Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7930] branches/1.0/package
|
From: <abe...@us...> - 2016-11-05 17:14:43
|
Revision: 7930
http://sourceforge.net/p/astlinux/code/7930
Author: abelbeck
Date: 2016-11-05 17:14:41 +0000 (Sat, 05 Nov 2016)
Log Message:
-----------
asterisk, version bump to 11.24.1 and 13.12.1 w/pjsip patches
Modified Paths:
--------------
branches/1.0/package/asterisk/asterisk-11-configure-cross-fix.patch
branches/1.0/package/asterisk/asterisk-11-extension-changed-verbosity-chan_sip.patch
branches/1.0/package/asterisk/asterisk-11-make-clean-fix.patch
branches/1.0/package/asterisk/asterisk-11-voicemail-multiple-recipients.patch
branches/1.0/package/asterisk/asterisk-13-configure-menuselect-cross-fix.patch
branches/1.0/package/asterisk/asterisk-13-extension-changed-verbosity-chan_sip.patch
branches/1.0/package/asterisk/asterisk.mk
branches/1.0/package/pjsip/asterisk-config_site.h
Added Paths:
-----------
branches/1.0/package/asterisk/asterisk-13-upstream-chan_sip-revert-lastrtprx-fix.patch
branches/1.0/package/pjsip/pjsip-0001-r5397-pjsip_generic_array_max_count.patch
branches/1.0/package/pjsip/pjsip-0001-r5400-pjsip_tx_data_dec_ref.patch
branches/1.0/package/pjsip/pjsip-0002-r5435-add-pjsip_inv_session-ref_cnt.patch
branches/1.0/package/pjsip/pjsip-0003-r5403-pjsip_IPV6_V6ONLY.patch
branches/1.0/package/pjsip/pjsip-0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
branches/1.0/package/pjsip/pjsip-0005-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL-.patch
branches/1.0/package/pjsip/pjsip-0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch
branches/1.0/package/pjsip/pjsip-0006-r5473-svn-backport-Fix-pending-query.patch
branches/1.0/package/pjsip/pjsip-0006-r5475-svn-backport-Remove-DNS-cache-entry.patch
branches/1.0/package/pjsip/pjsip-0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
Modified: branches/1.0/package/asterisk/asterisk-11-configure-cross-fix.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-11-configure-cross-fix.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-11-configure-cross-fix.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,6 +1,6 @@
---- asterisk-1.8.25.0/configure.ac.orig 2014-01-24 16:52:23.000000000 -0600
-+++ asterisk-1.8.25.0/configure.ac 2014-01-24 16:55:14.000000000 -0600
-@@ -2473,11 +2473,13 @@
+--- asterisk-11/configure.ac.orig 2014-01-24 16:52:23.000000000 -0600
++++ asterisk-11/configure.ac 2014-01-24 16:55:14.000000000 -0600
+@@ -2462,11 +2462,13 @@
AC_OUTPUT
${ac_cv_path_EGREP} 'CURSES|GTK2|OSARCH|NEWT' makeopts > makeopts.acbak2
Modified: branches/1.0/package/asterisk/asterisk-11-extension-changed-verbosity-chan_sip.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-11-extension-changed-verbosity-chan_sip.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-11-extension-changed-verbosity-chan_sip.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,6 +1,6 @@
---- asterisk-11.17.1/channels/chan_sip.c.orig 2015-04-23 10:22:04.000000000 -0500
-+++ asterisk-11.17.1/channels/chan_sip.c 2015-04-23 10:22:40.000000000 -0500
-@@ -16816,7 +16816,7 @@
+--- asterisk-11/channels/chan_sip.c.orig 2015-04-23 10:22:04.000000000 -0500
++++ asterisk-11/channels/chan_sip.c 2015-04-23 10:22:40.000000000 -0500
+@@ -16817,7 +16817,7 @@
}
if (!force) {
Modified: branches/1.0/package/asterisk/asterisk-11-make-clean-fix.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-11-make-clean-fix.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-11-make-clean-fix.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,5 +1,5 @@
---- asterisk-11.23.1/Makefile.orig 2016-10-09 17:19:53.204176413 -0500
-+++ asterisk-11.23.1/Makefile 2016-10-09 17:21:11.339716525 -0500
+--- asterisk-11/Makefile.orig 2016-10-09 17:19:53.204176413 -0500
++++ asterisk-11/Makefile 2016-10-09 17:21:11.339716525 -0500
@@ -98,8 +98,8 @@
export LDCONFIG_FLAGS
export PYTHON
Modified: branches/1.0/package/asterisk/asterisk-11-voicemail-multiple-recipients.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-11-voicemail-multiple-recipients.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-11-voicemail-multiple-recipients.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,5 +1,5 @@
---- asterisk-11.16.0/apps/app_voicemail.c.orig 2015-01-23 08:51:03.000000000 -0600
-+++ asterisk-11.16.0/apps/app_voicemail.c 2015-02-10 09:58:04.000000000 -0600
+--- asterisk-11/apps/app_voicemail.c.orig 2015-01-23 08:51:03.000000000 -0600
++++ asterisk-11/apps/app_voicemail.c 2015-02-10 09:58:04.000000000 -0600
