-certified/13.8-cert3
\ No newline at end of file
+certified/13.8-cert4
\ No newline at end of file
+2016-12-08 17:40 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk certified/13.8-cert4 Released.
+
+2016-11-30 09:31 +0000 [4fece22836] Walter Doekes <walter+asterisk@wjd.nu>
+
+ * chan_sip: Do not allow non-SP/HTAB between header key and colon.
+
+ RFC says SIP headers look like:
+
+ HCOLON = *( SP / HTAB ) ":" SWS
+ SWS = [LWS] ; sep whitespace
+ LWS = [*WSP CRLF] 1*WSP ; linear whitespace
+ WSP = SP / HTAB ; from rfc2234
+
+ chan_sip implemented this:
+
+ HCOLON = *( LOWCTL / SP ) ":" SWS
+ LOWCTL = %x00-1F ; CTL without DEL
+
+ This discrepancy meant that SIP proxies in front of Asterisk with
+ chan_sip could pass on unknown headers with \x00-\x1F in them, which
+ would be treated by Asterisk as a different (known) header. For
+ example, the "To\x01:" header would gladly be forwarded by some proxies
+ as irrelevant, but chan_sip would treat it as the relevant "To:" header.
+
+ Those relying on a SIP proxy to scrub certain headers could mistakenly
+ get unexpected and unvalidated data fed to Asterisk.
+
+ This change fixes so chan_sip only considers SP/HTAB as valid tokens
+ before the colon, making it agree on the headers with other speakers of
+ SIP.
+
+ ASTERISK-26433 #close
+ AST-2016-009
+
+ Change-Id: I78086fbc524ac733b8f7f78cb423c91075fd489b
+
+2016-08-06 10:57 +0000 [016d20ce12] Alexei Gradinari <alex2grad@gmail.com>
+
+ * pjsip: Fix deadlock with suspend taskprocessor on masquerade
+
+ If both channels which should be masqueraded
+ are in the same serializer:
+ 1st channel will be locked waiting condition 'complete'
+ 2nd channel will be locked waiting condition 'suspended'
+
+ On heavy load system a chance that both channels will be in
+ the same serializer 'pjsip/distibutor' is very high.
+
+ To reproduce compile res_pjsip/pjsip_distributor.c with
+ DISTRIBUTOR_POOL_SIZE=1
+
+ Steps to reproduce:
+ 1. Party A calls Party B (bridged call 'AB')
+ 2. Party B places Party A on hold
+ 3. Party B calls Voicemail app (non-bridged call 'BV')
+ 4. Party B attended transfers Party A to voicemail using REFER.
+ 5. When asterisk masquerades calls 'AB' and 'BV',
+ a deadlock is happened.
+
+ This patch adds a suspension indicator to the taskprocessor.
+ When a session suspends/unsuspends the serializer
+ it sets the indicator to the appropriate state.
+ The session checks the suspension indicator before
+ suspend the serializer.
+
+ ASTERISK-26145 #close
+
+ Change-Id: Iaaebee60013a58c942ba47b1b4930a63e686663b
+
+2016-11-08 10:48 +0000 [87e1ebc91a] Mark Michelson <mmichelson@digium.com>
+
+ * res_pjsip_session: Do not call session supplements when it's too late.
+
+ res_pjsip_sesssion was hooking into transaction and invite state
+ changes. One of the reasons for doing so was due to the
+ PJSIP_EVENT_TX_MSG event. The idea was that we were hooking into the
+ message sending process, and so we should call session supplements to
+ alter the outgoing message.
+
+ In reality, this event was meant to indicate that the message either
+ a) had already been sent, or
+ b) required a DNS lookup and would be sent when the DNS query
+ completed.
+
+ In case (a), this meant we were altering an already-sent
+ request/response for no reason. In case (b), this potentially meant we
+ could be trying to alter a request/response at the same time that the
+ DNS resolution completed. In this case, it meant we might be stomping on
+ memory being used by the thread actually sending the message. This
+ caused potential crashes and memory corruption.
+
+ This patch removes the calls to session supplements from the case where
+ the PJSIP_EVENT_TX_MSG event occurs. In all of these cases, trying to
+ alter the message at this point is too late, and it can cause nothing
+ but harm to try to do it. Because there were no longer any calls to the
+ handle_outgoing() function, it has been removed.
+
+ Change-Id: Ibcc223fb1c3a237927f38754e0429e80ee301e92
+ (cherry picked from commit e043d1a55cf356066b3b39ebac8b4bbb612ce807)
+
+2016-11-02 09:15 +0000 [c8df727502] Joshua Colp <jcolp@digium.com>
+
+ * app_dial: Fix incorrect device state when channel is picked up.
+
+ Given the scenario where multiple channels are dialed using Dial()
+ but the caller is picked up using PickupChan() all outgoing channels
+ except the channel specified to PickupChan() would be marked
+ as ringing until the call had been hung up.
