Update for 16.24.1

ASTERISK-29945 #close

Change-Id: Ic58957afc453195d53c2bd25c905df3d91d1abe6

.lastclean

@@ -0,0 +1 @@
+40

.version

@@ -0,0 +1 @@
+16.24.1

asterisk-16.24.1-summary.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-16.24.1</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-16.24.1</h3><h3 align="center">Date: 2022-03-04</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
+<li><a href="#summary">Summary</a></li>
+<li><a href="#contributors">Contributors</a></li>
+<li><a href="#closed_issues">Closed Issues</a></li>
+<li><a href="#diffstat">Diffstat</a></li>
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release has been made to address one or more security vulnerabilities that have been identified. A security advisory document has been published for each vulnerability that includes additional information. Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p><p>Security Advisories:</p><ul>
+<li><a href="http://downloads.asterisk.org/pub/security/AST-2022-004,AST-2022-005,AST-2022-006.html">AST-2022-004,AST-2022-005,AST-2022-006</a></li>
+</ul><p>The data in this summary reflects changes that have been made since the previous release, asterisk-16.24.0.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+<tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
+<tr valign="top"><td width="33%">3 Kevin Harwell <kharwell@sangoma.com><br/></td><td width="33%"><td width="33%">3 Kevin Harwell <kharwell@digium.com><br/></td></tr>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Security</h3><h4>Category: pjproject/pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-29945">ASTERISK-29945</a>: pjproject: Security fixes for things<br/>Reported by: Kevin Harwell<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=5b3dc23eac65e7fb522c9fad7877392bbf3e7ec8">[5b3dc23eac]</a> Kevin Harwell -- AST-2022-006: pjproject - unconstrained malformed multipart SIP message</li>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=135712daac3737d20561c6adb3fde732f3fcba96">[135712daac]</a> Kevin Harwell -- AST-2022-005: pjproject - undefined behavior after freeing a dialog set</li>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=de6e317a5777fd493c7416f83d68f633d3f6e98d">[de6e317a57]</a> Kevin Harwell -- AST-2022-004: pjproject - possible integer underflow on STUN message</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0170-stun-integer-underflow.patch |   26 ++++++++++++++
+0171-dialog-set-free.patch        |   66 ++++++++++++++++++++++++++++++++++++++
+2 files changed, 92 insertions(+)</pre><br></html>

asterisk-16.24.1-summary.txt

@@ -0,0 +1,89 @@
+                                Release Summary
+
+                                asterisk-16.24.1
+
+                                Date: 2022-03-04
+
+                           <asteriskteam@digium.com>
+
+     ----------------------------------------------------------------------
+
+                               Table of Contents
+
+    1. Summary
+    2. Contributors
+    3. Closed Issues
+    4. Diffstat
+
+     ----------------------------------------------------------------------
+
+                                    Summary
+
+                                 [Back to Top]
+
+   This release has been made to address one or more security vulnerabilities
+   that have been identified. A security advisory document has been published
+   for each vulnerability that includes additional information. Users of
+   versions of Asterisk that are affected are strongly encouraged to review
+   the advisories and determine what action they should take to protect their
+   systems from these issues.
+
+   Security Advisories:
+
+     * AST-2022-004,AST-2022-005,AST-2022-006
+
+   The data in this summary reflects changes that have been made since the
+   previous release, asterisk-16.24.0.
+
+     ----------------------------------------------------------------------
+
+                                  Contributors
+
+                                 [Back to Top]
+
+   This table lists the people who have submitted code, those that have
+   tested patches, as well as those that reported issues on the issue tracker
+   that were resolved in this release. For coders, the number is how many of
+   their patches (of any size) were committed into this release. For testers,
+   the number is the number of times their name was listed as assisting with
+   testing a patch. Finally, for reporters, the number is the number of
+   issues that they reported that were affected by commits that went into
+   this release.
+
+   Coders                   Testers                  Reporters                
+   3 Kevin Harwell                                   3 Kevin Harwell          
+
+     ----------------------------------------------------------------------
+
+                                 Closed Issues
+
+                                 [Back to Top]
+
+   This is a list of all issues from the issue tracker that were closed by
+   changes that went into this release.
+
+  Security
+
+    Category: pjproject/pjsip
+
+   ASTERISK-29945: pjproject: Security fixes for things
+   Reported by: Kevin Harwell
+     * [5b3dc23eac] Kevin Harwell -- AST-2022-006: pjproject - unconstrained
+       malformed multipart SIP message
+     * [135712daac] Kevin Harwell -- AST-2022-005: pjproject - undefined
+       behavior after freeing a dialog set
+     * [de6e317a57] Kevin Harwell -- AST-2022-004: pjproject - possible
+       integer underflow on STUN message
+
+     ----------------------------------------------------------------------
+
+                                Diffstat Results
+
+                                 [Back to Top]
+
+   This is a summary of the changes to the source code that went into this
+   release that was generated using the diffstat utility.
+
+ 0170-stun-integer-underflow.patch |   26 ++++++++++++++
+ 0171-dialog-set-free.patch        |   66 ++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 92 insertions(+)

