* AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite.
When Asterisk sends a reinvite negotiating T38 faxing, it's possible a
crash can occur if the response contains a m=image and zero port. The
reinvite callback code now checks session_media to see if it is null or
not before trying to access the udptl variable on it.
ASTERISK-29305
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
AST-2021-001: Remote crash in res_pjsip_diversion
AST-2021-002: Remote crash possible when negotiating T.38
AST-2021-003: Remote attacker could prematurely tear down SRTP calls
AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests
AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
there is an active fork of this code on github.com/davies147/astmanproxy,
but it uses various linuxisms (pthread_timedjoin_np, prctl) so sticking
with the old one.
AST-2020-003: Remote crash in res_pjsip_diversion -
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
AST-2020-004: Remote crash in res_pjsip_diversion -
A crash can occur in Asterisk when a SIP 181 response is received that
has a Diversion header, which contains a tel-uri.
IMAP voicemail has moved from building all of Asterisk with a separate
build option (with imap files linked to the main binaries) to a separate
module which can be switched in config. (Only one voicemail module is
allowed at a time, if you have multiple of these installed you can
select between them with noload in modules.conf).
Quirks doesn't handle a flavour moving to unflavoured+subpackage; use
@ask-upgrade so that users of the imap flavour (and only them) are
warned about this at update time.
requiring authenticated sessions to trigger):
AST-2020-001: Remote crash in res_pjsip_session
AST-2020-002: Outbound INVITE loop on challenge with different nonce
"...But two years go by and still my light's on
This is hard for me to say, but this is all that I can take
It's the last song I'll ever write for you
It's the last time that I'll tell you just how much I really care
This is the last song I'll ever sing for you..."
Changes:
- mostly bugfixes and performance improvements
New plugins:
- plugin_stats: write some statistics about currently active calls
- plugin_blacklist: new plugin to block UACs that cause excessive
failures during REGISTER attempts
of pjsip used by asterisk 16.12.0.
The Asterisk port can't use anything which pulls in libc++ libraries
because (unless someone can fix -fblocks in clang) it has to build with
gcc/libestdc++ resulting in conflicting libraries.
* res_ari: Fix create channel request channelId parameter parsing
If channelId parameters were passed in the body, Asterisk doesn't parse
it correctly.
The reSIProcate components, particularly the SIP stack, are in use in both
commercial and open-source products. The project is dedicated to maintaining a
complete, correct, and commercially usable implementation of SIP and a few
related protocols.
repro is an open-source, free SIP server which provides SIP proxy, registrar,
redirect, and identity services.
reTurn is a highly efficient C++ open-source STUN/TURN server and client
library. It is an implementation of the latest STUN/TURN RFCs: RFC5389 (STUN),
and RFC5766 (TURN).
OK sthen@
