kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 11:06:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update for 17.9.4

Browse Source
This commit is contained in:
Asterisk Development Team
2021-07-22 17:08:46 -05:00
parent 093167003a
commit 3e17d375e4
4 changed files with 70 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.version
View File

@@ -1 +1 @@
17.9.3
17.9.4

32
ChangeLog
View File

@@ -1,3 +1,35 @@
2021-07-22 22:08 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 17.9.4 Released.
2021-06-14 13:28 +0000 [093167003a] Kevin Harwell <kharwell@sangoma.com>
* AST-2021-009 - pjproject-bundled: Avoid crash during handshake for TLS
If an SSL socket parent/listener was destroyed during the handshake,
depending on timing, it was possible for the handling callback to
attempt access of it after the fact thus causing a crash.
ASTERISK-29415 #close
Change-Id: I105dacdcd130ea7fdd4cf2010ccf35b5eaf1432d
2021-05-10 17:59 +0000 [a73db1ec6b] Kevin Harwell <kharwell@sangoma.com>
* AST-2021-008 - chan_iax2: remote crash on unsupported media format
If chan_iax2 received a packet with an unsupported media format, for
example vp9, then it would set the frame's format to NULL. This could
then result in a crash later when an attempt was made to access the
format.
This patch makes it so chan_iax2 now ignores/drops frames received
with unsupported media format types.
ASTERISK-29392 #close
Change-Id: Ifa869a90dafe33eed8fd9463574fe6f1c0ad3eb1
2021-03-04 16:46 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 17.9.3 Released.

19
asterisk-17.9.3-summary.html → asterisk-17.9.4-summary.html
View File

@@ -1,13 +1,18 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-17.9.3</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-17.9.3</h3><h3 align="center">Date: 2021-03-04</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-17.9.4</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-17.9.4</h3><h3 align="center">Date: 2021-07-22</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
<li><a href="#summary">Summary</a></li>
<li><a href="#contributors">Contributors</a></li>
<li><a href="#closed_issues">Closed Issues</a></li>
<li><a href="#diffstat">Diffstat</a></li>
</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-006.html">AST-2021-006</a></li>
</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-17.9.2.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
<li><a href="http://downloads.asterisk.org/pub/security/AST-2021-008,AST-2021-009.html">AST-2021-008,AST-2021-009</a></li>
</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-17.9.3.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
<tr valign="top"><td width="33%">1 Ben Ford <bford@digium.com><br/></td><td width="33%"><td width="33%">1 Gregory Massel <greg@csurf.co.za><br/></td></tr>
</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29305">ASTERISK-29305</a>: ASTERISK-29203 / AST-2021-002 -- Another scenario is causing a crash<br/>Reported by: Gregory Massel<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=4be5bddafbcfe132e336fc4629573418da6b8717">[4be5bddafb]</a> Ben Ford -- AST-2021-006 - res_pjsip_t38.c: Check for session_media on reinvite.</li>
</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>
<tr valign="top"><td width="33%">2 Kevin Harwell <kharwell@sangoma.com><br/></td><td width="33%"><td width="33%">1 Michael Welk <dl5ocd@darc.de><br/>1 Andrew Yager <andrew@rwts.com.au><br/></td></tr>
</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Channels/chan_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29415">ASTERISK-29415</a>: Crash in PJSIP TLS transport <br/>Reported by: Andrew Yager<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=093167003a502011118fd282b9a44ae2786af1c1">[093167003a]</a> Kevin Harwell -- AST-2021-009 - pjproject-bundled: Avoid crash during handshake for TLS</li>
</ul><br><h3>Bug</h3><h4>Category: Channels/chan_iax2</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29392">ASTERISK-29392</a>: chan_iax2: Asterisk crashes when queueing video with format<br/>Reported by: Michael Welk<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=a73db1ec6b8d9412ee929f46ea577d9a05af1ee7">[a73db1ec6b]</a> Kevin Harwell -- AST-2021-008 - chan_iax2: remote crash on unsupported media format</li>
</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>channels/chan_iax2.c | 40 +-
third-party/pjproject/patches/0110-tls-parent-listener-destroyed.patch | 166 ++++++++++
third-party/pjproject/patches/0111-ssl-premature-destroy.patch | 36 ++
3 files changed, 233 insertions(+), 9 deletions(-)</pre><br></html>

37
asterisk-17.9.3-summary.txt → asterisk-17.9.4-summary.txt
View File

@@ -1,8 +1,8 @@
Release Summary
asterisk-17.9.3
asterisk-17.9.4
Date: 2021-03-04
Date: 2021-07-22
<asteriskteam@digium.com>
@@ -30,10 +30,10 @@
Security Advisories:
* AST-2021-006
* AST-2021-008,AST-2021-009
The data in this summary reflects changes that have been made since the
previous release, asterisk-17.9.2.
previous release, asterisk-17.9.3.
----------------------------------------------------------------------
@@ -51,7 +51,8 @@
this release.
Coders Testers Reporters
1 Ben Ford 1 Gregory Massel
2 Kevin Harwell 1 Michael Welk
1 Andrew Yager
----------------------------------------------------------------------
@@ -64,13 +65,22 @@
Security
Category: Resources/res_pjsip_t38
Category: Channels/chan_pjsip
ASTERISK-29305: ASTERISK-29203 / AST-2021-002 -- Another scenario is
causing a crash
Reported by: Gregory Massel
* [4be5bddafb] Ben Ford -- AST-2021-006 - res_pjsip_t38.c: Check for
session_media on reinvite.
ASTERISK-29415: Crash in PJSIP TLS transport
Reported by: Andrew Yager
* [093167003a] Kevin Harwell -- AST-2021-009 - pjproject-bundled: Avoid
crash during handshake for TLS
Bug
Category: Channels/chan_iax2
ASTERISK-29392: chan_iax2: Asterisk crashes when queueing video with
format
Reported by: Michael Welk
* [a73db1ec6b] Kevin Harwell -- AST-2021-008 - chan_iax2: remote crash
on unsupported media format
----------------------------------------------------------------------
@@ -81,4 +91,7 @@
This is a summary of the changes to the source code that went into this
release that was generated using the diffstat utility.
0 files changed
channels/chan_iax2.c | 40 +-
third-party/pjproject/patches/0110-tls-parent-listener-destroyed.patch | 166 ++++++++++
third-party/pjproject/patches/0111-ssl-premature-destroy.patch | 36 ++
3 files changed, 233 insertions(+), 9 deletions(-)