-certified/16.8-cert5
\ No newline at end of file
+certified/16.8-cert6
\ No newline at end of file
+2021-02-18 16:51 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk certified/16.8-cert6 Released.
+
+2021-02-01 15:24 +0000 [bb5b336f78] Kevin Harwell <kharwell@sangoma.com>
+
+ * AST-2021-002: Remote crash possible when negotiating T.38
+
+ When an endpoint requests to re-negotiate for fax and the incoming
+ re-invite is received prior to Asterisk sending out the 200 OK for
+ the initial invite the re-invite gets delayed. When Asterisk does
+ finally send the re-inivite the SDP includes streams for both audio
+ and T.38.
+
+ This happens because when the pending topology and active topologies
+ differ (pending stream is not in the active) in the delayed scenario
+ the pending stream is appended to the active topology. However, in
+ the fax case the pending stream should replace the active.
+
+ This patch makes it so when a delay occurs during fax negotiation,
+ to or from, the audio stream is replaced by the T.38 stream, or vice
+ versa instead of being appended.
+
+ Further when Asterisk sent the re-invite with both audio and T.38,
+ and the endpoint responded with a declined T.38 stream then Asterisk
+ would crash when attempting to change the T.38 state.
+
+ This patch also puts in a check that ensures the media state has a
+ valid fax session (associated udptl object) before changing the
+ T.38 state internally.
+
+ ASTERISK-29203 #close
+
+ Change-Id: I407f4fa58651255b6a9030d34fd6578cf65ccf09
+
+2021-01-26 11:09 +0000 [93468c531a] Alexander Traud <pabstraud@compuserve.com>
+
+ * rtp: Enable srtp replay protection
+
+ Add option "srtpreplayprotection" rtp.conf to enable srtp
+ replay protection.
+
+ ASTERISK-29260
+ Reported by: Alexander Traud
+
+ Change-Id: I5cd346e3c6b6812039d1901aa4b7be688173b458
+
+2020-12-11 14:49 +0000 [07eddbd56a] Sean Bright <sean.bright@gmail.com>
+
+ * res_rtp_asterisk.c: Fix signed mismatch that leads to overflow
+
+ ASTERISK-29205 #close
+
+ Change-Id: Ib7aa65644e8df76e2378d7613ee7cf751b9d0bea
+
+2021-02-05 05:26 +0000 [23e96e6e17] Joshua C. Colp <jcolp@sangoma.com>
+
+ * pjsip: Make modify_local_offer2 tolerate previous failed SDP.
+
+ If a remote side is broken and sends an SDP that can not be
+ negotiated the call will be torn down but there is a window
+ where a second 183 Session Progress or 200 OK that is forked
+ can be received that also attempts to negotiate SDP. Since
+ the code marked the SDP negotiation as being done and complete
+ prior to this it assumes that there is an active local and remote
+ SDP which it can modify, while in fact there is not as the SDP
+ did not successfully negotiate. Since there is no local or remote
+ SDP a crash occurs.
+
+ This patch changes the pjmedia_sdp_neg_modify_local_offer2
+ function to no longer assume that a previous SDP negotiation
+ was successful.
+
+ ASTERISK-29196
+
+ Change-Id: I22de45916d3b05fdc2a67da92b3a38271ee5949e
+
+2020-12-16 06:17 +0000 [6b5306ecc5] Joshua C. Colp <jcolp@sangoma.com>
+
+ * res_pjsip_pidf_digium_body_supplement: Support Sangoma user agent.
+
+ This adds support for both Digium and Sangoma user agent strings
+ for the Sangoma specific body supplement.
+
+ Change-Id: Ib99362b24b91d3cbe888d8b2fce3fad5515d9482
+ (cherry picked from commit 7e4bb4ed11b2741ff6cd47a95fb6e815a5e1d901)
+
2020-11-05 21:06 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk certified/16.8-cert5 Released.
