fail, reported by naddy@.
set COMPILER_LANGS=c while there, the GNU compiler is only used for C nested
functions (because I still have no ideas about the BlocksRuntime with clang),
c++ is not needed.
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004: Crash when receiving SUBSCRIBE request
AST-2018-005: Crash when large numbers of TCP connections are closed suddenly
AST-2018-006: WebSocket frames with 0 sized payload causes DoS
(only 15.x reported as affected by AST-2018-001)
Fix #! line for bash in astversion. Not forced in RUN_DEPENDS because in all
the time this has been present only one person noticed, so the script doesn't
seem too popular. (Script also makes some assumptions about library versions
which don't apply here but I don't think it's worth poking at this too far).
Reported by landry@
(other codecs are already disabled in the pjproject build, it's only used for sip
signalling - asterisk has its own codec stack, this doesn't affect use of the
asterisk-g729 package).
AST-2017-012: Remote Crash Vulnerability in RTCP Stack
If a compound RTCP packet is received containing more than one report
(for example a Receiver Report and a Sender Report) the RTCP stack
will incorrectly store report information outside of allocated memory
potentially causing a crash.
AST-2017-014: Crash in PJSIP resource when missing a contact header
A select set of SIP messages create a dialog in Asterisk. Those SIP
messages must contain a contact header. For those messages, if the
header was not present and using the PJSIP channel driver, it would
cause Asterisk to crash. The severity of this vulnerability is somewhat
mitigated if authentication is enabled. If authentication is enabled a
user would have to first be authorized before reaching the crash point.
to AST-2017-005.
The RTP/RTCP stack will now validate RTCP packets before processing
them. Packets failing validation are discarded. RTP stream qualification
now requires the intended series of packets from the same address
without seeing packets from a different source address to accept a new
source address.
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip
also install the basic-pbx sample configs
which are gcc-specific, or clang with -fblocks, which we don't have
working fully yet).
To avoid a C++ standard library conflict, switch to a stripped-down and
patched copy of pjsua/pjsip built as part of the Asterisk build.
Some slight patch gymnastics; Asterisk doesn't distribute pjsua itself
but rather normally downloads, untars and patches as part of the build,
which isn't compatible with the patches we need to apply in order to
fix it with libressl.
on short SCCP packets. This only affects SCCP users (chan_skinny).
13.15.1 also added some fixes to the bundled copy of PJSIP
(used by chan_pjsip, *not* used by chan_sip) -
AST-2017-002: Buffer Overrun in PJSIP transaction layer,
AST-2017-003: Crash in PJSIP multi-part body parser
- however that copy is not used by this package and will need to
be fixed separately.
- clang + ld.bfd: link fails in autoconf test, undefined symbols.
- clang + ld.lld: package builds, dlopen()ing the .so modules that use -fblocks
fails at runtime.
because with clang + ld.lld it does build but results in unusable packages,
explicitly mark BROKEN-aarch64 for now.
add various OPENSSL_VERSION_NUMBER patches now that asterisk supports
openssl 1.1:
- we don't have openssl 1.1's SSL_is_server yet, so use the old check
for ssl->server instead
- we do still need the hack to avoid initing multiple times which is
no longer needed in openssl 1.1
http://downloads.digium.com/pub/security/AST-2017-001.html
CDR: Protect from data overflow in ast_cdr_setuserfield.
ast_cdr_setuserfield wrote to a fixed length field using strcpy.
This could result in a buffer overrun when called from chan_sip or
func_cdr. This patch adds a maximum bytes written to the field by using
ast_copy_string instead.
both fail to provide %zu samples" debug message which is triggering very
frequently, so that it's possible to get debug level 5 messages without
flattening the box.
OPENSSL_VERSION_NUMBER < 0x10002000L to see if DTLSv1_method is available;
it's an error at runtime only as it's in a dlopen'd module, and doesn't
crash the process, just fails loading the module, so you don't notice
until you wonder why calls are all failing...)
