Update for 18.26.4

This resolves a security issue where RTP ports weren't being released
causing possible resource exhaustion issues.

Resolves: #GHSA-557q-795j-wfx2

.lastclean

@@ -1 +0,0 @@
-40

.version

@@ -1 +1 @@
-18.26.2
+18.26.4

CHANGES.html

@@ -1 +1 @@
-ChangeLogs/ChangeLog-18.26.2.html
+ChangeLogs/ChangeLog-18.26.4.html

CHANGES.md

@@ -1 +1 @@
-ChangeLogs/ChangeLog-18.26.2.md
+ChangeLogs/ChangeLog-18.26.4.md

ChangeLogs/ChangeLog-18.26.3.html

@@ -0,0 +1,78 @@
+<html><head><title>ChangeLog for asterisk-18.26.3</title></head><body>
+<h2>Change Log for Release asterisk-18.26.3</h2>
+<h3>Links:</h3>
+<ul>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.3.html">Full ChangeLog</a>  </li>
+<li><a href="https://github.com/asterisk/asterisk/compare/18.26.2...18.26.3">GitHub Diff</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.3.tar.gz">Tarball</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk">Downloads</a>  </li>
+</ul>
+<h3>Summary:</h3>
+<ul>
+<li>Commits: 2</li>
+<li>Commit Authors: 2</li>
+<li>Issues Resolved: 0</li>
+<li>Security Advisories Resolved: 2</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr">GHSA-mrq5-74j5-f5cr</a>: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp">GHSA-v9q8-9j8m-5xwp</a>: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.</li>
+</ul>
+<h3>User Notes:</h3>
+<h3>Upgrade Notes:</h3>
+<ul>
+<li>
+<h4>safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.</h4>
+  The safe_asterisk script now checks that, if it was run by the
+  root user, the /etc/asterisk/startup.d directory and all the files it contains
+  are owned by root.  If the checks fail, safe_asterisk will exit with an error
+  and Asterisk will not be started.  Additionally, the default logging
+  destination is now stderr instead of tty "9" which probably won't exist
+  in modern systems.</li>
+</ul>
+<h3>Developer Notes:</h3>
+<h3>Commit Authors:</h3>
+<ul>
+<li>George Joseph: (1)</li>
+<li>ThatTotallyRealMyth: (1)</li>
+</ul>
+<h2>Issue and Commit Detail:</h2>
+<h3>Closed Issues:</h3>
+<ul>
+<li>!GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c</li>
+<li>!GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.</li>
+</ul>
+<h3>Commits By Author:</h3>
+<ul>
+<li>
+<h4>George Joseph (1):</h4>
+</li>
+<li>
+<p>res_stir_shaken: Test for missing semicolon in Identity header.</p>
+</li>
+<li>
+<h4>ThatTotallyRealMyth (1):</h4>
+</li>
+<li>safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.</li>
+</ul>
+<h3>Commit List:</h3>
+<ul>
+<li>safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.</li>
+<li>res_stir_shaken: Test for missing semicolon in Identity header.</li>
+</ul>
+<h3>Commit Details:</h3>
+<h4>safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.</h4>
+<p>Author: ThatTotallyRealMyth
+  Date:   2025-06-10</p>
+<p>UpgradeNote: The safe_asterisk script now checks that, if it was run by the
+  root user, the /etc/asterisk/startup.d directory and all the files it contains
+  are owned by root.  If the checks fail, safe_asterisk will exit with an error
+  and Asterisk will not be started.  Additionally, the default logging
+  destination is now stderr instead of tty "9" which probably won't exist
+  in modern systems.</p>
+<p>Resolves: #GHSA-v9q8-9j8m-5xwp</p>
+<h4>res_stir_shaken: Test for missing semicolon in Identity header.</h4>
+<p>Author: George Joseph
+  Date:   2025-07-31</p>
+<p>ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
+  the Identity header to prevent a possible segfault.</p>
+<p>Resolves: #GHSA-mrq5-74j5-f5cr</p>
+</body></html>