contrib/realtime/mysql/mysql_cdr.sql

@@ -0,0 +1,41 @@
+CREATE TABLE alembic_version (
+    version_num VARCHAR(32) NOT NULL, 
+    CONSTRAINT alembic_version_pkc PRIMARY KEY (version_num)
+);
+
+-- Running upgrade  -> 210693f3123d
+
+CREATE TABLE cdr (
+    accountcode VARCHAR(20), 
+    src VARCHAR(80), 
+    dst VARCHAR(80), 
+    dcontext VARCHAR(80), 
+    clid VARCHAR(80), 
+    channel VARCHAR(80), 
+    dstchannel VARCHAR(80), 
+    lastapp VARCHAR(80), 
+    lastdata VARCHAR(80), 
+    start DATETIME, 
+    answer DATETIME, 
+    end DATETIME, 
+    duration INTEGER, 
+    billsec INTEGER, 
+    disposition VARCHAR(45), 
+    amaflags VARCHAR(45), 
+    userfield VARCHAR(256), 
+    uniqueid VARCHAR(150), 
+    linkedid VARCHAR(150), 
+    peeraccount VARCHAR(20), 
+    sequence INTEGER
+);
+
+INSERT INTO alembic_version (version_num) VALUES ('210693f3123d');
+
+-- Running upgrade 210693f3123d -> 54cde9847798
+
+ALTER TABLE cdr MODIFY accountcode VARCHAR(80) NULL;
+
+ALTER TABLE cdr MODIFY peeraccount VARCHAR(80) NULL;
+
+UPDATE alembic_version SET version_num='54cde9847798' WHERE alembic_version.version_num = '210693f3123d';
+

contrib/realtime/mysql/mysql_voicemail.sql

@@ -0,0 +1,35 @@
+CREATE TABLE alembic_version (
+    version_num VARCHAR(32) NOT NULL, 
+    CONSTRAINT alembic_version_pkc PRIMARY KEY (version_num)
+);
+
+-- Running upgrade  -> a2e9769475e
+
+CREATE TABLE voicemail_messages (
+    dir VARCHAR(255) NOT NULL, 
+    msgnum INTEGER NOT NULL, 
+    context VARCHAR(80), 
+    macrocontext VARCHAR(80), 
+    callerid VARCHAR(80), 
+    origtime INTEGER, 
+    duration INTEGER, 
+    recording BLOB, 
+    flag VARCHAR(30), 
+    category VARCHAR(30), 
+    mailboxuser VARCHAR(30), 
+    mailboxcontext VARCHAR(30), 
+    msg_id VARCHAR(40)
+);
+
+ALTER TABLE voicemail_messages ADD CONSTRAINT voicemail_messages_dir_msgnum PRIMARY KEY (dir, msgnum);
+
+CREATE INDEX voicemail_messages_dir ON voicemail_messages (dir);
+
+INSERT INTO alembic_version (version_num) VALUES ('a2e9769475e');
+
+-- Running upgrade a2e9769475e -> 39428242f7f5
+
+ALTER TABLE voicemail_messages MODIFY recording BLOB(4294967295) NULL;
+
+UPDATE alembic_version SET version_num='39428242f7f5' WHERE alembic_version.version_num = 'a2e9769475e';
+

