+internal processes to fail. If your system cannot keep accurate time
+by itself use <a href="http://www.ntp.org/">NTP</a> to keep the system clock
+synchronized to "real time". NTP is designed to keep the system clock
+synchronized by speeding up or slowing down the system clock until it
+is synchronized to "real time" rather than by jumping the time and
+causing discontinuities. Most Linux distributions include precompiled
+versions of NTP. Beware of some time synchronization methods that get
+the correct real time periodically and then manually set the system
+clock.</p>
+<p>Apparent time changes due to daylight savings time are just that,
+apparent. The use of daylight savings time in a Linux system is
+purely a user interface issue and does not affect the operation of the
+Linux kernel or Asterisk. The system clock on Linux kernels operates
+on UTC. UTC does not use daylight savings time.</p>
+<p>Also note that this issue is separate from the clocking of TDM
+channels, and is known to at least affect SIP registrations.</p>
+<h3>FILE DESCRIPTORS</h3>
+<p>Depending on the size of your system and your configuration,
+Asterisk can consume a large number of file descriptors. In UNIX,
+file descriptors are used for more than just files on disk. File
+descriptors are also used for handling network communication
+(e.g. SIP, IAX2, or H.323 calls) and hardware access (e.g. analog and
+digital trunk hardware). Asterisk accesses many on-disk files for
+everything from configuration information to voicemail storage.</p>
+<p>Most systems limit the number of file descriptors that Asterisk can
+have open at one time. This can limit the number of simultaneous
+calls that your system can handle. For example, if the limit is set
+at 1024 (a common default value) Asterisk can handle approximately 150
+SIP calls simultaneously. To change the number of file descriptors
+follow the instructions for your system below:</p>
+<h4>PAM-BASED LINUX SYSTEM</h4>
+<p>If your system uses PAM (Pluggable Authentication Modules) edit
+<code>/etc/security/limits.conf</code>. Add these lines to the bottom of the file:</p>
+<pre><code class="language-text">root soft nofile 4096
+root hard nofile 8196
+asterisk soft nofile 4096
+asterisk hard nofile 8196
+</code></pre>
+<p>(adjust the numbers to taste). You may need to reboot the system for
+these changes to take effect.</p>
+<h4>GENERIC UNIX SYSTEM</h4>
+<p>If there are no instructions specifically adapted to your system
+above you can try adding the command <code>ulimit -n 8192</code> to the script
+that starts Asterisk.</p>
+<h2>MORE INFORMATION</h2>
+<p>See the <a href="doc">doc</a> directory for more documentation on various features.
+Again, please read all the configuration samples that include documentation
+on the configuration options.</p>
+<p>Finally, you may wish to visit the <a href="https://www.asterisk.org/support">support</a> site and join the <a href="http://lists.digium.com/mailman/listinfo/asterisk-users">mailing
+list</a> if you're interested in getting more information.</p>
+<p>Welcome to the growing worldwide community of Asterisk users!</p>
+<pre><code> Mark Spencer, and the Asterisk.org development community
+</code></pre>
+<hr>
+<p>Asterisk is a trademark of Sangoma Technologies Corporation</p>
+</body></html>
projects / thirdparty / asterisk.git / commitdiff
