-13.38.1
\ No newline at end of file
+13.38.2
\ No newline at end of file
+2021-02-18 16:46 +0000 Asterisk Development Team <asteriskteam@digium.com>
+
+ * asterisk 13.38.2 Released.
+
+2021-01-26 11:09 +0000 [b77dcbd905] Alexander Traud <pabstraud@compuserve.com>
+
+ * rtp: Enable srtp replay protection
+
+ Add option "srtpreplayprotection" rtp.conf to enable srtp
+ replay protection.
+
+ ASTERISK-29260
+ Reported by: Alexander Traud
+
+ Change-Id: I5cd346e3c6b6812039d1901aa4b7be688173b458
+
+2020-12-28 06:43 +0000 [a86d326b5e] Ivan Poddubnyi <ivan.poddubny@gmail.com>
+
+ * res_pjsip_diversion: Fix adding more than one histinfo to Supported
+
+ New responses sent within a PJSIP sessions are based on those that were
+ sent before. Therefore, adding/modifying a header once causes it to be
+ sent on all responses that follow.
+
+ Sending 181 Call Is Being Forwarded many times first adds "histinfo"
+ duplicated more and more, and eventually overflows past the array
+ boundary.
+
+ This commit adds a check preventing adding "histinfo" more than once,
+ and skipping it if there is no more space in the header.
+
+ Similar overflow situations can also occur in res_pjsip_path and
+ res_pjsip_outbound_registration so those were also modified to
+ check the bounds and suppress duplicate Supported values.
+
+ ASTERISK-29227
+ Reported by: Ivan Poddubny
+
+ Change-Id: Id43704a1f1a0293e35cc7f844026f0b04f2ac322
+
+2021-02-05 05:26 +0000 [5016b84076] Joshua C. Colp <jcolp@sangoma.com>
+
+ * pjsip: Make modify_local_offer2 tolerate previous failed SDP.
+
+ If a remote side is broken and sends an SDP that can not be
+ negotiated the call will be torn down but there is a window
+ where a second 183 Session Progress or 200 OK that is forked
+ can be received that also attempts to negotiate SDP. Since
+ the code marked the SDP negotiation as being done and complete
+ prior to this it assumes that there is an active local and remote
+ SDP which it can modify, while in fact there is not as the SDP
+ did not successfully negotiate. Since there is no local or remote
+ SDP a crash occurs.
+
+ This patch changes the pjmedia_sdp_neg_modify_local_offer2
+ function to no longer assume that a previous SDP negotiation
+ was successful.
+
+ ASTERISK-29196
+
+ Change-Id: I22de45916d3b05fdc2a67da92b3a38271ee5949e
+
2020-12-22 21:00 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 13.38.1 Released.
+++ /dev/null
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-13.38.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-13.38.1</h3><h3 align="center">Date: 2020-12-22</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
-<li><a href="#summary">Summary</a></li>
-<li><a href="#contributors">Contributors</a></li>
-<li><a href="#open_issues">Open Issues</a></li>
-<li><a href="#commits">Other Changes</a></li>
-<li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
-<li><a href="http://downloads.asterisk.org/pub/security/AST-2020-003,AST-2020-004.html">AST-2020-003,AST-2020-004</a></li>
-</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-13.38.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Torrey Searle <tsearle@voxbone.com><br/>1 Asterisk Development Team <asteriskteam@digium.com><br/></td><td width="33%"><td width="33%">1 Mikhail Ivanov <mivanov@lanta-net.ru><br/>1 Torrey Searle <tsearle@gmail.com><br/></td></tr>
-</table><hr><a name="open_issues"><h2 align="center">Open Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all open issues from the issue tracker that were referenced by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_pjsip_diversion</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29219">ASTERISK-29219</a>: res_pjsip_diversion: Crash if Tel URI contains History-Info<br/>Reported by: Torrey Searle<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=8d90fc1b41f47961318eff1fded08f3faa3d38fa">[8d90fc1b41]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
-</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip_diversion</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29191">ASTERISK-29191</a>: tel: URI in Diversion header causes crash<br/>Reported by: Mikhail Ivanov<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=8d90fc1b41f47961318eff1fded08f3faa3d38fa">[8d90fc1b41]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
-</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29191">ASTERISK-29191</a>: tel: URI in Diversion header causes crash<br/>Reported by: Mikhail Ivanov<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=8d90fc1b41f47961318eff1fded08f3faa3d38fa">[8d90fc1b41]</a> Torrey Searle -- res/res_pjsip_diversion: prevent crash on tel: uri in History-Info</li>
-</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
-<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
-<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=f95d65153844705f8f47a7d94d104da82adf0117">f95d651538</a></td><td>Asterisk Development Team</td><td>Update for 13.38.1</td></tr>
-</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>asterisk-13.38.0-summary.html | 99 -------------
-asterisk-13.38.0-summary.txt | 302 ----------------------------------------
-b/.version | 2
-b/ChangeLog | 16 ++
-b/asterisk-13.38.1-summary.html | 17 ++
-b/asterisk-13.38.1-summary.txt | 54 +++++++
-6 files changed, 88 insertions(+), 402 deletions(-)</pre><br></html>
\ No newline at end of file
+++ /dev/null
- Release Summary
-
- asterisk-13.38.1
-
- Date: 2020-12-22
-
- <asteriskteam@digium.com>
-
- ----------------------------------------------------------------------
-
- Table of Contents
-
- 1. Summary
- 2. Contributors
- 3. Open Issues
- 4. Other Changes
- 5. Diffstat
-
- ----------------------------------------------------------------------
-
- Summary
-
- [Back to Top]
-
- This release has been made to address one or more security vulnerabilities
- that have been identified. A security advisory document has been published
- for each vulnerability that includes additional information. Users of
- versions of Asterisk that are affected are strongly encouraged to review
- the advisories and determine what action they should take to protect their
- systems from these issues.
