<p>Stanislav Abramenkov has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/13413">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">Update for 13.29.2<br><br>Change-Id: Id1014c8e5067178b2a773497e62014f18790c0aa<br>---<br>M .version<br>M ChangeLog<br>M apps/app_voicemail.c<br>D asterisk-13.29.1-summary.html<br>D asterisk-13.29.1-summary.txt<br>A asterisk-13.29.2-summary.html<br>A asterisk-13.29.2-summary.txt<br>7 files changed, 219 insertions(+), 119 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/13/13413/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/.version b/.version</span><br><span>index b4a7f3e..602e060 100644</span><br><span>--- a/.version</span><br><span>+++ b/.version</span><br><span>@@ -1 +1 @@</span><br><span style="color: hsl(0, 100%, 40%);">-13.29.1</span><br><span>\ No newline at end of file</span><br><span style="color: hsl(120, 100%, 40%);">+13.29.2</span><br><span>\ No newline at end of file</span><br><span>diff --git a/ChangeLog b/ChangeLog</span><br><span>index 0b48a70..ca9dc4a 100644</span><br><span>--- a/ChangeLog</span><br><span>+++ b/ChangeLog</span><br><span>@@ -1,3 +1,67 @@</span><br><span style="color: hsl(120, 100%, 40%);">+2019-11-21 21:07 +0000 Asterisk Development Team <asteriskteam@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * asterisk 13.29.2 Released.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+2019-11-21 15:04 +0000 [24d340e10a] Asterisk Development Team <asteriskteam@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * Update CHANGES and UPGRADE.txt for 13.29.2</span><br><span style="color: hsl(120, 100%, 40%);">+2019-10-24 12:41 +0000 [94a831f72a] George Joseph <gjoseph@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * manager.c: Prevent the Originate action from running the Originate app</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If an AMI user without the "system" authorization calls the</span><br><span style="color: hsl(120, 100%, 40%);">+ Originate AMI command with the Originate application,</span><br><span style="color: hsl(120, 100%, 40%);">+ the second Originate could run the "System" command.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Action: Originate</span><br><span style="color: hsl(120, 100%, 40%);">+ Channel: Local/1111</span><br><span style="color: hsl(120, 100%, 40%);">+ Application: Originate</span><br><span style="color: hsl(120, 100%, 40%);">+ Data: Local/2222,app,System,touch /tmp/owned</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If the "system" authorization isn't set, we now block the</span><br><span style="color: hsl(120, 100%, 40%);">+ Originate app as well as the System, Exec, etc. apps.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28580</span><br><span style="color: hsl(120, 100%, 40%);">+ Reported by: Eliel Sardañons</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa</span><br><span style="color: hsl(120, 100%, 40%);">+ (cherry picked from commit 1b9281a5ded62e5d30af2959e5aa33bc5a0fc285)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+2019-10-21 14:55 +0000 [c265db0a0a] Ben Ford <bford@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * chan_sip.c: Prevent address change on unauthenticated SIP request.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If the name of a peer is known and a SIP request is sent using that</span><br><span style="color: hsl(120, 100%, 40%);">+ peer's name, the address of the peer will change even if the request</span><br><span style="color: hsl(120, 100%, 40%);">+ fails the authentication challenge. This means that an endpoint can</span><br><span style="color: hsl(120, 100%, 40%);">+ be altered and even rendered unusuable, even if it was in a working</span><br><span style="color: hsl(120, 100%, 40%);">+ state previously. This can only occur when the nat option is set to the</span><br><span style="color: hsl(120, 100%, 40%);">+ default, or auto_force_rport.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This change checks the result of authentication first to ensure it is</span><br><span style="color: hsl(120, 100%, 40%);">+ successful before setting the address and the nat option.