[Pkg-voip-commits] [pjproject] 09/14: merge patched into master
Bernhard Schmidt
berni at moszumanska.debian.org
Thu Nov 10 09:32:02 UTC 2016
This is an automated email from the git hooks/post-receive script.
berni pushed a commit to branch master
in repository pjproject.
commit 14834c87ca1b47ccdb394bbe52e5183415cae448
Merge: 350289d 5a0ded5
Author: Bernhard Schmidt <berni at debian.org>
Date: Thu Nov 10 09:46:23 2016 +0100
merge patched into master
debian/.git-dpm | 4 +-
...-0001-r5397-pjsip_generic_array_max_count.patch | 71 +++++++
...asterisk-0001-r5400-pjsip_tx_data_dec_ref.patch | 34 ++++
...oid-deinitialization-of-uninitialized-cli.patch | 55 +++++
...-0002-r5435-add-pjsip_inv_session-ref_cnt.patch | 223 +++++++++++++++++++++
...012-asterisk-0003-r5403-pjsip_IPV6_V6ONLY.patch | 25 +++
...Prevent-SERVFAIL-from-marking-name-server.patch | 46 +++++
...x-crash-on-using-an-already-destroyed-SSL.patch | 163 +++++++++++++++
debian/patches/series | 7 +
pjlib-util/src/pjlib-util/resolver.c | 3 +-
pjlib/src/pj/sock_bsd.c | 4 +
pjlib/src/pj/ssl_sock_ossl.c | 66 +++---
pjsip/include/pjsip-simple/evsub.h | 3 +-
pjsip/include/pjsip-ua/sip_inv.h | 30 +++
pjsip/include/pjsip/sip_endpoint.h | 3 +-
pjsip/src/pjsip-simple/evsub.c | 4 +-
pjsip/src/pjsip-ua/sip_inv.c | 95 +++++++--
pjsip/src/pjsip/sip_dialog.c | 18 +-
pjsip/src/pjsip/sip_endpoint.c | 1 +
pjsip/src/pjsip/sip_transport.c | 9 +-
20 files changed, 798 insertions(+), 66 deletions(-)
diff --cc debian/.git-dpm
index 8aaad28,0000000..2806e3f
mode 100644,000000..100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@@ -1,8 -1,0 +1,8 @@@
+# see git-dpm(1) from git-dpm package
- ef057592fc4cef48537faedb9a356b8bf968dde0
- ef057592fc4cef48537faedb9a356b8bf968dde0
++5a0ded59b572274fa1988d89afbbafeb2cbb34f1
++5a0ded59b572274fa1988d89afbbafeb2cbb34f1
+1047e1c8eed5013605500b204449cbe1e3668430
+1047e1c8eed5013605500b204449cbe1e3668430
+pjproject_2.5.5~dfsg.orig.tar.bz2
+d130318466a02e5734b069ed0e343a5d78c06a5c
+3506099
diff --cc debian/patches/asterisk/0008-asterisk-0001-r5397-pjsip_generic_array_max_count.patch
index 0000000,0000000..41416e8
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0008-asterisk-0001-r5397-pjsip_generic_array_max_count.patch
@@@ -1,0 -1,0 +1,71 @@@
++From 3cefdceca19f214bc9c761d5b11a559b9e62f03f Mon Sep 17 00:00:00 2001
++From: Bernhard Schmidt <berni at debian.org>
++Date: Thu, 10 Nov 2016 09:45:29 +0100
++Subject: asterisk/0001-r5397-pjsip_generic_array_max_count
++
++This patch updates array limit checks and docs
++in pjsip_evsub_register_pkg() and pjsip_endpt_add_capability().
++
++Patch-Category: asterisk
++---
++ pjsip/include/pjsip-simple/evsub.h | 3 ++-
++ pjsip/include/pjsip/sip_endpoint.h | 3 ++-
++ pjsip/src/pjsip-simple/evsub.c | 4 +++-
++ pjsip/src/pjsip/sip_endpoint.c | 1 +
++ 4 files changed, 8 insertions(+), 3 deletions(-)
++
++diff --git a/pjsip/include/pjsip-simple/evsub.h b/pjsip/include/pjsip-simple/evsub.h
++index 8c8fb85..405a0cd 100644
++--- a/pjsip/include/pjsip-simple/evsub.h
+++++ b/pjsip/include/pjsip-simple/evsub.h
++@@ -246,7 +246,8 @@ PJ_DECL(pjsip_module*) pjsip_evsub_instance(void);
++ * registered.
