+2016-02-03 21:55 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk certified/11.6-cert12 Released.
+
+2016-02-03 15:53 +0000 [1a7e98eeac] Kevin Harwell <kharwell@lunkwill>
+
+ * .version: Update for certified/11.6-cert12
+
+2016-02-03 15:53 +0000 [a1394f3919] Kevin Harwell <kharwell@lunkwill>
+
+ * .lastclean: Update for certified/11.6-cert12
+
+2016-02-03 12:04 +0000 [1ae95cdef3] Joshua Colp <jcolp@digium.com>
+
+ * AST-2016-001 http: Provide greater control of TLS and set modern defaults.
+
+ This change exposes the configuration of various aspects of the TLS
+ support and sets the default to the modern standards.
+
+ The TLS cipher is now set to the best values according to the
+ Mozilla OpSec team, different TLS versions can now be disabled, and
+ the cipher order can be forced to be that of the server instead of
+ the client.
+
+ ASTERISK-24972 #close
+
+ Change-Id: I18b74a4830729896cdedc85324bf4c1ac1df29ba
+2015-12-07 12:46 +0000 [431326b174] Richard Mudgett <rmudgett@digium.com>
+
+ * AST-2016-003 udptl.c: Fix uninitialized values.
+
+ Sending UDPTL packets to Asterisk with the right amount of missing
+ sequence numbers and enough redundant 0-length IFP packets, can make
+ Asterisk crash.
+
+ ASTERISK-25603 #close
+ Reported by: Walter Doekes
+
+ ASTERISK-25742 #close
+ Reported by: Torrey Searle
+
+ Change-Id: I97df8375041be986f3f266ac1946a538023a5255
+2015-09-28 17:07 +0000 [68a6a721b5] Richard Mudgett <rmudgett@digium.com>
+
+ * AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow.
+
+ Setting the sip.conf timert1 value to a value higher than 1245 can cause
+ an integer overflow and result in large retransmit timeout times. These
+ large timeout times hold system file descriptors hostage and can cause the
+ system to run out of file descriptors.
+
+ NOTE: The default sip.conf timert1 value is 500 which does not expose the
+ vulnerability.
+
+ * The overflow is now detected and the previous timeout time is
+ calculated.
+
+ ASTERISK-25397 #close
+ Reported by: Alexander Traud
+
+ Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290
+2015-12-10 11:44 +0000 [b5fb4f7e89] Jonathan Rose <jrose@digium.com>
+
+ * chan_sip: Add TCP/TLS keepalive to TCP/TLS server
+
+ Adds the TCP Keep Alive option to TCP and TLS server sockets. Previously
+ this option was only being set on session sockets.
+ http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/
+ According to the link above, the SO_KEEPALIVE option is useful for knowing
+ when a TCP connected endpoint has severed communication without indicating
+ it or has become unreachable for some reason. Without this patch, keep
+ alive is not set on the socket listening for incoming TCP sessions and
+ in Komatsu's report this resulted in the thread listening for TCP becoming
+ stuck in a waiting state.
+
+ ASTERISK-25364 #close
+ Reported by: Hiroaki Komatsu
+
+ Change-Id: I7ed7bcfa982b367dc64b4b73fbd962da49b9af36
+2015-11-30 16:42 +0000 [85ca86cd13] Richard Mudgett <rmudgett@digium.com>
+
+ * sched.c: Make not return a sched id of 0.
+
+ According to the API doxygen a sched ID of 0 is valid. Unfortunately, 0
+ was never returned historically and several users incorrectly coded usage
+ of the returned sched ID assuming that 0 was invalid.
+
+ ASTERISK-25476
+
+ Change-Id: Ib19c7ebb44ec9fd393ef6646dea806d4f34e3a20
+
+2015-11-24 12:44 +0000 [13152fe53c] Richard Mudgett <rmudgett@digium.com>
+
+ * Audit improper usage of scheduler exposed by 5c713fdf18f.
+
+ channels/chan_iax2.c:
+ * Initialize struct chan_iax2_pvt scheduler ids earlier because of
+ iax2_destroy_helper().
+
+ channels/chan_sip.c:
+ channels/sip/config_parser.c:
+ * Fix initialization of scheduler id struct members. Some off nominal
+ paths had 0 as a scheduler id to be destroyed when it was never started.
+
+ chan_skinny.c:
+ * Fix some scheduler id comparisons that excluded the valid 0 id.
+
+ channel.c:
+ * Fix channel initialization of the video stream scheduler id.
+
+ pbx_dundi.c:
+ * Fix channel initialization of the packet retransmission scheduler id.
+
+ ASTERISK-25476
+
+ Change-Id: I07a3449f728f671d326a22fcbd071f150ba2e8c8
+
+2015-11-11 04:16 +0000 [69cc1f700f] Steve Davies <steve@one47.co.uk>
+
+ * Further fixes to improper usage of scheduler
+
+ When ASTERISK-25449 was closed, a number of scheduler issues mentioned in
+ the comments were missed. These have since beed raised in ASTERISK-25476
+ and elsewhere.
+
+ This patch attempts to collect all of the scheduler issues discovered so
+ far and address them sensibly.
+
+ ASTERISK-25476 #close
+
+ Change-Id: I87a77d581e2e0d91d33b4b2fbff80f64a566d05b
+ (cherry picked from commit e74110188d7e4c959d6c3ddbe40635a639b33a14)
+
+2015-10-06 20:43 +0000 [a78beb6d4d] Matt Jordan <mjordan@digium.com>
+
+ * res/res_rtp_asterisk: Fix assignment after ao2 decrement
+
+ When we decide we will no longer schedule an RTCP write, we remove the
+ reference to the RTP instance, then assign -1 to the stored scheduler ID
+ in case something else comes along and wants to see if anything is scheduled.
+
+ That scheduler ID is on the RTP instance. After 60a9172d7ef2 was merged to
+ fix the regression introduced by 3cf0f29310, this improper assignment on a
+ potentially destroyed object started getting tripped on the build agents.
+
+ Frankly, this should have been crashing a lot more often earlier. I can only
+ assume that the timing was changed just enough by both changes to start
+ actually hitting this problem.
+
+ As it is, simply moving the assignment prior to the ao2 deference is sufficient
+ to keep the RTP instance from being referenced when it is very, truly,
+ aboslutely dead.
+
+ (Note that it is still good practice to assign -1 to the scheduler ID when we
+ know we won't be scheduling it again, as the ao2 deref *may* not always destroy
+ the ao2 object.)
+
+ ASTERISK-25449
+
+ Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7
+
+2015-10-05 21:34 +0000 [6851c42eeb] Matt Jordan <mjordan@digium.com>
+
+ * Fix improper usage of scheduler exposed by 5c713fdf18f
+
+ When 5c713fdf18f was merged, it allowed for scheduled items to have an ID of
+ '0' returned. While this was valid per the documentation for the API, it was
+ apparently never returned previously. As a result, several users of the
+ scheduler API viewed the result as being invalid, causing them to reschedule
+ already scheduled items or otherwise fail in interesting ways.
+
+ This patch corrects the users such that they view '0' as valid, and a returned
+ ID of -1 as being invalid.
+
+ Note that the failing HEP RTCP tests now pass with this patch. These tests
+ failed due to a duplicate scheduling of the RTCP transmissions.
+
+ ASTERISK-25449 #close
+
+ Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39
+
+2013-10-08 15:14 +0000 [64fce13486] Clod Patry <cpatry@gmail.com> (modified)
+
+ * app_confbridge: Set the language used for announcements to the conference.
+
+ ConfBridge now has the ability to set the language of announcements to the
+ conference. The language can be set on a bridge profile in
+ confbridge.conf or by the dialplan function
+ CONFBRIDGE(bridge,language)=en.
+
+ (closes issue ASTERISK-19983)
+ Reported by: Jonathan White
+ Patches:
+ M19983_rev2.diff (license #5138) patch uploaded by junky (modified)
+ Tested by: rmudgett
+
+ Change-Id: Ibb77668ecfa626f66aa0eae6d555c516a1d5cd32
+
+2015-09-10 17:19 +0000 [c3b6fcf028] Mark Michelson <mmichelson@digium.com>
+
+ * scheduler: Use queue for allocating sched IDs.
+
+ It has been observed that on long-running busy systems, a scheduler
+ context can eventually hit INT_MAX for its assigned IDs and end up
+ overflowing into a very low negative number. When this occurs, this can
+ result in odd behaviors, because a negative return is interpreted by
+ callers as being a failure. However, the item actually was successfully
+ scheduled. The result may be that a freed item remains in the scheduler,
+ resulting in a crash at some point in the future.
+
+ The scheduler can overflow because every time that an item is added to
+ the scheduler, a counter is bumped and that counter's current value is
+ assigned as the new item's ID.
