Update for 14.4.0-rc3

.version

@@ -1 +1 @@
-14.4.0-rc2
+14.4.0-rc3

ChangeLog

@@ -1,3 +1,47 @@
+2017-04-05 12:39 +0000  Asterisk Development Team <asteriskteam@digium.com>
+
+	* asterisk 14.4.0-rc3 Released.
+
+2017-04-03 15:38 +0000 [347c5304cf]  Richard Mudgett <rmudgett@digium.com>
+
+	* res_pjsip_sdp_rtp.c: Don't alter global addr variable.
+
+	  * create_rtp(): Fix unexpected alteration of global address_rtp if a
+	  transport is bound to an address.
+
+	  * create_rtp(): Fix use of uninitialized memory if the endpoint RTP media
+	  address is invalid or the transport has an invalid address.
+
+	  ASTERISK-26851
+
+	  Change-Id: Icde42e65164a88913cb5c2601b285eebcff397b7
+
+2017-03-27 09:03 +0000 [a3a42c0907]  Corey Farrell <git@cfware.com>
+
+	* CDR: Protect from data overflow in ast_cdr_setuserfield.
+
+	  ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
+	  result in a buffer overrun when called from chan_sip or func_cdr. This patch
+	  adds a maximum bytes written to the field by using ast_copy_string instead.
+
+	  ASTERISK-26897 #close
+	  patches:
+	    0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
+	      by Corey Farrell (license #5909)
+
+	  Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
+
+2017-04-03 13:56 +0000 [6cdd55f2ca]  Richard Mudgett <rmudgett@digium.com>
+
+	* res_pjsip: Fix transport ref leak.
+
+	  We were leaking a transport ref in multihomed_on_rx_message() which
+	  resulted in the FRACK about excessive ref counts.
+
+	  ASTERISK-26916 #close
+
+	  Change-Id: I7a96658a9614a060565bb9ad51cb1c9c11ee145f
+
 2017-03-31 14:06 +0000  Asterisk Development Team <asteriskteam@digium.com>
 
 	* asterisk 14.4.0-rc2 Released.

asterisk-14.4.0-rc3-summary.html

@@ -1,13 +1,15 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-14.4.0-rc2</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-14.4.0-rc2</h3><h3 align="center">Date: 2017-03-31</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><title>Release Summary - asterisk-14.4.0-rc3</title><h1 align="center"><a name="top">Release Summary</a></h1><h3 align="center">asterisk-14.4.0-rc3</h3><h3 align="center">Date: 2017-04-05</h3><h3 align="center">&lt;asteriskteam@digium.com&gt;</h3><hr><h2 align="center">Table of Contents</h2><ol>
 <li><a href="#summary">Summary</a></li>
 <li><a href="#contributors">Contributors</a></li>
 <li><a href="#closed_issues">Closed Issues</a></li>
 <li><a href="#diffstat">Diffstat</a></li>
-</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release is a point release of an existing major version. The changes included were made to address problems that have been identified in this release series, or are minor, backwards compatible new features or improvements. Users should be able to safely upgrade to this version if this release series is already in use. Users considering upgrading from a previous version are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p><p>The data in this summary reflects changes that have been made since the previous release, asterisk-14.4.0-rc1.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
+</ol><hr><a name="summary"><h2 align="center">Summary</h2></a><center><a href="#top">[Back to Top]</a></center><p>This release is a point release of an existing major version. The changes included were made to address problems that have been identified in this release series, or are minor, backwards compatible new features or improvements. Users should be able to safely upgrade to this version if this release series is already in use. Users considering upgrading from a previous version are strongly encouraged to review the UPGRADE.txt document as well as the CHANGES document for information about upgrading to this release series.</p><p>The data in this summary reflects changes that have been made since the previous release, asterisk-14.4.0-rc2.</p><hr><a name="contributors"><h2 align="center">Contributors</h2></a><center><a href="#top">[Back to Top]</a></center><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release. For coders, the number is how many of their patches (of any size) were committed into this release. For testers, the number is the number of times their name was listed as assisting with testing a patch. Finally, for reporters, the number is the number of issues that they reported that were affected by commits that went into this release.</p><table width="100%" border="0">
 <tr><th width="33%">Coders</th><th width="33%">Testers</th><th width="33%">Reporters</th></tr>
-<tr valign="top"><td width="33%">1 Walter Doekes <walter+asterisk@wjd.nu><br/></td><td width="33%"><td width="33%">1 George Joseph <gjoseph@digium.com><br/></td></tr>
+<tr valign="top"><td width="33%">2 Richard Mudgett <rmudgett@digium.com><br/>1 Corey Farrell <git@cfware.com><br/></td><td width="33%"><td width="33%">1 Richard Begg <asterisk@meric.id.au><br/>1 Alex Villacís Lasso <a_villacis@palosanto.com><br/>1 Ross Beer <ross.beer@voicehost.co.uk><br/></td></tr>
-</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Core/BuildSystem</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26705">ASTERISK-26705</a>: libasteriskssl.so not found when asterisk is installed for the 1st time<br/>Reported by: George Joseph<ul>
+</table><hr><a name="closed_issues"><h2 align="center">Closed Issues</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a list of all issues from the issue tracker that were closed by changes that went into this release.</p><h3>Bug</h3><h4>Category: Channels/chan_sip/General</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26897">ASTERISK-26897</a>: chan_sip: Security vulnerability with client code header<br/>Reported by: Alex Villacís Lasso<ul>
-<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=078bac09247b6b832e8c60f13c01a3f416ecef3f">[078bac0924]</a> Walter Doekes -- build: Fix deb build issues with fakeroot</li>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=a3a42c0907c6c3892a1b9ac915416845220d43d3">[a3a42c0907]</a> Corey Farrell -- CDR: Protect from data overflow in ast_cdr_setuserfield.</li>
-</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>Makefile  |   52 +++++++++++++++++++++++++++++++++++++++-------------
+</ul><br><h4>Category: Resources/res_pjsip</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26916">ASTERISK-26916</a>: res_pjsip: Excessive refcount reached on transport ao2 object<br/>Reported by: Ross Beer<ul>
-configure |    2 --
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=6cdd55f2caaae1bb39a83f95f05ca98b6bcfa096">[6cdd55f2ca]</a> Richard Mudgett -- res_pjsip: Fix transport ref leak.</li>
-2 files changed, 39 insertions(+), 15 deletions(-)</pre><br></html>
+</ul><br><h4>Category: Resources/res_pjsip_sdp_rtp</h4><a href="https://issues.asterisk.org/jira/browse/ASTERISK-26851">ASTERISK-26851</a>: res_pjsip_sdp_rtp: RTP instance does not use same IP as explicit transport<br/>Reported by: Richard Begg<ul>
+<li><a href="https://code.asterisk.org/code/changelog/asterisk?cs=347c5304cfec748a9d38fa164c40c7c1dfebe33e">[347c5304cf]</a> Richard Mudgett -- res_pjsip_sdp_rtp.c: Don't alter global addr variable.</li>
+</ul><br><hr><a name="diffstat"><h2 align="center">Diffstat Results</h2></a><center><a href="#top">[Back to Top]</a></center><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p><pre>0 files changed</pre><br></html>