++ * @param event_name Event package identification.
++ * @param expires Default subscription expiration time, in seconds.
++- * @param accept_cnt Number of strings in Accept array.
+++ * @param accept_cnt Number of strings in Accept array. The value must
+++ * not be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
++ * @param accept Array of Accept value.
++ *
++ * @return PJ_SUCCESS on success.
++diff --git a/pjsip/include/pjsip/sip_endpoint.h b/pjsip/include/pjsip/sip_endpoint.h
++index 2c02965..fbc9a6e 100644
++--- a/pjsip/include/pjsip/sip_endpoint.h
+++++ b/pjsip/include/pjsip/sip_endpoint.h
++@@ -583,7 +583,8 @@ PJ_DECL(pj_bool_t) pjsip_endpt_has_capability( pjsip_endpoint *endpt,
++ * @param hname If htype specifies PJSIP_H_OTHER, then the header name
++ * must be supplied in this argument. Otherwise the value
++ * must be set to NULL.
++- * @param count The number of tags in the array.
+++ * @param count The number of tags in the array. The value must not
+++ * be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
++ * @param tags Array of tags describing the capabilities or extensions
++ * to be added to the appropriate header.
++ *
++diff --git a/pjsip/src/pjsip-simple/evsub.c b/pjsip/src/pjsip-simple/evsub.c
++index 8d0f516..c5821dc 100644
++--- a/pjsip/src/pjsip-simple/evsub.c
+++++ b/pjsip/src/pjsip-simple/evsub.c
++@@ -412,7 +412,9 @@ PJ_DEF(pj_status_t) pjsip_evsub_register_pkg( pjsip_module *pkg_mod,
++ unsigned i;
++
++ PJ_ASSERT_RETURN(pkg_mod && event_name, PJ_EINVAL);
++- PJ_ASSERT_RETURN(accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values),
+++
+++ /* Make sure accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values) */
+++ PJ_ASSERT_RETURN(accept_cnt <= PJSIP_GENERIC_ARRAY_MAX_COUNT,
++ PJ_ETOOMANY);
++
++ /* Make sure evsub module has been initialized */
++diff --git a/pjsip/src/pjsip/sip_endpoint.c b/pjsip/src/pjsip/sip_endpoint.c
++index b606b19..7889851 100644
++--- a/pjsip/src/pjsip/sip_endpoint.c
+++++ b/pjsip/src/pjsip/sip_endpoint.c
++@@ -371,6 +371,7 @@ PJ_DEF(pj_status_t) pjsip_endpt_add_capability( pjsip_endpoint *endpt,
++
++ /* Check arguments. */
++ PJ_ASSERT_RETURN(endpt!=NULL && count>0 && tags, PJ_EINVAL);
+++ PJ_ASSERT_RETURN(count <= PJSIP_GENERIC_ARRAY_MAX_COUNT, PJ_ETOOMANY);
++ PJ_ASSERT_RETURN(htype==PJSIP_H_ACCEPT ||
++ htype==PJSIP_H_ALLOW ||
++ htype==PJSIP_H_SUPPORTED,
diff --cc debian/patches/asterisk/0009-asterisk-0001-r5400-pjsip_tx_data_dec_ref.patch
index 0000000,0000000..208e5f3
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0009-asterisk-0001-r5400-pjsip_tx_data_dec_ref.patch
@@@ -1,0 -1,0 +1,34 @@@
++From f633709e02b970bd075939bc1c9b5647fb47f23b Mon Sep 17 00:00:00 2001
++From: Bernhard Schmidt <berni at debian.org>
++Date: Thu, 10 Nov 2016 09:45:37 +0100
++Subject: asterisk/0001-r5400-pjsip_tx_data_dec_ref
++
++This patch fixes the issue in pjsip_tx_data_dec_ref()
++when tx_data_destroy can be called more than once,
++and checks if invalid value (e.g. NULL) is passed to.