+
+ This patch introduces a new method for assigning scheduler IDs. Instead
+ of assigning from a counter, a queue of available IDs is maintained.
+ When assigning a new ID, an ID is pulled from the queue. When a
+ scheduler item is released, its ID is pushed back onto the queue. This
+ way, IDs may be reused when they become available, and the growth of ID
+ numbers is directly related to concurrent activity within a scheduler
+ context rather than the uptime of the system.
+
+ Change-Id: I532708eef8f669d823457d7fefdad9a6078b99b2
+
+2015-05-13 15:41 +0000 [7c65465298] Jonathan Rose <jrose@digium.com>
+
+ * Message.c: Clear message channel frames on cleanup
+
+ The message channel is a special channel that doesn't actually process frames.
+ However, certain actions can cause frames to be placed in the channel's read
+ queue including the Hangup application which is called on the channel after
+ each message is processed. Since the channel will continually be reused for
+ many messages, it's necessary to flush these frames at some point.
+
+ ASTERISK-25083 #close
+ Reported by: Jonathan Rose
+
+ Change-Id: Idf18df73ccd8c220be38743335b5c79c2a4c0d0f
+ (cherry picked from commit 02c513058905dae19f28393ea840a47ae4a9e66d)
+
+2015-08-26 05:40 +0000 [059591091a] Joshua Colp <jcolp@digium.com>
+
+ * chan_sip: Allow call pickup to set the hangup cause.
+
+ The call pickup implementation in chan_sip currently sets the channel
+ hangup cause to "normal clearing" if call pickup is successfully
+ performed. This action overwrites the "answered elsewhere" hangup cause
+ set by the call pickup code and can result in the SIP device in
+ question showing a missed call when it should not.
+
+ This change sets the hangup cause to "normal clearing" as a
+ default initially but allows the call pickup to change it as
+ needed.
+
+ ASTERISK-25346 #close
+
+ Change-Id: I00ac2c269cee9e29586ee2c65e83c70e52a02cff
+
+2015-08-12 12:59 +0000 [c11ec74f1d] Kevin Harwell <kharwell@digium.com>
+
+ * chan_sip.c: wrong peer searched in sip_report_security_event
+
+ In chan_sip, after handling an incoming invite a security event is raised
+ describing authorization (success, failure, etc...). However, it was doing
+ a lookup of the peer by extension. This is fine for register messages, but
+ in the case of an invite it may search and find the wrong peer, or a non
+ existent one (for instance, in the case of call pickup). Also, if the peers
+ are configured through realtime this may cause an unnecessary database lookup
+ when caching is enabled.
+
+ This patch makes it so that sip_report_security_event searches by IP address
+ when looking for a peer instead of by extension after an invite is processed.
+
+ ASTERISK-25320 #close
+
+ Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4
+2015-04-15 16:08 +0000 [f7c83499d2] gtjoseph <george.joseph@fairview5.com>
+
+ * More .gitignore updates
+
+ Added .pyc and .sha1 to the top-level .gitignore.
+
+ Change-Id: I7dfc4f554d54d22947b38140d3305007503cc16a
+ Tested-by: George Joseph <george.joseph@fairview5.com>
+
+2015-04-13 19:34 +0000 [3116f0e73b] gtjoseph <george.joseph@fairview5.com>
+
+ * Backport menuselect to 12,11,1.8
+
+ Backport menuselect from 13->12->11->1.8
+
+ Change-Id: I54c4dd2bdacd3c9d858be3acab08706941f2e585
+
+2015-04-13 20:17 +0000 [a10e548a7e] gtjoseph <george.joseph@fairview5.com>
+
+ * .gitignore updates for 11
+
+ Added bootstrap products
+ Added channels/h323/Makefile
+ Added res/pjproject
+
+ Change-Id: I6b3bc56bf7bdaee0554f36fc2ce3a77e9eaf8aa3
+
+2015-04-13 09:54 +0000 [d38f08c744] Matt Jordan <mjordan@digium.com>
+
+ * build_tools/make_version: Update version parsing for Git migration
+
+ External systems - such as the Asterisk Test Suite - require knowledge of the
+ upstream branch. Unfortunately, after moving to Git, the Asterisk version
+ currently consists of only a 'GIT" prefix followed by an object blob,
+ e.g., GIT-as08d7. This makes it difficult for such systems to know what
+ features are available in a particular check out of Asterisk.
+
+ This patch fixes this by hardcoding the branch in a variable in the
+ make_version script. Since the mainline branches are not changed often -
+ typically only once a year - this is a reasonable approach to solving
+ the problem, and is more reliable than parsing the output of 'git branch
+ -vv'. Branches that track off of an upstream primary branch will then get the
+ benefit of knowing which mainline branch they are currently based off
+ of.
+
+ ASTERISK-24954 #close
+
+ Change-Id: I8090d5d548b6d19e917157ed530b914b7eaf9799
+
+2015-04-12 12:59 +0000 [7175c668f1] Matt Jordan <mjordan@digium.com>
+
+ * git migration: Remove support for file versions
+
+ Git does not support the ability to replace a token with a version
+ string during check-in. While it does have support for replacing a
+ token on clone, this is somewhat sub-optimal: the token is replaced
+ with the object hash, which is not particularly easy for human
+ consumption. What's more, in practice, the source file version was often
+ not terribly useful. Generally, when triaging bugs, the overall version
+ of Asterisk is far more useful than an individual SVN version of a file.
+ As a result, this patch removes Asterisk's support for showing source file
+ versions.
+
+ Specifically, it does the following:
+ * main/asterisk:
+ - Refactor the file_version structure to reflect that it no longer
+ tracks a version field.
+ - Alter the "core show file version" CLI command such that it always
+ reports the version of Asterisk. The file version is no longer
+ available.
+
+ * main/manager: The Version key now always reports the Asterisk version.
+
+ * UPGRADE: Add notes for:
+ - Modification to the ModuleCheck AMI Action.
+ - Modification to the CLI "core show file version" command.
+
+ Change-Id: Ia932d3c64cd18a14a3c894109baa657ec0a85d28
+
+2015-04-12 06:12 +0000 [d783053f3d] Corey Farrell <git@cfware.com>
+
+ * main/editline: Add .gitignore.
+
+ This patch adds a .gitignore for main/editline to ignore all build results.
+
+ Change-Id: I68c7bf375ea46282689e5a706534b69fca233b5d
+
+2015-04-11 23:22 +0000 [4d061198cf] Matt Jordan <mjordan@digium.com>
+
+ * .gitignore: Ignore tarballs (*.gz)
+
+ This patch updates the root .gitignore file to ignore files with a .gz
+ extension. This will cause git to ignore downloaded sound tarballs in
+ the the sounds/ directory.
+
+ Change-Id: Ic153642236ea8aee100443b94c563d0318711af3
+
+2015-04-11 13:20 +0000 [eb43a4d989] gtjoseph <george.joseph@fairview5.com>
+
+ * Add .gitignore and .gitreview files
+
+ Add the .gitignore and .gitreview files to the asterisk repo.
+
+ NB: You can add local ignores to the .git/info/exclude file
+ without having to do a commit.
+
+ Common ignore patterns are in the top-level .gitignore file.
+ Subdirectory-specific ignore patterns are in their own .gitignore
+ files.
+
+ Change-Id: I2b7513fc9acf5d432cf9587c25faa9786af14abf
+ Tested-by: George Joseph
+
+2015-04-08 12:15 +0000 [a6a98c7ef1] Maciej Szmigiero <mail@maciej.szmigiero.name> (license 6085)
+
+ * Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
+
+ When registering to a SIP server with TLS, Asterisk will accept CA signed
+ certificates with a common name that was signed for a domain other than the
+ one requested if it contains a null character in the common name portion of
+ the cert. This patch fixes that by checking that the common name length
+ matches the the length of the content we actually read from the common name
+ segment. Some certificate authorities automatically sign CA requests when
+ the requesting CN isn't already taken, so an attacker could potentially
+ register a CN with something like www.google.com\x00www.secretlyevil.net
+ and have their certificate signed and Asterisk would accept that certificate
+ as though it had been for www.google.com - this is a security fix and is
+ noted in AST-2015-003.
+
+ ASTERISK-24847 #close
+ Reported by: Maciej Szmigiero
+ Patches:
+ asterisk-null-in-cn.patch submitted by mhej (license 6085)
+ ........
+
+ Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8
+ ........
+
+ Merged revisions 434338 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@434393 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2015-01-28 15:45 +0000 [d3f4cea69e] Mark Michelson <mmichelson@digium.com>
+
+ * Multiple revisions 431297-431298
+
+ ........
+ r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines
+
+ Mitigate possible HTTP injection attacks using CURL() function in Asterisk.