@@ -753,7 +753,7 @@
char mailbox[AST_MAX_EXTENSION]; /*!< Mailbox id, unique within vm context */
char password[80]; /*!< Secret pin code, numbers only */
@@ -145,7 +145,7 @@
}
if (stringp && (s = strsep(&stringp, ","))) {
ast_copy_string(vmu->pager, s, sizeof(vmu->pager));
-@@ -14084,7 +14100,7 @@
+@@ -14088,7 +14105,7 @@
}
populate_defaults(vmu);
Modified: branches/1.0/package/asterisk/asterisk-13-configure-menuselect-cross-fix.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-13-configure-menuselect-cross-fix.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-13-configure-menuselect-cross-fix.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,6 +1,6 @@
---- asterisk-13.1.0/configure.ac.orig 2014-01-24 16:52:23.000000000 -0600
-+++ asterisk-13.1.0/configure.ac 2014-01-24 16:55:14.000000000 -0600
-@@ -2625,11 +2625,13 @@
+--- asterisk-13/configure.ac.orig 2014-01-24 16:52:23.000000000 -0600
++++ asterisk-13/configure.ac 2014-01-24 16:55:14.000000000 -0600
+@@ -2652,11 +2652,13 @@
AC_OUTPUT
${ac_cv_path_EGREP} 'CURSES|GTK2|OSARCH|NEWT' makeopts > makeopts.acbak2
Modified: branches/1.0/package/asterisk/asterisk-13-extension-changed-verbosity-chan_sip.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-13-extension-changed-verbosity-chan_sip.patch 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk-13-extension-changed-verbosity-chan_sip.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -1,6 +1,6 @@
---- asterisk-11.17.1/channels/chan_sip.c.orig 2015-04-23 10:22:04.000000000 -0500
-+++ asterisk-11.17.1/channels/chan_sip.c 2015-04-23 10:22:40.000000000 -0500
-@@ -17336,7 +17336,7 @@
+--- asterisk-13/channels/chan_sip.c.orig 2015-04-23 10:22:04.000000000 -0500
++++ asterisk-13/channels/chan_sip.c 2015-04-23 10:22:40.000000000 -0500
+@@ -17358,7 +17358,7 @@
}
if (!force) {
Added: branches/1.0/package/asterisk/asterisk-13-upstream-chan_sip-revert-lastrtprx-fix.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-13-upstream-chan_sip-revert-lastrtprx-fix.patch (rev 0)
+++ branches/1.0/package/asterisk/asterisk-13-upstream-chan_sip-revert-lastrtprx-fix.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,17 @@
+X-Git-Url: http://git.asterisk.org/gitweb/?p=asterisk%2Fasterisk.git;a=blobdiff_plain;f=channels%2Fchan_sip.c;h=b661f0de227ff5023155faf7181892b28699a519;hp=b6b4cc86e50c7eb36d26abb0620f0f5c3fbb09e0;hb=cb30963d222cb1e12af9bbf8dfed58001c9fcaf4;hpb=57a9797e0ac51eae3b8f3254627646b9698a60d2
+
+diff --git a/channels/chan_sip.c b/channels/chan_sip.c
+index b6b4cc8..b661f0d 100644
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -8628,9 +8628,7 @@ static struct ast_frame *sip_read(struct ast_channel *ast)
+
+ sip_pvt_lock(p);
+ fr = sip_rtp_read(ast, p, &faxdetected);
+- if (fr && fr->frametype != AST_FRAME_NULL) {
+- p->lastrtprx = time(NULL);
+- }
++ p->lastrtprx = time(NULL);
+
+ /* If we detect a CNG tone and fax detection is enabled then send us off to the fax extension */
+ if (faxdetected && ast_test_flag(&p->flags[1], SIP_PAGE2_FAX_DETECT_CNG)) {
Modified: branches/1.0/package/asterisk/asterisk.mk
===================================================================
--- branches/1.0/package/asterisk/asterisk.mk 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/asterisk/asterisk.mk 2016-11-05 17:14:41 UTC (rev 7930)
@@ -4,10 +4,10 @@
#
##############################################################
ifeq ($(BR2_PACKAGE_ASTERISK_v11),y)
-ASTERISK_VERSION := 11.23.1
+ASTERISK_VERSION := 11.24.1
else
ifeq ($(BR2_PACKAGE_ASTERISK_v13),y)
-ASTERISK_VERSION := 13.11.2
+ASTERISK_VERSION := 13.12.1
else
ASTERISK_VERSION := 15.0.0
endif
@@ -352,7 +352,6 @@
rm -f $(TARGET_DIR)/usr/share/snmp/mibs/ASTERISK-MIB.txt
rm -f $(TARGET_DIR)/usr/share/snmp/mibs/DIGIUM-MIB.txt
-$(MAKE) -C $(ASTERISK_DIR) clean
- rm -rf $(BUILD_DIR)/asterisk
rm -rf $(BUILD_DIR)/asterisk-$(ASTERISK_VERSION)
asterisk-sounds-clean:
Modified: branches/1.0/package/pjsip/asterisk-config_site.h
===================================================================
--- branches/1.0/package/pjsip/asterisk-config_site.h 2016-11-04 22:47:37 UTC (rev 7929)
+++ branches/1.0/package/pjsip/asterisk-config_site.h 2016-11-05 17:14:41 UTC (rev 7930)
@@ -4,6 +4,14 @@
#include <sys/select.h>
+/*
+ * Defining PJMEDIA_HAS_SRTP to 0 does NOT disable Asterisk's ability to use srtp.
+ * It only disables the pjmedia srtp transport which Asterisk doesn't use.
+ * The reason for the disable is that while Asterisk works fine with older libsrtp
+ * versions, newer versions of pjproject won't compile with them.
