mirror of
https://github.com/asterisk/asterisk.git
synced 2025-09-03 03:20:57 +00:00
200 lines
9.1 KiB
Plaintext
200 lines
9.1 KiB
Plaintext
Release Summary
|
|
|
|
asterisk-certified/18.9-cert3
|
|
|
|
Date: 2022-12-01
|
|
|
|
<asteriskteam@digium.com>
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Table of Contents
|
|
|
|
1. Summary
|
|
2. Contributors
|
|
3. Closed Issues
|
|
4. Open Issues
|
|
5. Other Changes
|
|
6. Diffstat
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Summary
|
|
|
|
[Back to Top]
|
|
|
|
This release has been made to address one or more security vulnerabilities
|
|
that have been identified. A security advisory document has been published
|
|
for each vulnerability that includes additional information. Users of
|
|
versions of Asterisk that are affected are strongly encouraged to review
|
|
the advisories and determine what action they should take to protect their
|
|
systems from these issues.
|
|
|
|
Security Advisories:
|
|
|
|
* AST-2022-007,AST-2022-008,AST-2022-009
|
|
|
|
The data in this summary reflects changes that have been made since the
|
|
previous release, asterisk-certified/18.9-cert2.
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Contributors
|
|
|
|
[Back to Top]
|
|
|
|
This table lists the people who have submitted code, those that have
|
|
tested patches, as well as those that reported issues on the issue tracker
|
|
that were resolved in this release. For coders, the number is how many of
|
|
their patches (of any size) were committed into this release. For testers,
|
|
the number is the number of times their name was listed as assisting with
|
|
testing a patch. Finally, for reporters, the number is the number of
|
|
issues that they reported that were affected by commits that went into
|
|
this release.
|
|
|
|
Coders Testers Reporters
|
|
4 Mike Bradeen 2 Michael Bradeen
|
|
2 Asterisk Development Team 1 George Joseph
|
|
2 George Joseph 1 shawty
|
|
1 Jaco Kroon 1 nappsoft
|
|
1 Joshua C. Colp 1 Joshua C. Colp
|
|
1 Ben Ford 1 Benjamin Keith Ford
|
|
1 Jesse Ross
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Closed Issues
|
|
|
|
[Back to Top]
|
|
|
|
This is a list of all issues from the issue tracker that were closed by
|
|
changes that went into this release.
|
|
|
|
Security
|
|
|
|
Category: Addons/chan_ooh323
|
|
|
|
ASTERISK-30103: chan_ooh323 Vulnerability in calling/called party IE
|
|
Reported by: Michael Bradeen
|
|
* [de142180a3] Mike Bradeen -- ooh323c: not checking for IE minimum
|
|
length
|
|
|
|
Category: Core/ManagerInterface
|
|
|
|
ASTERISK-30176: manager: GetConfig can read files outside of Asterisk
|
|
Reported by: shawty
|
|
* [2285ffd5eb] Mike Bradeen -- manager: prevent file access outside of
|
|
config dir
|
|
|
|
Category: pjproject/pjsip
|
|
|
|
ASTERISK-30338: pjproject: Backport security fixes from 2.13
|
|
Reported by: Benjamin Keith Ford
|
|
* [9d74efa30f] Ben Ford -- pjproject: 2.13 security fixes
|
|
|
|
Bug
|
|
|
|
Category: Core/BuildSystem
|
|
|
|
ASTERISK-30321: Build: Embedded blobs have executable stacks
|
|
Reported by: George Joseph
|
|
* [ed798d30f8] Jaco Kroon -- Build system: Avoid executable stack.
|
|
|
|
Category: Resources/res_agi
|
|
|
|
ASTERISK-30314: res_agi: RECORD FILE doesn't respect "transmit_silence"
|
|
asterisk.conf option
|
|
Reported by: Joshua C. Colp
|
|
* [e50b2bfad9] Joshua C. Colp -- res_agi: Respect "transmit_silence"
|
|
option for "RECORD FILE".
