kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 11:06:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update for 20.0.1

Browse Source
This commit is contained in:
Asterisk Development Team
2022-12-01 15:08:11 -05:00
parent cdc655b2a6
commit 41c06014ab
6 changed files with 259 additions and 5641 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.version
View File

@@ -1 +1 @@
20.0.0
20.0.1

87
ChangeLog
View File

@@ -1,3 +1,90 @@
2022-12-01 20:08 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 20.0.1 Released.
2022-12-01 13:49 +0000 [cdc655b2a6] Asterisk Development Team <asteriskteam@digium.com>
* Update CHANGES and UPGRADE.txt for 20.0.1
2022-11-29 14:02 +0000 [702f400e3e] Ben Ford <bford@digium.com>
* pjproject: 2.13 security fixes
Backports two security fixes (c4d3498 and 450baca) from pjproject 2.13.
ASTERISK-30338
Change-Id: I86fdc003d5d22cb66e7cc6dc3313a8194f27eb69
2022-10-10 09:35 +0000 [ed45a9182d] George Joseph <gjoseph@digium.com>
* pjsip_transport_events: Fix possible use after free on transport
It was possible for a module that registered for transport monitor
events to pass in a pjsip_transport that had already been freed.
This caused pjsip_transport_events to crash when looking up the
monitor for the transport. The fix is a two pronged approach.
1. We now increment the reference count on pjsip_transports when we
create monitors for them, then decrement the count when the
transport is going to be destroyed.
2. There are now APIs to register and unregister monitor callbacks
by "transport key" which is a string concatenation of the remote ip
address and port. This way the module needing to monitor the
transport doesn't have to hold on to the transport object itself to
unregister. It just has to save the transport_key.
* Added the pjsip_transport reference increment and decrement.
* Changed the internal transport monitor container key from the
transport->obj_name (which may not be unique anyway) to the
transport_key.
* Added a helper macro AST_SIP_MAKE_REMOTE_IPADDR_PORT_STR() that
fills a buffer with the transport_key using a passed-in
pjsip_transport.
* Added the following functions:
ast_sip_transport_monitor_register_key
ast_sip_transport_monitor_register_replace_key
ast_sip_transport_monitor_unregister_key
and marked their non-key counterparts as deprecated.
* Updated res_pjsip_pubsub and res_pjsip_outbound_register to use
the new "key" monitor functions.
NOTE: res_pjsip_registrar also uses the transport monitor
functionality but doesn't have a persistent object other than
contact to store a transport key. At this time, it continues to
use the non-key monitor functions.
ASTERISK-30244
Change-Id: I1a20baf2a8643c272dcf819871d6c395f148f00b
2022-10-03 13:54 +0000 [0f44cd885a] Mike Bradeen <mbradeen@sangoma.com>
* manager: prevent file access outside of config dir
Add live_dangerously flag to manager and use this flag to
determine if a configuation file outside of AST_CONFIG_DIR
should be read.
ASTERISK-30176
Change-Id: I46b26af4047433b49ae5c8a85cb8cda806a07404
2022-06-06 18:11 +0000 [d420314ffd] Mike Bradeen <mbradeen@sangoma.com>
* ooh323c: not checking for IE minimum length
When decoding q.931 encoded calling/called number
now checking for length being less than minimum required.
ASTERISK-30103
Change-Id: I3dcfce0f35eca258dc450f87c92d4d7af402c2e7
2022-10-19 14:31 +0000 Asterisk Development Team <asteriskteam@digium.com>
* asterisk 20.0.0 Released.

1836
asterisk-20.0.0-summary.html
View File

File diff suppressed because one or more lines are too long

3804
asterisk-20.0.0-summary.txt
View File

File diff suppressed because it is too large Load Diff

34
asterisk-20.0.1-summary.html Normal file
View File

@@ -0,0 +1,34 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-20.0.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-20.0.1</h3><h3 align="center">Date: 2022-12-01</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
<li><a href="#summary">Summary</a></li>
<li><a href="#contributors">Contributors</a></li>
<li><a href="#closed_issues">Closed Issues</a></li>
<li><a href="#commits">Other Changes</a></li>
<li><a href="#diffstat">Diffstat</a></li>
</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
<li><a href="http://downloads.asterisk.org/pub/security/AST-2022-007,AST-2022-008,AST-2022-009.html">AST-2022-007,AST-2022-008,AST-2022-009</a></li>
</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-20.0.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
<tr valign="top"><td width="33%">2 Mike Bradeen <mbradeen@sangoma.com><br/>1 Asterisk Development Team <asteriskteam@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/>1 Ben Ford <bford@digium.com><br/></td><td width="33%"><td width="33%">1 shawty <shawty.d.ds@googlemail.com><br/>1 nappsoft <infos@nappsoft.ch><br/>1 Benjamin Keith Ford <bford@digium.com><br/>1 Michael Bradeen <mbradeen@sangoma.com><br/></td></tr>
</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Addons/chan_ooh323</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-30103">ASTERISK-30103</a>: chan_ooh323 Vulnerability in calling/called party IE<br/>Reported by: Michael Bradeen<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=d420314ffdba7cb143b98a8cc501719e915dc4f7">[d420314ffd]</a> Mike Bradeen -- ooh323c: not checking for IE minimum length</li>
</ul><br><h4>Category: Core/ManagerInterface</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-30176">ASTERISK-30176</a>: manager: GetConfig can read files outside of Asterisk<br/>Reported by: shawty<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=0f44cd885a3723774f63a25048057a8bd7acd94b">[0f44cd885a]</a> Mike Bradeen -- manager: prevent file access outside of config dir</li>
</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-30338">ASTERISK-30338</a>: pjproject: Backport security fixes from 2.13<br/>Reported by: Benjamin Keith Ford<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=702f400e3e2ae2e301d3399906e246487b2f517f">[702f400e3e]</a> Ben Ford -- pjproject: 2.13 security fixes</li>
</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip_pubsub</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-30244">ASTERISK-30244</a>: res_pjsip_pubsub: Occasional crash when TCP/TLS connection terminated and subscription persistence is removed<br/>Reported by: nappsoft<ul>
<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=ed45a9182d17b27fb78546da4ef392210f19464c">[ed45a9182d]</a> George Joseph -- pjsip_transport_events: Fix possible use after free on transport</li>
</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1">
<tr><th>Revision</th><th>Author</th><th>Summary</th></tr>
<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=cdc655b2a6804aedc279d5fd0a5e2317a3c146a9">cdc655b2a6</a></td><td>Asterisk Development Team</td><td>Update CHANGES and UPGRADE.txt for 20.0.1</td></tr>
</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>UPGRADE.txt | 13
addons/ooh323c/src/ooq931.c | 15
configs/samples/asterisk.conf.sample | 11
include/asterisk/manager.h | 12
include/asterisk/res_pjsip.h | 83 ++
main/manager.c | 42 +
main/options.c | 1
res/res_pjsip/pjsip_transport_events.c | 214 ++++++-
res/res_pjsip_outbound_registration.c | 28
res/res_pjsip_pubsub.c | 25
third-party/pjproject/patches/0200-potential-buffer-overflow-in-pjlib-scanner-and-pjmedia.patch | 289 ++++++++++
11 files changed, 680 insertions(+), 53 deletions(-)</pre><br></html>

