|Tags||communication conferencing telephony sip|
18.17.104 Apr 2023 10:25 minor feature: Res_pjsip_pubsub: subscription cleanup changes There are two main parts of the change associated with this. Commit. These are driven by the change in call order of Pubsub_on_rx_refresh and pubsub_on_evsub_state by pjproject When an in-dialog SUBSCRIBE is received. First, the previous behavior was for pjproject to call. Pubsub_on_rx_refresh before calling pubsub_on_evsub_state When an in-dialog SUBSCRIBE was received that changes the Subscription state. If that change was a termination due to a re-SUBSCRIBE with an expires of 0, we used to use the call to pubsub_on_rx_refresh to set the substate of the evsub to TERMINATE_PENDING before. Pjproject could call pubsub_on_evsub_state. This substate let pubsub_on_evsub_state know that the. Subscription TERMINATED event could be ignored as there was Still a subsequent NOTIFY that needed to be generated and Another call to pubsub_on_evsub_state to come with it. That NOTIFY was sent via serialized_pubsub_on_refresh_timeout. Which would see the TERMINATE_PENDING state and transition it to TERMINATE_IN_PROGRESS before triggering another call to. Pubsub_on_evsub_state (which now would clean up the evsub.) The new pjproject behavior is to call pubsub_on_evsub_state. Before pubsub_on_rx_refresh. This means we no longer can set The state to TERMINATE_PENDING to tell pubsub_on_evsub_state That it can ignore the first TERMINATED event. To handle this, we now look directly at the event type. Method type and the expires value to determine whether we Want to ignore the event or use it to trigger the evsub Cleanup. Second, pjproject now expects the NOTIFY to actually be sent. During pubsub_on_rx_refresh and avoids the protocol violation Inherent in sending a NOTIFY before the SUBSCRIBE is Acknowledged by caching the sent NOTIFY then sending it After responding to the SUBSCRIBE. This requires we send the NOTIFY using the non-serialized. Pubsub_on_refresh_timeout directly and let pjproject handle The protocol violation. Revert "pbx_ael: Gl
18.17.010 Mar 2023 20:05 minor feature:
18.16.013 Jan 2023 10:25 minor feature:
18.15.102 Dec 2022 07:05 minor feature: Update CHANGES and UPGRADE.txt for 18.15.1 Update for 18.15.1. pjproject: 2.13 security Backports two security (c4d3498 and 450baca) from pjproject 2.13. pjsip_transport_events: possible use after free on transport. It was possible for a module that registered for transport monitor. Events to pass in a pjsip_transport that had already been freed. This caused pjsip_transport_events to crash when looking up the. Monitor for the transport. The is a two pronged approach. 1. We now increment the reference count on pjsip_transports when we. Create monitors for them, then decrement the count when the Transport is going to be destroyed. 2. There are now APIs to register and unregister monitor callbacks by "transport key" which is a string concatenation of the remote ip. Address and port. This way the module needing to monitor the Transport doesn't have to hold on to the transport object itself to Unregister. It just has to save the transport_key. Added the pjsip_transport reference increment and decrement. Changed the internal transport monitor container key from the. Transport- obj_name (which may not be unique anyway) to the Transport_key. Added a helper macro AST_SIP_MAKE_REMOTE_IPADDR_PORT_STR() that. Fills a buffer with the transport_key using a passed-in Pjsip_transport. Added the following functions: Ast_sip_transport_monitor_register_key Ast_sip_transport_monitor_register_replace_key Ast_sip_transport_monitor_unregister_key And marked their non-key counterparts as deprecated. Updated res_pjsip_pubsub and res_pjsip_outbound_register to use. The new "key" monitor functions. NOTE: res_pjsip_registrar also uses the transport monitor. Functionality but doesn't have a persistent object other than Contact to store a transport key. At this time, it continues to Use the non-key monitor functions. manager: prevent file access outside of config dir Add live_dangerously flag to manager and use this flag to. Determine if a configuation file outside of AST_CONFIG_DIR Should be r
18.15.020 Oct 2022 14:45 minor feature:
18.14.019 Aug 2022 11:25 minor feature:
18.13.024 Jun 2022 08:05 minor feature:
18.12.121 May 2022 20:25 minor feature: Res_pjsip_transport_websocket: Also set the remote name. As part of PJSIP 2.11 a behavior change was done to require a matching remote hostname on an established transport for. Secure transports. Since the Websocket transport is considered a secure transport this caused the existing connection to not be found and used. We now set the remote hostname and the transport can be found.
