|Tags||communication conferencing telephony sip|
19.8.013 Jan 2023 09:25 minor feature:
19.7.103 Dec 2022 01:45 minor feature: Update CHANGES and UPGRADE.txt for 19.7.1 Update for 19.7.1. pjproject: 2.13 security Backports two security (c4d3498 and 450baca) from pjproject 2.13. pjsip_transport_events: possible use after free on transport. It was possible for a module that registered for transport monitor. Events to pass in a pjsip_transport that had already been freed. This caused pjsip_transport_events to crash when looking up the. Monitor for the transport. The is a two pronged approach. 1. We now increment the reference count on pjsip_transports when we. Create monitors for them, then decrement the count when the Transport is going to be destroyed. 2. There are now APIs to register and unregister monitor callbacks by "transport key" which is a string concatenation of the remote ip. Address and port. This way the module needing to monitor the Transport doesn't have to hold on to the transport object itself to Unregister. It just has to save the transport_key. Added the pjsip_transport reference increment and decrement. Changed the internal transport monitor container key from the. Transport- obj_name (which may not be unique anyway) to the Transport_key. Added a helper macro AST_SIP_MAKE_REMOTE_IPADDR_PORT_STR() that. Fills a buffer with the transport_key using a passed-in Pjsip_transport. Added the following functions: Ast_sip_transport_monitor_register_key Ast_sip_transport_monitor_register_replace_key Ast_sip_transport_monitor_unregister_key And marked their non-key counterparts as deprecated. Updated res_pjsip_pubsub and res_pjsip_outbound_register to use. The new "key" monitor functions. NOTE: res_pjsip_registrar also uses the transport monitor. Functionality but doesn't have a persistent object other than Contact to store a transport key. At this time, it continues to Use the non-key monitor functions. manager: prevent file access outside of config dir Add live_dangerously flag to manager and use this flag to. Determine if a configuation file outside of AST_CONFIG_DIR Should be rea
19.7.020 Oct 2022 13:25 minor feature:
19.6.019 Aug 2022 10:45 minor feature:
19.5.024 Jun 2022 08:25 minor feature:
19.4.121 May 2022 16:05 minor feature: Res_pjsip_transport_websocket: Also set the remote name. As part of PJSIP 2.11 a behavior change was done to require a matching remote hostname on an established transport for. Secure transports. Since the Websocket transport is considered a secure transport this caused the existing connection to not be found and used. We now set the remote hostname and the transport can be found.
19.4.013 May 2022 03:25 minor feature:
19.3.327 Apr 2022 11:05 minor feature: Res_pjsip_stir_shaken.c: enabled when not configured. There was an with the conditional where STIR/SHAKEN would be. Enabled even when not configured. It has been changed to ensure that if a profile does not exist and stir_shaken is not set in pjsip.conf, then. The conditional will return from the function without performing STIR/SHAKEN operations.
19.3.215 Apr 2022 06:45 minor feature: Doing a fresh summary Update for 19.3.2. Update CHANGES and UPGRADE.txt for 19.3.2. AST-2022-002 - res_stir_shaken/curl: Add ACL checks for Identity header. Adds a new configuration option, stir_shaken_profile, in pjsip.conf that. Can be specified on a per endpoint basis. This option will reference a Stir_shaken_profile that can be configured in stir_shaken.conf. The type of this option must be 'profile'. The stir_shaken option can be. Specified on this object with the same values as before (attest, verify, on), but it cannot be off since having the profile itself implies wanting STIR/SHAKEN support. You can also specify an ACL from acl.conf (along. With permit and deny lines in the object itself) that will be used to Limit what interfaces Asterisk will attempt to retrieve information from When reading the Identity header. AST-2022-001 - res_stir_shaken/curl: Limit file size and check start. Put checks in place to limit how much we will actually download, as well as a check for the data we receive at the start to ensure it begins with. What we would expect a certificate to begin with. func_odbc: Add SQL_ESC_BACKSLASHES dialplan function. Some databases depending on their configuration using backslashes. For escaping. When combined with the use of ' this can result in a broken func_odbc query. This change adds a SQL_ESC_BACKSLASHES dialplan function which can be used to escape the backslashes. This is done as a dialplan function instead of being always done as some databases do not require this, and always doing it would. Result in incorrect data being put into the database.
19.3.102 Apr 2022 20:45 minor feature: Make_xml_documentation: Remove usage of get_sourceable_makeopts Get_sourceable_makeopts wasn't handling variables with embedded. Double quotes in them very well. One example was the DOWNLOAD Variable when curl was being used instead of wget. Rather than Trying to get_sourceable_makeopts, it's just been removed. Makefile: Disable XML doc validation Make_xml_documentation was being called with the --validate. Flag set when it shouldn't have been. This was causing Build failures if neither xmllint nor xmlstarlet were installed. The correct behavior is to simply print a message that either. One of those tools should be installed for validation and Continue with the build.
19.3.025 Mar 2022 07:05 minor feature:
19.2.105 Mar 2022 12:25 minor feature: AST-2022-006: pjproject - unconstrained malformed multipart SIP message AST-2022-005: pjproject - undefined behavior after freeing a dialog set. AST-2022-004: pjproject - possible integer underflow on STUN message.
19.2.011 Feb 2022 03:25 minor feature:
19.1.010 Dec 2021 09:15 minor feature: 2021-12-09 16:52 +0000 Asterisk Development Team * asterisk 19.1.0 Released.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.