Changes

Add [no ]force-cell-sel-ind-after-rel

Change-Id: Ie5fa3e036e0a0dd4049a4230d6cd4cb7c158088e
Related: SYS#7482

Bump version: 1.14.0.10-44efd → 1.14.1

Change-Id: I2a3907eabebc7f282f0a00d50b11894847669c1f

ipaccess-config-e1-driver: Make sure struct input_signal_data is zero initialized

Change-Id: If97c4a4202eaf96446d48e821d5e59c98bafe51c
(cherry picked from commit 37929c0886be2fa71aadadc571ee024c3d54a3a6)

assignment_fsm: Fix use-after-free of lchan->conn

Scenario:
* A DYNAMIC/OSMOCOM TS in PDCH mode is selected to be used for TCH/F,
  hence the TS is being switched to TCH/F: RF Channel Release is being
  transmitted and waiting to receive RF Channel release ACK. Hence,
  lchan is in state LCHAN_ST_WAIT_TS_READY, and there's a conn with an
  assignment FSM pointing to it in conn->assignment.new_lchan.
  lchan->conn also points to the related conn.
* The BSSMAP SCCP link goes down (link lost), which will terminate the
  conn->fi of all conns related to the MSC peer going down.
  During that teardown, first gscon_pre_term()->gscon_release_lchans()->
  assignment_reset() is called, which sets
  conn->assignment.new_lchan=NULL and calls lchan_release(). This path
  leaves conn->assignment.new_lchan->conn untouched!
* Later in the call path, when finally the bsc_subscr is put() to 0
  references and associated lchan gets its lchan_forget_conn() called,
  it will access lchan->conn which was not freed in the previous step
  mentioned above during assignment_reset().

This patch fixes the issue by adding a lchan_forget_conn() after the
lchan_release() in assignment_reset(), to make sure the conn is no
longer user by the lchan afterwards.

Related: OS#6936
Change-Id: Ifbb9a61cd8a40d953ef5c2b52f9be9ef0dffefa4
(cherry picked from commit 44efd5b20b50ab894ed32ada3340fb5507b4852b)

assignment_fsm: Fix use-after-free of lchan->conn

Scenario:
* A DYNAMIC/OSMOCOM TS in PDCH mode is selected to be used for TCH/F,
  hence the TS is being switched to TCH/F: RF Channel Release is being
  transmitted and waiting to receive RF Channel release ACK. Hence,
  lchan is in state LCHAN_ST_WAIT_TS_READY, and there's a conn with an
  assignment FSM pointing to it in conn->assignment.new_lchan.
  lchan->conn also points to the related conn.
* The BSSMAP SCCP link goes down (link lost), which will terminate the
  conn->fi of all conns related to the MSC peer going down.
  During that teardown, first gscon_pre_term()->gscon_release_lchans()->
  assignment_reset() is called, which sets
  conn->assignment.new_lchan=NULL and calls lchan_release(). This path
  leaves conn->assignment.new_lchan->conn untouched!
* Later in the call path, when finally the bsc_subscr is put() to 0
  references and associated lchan gets its lchan_forget_conn() called,
  it will access lchan->conn which was not freed in the previous step
  mentioned above during assignment_reset().

This patch fixes the issue by adding a lchan_forget_conn() after the
lchan_release() in assignment_reset(), to make sure the conn is no
longer user by the lchan afterwards.

Related: OS#6936
Change-Id: Ifbb9a61cd8a40d953ef5c2b52f9be9ef0dffefa4

Lb: Handle N-PCSTATE.ind

Change-Id: I16900b9c2b840d4c7d8471c1f69b19601e892b2d

Lb: Handle SCCP N-NOTICE.ind

Change-Id: I689bf2f2c4311fbc1da92f02c27078a1c00dda1a

Lb: Log stop of Lb link

Change-Id: If8537874cf6b70791aa0fee9f1c94b472113ccf6

Lb: Handle N-PCSTATE.ind

Change-Id: I16900b9c2b840d4c7d8471c1f69b19601e892b2d

Lb: Handle SCCP N-NOTICE.ind

Change-Id: I689bf2f2c4311fbc1da92f02c27078a1c00dda1a

Avoid accessing struct log_target members directly

Use newly available APIs instead.

Change-Id: I48a823c591748528e762b1cd8e0e8418c0d0be3b
Depends: libosmocore.git Change-Id Ie48e7e635feb91509b9c034394df4fb16cb931a3