[asterisk-commits] bebuild: tag 11.3.0-rc2 r384090 - /tags/11.3.0-rc2/ChangeLog
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Mar 27 12:56:42 CDT 2013
Author: bebuild
Date: Wed Mar 27 12:56:38 2013
New Revision: 384090
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=384090
Log:
Update ChangeLog
Modified:
tags/11.3.0-rc2/ChangeLog
Modified: tags/11.3.0-rc2/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/11.3.0-rc2/ChangeLog?view=diff&rev=384090&r1=384089&r2=384090
==============================================================================
--- tags/11.3.0-rc2/ChangeLog (original)
+++ tags/11.3.0-rc2/ChangeLog Wed Mar 27 12:56:38 2013
@@ -1,3 +1,194 @@
+2013-03-27 Asterisk Development Team <asteriskteam at digium.com>
+
+ * Asterisk 11.3.0-rc2 Released.
+
+ * app_confbridge: Fix error messages on exiting conference.
+
+ A marked user ending a conference with only end_marked users
+ generates error messages:
+ ERROR[0000][C-00000000]: confbridge/conf_state.c:47
+ conf_invalid_event_fn: Invalid event for confbridge user ''
+
+ The MULTI_MARKED state was doing too much when it was kicking out
+ the end_marked users from the conference. The kicked out users
+ will clean up after themselves when they exit the conference.
+
+ * app_page and app_confbridge: Fix custom announcement on entering
+ conference.
+
+ The Page and ConfBridge custom announcement did not play when users
+ entered the conference.
+
+ Fix the CONFBRIDGE(user,announcement) file not getting played. The
+ code to do this got removed accidentally when the ConfBridge code
+ was restructured to be more state machine like.
+
+ Fixed play_prompt_to_user() doxygen comments.
+
+ Fixed the Page A(x) and n options for the caller. The caller never
+ played the announcement file and totally ignored the n option. The
+ code to do this was lost when the application was converted to use
+ ConfBridge.
+
+ Factored out setup_profile_bridge(), setup_profile_paged(), and
+ setup_profile_caller() routines to setup ConfBridge profiles. Made
+ each profile setup routine use the default template if one has not
+ already been setup by dialplan.
+
+ * app_confbridge: Fix crash from receiving an AMI action after
+ ConfBridge unloaded.
+
+ Unloading ConfBridge caused the next AMI action received to crash
+ Asterisk. Add the missing unregister of AMI action
+ ConfbridgeSetSingleVideoSrc when ConfBridge is unloaded.
+
+ * Fixed Confbridge file recording deadlock and appending.
+
+ A deadlock occurred after starting/stopping and then restarting a
+ confbridge recording. Upon starting a recording a record thread is
+ created that holds a lock until just before exiting. Stopping the
+ recording does not stop/exit the thread or release the lock. The
+ thread waits until recording begins again. Starting a stopped
+ recording signals the thread to continue and start recording
+ again. However restarting the recording also created another
+ record thread resulting in a deadlock. The fix was to make sure
+ the record thread was only created once.
+
+ * Confbridge channels staying active when all participants leave.
+
+ If you started/stopped recording of a conference multiple times
+ channels would remain active even when all participants left the
+ conference. This was due to the fact that a reference to the
+ confbridge was being added every time a start record command was
+ issued, but when the recording was stopped there was no matching
+ de-reference thus keeping the conference alive. Made sure only a
+ single reference is added for the record thread no matter how
+ many times recording is started/stopped. A de-reference is
+ issued upon thread ending.
+
+ * Let vm_mailbox_snapshot_create's combine option apply to "Urgent"
+ as well
+
+ The vm_mailbox_snapshot_create function has an option that combines
+ the contents of INBOX and Old into a single snapshot. The intent
+ of this is that both 'new' messages and 'deleted' messages are given
+ in a single snapshot, as some applications prefer this view of the
+ voicemail world. Unfortunately, the initial implementation ignored the
+ "Urgent" folder. The "Urgent" folder is a pseudo-INBOX, in that new
+ messages left with the 'U' flag will be placed in that folder as
+ opposed to INBOX. Thus, the option failed the intent with which it
+ was added.
+
+ * Fix comparison of presence state in event subsystem.
+
+ Several new IEs were not given types (or names), causing the
+ comparison function to improperly succeed. This adds those.
+
+ * Let vm_mailbox_snapshot combine "Urgent" when no folder is specified
+
+ r381835 fixed a bug in vm_mailbox_snapshot where combining INBOX and
+ Old forgot that Urgent also "counts" as new messages. This fixed the
+ problem when any of the three folders was specified and the combine
+ option was used. It missed the case where the folder isn't specified
+ and we build a snapshot of all folders. This patch corrects that.
+
+ * Do not allow native RTP bridging if packetization of media streams
+ differs.