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28589 #close</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Change-Id: I581c5ed1da60ca89f590bd70872de2b660de02df</span><br><span style="color: hsl(120, 100%, 40%);">+ (cherry picked from commit c2279540bade208dad35f7760ebd4a7cc94731fe)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+2019-11-08 13:21 +0000 [cde0cd2297] Ben Ford <bford@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * res_pjsip_session.c: Check for port of zero on incoming SDP.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ If a re-invite comes in initiating T.38, but there is no c line in the</span><br><span style="color: hsl(120, 100%, 40%);">+ SDP and the port is also 0, a crash can occur. A check is now done on</span><br><span style="color: hsl(120, 100%, 40%);">+ the port to see if the steam is already declined, preventing the crash.</span><br><span style="color: hsl(120, 100%, 40%);">+ The logic was moved to res_pjsip_session.c because it is handled in a</span><br><span style="color: hsl(120, 100%, 40%);">+ similar manner in later versions of Asterisk.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28612</span><br><span style="color: hsl(120, 100%, 40%);">+ Reported by: Salah Ahmed</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Change-Id: Ifc4a0d05b32c7f2156e77fc8435a6ecaa6abada0</span><br><span style="color: hsl(120, 100%, 40%);">+ (cherry picked from commit c257794330db49f4079a7108d51da60696269b36)</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span> 2019-10-16 15:48 +0000 Asterisk Development Team <asteriskteam@digium.com></span><br><span> </span><br><span> * asterisk 13.29.1 Released.</span><br><span>diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c</span><br><span>index a51c3c7..1e43836 100644</span><br><span>--- a/apps/app_voicemail.c</span><br><span>+++ b/apps/app_voicemail.c</span><br><span>@@ -13556,7 +13556,8 @@</span><br><span> astman_send_listack(s, m, "Voicemail user list will follow", "start");</span><br><span> </span><br><span> AST_LIST_TRAVERSE(&users, vmu, list) {</span><br><span style="color: hsl(0, 100%, 40%);">- int new, old;</span><br><span style="color: hsl(120, 100%, 40%);">+ int new = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ int old = 0;</span><br><span> int ret;</span><br><span> char *mailbox;</span><br><span> </span><br><span>diff --git a/asterisk-13.29.1-summary.html b/asterisk-13.29.1-summary.html</span><br><span>deleted file mode 100644</span><br><span>index ddc6bcf..0000000</span><br><span>--- a/asterisk-13.29.1-summary.html</span><br><span>+++ /dev/null</span><br><span>@@ -1,20 +0,0 @@</span><br><span style="color: hsl(0, 100%, 40%);">-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-13.29.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-13.29.1</h3><h3 align="center">Date: 2019-10-16</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="#summary">Summary</a></li></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="#contributors">Contributors</a></li></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="#closed_issues">Closed Issues</a></li></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="#diffstat">Diffstat</a></li></span><br><span style="color: hsl(0, 100%, 40%);">-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release is a point release of an existing major version. The changes included were made to address problems that have been identified in this release series, or are minor, backwards compatible new features or improvements. Users should be able to safely upgrade to this version if this release series is already in use. Users considering upgrading from a previous version are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p><p>The data in this summary reflects changes that have been made since the previous release, asterisk-13.29.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0"></span><br><span style="color: hsl(0, 100%, 40%);">-<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr></span><br><span style="color: hsl(0, 100%, 40%);">-<tr valign="top"><td width="33%">1 Kevin Harwell <kharwell@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Joshua Elson <joshelson@gmail.com><br/>1 Niklas Larsson<br/>1 Niklas Larsson <niklas@tese.se><br/></td></tr></span><br><span style="color: hsl(0, 100%, 40%);">-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Resources/res_pjsip_mwi</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28575">ASTERISK-28575</a>: MWI Send Notify Crash on 16.6<br/>Reported by: Joshua Elson<ul></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=2f6504ce5ea5fda21d23623e0d4f390337686baa">[2f6504ce5e]</a> Kevin Harwell -- res_pjsip_mwi: potential double unref, and potential unwanted double link</li></span><br><span style="color: hsl(0, 100%, 40%);">-</ul><br><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28574">ASTERISK-28574</a>: pjproject fails to build on 16.6.0, works on 16.5<br/>Reported by: Niklas Larsson<ul></span><br><span style="color: hsl(0, 100%, 40%);">-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=1fd9f80cae200aa73e032a35ac6c0a8257444499">[1fd9f80cae]</a> George Joseph -- pjproject_bundled: Replace earlier reverts with official fixes.