ASTERISK-27715
Reported by: Corey Farrell

Change-Id: I0d6d9572d1352dc7ad30c9917173f1e980d8c938

Change-Id: I459dc320a8c9452a01eed6f403d786741587c890

* Fix --tarball-config so the option doesn't cause an error.

* Allow for missing /etc/os-release.

* Add a sleep between tarballing the coredump and removing the
  output directory to allow the filesystem to settle.

Change-Id: I73e03b13087978bcc7f6bc9f45753990f82d9d77

A couple of additional properties are needed in rtp_engine to enable
support for packet retransmission: AST_RTP_PROPERTY_RETRANS_RECV and
AST_RTP_PROPERTY_RETRANS_SEND. These will both be enabled automatically
if an endpoint has the webrtc option enabled. While this adds no
functionality currently, it will serve as a building block for future
changes for RTP retransmission support.

For more information, refer to the wiki page:
https://wiki.asterisk.org/wiki/display/AST/WebRTC+User+Experience+Improvements

Change-Id: Ic598acd042a045f9d10e5bdccb66f4efc9e587cc

The transferrer's session channel was destroyed by the transferrer's
serializer thread in a race condition with the transfer target's
serializer thread during an attended transfer.  The transfer target's
serializer was attempting to clean up a deferred end status on behalf of
the transferrer's channel when it should have passed the action to the
transferrer's serializer.  When the transfer target's serializer lost the
race then both threads wind up trying to end the transferrer's session.

* Push the ast_sip_session_end_if_deferred() call onto the transferrer's
serializer to avoid a race condition that results in a crash.  The
session_end() function that could be called by
ast_sip_session_end_if_deferred() really must be executed by the
transferrer's serializer to avoid this kind of crash.

ASTERISK-27568

Change-Id: Iacda724e7cb24d7520e49b2fd7e504aa398d7238

deleted
 autoconf gcc libsamplerate sqlite

changed
 binutils to libbfd
 freetds-devel to freetds
 gmime2 to gmime26
 mysql55-client to mysql57-client

added
 alsa-lib bison bzip2 cclient corosync doxygen libedit flex graphviz
 libhoard libical libilbc libltdl lua neon newt net-snmp
 openldap-client openssl patch pkgconf portaudio postgresql10-client
 python radcli speexdsp subversion uriparser xmlstarlet libzip

ASTERISK-27686

Change-Id: Ibe88c9b26e59c30d26cdb313a3ef01c9f37ac80d

Change-Id: Id52f719078a65c4b2eee7ab99d761eba6b6aed94

ASTERISK-27659

Change-Id: I04a2705d2cb7df250769967bc59e2b397a49b797

The handling of stream topologies was not protected by channel locks in
simple_bridge_request_stream_topology_change().

* Fixed topology handling to be protected by channel locks where needed in
simple_bridge_request_stream_topology_change().

ASTERISK-27692

Change-Id: Ica5d78a6c7ecf4f0b95fb16de28d3889b32c4776

In ast_websocket_read() we were not adequately checking that the
payload_len was non-zero before passing it to ws_safe_read(). Calling
ws_safe_read with a len argument of 0 will result in a busy loop until
the underlying socket is closed.

ASTERISK-27658 #close

Change-Id: I9d59f83bc563f711df1a6197c57de473f6b0663a

pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
Because of this Asterisk would crash if given an SDP with an invalid fmtp
attribute.

When retrieving the format this patch now makes sure the fmtp attribute is
available. If not available it now returns an error status.

ASTERISK-27583 #close

Change-Id: I5cebe000ce2d846cae3af33b6d72c416e51caf2f

pjproject's media format parsing algorithm failed to catch invalid values.
Because of this Asterisk would crash if given an SDP with a invalid media
format description.

When parsing the media format description this patch now properly parses the
value and returns an error status if it can't successfully parse/convert the
value.

ASTERISK-27582 #close

Change-Id: I883b3a4ef85b6972397f7b56bf46c5779c55fdd6

Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed.  This way the features will always
be available if res_pjsip is loaded.

ASTERISK-27618
Reported By: Sandro Gauci

Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d

pjsip_distributor:
   authenticate() creates a tdata and uses it to send a challenge or
   failure response.  When pjsip_endpt_send_response2() succeeds, it
   automatically decrements the tdata ref count but when it fails, it
   doesn't.  Since we weren't checking for a return status, we weren't
   decrementing the count ourselves on error and were therefore leaking
   tdatas.

res_pjsip_session:
   session_reinvite_on_rx_request wasn't decrementing the ref count
   if an error happened while sending a 491 response.
   pre_session_setup wasn't decrementing the ref count if
   while sending an error after a pjsip_inv_verify_request failure.

res_pjsip:
   ast_sip_send_response wasn't decrementing the ref count on error.

ASTERISK-27618
Reported By: Sandro Gauci

Change-Id: Iab33a6c7b6fba96148ed465b690ba8534ac961bf

It was discovered that there are some corner cases where a pjsip tsx
might have no last_tx so calling ast_sip_failover_request with
a NULL last_tx as its tdata would cause a crash.

ASTERISK-27618
Reported By:  Sandro Gauci

Change-Id: Ic2b63f6d4ae617c4c19dcdec2a7a6156b54fd15b

When receiving a SUBSCRIBE request the Accept headers from it are
stored locally. This operation has a fixed limit of 32 Accept headers
but this limit was not enforced. As a result it was possible for
memory outside of the allocated space to get written to resulting
in a crash.

This change enforces the limit so only 32 Accept headers are
processed.

ASTERISK-27640
Reported By: Sandro Gauci

Change-Id: I99a814b10b554b13a6021ccf41111e5bc95e7301

When an RTP packet is received by an RTP engine it has to map the
payload into the Asterisk format. The code was incorrectly checking
our own static list for ALL payloads if it couldn't find a negotiated one.
This included dynamic payloads. If the payload mapped to a format
of a different type (for example receiving a video packet on an audio
RTP instance) then the core stream code could cause a crash if a legacy
channel driver was in use as no stream would be present.

To provide further protection the core stream code will no longer assume
that a video or audio frame will always have a stream for legacy channel
drivers. If no stream is present the frame is dropped.

ASTERISK-27488

Change-Id: I022556f524ad8379ee73f14037040af17ea3316a

Change-Id: I4eeedf89085697e81c354eb92d546686c67b0b5b