++
++Patch-Category: asterisk
++---
++ pjsip/src/pjsip/sip_transport.c | 9 +++++++--
++ 1 file changed, 7 insertions(+), 2 deletions(-)
++
++diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
++index 49d8202..f87e47c 100644
++--- a/pjsip/src/pjsip/sip_transport.c
+++++ b/pjsip/src/pjsip/sip_transport.c
++@@ -491,8 +491,13 @@ static void tx_data_destroy(pjsip_tx_data *tdata)
++ */
++ PJ_DEF(pj_status_t) pjsip_tx_data_dec_ref( pjsip_tx_data *tdata )
++ {
++- pj_assert( pj_atomic_get(tdata->ref_cnt) > 0);
++- if (pj_atomic_dec_and_get(tdata->ref_cnt) <= 0) {
+++ pj_atomic_value_t ref_cnt;
+++
+++ PJ_ASSERT_RETURN(tdata && tdata->ref_cnt, PJ_EINVAL);
+++
+++ ref_cnt = pj_atomic_dec_and_get(tdata->ref_cnt);
+++ pj_assert( ref_cnt >= 0);
+++ if (ref_cnt == 0) {
++ tx_data_destroy(tdata);
++ return PJSIP_EBUFDESTROYED;
++ } else {
diff --cc debian/patches/asterisk/0010-Fix-1946-Avoid-deinitialization-of-uninitialized-cli.patch
index 0000000,0000000..797a7ce
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0010-Fix-1946-Avoid-deinitialization-of-uninitialized-cli.patch
@@@ -1,0 -1,0 +1,55 @@@
++From 9775414149032bf86aec9b59dca3d7f0324a7741 Mon Sep 17 00:00:00 2001
++From: nanang <nanang at localhost>
++Date: Thu, 28 Jul 2016 08:21:45 +0000
++Subject: Fix #1946: Avoid deinitialization of uninitialized client
++
++ auth session.
++
++Patch-Category: asterisk
++---
++ pjsip/src/pjsip/sip_dialog.c | 18 ++++++------------
++ 1 file changed, 6 insertions(+), 12 deletions(-)
++
++diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
++index 800e9f3..ad736fb 100644
++--- a/pjsip/src/pjsip/sip_dialog.c
+++++ b/pjsip/src/pjsip/sip_dialog.c
++@@ -92,6 +92,12 @@ static pj_status_t create_dialog( pjsip_user_agent *ua,
++ pj_list_init(&dlg->inv_hdr);
++ pj_list_init(&dlg->rem_cap_hdr);
++
+++ /* Init client authentication session. */
+++ status = pjsip_auth_clt_init(&dlg->auth_sess, dlg->endpt,
+++ dlg->pool, 0);
+++ if (status != PJ_SUCCESS)
+++ goto on_error;
+++
++ status = pj_mutex_create_recursive(pool, dlg->obj_name, &dlg->mutex_);
++ if (status != PJ_SUCCESS)
++ goto on_error;
++@@ -283,12 +289,6 @@ PJ_DEF(pj_status_t) pjsip_dlg_create_uac( pjsip_user_agent *ua,
++ /* Initial route set is empty. */
++ pj_list_init(&dlg->route_set);
++
++- /* Init client authentication session. */
++- status = pjsip_auth_clt_init(&dlg->auth_sess, dlg->endpt,
++- dlg->pool, 0);
++- if (status != PJ_SUCCESS)
++- goto on_error;
++-
++ /* Register this dialog to user agent. */
++ status = pjsip_ua_register_dlg( ua, dlg );
++ if (status != PJ_SUCCESS)
++@@ -506,12 +506,6 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
++ }
++ dlg->route_set_frozen = PJ_TRUE;
++
++- /* Init client authentication session. */
++- status = pjsip_auth_clt_init(&dlg->auth_sess, dlg->endpt,
++- dlg->pool, 0);
++- if (status != PJ_SUCCESS)
++- goto on_error;
++-
++ /* Increment the dialog's lock since tsx may cause the dialog to be
++ * destroyed prematurely (such as in case of transport error).
++ */
diff --cc debian/patches/asterisk/0011-asterisk-0002-r5435-add-pjsip_inv_session-ref_cnt.patch
index 0000000,0000000..8e42e74
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0011-asterisk-0002-r5435-add-pjsip_inv_session-ref_cnt.patch
@@@ -1,0 -1,0 +1,223 @@@
++From cb55bebea5f2a6b1153d70e141b0674541324553 Mon Sep 17 00:00:00 2001
++From: Bernhard Schmidt <berni at debian.org>
++Date: Thu, 10 Nov 2016 09:45:56 +0100
++Subject: asterisk/0002-r5435-add-pjsip_inv_session-ref_cnt
++
++When a transport error occured on an INVITE session
++the stack calls on_tsx_state_changed with new state
++PJSIP_INV_STATE_DISCONNECTED and immediately destroys
++the INVITE session.