18.12.013 May 2022 03:45 minor feature:
18.11.327 Apr 2022 18:25 minor feature: Res_pjsip_stir_shaken.c: enabled when not configured. There was an with the conditional where STIR/SHAKEN would be. Enabled even when not configured. It has been changed to ensure that if a profile does not exist and stir_shaken is not set in pjsip.conf, then. The conditional will return from the function without performing STIR/SHAKEN operations.
18.11.215 Apr 2022 11:05 minor feature: Doing a fresh summary Update for 18.11.2. Update CHANGES and UPGRADE.txt for 18.11.2. AST-2022-002 - res_stir_shaken/curl: Add ACL checks for Identity header. Adds a new configuration option, stir_shaken_profile, in pjsip.conf that. Can be specified on a per endpoint basis. This option will reference a Stir_shaken_profile that can be configured in stir_shaken.conf. The type of this option must be 'profile'. The stir_shaken option can be. Specified on this object with the same values as before (attest, verify, on), but it cannot be off since having the profile itself implies wanting STIR/SHAKEN support. You can also specify an ACL from acl.conf (along. With permit and deny lines in the object itself) that will be used to Limit what interfaces Asterisk will attempt to retrieve information from When reading the Identity header. AST-2022-001 - res_stir_shaken/curl: Limit file size and check start. Put checks in place to limit how much we will actually download, as well as a check for the data we receive at the start to ensure it begins with. What we would expect a certificate to begin with. func_odbc: Add SQL_ESC_BACKSLASHES dialplan function. Some databases depending on their configuration using backslashes. For escaping. When combined with the use of ' this can result in a broken func_odbc query. This change adds a SQL_ESC_BACKSLASHES dialplan function which can be used to escape the backslashes. This is done as a dialplan function instead of being always done as some databases do not require this, and always doing it would. Result in incorrect data being put into the database.
18.11.103 Apr 2022 05:45 minor feature: Make_xml_documentation: Remove usage of get_sourceable_makeopts Get_sourceable_makeopts wasn't handling variables with embedded. Double quotes in them very well. One example was the DOWNLOAD Variable when curl was being used instead of wget. Rather than Trying to get_sourceable_makeopts, it's just been removed. Makefile: Disable XML doc validation Make_xml_documentation was being called with the --validate. Flag set when it shouldn't have been. This was causing Build failures if neither xmllint nor xmlstarlet were installed. The correct behavior is to simply print a message that either. One of those tools should be installed for validation and Continue with the build.
18.11.025 Mar 2022 07:25 minor feature:
18.10.105 Mar 2022 08:05 minor feature: AST-2022-006: pjproject - unconstrained malformed multipart SIP message AST-2022-005: pjproject - undefined behavior after freeing a dialog set. AST-2022-004: pjproject - possible integer underflow on STUN message.
18.10.011 Feb 2022 04:05 minor feature:
18.9.010 Dec 2021 17:05 minor feature:
18.8.003 Nov 2021 07:45 minor feature:
18.7.116 Oct 2021 17:25 minor feature: Pbx_ael: crash and lockup regarding 'ael reload' Avoid infinite recursion and crash.
18.7.008 Oct 2021 12:05 minor feature:
18.6.013 Aug 2021 19:45 minor feature:
18.5.125 Jul 2021 06:45 minor feature: AST-2021-009 - pjproject-bundled: Avoid crash during handshake for TLS If an SSL socket parent/listener was destroyed during the handshake. Depending on timing, it was possible for the handling callback to Attempt access of it after the fact thus causing a crash. AST-2021-008 - chan_iax2: remote crash on unsupported media format If chan_iax2 received a packet with an unsupported media format, for. Example vp9, then it would set the frame's format to NULL. This could Then result in a crash later when an attempt was made to access the Format. This patch makes it so chan_iax2 now ignores/drops frames received. With unsupported media format types. AST-2021-007 - res_pjsip_session: Don't offer if no channel exists. If a re-INVITE is received after we have sent a BYE request then it is possible for no channel to be present on the session. If this. Occurs we allow PJSIP to produce the offer instead. Since the call is being hung up if it produces an incorrect offer it doesn't. Actually matter. This also ensures that code which produces SDP Does not need to handle if a channel is not present.