+
+ The RTP engine will no longer allow for local and remote native RTP
+ bridges if packetization of streams differs. Allowing native bridging
+ in this scenario has been known to cause FAX failures.
+
+ * Resolve deadlock between pending CDR and batch CDR locks
+
+ r375757 attempted to resolve a race condition between multiple
+ submissions of CDRs while in batch mode from attempting to destroy the
+ scheduled batch submission by extending the batch CDR lock. Unfortunately,
+ this causes a deadlock between the pending CDR lock and the batch CDR lock.
+ This patch resolves the intent of r375757 by simply providing a new lock
+ that protects the scheduling of the batches. The original batch CDR lock
+ is kept to protect manipulation of the batch CDR settings, but has been
+ placed such that it is not held when the pending lock is held.
+
+ Thanks to Chase Venters for providing lock analysis on the issue.
+
+ * Resolve deadlock between SIP registration and channel based
+ functions
+
+ In r373424, several reentrancy problems in chan_sip were addressed. As
+ a result, the SIP channel driver is now properly locking the channel
+ driver private information in certain operations that it wasn't previously.
+ This exposed two latent problems either in register_verify or by functions
+ called by register_verify. This includes:
+ * Holding the private lock while calling sip_send_mwi_to_peer. This
+ can create a new sip_pvt via sip_alloc, which will obtain the channel
+ container lock. This is a locking inversion, as any channel related lock
+ must be obtained prior to obtaining the SIP channel technology private
+ lock.
+ * Holding the private lock while calling sip_poke_peer. In the same vein as
+ sip_send_mwi_to_peer, sip_poke_peer can create a new SIP private, causing
+ the same locking inversion.
+
+ Note that this locking inversion typically occured when CLI commands were run
+ while a SIP REGISTER request was being processed, as many CLI commands (such
+ as 'sip show channels', 'core show channels', etc.) have to obtain the channel
+ container lock.
+
+ * AST-2013-001: Prevent buffer overflow through H.264 format negotiation
+
+ The format attribute resource for H.264 video performs an unsafe read
+ against a media attribute when parsing the SDP. The value passed in with
+ the format attribute is not checked for its length when parsed into a fixed
+ length buffer. This patch resolves the vulnerability by only reading
+ as many characters from the SDP value as will fit into the buffer.
+
+ * AST-2013-002: Prevent denial of service in HTTP server
+
+ AST-2012-014, fixed in January of this year, contained a fix for
+ Asterisk's HTTP server for a remotely-triggered crash. While the fix put in
+ place fixed the possibility for the crash to be triggered, a denial of
+ service vector still exists with that solution if an attacker sends one or
+ more HTTP POST requests with very large Content-Length values. This patch
+ resolves this by capping the Content-Length at 1024 bytes. Any attempt to send
+ an HTTP POST with Content-Length greater than this cap will not result in any
+ memory allocation. The POST will be responded to with an HTTP 413 "Request
+ Entity Too Large" response.
+
+ This issue was reported by Christoph Hebeisen of TELUS Security Labs
+
+ * AST-2013-003: Prevent username disclosure in SIP channel driver
+
+ When authenticating a SIP request with alwaysauthreject enabled,
+ allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether
+ a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in
+ multiple ways. The information is disclosed when:
+ * A "407 Proxy Authentication Required" response is sent instead of a
+ "401 Unauthorized" response
+ * The presence or absence of additional tags occurs at the end of
+ "403 Forbidden" (such as "(Bad Auth)")
+ * A "401 Unauthorized" response is sent instead of "403 Forbidden"
+ response after a retransmission
+ * Retransmission are sent when a matching peer did not exist, but not
+ when a matching peer did exist.
+ This patch resolves these various vectors by ensuring that the responses sent
+ in all scenarios is the same, regardless of the presence of a matching peer.
+
+ This issue was reported by Walter Doekes, OSSO B.V. A substantial portion of
+ the testing and the solution to this problem was done by Walter as well - a
+ huge thanks to his tireless efforts in finding all the ways in which this
+ setting didn't work, providing automated tests, and working with Kinsey on
+ getting this fixed.
+
+ * Fix white noise on SRTP decryption
+
+ When res_rtp_asterisk.c was altered to avoid attempting to apply
+ unprotect algorithms to non-audio RTP packets, the test used was
+ incorrect. This caused the audio packets to not be decrypted and
+ resulted in loud white noise on the other endpoint (or both endpoints
+ depending on the call legs involved). The test now properly checks the
+ version field in the RTP header to ensure that RTP and RTCP are
+ decrypted while other types of packets are not.
+
2013-01-30 Asterisk Development Team <asteriskteam at digium.com>
* Asterisk 11.3.0-rc1 Released.
More information about the asterisk-commits
mailing list