+
+ When using the PickupChan application the channel executing the
+ application is swapped into place of another channel. As part
+ of this process the channel is answered. The Dial application
+ has explicit logic which checks if the channel is answered,
+ cancels all other outgoing channels, and bridges. This logic is
+ different than the normal logic that is executed when an outgoing
+ channel is answered. This different logic failed to publish dial
+ events stating that the other outgoing channels had been canceled.
+ As a result references to the outgoing channels were held onto by
+ the dial masquerade process until the call had been ended and
+ the channels had gone away. This would result in the channels
+ appearing in the "core show channels" list despite not being present
+ anymore and would also result in incorrect device state.
+
+ This change makes it so that this logic also publishes
+ dial events stating that the other outgoing channels have been
+ canceled.
+
+ ASTERISK-26549
+
+ Change-Id: Iea7168e6e82f7d4609ec0366153804e4f55ea64f
+
+2016-10-18 16:50 +0000 [4c50689d09] Joshua Colp <jcolp@digium.com>
+
+ * Revert "pjproject_bundled: Add patch to address SSL crash"
+
+ This reverts commit 28cc8a9dff2fb9210726cfa6274ae683fbfa4a01.
+
+ Change-Id: I777cf8173f7a88273090bed72bfe57fb0e72b84f
+
+2016-10-17 11:39 +0000 [28cc8a9dff] gtjoseph <gjoseph@digium.com>
+
+ * pjproject_bundled: Add patch to address SSL crash
+
+ Addresses crashes when an attempt is made to operate on an SSL socket
+ after the socket has been closed.
+
+ ASTERISK-26477 #close
+
+ Change-Id: I421305b357558b4f9e690210dc0f4831ef4b3002
+ (cherry picked from commit 546ec4b038ac3d750c5138d7fbb8e3ce93f482df)
+
+2016-10-12 16:24 +0000 [7c2bd702fd] Richard Mudgett <rmudgett@digium.com>
+
+ * Audit ast_json_pack() calls for needed UTF-8 checks.
+
+ Added needed UTF-8 checks before constructing json objects in various
+ files for strings obtained outside the system. In this case string values
+ from a channel driver's peer and not from the user setting channel
+ variables.
+
+ * aoc.c: Fixed type mismatch in s_to_json() for time and granularity json
+ object construction.
+
+ ASTERISK-26466
+ Reported by: Richard Mudgett
+
+ Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096
+
+2016-10-12 16:20 +0000 [3b1b2fc1d5] Richard Mudgett <rmudgett@digium.com>
+
+ * json: Check party id name, number, subaddresses for UTF-8.
+
+ * Updated unit test as ast_json_name_number() is now NULL tolerant.
+
+ ASTERISK-26466 #close
+ Reported by: Richard Mudgett
+
+ Change-Id: I7d4e14194f8f81f24a1dc34d1b8602c0950265a6
+
+2016-10-11 18:14 +0000 [a835adfa92] Richard Mudgett <rmudgett@digium.com>
+
+ * json: Add UTF-8 check call.
+
+ Since the json library does not make the check function public we
+ recreate/copy the function in our interface module.
+
+ ASTERISK-26466
+ Reported by: Richard Mudgett
+
+ Change-Id: I36d3d750b6f5f1a110bc69ea92b435ecdeeb2a99
+
+2016-07-19 15:22 +0000 [7baedd9ecd] Alexei Gradinari <alex2grad@gmail.com>
+
+ * res_pjsip_pubsub: fixed a bug when pjsip_tx_data_dec_ref is called twice.
+
+ This patch removed call of pjsip_tx_data_dec_ref in send_notify
+ if send_request failed.
+ The pjsip_dlg_send_request deletes the message on error by itself.
+
+ It seems this patch fixes next issues:
+ ASTERISK-26199
+ ASTERISK-26166
+ ASTERISK-26174
+
+ Change-Id: I8b05917c93d993f95d604c042ace5f1a5500f59a
+
+2016-10-05 14:53 +0000 [a8e37c3d06] gtjoseph <gjoseph@digium.com>
+
+ * pjproject_bundled: Add MALLOC_DEBUG capability
+
+ pjproject_bundled will now use the asterisk memory debugging APIs
+ if MALLOC_DEBUG is turned on in menuselect.
+
+ Because this required stubs for the executable programs and the python
+ bindings, some Makefile reorganization was needed to properly handle
+ the dependencies. As a result, the makefile now individually makes
+ each of the pjproject libraries separately instead of making them all
+ in 1 shot. The only visible change is that there are separate status
+ lines printed for each library instead oif 1 for all libs. Also, the
+ making of the pjproject dependency files was eliminated. They're not
+ needed for building unless you're actively modifying pjproject source
+ files and it makes the build process faster. Finally, any issues with
+ parallel builds should be resolved again making the build faster.
+
+ NOTE: The certified/13.8 version of this patch also builds libresample
+ which is needed by pjsua. Later versions do not need libresample.
+
+ Change-Id: Icc5e3d658fbfb00e0a46b44c66dcc2522d5171b0
+
+2016-08-29 18:08 +0000 [adcdecd47f] Richard Mudgett <rmudgett@digium.com>
+
+ * res_pjsip: Add ignore_uri_user_options option.