+
+ CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
+ can be performed given properly-crafted URLs.
+
+ Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
+ get cURL URLs from user input or remote sources, we have made a patch to Asterisk
+ to prevent such HTTP injection attacks from originating from Asterisk.
+
+ ASTERISK-24676 #close
+ Reported by Matt Jordan
+
+ Review: https://reviewboard.asterisk.org/r/4364
+
+ AST-2015-002
+ ........
+ r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines
+
+ Fix compilation error from previous patch.
+ ........
+
+ Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@431330 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-22 14:31 +0000 [c12a800aea] Richard Mudgett <rmudgett@digium.com>
+
+ * queue_log: Post QUEUESTART entry when Asterisk fully boots.
+
+ The QUEUESTART log entry has historically acted like a fully booted event
+ for the queue_log file. When the QUEUESTART entry was posted to the log
+ was broken by the change made by ASTERISK-15863.
+
+ * Made post the QUEUESTART queue_log entry when Asterisk fully boots.
+ This restores the intent of that log entry and happens after realtime has
+ had a chance to load.
+
+ AST-1444 #close
+ Reported by: Denis Martinez
+
+ Review: https://reviewboard.asterisk.org/r/4282/
+ ........
+
+ Merged revisions 430009 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@430029 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-19 14:34 +0000 [b1dd2375a7] Andreas Steinmetz (license 6523)
+
+ * chan_sip: Allow T.38 switch-over when SRTP is in use.
+
+ Previously when SRTP was enabled on a channel it was not possible
+ to switch to T.38 as no crypto attributes would be present.
+
+ This change makes it so it is now possible. If a T.38 re-invite
+ comes in SRTP is terminated since in practice you can't encrypt
+ a UDPTL stream. Now... if we were doing T.38 over RTP (which
+ does exist) then we'd have a chance but almost nobody does that so
+ here we are.
+
+ ASTERISK-24449 #close
+ Reported by: Andreas Steinmetz
+ patches:
+ udptl-ignore-srtp-v2.patch submitted by Andreas Steinmetz (license 6523)
+ ........
+
+ Merged revisions 429632 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429857 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-19 13:58 +0000 [c00dc51636] Matt Jordan <mjordan@digium.com>
+
+ * stun: correct attribute string padding to match rfc
+
+ When sending the USERNAME attribute in an RTP STUN
+ response, the implementation in append_attr_string
+ passed the actual length, instead of padding it up
+ to a multiple of four bytes as required by the RFC
+ 3489. This change adds separate variables for the
+ string and padded attributed lengths, and performs
+ padding correctly.
+
+ Reported by: Thomas Arimont
+ Review: https://reviewboard.asterisk.org/r/4139/
+ ........
+
+ Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429854 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-19 11:41 +0000 [61d40b749d] Richard Mudgett <rmudgett@digium.com>
+
+ * chan_dahdi: Don't ignore setvar when using configuration section scheme.
+
+ When the configuration section scheme of chan_dahdi.conf is used (keyword
+ dahdichan instead of channel) all setvar= options are completely ignored.
+ No variable defined this way appears in the created DAHDI channels.
+
+ * Move the clearing of setvar values to after the deferred processing of
+ dahdichan.
+
+ AST-1378 #close
+ Reported by: Guenther Kelleter
+ Patch by: Guenther Kelleter
+ ........
+
+ Merged revisions 429825 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429831 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-12 18:08 +0000 [d2ac3e5b01] Richard Mudgett <rmudgett@digium.com>
+
+ * DEBUG_THREADS: Fix regression and lock tracking initialization problems.
+
+ This patch started with David Lee's patch at
+ https://reviewboard.asterisk.org/r/2826/ and includes a regression fix
+ introduced by the ASTERISK-22455 patch.
+
+ The initialization of a mutex's lock tracking structure was not protected
+ in a critical section. This is fine for any mutex that is explicitly
+ initialized, but a static mutex may have its lock tracking double
+ initialized if multiple threads attempt the first lock simultaneously.
+
+ * Added a global mutex to properly serialize initialization of the lock
+ tracking structure. The painful global lock can be mitigated by adding a
+ double checked lock flag as discussed on the original review request.
+
+ * Defer lock tracking initialization until first use.
+
+ * Don't be "helpful" and initialize an uninitialized lock when
+ DEBUG_THREADS is enabled. Debug code is not supposed to fix or change
+ normal code behavior. We don't need a lock initialization race that would
+ force a re-setup of lock tracking. Lock tracking already handles
+ initialization on first use.
+
+ * Properly handle allocation failures of the lock tracking structure.
+
+ * No need to initialize tracking data in __ast_pthread_mutex_destroy()
+ just to turn around and destroy it.
+
+
+ The regression introduced by ASTERISK-22455 is the result of manipulating
+ a pthread_mutex_t struct outside of the pthread library code. The
+ pthread_mutex_t struct seems to have a global linked list pointer member
+ that can get changed by other threads. Therefore, saving and restoring
+ the contents of a pthread_mutex_t struct is a bad thing.
+
+ Thanks to Thomas Airmont for finding this obscure regression.
+
+ * Don't overwrite the struct ast_lock_track.reentr_mutex member to restore
+ tracking data in __ast_cond_wait() and __ast_cond_timedwait(). The
+ pthread_mutex_t struct must be treated as a read-only opaque variable.
+
+
+ Miscellaneous other items fixed by this patch:
+
+ * Match ast_suspend_lock_info() with ast_restore_lock_info() in
+ __ast_cond_timedwait().
+
+ * Made some uninitialized lock sanity checks return EINVAL and try a
+ DO_THREAD_CRASH.
+
+ * Fix bad canlog initialization expressions.
+
+ ASTERISK-24614 #close
+ Reported by: Thomas Airmont
+
+ Review: https://reviewboard.asterisk.org/r/4247/
+ Review: https://reviewboard.asterisk.org/r/2826/
+ ........
+
+ Merged revisions 429539 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429544 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-12-10 07:31 +0000 [7a206a0799] Joshua Colp <jcolp@digium.com>
+
+ * res_http_websocket: Fix crash due to double freeing memory when receiving a payload length of zero.
+
+ Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
+ Provided a frame with a payload had been received prior it was possible for a double
+ free to occur. The realloc operation would succeed (thus freeing the payload) but be
+ treated as an error. When the session was then torn down the payload would be
+ freed again causing a crash. The read function now takes this into account.
+
+ This change also fixes assumptions made by users of res_http_websocket. There is no
+ guarantee that a frame received from it will be NULL terminated.
+
+ ASTERISK-24472 #close
+ Reported by: Badalian Vyacheslav
+
+ Review: https://reviewboard.asterisk.org/r/4220/
+ Review: https://reviewboard.asterisk.org/r/4219/
+ ........
+
+ Merged revisions 429270 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429271 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-11-20 10:44 +0000 [ad80a0c4e3] Matt Jordan <mjordan@digium.com> (License #6283)
+
+ * Fix error with mixed address family ACLs.
+
+ Prior to this commit, the address family of the first item in an ACL
+ was used to compare all incoming traffic. This could lead to traffic
+ of other IP address families bypassing ACLs.
+
+ ASTERISK-24469 #close
+
+ Reported by Matt Jordan
+ Patches:
+ ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
+
+ AST-2014-012
+ ........
+
+ Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8
+ ........
+
+ Merged revisions 428417 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428432 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-11-20 10:30 +0000 [009d95c79a] Gareth Palmer (license 5169)
+
+ * AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.
+
+ The DB dialplan function when executed from an external protocol (for instance
+ AMI), could result in a privilege escalation.
+
+ Asterisk now inhibits the DB function from being executed from an external
+ interface if the live_dangerously option is set to no.
+
+ ASTERISK-24534
+ Reported by: Gareth Palmer
+ patches: submitted by Gareth Palmer (license 5169)
+ ........
+
+ Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
+ ........
+
+ Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428397 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-11-20 10:16 +0000 [7d03c1ec5f] Kevin Harwell <kharwell@digium.com>
+
+ * AST-2014-017 - app_confbridge: permission escalation/ class authorization.
+
+ Confbridge dialplan function permission escalation via AMI and inappropriate
+ class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan
+ function when executed from an external protocol (for instance AMI), could
+ result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord”
+ could also be used to execute arbitrary system commands without first checking
+ for system access.
+
+ Asterisk now inhibits the CONFBRIDGE function from being executed from an
+ external interface if the live_dangerously option is set to no. Also, the
+ “ConfbridgeStartRecord” AMI action is now only allowed to execute under a
+ user with system level access.
+
+ ASTERISK-24490
+ Reported by: Gareth Palmer
+ ........
