Multiple revisions 361143,363103-363104,363107,363156,364707

Multiple revisions 361143,363103-363104,363107,363156,364707

........
  r361143 | jrose | 2012-04-04 11:38:12 -0500 (Wed, 04 Apr 2012) | 12 lines

  Replace GNU old-style field designator extensions to fix clang warnings

  (issue ASTERISK-19540)
  Reported by: Makoto Dei
  Patches:
  	clang-gnu-designator.patch uploaded by Makoto Dei (license 5027)
  ........
  Also add from the patch the portion in res_fax_spandsp that didn't apply to 1.8

  Merged revisions 361142 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  (closes issue ASTERISK-19540)
........
  r363103 | mjordan | 2012-04-23 08:40:23 -0500 (Mon, 23 Apr 2012) | 19 lines

  AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling

  When handling a keypad button message event, the received digit is placed into
  a fixed length buffer that acts as a queue.  When a new message event is
  received, the length of that buffer is not checked before placing the new digit
  on the end of the queue.  The situation exists where sufficient keypad button
  message events would occur that would cause the buffer to be overrun.  This
  patch explicitly checks that there is sufficient room in the buffer before
  appending a new digit.

  (closes issue ASTERISK-19592)
  Reported by: Russell Bryant
  ........

  Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
  ........

  Merged revisions 363102 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
  r363104 | mjordan | 2012-04-23 08:48:48 -0500 (Mon, 23 Apr 2012) | 10 lines

  Reference skinny_subchannel object instead of skinny_device for r363103

  The check-in to resolve ASTERISK-19592 (r363103) failed to switch to the
  skinny_subchannel object instead of the skinny_device when attempting to
  reference the buffer for the keypad digits.  This patch fixes that.

  (issue ASTERISK-19592)
  Reported by: Russell Bryant
........
  r363107 | mjordan | 2012-04-23 09:07:29 -0500 (Mon, 23 Apr 2012) | 19 lines

  AST-2012-006: Fix crash in UPDATE handling when no channel owner exists

  If Asterisk receives a SIP UPDATE request after a call has been terminated and
  the channel has been destroyed but before the SIP dialog has been destroyed, a
  condition exists where a connected line update would be attempted on a
  non-existing channel.  This would cause Asterisk to crash.  The patch resolves
  this by first ensuring that the SIP dialog has an owning channel before
  attempting a connected line update.  If an UPDATE request is received and no
  channel is associated with the dialog, a 481 response is sent.

  (closes issue ASTERISK-19770)
  Reported by: Thomas Arimont
  Tested by: Matt Jordan
  Patches:
    ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283)
  ........

  Merged revisions 363106 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
  r363156 | jrose | 2012-04-23 09:39:48 -0500 (Mon, 23 Apr 2012) | 23 lines

  AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization.

  As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI
  actions were able to run system commands by going through other AMI commands which did
  not require that authorization. Specifically, GetVar and Status allowed users to do this
  by setting their variable/s options to the SHELL or EVAL functions.
  Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that
  allowed users with originate permission to run MixMonitor and supply a shell command
  in the Data argument. That flaw is fixed in those versions of this patch.

  (closes issue ASTERISK-17465)
  Reported By: David Woolley
  Patches:
  	162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
  	18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
  	10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182)
  ........

  Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
  ........

  Merged revisions 363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
  r364707 | mmichelson | 2012-04-30 14:42:35 -0500 (Mon, 30 Apr 2012) | 17 lines

  Revert improved identities sent in dialog-info NOTIFY requests in r360862

  Revision 360862 was intended to improve identities sent in dialog-info
  NOTIFY requests. Some users reported that hint became broken once this
  was done. It's not clear exactly what part of the patch has caused this
  regression, but broken hints are bad.

  For now, this revision is being reverted so that the next releases of
  Asterisk do not have bad behavior in them. The original reported issue
  will have to be fixed differently in the next version of Asterisk.

  (issue ASTERISK-16735)
  ........

  Merged revisions 364706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 361143,363103-363104,363107,363156,364707 from http://svn.asterisk.org/svn/asterisk/branches/10

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10-digiumphones@365214 65c4cc65-6c06-0410-ace0-fbb531ad65f3