</li></span><br><span style="color: hsl(0, 100%, 40%);">-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>b/res/res_pjsip_mwi.c | 15</span><br><span style="color: hsl(0, 100%, 40%);">-b/third-party/pjproject/patches/0030-ssl-regression-fix.patch | 105 +</span><br><span style="color: hsl(0, 100%, 40%);">-b/third-party/pjproject/patches/0031-transport-regression-fix.patch | 187 +</span><br><span style="color: hsl(0, 100%, 40%);">-third-party/pjproject/patches/0030-Revert-Misc-re-2147-Fixed-warnings-in-SSL-socket-red.patch | 60</span><br><span style="color: hsl(0, 100%, 40%);">-third-party/pjproject/patches/0031-Revert-Fixed-2204-Add-OpenSSL-remote-certificate-cha.patch | 84</span><br><span style="color: hsl(0, 100%, 40%);">-third-party/pjproject/patches/0032-Revert-Re-2147-misc-Fix-failed-pjsip-test-transport_.patch | 64</span><br><span style="color: hsl(0, 100%, 40%);">-third-party/pjproject/patches/0033-Revert-Close-1019-Support-for-multiple-listeners.patch | 1006 ----------</span><br><span style="color: hsl(0, 100%, 40%);">-7 files changed, 303 insertions(+), 1218 deletions(-)</pre><br></html></span><br><span>\ No newline at end of file</span><br><span>diff --git a/asterisk-13.29.1-summary.txt b/asterisk-13.29.1-summary.txt</span><br><span>deleted file mode 100644</span><br><span>index 3c4d9c5..0000000</span><br><span>--- a/asterisk-13.29.1-summary.txt</span><br><span>+++ /dev/null</span><br><span>@@ -1,97 +0,0 @@</span><br><span style="color: hsl(0, 100%, 40%);">- Release Summary</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- asterisk-13.29.1</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Date: 2019-10-16</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- <asteriskteam@digium.com></span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ----------------------------------------------------------------------</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Table of Contents</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- 1. Summary</span><br><span style="color: hsl(0, 100%, 40%);">- 2. Contributors</span><br><span style="color: hsl(0, 100%, 40%);">- 3. Closed Issues</span><br><span style="color: hsl(0, 100%, 40%);">- 4. Diffstat</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ----------------------------------------------------------------------</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Summary</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- [Back to Top]</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- This release is a point release of an existing major version. The changes</span><br><span style="color: hsl(0, 100%, 40%);">- included were made to address problems that have been identified in this</span><br><span style="color: hsl(0, 100%, 40%);">- release series, or are minor, backwards compatible new features or</span><br><span style="color: hsl(0, 100%, 40%);">- improvements. Users should be able to safely upgrade to this version if</span><br><span style="color: hsl(0, 100%, 40%);">- this release series is already in use. Users considering upgrading from a</span><br><span style="color: hsl(0, 100%, 40%);">- previous version are strongly encouraged to review the UPGRADE.txt</span><br><span style="color: hsl(0, 100%, 40%);">- document as well as the CHANGES document for information about upgrading</span><br><span style="color: hsl(0, 100%, 40%);">- to this release series.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- The data in this summary reflects changes that have been made since the</span><br><span style="color: hsl(0, 100%, 40%);">- previous release, asterisk-13.29.0.