++At the same time this INVITE session could being processed
++on another thread. This thread could use the session's
++memory pools which were already freed, so we get segfault.
++
++This patch adds a reference counter and new functions:
++pjsip_inv_add_ref and pjsip_inv_dec_ref.
++The INVITE session is destroyed only when the reference
++counter has reached zero.
++
++To avoid race condition an application should call
++pjsip_inv_add_ref/pjsip_inv_dec_ref.
++
++Patch-Category: asterisk
++---
++ pjsip/include/pjsip-ua/sip_inv.h | 30 +++++++++++++
++ pjsip/src/pjsip-ua/sip_inv.c | 95 +++++++++++++++++++++++++++++++---------
++ 2 files changed, 104 insertions(+), 21 deletions(-)
++
++diff --git a/pjsip/include/pjsip-ua/sip_inv.h b/pjsip/include/pjsip-ua/sip_inv.h
++index c4fa97f..8915fe0 100644
++--- a/pjsip/include/pjsip-ua/sip_inv.h
+++++ b/pjsip/include/pjsip-ua/sip_inv.h
++@@ -383,6 +383,11 @@ struct pjsip_timer;
++ * Other applications that want to use these pools must understand
++ * that the flip-flop pool's lifetimes are synchronized to the
++ * SDP offer-answer negotiation.
+++ *
+++ * The lifetime of this session is controlled by the reference counter in this
+++ * structure, which is manipulated by calling #pjsip_inv_add_ref and
+++ * #pjsip_inv_dec_ref. When the reference counter has reached zero, then
+++ * this session will be destroyed.
++ */
++ struct pjsip_inv_session
++ {
++@@ -412,6 +417,7 @@ struct pjsip_inv_session
++ struct pjsip_timer *timer; /**< Session Timers. */
++ pj_bool_t following_fork; /**< Internal, following
++ forked media? */
+++ pj_atomic_t *ref_cnt; /**< Reference counter. */
++ };
++
++
++@@ -631,6 +637,30 @@ PJ_DECL(pj_status_t) pjsip_inv_create_uas(pjsip_dialog *dlg,
++
++
++ /**
+++ * Add reference counter to the INVITE session. The reference counter controls
+++ * the life time of the session, ie. when the counter reaches zero, then it
+++ * will be destroyed.
+++ *
+++ * @param inv The INVITE session.
+++ * @return PJ_SUCCESS if the INVITE session reference counter
+++ * was increased.
+++ */
+++PJ_DECL(pj_status_t) pjsip_inv_add_ref( pjsip_inv_session *inv );
+++
+++/**
+++ * Decrement reference counter of the INVITE session.
+++ * When the session is no longer used, it will be destroyed and
+++ * caller is informed with PJ_EGONE return status.
+++ *
+++ * @param inv The INVITE session.
+++ * @return PJ_SUCCESS if the INVITE session reference counter
+++ * was decreased. A status PJ_EGONE will be returned to
+++ * inform that session is destroyed.
+++ */
+++PJ_DECL(pj_status_t) pjsip_inv_dec_ref( pjsip_inv_session *inv );
+++
+++
+++/**
++ * Forcefully terminate and destroy INVITE session, regardless of
++ * the state of the session. Note that this function should only be used
++ * when there is failure in the INVITE session creation. After the
++diff --git a/pjsip/src/pjsip-ua/sip_inv.c b/pjsip/src/pjsip-ua/sip_inv.c
++index 2ab0715..4bb6f33 100644
++--- a/pjsip/src/pjsip-ua/sip_inv.c
+++++ b/pjsip/src/pjsip-ua/sip_inv.c
++@@ -195,6 +195,65 @@ static pj_status_t mod_inv_unload(void)
++ }
++
++ /*
+++ * Add reference to INVITE session.
