[asterisk-dev] Asterisk 1.4.20-rc1 Now Available

Tony Mountifield tony at softins.clara.co.uk
Fri May 2 17:32:57 CDT 2008


In article <481B574F.4060005 at digium.com>,
Russell Bryant <russell at digium.com> wrote:
> Steve Davies wrote:
> > Does this mean that the security fix in 1.2.28 suffers from the same
> > performance issues and needs a similar fix? The use of the word
> > "Critical" would suggest that if it exists in 1.2.x it needs fixing.
> > Or perhaps 1.4 got an "enhanced" version of the security fix?
> 
> That's a good point ... hrm!
> 
> The security fix really kills performance of chan_iax2 in such a way that it
> pretty much makes it unusable under any reasonable load.  Backporting this fix
> is certainly possible, but it is pretty invasive to do to 1.2.  It means
> backporting astobj2 to Asterisk 1.2.
> 
> But, if chan_iax2 isn't very usable, I guess that's what we have to do ...

Is there a different way of addressing the security issue instead, that
doesn't have the same performance hit?

Cheers
Tony
-- 
Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org



More information about the asterisk-dev mailing list