ChangeLogs/ChangeLog-18.26.3.md

@@ -0,0 +1,86 @@
+
+## Change Log for Release asterisk-18.26.3
+
+### Links:
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.3.html)  
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.26.2...18.26.3)  
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.3.tar.gz)  
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  
+
+### Summary:
+
+- Commits: 2
+- Commit Authors: 2
+- Issues Resolved: 0
+- Security Advisories Resolved: 2
+  - [GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
+  - [GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.
+
+### User Notes:
+
+
+### Upgrade Notes:
+
+- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.  
+  The safe_asterisk script now checks that, if it was run by the
+  root user, the /etc/asterisk/startup.d directory and all the files it contains
+  are owned by root.  If the checks fail, safe_asterisk will exit with an error
+  and Asterisk will not be started.  Additionally, the default logging
+  destination is now stderr instead of tty "9" which probably won't exist
+  in modern systems.
+
+
+### Developer Notes:
+
+
+### Commit Authors:
+
+- George Joseph: (1)
+- ThatTotallyRealMyth: (1)
+
+## Issue and Commit Detail:
+
+### Closed Issues:
+
+  - !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
+  - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.
+
+### Commits By Author:
+
+- #### George Joseph (1):
+  - res_stir_shaken: Test for missing semicolon in Identity header.
+
+- #### ThatTotallyRealMyth (1):
+  - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
+
+
+### Commit List:
+
+-  safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
+-  res_stir_shaken: Test for missing semicolon in Identity header.
+
+### Commit Details:
+
+#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
+  Author: ThatTotallyRealMyth
+  Date:   2025-06-10
+
+  UpgradeNote: The safe_asterisk script now checks that, if it was run by the
+  root user, the /etc/asterisk/startup.d directory and all the files it contains
+  are owned by root.  If the checks fail, safe_asterisk will exit with an error
+  and Asterisk will not be started.  Additionally, the default logging
+  destination is now stderr instead of tty "9" which probably won't exist
+  in modern systems.
+
+  Resolves: #GHSA-v9q8-9j8m-5xwp
+
+#### res_stir_shaken: Test for missing semicolon in Identity header.
+  Author: George Joseph
+  Date:   2025-07-31
+
+  ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
+  the Identity header to prevent a possible segfault.
+
+  Resolves: #GHSA-mrq5-74j5-f5cr
+

ChangeLogs/ChangeLog-18.26.4.html

@@ -0,0 +1,48 @@
+<html><head><title>ChangeLog for asterisk-18.26.4</title></head><body>
+<h2>Change Log for Release asterisk-18.26.4</h2>
+<h3>Links:</h3>
+<ul>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.4.html">Full ChangeLog</a>  </li>
+<li><a href="https://github.com/asterisk/asterisk/compare/18.26.3...18.26.4">GitHub Diff</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.4.tar.gz">Tarball</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk">Downloads</a>  </li>
+</ul>
+<h3>Summary:</h3>
+<ul>
+<li>Commits: 1</li>
+<li>Commit Authors: 1</li>
+<li>Issues Resolved: 0</li>
+<li>Security Advisories Resolved: 1</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2">GHSA-557q-795j-wfx2</a>: Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources</li>
+</ul>
+<h3>User Notes:</h3>
+<h3>Upgrade Notes:</h3>
+<h3>Developer Notes:</h3>
+<h3>Commit Authors:</h3>
+<ul>
+<li>George Joseph: (1)</li>
+</ul>
+<h2>Issue and Commit Detail:</h2>
+<h3>Closed Issues:</h3>
+<ul>
+<li>!GHSA-557q-795j-wfx2: Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources</li>
+</ul>
+<h3>Commits By Author:</h3>
+<ul>
+<li>
+<h4>George Joseph (1):</h4>
+</li>
+<li>pjproject: Update bundled to 2.15.1.</li>
+</ul>
+<h3>Commit List:</h3>
+<ul>
+<li>pjproject: Update bundled to 2.15.1.</li>
+</ul>
+<h3>Commit Details:</h3>
+<h4>pjproject: Update bundled to 2.15.1.</h4>
+<p>Author: George Joseph
+  Date:   2025-08-25</p>
+<p>This resolves a security issue where RTP ports weren't being released
+  causing possible resource exhaustion issues.</p>
+<p>Resolves: #GHSA-557q-795j-wfx2</p>
+</body></html>