+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/16.8-cert5</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/16.8-cert5</h3><h3 align="center">Date: 2020-11-05</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2020-001,AST-2020-002.html">AST-2020-001,AST-2020-002</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/16.8-cert4.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Kevin Harwell <kharwell@digium.com><br/>1 Ben Ford <bford@digium.com><br/></td><td width="33%"><td width="33%">1 Sandro Gauci <sandro@enablesecurity.com><br/>1 Sebastian Damm <damm@sipgate.de><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29057">ASTERISK-29057</a>: pjsip: Crash on call rejection during high load<br/>Reported by: Sandro Gauci<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=81b48f2d104506bc9e77ef36942d70056b4f8138">[81b48f2d10]</a> Kevin Harwell -- AST-2020-001 - res_pjsip: Return dialog locked and referenced</li>
-</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29013">ASTERISK-29013</a>: res_pjsip: Asterisk doesn't stop sending invites (with auth) on 407 replies<br/>Reported by: Sebastian Damm<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6057050899a97913e7bb638cfc320822d2a7eb92">[6057050899]</a> Ben Ford -- AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit.</li>
-</ul><br><h4>Category: Resources/res_pjsip_authenticator_digest</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29013">ASTERISK-29013</a>: res_pjsip: Asterisk doesn't stop sending invites (with auth) on 407 replies<br/>Reported by: Sebastian Damm<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6057050899a97913e7bb638cfc320822d2a7eb92">[6057050899]</a> Ben Ford -- AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit.</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>include/asterisk/res_pjsip.h | 46 ++++++++++++
-include/asterisk/res_pjsip_session.h | 4 -
-res/res_pjsip.c | 51 +++++++++++---
-res/res_pjsip_pubsub.c | 10 ++
-res/res_pjsip_session.c | 125 +++++++++++++++++++++++++++++++++--
-5 files changed, 218 insertions(+), 18 deletions(-)</pre><br></html>
\ No newline at end of file
+++ /dev/null
- Release Summary
-
- asterisk-certified/16.8-cert5
-
- Date: 2020-11-05
-
- <asteriskteam@digium.com>
-
- ----------------------------------------------------------------------
-
- Table of Contents
-
- 1. Summary
- 2. Contributors
- 3. Closed Issues
- 4. Diffstat
-
- ----------------------------------------------------------------------
-
- Summary
-
- [Back to Top]
-
- This release has been made to address one or more security vulnerabilities
- that have been identified. A security advisory document has been published
- for each vulnerability that includes additional information. Users of
- versions of Asterisk that are affected are strongly encouraged to review
- the advisories and determine what action they should take to protect their
- systems from these issues.
-
- Security Advisories:
-
- * AST-2020-001,AST-2020-002
-
- The data in this summary reflects changes that have been made since the
- previous release, asterisk-certified/16.8-cert4.
-
- ----------------------------------------------------------------------
-
- Contributors
-
- [Back to Top]
-
- This table lists the people who have submitted code, those that have
- tested patches, as well as those that reported issues on the issue tracker
- that were resolved in this release. For coders, the number is how many of
- their patches (of any size) were committed into this release. For testers,
- the number is the number of times their name was listed as assisting with
- testing a patch. Finally, for reporters, the number is the number of
- issues that they reported that were affected by commits that went into
- this release.
-
- Coders Testers Reporters
- 1 Kevin Harwell 1 Sandro Gauci
- 1 Ben Ford 1 Sebastian Damm
-
- ----------------------------------------------------------------------
-
- Closed Issues
-
- [Back to Top]
-
- This is a list of all issues from the issue tracker that were closed by
- changes that went into this release.
-
- Security
-
- Category: pjproject/pjsip
-
- ASTERISK-29057: pjsip: Crash on call rejection during high load
- Reported by: Sandro Gauci
- * [81b48f2d10] Kevin Harwell -- AST-2020-001 - res_pjsip: Return dialog
- locked and referenced
-
- Bug
-
- Category: Resources/res_pjsip
-
- ASTERISK-29013: res_pjsip: Asterisk doesn't stop sending invites (with
- auth) on 407 replies
- Reported by: Sebastian Damm
- * [6057050899] Ben Ford -- AST-2020-002 - res_pjsip: Stop sending
- INVITEs after challenge limit.
-
- Category: Resources/res_pjsip_authenticator_digest
-
- ASTERISK-29013: res_pjsip: Asterisk doesn't stop sending invites (with
- auth) on 407 replies
- Reported by: Sebastian Damm
- * [6057050899] Ben Ford -- AST-2020-002 - res_pjsip: Stop sending
- INVITEs after challenge limit.
-
- ----------------------------------------------------------------------
-
- Diffstat Results
-
- [Back to Top]
-
- This is a summary of the changes to the source code that went into this
- release that was generated using the diffstat utility.