+ */
+#define PJMEDIA_HAS_SRTP 0
+
#define PJ_HAS_IPV6 1
#define NDEBUG 1
#define PJ_MAX_HOSTNAME (256)
@@ -41,3 +49,9 @@
/* Defaults too low for WebRTC */
#define PJ_ICE_MAX_CAND 32
#define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * 2)
+
+/* Increase limits to allow more formats */
+#define PJMEDIA_MAX_SDP_FMT 64
+#define PJMEDIA_MAX_SDP_BANDW 4
+#define PJMEDIA_MAX_SDP_ATTR (PJMEDIA_MAX_SDP_FMT*2 + 4)
+#define PJMEDIA_MAX_SDP_MEDIA 16
Added: branches/1.0/package/pjsip/pjsip-0001-r5397-pjsip_generic_array_max_count.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0001-r5397-pjsip_generic_array_max_count.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0001-r5397-pjsip_generic_array_max_count.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,58 @@
+This patch updates array limit checks and docs
+in pjsip_evsub_register_pkg() and pjsip_endpt_add_capability().
+
+Index: pjsip/include/pjsip/sip_endpoint.h
+===================================================================
+--- a/pjsip/include/pjsip/sip_endpoint.h (revision 5396)
++++ b/pjsip/include/pjsip/sip_endpoint.h (revision 5397)
+@@ -583,7 +583,8 @@
+ * @param hname If htype specifies PJSIP_H_OTHER, then the header name
+ * must be supplied in this argument. Otherwise the value
+ * must be set to NULL.
+- * @param count The number of tags in the array.
++ * @param count The number of tags in the array. The value must not
++ * be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
+ * @param tags Array of tags describing the capabilities or extensions
+ * to be added to the appropriate header.
+ *
+Index: pjsip/include/pjsip-simple/evsub.h
+===================================================================
+--- a/pjsip/include/pjsip-simple/evsub.h (revision 5396)
++++ b/pjsip/include/pjsip-simple/evsub.h (revision 5397)
+@@ -246,7 +246,8 @@
+ * registered.
+ * @param event_name Event package identification.
+ * @param expires Default subscription expiration time, in seconds.
+- * @param accept_cnt Number of strings in Accept array.
++ * @param accept_cnt Number of strings in Accept array. The value must
++ * not be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
+ * @param accept Array of Accept value.
+ *
+ * @return PJ_SUCCESS on success.
+Index: pjsip/src/pjsip/sip_endpoint.c
+===================================================================
+--- a/pjsip/src/pjsip/sip_endpoint.c (revision 5396)
++++ b/pjsip/src/pjsip/sip_endpoint.c (revision 5397)
+@@ -371,6 +371,7 @@
+
+ /* Check arguments. */
+ PJ_ASSERT_RETURN(endpt!=NULL && count>0 && tags, PJ_EINVAL);
++ PJ_ASSERT_RETURN(count <= PJSIP_GENERIC_ARRAY_MAX_COUNT, PJ_ETOOMANY);
+ PJ_ASSERT_RETURN(htype==PJSIP_H_ACCEPT ||
+ htype==PJSIP_H_ALLOW ||
+ htype==PJSIP_H_SUPPORTED,
+Index: pjsip/src/pjsip-simple/evsub.c
+===================================================================
+--- a/pjsip/src/pjsip-simple/evsub.c (revision 5396)
++++ b/pjsip/src/pjsip-simple/evsub.c (revision 5397)
+@@ -412,7 +412,9 @@
+ unsigned i;
+
+ PJ_ASSERT_RETURN(pkg_mod && event_name, PJ_EINVAL);
+- PJ_ASSERT_RETURN(accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values),
++
++ /* Make sure accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values) */
++ PJ_ASSERT_RETURN(accept_cnt <= PJSIP_GENERIC_ARRAY_MAX_COUNT,
+ PJ_ETOOMANY);
+
+ /* Make sure evsub module has been initialized */
Added: branches/1.0/package/pjsip/pjsip-0001-r5400-pjsip_tx_data_dec_ref.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0001-r5400-pjsip_tx_data_dec_ref.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0001-r5400-pjsip_tx_data_dec_ref.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,24 @@
+This patch fixes the issue in pjsip_tx_data_dec_ref()
+when tx_data_destroy can be called more than once,
+and checks if invalid value (e.g. NULL) is passed to.
+
+Index: pjsip/src/pjsip/sip_transport.c
+===================================================================
+--- a/pjsip/src/pjsip/sip_transport.c (revision 5399)
++++ b/pjsip/src/pjsip/sip_transport.c (revision 5400)
+@@ -491,8 +491,13 @@
+ */
+ PJ_DEF(pj_status_t) pjsip_tx_data_dec_ref( pjsip_tx_data *tdata )
+ {
+- pj_assert( pj_atomic_get(tdata->ref_cnt) > 0);
+- if (pj_atomic_dec_and_get(tdata->ref_cnt) <= 0) {
++ pj_atomic_value_t ref_cnt;
++
++ PJ_ASSERT_RETURN(tdata && tdata->ref_cnt, PJ_EINVAL);
++
++ ref_cnt = pj_atomic_dec_and_get(tdata->ref_cnt);
++ pj_assert( ref_cnt >= 0);
++ if (ref_cnt == 0) {
+ tx_data_destroy(tdata);
+ return PJSIP_EBUFDESTROYED;
+ } else {
Added: branches/1.0/package/pjsip/pjsip-0002-r5435-add-pjsip_inv_session-ref_cnt.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0002-r5435-add-pjsip_inv_session-ref_cnt.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0002-r5435-add-pjsip_inv_session-ref_cnt.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,212 @@
+When a transport error occured on an INVITE session
+the stack calls on_tsx_state_changed with new state
+PJSIP_INV_STATE_DISCONNECTED and immediately destroys
+the INVITE session.
+At the same time this INVITE session could being processed
+on another thread. This thread could use the session's
+memory pools which were already freed, so we get segfault.
+
+This patch adds a reference counter and new functions:
+pjsip_inv_add_ref and pjsip_inv_dec_ref.