+
+ This implements the chan_sip legacy_useroption_parsing option but with a
+ better name.
+
+ * Made the caller-id number and redirecting number strings obtained from
+ incoming SIP URI user fields always truncated at the first semicolon.
+ People don't care about anything after the semicolon showing up on their
+ displays even though the RFC allows the semicolon.
+
+ ASTERISK-26316 #close
+ Reported by: Kevin Harwell
+
+ Change-Id: Ib42b0e940dd34d84c7b14bc2e90d1ba392624f62
+
2016-09-08 16:34 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk certified/13.8-cert3 Released.
+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/13.8-cert3</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/13.8-cert3</h3><h3 align="center">Date: 2016-09-08</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#commits">Other Changes</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2016-007.html">AST-2016-007</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/13.8-cert2.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">6 George Joseph <gjoseph@digium.com><br/>3 Mark Michelson <mmichelson@digium.com><br/>1 Joshua Colp <jcolp@digium.com><br/>1 Kevin Harwell <kharwell@digium.com><br/>1 Corey Farrell <git@cfware.com><br/></td><td width="33%"><td width="33%">3 Mark Michelson <mmichelson@digium.com><br/>1 Etienne Lessard <elessard@proformatique.com><br/>1 Kevin Harwell <kharwell@digium.com><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Channels/chan_sip/General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26272">ASTERISK-26272</a>: chan_sip: File descriptors leak (UDP sockets)<br/>Reported by: Etienne Lessard<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=d947baa255990d7769d947ab4dde300223964277">[d947baa255]</a> Corey Farrell -- chan_sip: Don't allocate new RTP instances on top of old ones.</li>
-</ul><br><h4>Category: Contrib/General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26183">ASTERISK-26183</a>: alembic: error when using sqlalchemy version 1.1.0b2<br/>Reported by: Kevin Harwell<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=78a6da0885664457fcca0b993c7ff52ba8510ca5">[78a6da0885]</a> Kevin Harwell -- alembic/sqlalchemy: auto increment only allowed on a single column</li>
-</ul><br><h3>Improvement</h3><h4>Category: Applications/app_confbridge</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26289">ASTERISK-26289</a>: Announcer channels in ConfBridges cause inefficiencies<br/>Reported by: Mark Michelson<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=df9aa402a5db510a89aa0b86cafdfc1c59ad67a5">[df9aa402a5]</a> Mark Michelson -- ConfBridge: Make some announcements asynchronous.</li>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=c218e038d79b767db5e6066fcf5a31c002f3a266">[c218e038d7]</a> Mark Michelson -- ConfBridge: Rework announcer channel methodology</li>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=4ca730127ccdc895e4d9e32cb0828c27bf74817b">[4ca730127c]</a> Mark Michelson -- ConfBridge: Rework announcer channel methodology</li>
-</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
-<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6cec20200ba4841c1e48e56a31277a1ef1e392ba">6cec20200b</a></td><td>gtjoseph</td><td>Release summaries: Remove previous versions</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=9c0f0eef6e4ed4624781350cbef91faaa7d62d00">9c0f0eef6e</a></td><td>gtjoseph</td><td>.version: Update for certified/13.8-cert3</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=3923b114b90ffc3c7906414a89f263ce52ad4361">3923b114b9</a></td><td>gtjoseph</td><td>.lastclean: Update for certified/13.8-cert3</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=83362b55905c833d9d0b3b95c1aefdc0c951c56c">83362b5590</a></td><td>gtjoseph</td><td>realtime: Add database scripts for certified/13.8-cert3</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=b1e827d25969b6311dc496087ae3a5a073e04b66">b1e827d259</a></td><td>gtjoseph</td><td>res_rtp_multicast: Fix SEGV in ast_multicast_rtp_create_options</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=b82f0b77220a77677d976ba6d709526fbea551e1">b82f0b7722</a></td><td>Joshua Colp</td><td>Revert "ConfBridge: Rework announcer channel methodology"</td></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=f40c6874c6115155f0b9f6888f14c17930137a80">f40c6874c6</a></td><td>gtjoseph</td><td>res_pjsip: Add contact_user to endpoint</td></tr>
-</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>asterisk-certified-13.8-cert2-summary.html | 66 -
-asterisk-certified-13.8-cert2-summary.txt | 199 ---
-b/.version | 2
-b/CHANGES | 16
-b/apps/app_confbridge.c | 612 ++++++++--
-b/apps/confbridge/conf_chan_announce.c | 30
-b/apps/confbridge/conf_state_multi_marked.c | 9
-b/apps/confbridge/include/confbridge.h | 43
-b/channels/chan_sip.c | 61
-b/configs/samples/pjsip.conf.sample | 2
-b/contrib/ast-db-manage/config/versions/4e2493ef32e6_add_contact_user_to_endpoint.py | 22
-b/contrib/ast-db-manage/config/versions/581a4264e537_adding_extensions.py | 10
-b/contrib/realtime/mssql/mssql_config.sql | 13
-b/contrib/realtime/mysql/mysql_config.sql | 9
-b/contrib/realtime/oracle/oracle_config.sql | 13
-b/contrib/realtime/postgresql/postgresql_config.sql | 9
-b/include/asterisk/res_pjsip.h | 2
-b/res/res_pjsip.c | 26
-18 files changed, 736 insertions(+), 408 deletions(-)</pre><br></html>
\ No newline at end of file
+++ /dev/null
- Release Summary
-
- asterisk-certified/13.8-cert3
-
- Date: 2016-09-08
-
- <asteriskteam@digium.com>
-
- ----------------------------------------------------------------------
-
- Table of Contents
-
- 1. Summary
- 2. Contributors
- 3. Closed Issues
- 4. Other Changes
- 5. Diffstat
-
- ----------------------------------------------------------------------
-
- Summary
-
- [Back to Top]
-
- This release has been made to address one or more security vulnerabilities
- that have been identified. A security advisory document has been published
- for each vulnerability that includes additional information. Users of
- versions of Asterisk that are affected are strongly encouraged to review
- the advisories and determine what action they should take to protect their
- systems from these issues.