+
+ Merged revisions 428332 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428344 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-11-20 08:23 +0000 [601bdf3dd6] Joshua Colp <jcolp@digium.com>
+
+ * AST-2014-014: Fix race condition where channels may get stuck in ConfBridge under load.
+
+ Under load it was possible for the bridging API, and thus ConfBridge, to get
+ channels that may have hung up stuck in it. This is because handling of state
+ transitions for a bridged channel within a bridge was not protected and simply
+ set the new state without regard to the existing state. If the existing state
+ had been hung up this would get overwritten.
+
+ This change adds locking to protect changing of the state and also
+ takes into consideration the existing state.
+
+ ASTERISK-24440 #close
+ Reported by: Ben Klang
+
+ Review: https://reviewboard.asterisk.org/r/4173/
+ ........
+
+ Merged revisions 428299 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428300 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-10-28 13:08 +0000 [ab694992b4] Malcolm Davenport <malcolmd@digium.com>
+
+ * ASTERISK-23512, correct inaccurate comment in manager.conf.sample
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426457 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-10-28 09:56 +0000 [1cfc97ae0e] Malcolm Davenport <malcolmd@digium.com>
+
+ * ASTERISK-24323, fix bug in documentation of AGI STREAM FILE CONTROL
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426360 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2014-10-28 08:12 +0000 [2d7a0360b2] Malcolm Davenport <malcolmd@digium.com>
+
+ * ASTERISK-24419, fix incorrect syntax for setting language in extensions.conf.sample
+
+ git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426292 65c4cc65-6c06-0410-ace0-fbb531ad65f3
+
+2015-04-08 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert11 Released.
+
+ * Mitigate MitM attack potential from certificate with NULL byte in CN.
+
+ When registering to a SIP server with TLS, Asterisk will accept CA
+ signed certificates with a common name that was signed for a domain
+ other than the one requested if it contains a null character in the
+ common name portion of the cert. This patch fixes that by checking
+ that the common name length matches the the length of the content we
+ actually read from the common name segment. Some certificate
+ authorities automatically sign CA requests when the requesting CN
+ isn't already taken, so an attacker could potentially register a CN
+ with something like www.google.com\x00www.secretlyevil.net and have
+ their certificate signed and Asterisk would accept that certificate
+ as though it had been for www.google.com.
+
+ ASTERISK-24847 #close
+ Reported by: Maciej Szmigiero
+ patches:
+ asterisk-null-in-cn.patch uploaded by mhej (license 6085)
+
+ AST-2015-003
+
+2015-01-28 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert10 Released.
+
+ * Mitigate possible HTTP injection attacks using CURL() function in
+ Asterisk.
+
+ CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request
+ injection can be performed given properly-crafted URLs.
+
+ Since Asterisk makes use of libcURL, and it is possible that users of
+ Asterisk may get cURL URLs from user input or remote sources, we have
+ made a patch to Asterisk to prevent such HTTP injection attacks from
+ originating from Asterisk.
+
+ ASTERISK-24676 #close
+ Reported by: Matt Jordan, Olle Johansson
+
+ Review: https://reviewboard.asterisk.org/r/4364
+
+ AST-2015-002
+
+2014-12-10 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert9 Released.
+
+ * AST-2014-019: Fix crash when receiving a WebSocket packet with a
+ payload length of zero.
+
+ Frames with a payload length of 0 were incorrectly handled in
+ res_http_websocket. Provided a frame with a payload had been
+ received prior it was possible for a double free to occur. The
+ realloc operation would succeed (thus freeing the payload) but be
+ treated as an error. When the session was then torn down the payload
+ would be freed again causing a crash. The read function now takes
+ this into account.
+
+ This change also fixes assumptions made by users of
+ res_http_websocket. There is no guarantee that a frame received from
+ it will be NULL terminated.
+
+ ASTERISK-24472 #close
+ Reported by: Badalian Vyacheslav
+
+2014-11-20 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert8 Released.
+
+ * AST-2014-012: Fix error with mixed address family ACLs.
+
+ Prior to this commit, the address family of the first item in an ACL
+ was used to compare all incoming traffic. This could lead to traffic
+ of other IP address families bypassing ACLs.
+
+ ASTERISK-24469 #close
+ Reported by Matt Jordan
+
+ * AST-2014-014: Fix race condition where channels may get stuck in
+ ConfBridge under load.
+
+ Under load it was possible for the bridging API, and thus ConfBridge,
+ to get channels that may have hung up stuck in it. This is because
+ handling of state transitions for a bridged channel within a bridge
+ was not protected and simply set the new state without regard to the
+ existing state. If the existing state had been hung up this would get
+ overwritten.
+
+ This change adds locking to protect changing of the state and also
+ takes into consideration the existing state.
+
+ ASTERISK-24440 #close
+ Reported by: Ben Klang
+
+ * AST-2014-017 - app_confbridge: permission escalation/ class
+ authorization.
+
+ Confbridge dialplan function permission escalation via AMI and
+ inappropriate class authorization on the ConfbridgeStartRecord action.
+ The CONFBRIDGE dialplan function when executed from an external
+ protocol (for instance AMI), could result in a privilege escalation.
+ Also, the AMI action “ConfbridgeStartRecord” could also be used to
+ execute arbitrary system commands without first checking for system
+ access.
+
+ Asterisk now inhibits the CONFBRIDGE function from being executed
+ from an external interface if the live_dangerously option is set to
+ no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed
+ to execute under a user with system level access.
+
+ ASTERISK-24490
+ Reported by: Gareth Palmer
+
+ * AST-2014-018 - func_db: DB Dialplan function permission escalation
+ via AMI.
+
+ The DB dialplan function when executed from an external protocol
+ (for instance AMI), could result in a privilege escalation.
+
+ Asterisk now inhibits the DB function from being executed from an
+ external interface if the live_dangerously option is set to no.
+
+ ASTERISK-24534
+ Reported by: Gareth Palmer
+ patches: submitted by Gareth Palmer (license 5169)
+
+2014-10-20 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert7 Released.
+
+ * AST-2014-011: Fix POODLE security issues
+
+ There are two aspects to the vulnerability:
+ (1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module
+ to use TLSv1+. At this time, it does not refactor res_jabber/
+ res_xmpp to use the TCP/TLS core, which should be done as an
+ improvement at a latter date.
+ (2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left
+ unspecified, will default to the OpenSSL SSLv23_method. This
+ method allows for all encryption methods, including SSLv2/SSLv3.
+ A MITM can exploit this by forcing a fallback to SSLv3, which
+ leaves the server vulnerable to POODLE. This patch adds WARNINGS
+ if a user uses SSLv2/SSLv3 in their configuration, and explicitly
+ disables SSLv2/SSLv3 if using SSLv23_method.
+
+ For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or
+ SSLv3 is explicitly chosen. For TLS servers, Asterisk will no longer
+ support SSLv2 or SSLv3.
+
+ Much thanks to abelbeck for reporting the vulnerability and providing
+ a patch for the res_jabber/res_xmpp modules.
+
+2014-09-18 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert6 Released.
+
+ * AST-2014-010: Resolve crash when the Message channel technology
+ enters into the ReceiveFax application using res_fax_spandsp
+
+ If faxing fails at a very early stage, then it is possible for
+ us to pass a NULL t30 state pointer to spandsp, which spandsp
+ is none too pleased with.
+
+ This patch ensures that we pass the correct pointer to spandsp
+ in the situation where we have not yet set our local t30 state
+ pointer.
+
+ An advisory was made for this issue due to the likelihood of
+ it occurring in some Asterisk configurations.
+
+ ASTERISK-24301 #close
+ Reported by Matt Jordan, Philippe Lindheimer
+
+2014-09-05 Asterisk Development Team <asteriskteam@digium.com>
+
+ * Certified Asterisk 11.6-cert5 Released.