ChangeLogs/ChangeLog-18.26.4.md

@@ -0,0 +1,58 @@
+
+## Change Log for Release asterisk-18.26.4
+
+### Links:
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.26.4.html)  
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.26.3...18.26.4)  
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.26.4.tar.gz)  
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  
+
+### Summary:
+
+- Commits: 1
+- Commit Authors: 1
+- Issues Resolved: 0
+- Security Advisories Resolved: 1
+  - [GHSA-557q-795j-wfx2](https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2): Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources
+
+### User Notes:
+
+
+### Upgrade Notes:
+
+
+### Developer Notes:
+
+
+### Commit Authors:
+
+- George Joseph: (1)
+
+## Issue and Commit Detail:
+
+### Closed Issues:
+
+  - !GHSA-557q-795j-wfx2: Resource exhaustion (DoS) vulnerability: remotely exploitable leak of RTP UDP ports and internal resources
+
+### Commits By Author:
+
+- #### George Joseph (1):
+  - pjproject: Update bundled to 2.15.1.
+
+
+### Commit List:
+
+-  pjproject: Update bundled to 2.15.1.
+
+### Commit Details:
+
+#### pjproject: Update bundled to 2.15.1.
+  Author: George Joseph
+  Date:   2025-08-25
+
+  This resolves a security issue where RTP ports weren't being released
+  causing possible resource exhaustion issues.
+
+  Resolves: #GHSA-557q-795j-wfx2
+

README.html

@@ -1,4 +1,4 @@
-<html><head><title>Readme for asterisk-18.26.2</title></head><body>
+<html><head><title>Readme for asterisk-18.26.4</title></head><body>
 <h1>The Asterisk(R) Open Source PBX</h1>
 <pre><code class="language-text">        By Mark Spencer &lt;markster@digium.com&gt; and the Asterisk.org developer community.
         Copyright (C) 2001-2021 Sangoma Technologies Corporation and other copyright holders.

contrib/scripts/safe_asterisk

@@ -6,7 +6,7 @@ ASTVARRUNDIR="__ASTERISK_VARRUN_DIR__"
 ASTVARLOGDIR="__ASTERISK_LOG_DIR__"
 
 CLIARGS="$*"			# Grab any args passed to safe_asterisk
-TTY=9				# TTY (if you want one) for Asterisk to run on
+#TTY=9				# TTY (if you want one) for Asterisk to run on
 CONSOLE=yes			# Whether or not you want a console
 #NOTIFY=root@localhost		# Who to notify about crashes
 #EXEC=/path/to/somescript	# Run this command if Asterisk crashes
@@ -39,6 +39,8 @@ PRIORITY=0
 message() {
 	if test -n "$TTY" && test "$TTY" != "no"; then
 		echo "$1" >/dev/${TTY}
+	else
+		echo "$1" >&2
 	fi
 	if test -n "$SYSLOG"; then
 		logger -p "${SYSLOG}.warn" -t safe_asterisk[$$] "$1"
@@ -64,7 +66,7 @@ if test `id -u` != 0; then
 	echo "Oops. I'm not root. Falling back to standard prio and file max." >&2
 	echo "This is NOT suitable for large systems." >&2
 	PRIORITY=0
-	message "safe_asterisk was started by `id -n` (uid `id -u`)."
+	message "safe_asterisk was started by `id -un` (uid `id -u`)."
 else
 	if `uname -s | grep Linux >/dev/null 2>&1`; then
 		# maximum number of open files is set to the system maximum
@@ -160,10 +162,30 @@ trap '' PIPE
 #
 
 if test -d "${ASTETCDIR}/startup.d"; then
-	for script in "${ASTETCDIR}/startup.d/"*.sh; do
-		if test -r "${script}"; then
-			. "${script}"
+	# If this script is run by root, the startup.d directory and all scripts in it
+	# must be owned by root.
+	if test `id -u` == 0; then
+		dir_owner=$(stat -c '%u' "${ASTETCDIR}/startup.d" 2>/dev/null)
+		if test "${dir_owner}" != 0 ; then
+			message "FATAL: ${ASTETCDIR}/startup.d is not owned by root"
+			exit 1
 		fi
+
+		# Check all scripts for proper ownership before sourcing any of them.
+		for script in $(find "${ASTETCDIR}/startup.d/" -name '*.sh') ; do
+			if test -r "${script}"; then
+				script_owner=$(stat -c '%u' "${script}" 2>/dev/null)
+				if test "$script_owner" != 0 ; then
+					message "FATAL: Script $(basename "$script") is not owned by root"
+					exit 1
+				fi
+			fi
+		done
+	fi
+
+	for script in $(find "${ASTETCDIR}/startup.d/" -name '*.sh') ; do
+		echo sourceing
+		. "${script}"
 	done
 fi
 

