requiring authenticated sessions to trigger):
AST-2020-001: Remote crash in res_pjsip_session
AST-2020-002: Outbound INVITE loop on challenge with different nonce
"...But two years go by and still my light's on
This is hard for me to say, but this is all that I can take
It's the last song I'll ever write for you
It's the last time that I'll tell you just how much I really care
This is the last song I'll ever sing for you..."
Changes:
- mostly bugfixes and performance improvements
New plugins:
- plugin_stats: write some statistics about currently active calls
- plugin_blacklist: new plugin to block UACs that cause excessive
failures during REGISTER attempts
of pjsip used by asterisk 16.12.0.
The Asterisk port can't use anything which pulls in libc++ libraries
because (unless someone can fix -fblocks in clang) it has to build with
gcc/libestdc++ resulting in conflicting libraries.
* res_ari: Fix create channel request channelId parameter parsing
If channelId parameters were passed in the body, Asterisk doesn't parse
it correctly.
The reSIProcate components, particularly the SIP stack, are in use in both
commercial and open-source products. The project is dedicated to maintaining a
complete, correct, and commercially usable implementation of SIP and a few
related protocols.
repro is an open-source, free SIP server which provides SIP proxy, registrar,
redirect, and identity services.
reTurn is a highly efficient C++ open-source STUN/TURN server and client
library. It is an implementation of the latest STUN/TURN RFCs: RFC5389 (STUN),
and RFC5766 (TURN).
OK sthen@
some time ago. They were causing the build to fail on arch using a linker
which cares about such things as the functions existing, and would have
caused crashes if the relevant code was actually called on other arches
(I guess this port is not really very widely used..)
Diff from Brad, I merged with newer commit.
Ports using -lossaudio still call open(2) to get a file descriptor.
They don't need it to change the volume, but expect various syscalls
to succeed. Using /dev/null ensures programs will continue to work
once /dev/mixer is disabled.
"go ahead" landry@ and naddy@
avcodec_encode_video and avcodec_alloc_frame.
strangely, though aarch64 *only* uses LLD, the same failure can be
reproduced on amd64 by forcing ld.bfd (USE_LLD=No).
Implicit MODGCC4_CPPLIBDEP in LIB_DEPENDS is not inherited by
LIB_DEPENDS-*, despite COMPILER_LIBCXX being in WANTLIB-*, so
it's needed to add it.
OK sthen@
- use getthrid to record TID (this is displayed following the opaque thread
id in "core show threads", and is useful to match against top -H output)
- provide a -kqueue package for res_timing_kqueue (previously @comment'ed
out). Normally a pthread-backed timer is used in the package; the kqueue-backed
timer is built by default but has had problems on OpenBSD in the past so is
@comment'ed out. I wouldn't consider this production ready on OpenBSD (lots
of "kqueue_timer_ack: [18]: Missed 1" at least on a kernel with standard HZ)
but I'd like to have it more easily available for experimentation, hence
adding the package.
AST-2019-006: SIP request can change address of a SIP peer.
AST-2019-007: AMI user could execute system commands.
AST-2019-008: Re-invite with T.38 and malformed SDP causes crash.
AST-2019-004 Crash when negotiating for T.38 with a declined stream (res_pjsip_t38.c)
AST-2019-005 Remote Crash Vulnerability in audio transcoding (bug introduced in 16.5.0)
If somebody is removed who actually wants maintainer and either
didn't receive the mail, or didn't bother to reply to it, they are
free to send a diff to reinstate.
ok sthen@, jca@
AST-2019-002: Remote crash vulnerability with MESSAGE messages:
A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.
AST-2019-003: Remote Crash Vulnerability in chan_sip channel driver:
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an
endpoint to switch it to T.38. If the endpoint responds with an improperly
formatted SDP answer including both a T.38 UDPTL stream and an audio or video
stream containing only codecs not allowed on the SIP peer or user a crash will
occur. The code incorrectly assumes that there will be at least one common
codec when T.38 is also in the SDP answer.
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new) devel/gettext,-textstyle
* AST-2019-001: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation
by the remote party can cause Asterisk to crash.
https://issues.asterisk.org/jira/browse/ASTERISK-28260
changes aren't too extreme, but upgrading users should review upgrade notes
in /usr/local/share/doc/asterisk (UPGRADE-14.txt, UPGRADE-15.txt, UPGRADE.txt).
from semarie@, ok danj@
This is a Python port of Google's libphonenumber library (original code
in Java). Among other features it provides phone number validation,
standardized formatting, and informations like location and original
carrier.
some existing COMPILER lines with arch restrictions etc. In the usual
case this is now using "COMPILER = base-clang ports-gcc base-gcc" on
ports with c++ libraries in WANTLIB.
This is basically intended to be a noop on architectures using clang
as the system compiler, but help with other architectures where we
currently have many ports knocked out due to building with an unsuitable
compiler -
- some ports require c++11/newer so the GCC version in base that is used
on these archirtectures is too old.
- some ports have conflicts where an executable is built with one compiler
(e.g. gcc from base) but a library dependency is built with a different
one (e.g. gcc from ports), resulted in mixing incompatible libraries in the
same address space.
devel/gmp is intentionally skipped as it's on the path to building gcc -
the c++ library there is unused in ports (and not built by default upstream)
so intending to disable building gmpcxx in a future commit.