+
+2014-08-17 01:54 +0000 [r421209] Kinsey Moore <kmoore@digium.com>
+
+ * res/res_snmp.c, apps/app_dictate.c, apps/app_test.c,
+ apps/app_ices.c, res/res_http_websocket.c, cdr/cdr_radius.c,
+ build_tools/cflags.xml, funcs/func_pitchshift.c,
+ apps/app_osplookup.c, funcs/func_frame_trace.c,
+ channels/console_gui.c, apps/app_mp3.c, pbx/pbx_ael.c,
+ channels/console_board.c, formats/format_jpeg.c,
+ channels/chan_mgcp.c, res/res_config_pgsql.c, cel/cel_tds.c,
+ apps/app_dahdiras.c, res/res_ael_share.c, apps/app_talkdetect.c,
+ utils/conf2ael.c, channels/chan_jingle.c, channels/chan_misdn.c,
+ formats/format_vox.c, res/res_timing_pthread.c,
+ res/res_corosync.c, cel/cel_sqlite3_custom.c, apps/app_sms.c,
+ apps/app_zapateller.c, res/res_fax_spandsp.c,
+ res/res_timing_kqueue.c, utils/check_expr.c,
+ channels/chan_unistim.c, build_tools/cflags-devmode.xml,
+ utils/muted.c, cdr/cdr_sqlite3_custom.c, res/res_phoneprov.c,
+ channels/console_video.c, apps/app_alarmreceiver.c,
+ apps/app_chanisavail.c, apps/app_image.c, channels/chan_gtalk.c,
+ cdr/cdr_pgsql.c, res/res_config_sqlite.c, res/res_pktccops.c,
+ cdr/cdr_csv.c, utils/stereorize.c, channels/chan_phone.c,
+ channels/chan_skinny.c, build_tools/embed_modules.xml,
+ apps/app_minivm.c, pbx/pbx_realtime.c, apps/app_amd.c,
+ channels/chan_alsa.c, apps/app_url.c, apps/app_externalivr.c,
+ cdr/cdr_odbc.c, res/res_config_ldap.c, apps/app_jack.c,
+ apps/app_adsiprog.c, utils/refcounter.c, apps/app_nbscat.c,
+ apps/app_festival.c, apps/app_waitforsilence.c, utils/astman.c,
+ apps/app_morsecode.c, utils/smsq.c, pbx/pbx_lua.c,
+ channels/chan_console.c, apps/app_getcpeid.c,
+ channels/chan_oss.c, cdr/cdr_tds.c, apps/app_waitforring.c,
+ pbx/pbx_dundi.c, utils/ael_main.c, utils/extconf.c,
+ channels/chan_nbs.c, utils/streamplayer.c, cel/cel_pgsql.c,
+ cel/cel_radius.c: Add missing commit from 11.2-cert This disables
+ building by default for all extended modules for Certified
+ Asterisk 11.6. This commit was missed from 11.2-cert when
+ creating the 11.6-cert branch. ASTERISK-24104 #close Reported by:
+ Rusty Newton
+
+2014-08-08 17:18 +0000 [r420559] Richard Mudgett <rmudgett@digium.com>
+
+ * /, channels/chan_sip.c: chan_sip: Replace sip_tls_read() and
+ resolve the large SDP poll issue. Replace sip_tls_read() and
+ sip_tcp_read() with a single function and resolve the poll/wait
+ issue with large SDP payloads. ASTERISK-18345 #close Reported by:
+ Stephane Chazelas Patches: tcptls_pollv4.diff (license #5835)
+ patch uploaded by Elazar Broad Review:
+ https://reviewboard.asterisk.org/r/3882/ ........ Merged
+ revisions 420434 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 420435 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-07-25 23:27 +0000 [r419662] Richard Mudgett <rmudgett@digium.com>
+
+ * main/features.c, /: features.c: Allow appliationmap to use Gosub.
+ Using DYNAMIC_FEATURES with a Gosub application as the mapped
+ application does not work. It does not work because Gosub just
+ pushes the current dialplan context, exten, and priority onto a
+ stack and sets the specified Gosub location. Gosub does not have
+ a dialplan execution loop to run dialplan like Macro. * Made the
+ DYNAMIC_FEATURES application mapping feature call
+ ast_app_exec_macro() and ast_app_exec_sub() for the Macro and
+ Gosub applications respectively. * Backported
+ ast_app_exec_macro() and ast_app_exec_sub() from v11 to execute
+ dialplan routines from the DYNAMIC_FEATURES application mapping
+ feature. NOTE: This issue does not affect v12+ because it already
+ does what this patch implements. AST-1391 #close Reported by:
+ Guenther Kelleter Review:
+ https://reviewboard.asterisk.org/r/3844/ ........ Merged
+ revisions 419630 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 419631 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-07-23 14:34 +0000 [r419308] Scott Griepentrog <sgriepentrog@digium.com>
+
+ * /, apps/app_voicemail.c: app_voicemail: use a consistent
+ generator string When updating voicemail.conf when a user changes
+ their pin, change the generator string to be the same as the
+ module name when reading so that the same config_hook will be
+ called. Review: https://reviewboard.asterisk.org/r/3837/ ........
+ Merged revisions 419284 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-07-11 16:39 +0000 [r418368] Scott Griepentrog <sgriepentrog@digium.com>
+
+ * /, main/config.c: config: inform config hook of change when
+ writing file When updated configuration is written back to the
+ conf file - for example when a user changes their voicemail pin,
+ make sure that any config hook that wants to know of changes is
+ informed. Review: https://reviewboard.asterisk.org/r/3708/
+ ........ Merged revisions 418366 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-07-01 15:37 +0000 [r417724] Joshua Colp <jcolp@digium.com>
+
+ * res/res_rtp_asterisk.c, main/rtp_engine.c, /,
+ channels/chan_sip.c, UPGRADE.txt, configs/sip.conf.sample,
+ include/asterisk/rtp_engine.h, channels/sip/include/sip.h:
+ Multiple revisions
+ 402345,405234,409129-409130,409565,413008,417141,417677 ........
+ r402345 | kmoore | 2013-11-01 05:31:49 -0700 (Fri, 01 Nov 2013) |
+ 11 lines chan_sip: Fix RTCP port for SRFLX ICE candidates This
+ corrects one-way audio between Asterisk and Chrome/jssip as a
+ result of Asterisk inserting the incorrect RTCP port into RTCP
+ SRFLX ICE candidates. This also exposes an ICE component
+ enumeration to extract further details from candidates. (closes
+ issue ASTERISK-21383) Reported by: Shaun Clark Review:
+ https://reviewboard.asterisk.org/r/2967/ ........ r405234 |
+ kharwell | 2014-01-09 08:49:55 -0800 (Thu, 09 Jan 2014) | 19
+ lines res_rtp_asterisk: Fails to resume WebRTC call from hold In
+ ast_rtp_ice_start if the ice session create check list failed,
+ start check was never initiated and ice_started was never set to
+ true. Upon re-entering the function (for instance, [un]hold) it
+ would try to create the check list again with duplicate remote
+ candidates. Fixed so that if the create check list fails the
+ necessary data structures are properly re-initialized for any
+ subsequent retries. Note, it was decided to not stop ice support
+ (by calling ast_rtp_ice_stop) on a check list failure because it
+ possible things might still work. However, a debug message was
+ added to help with any future troubleshooting. (closes issue
+ ASTERISK-22911) Reported by: Vytis Valentinavičius Patches:
+ works_on_my_machine.patch uploaded by xytis (license 6558)
+ ........ r409129 | jrose | 2014-02-27 11:19:02 -0800 (Thu, 27 Feb
+ 2014) | 15 lines res_rtp_asterisk: Fix checklist creating
+ problems in ICE sessions Prior to this patch, local candidate
+ lists including SRFLX would fail to start properly when building
+ ICE candidate check lists. This patch fixes that problem by
+ making sure that each SRFLX candidate is associated with the
+ proper base address so that the check list can create matches
+ properly. This patch was written by jcolp. The issue will be left
+ open to await testing by the issue participants. (issue
+ ASTERISK-23213) Reported by: Andrea Suisani Review:
+ https://reviewboard.asterisk.org/r/3256/ ........ r409130 | jrose
+ | 2014-02-27 11:38:10 -0800 (Thu, 27 Feb 2014) | 8 lines
+ res_rtp_asterisk: correct build error from r409129 Accidentally
+ placed a declaration below functional code (issue ASTERISK-23213)
+ Reported by: Andrea Suisani Review:
+ https://reviewboard.asterisk.org/r/3256/ ........ r409565 | jrose
+ | 2014-03-04 08:40:39 -0800 (Tue, 04 Mar 2014) | 9 lines
+ res_rtp_asterisk: Fix one way audio problems with hold/unhold
+ when using ICE ICE sessions will now be restarted if sessions are
+ changed to use new sets of remote candidates. (closes issue
+ ASTERISK-22911) Reported by: Vytis Valentinavičius Review:
+ https://reviewboard.asterisk.org/r/3275/ ........ r413008 |
+ mjordan | 2014-04-25 10:47:21 -0700 (Fri, 25 Apr 2014) | 14 lines
+ res_rtp_asterisk: Add support for DTLS handshake retransmissions
+ On congested networks, it is possible for the DTLS handshake
+ messages to get lost. This patch adds a timer to res_rtp_asterisk
+ that will periodically check to see if the handshake has
+ succeeded. If not, it will retransmit the DTLS handshake. Review:
+ https://reviewboard.asterisk.org/r/3337 ASTERISK-23649 #close
+ Reported by: Nitesh Bansal patches: dtls_retransmission.patch
+ uploaded by Nitesh Bansal (License 6418) ........ r417141 | file
+ | 2014-06-23 11:49:14 -0700 (Mon, 23 Jun 2014) | 5 lines
+ res_rtp_asterisk: Return the length of data written when sending
