Asterisk

Asterisk is the most popular PBX (Private Branch Exchange) software and IVR (Interactive Voice Response) system, designed from the offset to deliver a capable and reliable telephony engine, as well as a toolkit for developers who want to create communication applications.

It is an open source command-line software, a server that offers all the flexibility needed by developers and integrators to create advanced communication solutions for free. It can also be used as a gateway, a feature/media server or a call center.

Features at a glance

Key features include an IVR (Interactive Voice Response) system, a conference bridge, all the building blocks required to create a PBX (Private Branch Exchange) server, and virtually any other communication tools you can imagine.

Asterisk can be used as a switch (PBX), configured as the core of a hybrid PBX or an IP, for switching calls, enabling various functions, connecting callers, and managing routes with the outside world over IP, digital (T1/E1) or analog (POTS) connections.

Getting started with Asterisk

Installing Asterisk on a GNU/Linux system proves to be an easy task, as all you have to do after downloading and unpacking the latest version of the software (see download link above), you must execute the ‘./configure && make’ command in a terminal emulator, of course after navigating to the location of the extracted archive files (e.g. cd /home/softoware/asterisk-13.0.1).

After a successful compilation process, a message will notify you that Asterisk can be installed on your system by running the ‘make install’ command as root or the ‘sudo make install’ command as a privileged user. That’s it, you can now use Asterisk and also install one of the front-ends available on Softoware.

Supported operating systems

Asterisk is a multi-platform software, which means that it supports and runs on a wide range of Linux and UNIX-like operating systems, including GNU/Linux, FreeBSD, OpenBSD, Solaris and Mac OS X. It can be successfully installed on 64-bit and 32-bit hardware platforms.

What is new in this release:

• These releases resolve several issues reported by the community and would have not been possible without your participation.

What is new in version 14.6.0:

• These releases resolve several issues reported by the community and would have not been possible without your participation.

What is new in version 14.2.1:

• AST-2016-008: Crash on SDP offer or answer from endpoint using Opus
• If an SDP offer or answer is received with the Opus codec and with the format parameters separated using a space the code responsible for parsing will recursively call itself until it crashes. This occurs as the code does not properly handle spaces separating the parameters.
• This does NOT require the endpoint to have Opus configured in Asterisk. This also does not require the endpoint to be authenticated. If guest is enabled for chan_sip or anonymous in chan_pjsip an SDP offer or answer is still processed and the crash occurs.
• AST-2016-009: Remote unauthenticated sessions in chan_sip
• The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as
• Contactx01:
• will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication.
• If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.

What is new in version 14.2.0:

• Improvements made in version 14.2.0:
• ASTERISK-26558 - app_queue: add variable to know if the call is not answered after a queue
• ASTERISK-26176 - chan_sip: Add AccountCode to AMI PeerEntry
• ASTERISK-26538 - codec_opus: Add sample to configs/samples/codecs.conf.sample
• ASTERISK-26488 - ARI: Add 'ari show app', 'ari show apps', and 'ari set debug' CLI commands
• ASTERISK-26418 - res_rtp_asterisk: Speed up ICE resolution by blacklisting host subnets that are not involved in RTP
• Bugs fixed in version 14.2.0:
• ASTERISK-26608 - Compile and link failures on OpenBSD
• ASTERISK-26520 - codec_opus: Generated fmtp line has no content
• ASTERISK-26605 - codec_opus: Spammed warning when Opus negotiated but codec_opus not loaded.
• ASTERISK-26516 - pjsip: Memory corruption with possible memory leak.
• ASTERISK-26556 - manager: AMI version report same in Ast 13 & 14, despite Ast 14 syntax changes
• ASTERISK-26343 - ASTERISK-25951 causes issues for callerid manipulation through agi
• ASTERISK-26592 - Latest libedit (3.1) defaults to unicode and makes asterisk CLI read garbage
• ASTERISK-26565 - chan_unistim on 11, 13, 14 placing call on hold temporarily locks up set
• ASTERISK-26575 - testsuite: Need to check PJSIP functionality when res_srtp is not loaded.
• ASTERISK-26571 - res_pjsip: Resolution incorrect when explicit IPv6 transport configuredASTERISK-26468 - ari: Bridge events stop working after this sequence of ARI calls
• ASTERISK-24400 - ooh323 sends wrong hangup code
• ASTERISK-26555 - Multi-party Video: Fix some post Asterisk-11 regressions
• ASTERISK-26412 - build: Prepare for gcc 6.2
• ASTERISK-26509 - A few non-critical deprecation warnings when building on Ubuntu 16.10
• ASTERISK-26523 - chan_sip: Asterisk 13.12.1 disconnects incoming calls after 2 minutes - rtptimeout behaving badly - regression
• ASTERISK-26549 - app_dial: When PickupChan() is used some channels may have incorrect device state
• ASTERISK-24274 - [patch]Codec Format Is Not Included in the SDP Media Attributes When SLIN48 Codec Is Used
• ASTERISK-26311 - [patch] rtp_engine: Allow more than 32 dynamic payload types.
• ASTERISK-26506 - [patch]res_pjsip_outbound_publish: Crash when publishing, in publisher_client_send at res_pjsip_outbound_publish.c
• ASTERISK-25070 - Fix FTBFS on Hurd
• ASTERISK-26476 - chan_sip: Incorrect display option "Outbound reg. retry 403" in "sip show settings"
• ASTERISK-26541 - res_pjsip_sdp_rtp: Restrict number of formats to maximum
• ASTERISK-26537 - AMI: NewConnectedLine event is not documented
• ASTERISK-26526 - [UBSAN] vector.h: null pointer can be passed as argument 2 to memcpy
• ASTERISK-26524 - astobj2: data_size variable is wasted space when AO2_DEBUG is not enabled.
• ASTERISK-26344 - Asterisk 13.11.0 + PJSIP crash
• ASTERISK-26387 - Asterisk segfaults shortly after starting even with no active calls.
• ASTERISK-26513 - tests/channels/pjsip/qualify/auth: Crashing enough to be a nuisance
• ASTERISK-26514 - Super Awesome Company: Don't specify transport in pjsip.conf
• ASTERISK-26510 - pjproject_bundled uses the --strip-components option of tar which isn't supported in older versions
• ASTERISK-22480 - Embedded pjproject: build.mak contains hardcoded full path to version.mak
• ASTERISK-26307 - res_pjsip_caller_id: Crash on outgoing change
• ASTERISK-26503 - app_voicemail: Asterisk crashes when MailboxExists is used
• ASTERISK-26423 - res_pjsip_sdp_rtp: Asymmetric RTP codec can cause audio loss and wonkiness
• ASTERISK-26309 - [patch] res_pjsip: Allow IPv4/IPv6 (Dual Stack) installations.
• ASTERISK-26482 - [patch] chan_pjsip: segfault on already disconnected session
• ASTERISK-26421 - Segmentation Fault with ARI originate into mixing bridge with 43 clients
• ASTERISK-26444 - 'features show' command in CLI does not return prompt.
• ASTERISK-26480 - [patch] CLI: core set debug: Auto-completes File not Module
• ASTERISK-26356 - menuselect: invalid test for GTK2
• ASTERISK-26462 - [patch] app_queue: While using queues with realtime, setting back to an empty context doesn't stop the exit key usage
• ASTERISK-26439 - chan_rtp: Crash when originating
• ASTERISK-26457 - [patch] force_rport,auto_comedia: No NAT detection triggered.
• ASTERISK-26618 - build: Backport addition of librt check to configure.ac
• New Features made in version 14.2.0:
• ASTERISK-26595 - ARI: Add the ability to control the source of video in a multi-party mixing bridge
• ASTERISK-26492 - ARI: Add ability to specify channel variables on websocket events
• ASTERISK-26470 - ARI: Add an 'asterisk_id' field to outgoing events

What is new in version 13.5.0:

• AST-2014-012: Fix error with mixed address family ACLs. Prior to this commit, the address family of the first item in an ACL was used to compare all incoming traffic. This could lead to traffic of other IP address families bypassing ACLs.
• AST-2014-013: Fix PJSIP ACLs not loading on startup and apply/ACL issues on contact The biggest problem this patch fixes is that ACLs weren't previously being loaded when the res_pjsip_acl module was loaded. In addition, the ACL options contact_permit and contact_acl were effectively interpreted as contact_deny and this patch fixes that as well.
• AST-2014-015: Fix race condition in chan_pjsip when sending responses after a CANCEL has been received. Due to the serialized architecture of chan_pjsip there exists a race condition where a CANCEL may be received and processed before responses (such as 180 Ringing, 183 Session Progress, and 200 OK) are sent. Since the session is in an unexpected state PJSIP will assert when this is attempted. This change makes it so that these responses are not sent on disconnected sessions.
• AST-2014-016: Fix crash when receiving an in-dialog INVITE with Replaces in res_pjsip_refer. The implementation of INVITE with Replaces in res_pjsip_refer did not expect them to occur in-dialog. As a result it would incorrectly attempt to hang up a channel it thought was under its control. In reality the channel would be under the control of another thread. When the other thread accessed the channel it would be accessing freed memory and could crash. This change makes res_pjsip_refer not act on an in-dialog INVITE with Replaces.
• AST-2014-017 - app_confbridge: permission escalation/ class authorization. Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action a€oConfbridgeStartRecorda€ could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the a€oConfbridgeStartRecorda€ AMI action is now only allowed to execute under a user with system level access.
• AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Asterisk now inhibits the DB function from being executed from an external interface if the live_dangerously option is set to no.