-
- Security Advisories:
-
- * AST-2016-007
-
- The data in this summary reflects changes that have been made since the
- previous release, asterisk-certified/13.8-cert2.
-
- ----------------------------------------------------------------------
-
- Contributors
-
- [Back to Top]
-
- This table lists the people who have submitted code, those that have
- tested patches, as well as those that reported issues on the issue tracker
- that were resolved in this release. For coders, the number is how many of
- their patches (of any size) were committed into this release. For testers,
- the number is the number of times their name was listed as assisting with
- testing a patch. Finally, for reporters, the number is the number of
- issues that they reported that were affected by commits that went into
- this release.
-
- Coders Testers Reporters
- 6 George Joseph 3 Mark Michelson
- 3 Mark Michelson 1 Etienne Lessard
- 1 Joshua Colp 1 Kevin Harwell
- 1 Kevin Harwell
- 1 Corey Farrell
-
- ----------------------------------------------------------------------
-
- Closed Issues
-
- [Back to Top]
-
- This is a list of all issues from the issue tracker that were closed by
- changes that went into this release.
-
- Bug
-
- Category: Channels/chan_sip/General
-
- ASTERISK-26272: chan_sip: File descriptors leak (UDP sockets)
- Reported by: Etienne Lessard
- * [d947baa255] Corey Farrell -- chan_sip: Don't allocate new RTP
- instances on top of old ones.
-
- Category: Contrib/General
-
- ASTERISK-26183: alembic: error when using sqlalchemy version 1.1.0b2
- Reported by: Kevin Harwell
- * [78a6da0885] Kevin Harwell -- alembic/sqlalchemy: auto increment only
- allowed on a single column
-
- Improvement
-
- Category: Applications/app_confbridge
-
- ASTERISK-26289: Announcer channels in ConfBridges cause inefficiencies
- Reported by: Mark Michelson
- * [df9aa402a5] Mark Michelson -- ConfBridge: Make some announcements
- asynchronous.
- * [c218e038d7] Mark Michelson -- ConfBridge: Rework announcer channel
- methodology
- * [4ca730127c] Mark Michelson -- ConfBridge: Rework announcer channel
- methodology
-
- ----------------------------------------------------------------------
-
- Commits Not Associated with an Issue
-
- [Back to Top]
-
- This is a list of all changes that went into this release that did not
- reference a JIRA issue.
-
- +------------------------------------------------------------------------+
- | Revision | Author | Summary |
- |------------+-------------+---------------------------------------------|
- | 6cec20200b | gtjoseph | Release summaries: Remove previous versions |
- |------------+-------------+---------------------------------------------|
- | 9c0f0eef6e | gtjoseph | .version: Update for certified/13.8-cert3 |
- |------------+-------------+---------------------------------------------|
- | 3923b114b9 | gtjoseph | .lastclean: Update for certified/13.8-cert3 |
- |------------+-------------+---------------------------------------------|
- | 83362b5590 | gtjoseph | realtime: Add database scripts for |
- | | | certified/13.8-cert3 |
- |------------+-------------+---------------------------------------------|
- | b1e827d259 | gtjoseph | res_rtp_multicast: Fix SEGV in |
- | | | ast_multicast_rtp_create_options |
- |------------+-------------+---------------------------------------------|
- | b82f0b7722 | Joshua Colp | Revert "ConfBridge: Rework announcer |
- | | | channel methodology" |
- |------------+-------------+---------------------------------------------|
- | f40c6874c6 | gtjoseph | res_pjsip: Add contact_user to endpoint |
- +------------------------------------------------------------------------+
-
- ----------------------------------------------------------------------
-
- Diffstat Results
-
- [Back to Top]
-
- This is a summary of the changes to the source code that went into this
- release that was generated using the diffstat utility.