18.5.026 Jun 2021 00:25 minor feature:
18.4.007 May 2021 19:25 minor feature:
18.3.026 Mar 2021 10:45 minor feature:
18.2.205 Mar 2021 18:05 minor feature: AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite. When Asterisk sends a reinvite negotiating T38 faxing, it's possible a. Crash can occur if the response contains a m=image and zero port. The Reinvite callback code now checks session_media to see if it is null or Not before trying to access the udptl variable on it.
18.2.120 Feb 2021 01:45 minor feature: AST-2021-002: Remote crash possible when negotiating T.38 When an endpoint requests to re-negotiate for fax and the incoming re-invite is received prior to Asterisk sending out the 200 OK for. The initial invite the re-invite gets delayed. When Asterisk does Finally send the re-inivite the SDP includes streams for both audio And T.38. This happens because when the pending topology and active topologies. Differ (pending stream is not in the active) in the delayed scenario The pending stream is appended to the active topology. However, in The fax case the pending stream should replace the active. This patch makes it so when a delay occurs during fax negotiation, to or from, the audio stream is replaced by the T.38 stream, or vice. Versa instead of being appended. Further when Asterisk sent the re-invite with both audio and T.38. And the endpoint responded with a declined T.38 stream then Asterisk Would crash when attempting to change the T.38 state. This patch also puts in a check that ensures the media state has a. Valid fax session (associated udptl object) before changing the T.38 state internally. rtp: Enable srtp replay protection. Add option "srtpreplayprotection" rtp.conf to enable srtp. Replay protection. res_pjsip_diversion: adding more than one histinfo to Supported New responses sent within a PJSIP sessions are based on those that were. Sent before. Therefore, adding/modifying a header once causes it to be Sent on all responses that follow. Sending 181 Call Is Being Forwarded many times first adds "histinfo". Duplicated more and more, and eventually overflows past the array Boundary. This commit adds a check preventing adding "histinfo" more than once. And skipping it if there is no more space in the header. Similar overflow situations can also occur in res_pjsip_path and. Res_pjsip_outbound_registration so those were also modified to Check the bounds and suppress duplicate Supported values. res_rtp_asterisk.c: signed mismatch that leads to overflow pjsip:
18.2.023 Jan 2021 06:25 minor feature:
18.1.124 Dec 2020 02:45 minor feature: Update for 18.1.1 res/res_pjsip_diversion: prevent crash on tel: uri in History-Info. Add a check to see if the URI is a Tel URI and prevent crashing on trying to retrieve the reason parameter.
18.1.020 Nov 2020 10:45 minor feature:
18.0.106 Nov 2020 19:36 minor feature: AST-2020-002 - res_pjsip: Stop sending INVITEs after challenge limit. If Asterisk sends out an INVITE and receives a challenge with a. Different nonce value each time, it will continuously send out INVITEs, Even if the call is hung up. The endpoint must be configured for Outbound authentication for this to occur. A limit has been set on Outbound INVITEs so that, once reached, Asterisk will stop sending INVITEs and the transaction will terminate. AST-2020-001 - res_pjsip: Return dialog locked and referenced. Pjproject returns the dialog locked and with a reference. However, in Asterisk the method that handles this decrements the reference. And removes the lock prior to returning. This makes it possible, Under some circumstances, for another thread to free said dialog Before the thread that created it attempts to use it again. Of Course when the thread that created it tries to use a freed dialog a crash can occur. This patch makes it so Asterisk now returns the newly created. Dialog both locked, and with an added reference. This allows the Caller to de-reference, and unlock the dialog when it is safe to do so. In the case of a new SIP Invite the lock, and reference are now. Held for the entirety of the new invite handling process. Otherwise it's possible for the dialog, or its dependent objects. Like the transaction, to disappear. For example if there is a TCP Transport error.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.