contrib/realtime/postgresql/postgresql_cdr.sql

@@ -0,0 +1,45 @@
+BEGIN;
+
+CREATE TABLE alembic_version (
+    version_num VARCHAR(32) NOT NULL, 
+    CONSTRAINT alembic_version_pkc PRIMARY KEY (version_num)
+);
+
+-- Running upgrade  -> 210693f3123d
+
+CREATE TABLE cdr (
+    accountcode VARCHAR(20), 
+    src VARCHAR(80), 
+    dst VARCHAR(80), 
+    dcontext VARCHAR(80), 
+    clid VARCHAR(80), 
+    channel VARCHAR(80), 
+    dstchannel VARCHAR(80), 
+    lastapp VARCHAR(80), 
+    lastdata VARCHAR(80), 
+    start TIMESTAMP WITHOUT TIME ZONE, 
+    answer TIMESTAMP WITHOUT TIME ZONE, 
+    "end" TIMESTAMP WITHOUT TIME ZONE, 
+    duration INTEGER, 
+    billsec INTEGER, 
+    disposition VARCHAR(45), 
+    amaflags VARCHAR(45), 
+    userfield VARCHAR(256), 
+    uniqueid VARCHAR(150), 
+    linkedid VARCHAR(150), 
+    peeraccount VARCHAR(20), 
+    sequence INTEGER
+);
+
+INSERT INTO alembic_version (version_num) VALUES ('210693f3123d');
+
+-- Running upgrade 210693f3123d -> 54cde9847798
+
+ALTER TABLE cdr ALTER COLUMN accountcode TYPE VARCHAR(80);
+
+ALTER TABLE cdr ALTER COLUMN peeraccount TYPE VARCHAR(80);
+
+UPDATE alembic_version SET version_num='54cde9847798' WHERE alembic_version.version_num = '210693f3123d';
+
+COMMIT;
+

contrib/realtime/postgresql/postgresql_voicemail.sql

@@ -0,0 +1,39 @@
+BEGIN;
+
+CREATE TABLE alembic_version (
+    version_num VARCHAR(32) NOT NULL, 
+    CONSTRAINT alembic_version_pkc PRIMARY KEY (version_num)
+);
+
+-- Running upgrade  -> a2e9769475e
+
+CREATE TABLE voicemail_messages (
+    dir VARCHAR(255) NOT NULL, 
+    msgnum INTEGER NOT NULL, 
+    context VARCHAR(80), 
+    macrocontext VARCHAR(80), 
+    callerid VARCHAR(80), 
+    origtime INTEGER, 
+    duration INTEGER, 
+    recording BYTEA, 
+    flag VARCHAR(30), 
+    category VARCHAR(30), 
+    mailboxuser VARCHAR(30), 
+    mailboxcontext VARCHAR(30), 
+    msg_id VARCHAR(40)
+);
+
+ALTER TABLE voicemail_messages ADD CONSTRAINT voicemail_messages_dir_msgnum PRIMARY KEY (dir, msgnum);
+
+CREATE INDEX voicemail_messages_dir ON voicemail_messages (dir);
+
+INSERT INTO alembic_version (version_num) VALUES ('a2e9769475e');
+
+-- Running upgrade a2e9769475e -> 39428242f7f5
+
+ALTER TABLE voicemail_messages ALTER COLUMN recording TYPE BYTEA;
+
+UPDATE alembic_version SET version_num='39428242f7f5' WHERE alembic_version.version_num = 'a2e9769475e';
+
+COMMIT;
+