|
|
|
|
Category: Resources/res_pjsip_pubsub
|
|
|
|
ASTERISK-30244: res_pjsip_pubsub: Occasional crash when TCP/TLS connection
|
|
terminated and subscription persistence is removed
|
|
Reported by: nappsoft
|
|
* [dd76b53ca6] George Joseph -- pjsip_transport_events: Fix possible use
|
|
after free on transport
|
|
|
|
Category: pjproject/pjsip
|
|
|
|
ASTERISK-28689: res_pjsip: Crash when locking group lock when sending
|
|
stateful response
|
|
Reported by: Jesse Ross
|
|
* [1a72025c35] Mike Bradeen -- res_pjsip: prevent crash on websocket
|
|
disconnect
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Open Issues
|
|
|
|
[Back to Top]
|
|
|
|
This is a list of all open issues from the issue tracker that were
|
|
referenced by changes that went into this release.
|
|
|
|
Bug
|
|
|
|
Category: Resources/res_stasis_snoop
|
|
|
|
ASTERISK-30252: Unidirectional snoop on resampled channel causes garbled
|
|
audio
|
|
Reported by: Michael Bradeen
|
|
* [f107e4fd87] Mike Bradeen -- audiohook: add directional awareness
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Commits Not Associated with an Issue
|
|
|
|
[Back to Top]
|
|
|
|
This is a list of all changes that went into this release that did not
|
|
reference a JIRA issue.
|
|
|
|
+------------------------------------------------------------------------+
|
|
| Revision | Author | Summary |
|
|
|------------+----------------------+------------------------------------|
|
|
| 4e9c0bc880 | Asterisk Development | Update CHANGES and UPGRADE.txt for |
|
|
| | Team | certified/18.9-cert3 |
|
|
|------------+----------------------+------------------------------------|
|
|
| 28a23f6595 | Asterisk Development | Update for certified/18.9-cert3 |
|
|
| | Team | |
|
|
|------------+----------------------+------------------------------------|
|
|
| 6e842ae100 | George Joseph | res_geolocation: Update wiki |
|
|
| | | documentation |
|
|
+------------------------------------------------------------------------+
|
|
|
|
----------------------------------------------------------------------
|
|
|
|
Diffstat Results
|
|
|
|
[Back to Top]
|
|
|
|
This is a summary of the changes to the source code that went into this
|
|
release that was generated using the diffstat utility.
|
|
|
|
Makefile.rules | 4
|
|
UPGRADE.txt | 13
|
|
addons/ooh323c/src/ooq931.c | 15
|
|
configs/samples/asterisk.conf.sample | 11
|
|
configs/samples/geolocation.conf.sample | 2
|
|
include/asterisk/audiohook.h | 9
|
|
include/asterisk/manager.h | 12
|
|
include/asterisk/res_pjsip.h | 83 +++
|
|
main/audiohook.c | 22
|
|
main/manager.c | 42 +
|
|
main/options.c | 1
|
|
res/res_agi.c | 15
|
|
res/res_geolocation/wiki/AsteriskImplementation.md | 251 +++++++--
|
|
res/res_geolocation/wiki/GML.md | 38 +
|
|
res/res_geolocation/wiki/Geolocation.md | 2
|
|
res/res_geolocation/wiki/README.txt | 31 +
|
|
res/res_geolocation/wiki/URI.md | 5
|
|
res/res_pjsip.c | 47 +
|
|
res/res_pjsip/pjsip_transport_events.c | 214 +++++++-
|
|
res/res_pjsip_outbound_registration.c | 28 -
|
|
res/res_pjsip_pubsub.c | 25
|
|
res/res_stasis_snoop.c | 22
|
|
third-party/pjproject/patches/0200-cert-18.9-potential-buffer-overflow-in-pjlib-scanner-and-pjmedia.patch | 254 ++++++++++
|
|
23 files changed, 997 insertions(+), 149 deletions(-)
|