What is new in version 13.0.1:

• AST-2014-012: Fix error with mixed address family ACLs. Prior to this commit, the address family of the first item in an ACL was used to compare all incoming traffic. This could lead to traffic of other IP address families bypassing ACLs.
• AST-2014-013: Fix PJSIP ACLs not loading on startup and apply/ACL issues on contact The biggest problem this patch fixes is that ACLs weren't previously being loaded when the res_pjsip_acl module was loaded. In addition, the ACL options contact_permit and contact_acl were effectively interpreted as contact_deny and this patch fixes that as well.
• AST-2014-015: Fix race condition in chan_pjsip when sending responses after a CANCEL has been received. Due to the serialized architecture of chan_pjsip there exists a race condition where a CANCEL may be received and processed before responses (such as 180 Ringing, 183 Session Progress, and 200 OK) are sent. Since the session is in an unexpected state PJSIP will assert when this is attempted. This change makes it so that these responses are not sent on disconnected sessions.
• AST-2014-016: Fix crash when receiving an in-dialog INVITE with Replaces in res_pjsip_refer. The implementation of INVITE with Replaces in res_pjsip_refer did not expect them to occur in-dialog. As a result it would incorrectly attempt to hang up a channel it thought was under its control. In reality the channel would be under the control of another thread. When the other thread accessed the channel it would be accessing freed memory and could crash. This change makes res_pjsip_refer not act on an in-dialog INVITE with Replaces.
• AST-2014-017 - app_confbridge: permission escalation/ class authorization. Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action a€oConfbridgeStartRecorda€ could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the a€oConfbridgeStartRecorda€ AMI action is now only allowed to execute under a user with system level access.
• AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. The DB dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Asterisk now inhibits the DB function from being executed from an external interface if the live_dangerously option is set to no.

What is new in version 1.8.12.0:

• Prevent chanspy from binding to zombie channels
• (Closes issue ASTERISK-19493. Reported by lvl)
• Fix Dial m and r options and forked calls generating warnings for voice frames.
• (Closes issue ASTERISK-16901. Reported by Chris Gentle)
• Remove ISDN hold restriction for non-bridged calls.
• (Closes issue ASTERISK-19388. Reported by Birger Harzenetter)
• Fix copying of CDR(accountcode) to local channels.
• (Closes issue ASTERISK-19384. Reported by jamicque)
• Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
• (Closes issue ASTERISK-19303. Reported by Jon Tsiros)
• Eliminate double close of file descriptor in manager.c
• (Closes issue ASTERISK-18453. Reported by Jaco Kroon)

What is new in version 1.8.10.1:

• The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun on the stack, but no remote code execution is possible. Second, they resolve an issue in HTTP AMI where digest authentication information can be used to overrun a buffer on the stack, allowing for code injection and execution.
• These issues and their resolution are described in the security advisory.

What is new in version 1.8.0:

• This release includes new features. For a list of new features that have been included with this release, please see the CHANGES file inside the source package. Since this is new major release, users are encouraged to do extended testing before upgrading to this version in a production environment.

What is new in version 1.4.24:

• The Asterisk Development Team is proud to announce release of Asterisk 1.4.24, and is available for immediate download at http://downloads.digium.com/
• In addition to other bug fixes, this release candidate fixes several crash issues, and resolved some remaining issues related to call pickup and call parking that were discovered after the release of Asterisk 1.4.23. In addition, issues related to chan_iax2, and regressions introduced to the 'h' extension have been resolved.
• This release marks the first inclusion of the release summary files which will be included in all future releases. The purpose is to give a clearer overview of the changes that have taken place between the current and previous release, which issues have been closed, and which community members were involved with issue submission, code commits, and issue testing. Additionally, a diffstat at the end of the file shows at a brief glance the number of changes made to files between the previous and current releases.
• For a summary of the changes in this release, please see the release summary. For a full list of changes in this release, please see the ChangeLog.
• The following list of bugs were resolved with the participation of the community, and this release would not have been possible without your help!
• Paging application crashes asterisk. Closes issue #14308. Submitted by bluefox. Tested by kc0bvu. Patched by seanbright.
• Crash in VoiceMailMain if hangup occurs before a valid mailbox number is entered (IMAP only). Closes issue #14473. Submitted by, and patch provided by dwpaul.
• Incoming Gtalk calls fail. Closes issue #13984. Submitted by, tested, and patched by jcovert.
• Realtime peers are never qualified after 'sip reload'. Closes issue #14196. Submitted by, tested, and patched by pdf.
• SIP Attended Transfer fails. Closes issue 14611. Submitted by, tested, and patched by klaus3000.