third-party/pjproject/patches/0170-stun-integer-underflow.patch

@@ -0,0 +1,26 @@
+From 15663e3f37091069b8c98a7fce680dc04bc8e865 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Tue, 10 Aug 2021 11:53:25 +0800
+Subject: [PATCH] Merge pull request from GHSA-2qpg-f6wf-w984
+
+---
+ pjnath/src/pjnath/stun_msg.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index cd5870f82..bd83351e6 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -1763,6 +1763,9 @@ static pj_status_t decode_errcode_attr(pj_pool_t *pool,
+     /* Get pointer to the string in the message */
+     value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);
+     value.slen = attr->hdr.length - 4;
++    /* Make sure the length is never negative */
++    if (value.slen < 0)
++    	value.slen = 0;
+ 
+     /* Copy the string to the attribute */
+     pj_strdup(pool, &attr->reason, &value);
+-- 
+2.25.1
+

third-party/pjproject/patches/0171-dialog-set-free.patch

@@ -0,0 +1,114 @@
+From db3235953baa56d2fb0e276ca510fefca751643f Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Mon, 21 Feb 2022 06:24:52 +0700
+Subject: [PATCH] Merge pull request from GHSA-ffff-m5fm-qm62
+
+* Update pjsip_ua_unregister_dlg():
+- update the hash key if the dialog being unregistered is used as hash key.
+- add an assertion check to make sure that the dlg_set to be removed is valid (can be found in the hash table).
+
+* Change hash key string comparison method.
+---
+ pjsip/src/pjsip/sip_ua_layer.c | 48 +++++++++++++++++++++++++++++-----
+ 1 file changed, 42 insertions(+), 6 deletions(-)
+
+diff --git a/pjsip/src/pjsip/sip_ua_layer.c b/pjsip/src/pjsip/sip_ua_layer.c
+index 59c2524ba..5d79882a1 100644
+--- a/pjsip/src/pjsip/sip_ua_layer.c
++++ b/pjsip/src/pjsip/sip_ua_layer.c
+@@ -65,6 +65,9 @@ struct dlg_set
+     /* This is the buffer to store this entry in the hash table. */
+     pj_hash_entry_buf ht_entry;
+ 
++    /* Entry key in the hash table */
++    pj_str_t ht_key;
++
+     /* List of dialog in this dialog set. */
+     struct dlg_set_head  dlg_list;
+ };
+@@ -327,6 +330,7 @@ PJ_DEF(pj_status_t) pjsip_ua_register_dlg( pjsip_user_agent *ua,
+ 	     * Create the dialog set and add this dialog to it.
+ 	     */
+ 	    dlg_set = alloc_dlgset_node();
++	    dlg_set->ht_key = dlg->local.info->tag;
+ 	    pj_list_init(&dlg_set->dlg_list);
+ 	    pj_list_push_back(&dlg_set->dlg_list, dlg);
+ 
+@@ -334,8 +338,8 @@ PJ_DEF(pj_status_t) pjsip_ua_register_dlg( pjsip_user_agent *ua,
+ 
+ 	    /* Register the dialog set in the hash table. */
+ 	    pj_hash_set_np_lower(mod_ua.dlg_table, 
+-			         dlg->local.info->tag.ptr,
+-                                 (unsigned)dlg->local.info->tag.slen,
++			         dlg_set->ht_key.ptr,
++                                 (unsigned)dlg_set->ht_key.slen,
+ 			         dlg->local.tag_hval, dlg_set->ht_entry,
+                                  dlg_set);
+ 	}
+@@ -345,14 +349,15 @@ PJ_DEF(pj_status_t) pjsip_ua_register_dlg( pjsip_user_agent *ua,
+ 	struct dlg_set *dlg_set;
+ 
+ 	dlg_set = alloc_dlgset_node();
++	dlg_set->ht_key = dlg->local.info->tag;
+ 	pj_list_init(&dlg_set->dlg_list);
+ 	pj_list_push_back(&dlg_set->dlg_list, dlg);
+ 
+ 	dlg->dlg_set = dlg_set;
+ 