res/res_stir_shaken/verification.c

@@ -908,6 +908,11 @@ enum ast_stir_shaken_vs_response_code
 	}
 
 	p = strchr(ctx->identity_hdr, ';');
+	if (ast_strlen_zero(p)) {
+		SCOPE_EXIT_LOG_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER,
+			LOG_ERROR, "%s: Malformed identity header\n", ctx->tag);
+	}
+
 	len = p - ctx->identity_hdr + 1;
 	jwt_encoded = ast_malloc(len);
 	if (!jwt_encoded) {
@@ -918,7 +923,11 @@ enum ast_stir_shaken_vs_response_code
 	memcpy(jwt_encoded, ctx->identity_hdr, len);
 	jwt_encoded[len - 1] = '\0';
 
-	jwt_decode(&jwt, jwt_encoded, NULL, 0);
+	rc = jwt_decode(&jwt, jwt_encoded, NULL, 0);
+	if (rc != 0) {
+		SCOPE_EXIT_RTN_VALUE(AST_STIR_SHAKEN_VS_INVALID_HEADER, "%s: %s\n",
+			ctx->tag, vs_response_code_to_str(AST_STIR_SHAKEN_VS_INVALID_HEADER));
+	}
 
 	ppt_header = jwt_get_header(jwt, "ppt");
 	if (!ppt_header || strcmp(ppt_header, STIR_SHAKEN_PPT)) {

third-party/pjproject/patches/0000-configure-ssl-library-path.patch

@@ -2,33 +2,33 @@ diff --git a/aconfigure b/aconfigure
 index d6f0e8809..9dcd46398 100755
 --- a/aconfigure
 +++ b/aconfigure
-@@ -8986,7 +8986,11 @@ else $as_nop
- 	        if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
-                     CFLAGS="$CFLAGS -I$with_ssl/include"
-                     CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
--                    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
-+                    if test -d $with_ssl/lib; then
-+                        LDFLAGS="$LDFLAGS -L$with_ssl/lib"
-+                    else
-+                        LDFLAGS="$LDFLAGS -L$with_ssl"
-+                    fi
-                     { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSL prefix... $with_ssl" >&5
+@@ -9768,7 +9768,11 @@
+         if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+             CFLAGS="$CFLAGS -I$with_ssl/include"
+             CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
+-            LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++            if test -d $with_ssl/lib; then
++                LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++            else
++                LDFLAGS="$LDFLAGS -L$with_ssl"
++            fi
+             { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Using SSL prefix... $with_ssl" >&5
  printf "%s\n" "Using SSL prefix... $with_ssl" >&6; }
-                 fi
+         fi
 diff --git a/aconfigure.ac b/aconfigure.ac
 index 16b311045..849da81ab 100644
 --- a/aconfigure.ac
 +++ b/aconfigure.ac
-@@ -1838,7 +1838,11 @@ AC_ARG_ENABLE(ssl,
- 	        if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
-                     CFLAGS="$CFLAGS -I$with_ssl/include"
-                     CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
--                    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
-+                    if test -d $with_ssl/lib; then
-+                        LDFLAGS="$LDFLAGS -L$with_ssl/lib"
-+                    else
-+                        LDFLAGS="$LDFLAGS -L$with_ssl"
-+                    fi
-                     AC_MSG_RESULT([Using SSL prefix... $with_ssl])
-                 fi
+@@ -2172,7 +2172,11 @@
+         if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+             CFLAGS="$CFLAGS -I$with_ssl/include"
+             CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
+-            LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++            if test -d $with_ssl/lib; then
++                LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++            else
++                LDFLAGS="$LDFLAGS -L$with_ssl"
++            fi
+             AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+         fi
  

third-party/pjproject/patches/0010-Avoid_deadlock_between_transport_and_transaction.patch