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ----------------------------------------------------------------------</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Contributors</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- [Back to Top]</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- This table lists the people who have submitted code, those that have</span><br><span style="color: hsl(0, 100%, 40%);">- tested patches, as well as those that reported issues on the issue tracker</span><br><span style="color: hsl(0, 100%, 40%);">- that were resolved in this release. For coders, the number is how many of</span><br><span style="color: hsl(0, 100%, 40%);">- their patches (of any size) were committed into this release. For testers,</span><br><span style="color: hsl(0, 100%, 40%);">- the number is the number of times their name was listed as assisting with</span><br><span style="color: hsl(0, 100%, 40%);">- testing a patch. Finally, for reporters, the number is the number of</span><br><span style="color: hsl(0, 100%, 40%);">- issues that they reported that were affected by commits that went into</span><br><span style="color: hsl(0, 100%, 40%);">- this release.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Coders Testers Reporters </span><br><span style="color: hsl(0, 100%, 40%);">- 1 Kevin Harwell 1 Joshua Elson </span><br><span style="color: hsl(0, 100%, 40%);">- 1 George Joseph 1 Niklas Larsson </span><br><span style="color: hsl(0, 100%, 40%);">- 1 Niklas Larsson </span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ----------------------------------------------------------------------</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Closed Issues</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- [Back to Top]</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- This is a list of all issues from the issue tracker that were closed by</span><br><span style="color: hsl(0, 100%, 40%);">- changes that went into this release.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Bug</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Category: Resources/res_pjsip_mwi</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ASTERISK-28575: MWI Send Notify Crash on 16.6</span><br><span style="color: hsl(0, 100%, 40%);">- Reported by: Joshua Elson</span><br><span style="color: hsl(0, 100%, 40%);">- * [2f6504ce5e] Kevin Harwell -- res_pjsip_mwi: potential double unref,</span><br><span style="color: hsl(0, 100%, 40%);">- and potential unwanted double link</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Category: pjproject/pjsip</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ASTERISK-28574: pjproject fails to build on 16.6.0, works on 16.5</span><br><span style="color: hsl(0, 100%, 40%);">- Reported by: Niklas Larsson</span><br><span style="color: hsl(0, 100%, 40%);">- * [1fd9f80cae] George Joseph -- pjproject_bundled: Replace earlier</span><br><span style="color: hsl(0, 100%, 40%);">- reverts with official fixes.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- ----------------------------------------------------------------------</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- Diffstat Results</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- [Back to Top]</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- This is a summary of the changes to the source code that went into this</span><br><span style="color: hsl(0, 100%, 40%);">- release that was generated using the diffstat utility.</span><br><span style="color: hsl(0, 100%, 40%);">-</span><br><span style="color: hsl(0, 100%, 40%);">- b/res/res_pjsip_mwi.c | 15</span><br><span style="color: hsl(0, 100%, 40%);">- b/third-party/pjproject/patches/0030-ssl-regression-fix.patch | 105 +</span><br><span style="color: hsl(0, 100%, 40%);">- b/third-party/pjproject/patches/0031-transport-regression-fix.patch | 187 +</span><br><span style="color: hsl(0, 100%, 40%);">- third-party/pjproject/patches/0030-Revert-Misc-re-2147-Fixed-warnings-in-SSL-socket-red.patch | 60</span><br><span style="color: hsl(0, 100%, 40%);">- third-party/pjproject/patches/0031-Revert-Fixed-2204-Add-OpenSSL-remote-certificate-cha.patch | 84</span><br><span style="color: hsl(0, 100%, 40%);">- third-party/pjproject/patches/0032-Revert-Re-2147-misc-Fix-failed-pjsip-test-transport_.patch | 64</span><br><span style="color: hsl(0, 100%, 40%);">- third-party/pjproject/patches/0033-Revert-Close-1019-Support-for-multiple-listeners.patch | 1006 ----------</span><br><span style="color: hsl(0, 100%, 40%);">- 7 files changed, 