to AST-2017-005.
The RTP/RTCP stack will now validate RTCP packets before processing
them. Packets failing validation are discarded. RTP stream qualification
now requires the intended series of packets from the same address
without seeing packets from a different source address to accept a new
source address.
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip
also install the basic-pbx sample configs
which are gcc-specific, or clang with -fblocks, which we don't have
working fully yet).
To avoid a C++ standard library conflict, switch to a stripped-down and
patched copy of pjsua/pjsip built as part of the Asterisk build.
Some slight patch gymnastics; Asterisk doesn't distribute pjsua itself
but rather normally downloads, untars and patches as part of the build,
which isn't compatible with the patches we need to apply in order to
fix it with libressl.
In the process:
* change upstream to https://github.com/juha-h/libzrtp
* remove patches that are already integrated by upstream
* avoid hidden dependency on doxygen
on short SCCP packets. This only affects SCCP users (chan_skinny).
13.15.1 also added some fixes to the bundled copy of PJSIP
(used by chan_pjsip, *not* used by chan_sip) -
AST-2017-002: Buffer Overrun in PJSIP transaction layer,
AST-2017-003: Crash in PJSIP multi-part body parser
- however that copy is not used by this package and will need to
be fixed separately.
- clang + ld.bfd: link fails in autoconf test, undefined symbols.
- clang + ld.lld: package builds, dlopen()ing the .so modules that use -fblocks
fails at runtime.
because with clang + ld.lld it does build but results in unusable packages,
explicitly mark BROKEN-aarch64 for now.