-
- include/asterisk/res_pjsip.h | 46 ++++++++++++
- include/asterisk/res_pjsip_session.h | 4 -
- res/res_pjsip.c | 51 +++++++++++---
- res/res_pjsip_pubsub.c | 10 ++
- res/res_pjsip_session.c | 125 +++++++++++++++++++++++++++++++++--
- 5 files changed, 218 insertions(+), 18 deletions(-)
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/16.8-cert6</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/16.8-cert6</h3><h3 align="center">Date: 2021-02-18</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#commits">Other Changes</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005.html">AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/16.8-cert5.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">2 Joshua C. Colp <jcolp@sangoma.com><br/>1 Sean Bright <sean.bright@gmail.com><br/>1 Kevin Harwell <kharwell@sangoma.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/></td><td width="33%"><td width="33%">1 Mauri de Souza Meneguzzo (3CPlus) <mauri.nunes@fluxoti.com><br/>1 Gregory Massel <greg@csurf.co.za><br/>1 Alexander Traud<br/>1 Edvin Vidmar <edvinvidmar@hotmail.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_srtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29260">ASTERISK-29260</a>: sRTP Replay Protection ignored; even tears down long calls<br/>Reported by: Alexander Traud<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=93468c531a20f598874d09c3a23eba8cda30589b">[93468c531a]</a> Alexander Traud -- rtp: Enable srtp replay protection</li>
+</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29196">ASTERISK-29196</a>: res_pjsip: Segmentation fault<br/>Reported by: Mauri de Souza Meneguzzo (3CPlus)<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=23e96e6e1743d9c1e330aaf3ba9c7f76f39efd38">[23e96e6e17]</a> Joshua C. Colp -- pjsip: Make modify_local_offer2 tolerate previous failed SDP.</li>
+</ul><br><h4>Category: Resources/res_pjsip_session</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29203">ASTERISK-29203</a>: res_pjsip_t38: Crash when changing state<br/>Reported by: Gregory Massel<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=bb5b336f78ac6b718f282b60b84dd98585ac230a">[bb5b336f78]</a> Kevin Harwell -- AST-2021-002: Remote crash possible when negotiating T.38</li>
+</ul><br><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29203">ASTERISK-29203</a>: res_pjsip_t38: Crash when changing state<br/>Reported by: Gregory Massel<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=bb5b336f78ac6b718f282b60b84dd98585ac230a">[bb5b336f78]</a> Kevin Harwell -- AST-2021-002: Remote crash possible when negotiating T.38</li>
+</ul><br><h4>Category: Resources/res_rtp_asterisk</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29205">ASTERISK-29205</a>: res_rtp_asterisk: Asterisk crashes when making hold/unhold from webrtc client<br/>Reported by: Edvin Vidmar<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=07eddbd56abac891d5b81f0a68ae75d4c36359c7">[07eddbd56a]</a> Sean Bright -- res_rtp_asterisk.c: Fix signed mismatch that leads to overflow</li>
+</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
+<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
+<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6b5306ecc55c84ca451f191a4ab3fc3c8653e189">6b5306ecc5</a></td><td>Joshua C. Colp</td><td>res_pjsip_pidf_digium_body_supplement: Support Sangoma user agent.</td></tr>
+</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>configs/samples/rtp.conf.sample | 12 ++++++++++++
+doc/CHANGES-staging/srtp_replay_protection.txt | 9 +++++++++
+doc/UPGRADE-staging/srtp_replay_protection.txt | 9 +++++++++
+res/res_pjsip_pidf_digium_body_supplement.c | 8 +++++---
+res/res_pjsip_session.c | 9 ++++++++-
+res/res_pjsip_t38.c | 9 +++++++++
+res/res_rtp_asterisk.c | 11 +++++++----
+7 files changed, 59 insertions(+), 8 deletions(-)</pre><br></html>
\ No newline at end of file
--- /dev/null
+ Release Summary
+
+ asterisk-certified/16.8-cert6
+
+ Date: 2021-02-18
+
+ <asteriskteam@digium.com>
+
+ ----------------------------------------------------------------------
+
+ Table of Contents
+
+ 1. Summary
+ 2. Contributors
+ 3. Closed Issues
+ 4. Other Changes
+ 5. Diffstat
+
+ ----------------------------------------------------------------------
+
+ Summary
+
+ [Back to Top]
+
+ This release has been made to address one or more security vulnerabilities
+ that have been identified. A security advisory document has been published
+ for each vulnerability that includes additional information. Users of
+ versions of Asterisk that are affected are strongly encouraged to review
+ the advisories and determine what action they should take to protect their
+ systems from these issues.
