289a15f33b
Fixes the following security issues: 16.15.0: - ASTERISK-29057: pjsip: Crash on call rejection during high load 16.15.1: - AST-2020-003: Remote crash in res_pjsip_diversion A crash can occur in Asterisk when a SIP message is received that has a History-Info header, which contains a tel-uri. https://downloads.asterisk.org/pub/security/AST-2020-003.pdf - AST-2020-004: Remote crash in res_pjsip_diversion A crash can occur in Asterisk when a SIP 181 response is received that has a Diversion header, which contains a tel-uri. https://downloads.asterisk.org/pub/security/AST-2020-004.pdf 16.16.0: - ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info 16.16.1: - AST-2021-001: Remote crash in res_pjsip_diversion If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the “Supported” header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash. https://downloads.asterisk.org/pub/security/AST-2021-001.pdf - AST-2021-002: Remote crash possible when negotiating T.38 When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash. https://downloads.asterisk.org/pub/security/AST-2021-002.pdf - AST-2021-003: Remote attacker could prematurely tear down SRTP calls An unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely. https://downloads.asterisk.org/pub/security/AST-2021-003.pdf - AST-2021-004: An unsuspecting user could crash Asterisk with multiple hold/unhold requests Due to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession. https://downloads.asterisk.org/pub/security/AST-2021-004.pdf - AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver Given a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. https://downloads.asterisk.org/pub/security/AST-2021-005.pdf 16.16.2: - AST-2021-006: Crash when negotiating T.38 with a zero port When Asterisk sends a re-invite initiating T.38 faxing and the endpoint responds with a m=image line and zero port, a crash will occur in Asterisk. This is a reoccurrence of AST-2019-004. https://downloads.asterisk.org/pub/security/AST-2021-006.pdf 16.17.0: - ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash - ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls - ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes memory corruption and crash 16.19.1: - AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver When Asterisk receives a re-INVITE without SDP after having sent a BYE request a crash will occur. This occurs due to the Asterisk channel no longer being present while code assumes it is. https://downloads.asterisk.org/pub/security/AST-2021-007.pdf - AST-2021-008: Remote crash when using IAX2 channel driver If the IAX2 channel driver receives a packet that contains an unsupported media format it can cause a crash to occur in Asterisk. https://downloads.asterisk.org/pub/security/AST-2021-008.pdf - AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during handshake Depending on the timing, it’s possible for Asterisk to crash when using a TLS connection if the underlying socket parent/listener gets destroyed during the handshake. https://downloads.asterisk.org/pub/security/AST-2021-009.pdf 16.20.0: - ASTERISK-29415: Crash in PJSIP TLS transport - ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated user In addition, a large number of bugfixes. Drop now upstreamed 0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
16 lines
1.1 KiB
Plaintext
16 lines
1.1 KiB
Plaintext
# Locally computed
|
|
sha256 1ba86666072b903e24b5cfef3d6d607d0d090c0fd232429ed410496e8f93ac40 asterisk-16.21.1.tar.gz
|
|
|
|
# sha1 from: http://downloads.asterisk.org/pub/telephony/sounds/releases
|
|
# sha256 locally computed
|
|
sha1 721c512feaea102700d5bdce952fdc0bb29dc640 asterisk-core-sounds-en-gsm-1.6.1.tar.gz
|
|
sha256 d79c3d2044d41da8f363c447dfccc140be86b4fcc41b1ca5a60a80da52f24f2d asterisk-core-sounds-en-gsm-1.6.1.tar.gz
|
|
sha1 f40fd6ea03dfe8d72ada2540b2288bfdc006381d asterisk-moh-opsound-wav-2.03.tar.gz
|
|
sha256 449fb810d16502c3052fedf02f7e77b36206ac5a145f3dacf4177843a2fcb538 asterisk-moh-opsound-wav-2.03.tar.gz
|
|
|
|
# License files, locally computed
|
|
sha256 82af40ed7f49c08685360811993d9396320842f021df828801d733e8fdc0312f COPYING
|
|
sha256 ac5571f00e558e3b7c9b3f13f421b874cc12cf4250c4f70094c71544cf486312 main/sha1.c
|
|
sha256 6215e3ed73c3982a5c6701127d681ec0b9f1121ac78a28805bd93f93c3eb84c0 codecs/speex/speex_resampler.h
|
|
sha256 ea69cc96ab8a779c180a362377caeada71926897d1b55b980f04d74ba5aaa388 utils/db1-ast/include/db.h
|