* AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite.
When Asterisk sends a reinvite negotiating T38 faxing, it's possible a
crash can occur if the response contains a m=image and zero port. The
reinvite callback code now checks session_media to see if it is null or
not before trying to access the udptl variable on it.
ASTERISK-29305
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.
AST-2021-001: Remote crash in res_pjsip_diversion
AST-2021-002: Remote crash possible when negotiating T.38
AST-2021-003: Remote attacker could prematurely tear down SRTP calls
AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests
AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
there is an active fork of this code on github.com/davies147/astmanproxy,
but it uses various linuxisms (pthread_timedjoin_np, prctl) so sticking
with the old one.
AST-2020-003: Remote crash in res_pjsip_diversion -
A crash can occur in Asterisk when a SIP message is received that has a
History-Info header, which contains a tel-uri.
AST-2020-004: Remote crash in res_pjsip_diversion -
A crash can occur in Asterisk when a SIP 181 response is received that
has a Diversion header, which contains a tel-uri.
IMAP voicemail has moved from building all of Asterisk with a separate
build option (with imap files linked to the main binaries) to a separate
module which can be switched in config. (Only one voicemail module is
allowed at a time, if you have multiple of these installed you can
select between them with noload in modules.conf).
Quirks doesn't handle a flavour moving to unflavoured+subpackage; use
@ask-upgrade so that users of the imap flavour (and only them) are
warned about this at update time.
requiring authenticated sessions to trigger):
AST-2020-001: Remote crash in res_pjsip_session
AST-2020-002: Outbound INVITE loop on challenge with different nonce
"...But two years go by and still my light's on
This is hard for me to say, but this is all that I can take
It's the last song I'll ever write for you
It's the last time that I'll tell you just how much I really care
This is the last song I'll ever sing for you..."
Changes:
- mostly bugfixes and performance improvements
New plugins:
- plugin_stats: write some statistics about currently active calls
- plugin_blacklist: new plugin to block UACs that cause excessive
failures during REGISTER attempts
of pjsip used by asterisk 16.12.0.
The Asterisk port can't use anything which pulls in libc++ libraries
because (unless someone can fix -fblocks in clang) it has to build with
gcc/libestdc++ resulting in conflicting libraries.