303 insertions(+), 1218 deletions(-)</span><br><span>diff --git a/asterisk-13.29.2-summary.html b/asterisk-13.29.2-summary.html</span><br><span>new file mode 100644</span><br><span>index 0000000..41db88f</span><br><span>--- /dev/null</span><br><span>+++ b/asterisk-13.29.2-summary.html</span><br><span>@@ -0,0 +1,25 @@</span><br><span style="color: hsl(120, 100%, 40%);">+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-13.29.2</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-13.29.2</h3><h3 align="center">Date: 2019-11-21</h3><h3 align="center"><asteriskteam@digium.com></h3><hr><h2 align="center">Table of Contents</h2><ol></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="#summary">Summary</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="#contributors">Contributors</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="#closed_issues">Closed Issues</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="#commits">Other Changes</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="#diffstat">Diffstat</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="http://downloads.asterisk.org/pub/security/AST-2019-006,AST-2019-007,AST-2019-008.html">AST-2019-006,AST-2019-007,AST-2019-008</a></li></span><br><span style="color: hsl(120, 100%, 40%);">+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-13.29.1.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0"></span><br><span style="color: hsl(120, 100%, 40%);">+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr></span><br><span style="color: hsl(120, 100%, 40%);">+<tr valign="top"><td width="33%">2 Ben Ford <bford@digium.com><br/>1 Asterisk Development Team <asteriskteam@digium.com><br/>1 George Joseph <gjoseph@digium.com><br/></td><td width="33%"><td width="33%">1 Salah Ahmed<br/>1 Eliel Sardañons <eliels@gmail.com><br/>1 Andrey V. T. <avt1203@gmail.com><br/>1 Eliel Sardañons<br/>1 Salah Ahmed <txrubel@gmail.com><br/></td></tr></span><br><span style="color: hsl(120, 100%, 40%);">+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: Channels/chan_sip/General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28589">ASTERISK-28589</a>: chan_sip: Depending on configuration an INVITE can alter Addr of a peer<br/>Reported by: Andrey V. T.<ul></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=c265db0a0a6e6128297402c3540b0162a86e210c">[c265db0a0a]</a> Ben Ford -- chan_sip.c: Prevent address change on unauthenticated SIP request.</li></span><br><span style="color: hsl(120, 100%, 40%);">+</ul><br><h4>Category: Core/ManagerInterface</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28580">ASTERISK-28580</a>: Bypass SYSTEM write permission in manager action allows system commands execution<br/>Reported by: Eliel Sardañons<ul></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=94a831f72afe3c7ff0806848d731332ee49fc2d4">[94a831f72a]</a> George Joseph -- manager.c: Prevent the Originate action from running the Originate app</li></span><br><span style="color: hsl(120, 100%, 40%);">+</ul><br><h3>Bug</h3><h4>Category: Resources/res_pjsip_t38</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-28612">ASTERISK-28612</a>: res_pjsip_t38: crash on reinvite with zero port and no c= line<br/>Reported by: Salah Ahmed<ul></span><br><span style="color: hsl(120, 100%, 40%);">+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=cde0cd229706aa8509f995765578fbfdbe13015d">[cde0cd2297]</a> Ben Ford -- res_pjsip_session.c: Check for port of zero on incoming SDP.</li></span><br><span style="color: hsl(120, 100%, 40%);">+</ul><br><hr><a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all changes that went into this release that did not reference a JIRA issue.</p><table width="100%" border="1"></span><br><span style="color: hsl(120, 100%, 40%);">+<tr><th>Revision</th><th>Author</th><th>Summary</th></tr></span><br><span style="color: hsl(120, 100%, 40%);">+<tr><td><a href="https://code.asterisk.org/code/changelog/asterisk?cs=24d340e10a4e66a2a4428f0554ee583dcfd031da">24d340e10a</a></td><td>Asterisk Development Team</td><td>Update CHANGES and UPGRADE.txt for 13.29.2</td></tr></span><br><span style="color: hsl(120, 100%, 40%);">+</table><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>UPGRADE.txt | 10 ++++++++++</span><br><span style="color: hsl(120, 100%, 40%);">+channels/chan_sip.c | 28 ++++++++++++++++------------</span><br><span style="color: hsl(120, 