+ via ICE instead of 0. ASTERISK-23834 #close Reported by: Richard
+ Kenner ........ r417677 | file | 2014-06-30 12:42:18 -0700 (Mon,
+ 30 Jun 2014) | 12 lines res_rtp_asterisk: Add SHA-256 support for
+ DTLS and perform DTLS negotiation on RTCP. This change fixes up
+ DTLS support in res_rtp_asterisk so it can accept and provide a
+ SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after
+ ICE negotiation completes. Configuration options to chan_sip have
+ also been added to allow behavior to be tweaked (such as forcing
+ the AVP type media transports in SDP). ASTERISK-22961 #close
+ Reported by: Jay Jideliov Review:
+ https://reviewboard.asterisk.org/r/3679/ ........ Merged
+ revisions 402345,405234,409129-409130,409565,413008,417141,417677
+ from http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-06-13 05:29 +0000 [r415977-416106] Richard Mudgett <rmudgett@digium.com>
+
+ * main/tcptls.c, main/manager.c, /, channels/chan_sip.c,
+ main/http.c, include/asterisk/tcptls.h: AST-2014-007: Fix of fix
+ to allow AMI and SIP TCP to send messages. ASTERISK-23673 #close
+ Reported by: Richard Mudgett Review:
+ https://reviewboard.asterisk.org/r/3617/ ........ Merged
+ revisions 416066 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 416067 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+ * main/http.c, UPGRADE.txt, main/utils.c,
+ include/asterisk/tcptls.h, res/res_http_websocket.c,
+ configs/http.conf.sample, include/asterisk/utils.h,
+ main/tcptls.c, main/manager.c, /, channels/chan_sip.c:
+ AST-2014-007: Fix DOS by consuming the number of allowed HTTP
+ connections. Simply establishing a TCP connection and never
+ sending anything to the configured HTTP port in http.conf will
+ tie up a HTTP connection. Since there is a maximum number of open
+ HTTP sessions allowed at a time you can block legitimate
+ connections. A similar problem exists if a HTTP request is
+ started but never finished. * Added http.conf session_inactivity
+ timer option to close HTTP connections that aren't doing
+ anything. Defaults to 30000 ms. * Removed the undocumented
+ manager.conf block-sockets option. It interferes with TCP/TLS
+ inactivity timeouts. * AMI and SIP TLS connections now have
+ better authentication timeout protection. Though I didn't remove
+ the bizzare TLS timeout polling code from chan_sip. * chan_sip
+ can now handle SSL certificate renegotiations in the middle of a
+ session. It couldn't do that before because the socket was
+ non-blocking and the SSL calls were not restarted as documented
+ by the OpenSSL documentation. * Fixed an off nominal leak of the
+ ssl struct in handle_tcptls_connection() if the FILE stream
+ failed to open and the SSL certificate negotiations failed. The
+ patch creates a custom FILE stream handler to give the created
+ FILE streams inactivity timeout and timeout after a specific
+ moment in time capability. This approach eliminates the need for
+ code using the FILE stream to be redesigned to deal with the
+ timeouts. This patch indirectly fixes most of ASTERISK-18345 by
+ fixing the usage of the SSL_read/SSL_write operations.
+ ASTERISK-23673 #close Reported by: Richard Mudgett ........
+ Merged revisions 415841 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 415854 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-06-12 16:27 +0000 [r415867] Scott Griepentrog <sgriepentrog@digium.com>
+
+ * /, apps/app_queue.c: app_queue: delayed state can cause early
+ leavewhenempty ringing In app_queue, device state changes arrive
+ in event messages and update the queue member status value. That
+ value is checked in get_member_status() to decide that the caller
+ should leave when there are no available members. Although event
+ messages can be delayed by other activity, there is no adverse
+ affect by lagged status except in one specific case: there is
+ only one available member, it was just rung, and leavewhenempty
+ is enabled set for ringing members. This change adds a direct
+ check of the device state only under this condition where the
+ caller may be dropped incorrectly, resolving this issue without
+ affecting performance of app_queue normally. AST-1248 #close
+ Review: https://reviewboard.asterisk.org/r/3595/ Reported by:
+ Thomas Arimont ........ Merged revisions 415833 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8
+
+2014-06-12 16:06 +0000 [r415842] Jonathan Rose <jrose@digium.com>
+
+ * /, UPGRADE.txt, apps/app_mixmonitor.c: MixMonitor: Add class
+ authorization requirements to MixMonitor AMI commands MixMonitor
+ AMI commands StartMixMonitor and StopMixMonitor lacked class
+ authorization. StopMixMonitor now requires that the manager user
+ either have the call or system class authorization.
+ StartMixMonitor is a slightly larger issue since it can execute
+ shell commands if the right arguments are passed into it, and we
+ consider this a permission escalation. A security release will be
+ issued for problem this shortly. ASTERISK-23609 #close Reported
+ by: Corey Farrell ........ Merged revisions 415837 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-05-13 00:48 +0000 [r413773] Richard Mudgett <rmudgett@digium.com>
+
+ * /, configure, include/asterisk/autoconfig.h.in, configure.ac,
+ channels/sig_pri.c: chan_dahdi/sig_pri: Prevent unnecessary
+ PROGRESS events when overlap dialing is enabled. When overlap
+ dialing is enabled, the lack of inband audio available
+ information in the SETUP_ACKNOWLEDGE events causes an
+ interoperability problem with SIP. sig_pri doesn't know if there
+ is dialtone present when a SETUP_ACKNOWLEDGE is received so it
+ assumes it is there and posts an AST_CONTROL_PROGRESS frame. The
+ SIP channel driver then sends out a 183 Session Progress and
+ blocks the desired 180 Ringing message when the ALERTING message
+ comes in. * Made the configure script detect if the installed
+ version of libpri supports the SETUP_ACKNOWLEDGE enhancements. *
+ Using the new API, made generate an AST_CONTROL_PROGRESS frame on
+ an incoming SETUP_ACKNOWLEDGE message when the message indicates
+ inband audio is present instead of assuming that dialtone is
+ present. * Using the new API, made SETUP_ACKNOWLEDGE send out an
+ inband audio available indication only if dialtone is expected.
+ The change also makes the fallback behaviour of sending the
+ PROGRESS message better by sending it only if dialtone is
+ expected. * Changed receiving a PROCEEDING message to not
+ generate an AST_CONTROL_PROGRESS frame if the progress indication
+ ie indicates non-end-to-end-ISDN. This helps interoperability
+ with SIP. * Changed sending a PROCEEDING message in response to
+ an AST_CONTROL_PROCEEDING frame to not indicate inband audio
+ available. It was silly to do so anyway because the channel
+ driver doesn't know if inband audio is even available. This helps
+ interoperability with SIP. This patch and a corresponding change
+ in libpri work together to allow Asterisk to control the inband
+ audio available progress indication ie on the SETUP_ACKNOWLEDGE
+ message when dialtone is present. AST-1338 #close Reported by:
+ Tyler Stewart Review: https://reviewboard.asterisk.org/r/3521/
+ ........ Merged revisions 413714 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 413765 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-04-11 17:27 +0000 [r412212] Kevin Harwell <kharwell@digium.com>
+
+ * main/asterisk.c, /: asterisk.c: suppress live_dangerously warning
+ on rasterisk Even since the fixes of AST-2013-007, Asterisk
+ prints the following warning on startup if the user decided to
+ live dangerously: Privilege escalation protection disabled! See
+ https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. This
+ message is intended for the logs and interactive startup. No need
+ for it to appear on a remote console. This commit removes it from
+ there. (closes issue ASTERISK-23084) Review:
+ https://reviewboard.asterisk.org/r/3101/ ........ Merged
+ revisions 404861 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 404888 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-03-10 17:34 +0000 [r410429] Richard Mudgett <rmudgett@digium.com>
+
+ * /, main/http.c: AST-2014-001: Stack overflow in HTTP processing
+ of Cookie headers. Sending a HTTP request that is handled by
+ Asterisk with a large number of Cookie headers could overflow the
+ stack. Another vulnerability along similar lines is any HTTP
+ request with a ridiculous number of headers in the request could
+ exhaust system memory. (closes issue ASTERISK-23340) Reported by:
+ Lucas Molas, researcher at Programa STIC, Fundacion; and Dr.