+ 	pj_hash_set_np_lower(mod_ua.dlg_table, 
+-		             dlg->local.info->tag.ptr,
+-                             (unsigned)dlg->local.info->tag.slen,
++		             dlg_set->ht_key.ptr,
++                             (unsigned)dlg_set->ht_key.slen,
+ 		             dlg->local.tag_hval, dlg_set->ht_entry, dlg_set);
+     }
+ 
+@@ -397,12 +402,43 @@ PJ_DEF(pj_status_t) pjsip_ua_unregister_dlg( pjsip_user_agent *ua,
+ 
+     /* If dialog list is empty, remove the dialog set from the hash table. */
+     if (pj_list_empty(&dlg_set->dlg_list)) {
+-	pj_hash_set_lower(NULL, mod_ua.dlg_table, dlg->local.info->tag.ptr,
+-		          (unsigned)dlg->local.info->tag.slen, 
++
++	/* Verify that the dialog set is valid */
++	pj_assert(pj_hash_get_lower(mod_ua.dlg_table, dlg_set->ht_key.ptr,
++				    (unsigned)dlg_set->ht_key.slen,
++				    &dlg->local.tag_hval) == dlg_set);
++
++	pj_hash_set_lower(NULL, mod_ua.dlg_table, dlg_set->ht_key.ptr,
++		          (unsigned)dlg_set->ht_key.slen,
+ 			  dlg->local.tag_hval, NULL);
+ 
+ 	/* Return dlg_set to free nodes. */
+ 	pj_list_push_back(&mod_ua.free_dlgset_nodes, dlg_set);
++    } else {
++	/* If the just unregistered dialog is being used as hash key,
++	 * reset the dlg_set entry with a new key (i.e: from the first dialog
++	 * in dlg_set).
++	 */
++	if (dlg_set->ht_key.ptr  == dlg->local.info->tag.ptr &&
++	    dlg_set->ht_key.slen == dlg->local.info->tag.slen)
++	{
++	    pjsip_dialog* key_dlg = dlg_set->dlg_list.next;
++
++	    /* Verify that the old & new keys share the hash value */
++	    pj_assert(key_dlg->local.tag_hval == dlg->local.tag_hval);
++
++	    pj_hash_set_lower(NULL, mod_ua.dlg_table, dlg_set->ht_key.ptr,
++			      (unsigned)dlg_set->ht_key.slen,
++			      dlg->local.tag_hval, NULL);
++
++	    dlg_set->ht_key = key_dlg->local.info->tag;
++
++	    pj_hash_set_np_lower(mod_ua.dlg_table,
++				 dlg_set->ht_key.ptr,
++				 (unsigned)dlg_set->ht_key.slen,
++				 key_dlg->local.tag_hval, dlg_set->ht_entry,
++				 dlg_set);
++	}
+     }
+ 
+     /* Unlock user agent. */
+-- 
+2.25.1
+

third-party/pjproject/patches/0172-prevent-multipart-oob.patch

@@ -0,0 +1,42 @@
+From 077b465c33f0aec05a49cd2ca456f9a1b112e896 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Wed, 26 Jan 2022 13:28:57 +0800
+Subject: [PATCH] Merge pull request from GHSA-7fw8-54cv-r7pm
+
+---
+ pjlib-util/src/pjlib-util/scanner.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c
+index 27a0b8831..a54edf2d8 100644
+--- a/pjlib-util/src/pjlib-util/scanner.c
++++ b/pjlib-util/src/pjlib-util/scanner.c
+@@ -444,16 +444,21 @@ PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner,
+ 
+ PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner )
+ {
+-    int chr = *scanner->curptr;
++    register char *s = scanner->curptr;
++    int chr;
+ 
+-    if (!chr) {
++    if (s >= scanner->end || !*s) {
+ 	pj_scan_syntax_err(scanner);
+ 	return 0;
+     }
+ 
+-    ++scanner->curptr;
++    chr = *s;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) {
++    ++s;
++    scanner->curptr = s;
++    if (PJ_SCAN_CHECK_EOF(s) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
++    	scanner->skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+     return chr;
+-- 
+2.25.1
+