100%, 40%);">+main/manager.c | 1 +</span><br><span style="color: hsl(120, 100%, 40%);">+res/res_pjsip_session.c | 2 ++</span><br><span style="color: hsl(120, 100%, 40%);">+4 files changed, 29 insertions(+), 12 deletions(-)</pre><br></html></span><br><span>\ No newline at end of file</span><br><span>diff --git a/asterisk-13.29.2-summary.txt b/asterisk-13.29.2-summary.txt</span><br><span>new file mode 100644</span><br><span>index 0000000..55393fb</span><br><span>--- /dev/null</span><br><span>+++ b/asterisk-13.29.2-summary.txt</span><br><span>@@ -0,0 +1,127 @@</span><br><span style="color: hsl(120, 100%, 40%);">+ Release Summary</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ asterisk-13.29.2</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Date: 2019-11-21</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ <asteriskteam@digium.com></span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Table of Contents</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ 1. Summary</span><br><span style="color: hsl(120, 100%, 40%);">+ 2. Contributors</span><br><span style="color: hsl(120, 100%, 40%);">+ 3. Closed Issues</span><br><span style="color: hsl(120, 100%, 40%);">+ 4. Other Changes</span><br><span style="color: hsl(120, 100%, 40%);">+ 5. Diffstat</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Summary</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ [Back to Top]</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This release has been made to address one or more security vulnerabilities</span><br><span style="color: hsl(120, 100%, 40%);">+ that have been identified. A security advisory document has been published</span><br><span style="color: hsl(120, 100%, 40%);">+ for each vulnerability that includes additional information. Users of</span><br><span style="color: hsl(120, 100%, 40%);">+ versions of Asterisk that are affected are strongly encouraged to review</span><br><span style="color: hsl(120, 100%, 40%);">+ the advisories and determine what action they should take to protect their</span><br><span style="color: hsl(120, 100%, 40%);">+ systems from these issues.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Security Advisories:</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ * AST-2019-006,AST-2019-007,AST-2019-008</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ The data in this summary reflects changes that have been made since the</span><br><span style="color: hsl(120, 100%, 40%);">+ previous release, asterisk-13.29.1.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Contributors</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ [Back to Top]</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This table lists the people who have submitted code, those that have</span><br><span style="color: hsl(120, 100%, 40%);">+ tested patches, as well as those that reported issues on the issue tracker</span><br><span style="color: hsl(120, 100%, 40%);">+ that were resolved in this release. For coders, the number is how many of</span><br><span style="color: hsl(120, 100%, 40%);">+ their patches (of any size) were committed into this release. For testers,</span><br><span style="color: hsl(120, 100%, 40%);">+ the number is the number of times their name was listed as assisting with</span><br><span style="color: hsl(120, 100%, 40%);">+ testing a patch. Finally, for reporters, the number is the number of</span><br><span style="color: hsl(120, 100%, 40%);">+ issues that they reported that were affected by commits that went into</span><br><span style="color: hsl(120, 100%, 40%);">+ this release.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Coders Testers Reporters </span><br><span style="color: hsl(120, 100%, 40%);">+ 2 Ben Ford 1 Salah Ahmed </span><br><span style="color: hsl(120, 100%, 40%);">+ 1 Asterisk Development Team 1 Eliel Sardañons </span><br><span style="color: hsl(120, 100%, 40%);">+ 1 George Joseph 1 Andrey V. T. </span><br><span style="color: hsl(120, 100%, 40%);">+ 1 Eliel Sardañons </span><br><span style="color: hsl(120, 100%, 40%);">+ 1 Salah Ahmed </span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Closed Issues</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ [Back to Top]</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This is a list of all issues from the issue tracker that were closed by</span><br><span style="color: hsl(120, 100%, 40%);">+ changes that went into this release.