Bug#521641: asterisk: IAX2 Encryption: normal packet loss causes calls to terminate abrutly

Francois Marier francois at debian.org
Sun Mar 29 05:00:42 UTC 2009


Package: asterisk
Version: 1:1.4.21.2~dfsg-3
Severity: normal
Tags: patch

As described upstream [0], IAX2 encryption is broken in the Debian version of asterisk:

  If an iax channel is encrypted, and a retransmit frame is sent, that packet's iseqno
  is updated while it is encrypted. This causes the entire frame to be corrupted. When
  the corrupted frame is sent, the other side decrypts it and sends a VNAK back because
  the decrypted frame doesn't make any sense. When we get the VNAK, we look through the
  sent queue and send the same corrupted frame causing a loop. To fix this, encrypted
  frames requiring retransmission are decrypted, updated, then re-encrypted. Since
  key-rotation may change the key held by the pvt struct, the keys used for
  encryption/decryption are held within the iax_frame to guarantee they remain correct.

This makes it practically impossible to turn IAX2 encryption in most of my calls
because the connection constantly cuts off.

I have attached a debdiff which applies the upstream patch.

I would be interested in pushing for this to get included in the next lenny release.
What do you think?

Cheers,
Francois

[0] http://bugs.digium.com/view.php?id=14607

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28.9-grsec (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages asterisk depends on:
ii  adduser                3.110             add and remove users and groups
pn  asterisk-config | aste <none>            (no description available)
pn  asterisk-sounds-main   <none>            (no description available)
ii  libasound2             1.0.19-1          shared library for ALSA applicatio
pn  libc-client2007b       <none>            (no description available)
ii  libc6                  2.9-6             GNU C Library: Shared libraries
ii  libcap2                1:2.16-4          support for getting/setting POSIX.
ii  libcurl3               7.18.2-8.1        Multi-protocol file transfer libra
ii  libgcc1                1:4.3.3-5         GCC support library
ii  libgsm1                1.0.12-1          Shared libraries for GSM speech co
pn  libiksemel3            <none>            (no description available)
ii  libncurses5            5.7+20090314-1    shared libraries for terminal hand
ii  libnewt0.52            0.52.2-11.3       Not Erik's Windowing Toolkit - tex
ii  libogg0                1.1.3-5           Ogg Bitstream Library
ii  libpopt0               1.14-4            lib for parsing cmdline parameters
ii  libpq5                 8.3.7-1           PostgreSQL C client library
pn  libpri1.0              <none>            (no description available)
pn  libradiusclient-ng2    <none>            (no description available)
ii  libsnmp15              5.4.1~dfsg-12     SNMP (Simple Network Management Pr
ii  libspeex1              1.2~rc1-1         The Speex codec runtime library
ii  libspeexdsp1           1.2~rc1-1         The Speex extended runtime library
pn  libsqlite0             <none>            (no description available)
ii  libssl0.9.8            0.9.8g-15         SSL shared libraries
ii  libstdc++6             4.3.3-5           The GNU Standard C++ Library v3
pn  libtonezone1           <none>            (no description available)
ii  libvorbis0a            1.2.0.dfsg-4      The Vorbis General Audio Compressi
ii  libvorbisenc2          1.2.0.dfsg-4      The Vorbis General Audio Compressi
pn  libvpb0                <none>            (no description available)
ii  unixodbc               2.2.11-16         ODBC tools libraries
ii  zlib1g                 1:1.2.3.3.dfsg-13 compression library - runtime

asterisk recommends no packages.

Versions of packages asterisk suggests:
pn  asterisk-dev            <none>           (no description available)
pn  asterisk-doc            <none>           (no description available)
pn  asterisk-h323           <none>           (no description available)
ii  ekiga                   2.0.12-1+nmu1+b1 H.323 and SIP compatible VoIP clie
pn  kphone                  <none>           (no description available)
pn  ohphone                 <none>           (no description available)
ii  twinkle                 1:1.4.2-1        Voice over Internet Protocol (VoIP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: asterisk_iax2encryption_fix.diff
Type: text/x-diff
Size: 11636 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20090329/b8efc2b3/attachment.diff 


More information about the Pkg-voip-maintainers mailing list