From 1d054dbbba85c359cfc1909112dbe4dc637d488c Mon Sep 17 00:00:00 2001
From: Jonathan Rose <jrose@digium.com>
Date: Mon, 5 Nov 2012 17:59:11 +0000
Subject: [PATCH] chan_sip: Document a change to user-field encoding introduced
 with r303509

The change in question was added to improve compliance with RFC3261, but at
the time of commit, it wasn't adequately documented in the UPGRADE notes.

(closes issue ASTERISK-20561)
Reported by: Deniz
Review: https://reviewboard.asterisk.org/r/2177/
........

Merged revisions 375846 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@375847 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 UPGRADE.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/UPGRADE.txt b/UPGRADE.txt
index c009b0004b..e0a6f21b74 100644
--- a/UPGRADE.txt
+++ b/UPGRADE.txt
@@ -223,6 +223,15 @@ chan_sip:
  - Setting of HASH(SIP_CAUSE,<slave-channel-name>) on channels is now disabled
    by default. It can be enabled using the 'storesipcause' option. This feature
    has a significant performance penalty.
+ - In order to improve compliance with RFC 3261, SIP usernames are now properly
+   escaped when encoding reserved characters. Prior to this change, the use of
+   these characters in certain SIP settings affecting usernames could cause
+   injections of these characters in their raw form into SIP headers which could
+   in turn cause all sorts of nasty behaviors. All characters that are not
+   alphanumeric or are not contained in the the following lists specified by
+   RFC 3261 section 25.1 will be escaped as %XX when encoding a SIP username:
+    * mark: "-" / "_" / "." / "!" / "~" / "*" / "'" / "(" / ")"
+    * user-unreserved: "&" / "=" / "+" / "$" / "," / ";" / "?" / "/"
 
 UDPTL:
  - The default UDPTL port range in udptl.conf.sample differed from the defaults
-- 
GitLab