+
+ Security Advisories:
+
+ * AST-2021-002,AST-2021-003,AST-2021-004,AST-2021-005
+
+ The data in this summary reflects changes that have been made since the
+ previous release, asterisk-certified/16.8-cert5.
+
+ ----------------------------------------------------------------------
+
+ Contributors
+
+ [Back to Top]
+
+ This table lists the people who have submitted code, those that have
+ tested patches, as well as those that reported issues on the issue tracker
+ that were resolved in this release. For coders, the number is how many of
+ their patches (of any size) were committed into this release. For testers,
+ the number is the number of times their name was listed as assisting with
+ testing a patch. Finally, for reporters, the number is the number of
+ issues that they reported that were affected by commits that went into
+ this release.
+
+ Coders Testers Reporters
+ 2 Joshua C. Colp 1 Mauri de Souza Meneguzzo (3CPlus)
+ 1 Sean Bright 1 Gregory Massel
+ 1 Kevin Harwell 1 Alexander Traud
+ 1 Alexander Traud 1 Edvin Vidmar
+ 1 Alexander Traud
+
+ ----------------------------------------------------------------------
+
+ Closed Issues
+
+ [Back to Top]
+
+ This is a list of all issues from the issue tracker that were closed by
+ changes that went into this release.
+
+ Security
+
+ Category: Resources/res_srtp
+
+ ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
+ Reported by: Alexander Traud
+ * [93468c531a] Alexander Traud -- rtp: Enable srtp replay protection
+
+ Bug
+
+ Category: Resources/res_pjsip
+
+ ASTERISK-29196: res_pjsip: Segmentation fault
+ Reported by: Mauri de Souza Meneguzzo (3CPlus)
+ * [23e96e6e17] Joshua C. Colp -- pjsip: Make modify_local_offer2
+ tolerate previous failed SDP.
+
+ Category: Resources/res_pjsip_session
+
+ ASTERISK-29203: res_pjsip_t38: Crash when changing state
+ Reported by: Gregory Massel
+ * [bb5b336f78] Kevin Harwell -- AST-2021-002: Remote crash possible when
+ negotiating T.38
+
+ Category: Resources/res_pjsip_t38
+
+ ASTERISK-29203: res_pjsip_t38: Crash when changing state
+ Reported by: Gregory Massel
+ * [bb5b336f78] Kevin Harwell -- AST-2021-002: Remote crash possible when
+ negotiating T.38
+
+ Category: Resources/res_rtp_asterisk
+
+ ASTERISK-29205: res_rtp_asterisk: Asterisk crashes when making hold/unhold
+ from webrtc client
+ Reported by: Edvin Vidmar
+ * [07eddbd56a] Sean Bright -- res_rtp_asterisk.c: Fix signed mismatch
+ that leads to overflow
+
+ ----------------------------------------------------------------------
+
+ Commits Not Associated with an Issue
+
+ [Back to Top]
+
+ This is a list of all changes that went into this release that did not
+ reference a JIRA issue.
+
+ +------------------------------------------------------------------------+
+ | Revision | Author | Summary |
+ |------------+-----------+-----------------------------------------------|
+ | 6b5306ecc5 | Joshua C. | res_pjsip_pidf_digium_body_supplement: |
+ | | Colp | Support Sangoma user agent. |
+ +------------------------------------------------------------------------+
+
+ ----------------------------------------------------------------------
+
+ Diffstat Results
+
+ [Back to Top]
+
+ This is a summary of the changes to the source code that went into this
+ release that was generated using the diffstat utility.
+
+ configs/samples/rtp.conf.sample | 12 ++++++++++++
+ doc/CHANGES-staging/srtp_replay_protection.txt | 9 +++++++++
+ doc/UPGRADE-staging/srtp_replay_protection.txt | 9 +++++++++
+ res/res_pjsip_pidf_digium_body_supplement.c | 8 +++++---
+ res/res_pjsip_session.c | 9 ++++++++-
+ res/res_pjsip_t38.c | 9 +++++++++
+ res/res_rtp_asterisk.c | 11 +++++++----
+ 7 files changed, 59 insertions(+), 8 deletions(-)
projects / thirdparty / asterisk.git / commitdiff
