Hi,
GNU Gatekeeper 4.4 was released today. This is mainly a bug fix release
with only 2 new features.
If you use SSH on your status port you are urged to update as soon as
possible and also if you use LUA scripting. Two serious bugs have been
fixed for these features where GnuGk can be crashed remotely.
A new feature is the RequireOneNet policy that allows you to restrict
access to publicly accessible traversal gatekeepers. Now you can easily
define that one end of all calls must terminate in one of your own
networks and prevent abuse of your resources by 3rd parties.
The other new feature is a significant improvement to the MakeCall
command on the status port. It is now able to establish video calls and
supports virtually all endpoints by using GnuGk's call reroute feature.
Changed config switches:
- [Proxy] ProxyForNAT now defaults to OFF
- [CTI::MakeCall] DisableFastStart has been removed, fastStart is
now always disabled
You can download the new version from
http://www.gnugk.org/h323download.html
Please see the full change log below.
These know bugs haven't been addressed, yet:
- when GnuGk acts as a H.460.18 client (as client in a H.460.18
traversal zone with another gatekeeper or as child gatekeeper), it
currently does not send a keep-alive on the Q.931 TCP connection
during a call
- bandwidth management currently only applies to calls from registered
endpoints and ignores unregistered calls completely
Changes from 4.3 to 4.4
=======================
- [CTI::MakeCall] TransferMethod can now also be Reroute, DisableFastStart switch removed
- BUGFIX(MakeCall.cxx) fix MakeCall bearer capabilities to support video calls
- BUGFIX(ProxyChannel.cxx) don't send Notify after call Reroute: Polycom RealPresense
starts a flood of Status messages
- BUGFIX(GkStatus.cxx) call ssh_init() and ssh_finalize() only on application start and shutdown
- BUGFIX(ProxyChannel.cxx) fix IP check for IgnoreSignaledPrivateH239IPs= switch
- new accounting/authentication policy RequireOneNet
- pass full RRQ message to LuaAuth
- BUGFIX(ProxyChannel.cxx) when opening a port from a PortRange fails, try next port
regardless of errno
- BUGFIX(lua.cxx) add mutex for LUA interpreter, because it is not thread safe
- added message type parameter in RouteRequest event (ARQ, Setup, LRQ)
- BUGFIX(yasocket.cxx) fix UDP with LARGE_FDSET on Solaris, OpenBSD and NetBSD
- BUGFIX(RasTbl.cxx) fix crash on invalid AliasTypeFilter setting
- changed default setting: [Proxy] ProxyForNAT now defaults to off, if you want to
keep the previous behaviour, please set it explicitely
--
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan(a)willamowius.de
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html
Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584
Hi,
during the past few months I fixed a few bugs where the remote party
can crash a H323Plus application. Much of this came from fuzzy testing
sponsored by one of my support clients.
There is no official H323Plus release, but I think it would be a good
idea for most people to update to the latest CVS version.
Regards,
Jan
--
Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail : jan(a)willamowius.de
Website: https://www.gnugk.org
Support: https://www.willamowius.com/gnugk-support.html
Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584