@@ -0,0 +1,158 @@
+From edde06f261ac807a89a6086b7f03460867675f95 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Tue, 1 Jul 2025 15:13:36 +0700
+Subject: [PATCH] Avoid deadlock between transport and transaction (#4453)
+
+---
+ pjsip/include/pjsip/sip_transaction.h |   1 +
+ pjsip/src/pjsip/sip_transaction.c     | 101 ++++++++++++++++++++++----
+ 2 files changed, 88 insertions(+), 14 deletions(-)
+
+diff --git a/pjsip/include/pjsip/sip_transaction.h b/pjsip/include/pjsip/sip_transaction.h
+index 72d4bc81c5..5f28b2d69c 100644
+--- a/pjsip/include/pjsip/sip_transaction.h
++++ b/pjsip/include/pjsip/sip_transaction.h
+@@ -141,6 +141,7 @@ struct pjsip_transaction
+     int                         retransmit_count;/**< Retransmission count. */
+     pj_timer_entry              retransmit_timer;/**< Retransmit timer.     */
+     pj_timer_entry              timeout_timer;  /**< Timeout timer.         */
++    pj_timer_entry              misc_timer;     /**< Miscellaneous timer.   */
+ 
+     /** Module specific data. */
+     void                       *mod_data[PJSIP_MAX_MODULE];
+diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c
+index 4335f11ff5..31dbaaab6e 100644
+--- a/pjsip/src/pjsip/sip_transaction.c
++++ b/pjsip/src/pjsip/sip_transaction.c
+@@ -140,6 +140,7 @@ static int max_retrans_count = -1;
+ #define TRANSPORT_ERR_TIMER     3
+ #define TRANSPORT_DISC_TIMER    4
+ #define TERMINATE_TIMER         5
++#define TRANSPORT_CB_TIMER      6
+ 
+ /* Flags for tsx_set_state() */
+ enum
+@@ -2265,23 +2266,21 @@ static void send_msg_callback( pjsip_send_state *send_state,
+ }
+ 
+ 
+-/* Transport callback. */
+-static void transport_callback(void *token, pjsip_tx_data *tdata,
+-                               pj_ssize_t sent)
+-{
+-    pjsip_transaction *tsx = (pjsip_transaction*) token;
++/* Transport callback parameter. */
++struct tp_cb_param {
++    pjsip_transaction* tsx;
++    pjsip_tx_data* tdata;
++    pj_ssize_t sent;
++};
+ 
+-    /* Check if the transaction layer has been shutdown. */
+-    if (mod_tsx_layer.mod.id < 0)
+-        return;
+ 
+-    /* In other circumstances, locking tsx->grp_lock AFTER transport mutex
+-     * will introduce deadlock if another thread is currently sending a
+-     * SIP message to the transport. But this should be safe as there should
+-     * be no way this callback could be called while another thread is
+-     * sending a message.
+-     */
++/* Transport callback actual implementation. */
++static void transport_callback_impl(pjsip_transaction *tsx,
++                                    pjsip_tx_data* tdata,
++                                    pj_ssize_t sent)
++{
+     pj_grp_lock_acquire(tsx->grp_lock);
++
+     tsx->transport_flag &= ~(TSX_HAS_PENDING_TRANSPORT);
+ 
+     if (sent > 0 || tsx->role == PJSIP_ROLE_UAS) {
+@@ -2299,6 +2298,7 @@ static void transport_callback(void *token, pjsip_tx_data *tdata,
+             tsx_set_state( tsx, PJSIP_TSX_STATE_DESTROYED,
+                            PJSIP_EVENT_UNKNOWN, NULL, 0 );
+             pj_grp_lock_release(tsx->grp_lock);
++            pj_grp_lock_dec_ref(tsx->grp_lock);
+             return;
+         }
+ 
+@@ -2354,6 +2354,79 @@ static void transport_callback(void *token, pjsip_tx_data *tdata,
+ }
+ 
+ 
++/* Timer callback for transport callback.
++ * This is currently only used to avoid deadlock due to inversed locking order
++ * between transport and transaction.
++ */
++static void tsx_misc_timer_callback(pj_timer_heap_t *theap,
++                                    pj_timer_entry *entry)
++{
++    PJ_UNUSED_ARG(theap);
++
++    if (entry->id == TRANSPORT_CB_TIMER) {
++        struct tp_cb_param* param = (struct tp_cb_param*)entry->user_data;
++
++        /* Check if the transaction layer has been shutdown. */
++        if (mod_tsx_layer.mod.id >= 0) {
++            /* Call transport callback implementation */
++            transport_callback_impl(param->tsx, param->tdata, param->sent);
++        }
++
++        /* Release tdata */
++        pjsip_tx_data_dec_ref(param->tdata);
++    }
++}
++
++
++/* Transport callback. */
++static void transport_callback(void *token, pjsip_tx_data *tdata,
++                               pj_ssize_t sent)
++{
++    pjsip_transaction *tsx = (pjsip_transaction*) token;
++    pj_status_t status;
++
++    /* Check if the transaction layer has been shutdown. */
++    if (mod_tsx_layer.mod.id < 0)
++        return;
++
++    /* In other circumstances, locking tsx->grp_lock AFTER transport mutex
++     * will introduce deadlock if another thread is currently sending a
++     * SIP message to the transport. But this should be safe as there should
++     * be no way this callback could be called while another thread is
++     * sending a message.
++     */
++    // Deadlock does happen, see #4453.
++    // So now, to avoid deadlock, we'll try to acquire the group lock first,
++    // and if it fails, we'll schedule the processing via timer.
++    status = pj_grp_lock_tryacquire(tsx->grp_lock);
++    if (status != PJ_SUCCESS) {
++        pj_time_val delay = { 0, 0 };
++        struct tp_cb_param *param = NULL;
++
++        lock_timer(tsx);
++        tsx_cancel_timer(tsx, &tsx->misc_timer);
++
++        /* Increment tdata ref count to avoid premature destruction.
++         * Note that tsx ref count is already handled by tsx_schedule_timer().
++         */
++        pjsip_tx_data_add_ref(tdata);
++
++        param = PJ_POOL_ZALLOC_T(tsx->pool, struct tp_cb_param);
++        param->sent = sent;
++        param->tdata = tdata;
++        param->tsx = tsx;
++        pj_timer_entry_init(&tsx->misc_timer, TIMER_INACTIVE, param,
++                            &tsx_misc_timer_callback);
++        tsx_schedule_timer(tsx, &tsx->misc_timer, &delay, TRANSPORT_CB_TIMER);
++        unlock_timer(tsx);
++        return;
++    }
++
++    transport_callback_impl(tsx, tdata, sent);
++    pj_grp_lock_release(tsx->grp_lock);
++}
++
++
+ /*
+  * Callback when transport state changes.
+  */

