Add patch for a remote crash vulnerability. Crash can occur when
negotiating for T.38 with a declined stream.
CVE-2019-15297
Refreshed some other patches.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This upgrades freeswitch from 1.6.20 to 1.8.2. All changes imported from
master. Notable changes:
Modules:
- v8 removed as too difficult to maintain
- new modules: fail2ban, raven and video_filter
Init and hotplug:
- changed init config to uci (/etc/default/freeswitch replaced with
/etc/config/freeswitch)
- logging can now be enabled via /etc/config/freeswitch
- hotplug script is now included in the main package
- the post-install script no longer disables freeswitch during
upgrades
Fixes:
- freeswitch now sends console output properly to procd
Misc:
- the new release adds support for MSRP (Message Session Relay
Protocol, see
https://en.wikipedia.org/wiki/Message_Session_Relay_Protocol), this
opens TCP ports by default, can be limited to localhost in
autoload_configs/msrp.conf.xml
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Patch from upstream:
Summary Remote crash vulnerability DNS SRV and NAPTR lookups
Nature of Advisory Denial Of Service
Susceptibility Remote Unauthenticated Sessions
Severity Moderate
Exploits Known No
Reported On October 23, 2018
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
With OpenWrt default awk - so awk from busybox - the filter is broken,
causing jsonrpc calls to fail, i.e. when running "kamctl ps". Below
patch makes the filter portable. Patch was already accepted upstream.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Robert Högberg found that the regex implementation in musl isn't fully
compatible with yate, leading to unexpected regexp results. Fix this by
using the internal regex.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add upstream fix for AST-2018-009: Remote crash vulnerability in HTTP
websocket upgrade
The vulnerability affects the res_http_websocket.so module.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add upstream fix for AST-2018-009: Remote crash vulnerability in HTTP
websocket upgrade
The vulnerability affects the res_http_websocket.so module.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with
an invalid Via header causes a segmentation fault and crashes Kamailio. The
reason is missing input validation in the crcitt_string_array core function
for calculating a CRC hash for To tags. (An additional error is present in
the check_via_address core function: this function also misses input
validation.) This could result in denial of service and potentially the
execution of arbitrary code.
Patch from upstream.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
A recent commit in packages/lang/perl is causing a problem with the
perlmod.mk include. Work around this by including perlver.mk instead and
setting up PERL_CMD and PERL_SITELIB manually.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
CVE-2018-14767: "In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a
crafted SIP message with a double "To" header and an empty "To" tag
causes a segmentation fault and crash. The reason is missing input
validation in the "build_res_buf_from_sip_req" core function. This could
result in denial of service and potentially the execution of arbitrary
code."
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Sometimes freeswitch doesn't exit after receiving the SIGTERM signal.
This can be reproduced by sending SIGTERM to a freeswitch instance which
is initializing (which can take quite some time).
Instead of just giving up and exiting - leaving a hung freeswitch
process on the system - this commit adds some lines to the init script
that send SIGKILL to freeswitch in case the attempt to terminate it with
SIGTERM fails.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Backport from master.
This patch is strictly speaking only needed for pcre 8.42 and up.
Add it anyway in case pcre maintainer decides to bump the version.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Backport from master.
The macro APR_TRY_COMPILE_NO_WARNING included in apr/apr-util is
incorrect. It results in extra brackets being put into conftest.c, for
example:
#include "confdefs.h"
[
#include <stddef.h>
#include <iconv.h>
]
int main(int argc, const char *const *argv) {
[
iconv(0,(char **)0,(size_t *)0,(char **)0,(size_t *)0);
]
return 0; }
The test always fails with:
error: expected identifier or '(' before '[' token
The following checks are affected:
- variable length arrays
- type of inbuf parameter to iconv
Fix from upstream (Apache).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Backport iconv fixes from master.
- Include nls.mk and remove the uclibc iconv hack.
- The above change pointed to an issue with the unimrcp sed script. It
is missing brackets, which causes follow-up breakage when APR_SETVAR
is called, because the latter uses commas to separate its arguments -
commas that TARGET_LDFLAGS contains when nls.mk is included. So add
the missing brackets.
- mod_gsmopen is unable to detect whether iconv's inbuf is const. Update
the patch so the Makefile can pass this information on to mod_gsmopen.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Switch to use procd for init, with support for jails. Clean up code and
restructure callback processing to be more robust and understandable. This
also fixes a bug processing multiple siproxd config sections, as reported
by Michael Kuron.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from master commit b65b20f6)