-
- Security Advisories:
-
- * AST-2020-003,AST-2020-004
-
- The data in this summary reflects changes that have been made since the
- previous release, asterisk-13.38.0.
-
- ----------------------------------------------------------------------
-
- Contributors
-
- [Back to Top]
-
- This table lists the people who have submitted code, those that have
- tested patches, as well as those that reported issues on the issue tracker
- that were resolved in this release. For coders, the number is how many of
- their patches (of any size) were committed into this release. For testers,
- the number is the number of times their name was listed as assisting with
- testing a patch. Finally, for reporters, the number is the number of
- issues that they reported that were affected by commits that went into
- this release.
-
- Coders Testers Reporters
- 1 Torrey Searle 1 Mikhail Ivanov
- 1 Asterisk Development Team 1 Torrey Searle
-
- ----------------------------------------------------------------------
-
- Open Issues
-
- [Back to Top]
-
- This is a list of all open issues from the issue tracker that were
- referenced by changes that went into this release.
-
- Security
-
- Category: Resources/res_pjsip_diversion
-
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains
- History-Info
- Reported by: Torrey Searle
- * [8d90fc1b41] Torrey Searle -- res/res_pjsip_diversion: prevent crash
- on tel: uri in History-Info
-
- Bug
-
- Category: Resources/res_pjsip_diversion
-
- ASTERISK-29191: tel: URI in Diversion header causes crash
- Reported by: Mikhail Ivanov
- * [8d90fc1b41] Torrey Searle -- res/res_pjsip_diversion: prevent crash
- on tel: uri in History-Info
-
- Category: pjproject/pjsip
-
- ASTERISK-29191: tel: URI in Diversion header causes crash
- Reported by: Mikhail Ivanov
- * [8d90fc1b41] Torrey Searle -- res/res_pjsip_diversion: prevent crash
- on tel: uri in History-Info
-
- ----------------------------------------------------------------------
-
- Commits Not Associated with an Issue
-
- [Back to Top]
-
- This is a list of all changes that went into this release that did not
- reference a JIRA issue.
-
- +------------------------------------------------------------------------+
- | Revision | Author | Summary |
- |----------------+-------------------------------+-----------------------|
- | f95d651538 | Asterisk Development Team | Update for 13.38.1 |
- +------------------------------------------------------------------------+
-
- ----------------------------------------------------------------------
-
- Diffstat Results
-
- [Back to Top]
-
- This is a summary of the changes to the source code that went into this
- release that was generated using the diffstat utility.
-
- asterisk-13.38.0-summary.html | 99 -------------
- asterisk-13.38.0-summary.txt | 302 ----------------------------------------
- b/.version | 2
- b/ChangeLog | 16 ++
- b/asterisk-13.38.1-summary.html | 17 ++
- b/asterisk-13.38.1-summary.txt | 54 +++++++
- 6 files changed, 88 insertions(+), 402 deletions(-)
--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-13.38.2</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-13.38.2</h3><h3 align="center">Date: 2021-02-18</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-001,AST-2021-003,AST-2021-005.html">AST-2021-001,AST-2021-003,AST-2021-005</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-13.38.1.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">1 Ivan Poddubnyi <ivan.poddubny@gmail.com><br/>1 Joshua C. Colp <jcolp@sangoma.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/></td><td width="33%"><td width="33%">1 Ivan Poddubny<br/>1 Ivan Poddubny <ivan.poddubny@gmail.com><br/>1 Alexander Traud<br/>1 Mauri de Souza Meneguzzo (3CPlus) <mauri.nunes@fluxoti.com><br/>1 Alexander Traud <pabstraud@compuserve.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_srtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29260">ASTERISK-29260</a>: sRTP Replay Protection ignored; even tears down long calls<br/>Reported by: Alexander Traud<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=b77dcbd905553ea903553d42b89866d5d1b149e6">[b77dcbd905]</a> Alexander Traud -- rtp: Enable srtp replay protection</li>
+</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29227">ASTERISK-29227</a>: res_pjsip_diversion: sending multiple 181 responses causes memory corruption and crash<br/>Reported by: Ivan Poddubny<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=a86d326b5ee4e87bd86f1d83801fbf51a73a158a">[a86d326b5e]</a> Ivan Poddubnyi -- res_pjsip_diversion: Fix adding more than one histinfo to Supported</li>