+++ */
+++PJ_DEF(pj_status_t) pjsip_inv_add_ref( pjsip_inv_session *inv )
+++{
+++ PJ_ASSERT_RETURN(inv && inv->ref_cnt, PJ_EINVAL);
+++
+++ pj_atomic_inc(inv->ref_cnt);
+++
+++ return PJ_SUCCESS;
+++}
+++
+++static void inv_session_destroy(pjsip_inv_session *inv)
+++{
+++ if (inv->last_ack) {
+++ pjsip_tx_data_dec_ref(inv->last_ack);
+++ inv->last_ack = NULL;
+++ }
+++ if (inv->invite_req) {
+++ pjsip_tx_data_dec_ref(inv->invite_req);
+++ inv->invite_req = NULL;
+++ }
+++ if (inv->pending_bye) {
+++ pjsip_tx_data_dec_ref(inv->pending_bye);
+++ inv->pending_bye = NULL;
+++ }
+++ pjsip_100rel_end_session(inv);
+++ pjsip_timer_end_session(inv);
+++ pjsip_dlg_dec_session(inv->dlg, &mod_inv.mod);
+++
+++ /* Release the flip-flop pools */
+++ pj_pool_release(inv->pool_prov);
+++ inv->pool_prov = NULL;
+++ pj_pool_release(inv->pool_active);
+++ inv->pool_active = NULL;
+++
+++ pj_atomic_destroy(inv->ref_cnt);
+++ inv->ref_cnt = NULL;
+++}
+++
+++/*
+++ * Decrease INVITE session reference, destroy it when the reference count
+++ * reaches zero.
+++ */
+++PJ_DEF(pj_status_t) pjsip_inv_dec_ref( pjsip_inv_session *inv )
+++{
+++ pj_atomic_value_t ref_cnt;
+++
+++ PJ_ASSERT_RETURN(inv && inv->ref_cnt, PJ_EINVAL);
+++
+++ ref_cnt = pj_atomic_dec_and_get(inv->ref_cnt);
+++ pj_assert( ref_cnt >= 0);
+++ if (ref_cnt == 0) {
+++ inv_session_destroy(inv);
+++ return PJ_EGONE;
+++ }
+++ return PJ_SUCCESS;
+++}
+++
+++/*
++ * Set session state.
++ */
++ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
++@@ -260,27 +319,7 @@ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
++ if (inv->state == PJSIP_INV_STATE_DISCONNECTED &&
++ prev_state != PJSIP_INV_STATE_DISCONNECTED)
++ {
++- if (inv->last_ack) {
++- pjsip_tx_data_dec_ref(inv->last_ack);
++- inv->last_ack = NULL;
++- }
++- if (inv->invite_req) {
++- pjsip_tx_data_dec_ref(inv->invite_req);
++- inv->invite_req = NULL;
++- }
++- if (inv->pending_bye) {
++- pjsip_tx_data_dec_ref(inv->pending_bye);
++- inv->pending_bye = NULL;
++- }
++- pjsip_100rel_end_session(inv);
++- pjsip_timer_end_session(inv);
++- pjsip_dlg_dec_session(inv->dlg, &mod_inv.mod);
++-
++- /* Release the flip-flop pools */
++- pj_pool_release(inv->pool_prov);
++- inv->pool_prov = NULL;
++- pj_pool_release(inv->pool_active);
++- inv->pool_active = NULL;
+++ pjsip_inv_dec_ref(inv);
++ }
++ }
++
++@@ -837,6 +876,12 @@ PJ_DEF(pj_status_t) pjsip_inv_create_uac( pjsip_dialog *dlg,
++ inv = PJ_POOL_ZALLOC_T(dlg->pool, pjsip_inv_session);
++ pj_assert(inv != NULL);
++
+++ status = pj_atomic_create(dlg->pool, 0, &inv->ref_cnt);
+++ if (status != PJ_SUCCESS) {
+++ pjsip_dlg_dec_lock(dlg);
+++ return status;
+++ }
+++
++ inv->pool = dlg->pool;
++ inv->role = PJSIP_ROLE_UAC;
++ inv->state = PJSIP_INV_STATE_NULL;
++@@ -880,6 +925,7 @@ PJ_DEF(pj_status_t) pjsip_inv_create_uac( pjsip_dialog *dlg,
++ pjsip_100rel_attach(inv);
++
++ /* Done */
+++ pjsip_inv_add_ref(inv);
++ *p_inv = inv;
++
++ pjsip_dlg_dec_lock(dlg);
++@@ -1470,6 +1516,12 @@ PJ_DEF(pj_status_t) pjsip_inv_create_uas( pjsip_dialog *dlg,
++ inv = PJ_POOL_ZALLOC_T(dlg->pool, pjsip_inv_session);
++ pj_assert(inv != NULL);
++
+++ status = pj_atomic_create(dlg->pool, 0, &inv->ref_cnt);