- update comments in pjlib's sock_ossl.c, we do now have
SSL_set1_curves/SSL_CTX_set1_curves but still not SSL_get_shared_curve,
SSL_set1_{client_,}sigalgs_list
AST-2018-007: Infinite loop when reading iostreams
When connected to Asterisk via TCP/TLS if the client abruptly
disconnects, or sends a specially crafted message then Asterisk
gets caught in an infinite loop while trying to read the data stream.
Thus rendering the system as unusable.
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
When endpoint specific ACL rules block a SIP request they respond with
a 403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to
gain access to the disclosed endpoints.
handling From:
- fix berkeley db utilities and kamctl "shift: nothing to shift",
reported by feinerer@, from maintainer Roman Kravchuk
- fix runtime TLS failure, undefined symbol OPENSSL_zalloc,
from maintainer
- remove some dead patches follow switch to clang, from me
(there was an earlier update to 5.1.x from maintainer earlier this
month which I missed pushing earlier and it's too close to release now;
this is planned for post-6.3)
fail, reported by naddy@.
set COMPILER_LANGS=c while there, the GNU compiler is only used for C nested
functions (because I still have no ideas about the BlocksRuntime with clang),
c++ is not needed.
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004: Crash when receiving SUBSCRIBE request
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
AST-2018-006: WebSocket frames with 0 sized payload causes DoS
(only 15.x reported as affected by AST-2018-001)
BIO_meth_set_callback_ctrl(). however in this case it is just setting the
callback pointer to NULL, and BIO_meth_new() already returns zeroed space,
so just skip that for now.
Fix #! line for bash in astversion. Not forced in RUN_DEPENDS because in all
the time this has been present only one person noticed, so the script doesn't
seem too popular. (Script also makes some assumptions about library versions
which don't apply here but I don't think it's worth poking at this too far).
Reported by landry@
(other codecs are already disabled in the pjproject build, it's only used for sip
signalling - asterisk has its own codec stack, this doesn't affect use of the
asterisk-g729 package).
AST-2017-012: Remote Crash Vulnerability in RTCP Stack
If a compound RTCP packet is received containing more than one report
(for example a Receiver Report and a Sender Report) the RTCP stack
will incorrectly store report information outside of allocated memory
potentially causing a crash.
AST-2017-014: Crash in PJSIP resource when missing a contact header
A select set of SIP messages create a dialog in Asterisk. Those SIP
messages must contain a contact header. For those messages, if the
header was not present and using the PJSIP channel driver, it would
cause Asterisk to crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the crash point.
to AST-2017-005.
The RTP/RTCP stack will now validate RTCP packets before processing
them. Packets failing validation are discarded. RTP stream qualification
now requires the intended series of packets from the same address
without seeing packets from a different source address to accept a new
source address.
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip
also install the basic-pbx sample configs
which are gcc-specific, or clang with -fblocks, which we don't have
working fully yet).
To avoid a C++ standard library conflict, switch to a stripped-down and
patched copy of pjsua/pjsip built as part of the Asterisk build.
Some slight patch gymnastics; Asterisk doesn't distribute pjsua itself
but rather normally downloads, untars and patches as part of the build,
which isn't compatible with the patches we need to apply in order to
fix it with libressl.
In the process:
* change upstream to https://github.com/juha-h/libzrtp
* remove patches that are already integrated by upstream
* avoid hidden dependency on doxygen
on short SCCP packets. This only affects SCCP users (chan_skinny).
13.15.1 also added some fixes to the bundled copy of PJSIP
(used by chan_pjsip, *not* used by chan_sip) -
AST-2017-002: Buffer Overrun in PJSIP transaction layer,
AST-2017-003: Crash in PJSIP multi-part body parser
- however that copy is not used by this package and will need to
be fixed separately.
- clang + ld.bfd: link fails in autoconf test, undefined symbols.
- clang + ld.lld: package builds, dlopen()ing the .so modules that use -fblocks
fails at runtime.
because with clang + ld.lld it does build but results in unusable packages,
explicitly mark BROKEN-aarch64 for now.
add various OPENSSL_VERSION_NUMBER patches now that asterisk supports
openssl 1.1:
- we don't have openssl 1.1's SSL_is_server yet, so use the old check
for ssl->server instead
- we do still need the hack to avoid initing multiple times which is
no longer needed in openssl 1.1
http://downloads.digium.com/pub/security/AST-2017-001.html
CDR: Protect from data overflow in ast_cdr_setuserfield.
ast_cdr_setuserfield wrote to a fixed length field using strcpy.
This could result in a buffer overrun when called from chan_sip or
func_cdr. This patch adds a maximum bytes written to the field by using
ast_copy_string instead.
both fail to provide %zu samples" debug message which is triggering very
frequently, so that it's possible to get debug level 5 messages without
flattening the box.
OPENSSL_VERSION_NUMBER < 0x10002000L to see if DTLSv1_method is available;
it's an error at runtime only as it's in a dlopen'd module, and doesn't
crash the process, just fails loading the module, so you don't notice
until you wonder why calls are all failing...)
Changes:
- removed remaining static archs support goo,
- use arc4random() in re,
- new baresip module "mpa" for corresponding codec,
- multiple bugfixes.
