OpenSIPS 3.6.5 ChangeLog
OpenSIPS 3.6.5 is a maintenance release for the 3.6 branch, collecting stability, interoperability, packaging and build-system fixes since 3.6.4.
This changelog summarizes the user-visible changes and omits generated documentation rebuilds, version bumps and other release mechanics.
Core, TCP and Transaction Handling
- Fixed a file descriptor leak in
reactor_proc_add_fd()which could lead to "too many open files" failures, especially in rtpproxy notification timeout scenarios. 097b530247 - Fixed a potential TCP buffer overflow by rejecting
Content-Lengthvalues larger than the input read buffer. The same protection was added to the WebSocket handshake helpers used by proto_ws, proto_wss and Janus. d1777c7dc4 - Fixed
TCP_NODELAYhandling when compiling withDISABLE_NAGLE, making suretcp_proto_nois propagated andTCP_NODELAYis actually set as expected. 1c90d5dbdf - Fixed tm behavior after chained
async()resumes, where$rdcould be reverted incorrectly after returning from async processing. 43d965ab44
TLS
- Fixed an OpenSSL per-thread state double-free across
fork(). OpenSIPS now clears OpenSSL thread-local state before forking, so child processes do not inherit stale OpenSSL ERR/DRBG state from the parent. 66cca03849 - Fixed TLS client authentication handling so that a client certificate is not required unless the TLS domain configuration explicitly asks for it. This affects both OpenSSL and wolfSSL TLS backends through tls_mgm. bf9f69f97a
Registrar, mid_registrar and Push Notification Support
- Added the
allow_dup_cseqoption to registrar and mid_registrar. When enabled, it allows accepting same Call-ID REGISTER requests with an equal CSeq, useful for deployments which need interoperability with such endpoints while keeping the previous strict behavior as the default. f47c2f47bb - Fixed Push Notification assisted call handling so that both PN and non-PN branches, plus branches previously added with
append_branch(), are included in thet_wait_for_new_branches()wait count. This prevents the caller-side transaction from ending before a PN-triggered branch has a chance to wake the callee and connect the call. e7cf1d5951 c64f5b3470 - Improved the default timeout used for failed PN-assisted calls, avoiding unnecessarily long stalled INVITEs when a call is rejected while waiting for new branches. e7cf1d5951
- Improved registrar error reporting around lookup and branch handling. f4d21babe8
- Fixed mid_registrar memory management around
max_contactstrimming, avoiding use-after-free cases while iterating and trimming contacts. A related rare usrloc memory leak edge case was fixed as well. 960ab38e85
B2B and Media Handling
- Fixed b2b_logic bridge cleanup when a transfer fails, ensuring the bridge initiator state is turned off correctly. e1e09bcc76
- Fixed b2b_entities state tracking by updating
last_methodbefore forwarding the request. afc8f9a15b - Demoted a b2b_entities log message from error to debug level where the condition is expected and not an actual runtime failure. a68179cc6c
- Fixed rtpengine command construction for flags containing
key=valuestrings, such asmedia-address. The previous code could free the flags buffer before the bencode dictionary was serialized, producing corrupted rtpengine commands. 32c1cba6a1 - Fixed a NULL dereference in rtpengine event generation when
cJSON_PrintUnformatted()fails due to allocation failure. c48de598e0 - Fixed rtp_relay so in-dialog RTP handling is not run for non-SDP requests. 41515d9454
- Added cachedb_mongodb build compatibility with libmongoc/libbson 2.x. 85149d8d4b
AAA Diameter, JSON-RPC, RabbitMQ and Janus
- Fixed several aaa_diameter async
dm_send_request()races, including a use-after-free between timeout handling and late Diameter replies, and a race caused by accessing a Diameter message after queueing it. 4d7ed1d8e8 - Fixed aaa_diameter cJSON memory ownership for
dm_send_request()replies, preventing leaks of SHM-backed cJSON reply trees. 605392dde7 - Fixed a possible aaa_diameter PKG/SHM memory mix-up caused by changing global cJSON hooks in multi-threaded Diameter processing. ae432e1b1c
- Fixed an aaa_diameter NULL dereference when
cJSON_PrintUnformatted()fails while receiving Diameter requests. 8e1512e30d - Fixed jsonrpc NULL dereferences when
cJSON_Print()fails and fixed a leaked parsed cJSON object injsonrpc_handle_cmd(). dbc832f7fc - Fixed event_rabbitmq exchange/routing-key handling after unescaping strings. The old code included the trailing NUL byte in AMQP shortstr lengths, which could break broker routing. 4545e55960
- Fixed an event_rabbitmq double free when using the default guest account. 2042792a3e
- Fixed multiple Janus module pkg memory leaks around
cJSON_Print(),cJSON_Parse()and request/error logging paths, including failure paths which could otherwise leak memory or crash under allocation pressure. f9fb3ea3ed 5fd25d424b 163cb72215
Database and Cache Backends
- Fixed db_mysql recovery when MySQL returns
ER_UNKNOWN_STMT_HANDLER(1243). This can happen when a backend such as AWS Aurora preserves the TCP connection while dropping server-side prepared statement state during a live upgrade. OpenSIPS now reconnects and re-prepares instead of failing the query. e40d21e7aa - Fixed db_sqlite return codes so sql_cacher can load tables correctly through the db_sqlite query API. 04a7867ad9
- Improved db_sqlite prepared statement error handling, avoiding dangling prepared-statement pointers and leaks on NULL result paths. f050f59dc3
- Fixed cachedb_redis initialization when
redisConnect()returns NULL. 251fd00ce0 - Fixed cachedb_cassandra and cachedb_memcached NULL dereferences on allocation failure while creating backend client objects. e7c8bf089a b747385d40
Protocol and Application Modules
- Fixed sip_i to use the correct ISUP message type for 200 OK replies to INVITE requests. eb0b0e4195
- Fixed dialplan substitution output-vector copying. dd0e53e394
- Added PCRE2 support for dialplan and regex while keeping PCRE3 compatibility where applicable, including compile-context handling and build-system detection fixes. ea37bcf8dd bc71bf02c5 405bffdb6e e706726c4d 2d2d06ee0c 1682927ee3 184b712027 e0ecfcbd62
Build and Packaging
- Improved Debian 13 compatibility for the python module and packaging, where the unversioned
pythonbinary is no longer provided by default. b612d0509b cabd8920f0 - Adjusted Debian build dependencies around libcurl OpenSSL/GnuTLS variants, librdkafka, libmysqlclient-dev and Python development packages. 7ff18f94bf 5021266bf0 49ff938efa 1967e32107 f9d6d2216f 90260cec0d
- Fixed RedHat/Fedora packaging around PCRE development package names and a regression introduced by the stable-branch PCRE dependency changes. 4ebd27d2c4 36c6eb883e
- Fixed packaging file matching for editor swap files and relaxed wolfSSL packaging errors where needed. c4126ff1b5 7c441c7a20
- Made the Makefile logic more robust by avoiding failing
$(shell ...)expansions in build probes. c48acc8354 - Removed obsolete LGTM badges from README.md. 96b4520cc2