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Security</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Category: Channels/chan_sip/General</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28589: chan_sip: Depending on configuration an INVITE can alter</span><br><span style="color: hsl(120, 100%, 40%);">+ Addr of a peer</span><br><span style="color: hsl(120, 100%, 40%);">+ Reported by: Andrey V. T.</span><br><span style="color: hsl(120, 100%, 40%);">+ * [c265db0a0a] Ben Ford -- chan_sip.c: Prevent address change on</span><br><span style="color: hsl(120, 100%, 40%);">+ unauthenticated SIP request.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Category: Core/ManagerInterface</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28580: Bypass SYSTEM write permission in manager action allows</span><br><span style="color: hsl(120, 100%, 40%);">+ system commands execution</span><br><span style="color: hsl(120, 100%, 40%);">+ Reported by: Eliel Sardañons</span><br><span style="color: hsl(120, 100%, 40%);">+ * [94a831f72a] George Joseph -- manager.c: Prevent the Originate action</span><br><span style="color: hsl(120, 100%, 40%);">+ from running the Originate app</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Bug</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Category: Resources/res_pjsip_t38</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ASTERISK-28612: res_pjsip_t38: crash on reinvite with zero port and no c=</span><br><span style="color: hsl(120, 100%, 40%);">+ line</span><br><span style="color: hsl(120, 100%, 40%);">+ Reported by: Salah Ahmed</span><br><span style="color: hsl(120, 100%, 40%);">+ * [cde0cd2297] Ben Ford -- res_pjsip_session.c: Check for port of zero</span><br><span style="color: hsl(120, 100%, 40%);">+ on incoming SDP.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Commits Not Associated with an Issue</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ [Back to Top]</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This is a list of all changes that went into this release that did not</span><br><span style="color: hsl(120, 100%, 40%);">+ reference a JIRA issue.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ +------------------------------------------------------------------------+</span><br><span style="color: hsl(120, 100%, 40%);">+ | Revision | Author | Summary |</span><br><span style="color: hsl(120, 100%, 40%);">+ |------------+---------------------------+-------------------------------|</span><br><span style="color: hsl(120, 100%, 40%);">+ | 24d340e10a | Asterisk Development Team | Update CHANGES and |</span><br><span style="color: hsl(120, 100%, 40%);">+ | | | UPGRADE.txt for 13.29.2 |</span><br><span style="color: hsl(120, 100%, 40%);">+ +------------------------------------------------------------------------+</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ ----------------------------------------------------------------------</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ Diffstat Results</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ [Back to Top]</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ This is a summary of the changes to the source code that went into this</span><br><span style="color: hsl(120, 100%, 40%);">+ release that was generated using the diffstat utility.</span><br><span style="color: hsl(120, 100%, 40%);">+</span><br><span style="color: hsl(120, 100%, 40%);">+ UPGRADE.txt | 10 ++++++++++</span><br><span style="color: hsl(120, 100%, 40%);">+ channels/chan_sip.c | 28 ++++++++++++++++------------</span><br><span style="color: hsl(120, 100%, 40%);">+ main/manager.c | 1 +</span><br><span style="color: hsl(120, 100%, 40%);">+ res/res_pjsip_session.c | 2 ++</span><br><span style="color: hsl(120, 100%, 40%);">+ 4 files changed, 29 insertions(+), 12 deletions(-)</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/13413">change 13413</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/13413"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 13 </div>
<div style="display:none"> Gerrit-Change-Id: Id1014c8e5067178b2a773497e62014f18790c0aa </div>
<div style="display:none"> Gerrit-Change-Number: 13413 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Stanislav Abramenkov <stas.abramenkov@gmail.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>