+The INVITE session is destroyed only when the reference
+counter has reached zero.
+
+To avoid race condition an application should call
+pjsip_inv_add_ref/pjsip_inv_dec_ref.
+
+Index: pjsip/include/pjsip-ua/sip_inv.h
+===================================================================
+--- a/pjsip/include/pjsip-ua/sip_inv.h (revision 5434)
++++ b/pjsip/include/pjsip-ua/sip_inv.h (revision 5435)
+@@ -383,6 +383,11 @@
+ * Other applications that want to use these pools must understand
+ * that the flip-flop pool's lifetimes are synchronized to the
+ * SDP offer-answer negotiation.
++ *
++ * The lifetime of this session is controlled by the reference counter in this
++ * structure, which is manipulated by calling #pjsip_inv_add_ref and
++ * #pjsip_inv_dec_ref. When the reference counter has reached zero, then
++ * this session will be destroyed.
+ */
+ struct pjsip_inv_session
+ {
+@@ -412,6 +417,7 @@
+ struct pjsip_timer *timer; /**< Session Timers. */
+ pj_bool_t following_fork; /**< Internal, following
+ forked media? */
++ pj_atomic_t *ref_cnt; /**< Reference counter. */
+ };
+
+
+@@ -631,6 +637,30 @@
+
+
+ /**
++ * Add reference counter to the INVITE session. The reference counter controls
++ * the life time of the session, ie. when the counter reaches zero, then it
++ * will be destroyed.
++ *
++ * @param inv The INVITE session.
++ * @return PJ_SUCCESS if the INVITE session reference counter
++ * was increased.
++ */
++PJ_DECL(pj_status_t) pjsip_inv_add_ref( pjsip_inv_session *inv );
++
++/**
++ * Decrement reference counter of the INVITE session.
++ * When the session is no longer used, it will be destroyed and
++ * caller is informed with PJ_EGONE return status.
++ *
++ * @param inv The INVITE session.
++ * @return PJ_SUCCESS if the INVITE session reference counter
++ * was decreased. A status PJ_EGONE will be returned to
++ * inform that session is destroyed.
++ */
++PJ_DECL(pj_status_t) pjsip_inv_dec_ref( pjsip_inv_session *inv );
++
++
++/**
+ * Forcefully terminate and destroy INVITE session, regardless of
+ * the state of the session. Note that this function should only be used
+ * when there is failure in the INVITE session creation. After the
+Index: pjsip/src/pjsip-ua/sip_inv.c
+===================================================================
+--- a/pjsip/src/pjsip-ua/sip_inv.c (revision 5434)
++++ b/pjsip/src/pjsip-ua/sip_inv.c (revision 5435)
+@@ -195,6 +195,65 @@
+ }
+
+ /*
++ * Add reference to INVITE session.
++ */
++PJ_DEF(pj_status_t) pjsip_inv_add_ref( pjsip_inv_session *inv )
++{
++ PJ_ASSERT_RETURN(inv && inv->ref_cnt, PJ_EINVAL);
++
++ pj_atomic_inc(inv->ref_cnt);
++
++ return PJ_SUCCESS;
++}
++
++static void inv_session_destroy(pjsip_inv_session *inv)
++{
++ if (inv->last_ack) {
++ pjsip_tx_data_dec_ref(inv->last_ack);
++ inv->last_ack = NULL;
++ }
++ if (inv->invite_req) {
++ pjsip_tx_data_dec_ref(inv->invite_req);
++ inv->invite_req = NULL;
++ }
++ if (inv->pending_bye) {
++ pjsip_tx_data_dec_ref(inv->pending_bye);
++ inv->pending_bye = NULL;
++ }
++ pjsip_100rel_end_session(inv);
++ pjsip_timer_end_session(inv);
++ pjsip_dlg_dec_session(inv->dlg, &mod_inv.mod);
++
++ /* Release the flip-flop pools */
++ pj_pool_release(inv->pool_prov);
++ inv->pool_prov = NULL;
++ pj_pool_release(inv->pool_active);
++ inv->pool_active = NULL;
++
++ pj_atomic_destroy(inv->ref_cnt);
++ inv->ref_cnt = NULL;
++}
++
++/*
++ * Decrease INVITE session reference, destroy it when the reference count
++ * reaches zero.
++ */
++PJ_DEF(pj_status_t) pjsip_inv_dec_ref( pjsip_inv_session *inv )
++{
++ pj_atomic_value_t ref_cnt;
++
++ PJ_ASSERT_RETURN(inv && inv->ref_cnt, PJ_EINVAL);
++
++ ref_cnt = pj_atomic_dec_and_get(inv->ref_cnt);
++ pj_assert( ref_cnt >= 0);
++ if (ref_cnt == 0) {
++ inv_session_destroy(inv);
++ return PJ_EGONE;
++ }
++ return PJ_SUCCESS;
++}
++
++/*
+ * Set session state.