137
asterisk-20.0.1-summary.txt Normal file
View File

@@ -0,0 +1,137 @@
Release Summary
asterisk-20.0.1
Date: 2022-12-01
<asteriskteam@digium.com>
----------------------------------------------------------------------
Table of Contents
1. Summary
2. Contributors
3. Closed Issues
4. Other Changes
5. Diffstat
----------------------------------------------------------------------
Summary
[Back to Top]
This release has been made to address one or more security vulnerabilities
that have been identified. A security advisory document has been published
for each vulnerability that includes additional information. Users of
versions of Asterisk that are affected are strongly encouraged to review
the advisories and determine what action they should take to protect their
systems from these issues.
Security Advisories:
* AST-2022-007,AST-2022-008,AST-2022-009
The data in this summary reflects changes that have been made since the
previous release, asterisk-20.0.0.
----------------------------------------------------------------------
Contributors
[Back to Top]
This table lists the people who have submitted code, those that have
tested patches, as well as those that reported issues on the issue tracker
that were resolved in this release. For coders, the number is how many of
their patches (of any size) were committed into this release. For testers,
the number is the number of times their name was listed as assisting with
testing a patch. Finally, for reporters, the number is the number of
issues that they reported that were affected by commits that went into
this release.
Coders Testers Reporters
2 Mike Bradeen 1 shawty
1 Asterisk Development Team 1 nappsoft
1 George Joseph 1 Benjamin Keith Ford
1 Ben Ford 1 Michael Bradeen
----------------------------------------------------------------------
Closed Issues
[Back to Top]
This is a list of all issues from the issue tracker that were closed by
changes that went into this release.
Security
Category: Addons/chan_ooh323
ASTERISK-30103: chan_ooh323 Vulnerability in calling/called party IE
Reported by: Michael Bradeen
* [d420314ffd] Mike Bradeen -- ooh323c: not checking for IE minimum
length
Category: Core/ManagerInterface
ASTERISK-30176: manager: GetConfig can read files outside of Asterisk
Reported by: shawty
* [0f44cd885a] Mike Bradeen -- manager: prevent file access outside of
config dir
Category: pjproject/pjsip
ASTERISK-30338: pjproject: Backport security fixes from 2.13
Reported by: Benjamin Keith Ford
* [702f400e3e] Ben Ford -- pjproject: 2.13 security fixes
Bug
Category: Resources/res_pjsip_pubsub
ASTERISK-30244: res_pjsip_pubsub: Occasional crash when TCP/TLS connection
terminated and subscription persistence is removed
Reported by: nappsoft
* [ed45a9182d] George Joseph -- pjsip_transport_events: Fix possible use
after free on transport
----------------------------------------------------------------------
Commits Not Associated with an Issue
[Back to Top]
This is a list of all changes that went into this release that did not
reference a JIRA issue.
+------------------------------------------------------------------------+
| Revision | Author | Summary |
|------------+---------------------------+-------------------------------|
| cdc655b2a6 | Asterisk Development Team | Update CHANGES and |
| | | UPGRADE.txt for 20.0.1 |
+------------------------------------------------------------------------+
----------------------------------------------------------------------
Diffstat Results
[Back to Top]
This is a summary of the changes to the source code that went into this
release that was generated using the diffstat utility.
UPGRADE.txt | 13
addons/ooh323c/src/ooq931.c | 15
configs/samples/asterisk.conf.sample | 11
include/asterisk/manager.h | 12
include/asterisk/res_pjsip.h | 83 ++
main/manager.c | 42 +
main/options.c | 1
res/res_pjsip/pjsip_transport_events.c | 214 ++++++-
res/res_pjsip_outbound_registration.c | 28
res/res_pjsip_pubsub.c | 25
third-party/pjproject/patches/0200-potential-buffer-overflow-in-pjlib-scanner-and-pjmedia.patch | 289 ++++++++++
11 files changed, 680 insertions(+), 53 deletions(-)