-certified/13.13-cert6
\ No newline at end of file
+certified/13.13-cert7
\ No newline at end of file
+2017-11-08 16:59 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk certified/13.13-cert7 Released.
+
+2017-10-19 13:53 +0000 [44f3d85cde] George Joseph <gjoseph@digium.com>
+
+ * AST-2017-009: pjproject: Add validation of numeric header values
+
+ Parsing the numeric header fields like cseq, ttl, port, etc. all
+ had the potential to overflow, either causing unintended values to
+ be captured or, if the values were subsequently converted back to
+ strings, a buffer overrun. To address this, new "strto" functions
+ have been created that do range checking and those functions are
+ used wherever possible in the parser.
+
+ * Created pjlib/include/limits.h and pjlib/include/compat/limits.h
+ to either include the system limits.h or define common numeric
+ limits if there is no system limits.h.
+
+ * Created strto*_validate functions in sip_parser that take bounds
+ and on failure call the on_str_parse_error function which prints
+ an error message and calls PJ_THROW.
+
+ * Updated sip_parser to validate the numeric fields.
+
+ * Fixed an issue in sip_transport that prevented error messages
+ from being properly displayed.
+
+ * Added "volatile" to some variables referenced in PJ_CATCH blocks
+ as the optimizer was sometimes optimizing them away.
+
+ * Fixed length calculation in sip_transaction/create_tsx_key_2543
+ to account for signed ints being 11 characters, not 9.
+
+ ASTERISK-27319
+ Reported by: Youngsung Kim at LINE Corporation
+
+ Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
+
+2017-10-19 13:35 +0000 [1b31e3c3bd] Kevin Harwell <kharwell@digium.com>
+
+ * AST-2017-011 - res_pjsip_session: session leak when a call is rejected
+
+ A previous commit made it so when an invite session transitioned into a
+ disconnected state destruction of the Asterisk pjsip session object was
+ postponed until either a transport error occurred or the event timer
+ expired. However, if a call was rejected (for instance a 488) before the
+ session was fully established the event timer may not have been initiated,
+ or it was canceled without triggering either of the session finalizing states
+ mentioned above.
+
+ Really the only time destruction of the session should be delayed is when a
+ BYE is being transacted. This is because it's possible in some cases for the
+ session to be disconnected, but the BYE is still transacting.
+
+ This patch makes it so the session object always gets released (no more
+ memory leak) when the pjsip session is in a disconnected state. Except when
+ the method is a BYE. Then it waits until a transport error occurs or an event
+ timeout.
+
+ ASTERISK-27345 #close
+
+ Reported by: Corey Farrell
+
+ Change-Id: I1e724737b758c20ac76d19d3611e3d2876ae10ed
+
+2017-10-03 16:19 +0000 [178b372019] Richard Mudgett <rmudgett@digium.com>
+
+ * AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun
+
+ cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
+ the supplied string is too long. The long string could be supplied by
+ external means using the CDR(userfield) function.
+
+ This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is. The
+ earlier patch fixed the buffer overrun for Party A's userfield while this
+ patch fixes the same thing for Party B's userfield.
+
+ ASTERISK-27337
+
+ Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
+
2017-09-19 16:09 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk certified/13.13-cert6 Released.
+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/13.13-cert6</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/13.13-cert6</h3><h3 align="center">Date: 2017-09-19</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#closed_issues">Closed Issues</a></li>
-<li><a href="#commits">Other Changes</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-008.html">AST-2017-008</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/13.13-cert5.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Richard Mudgett <rmudgett@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Richard Mudgett <rmudgett@digium.com><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Resources/res_rtp_asterisk</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27274">ASTERISK-27274</a>: RTCP needs better packet validation to resist port scans.<br/>Reported by: Richard Mudgett<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=88c8e8a11c7db789897779178a4c452de09b8fac">[88c8e8a11c]</a> Richard Mudgett -- AST-2017-008: Improve RTP and RTCP packet processing.</li>
-</ul><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27252">ASTERISK-27252</a>: RTP: One way audio with direct media and strictrtp=yes.<br/>Reported by: Richard Mudgett<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=88c8e8a11c7db789897779178a4c452de09b8fac">[88c8e8a11c]</a> Richard Mudgett -- AST-2017-008: Improve RTP and RTCP packet processing.</li>
-</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
-<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=67b1b028a149f98f451bd32f4fc78d6840ccade9">67b1b028a1</a></td><td>George Joseph</td><td>stasis/control: Fix possible deadlock with swap channel</td></tr>
-</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>include/asterisk/bridge_after.h | 2
-main/bridge.c | 6
-main/bridge_after.c | 30 +-
-res/res_rtp_asterisk.c | 508 ++++++++++++++++++++++++++++++++--------
-res/stasis/control.c | 113 +++++---
-5 files changed, 500 insertions(+), 159 deletions(-)</pre><br></html>
\ No newline at end of file