+ Manuel Sadosky, Buenos Aires, Argentina ........ Merged revisions
+ 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
+ ........ Merged revisions 410381 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-03-10 14:04 +0000 [r410359] Kinsey Moore <kmoore@digium.com>
+
+ * /, channels/chan_sip.c: AST-2014-002: chan_sip: Exit early on bad
+ session timers request This change allows chan_sip to avoid
+ creation of the channel and consumption of associated file
+ descriptors altogether if the inbound request is going to be
+ rejected anyway. (closes issue ASTERISK-23373) Reported by: Corey
+ Farrell Patches: chan_sip-earlier-st-1.8.patch uploaded by Corey
+ Farrell (license 5909) chan_sip-earlier-st-11.patch uploaded by
+ Corey Farrell (license 5909) ........ Merged revisions 410308
+ from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........
+ Merged revisions 410311 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-02-19 19:17 +0000 [r408392] Richard Mudgett <rmudgett@digium.com>
+
+ * main/config.c, /: config: Add file size and nanosecond resolution
+ fields to the cached modified config file information. Repeatedly
+ modifying config files and reloading too fast sometimes fails to
+ reload the configuration because the cached modification
+ timestamp has one second resolution. * Added file size and
+ nanosecond resolution fields to the cached config file
+ modification timestamp information. Now if the file size changes
+ or the file system supports nanosecond resolution the modified
+ file has a better chance of being detected for reload. * Added a
+ missing unlock in an off-nominal code path. (closes issue
+ AST-1303) Review: https://reviewboard.asterisk.org/r/3235/
+ ........ Merged revisions 408387 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 408388 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-02-07 19:30 +0000 [r407746] Richard Mudgett <rmudgett@digium.com>
+
+ * channels/chan_iax2.c, include/asterisk/frame.h,
+ configs/iax.conf.sample, /: chan_iax2: Block unnecessary control
+ frames to/from the wire. Establishing an IAX2 call between
+ Asterisk v1.4 and v1.8 (or later) results in an unexpected call
+ disconnect. The problem happens because newer values in the enum
+ ast_control_frame_type are not consistent between the branch
+ versions of Asterisk. For example: 1) v1.4 calls v1.8 (or later)
+ using IAX2 2) v1.8 answers and sends a connected line update
+ control frame. (on v1.8 AST_CONTROL_CONNECTED_LINE = 22) 3) v1.4
+ receives the control frame as an end-of-q (on v1.4
+ AST_CONTROL_END_OF_Q = 22) 4) v1.4 disconnects the call once the
+ receive queue becomes empty. Several things are done by this
+ patch to fix the problem and attempt to prevent it from happening
+ again in the future: * Added a warning at the definition of enum
+ ast_control_frame_type about how to add new control frame values.
+ * Made block sending and receiving control frames that have no
+ reason to go over the wire. * Extended the connectedline iax.conf
+ parameter to also include the redirecting information updates. *
+ Updated the connectedline iax.conf parameter documentation to
+ include a notice that the parameter must be "no" when the peer is
+ an Asterisk v1.4 instance. (closes issue AST-1302) Review:
+ https://reviewboard.asterisk.org/r/3174/ ........ Merged
+ revisions 407678 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 407727 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-01-25 00:13 +0000 [r406358-406469] Richard Mudgett <rmudgett@digium.com>
+
+ * /, main/cel.c: CEL: Protect data structures during reload and
+ shutdown. The CEL data structures need to be protected during a
+ configuration reload and shutdown. Asterisk crashed during a
+ shutdown because CEL events were still in flight and the CEL data
+ structures were already destroyed. * Protected the appset and
+ linkedids ao2 containers using the reload_lock. As a result
+ appset, linkedids, and held objects don't need a lock. * Added
+ NULL checks before use of the appset and linkedids ao2 containers
+ in case the CEL module is already shutdown. * Fixed overloading
+ of the linkedids held objects reference count. During shutdown
+ any held objects would be leaked. * Fixed memory leak of
+ linkedids held objects if the LINKEDID_END is not being tracked.
+ The objects in the linkedids container were not removed if the
+ LINKEDID_END event is not used. * Added access protection to the
+ appset container during the CLI "cel show status" command. * Made
+ CEL config reload not set defaults if the cel.conf file is
+ invalid. (closes issue AST-1253) Reported by: Guenther Kelleter
+ Review: https://reviewboard.asterisk.org/r/3127/ ........ Merged
+ revisions 406417 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 406418 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+ * main/manager.c, /: manager: Protect data structures during
+ shutdown. Occasionally, the manager module would get an
+ "INTERNAL_OBJ: bad magic number" error on a "core restart
+ gracefully" command if an AMI connection is established. * Added
+ ao2_global_obj protection to the sessions global container. *
+ Fixed the order of unreferencing a session object in
+ session_destroy(). * Removed unnecessary container traversals of
+ the white/black filters during session_destructor(). (closes
+ issue AST-1242) Reported by: Guenther Kelleter Review:
+ https://reviewboard.asterisk.org/r/3144/ ........ Merged
+ revisions 406341 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-01-15 15:27 +0000 [r405536-405578] Matthew Jordan <mjordan@digium.com>
+
+ * main/pbx.c, /: pbx.c: put copy of ast_exten.data on stack to
+ prevent memory corruption During dialplan execution in
+ pbx_extension_helper(), the contexts global read lock prevents
+ link list corruption, but was released with a pointer to the
+ ast_exten and data later used in variable substitution. Instead,
+ this patch removes pbx_substitute_variables() and locates a copy
+ of the ast_exten data on the stack before releasing the lock,
+ where ast_exten could get free'd by another thread performing a
+ module reload. (issue AST-1179) Reported by: Thomas Arimont
+ (issue AST-1246) Reported by: Alexander Hömig Review:
+ https://reviewboard.asterisk.org/r/3055/ ........ Merged
+ revisions 403862 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 403863 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+ * /, channels/chan_sip.c: chan_sip: Hangup transferer/transferee
+ when transfer to Parking fails When performing a SIP transfer to
+ a Park extension, if the Park fails, chan_sip will currently not
+ hang up either the transferer or the transfer target. This
+ results in the channels being orphaned with no thread to service
+ frames, resulting in stuck channels. This patch immediately hangs
+ up the two channels if a Park fails. (closes issue
+ ASTERISK-22834) Reported by: rsw686 Tested by: rsw686 (closes
+ issue ASTERISK-23047) Reported by: Tommy Thompson Tested by:
+ Tommy Thomspon Review: https://reviewboard.asterisk.org/r/3107
+ ........ Merged revisions 405380 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-01-14 18:50 +0000 [r405488] Richard Mudgett <rmudgett@digium.com>
+
+ * apps/app_verbose.c, main/asterisk.c, configs/logger.conf.sample,
+ main/cli.c, include/asterisk/logger.h, main/pbx.c,
+ main/manager.c, /, funcs/func_timeout.c, apps/app_dumpchan.c,
+ main/logger.c, UPGRADE.txt: verbosity: Fix performance of console
+ verbose messages. The per console verbose level feature as
+ previously implemented caused a large performance penalty. The
+ fix required some minor incompatibilities if the new rasterisk is
+ used to connect to an earlier version. If the new rasterisk
+ connects to an older Asterisk version then the root console
+ verbose level is always affected by the "core set verbose"
+ command of the remote console even though it may appear to only
+ affect the current console. If an older version of rasterisk
+ connects to the new version then the "core set verbose" command
+ will have no effect. * Fixed the verbose performance by not
+ generating a verbose message if nothing is going to use it and
+ then filtered any generated verbose messages before actually
+ sending them to the remote consoles. * Split the "core set debug"
+ and "core set verbose" CLI commands to remove the per module
+ verbose support that cannot work with the per console verbose
+ level. * Added a silent option to the "core set verbose" command.
+ * Fixed "core set debug off" tab completion. * Made "core show
+ settings" list the current console verbosity in addition to the
+ root console verbosity. * Changed the default verbose level of
+ the 'verbose' setting in the logger.conf [logfiles] section. The
+ default is now to once again follow the current root console
+ level. As a result, using the AMI Command action with "core set
+ verbose" could again set the root console verbose level and
+ affect the verbose level logged. (closes issue AST-1252) Reported
+ by: Guenther Kelleter Review:
+ https://reviewboard.asterisk.org/r/3114/ ........ Merged
+ revisions 405431 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2014-01-09 16:34 +0000 [r405233] Matthew Jordan <mjordan@digium.com>
+
+ * /, apps/app_confbridge.c,
+ apps/confbridge/conf_state_multi_marked.c: app_confbridge: Fix
+ crash caused when waitmarked/marked users leave together When
+ waitmarked users join a ConfBridge, the conference state is
+ transitioned from EMPTY -> INACTIVE. In this state, the users are
+ maintined in a waiting users list. When a marked user joins, the
+ ConfBridge conference transitions from INACTIVE -> MULTI_MARKED,
+ and all users are put onto the active list of users. This process
+ works correctly. When the marked user leaves, if they are the
+ last marked user, the MULTI_MARKED state does the following: (1)
+ It plays back a message to the bridge stating that the leader has
+ left the conference. This requires an unlocking of the bridge.