+++ if (status != PJ_SUCCESS) {
+++ pjsip_dlg_dec_lock(dlg);
+++ return status;
+++ }
+++
++ inv->pool = dlg->pool;
++ inv->role = PJSIP_ROLE_UAS;
++ inv->state = PJSIP_INV_STATE_NULL;
++@@ -1539,6 +1591,7 @@ PJ_DEF(pj_status_t) pjsip_inv_create_uas( pjsip_dialog *dlg,
++ }
++
++ /* Done */
+++ pjsip_inv_add_ref(inv);
++ pjsip_dlg_dec_lock(dlg);
++ *p_inv = inv;
++
diff --cc debian/patches/asterisk/0012-asterisk-0003-r5403-pjsip_IPV6_V6ONLY.patch
index 0000000,0000000..bc45c77
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0012-asterisk-0003-r5403-pjsip_IPV6_V6ONLY.patch
@@@ -1,0 -1,0 +1,25 @@@
++From a050688586578ea1eb70b6c12f7066a7a604152b Mon Sep 17 00:00:00 2001
++From: Bernhard Schmidt <berni at debian.org>
++Date: Thu, 10 Nov 2016 09:46:04 +0100
++Subject: asterisk/0003-r5403-pjsip_IPV6_V6ONLY
++
++Patch-Category: asterisk
++---
++ pjlib/src/pj/sock_bsd.c | 4 ++++
++ 1 file changed, 4 insertions(+)
++
++diff --git a/pjlib/src/pj/sock_bsd.c b/pjlib/src/pj/sock_bsd.c
++index 8c2b577..ae10e6f 100644
++--- a/pjlib/src/pj/sock_bsd.c
+++++ b/pjlib/src/pj/sock_bsd.c
++@@ -539,6 +539,10 @@ PJ_DEF(pj_status_t) pj_sock_socket(int af,
++ pj_sock_setsockopt(*sock, pj_SOL_SOCKET(), pj_SO_NOSIGPIPE(),
++ &val, sizeof(val));
++ }
+++ if (af != PJ_AF_INET) { /* Linux Kernel 2.4.21; June 2003 */
+++ pj_sock_setsockopt(*sock, PJ_SOL_IPV6, IPV6_V6ONLY,
+++ &val, sizeof(val));
+++ }
++ #if defined(PJ_IPHONE_OS_HAS_MULTITASKING_SUPPORT) && \
++ PJ_IPHONE_OS_HAS_MULTITASKING_SUPPORT!=0
++ if (type == pj_SOCK_DGRAM()) {
diff --cc debian/patches/asterisk/0013-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
index 0000000,0000000..edc0335
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0013-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
@@@ -1,0 -1,0 +1,46 @@@
++From d27b8883103928d4348920a8323d13996760c890 Mon Sep 17 00:00:00 2001
++From: George Joseph <gjoseph at digium.com>
++Date: Wed, 7 Sep 2016 13:10:57 -0600
++Subject: resolver.c: Prevent SERVFAIL from marking name server bad
++
++A name server that returns "Server Failure" is indicating only that
++the server couldn't process that particular request. We should NOT
++assume that the name server is incapable of serving other requests.
++
++Here's the scenario we've been encountering...
++
++* 2 local name servers configured in resolv.conf.
++* An OPTIONS request causes a request for A and AAAA records to go out
++ to both nameservers.
++* The A responses both come back successfully resolved.
++* Because of an issue at some upstream nameserver, the AAAA responses
++ for that particular query come back as "SERVFAIL" from both local
++ name servers.
++* Both local servers are marked as bad and no further queries can be
++ sent until the 60 second ttl expires. Only previously cached results
++ can be used.
++* In this case, 60 seconds is just enough time for another OPTIONS
++ request to go out to the same host so the cycle repeats.
++
++We could set the bad ttl really low but that also affects REFUSED and
++NOTAUTH which probably DO signal a real server issue. Besides, even
++a really low bad ttl would be an issue on a pbx.