-
- asterisk-certified-13.8-cert2-summary.html | 66 -
- asterisk-certified-13.8-cert2-summary.txt | 199 ---
- b/.version | 2
- b/CHANGES | 16
- b/apps/app_confbridge.c | 612 ++++++++--
- b/apps/confbridge/conf_chan_announce.c | 30
- b/apps/confbridge/conf_state_multi_marked.c | 9
- b/apps/confbridge/include/confbridge.h | 43
- b/channels/chan_sip.c | 61
- b/configs/samples/pjsip.conf.sample | 2
- b/contrib/ast-db-manage/config/versions/4e2493ef32e6_add_contact_user_to_endpoint.py | 22
- b/contrib/ast-db-manage/config/versions/581a4264e537_adding_extensions.py | 10
- b/contrib/realtime/mssql/mssql_config.sql | 13
- b/contrib/realtime/mysql/mysql_config.sql | 9
- b/contrib/realtime/oracle/oracle_config.sql | 13
- b/contrib/realtime/postgresql/postgresql_config.sql | 9
- b/include/asterisk/res_pjsip.h | 2
- b/res/res_pjsip.c | 26
- 18 files changed, 736 insertions(+), 408 deletions(-)
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/13.8-cert4</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/13.8-cert4</h3><h3 align="center">Date: 2016-12-08</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#commits">Other Changes</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2016-008,AST-2016-009.html">AST-2016-008,AST-2016-009</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/13.8-cert3.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">4 Richard Mudgett <rmudgett@digium.com><br/>2 Alexei Gradinari <alex2grad@gmail.com><br/>2 Joshua Colp <jcolp@digium.com><br/>2 gtjoseph <gjoseph@digium.com><br/>1 Walter Doekes <walter+asterisk@wjd.nu><br/>1 Mark Michelson <mmichelson@digium.com><br/></td><td width="33%"><td width="33%">3 Richard Mudgett <rmudgett@digium.com><br/>3 Richard Mudgett<br/>2 Ross Beer <ross.beer@voicehost.co.uk><br/>1 Walter Doekes <walter+asterisk@wjd.nu><br/>1 George Joseph <gjoseph@digium.com><br/>1 Kevin Harwell<br/>1 Scott Griepentrog <sgriepentrog@digium.com><br/>1 Joshua Colp <jcolp@digium.com><br/>1 Kevin Harwell <kharwell@digium.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Applications/app_dial</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26549">ASTERISK-26549</a>: app_dial: When PickupChan() is used some channels may have incorrect device state<br/>Reported by: Joshua Colp<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=c8df7275027ba1bad7dabd1cbcbc3aa1c4ec976d">[c8df727502]</a> Joshua Colp -- app_dial: Fix incorrect device state when channel is picked up.</li>
+</ul><br><h4>Category: Channels/chan_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26145">ASTERISK-26145</a>: pjsip: Deadlock with suspend + masquerade + indicate<br/>Reported by: Ross Beer<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=016d20ce1292eabd8ccccafb1d453334dc1c0f6e">[016d20ce12]</a> Alexei Gradinari -- pjsip: Fix deadlock with suspend taskprocessor on masquerade</li>
+</ul><br><h4>Category: Channels/chan_sip/Interoperability</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26433">ASTERISK-26433</a>: chan_sip: Allows To-tag checks to be bypassed, setting up new calls<br/>Reported by: Walter Doekes<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=4fece228362c3b4407b8e0667c94dcfb22886066">[4fece22836]</a> Walter Doekes -- chan_sip: Do not allow non-SP/HTAB between header key and colon.</li>
+</ul><br><h4>Category: Core/General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26466">ASTERISK-26466</a>: core: Be forgiving on external callerid that may be flawed so we don't drop events<br/>Reported by: Richard Mudgett<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7c2bd702fdae3dbcd8d9209dfe03514b9f42c7ac">[7c2bd702fd]</a> Richard Mudgett -- Audit ast_json_pack() calls for needed UTF-8 checks.</li>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=3b1b2fc1d5a1f00c78d0e2fe75d684d3802315c2">[3b1b2fc1d5]</a> Richard Mudgett -- json: Check party id name, number, subaddresses for UTF-8.</li>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=a835adfa926f9e63bfaf4afb80ed78556480e21e">[a835adfa92]</a> Richard Mudgett -- json: Add UTF-8 check call.</li>
+</ul><br><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26145">ASTERISK-26145</a>: pjsip: Deadlock with suspend + masquerade + indicate<br/>Reported by: Ross Beer<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=016d20ce1292eabd8ccccafb1d453334dc1c0f6e">[016d20ce12]</a> Alexei Gradinari -- pjsip: Fix deadlock with suspend taskprocessor on masquerade</li>
+</ul><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26174">ASTERISK-26174</a>: res_pjsip: Crash when freeing cloned message in distributor<br/>Reported by: Ross Beer<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7baedd9ecd3cd4f3d1463f3e6f0f694bd56237d7">[7baedd9ecd]</a> Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when pjsip_tx_data_dec_ref is called twice.</li>