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-certified/13.13-cert7</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-certified/13.13-cert7</h3><h3 align="center">Date: 2017-11-08</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2017-009,AST-2017-010,AST-2017-011.html">AST-2017-009,AST-2017-010,AST-2017-011</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-certified/13.13-cert6.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 Richard Mudgett <rmudgett@digium.com><br/>1 Kevin Harwell <kharwell@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Youngsung Kim at LINE Corporation<br/>1 Richard Mudgett <rmudgett@digium.com><br/>1 Kim youngsung <youngsung.kim@linecorp.com><br/>1 Corey Farrell <git@cfware.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27319">ASTERISK-27319</a>: (Security) Function in PJSIP 2.7 miscalculates the length of an unsigned long variable in 64bit machines<br/>Reported by: Kim youngsung<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=44f3d85cde0625765e0fac24c2065f5af2402bbf">[44f3d85cde]</a> George Joseph -- AST-2017-009: pjproject: Add validation of numeric header values</li>
+</ul><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27337">ASTERISK-27337</a>: chan_sip: Security vulnerability with client code header (revisited)<br/>Reported by: Richard Mudgett<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=178b372019b9a324034f0e3d6a34b67d616bd284">[178b372019]</a> Richard Mudgett -- AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun</li>
+</ul><br><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=1b31e3c3bd6cf18d6f4a4dbfc2f8c2b28ba6f71c">[1b31e3c3bd]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
+</ul><br><h4>Category: Resources/res_pjsip_sdp_rtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=1b31e3c3bd6cf18d6f4a4dbfc2f8c2b28ba6f71c">[1b31e3c3bd]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
+</ul><br><h4>Category: Resources/res_pjsip_session</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-27345">ASTERISK-27345</a>: res_pjsip_session: RTP instances leak on 488 responses.<br/>Reported by: Corey Farrell<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=1b31e3c3bd6cf18d6f4a4dbfc2f8c2b28ba6f71c">[1b31e3c3bd]</a> Kevin Harwell -- AST-2017-011 - res_pjsip_session: session leak when a call is rejected</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>main/cdr.c | 6
+res/res_pjsip_session.c | 80
+third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch | 834 ++++++++++
+3 files changed, 880 insertions(+), 40 deletions(-)</pre><br></html>
\ No newline at end of file
Release Summary
- asterisk-certified/13.13-cert6
+ asterisk-certified/13.13-cert7
- Date: 2017-09-19
+ Date: 2017-11-08
<asteriskteam@digium.com>
1. Summary
2. Contributors
3. Closed Issues
- 4. Other Changes
- 5. Diffstat
+ 4. Diffstat
----------------------------------------------------------------------
Security Advisories:
- * AST-2017-008
+ * AST-2017-009,AST-2017-010,AST-2017-011
The data in this summary reflects changes that have been made since the
- previous release, asterisk-certified/13.13-cert5.
+ previous release, asterisk-certified/13.13-cert6.
----------------------------------------------------------------------
issues that they reported that were affected by commits that went into
this release.
- Coders Testers Reporters
- 1 Richard Mudgett 1 Richard Mudgett
- 1 George Joseph
+ Coders Testers Reporters
+ 1 Richard Mudgett 1 Youngsung Kim at LINE Corporation
+ 1 Kevin Harwell 1 Richard Mudgett
+ 1 George Joseph 1 Kim youngsung
+ 1 Corey Farrell
----------------------------------------------------------------------
Bug
- Category: Resources/res_rtp_asterisk
+ Category: General
- ASTERISK-27274: RTCP needs better packet validation to resist port scans.
+ ASTERISK-27319: (Security) Function in PJSIP 2.7 miscalculates the length
+ of an unsigned long variable in 64bit machines
+ Reported by: Kim youngsung
+ * [44f3d85cde] George Joseph -- AST-2017-009: pjproject: Add validation
+ of numeric header values
+ ASTERISK-27337: chan_sip: Security vulnerability with client code header
+ (revisited)
Reported by: Richard Mudgett
- * [88c8e8a11c] Richard Mudgett -- AST-2017-008: Improve RTP and RTCP
- packet processing.
- ASTERISK-27252: RTP: One way audio with direct media and strictrtp=yes.
- Reported by: Richard Mudgett
- * [88c8e8a11c] Richard Mudgett -- AST-2017-008: Improve RTP and RTCP
- packet processing.
+ * [178b372019] Richard Mudgett -- AST-2017-010: Fix
+ cdr_object_update_party_b_userfield_cb() buf overrun
- ----------------------------------------------------------------------
+ Category: Resources/res_pjsip
- Commits Not Associated with an Issue
+ ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
+ Reported by: Corey Farrell
+ * [1b31e3c3bd] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
+ session leak when a call is rejected
- [Back to Top]
+ Category: Resources/res_pjsip_sdp_rtp
+
+ ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
+ Reported by: Corey Farrell
+ * [1b31e3c3bd] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
+ session leak when a call is rejected
- This is a list of all changes that went into this release that did not
- reference a JIRA issue.
+ Category: Resources/res_pjsip_session
- +------------------------------------------------------------------------+
- | Revision | Author | Summary |
- |------------+---------------+-------------------------------------------|
- | 67b1b028a1 | George Joseph | stasis/control: Fix possible deadlock |
- | | | with swap channel |
- +------------------------------------------------------------------------+
+ ASTERISK-27345: res_pjsip_session: RTP instances leak on 488 responses.
+ Reported by: Corey Farrell
+ * [1b31e3c3bd] Kevin Harwell -- AST-2017-011 - res_pjsip_session:
+ session leak when a call is rejected
----------------------------------------------------------------------
This is a summary of the changes to the source code that went into this
release that was generated using the diffstat utility.
- include/asterisk/bridge_after.h | 2
- main/bridge.c | 6
- main/bridge_after.c | 30 +-
- res/res_rtp_asterisk.c | 508 ++++++++++++++++++++++++++++++++--------
- res/stasis/control.c | 113 +++++---
- 5 files changed, 500 insertions(+), 159 deletions(-)
+ main/cdr.c | 6
+ res/res_pjsip_session.c | 80
+ third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch | 834 ++++++++++
+ 3 files changed, 880 insertions(+), 40 deletions(-)
projects / thirdparty / asterisk.git / commitdiff