asterisk-14.4.0-rc3-summary.txt

@@ -1,8 +1,8 @@
                                 Release Summary
 
-                              asterisk-14.4.0-rc2
+                              asterisk-14.4.0-rc3
 
-                                Date: 2017-03-31
+                                Date: 2017-04-05
 
                            <asteriskteam@digium.com>
 
@@ -31,7 +31,7 @@
    to this release series.
 
    The data in this summary reflects changes that have been made since the
-   previous release, asterisk-14.4.0-rc1.
+   previous release, asterisk-14.4.0-rc2.
 
      ----------------------------------------------------------------------
 
@@ -49,7 +49,9 @@
    this release.
 
    Coders                   Testers                  Reporters                
-   1 Walter Doekes                                   1 George Joseph          
+   2 Richard Mudgett                                 1 Richard Begg           
+   1 Corey Farrell                                   1 Alex VillacAs Lasso    
+                                                     1 Ross Beer              
 
      ----------------------------------------------------------------------
 
@@ -62,13 +64,27 @@
 
   Bug
 
-    Category: Core/BuildSystem
+    Category: Channels/chan_sip/General
 
-   ASTERISK-26705: libasteriskssl.so not found when asterisk is installed for
+   ASTERISK-26897: chan_sip: Security vulnerability with client code header
-   the 1st time
+   Reported by: Alex VillacAs Lasso
-   Reported by: George Joseph
+     * [a3a42c0907] Corey Farrell -- CDR: Protect from data overflow in
-     * [078bac0924] Walter Doekes -- build: Fix deb build issues with
+       ast_cdr_setuserfield.
-       fakeroot
+
+    Category: Resources/res_pjsip
+
+   ASTERISK-26916: res_pjsip: Excessive refcount reached on transport ao2
+   object
+   Reported by: Ross Beer
+     * [6cdd55f2ca] Richard Mudgett -- res_pjsip: Fix transport ref leak.
+
+    Category: Resources/res_pjsip_sdp_rtp
+
+   ASTERISK-26851: res_pjsip_sdp_rtp: RTP instance does not use same IP as
+   explicit transport
+   Reported by: Richard Begg
+     * [347c5304cf] Richard Mudgett -- res_pjsip_sdp_rtp.c: Don't alter
+       global addr variable.
 
      ----------------------------------------------------------------------
 
@@ -79,6 +95,4 @@
    This is a summary of the changes to the source code that went into this
    release that was generated using the diffstat utility.
 
- Makefile  |   52 +++++++++++++++++++++++++++++++++++++++-------------
+ 0 files changed
- configure |    2 --
- 2 files changed, 39 insertions(+), 15 deletions(-)