+ */
+ static void inv_set_state(pjsip_inv_session *inv, pjsip_inv_state state,
+@@ -261,27 +320,7 @@
+ if (inv->state == PJSIP_INV_STATE_DISCONNECTED &&
+ prev_state != PJSIP_INV_STATE_DISCONNECTED)
+ {
+- if (inv->last_ack) {
+- pjsip_tx_data_dec_ref(inv->last_ack);
+- inv->last_ack = NULL;
+- }
+- if (inv->invite_req) {
+- pjsip_tx_data_dec_ref(inv->invite_req);
+- inv->invite_req = NULL;
+- }
+- if (inv->pending_bye) {
+- pjsip_tx_data_dec_ref(inv->pending_bye);
+- inv->pending_bye = NULL;
+- }
+- pjsip_100rel_end_session(inv);
+- pjsip_timer_end_session(inv);
+- pjsip_dlg_dec_session(inv->dlg, &mod_inv.mod);
+-
+- /* Release the flip-flop pools */
+- pj_pool_release(inv->pool_prov);
+- inv->pool_prov = NULL;
+- pj_pool_release(inv->pool_active);
+- inv->pool_active = NULL;
++ pjsip_inv_dec_ref(inv);
+ }
+ }
+
+@@ -838,6 +877,12 @@
+ inv = PJ_POOL_ZALLOC_T(dlg->pool, pjsip_inv_session);
+ pj_assert(inv != NULL);
+
++ status = pj_atomic_create(dlg->pool, 0, &inv->ref_cnt);
++ if (status != PJ_SUCCESS) {
++ pjsip_dlg_dec_lock(dlg);
++ return status;
++ }
++
+ inv->pool = dlg->pool;
+ inv->role = PJSIP_ROLE_UAC;
+ inv->state = PJSIP_INV_STATE_NULL;
+@@ -881,6 +926,7 @@
+ pjsip_100rel_attach(inv);
+
+ /* Done */
++ pjsip_inv_add_ref(inv);
+ *p_inv = inv;
+
+ pjsip_dlg_dec_lock(dlg);
+@@ -1471,6 +1517,12 @@
+ inv = PJ_POOL_ZALLOC_T(dlg->pool, pjsip_inv_session);
+ pj_assert(inv != NULL);
+
++ status = pj_atomic_create(dlg->pool, 0, &inv->ref_cnt);
++ if (status != PJ_SUCCESS) {
++ pjsip_dlg_dec_lock(dlg);
++ return status;
++ }
++
+ inv->pool = dlg->pool;
+ inv->role = PJSIP_ROLE_UAS;
+ inv->state = PJSIP_INV_STATE_NULL;
+@@ -1540,6 +1592,7 @@
+ }
+
+ /* Done */
++ pjsip_inv_add_ref(inv);
+ pjsip_dlg_dec_lock(dlg);
+ *p_inv = inv;
+
Added: branches/1.0/package/pjsip/pjsip-0003-r5403-pjsip_IPV6_V6ONLY.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0003-r5403-pjsip_IPV6_V6ONLY.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0003-r5403-pjsip_IPV6_V6ONLY.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,13 @@
+--- a/pjlib/src/pj/sock_bsd.c
++++ b/pjlib/src/pj/sock_bsd.c
+@@ -539,6 +539,10 @@
+ pj_sock_setsockopt(*sock, pj_SOL_SOCKET(), pj_SO_NOSIGPIPE(),
+ &val, sizeof(val));
+ }
++ if (af != PJ_AF_INET) { /* Linux Kernel 2.4.21; June 2003 */
++ pj_sock_setsockopt(*sock, PJ_SOL_IPV6, IPV6_V6ONLY,
++ &val, sizeof(val));
++ }
+ #if defined(PJ_IPHONE_OS_HAS_MULTITASKING_SUPPORT) && \
+ PJ_IPHONE_OS_HAS_MULTITASKING_SUPPORT!=0
+ if (type == pj_SOCK_DGRAM()) {
Added: branches/1.0/package/pjsip/pjsip-0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0004-resolver.c-Prevent-SERVFAIL-from-marking-name-server.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,48 @@
+From a5efddbe9151e9ad99279e59566c86f8bc27d3a9 Mon Sep 17 00:00:00 2001
+From: George Joseph <gj...@di...>
+Date: Wed, 7 Sep 2016 13:10:57 -0600
+Subject: [PATCH] resolver.c: Prevent SERVFAIL from marking name server bad
+
+A name server that returns "Server Failure" is indicating only that
+the server couldn't process that particular request. We should NOT
+assume that the name server is incapable of serving other requests.
+
+Here's the scenario we've been encountering...
+
+* 2 local name servers configured in resolv.conf.
+* An OPTIONS request causes a request for A and AAAA records to go out
+ to both nameservers.
+* The A responses both come back successfully resolved.
+* Because of an issue at some upstream nameserver, the AAAA responses
+ for that particular query come back as "SERVFAIL" from both local
+ name servers.
+* Both local servers are marked as bad and no further queries can be
+ sent until the 60 second ttl expires. Only previously cached results
+ can be used.
+* In this case, 60 seconds is just enough time for another OPTIONS
+ request to go out to the same host so the cycle repeats.
+
+We could set the bad ttl really low but that also affects REFUSED and
+NOTAUTH which probably DO signal a real server issue. Besides, even
+a really low bad ttl would be an issue on a pbx.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index d277e4f..540f88f 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -1384,8 +1384,7 @@ static void report_nameserver_status(pj_dns_resolver *resolver,
+ q_id = (pj_uint32_t)-1;
+ }
+
+- if (!pkt || rcode == PJ_DNS_RCODE_SERVFAIL ||
+- rcode == PJ_DNS_RCODE_REFUSED ||
++ if (!pkt || rcode == PJ_DNS_RCODE_REFUSED ||
+ rcode == PJ_DNS_RCODE_NOTAUTH)
+ {
+ is_good = PJ_FALSE;
+--
+2.7.4
+
Added: branches/1.0/package/pjsip/pjsip-0005-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL-.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0005-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL-.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0005-Re-1969-Fix-crash-on-using-an-already-destroyed-SSL-.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,164 @@
+From 9e67e0d5c3fdc747530a956038b374fca4748b76 Mon Sep 17 00:00:00 2001
+From: riza <riza@localhost>
+Date: Thu, 13 Oct 2016 09:02:50 +0000
+Subject: [PATCH 1/4] Re #1969: Fix crash on using an already destroyed SSL
+ socket.