+ (2) It moves waitmarked users back to the waiting list (3) It
+ transitions to the appropriate state: in this case, INACTIVE
+ However, because it plays the prompt back to the bridge before
+ moving the users and before finishing the state transition, this
+ creates a race condition: with the bridge unlocked, waitmarked
+ users who leave the conference (or are kicked from it) can cause
+ a state transition of the bridge to another state before the
+ conference is transitioned to the INACTIVE state. This causes the
+ state machine to get a bit wonky, often leading to a crash when
+ the MULTI_MARKED state attempts to conclude its processing. This
+ patch fixes this problem: (1) It prevents kicked users from being
+ kicked again. That's just a nicety. (2) More importantly, it
+ fixes the race condition by only playing the prompt once the
+ state has transitioned correctly to INACTIVE. If waitmarked users
+ sneak out during the prompt being played, no harm no foul.
+ Review: https://reviewboard.asterisk.org/r/3108/ (closes issue
+ AST-1258) Reported by: Steve Pitts ........ Merged revisions
+ 405215 from http://svn.asterisk.org/svn/asterisk/branches/11
+
+2013-12-19 16:38 +0000 [r404349] Scott Griepentrog <sgriepentrog@digium.com>
+
+ * main/db.c, /: astdb: crash in sqlite3 during shutdown When
+ Asterisk is shut down, the astdb_atexit() function releases
+ (finalize) the previously initiated (prepared) SQL statements in
+ sqlite3. Another thread making a subsequent request can cause a
+ crash in sqlite3. This patch eliminates that issue by resetting
+ the statement pointer after it is released/cleared. The sqlite3
+ code detects the null pointer, and aborts the operation cleanly.
+ (closes issue AST-1265) Reported by: Alexander Hömig (closes
+ issue ASTERISK-22350) Reported by: Birger "WIMPy" Harzenetter
+ Review: https://reviewboard.asterisk.org/r/3078/ ........ Merged
+ revisions 404344 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2013-12-16 17:29 +0000 [r403956] David M. Lee <dlee@digium.com>
+
+ * funcs/func_realtime.c, main/pbx.c, main/tcptls.c,
+ funcs/func_db.c, /, README-SERIOUSLY.bestpractices.txt,
+ configs/asterisk.conf.sample, funcs/func_shell.c,
+ funcs/func_env.c, funcs/func_lock.c, UPGRADE.txt,
+ include/asterisk/pbx.h, main/asterisk.c: security: Inhibit
+ execution of privilege escalating functions This patch allows
+ individual dialplan functions to be marked as 'dangerous', to
+ inhibit their execution from external sources. A 'dangerous'
+ function is one which results in a privilege escalation. For
+ example, if one were to read the channel variable SHELL(rm -rf /)
+ Bad Things(TM) could happen; even if the external source has only
+ read permissions. Execution from external sources may be enabled
+ by setting 'live_dangerously' to 'yes' in the [options] section
+ of asterisk.conf. Although doing so is not recommended. (closes
+ issue ASTERISK-22905) Review:
+ http://reviewboard.digium.internal/r/432/ ........ Merged
+ revisions 403913 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 403917 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2013-12-16 15:38 +0000 [r403860] Scott Griepentrog <sgriepentrog@digium.com>
+
+ * apps/app_sms.c: app_sms: BufferOverflow when receiving odd length
+ 16 bit message This patch prevents an infinite loop overwriting
+ memory when a message is received into the unpacksms16()
+ function, where the length of the message is an odd number of
+ bytes. (closes issue ASTERISK-22590) Reported by: Jan Juergens
+ Tested by: Jan Juergens
+
+2013-11-04 21:20 +0000 [r402463] Kevin Harwell <kharwell@digium.com>
+
+ * /, channels/chan_sip.c: chan_sip: notify dialog info ignores
+ presentation indicator in callerid The presentation indicator in
+ a callerid (e.g. set by dialplan function
+ Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog
+ Info Notifies are generated during extension monitoring. Added a
+ check to make sure the name and/or number presentations on the
+ callee (remote identity) are set to allow. If they are restricted
+ then "anonymous" is used instead. (closes issue AST-1175)
+ Reported by: Thomas Arimont Review:
+ https://reviewboard.asterisk.org/r/2976/ ........ Merged
+ revisions 402450 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+2013-11-01 20:39 +0000 [r402377-402383] Matthew Jordan <mjordan@digium.com>
+
+ * asterisk-11.6.0-summary.html (removed),
+ asterisk-11.6.0-summary.txt (removed): Remove old summaries
+
+ * include/asterisk/pbx.h, res/res_rtp_asterisk.c, main/pbx.c, /,
+ configure, configure.ac: Multiple revisions
+ 396884,400075,400093,401446,401960 ........ r396884 | jbigelow |
+ 2013-08-16 17:45:10 -0500 (Fri, 16 Aug 2013) | 8 lines Add test
+ suite events to indicate when a feature is detected or not These
+ are needed by the bridge test suite tests for them to be able to
+ run against Asterisk 11. Review:
+ https://reviewboard.asterisk.org/r/2751/ ........ r400075 |
+ mjordan | 2013-09-28 16:59:12 -0500 (Sat, 28 Sep 2013) | 16 lines
+ Add check for openSUSE when detecting bfd library In
+ ASTERISK-17842, some additional library checks were added to the
+ configure script so that the bfd library could be found on CentOS
+ and Fedora systems. As it turns out, openSUSE requires an
+ additional library. This patch adds another check to the
+ configure script for openSUSE that will add that library. Review:
+ https://reviewboard.asterisk.org/r/2885/ (closes issue AST-1169)
+ Reported by: Guenther Kelleter ........ Merged revisions 400073
+ from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........
+ r400093 | mjordan | 2013-09-28 17:21:37 -0500 (Sat, 28 Sep 2013)
+ | 23 lines res_rtp_asterisk: Correct erroneous lost packet
+ information in RTCP reports RTCP's calculation of the number of
+ lost packets in an RTP stream is based on that stream's sequence
+ number count, the number of received packets, and how many
+ packets we expect to receive. When the SSRC for an RTP stream
+ changes, there can - and almost always will be - a large jump in
+ the next packet's timestamp and sequence number. If we don't
+ reset the number of received packets, sequence number count, and
+ other metrics used by RTCP, the next RR/SR report will use the
+ previous SSRC's values to calculate the lost packet count for the
+ new SSRC - resulting in a very large number of lost packets. This
+ patch modifies res_rtp_asterisk such that, if it detects a SSRC
+ change, it will reset the various values used by the RTCP
+ calculations. From the perspective of RTCP, this appears as a new
+ media stream - which is what it is. Review:
+ https://reviewboard.asterisk.org/r/2886/ (closes issue AST-1174)
+ Reported by: Thomas Arimont ........ Merged revisions 400089 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........
+ r401446 | mjordan | 2013-10-22 17:42:24 -0500 (Tue, 22 Oct 2013)
+ | 15 lines res_rtp_asterisk: Fix crash when RTCP is not available
+ during SSRC change In r400089, a patch was put in to correct
+ erroneous RTCP statistic resets. Unfortunately, ast_rtp_read can
+ be called on an RTP instance that does not have RTCP information.
+ This patch prevents that crash by only resetting the statistics
+ if we do actually have an RTCP instance. (issue AST-1174) (closes
+ issue ASTERISK-22667) Reported by: John Bigelow ........ Merged
+ revisions 401445 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........
+ r401960 | sgriepentrog | 2013-10-25 15:44:40 -0500 (Fri, 25 Oct
+ 2013) | 15 lines pbx.c: fix confused match caller id that deleted
+ exten still in hash This fixes a bug where a zero length callerid
+ match adjacent to a no match callerid extension entry would be
+ deleted together, which then resulted in hashtable references to
+ free'd memory. A third state of the matchcid value has been added
+ to indicate match to any extension which allows enforcing
+ comparison of matchcid on/off without errors. (closes issue
+ AST-1235) Reported by: Guenther Kelleter Review:
+ https://reviewboard.asterisk.org/r/2930/ ........ Merged
+ revisions 401959 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged
+ revisions 396884,400075,400093,401446,401960 from
+ http://svn.asterisk.org/svn/asterisk/branches/11
+
+ * /: SVN properties: Add svnmerge properties for 11
+
+2013-10-22 16:10 +0000 [r401416] bebuild <bebuild@localhost>:
+
+ * / (added): Create branch for Certified Asterisk 11.6.
+
2013-10-21 Asterisk Development Team <asteriskteam@digium.com>
* Asterisk 11.6.0 Released.
projects / thirdparty / asterisk.git / commitdiff