+</ul><br><h4>Category: Resources/res_pjsip_caller_id</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26316">ASTERISK-26316</a>: res_pjsip_callerid: Irregular URI causes unexpected callerid<br/>Reported by: Kevin Harwell<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=adcdecd47f6cfda09b6a7f7c3e4650cbb49f26e6">[adcdecd47f]</a> Richard Mudgett -- res_pjsip: Add ignore_uri_user_options option.</li>
+</ul><br><h4>Category: Resources/res_pjsip_pubsub</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26166">ASTERISK-26166</a>: res_pjsip_pubsub: Crash when decrementing reference count of message<br/>Reported by: Ross Beer<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7baedd9ecd3cd4f3d1463f3e6f0f694bd56237d7">[7baedd9ecd]</a> Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when pjsip_tx_data_dec_ref is called twice.</li>
+</ul><br><h4>Category: Third-Party/pjproject</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26477">ASTERISK-26477</a>: pjproject: SEGV during SSL operations<br/>Reported by: George Joseph<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=28cc8a9dff2fb9210726cfa6274ae683fbfa4a01">[28cc8a9dff]</a> gtjoseph -- pjproject_bundled: Add patch to address SSL crash</li>
+</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26477">ASTERISK-26477</a>: pjproject: SEGV during SSL operations<br/>Reported by: George Joseph<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=28cc8a9dff2fb9210726cfa6274ae683fbfa4a01">[28cc8a9dff]</a> gtjoseph -- pjproject_bundled: Add patch to address SSL crash</li>
+</ul><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26199">ASTERISK-26199</a>: PJSIP: tx_data_destroy called twice<br/>Reported by: Scott Griepentrog<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=7baedd9ecd3cd4f3d1463f3e6f0f694bd56237d7">[7baedd9ecd]</a> Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when pjsip_tx_data_dec_ref is called twice.</li>
+</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
+<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
+<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=87e1ebc91a46d1b0e6c2d8fc793f8bdd10f06b54">87e1ebc91a</a></td><td>Mark Michelson</td><td>res_pjsip_session: Do not call session supplements when it's too late.</td></tr>
+<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=4c50689d09494cd295d1ff00251a2e5557721f2e">4c50689d09</a></td><td>Joshua Colp</td><td>Revert "pjproject_bundled: Add patch to address SSL crash"</td></tr>
+<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=a8e37c3d06f9b4dbede3e98dbad29ffe17b2f273">a8e37c3d06</a></td><td>gtjoseph</td><td>pjproject_bundled: Add MALLOC_DEBUG capability</td></tr>
+</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>CHANGES | 17 +
+apps/app_dial.c | 1
+apps/app_fax.c | 14
+apps/app_queue.c | 12
+channels/chan_sip.c | 8
+configs/samples/pjsip.conf.sample | 16 +
+contrib/ast-db-manage/config/versions/a6ef36f1309_ps_globals_add_ignore_uri_user_options.py | 32 ++
+include/asterisk/json.h | 35 ++
+include/asterisk/res_pjsip.h | 32 ++
+include/asterisk/taskprocessor.h | 32 ++
+main/aoc.c | 17 -
+main/cel.c | 4
+main/json.c | 146 +++++++++-
+main/taskprocessor.c | 29 +
+res/res_fax.c | 12
+res/res_pjsip.c | 24 +
+res/res_pjsip/config_global.c | 21 +
+res/res_pjsip/pjsip_options.c | 12
+res/res_pjsip_caller_id.c | 18 +
+res/res_pjsip_diversion.c | 25 +
+res/res_pjsip_endpoint_identifier_user.c | 7
+res/res_pjsip_messaging.c | 25 +
+res/res_pjsip_path.c | 22 +
+res/res_pjsip_pubsub.c | 20 +
+res/res_pjsip_refer.c | 7
+res/res_pjsip_registrar.c | 15 -
+res/res_pjsip_session.c | 37 +-
+res/stasis/app.c | 2
+tests/test_json.c | 34 +-
+third-party/Makefile.rules | 2
+third-party/pjproject/.gitignore | 1
+third-party/pjproject/Makefile | 110 +++++--
+third-party/pjproject/patches/asterisk_malloc_debug.c | 72 ++++
+third-party/pjproject/patches/asterisk_malloc_debug.h | 11
+34 files changed, 749 insertions(+), 123 deletions(-)</pre><br></html>
\ No newline at end of file
--- /dev/null
+ Release Summary
+
+ asterisk-certified/13.8-cert4
+
+ Date: 2016-12-08
+
+ <asteriskteam@digium.com>
+
+ ----------------------------------------------------------------------
+
+ Table of Contents
+
+ 1. Summary
+ 2. Contributors
+ 3. Closed Issues
+ 4. Other Changes
+ 5. Diffstat
+
+ ----------------------------------------------------------------------
+
+ Summary
+
+ [Back to Top]
+
+ This release has been made to address one or more security vulnerabilities
+ that have been identified. A security advisory document has been published
+ for each vulnerability that includes additional information. Users of
+ versions of Asterisk that are affected are strongly encouraged to review
+ the advisories and determine what action they should take to protect their
+ systems from these issues.