+
+---
+ pjlib/src/pj/ssl_sock_ossl.c | 66 ++++++++++++++++++++++++++++----------------
+ 1 file changed, 42 insertions(+), 24 deletions(-)
+
+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
+index fa0db2d..ceab67a 100644
+--- a/pjlib/src/pj/ssl_sock_ossl.c
++++ b/pjlib/src/pj/ssl_sock_ossl.c
+@@ -822,7 +822,10 @@ static void close_sockets(pj_ssl_sock_t *ssock)
+ pj_lock_acquire(ssock->write_mutex);
+ asock = ssock->asock;
+ if (asock) {
+- ssock->asock = NULL;
++ // Don't set ssock->asock to NULL, as it may trigger assertion in
++ // send operation. This should be safe as active socket will simply
++ // return PJ_EINVALIDOP on any operation if it is already closed.
++ //ssock->asock = NULL;
+ ssock->sock = PJ_INVALID_SOCKET;
+ }
+ sock = ssock->sock;
+@@ -841,9 +844,9 @@ static void close_sockets(pj_ssl_sock_t *ssock)
+ /* Reset SSL socket state */
+ static void reset_ssl_sock_state(pj_ssl_sock_t *ssock)
+ {
++ pj_lock_acquire(ssock->write_mutex);
+ ssock->ssl_state = SSL_STATE_NULL;
+-
+- destroy_ssl(ssock);
++ pj_lock_release(ssock->write_mutex);
+
+ close_sockets(ssock);
+
+@@ -1612,6 +1615,21 @@ static pj_status_t do_handshake(pj_ssl_sock_t *ssock)
+ return PJ_EPENDING;
+ }
+
++static void ssl_on_destroy(void *arg)
++{
++ pj_pool_t *pool = NULL;
++ pj_ssl_sock_t *ssock = (pj_ssl_sock_t*)arg;
++
++ destroy_ssl(ssock);
++
++ pj_lock_destroy(ssock->write_mutex);
++
++ pool = ssock->pool;
++ ssock->pool = NULL;
++ if (pool)
++ pj_pool_release(pool);
++}
++
+
+ /*
+ *******************************************************************
+@@ -1830,7 +1848,7 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
+
+ /* Create new SSL socket instance */
+ status = pj_ssl_sock_create(ssock_parent->pool,
+- &ssock_parent->newsock_param, &ssock);
++ &ssock_parent->newsock_param, &ssock);
+ if (status != PJ_SUCCESS)
+ goto on_return;
+
+@@ -1906,12 +1924,10 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
+ if (status != PJ_SUCCESS)
+ goto on_return;
+
+- /* Temporarily add ref the group lock until active socket creation,
+- * to make sure that group lock is destroyed if the active socket
+- * creation fails.
+- */
+ pj_grp_lock_add_ref(glock);
+ asock_cfg.grp_lock = ssock->param.grp_lock = glock;
++ pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
++ ssl_on_destroy);
+ }
+
+ pj_bzero(&asock_cb, sizeof(asock_cb));
+@@ -1927,11 +1943,6 @@ static pj_bool_t asock_on_accept_complete (pj_activesock_t *asock,
+ ssock,
+ &ssock->asock);
+
+- /* This will destroy the group lock if active socket creation fails */
+- if (asock_cfg.grp_lock) {
+- pj_grp_lock_dec_ref(asock_cfg.grp_lock);
+- }
+-
+ if (status != PJ_SUCCESS)
+ goto on_return;
+
+@@ -2251,17 +2262,26 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool,
+ /* Create secure socket mutex */
+ status = pj_lock_create_recursive_mutex(pool, pool->obj_name,
+ &ssock->write_mutex);
+- if (status != PJ_SUCCESS)
++ if (status != PJ_SUCCESS) {
++ pj_pool_release(pool);
+ return status;
++ }
+
+ /* Init secure socket param */
+ pj_ssl_sock_param_copy(pool, &ssock->param, param);
++
++ if (ssock->param.grp_lock) {
++ pj_grp_lock_add_ref(ssock->param.grp_lock);
++ pj_grp_lock_add_handler(ssock->param.grp_lock, pool, ssock,
++ ssl_on_destroy);
++ }
++
+ ssock->param.read_buffer_size = ((ssock->param.read_buffer_size+7)>>3)<<3;
+ if (!ssock->param.timer_heap) {
+ PJ_LOG(3,(ssock->pool->obj_name, "Warning: timer heap is not "
+ "available. It is recommended to supply one to avoid "
+- "a race condition if more than one worker threads "
+- "are used."));
++ "a race condition if more than one worker threads "
++ "are used."));
+ }
+
+ /* Finally */
+@@ -2277,8 +2297,6 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool,
+ */
+ PJ_DEF(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock)
+ {
+- pj_pool_t *pool;
+-
+ PJ_ASSERT_RETURN(ssock, PJ_EINVAL);
+
+ if (!ssock->pool)
+@@ -2290,12 +2308,11 @@ PJ_DEF(pj_status_t) pj_ssl_sock_close(pj_ssl_sock_t *ssock)
+ }
+
+ reset_ssl_sock_state(ssock);
+- pj_lock_destroy(ssock->write_mutex);
+-
+- pool = ssock->pool;
+- ssock->pool = NULL;
+- if (pool)
+- pj_pool_release(pool);
++ if (ssock->param.grp_lock) {
++ pj_grp_lock_dec_ref(ssock->param.grp_lock);
++ } else {
++ ssl_on_destroy(ssock);
++ }
+
+ return PJ_SUCCESS;
+ }
+@@ -2782,6 +2799,7 @@ pj_ssl_sock_start_accept2(pj_ssl_sock_t *ssock,
+
+ /* Start accepting */
+ pj_ssl_sock_param_copy(pool, &ssock->newsock_param, newsock_param);
++ ssock->newsock_param.grp_lock = NULL;
+ status = pj_activesock_start_accept(ssock->asock, pool);
+ if (status != PJ_SUCCESS)
+ goto on_error;
+--
+2.7.4
+
Added: branches/1.0/package/pjsip/pjsip-0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,134 @@