+</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29196">ASTERISK-29196</a>: res_pjsip: Segmentation fault<br/>Reported by: Mauri de Souza Meneguzzo (3CPlus)<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=5016b84076171bc690092e16dd740b3f44d5c4d9">[5016b84076]</a> Joshua C. Colp -- pjsip: Make modify_local_offer2 tolerate previous failed SDP.</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>configs/samples/rtp.conf.sample | 12 ++++++++++++
+doc/CHANGES-staging/srtp_replay_protection.txt | 9 +++++++++
+doc/UPGRADE-staging/srtp_replay_protection.txt | 9 +++++++++
+res/res_pjsip_diversion.c | 14 ++++++++++++++
+res/res_pjsip_outbound_registration.c | 12 ++++++++++++
+res/res_pjsip_path.c | 12 ++++++++++++
+res/res_rtp_asterisk.c | 12 +++++++++++-
+7 files changed, 79 insertions(+), 1 deletion(-)</pre><br></html>
\ No newline at end of file
--- /dev/null
+ Release Summary
+
+ asterisk-13.38.2
+
+ Date: 2021-02-18
+
+ <asteriskteam@digium.com>
+
+ ----------------------------------------------------------------------
+
+ Table of Contents
+
+ 1. Summary
+ 2. Contributors
+ 3. Closed Issues
+ 4. Diffstat
+
+ ----------------------------------------------------------------------
+
+ Summary
+
+ [Back to Top]
+
+ This release has been made to address one or more security vulnerabilities
+ that have been identified. A security advisory document has been published
+ for each vulnerability that includes additional information. Users of
+ versions of Asterisk that are affected are strongly encouraged to review
+ the advisories and determine what action they should take to protect their
+ systems from these issues.
+
+ Security Advisories:
+
+ * AST-2021-001,AST-2021-003,AST-2021-005
+
+ The data in this summary reflects changes that have been made since the
+ previous release, asterisk-13.38.1.
+
+ ----------------------------------------------------------------------
+
+ Contributors
+
+ [Back to Top]
+
+ This table lists the people who have submitted code, those that have
+ tested patches, as well as those that reported issues on the issue tracker
+ that were resolved in this release. For coders, the number is how many of
+ their patches (of any size) were committed into this release. For testers,
+ the number is the number of times their name was listed as assisting with
+ testing a patch. Finally, for reporters, the number is the number of
+ issues that they reported that were affected by commits that went into
+ this release.
+
+ Coders Testers Reporters
+ 1 Ivan Poddubnyi 1 Ivan Poddubny
+ 1 Joshua C. Colp 1 Ivan Poddubny
+ 1 Alexander Traud 1 Alexander Traud
+ 1 Mauri de Souza Meneguzzo (3CPlus)
+ 1 Alexander Traud
+
+ ----------------------------------------------------------------------
+
+ Closed Issues
+
+ [Back to Top]
+
+ This is a list of all issues from the issue tracker that were closed by
+ changes that went into this release.
+
+ Security
+
+ Category: Resources/res_srtp
+
+ ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls
+ Reported by: Alexander Traud
+ * [b77dcbd905] Alexander Traud -- rtp: Enable srtp replay protection
+
+ Category: pjproject/pjsip
+
+ ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
+ memory corruption and crash
+ Reported by: Ivan Poddubny
+ * [a86d326b5e] Ivan Poddubnyi -- res_pjsip_diversion: Fix adding more
+ than one histinfo to Supported
+
+ Bug
+
+ Category: Resources/res_pjsip
+
+ ASTERISK-29196: res_pjsip: Segmentation fault
+ Reported by: Mauri de Souza Meneguzzo (3CPlus)
+ * [5016b84076] Joshua C. Colp -- pjsip: Make modify_local_offer2
+ tolerate previous failed SDP.
+
+ ----------------------------------------------------------------------
+
+ Diffstat Results
+
+ [Back to Top]
+
+ This is a summary of the changes to the source code that went into this
+ release that was generated using the diffstat utility.
+
+ configs/samples/rtp.conf.sample | 12 ++++++++++++
+ doc/CHANGES-staging/srtp_replay_protection.txt | 9 +++++++++
+ doc/UPGRADE-staging/srtp_replay_protection.txt | 9 +++++++++
+ res/res_pjsip_diversion.c | 14 ++++++++++++++
+ res/res_pjsip_outbound_registration.c | 12 ++++++++++++
+ res/res_pjsip_path.c | 12 ++++++++++++
+ res/res_rtp_asterisk.c | 12 +++++++++++-
+ 7 files changed, 79 insertions(+), 1 deletion(-)
projects / thirdparty / asterisk.git / commitdiff