+
+ Security Advisories:
+
+ * AST-2016-008,AST-2016-009
+
+ The data in this summary reflects changes that have been made since the
+ previous release, asterisk-certified/13.8-cert3.
+
+ ----------------------------------------------------------------------
+
+ Contributors
+
+ [Back to Top]
+
+ This table lists the people who have submitted code, those that have
+ tested patches, as well as those that reported issues on the issue tracker
+ that were resolved in this release. For coders, the number is how many of
+ their patches (of any size) were committed into this release. For testers,
+ the number is the number of times their name was listed as assisting with
+ testing a patch. Finally, for reporters, the number is the number of
+ issues that they reported that were affected by commits that went into
+ this release.
+
+ Coders Testers Reporters
+ 4 Richard Mudgett 3 Richard Mudgett
+ 2 Alexei Gradinari 3 Richard Mudgett
+ 2 Joshua Colp 2 Ross Beer
+ 2 gtjoseph 1 Walter Doekes
+ 1 Walter Doekes 1 George Joseph
+ 1 Mark Michelson 1 Kevin Harwell
+ 1 Scott Griepentrog
+ 1 Joshua Colp
+ 1 Kevin Harwell
+
+ ----------------------------------------------------------------------
+
+ Closed Issues
+
+ [Back to Top]
+
+ This is a list of all issues from the issue tracker that were closed by
+ changes that went into this release.
+
+ Bug
+
+ Category: Applications/app_dial
+
+ ASTERISK-26549: app_dial: When PickupChan() is used some channels may have
+ incorrect device state
+ Reported by: Joshua Colp
+ * [c8df727502] Joshua Colp -- app_dial: Fix incorrect device state when
+ channel is picked up.
+
+ Category: Channels/chan_pjsip
+
+ ASTERISK-26145: pjsip: Deadlock with suspend + masquerade + indicate
+ Reported by: Ross Beer
+ * [016d20ce12] Alexei Gradinari -- pjsip: Fix deadlock with suspend
+ taskprocessor on masquerade
+
+ Category: Channels/chan_sip/Interoperability
+
+ ASTERISK-26433: chan_sip: Allows To-tag checks to be bypassed, setting up
+ new calls
+ Reported by: Walter Doekes
+ * [4fece22836] Walter Doekes -- chan_sip: Do not allow non-SP/HTAB
+ between header key and colon.
+
+ Category: Core/General
+
+ ASTERISK-26466: core: Be forgiving on external callerid that may be flawed
+ so we don't drop events
+ Reported by: Richard Mudgett
+ * [7c2bd702fd] Richard Mudgett -- Audit ast_json_pack() calls for needed
+ UTF-8 checks.
+ * [3b1b2fc1d5] Richard Mudgett -- json: Check party id name, number,
+ subaddresses for UTF-8.
+ * [a835adfa92] Richard Mudgett -- json: Add UTF-8 check call.
+
+ Category: Resources/res_pjsip
+
+ ASTERISK-26145: pjsip: Deadlock with suspend + masquerade + indicate
+ Reported by: Ross Beer
+ * [016d20ce12] Alexei Gradinari -- pjsip: Fix deadlock with suspend
+ taskprocessor on masquerade
+ ASTERISK-26174: res_pjsip: Crash when freeing cloned message in
+ distributor
+ Reported by: Ross Beer
+ * [7baedd9ecd] Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when
+ pjsip_tx_data_dec_ref is called twice.
+
+ Category: Resources/res_pjsip_caller_id
+
+ ASTERISK-26316: res_pjsip_callerid: Irregular URI causes unexpected
+ callerid
+ Reported by: Kevin Harwell
+ * [adcdecd47f] Richard Mudgett -- res_pjsip: Add ignore_uri_user_options
+ option.
+
+ Category: Resources/res_pjsip_pubsub
+
+ ASTERISK-26166: res_pjsip_pubsub: Crash when decrementing reference count
+ of message
+ Reported by: Ross Beer
+ * [7baedd9ecd] Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when
+ pjsip_tx_data_dec_ref is called twice.
+
+ Category: Third-Party/pjproject
+
+ ASTERISK-26477: pjproject: SEGV during SSL operations
+ Reported by: George Joseph
+ * [28cc8a9dff] gtjoseph -- pjproject_bundled: Add patch to address SSL
+ crash
+
+ Category: pjproject/pjsip
+
+ ASTERISK-26477: pjproject: SEGV during SSL operations
+ Reported by: George Joseph
+ * [28cc8a9dff] gtjoseph -- pjproject_bundled: Add patch to address SSL
+ crash
+ ASTERISK-26199: PJSIP: tx_data_destroy called twice
+ Reported by: Scott Griepentrog
+ * [7baedd9ecd] Alexei Gradinari -- res_pjsip_pubsub: fixed a bug when
+ pjsip_tx_data_dec_ref is called twice.