+From 2ab7a9f67caf73be3f2215473f72882cfaef4972 Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmu...@di...>
+Date: Fri, 28 Oct 2016 12:11:30 -0500
+Subject: [PATCH 1/3] r5471 svn backport Various fixes for DNS IPv6
+
+Fixed #1974: Various fixes for DNS IPv6
+---
+ pjlib-util/src/pjlib-util/resolver.c | 11 +++++------
+ pjlib-util/src/pjlib-util/srv_resolver.c | 17 +++++++++++++++--
+ pjsip/src/pjsip/sip_resolve.c | 14 +++++++-------
+ 3 files changed, 27 insertions(+), 15 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index e5e1bed..d24ef9d 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -835,7 +835,7 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ pj_time_val now;
+ struct res_key key;
+ struct cached_res *cache;
+- pj_dns_async_query *q;
++ pj_dns_async_query *q, *p_q = NULL;
+ pj_uint32_t hval;
+ pj_status_t status = PJ_SUCCESS;
+
+@@ -849,9 +849,6 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ /* Check type */
+ PJ_ASSERT_RETURN(type > 0 && type < 0xFFFF, PJ_EINVAL);
+
+- if (p_query)
+- *p_query = NULL;
+-
+ /* Build resource key for looking up hash tables */
+ init_res_key(&key, type, name);
+
+@@ -970,10 +967,12 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ pj_hash_set_np(resolver->hquerybyres, &q->key, sizeof(q->key),
+ 0, q->hbufkey, q);
+
+- if (p_query)
+- *p_query = q;
++ p_q = q;
+
+ on_return:
++ if (p_query)
++ *p_query = p_q;
++
+ pj_mutex_unlock(resolver->mutex);
+ return status;
+ }
+diff --git a/pjlib-util/src/pjlib-util/srv_resolver.c b/pjlib-util/src/pjlib-util/srv_resolver.c
+index 02672aa..ff9c979 100644
+--- a/pjlib-util/src/pjlib-util/srv_resolver.c
++++ b/pjlib-util/src/pjlib-util/srv_resolver.c
+@@ -187,9 +187,12 @@ PJ_DEF(pj_status_t) pj_dns_srv_cancel_query(pj_dns_srv_async_query *query,
+ has_pending = PJ_TRUE;
+ }
+ if (srv->q_aaaa) {
+- pj_dns_resolver_cancel_query(srv->q_aaaa, PJ_FALSE);
++ /* Check if it is a dummy query. */
++ if (srv->q_aaaa != (pj_dns_async_query*)0x1) {
++ pj_dns_resolver_cancel_query(srv->q_aaaa, PJ_FALSE);
++ has_pending = PJ_TRUE;
++ }
+ srv->q_aaaa = NULL;
+- has_pending = PJ_TRUE;
+ }
+ }
+
+@@ -485,12 +488,22 @@ static pj_status_t resolve_hostnames(pj_dns_srv_async_query *query_job)
+ srv->common.type = PJ_DNS_TYPE_A;
+ srv->common_aaaa.type = PJ_DNS_TYPE_AAAA;
+ srv->parent = query_job;
++ srv->q_a = NULL;
++ srv->q_aaaa = NULL;
+
+ status = PJ_SUCCESS;
+
+ /* Start DNA A record query */
+ if ((query_job->option & PJ_DNS_SRV_RESOLVE_AAAA_ONLY) == 0)
+ {
++ if ((query_job->option & PJ_DNS_SRV_RESOLVE_AAAA) != 0) {
++ /* If there will be DNS AAAA query too, let's setup
++ * a dummy one here, otherwise app callback may be called
++ * immediately (before DNS AAAA query is sent) when
++ * DNS A record is available in the cache.
++ */
++ srv->q_aaaa = (pj_dns_async_query*)0x1;
++ }
+ status = pj_dns_resolver_start_query(query_job->resolver,
+ &srv->target_name,
+ PJ_DNS_TYPE_A, 0,
+diff --git a/pjsip/src/pjsip/sip_resolve.c b/pjsip/src/pjsip/sip_resolve.c
+index ed326ba..3f3654d 100644
+--- a/pjsip/src/pjsip/sip_resolve.c
++++ b/pjsip/src/pjsip/sip_resolve.c
+@@ -452,7 +452,7 @@ PJ_DEF(void) pjsip_resolve( pjsip_resolver_t *resolver,
+ }
+
+ /* Resolve DNS AAAA record if address family is not fixed to IPv4 */
+- if (af != pj_AF_INET()) {
++ if (af != pj_AF_INET() && status == PJ_SUCCESS) {
+ status = pj_dns_resolver_start_query(resolver->res,
+ &query->naptr[0].name,
+ PJ_DNS_TYPE_AAAA, 0,
+@@ -530,9 +530,9 @@ static void dns_a_callback(void *user_data,
+
+ ++srv->count;
+ }
+-
+- } else {
+-
++ }
++
++ if (status != PJ_SUCCESS) {
+ char errmsg[PJ_ERR_MSG_SIZE];
+
+ /* Log error */
+@@ -593,9 +593,9 @@ static void dns_aaaa_callback(void *user_data,
+
+ ++srv->count;
+ }
+-
+- } else {
+-
++ }
++
++ if (status != PJ_SUCCESS) {
+ char errmsg[PJ_ERR_MSG_SIZE];
+
+ /* Log error */
+--
+1.7.9.5
+
Added: branches/1.0/package/pjsip/pjsip-0006-r5473-svn-backport-Fix-pending-query.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0006-r5473-svn-backport-Fix-pending-query.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0006-r5473-svn-backport-Fix-pending-query.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,28 @@
+From 509d4339747f11cfbde3a0acc447ef5d521eea93 Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmu...@di...>
+Date: Fri, 28 Oct 2016 12:12:28 -0500
+Subject: [PATCH 2/3] r5473 svn backport Fix pending query
+
+Re #1974:
+If there is a pending query, set the return value to that query (instead of NULL)
+
+Thanks to Richard Mudgett for the patch.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index d24ef9d..fe687b7 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -940,6 +940,7 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ /* Done. This child query will be notified once the "parent"
+ * query completes.
