asterisk-16.x: fix AST-2020-001 and 002
Patches used:
http://downloads.asterisk.org/pub/security/AST-2020-001-16.diff
http://downloads.asterisk.org/pub/security/AST-2020-002-16.diff
Patch AST-2020-002-16.diff was amended a bit in res/res_pjsip_session.c:
if (++session->authentication_challenge_count > MAX_RX_CHALLENGES) {
ast_debug(3, "%s: Initial INVITE reached maximum number of auth attempts.\n", ast_sip_session_get_name(session));
return PJ_FALSE;
}
The above was not possible, because of missing bits introduced only in a
later version of Asterisk 16 (see upstream commit [1]). So the ast_debug
call was simplified accordingly.
Both patches were refreshed within OpenWrt SDK.
[1] https://github.com/asterisk/asterisk/commit/
6abf6f345dbd0510d8a217d16cc1819e4d2bf815
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
projects / feed / telephony.git / commit