+
+ ----------------------------------------------------------------------
+
+ Commits Not Associated with an Issue
+
+ [Back to Top]
+
+ This is a list of all changes that went into this release that did not
+ reference a JIRA issue.
+
+ +------------------------------------------------------------------------+
+ | Revision | Author | Summary |
+ |------------+----------------+------------------------------------------|
+ | 87e1ebc91a | Mark Michelson | res_pjsip_session: Do not call session |
+ | | | supplements when it's too late. |
+ |------------+----------------+------------------------------------------|
+ | 4c50689d09 | Joshua Colp | Revert "pjproject_bundled: Add patch to |
+ | | | address SSL crash" |
+ |------------+----------------+------------------------------------------|
+ | a8e37c3d06 | gtjoseph | pjproject_bundled: Add MALLOC_DEBUG |
+ | | | capability |
+ +------------------------------------------------------------------------+
+
+ ----------------------------------------------------------------------
+
+ Diffstat Results
+
+ [Back to Top]
+
+ This is a summary of the changes to the source code that went into this
+ release that was generated using the diffstat utility.
+
+ CHANGES | 17 +
+ apps/app_dial.c | 1
+ apps/app_fax.c | 14
+ apps/app_queue.c | 12
+ channels/chan_sip.c | 8
+ configs/samples/pjsip.conf.sample | 16 +
+ contrib/ast-db-manage/config/versions/a6ef36f1309_ps_globals_add_ignore_uri_user_options.py | 32 ++
+ include/asterisk/json.h | 35 ++
+ include/asterisk/res_pjsip.h | 32 ++
+ include/asterisk/taskprocessor.h | 32 ++
+ main/aoc.c | 17 -
+ main/cel.c | 4
+ main/json.c | 146 +++++++++-
+ main/taskprocessor.c | 29 +
+ res/res_fax.c | 12
+ res/res_pjsip.c | 24 +
+ res/res_pjsip/config_global.c | 21 +
+ res/res_pjsip/pjsip_options.c | 12
+ res/res_pjsip_caller_id.c | 18 +
+ res/res_pjsip_diversion.c | 25 +
+ res/res_pjsip_endpoint_identifier_user.c | 7
+ res/res_pjsip_messaging.c | 25 +
+ res/res_pjsip_path.c | 22 +
+ res/res_pjsip_pubsub.c | 20 +
+ res/res_pjsip_refer.c | 7
+ res/res_pjsip_registrar.c | 15 -
+ res/res_pjsip_session.c | 37 +-
+ res/stasis/app.c | 2
+ tests/test_json.c | 34 +-
+ third-party/Makefile.rules | 2
+ third-party/pjproject/.gitignore | 1
+ third-party/pjproject/Makefile | 110 +++++--
+ third-party/pjproject/patches/asterisk_malloc_debug.c | 72 ++++
+ third-party/pjproject/patches/asterisk_malloc_debug.h | 11
+ 34 files changed, 749 insertions(+), 123 deletions(-)
GO
+-- Running upgrade 4e2493ef32e6 -> a6ef36f1309
+
+ALTER TABLE ps_globals ADD ignore_uri_user_options VARCHAR(3) NULL;
+
+GO
+
+ALTER TABLE ps_globals ADD CONSTRAINT yesno_values CHECK (ignore_uri_user_options IN ('yes', 'no'));
+
+GO
+
+UPDATE alembic_version SET version_num='a6ef36f1309' WHERE alembic_version.version_num = '4e2493ef32e6';
+
+GO
+
COMMIT;
GO
UPDATE alembic_version SET version_num='4e2493ef32e6' WHERE alembic_version.version_num = '4a6c67fa9b7a';
+-- Running upgrade 4e2493ef32e6 -> a6ef36f1309
+
+ALTER TABLE ps_globals ADD COLUMN ignore_uri_user_options ENUM('yes','no');
+
+UPDATE alembic_version SET version_num='a6ef36f1309' WHERE alembic_version.version_num = '4e2493ef32e6';
+
/
+-- Running upgrade 4e2493ef32e6 -> a6ef36f1309
+
+ALTER TABLE ps_globals ADD ignore_uri_user_options VARCHAR(3 CHAR)
+
+/
+
+ALTER TABLE ps_globals ADD CONSTRAINT yesno_values CHECK (ignore_uri_user_options IN ('yes', 'no'))
+
+/
+
+UPDATE alembic_version SET version_num='a6ef36f1309' WHERE alembic_version.version_num = '4e2493ef32e6'
+
+/
+
UPDATE alembic_version SET version_num='4e2493ef32e6' WHERE alembic_version.version_num = '4a6c67fa9b7a';
+-- Running upgrade 4e2493ef32e6 -> a6ef36f1309
+
+ALTER TABLE ps_globals ADD COLUMN ignore_uri_user_options yesno_values;
+
+UPDATE alembic_version SET version_num='a6ef36f1309' WHERE alembic_version.version_num = '4e2493ef32e6';
+
COMMIT;
projects / thirdparty / asterisk.git / commitdiff