++Patch-Category: asterisk
++---
++ pjlib-util/src/pjlib-util/resolver.c | 3 +--
++ 1 file changed, 1 insertion(+), 2 deletions(-)
++
++diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
++index ff4a199..e5e1bed 100644
++--- a/pjlib-util/src/pjlib-util/resolver.c
+++++ b/pjlib-util/src/pjlib-util/resolver.c
++@@ -1363,8 +1363,7 @@ static void report_nameserver_status(pj_dns_resolver *resolver,
++ q_id = (pj_uint32_t)-1;
++ }
++
++- if (!pkt || rcode == PJ_DNS_RCODE_SERVFAIL ||
++- rcode == PJ_DNS_RCODE_REFUSED ||
+++ if (!pkt || rcode == PJ_DNS_RCODE_REFUSED ||
++ rcode == PJ_DNS_RCODE_NOTAUTH)
++ {
++ is_good = PJ_FALSE;
diff --cc debian/patches/asterisk/0014-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL.patch
index 0000000,0000000..e2245d3
new file mode 100644
--- /dev/null
+++ b/debian/patches/asterisk/0014-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL.patch
@@@ -1,0 -1,0 +1,163 @@@
++From 5a0ded59b572274fa1988d89afbbafeb2cbb34f1 Mon Sep 17 00:00:00 2001
++From: riza <riza at localhost>
++Date: Thu, 13 Oct 2016 09:02:50 +0000
++Subject: Re #1969: Fix crash on using an already destroyed SSL
++
++ socket.
++
++Patch-Category: asterisk
++---
++ pjlib/src/pj/ssl_sock_ossl.c | 66 ++++++++++++++++++++++++++++----------------
++ 1 file changed, 42 insertions(+), 24 deletions(-)
++
++diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
++index 1e276ab..df69bd6 100644
++--- a/pjlib/src/pj/ssl_sock_ossl.c
+++++ b/pjlib/src/pj/ssl_sock_ossl.c
++@@ -822,7 +822,10 @@ static void close_sockets(pj_ssl_sock_t *ssock)
++ pj_lock_acquire(ssock->write_mutex);
++ asock = ssock->asock;
++ if (asock) {
++- ssock->asock = NULL;
+++ // Don't set ssock->asock to NULL, as it may trigger assertion in
+++ // send operation. This should be safe as active socket will simply
+++ // return PJ_EINVALIDOP on any operation if it is already closed.
+++ //ssock->asock = NULL;
++ ssock->sock = PJ_INVALID_SOCKET;
++ }
++ sock = ssock->sock;
++@@ -841,9 +844,9 @@ static void close_sockets(pj_ssl_sock_t *ssock)
++ /* Reset SSL socket state */
++ static void reset_ssl_sock_state(pj_ssl_sock_t *ssock)
++ {
+++ pj_lock_acquire(ssock->write_mutex);
++ ssock->ssl_state = SSL_STATE_NULL;
++-
++- destroy_ssl(ssock);
+++ pj_lock_release(ssock->write_mutex);
++
++ close_sockets(ssock);
++
++@@ -1612,6 +1615,21 @@ static pj_status_t do_handshake(pj_ssl_sock_t *ssock)
++ return PJ_EPENDING;
++ }
++
+++static void ssl_on_destroy(void *arg)
+++{
+++ pj_pool_t *pool = NULL;
+++ pj_ssl_sock_t *ssock = (pj_ssl_sock_t*)arg;
+++
+++ destroy_ssl(ssock);
+++
+++ pj_lock_destroy(ssock->write_mutex);
+++
+++ pool = ssock->pool;
+++ ssock->pool = NULL;
+++ if (pool)
+++ pj_pool_release(pool);
+++}
+++
++
++ /*
++ *******************************************************************
++@@ -1830,7 +1848,7 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
++
++ /* Create new SSL socket instance */
++ status = pj_ssl_sock_create(ssock_parent->pool,
++- &ssock_parent->newsock_param, &ssock);
+++ &ssock_parent->newsock_param, &ssock);
++ if (status != PJ_SUCCESS)
++ goto on_return;
++
++@@ -1906,12 +1924,10 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
++ if (status != PJ_SUCCESS)
++ goto on_return;
++
++- /* Temporarily add ref the group lock until active socket creation,
++- * to make sure that group lock is destroyed if the active socket
++- * creation fails.