third-party/pjproject/patches/config_site.h

@@ -84,9 +84,9 @@
 #define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND)
 
 /* Increase limits to allow more formats */
-#define	PJMEDIA_MAX_SDP_FMT   64
+#define	PJMEDIA_MAX_SDP_FMT   72
 #define	PJMEDIA_MAX_SDP_BANDW   4
-#define	PJMEDIA_MAX_SDP_ATTR   (PJMEDIA_MAX_SDP_FMT*3 + 4)
+#define	PJMEDIA_MAX_SDP_ATTR   (PJMEDIA_MAX_SDP_FMT*6 + 4)
 #define	PJMEDIA_MAX_SDP_MEDIA   16
 
 /*

third-party/pjproject/pjproject-2.14.1.tar.bz2.md5

@@ -1 +0,0 @@
-de9feca3e4816b1535f63f9d23c7b45b  pjproject-2.14.1.tar.bz2

third-party/pjproject/pjproject-2.15.1.tar.bz2.md5

@@ -0,0 +1 @@
+6b4b34c14d39224d3342d368f5abbad4  pjproject-2.15.1.tar.bz2

third-party/versions.mak

@@ -2,5 +2,5 @@
 # configure script so it must follow 'shell'
 # syntax as well as 'make' syntax.
 JANSSON_VERSION=2.14
-PJPROJECT_VERSION=2.14.1
+PJPROJECT_VERSION=2.15.1
 LIBJWT_VERSION=1.15.3