+ */
++ p_q = nq;
+ status = PJ_SUCCESS;
+ goto on_return;
+ }
+--
+1.7.9.5
+
Added: branches/1.0/package/pjsip/pjsip-0006-r5475-svn-backport-Remove-DNS-cache-entry.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0006-r5475-svn-backport-Remove-DNS-cache-entry.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0006-r5475-svn-backport-Remove-DNS-cache-entry.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,70 @@
+From 46e1cfa18853a38b7fcdebad782710c5db676657 Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmu...@di...>
+Date: Fri, 28 Oct 2016 12:15:44 -0500
+Subject: [PATCH 3/3] r5475 svn backport Remove DNS cache entry
+
+Re #1974: Remove DNS cache entry from resolver's hash table when app callback has a reference.
+
+Thanks to Richard Mudgett for the patch.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 29 +++++++++++++++--------------
+ 1 file changed, 15 insertions(+), 14 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index fe687b7..52b7655 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -1444,10 +1444,12 @@ static void update_res_cache(pj_dns_resolver *resolver,
+ if (ttl > resolver->settings.cache_max_ttl)
+ ttl = resolver->settings.cache_max_ttl;
+
++ /* Get a cache response entry */
++ cache = (struct cached_res *) pj_hash_get(resolver->hrescache, key,
++ sizeof(*key), &hval);
++
+ /* If TTL is zero, clear the same entry in the hash table */
+ if (ttl == 0) {
+- cache = (struct cached_res *) pj_hash_get(resolver->hrescache, key,
+- sizeof(*key), &hval);
+ /* Remove the entry before releasing its pool (see ticket #1710) */
+ pj_hash_set(NULL, resolver->hrescache, key, sizeof(*key), hval, NULL);
+
+@@ -1457,24 +1459,23 @@ static void update_res_cache(pj_dns_resolver *resolver,
+ return;
+ }
+
+- /* Get a cache response entry */
+- cache = (struct cached_res *) pj_hash_get(resolver->hrescache, key,
+- sizeof(*key), &hval);
+ if (cache == NULL) {
+ cache = alloc_entry(resolver);
+- } else if (cache->ref_cnt > 1) {
+- /* When cache entry is being used by callback (to app), just decrement
+- * ref_cnt so it will be freed after the callback returns and allocate
+- * new entry.
+- */
+- cache->ref_cnt--;
+- cache = alloc_entry(resolver);
+ } else {
+ /* Remove the entry before resetting its pool (see ticket #1710) */
+ pj_hash_set(NULL, resolver->hrescache, key, sizeof(*key), hval, NULL);
+
+- /* Reset cache to avoid bloated cache pool */
+- reset_entry(&cache);
++ if (cache->ref_cnt > 1) {
++ /* When cache entry is being used by callback (to app),
++ * just decrement ref_cnt so it will be freed after
++ * the callback returns and allocate new entry.
++ */
++ cache->ref_cnt--;
++ cache = alloc_entry(resolver);
++ } else {
++ /* Reset cache to avoid bloated cache pool */
++ reset_entry(&cache);
++ }
+ }
+
+ /* Duplicate the packet.
+--
+1.7.9.5
+
Added: branches/1.0/package/pjsip/pjsip-0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
===================================================================
--- branches/1.0/package/pjsip/pjsip-0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch (rev 0)
+++ branches/1.0/package/pjsip/pjsip-0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch 2016-11-05 17:14:41 UTC (rev 7930)
@@ -0,0 +1,33 @@
+From 732a997010d60fe93a7453e809672386749b0afc Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmu...@di...>
+Date: Tue, 1 Nov 2016 12:55:31 -0500
+Subject: [PATCH] r5477 svn backport Fix DNS write on freed memory.
+
+Re #1974: Fix DNS write on freed memory.
+Thanks to Richard Mudgett for the patch.
+---
+ pjlib-util/src/pjlib-util/resolver.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib-util/src/pjlib-util/resolver.c b/pjlib-util/src/pjlib-util/resolver.c
+index 52b7655..365772e 100644
+--- a/pjlib-util/src/pjlib-util/resolver.c
++++ b/pjlib-util/src/pjlib-util/resolver.c
+@@ -908,7 +908,13 @@ PJ_DEF(pj_status_t) pj_dns_resolver_start_query( pj_dns_resolver *resolver,
+ /* Must return PJ_SUCCESS */
+ status = PJ_SUCCESS;
+
+- goto on_return;
++ /*
++ * We cannot write to *p_query after calling cb because what
++ * p_query points to may have been freed by cb.
++ * Refer to ticket #1974.
++ */
++ pj_mutex_unlock(resolver->mutex);
++ return status;
+ }
+
+ /* At this point, we have a cached entry, but this entry has expired.
+--
+1.7.9.5
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