++- */
++ pj_grp_lock_add_ref(glock);
++ asock_cfg.grp_lock = ssock->param.grp_lock = glock;
+++ pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
+++ ssl_on_destroy);
++ }
++
++ pj_bzero(&asock_cb, sizeof(asock_cb));
++@@ -1927,11 +1943,6 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
++ ssock,
++ &ssock->asock);
++
++- /* This will destroy the group lock if active socket creation fails */
++- if (asock_cfg.grp_lock) {
++- pj_grp_lock_dec_ref(asock_cfg.grp_lock);
++- }
++-
++ if (status != PJ_SUCCESS)
++ goto on_return;
++
++@@ -2251,17 +2262,26 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool,
++ /* Create secure socket mutex */
++ status = pj_lock_create_recursive_mutex(pool, pool->obj_name,
++ &ssock->write_mutex);
++- if (status != PJ_SUCCESS)
+++ if (status != PJ_SUCCESS) {
+++ pj_pool_release(pool);
++ return status;
+++ }
++
++ /* Init secure socket param */
++ pj_ssl_sock_param_copy(pool, &ssock->param, param);
+++
+++ if (ssock->param.grp_lock) {
+++ pj_grp_lock_add_ref(ssock->param.grp_lock);
+++ pj_grp_lock_add_handler(ssock->param.grp_lock, pool, ssock,
+++ ssl_on_destroy);
+++ }
+++
++ ssock->param.read_buffer_size = ((ssock->param.read_buffer_size+7)>>3)<<3;
++ if (!ssock->param.timer_heap) {
++ PJ_LOG(3,(ssock->pool->obj_name, "Warning: timer heap is not "
++ "available. It is recommended to supply one to avoid "
++- "a race condition if more than one worker threads "
++- "are used."));
+++ "a race condition if more than one worker threads "
+++ "are used."));
++ }
++
++ /* Finally */
++@@ -2277,8 +2297,6 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool,
++ */
++ PJ_DEF(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock)
++ {
++- pj_pool_t *pool;
++-
++ PJ_ASSERT_RETURN(ssock, PJ_EINVAL);
++
++ if (!ssock->pool)
++@@ -2290,12 +2308,11 @@ PJ_DEF(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock)
++ }
++
++ reset_ssl_sock_state(ssock);
++- pj_lock_destroy(ssock->write_mutex);
++-
++- pool = ssock->pool;
++- ssock->pool = NULL;
++- if (pool)
++- pj_pool_release(pool);
+++ if (ssock->param.grp_lock) {
+++ pj_grp_lock_dec_ref(ssock->param.grp_lock);
+++ } else {
+++ ssl_on_destroy(ssock);
+++ }
++
++ return PJ_SUCCESS;
++ }
++@@ -2782,6 +2799,7 @@ pj_ssl_sock_start_accept2(pj_ssl_sock_t *ssock,
++
++ /* Start accepting */
++ pj_ssl_sock_param_copy(pool, &ssock->newsock_param, newsock_param);
+++ ssock->newsock_param.grp_lock = NULL;
++ status = pj_activesock_start_accept(ssock->asock, pool);
++ if (status != PJ_SUCCESS)
++ goto on_error;
diff --cc debian/patches/series
index 94b3174,0000000..6f31536
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,7 -1,0 +1,14 @@@
+0001-Remove-pointless-linking-with-libasound.patch
+0002-Reduce-number-of-libraries-linked-with-pjlib.patch
+0003-Reduce-number-of-libraries-linked-with-pjmedia.patch
+0004-Enable-building-python-bindings.patch
+0005-Remove-video-libs-dependency-for-pj-utils-and-pjnath.patch
+0006-Reduce-linkage-of-unused-libraries.patch
+0007-add-v5-suffix-to-soname-of-libpjsua2-2.patch
++asterisk/0008-asterisk-0001-r5397-pjsip_generic_array_max_count.patch
++asterisk/0009-asterisk-0001-r5400-pjsip_tx_data_dec_ref.patch
++asterisk/0010-Fix-1946-Avoid-deinitialization-of-uninitialized-cli.patch
++asterisk/0011-asterisk-0002-r5435-add-pjsip_inv_session-ref_cnt.patch
++asterisk/0012-asterisk-0003-r5403-pjsip_IPV6_V6ONLY.patch
++asterisk/0013-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
++asterisk/0014-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/pjproject.git
More information about the Pkg-voip-commits
mailing list