From: kharwell Date: Wed, 3 Feb 2016 21:55:04 +0000 (-0500) Subject: ChangeLog: Updated for certified/11.6-cert12 X-Git-Tag: certified/11.6-cert12 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf004c4584649d080979c4f877a6e9d3e793467c;p=thirdparty%2Fasterisk.git ChangeLog: Updated for certified/11.6-cert12 --- diff --git a/ChangeLog b/ChangeLog index e832be888f..722280f2c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,1581 @@ +2016-02-03 21:55 +0000 Asterisk Development Team + + * asterisk certified/11.6-cert12 Released. + +2016-02-03 15:53 +0000 [1a7e98eeac] Kevin Harwell + + * .version: Update for certified/11.6-cert12 + +2016-02-03 15:53 +0000 [a1394f3919] Kevin Harwell + + * .lastclean: Update for certified/11.6-cert12 + +2016-02-03 12:04 +0000 [1ae95cdef3] Joshua Colp + + * AST-2016-001 http: Provide greater control of TLS and set modern defaults. + + This change exposes the configuration of various aspects of the TLS + support and sets the default to the modern standards. + + The TLS cipher is now set to the best values according to the + Mozilla OpSec team, different TLS versions can now be disabled, and + the cipher order can be forced to be that of the server instead of + the client. + + ASTERISK-24972 #close + + Change-Id: I18b74a4830729896cdedc85324bf4c1ac1df29ba +2015-12-07 12:46 +0000 [431326b174] Richard Mudgett + + * AST-2016-003 udptl.c: Fix uninitialized values. + + Sending UDPTL packets to Asterisk with the right amount of missing + sequence numbers and enough redundant 0-length IFP packets, can make + Asterisk crash. + + ASTERISK-25603 #close + Reported by: Walter Doekes + + ASTERISK-25742 #close + Reported by: Torrey Searle + + Change-Id: I97df8375041be986f3f266ac1946a538023a5255 +2015-09-28 17:07 +0000 [68a6a721b5] Richard Mudgett + + * AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow. + + Setting the sip.conf timert1 value to a value higher than 1245 can cause + an integer overflow and result in large retransmit timeout times. These + large timeout times hold system file descriptors hostage and can cause the + system to run out of file descriptors. + + NOTE: The default sip.conf timert1 value is 500 which does not expose the + vulnerability. + + * The overflow is now detected and the previous timeout time is + calculated. + + ASTERISK-25397 #close + Reported by: Alexander Traud + + Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290 +2015-12-10 11:44 +0000 [b5fb4f7e89] Jonathan Rose + + * chan_sip: Add TCP/TLS keepalive to TCP/TLS server + + Adds the TCP Keep Alive option to TCP and TLS server sockets. Previously + this option was only being set on session sockets. + http://www.tldp.org/HOWTO/html_single/TCP-Keepalive-HOWTO/ + According to the link above, the SO_KEEPALIVE option is useful for knowing + when a TCP connected endpoint has severed communication without indicating + it or has become unreachable for some reason. Without this patch, keep + alive is not set on the socket listening for incoming TCP sessions and + in Komatsu's report this resulted in the thread listening for TCP becoming + stuck in a waiting state. + + ASTERISK-25364 #close + Reported by: Hiroaki Komatsu + + Change-Id: I7ed7bcfa982b367dc64b4b73fbd962da49b9af36 +2015-11-30 16:42 +0000 [85ca86cd13] Richard Mudgett + + * sched.c: Make not return a sched id of 0. + + According to the API doxygen a sched ID of 0 is valid. Unfortunately, 0 + was never returned historically and several users incorrectly coded usage + of the returned sched ID assuming that 0 was invalid. + + ASTERISK-25476 + + Change-Id: Ib19c7ebb44ec9fd393ef6646dea806d4f34e3a20 + +2015-11-24 12:44 +0000 [13152fe53c] Richard Mudgett + + * Audit improper usage of scheduler exposed by 5c713fdf18f. + + channels/chan_iax2.c: + * Initialize struct chan_iax2_pvt scheduler ids earlier because of + iax2_destroy_helper(). + + channels/chan_sip.c: + channels/sip/config_parser.c: + * Fix initialization of scheduler id struct members. Some off nominal + paths had 0 as a scheduler id to be destroyed when it was never started. + + chan_skinny.c: + * Fix some scheduler id comparisons that excluded the valid 0 id. + + channel.c: + * Fix channel initialization of the video stream scheduler id. + + pbx_dundi.c: + * Fix channel initialization of the packet retransmission scheduler id. + + ASTERISK-25476 + + Change-Id: I07a3449f728f671d326a22fcbd071f150ba2e8c8 + +2015-11-11 04:16 +0000 [69cc1f700f] Steve Davies + + * Further fixes to improper usage of scheduler + + When ASTERISK-25449 was closed, a number of scheduler issues mentioned in + the comments were missed. These have since beed raised in ASTERISK-25476 + and elsewhere. + + This patch attempts to collect all of the scheduler issues discovered so + far and address them sensibly. + + ASTERISK-25476 #close + + Change-Id: I87a77d581e2e0d91d33b4b2fbff80f64a566d05b + (cherry picked from commit e74110188d7e4c959d6c3ddbe40635a639b33a14) + +2015-10-06 20:43 +0000 [a78beb6d4d] Matt Jordan + + * res/res_rtp_asterisk: Fix assignment after ao2 decrement + + When we decide we will no longer schedule an RTCP write, we remove the + reference to the RTP instance, then assign -1 to the stored scheduler ID + in case something else comes along and wants to see if anything is scheduled. + + That scheduler ID is on the RTP instance. After 60a9172d7ef2 was merged to + fix the regression introduced by 3cf0f29310, this improper assignment on a + potentially destroyed object started getting tripped on the build agents. + + Frankly, this should have been crashing a lot more often earlier. I can only + assume that the timing was changed just enough by both changes to start + actually hitting this problem. + + As it is, simply moving the assignment prior to the ao2 deference is sufficient + to keep the RTP instance from being referenced when it is very, truly, + aboslutely dead. + + (Note that it is still good practice to assign -1 to the scheduler ID when we + know we won't be scheduling it again, as the ao2 deref *may* not always destroy + the ao2 object.) + + ASTERISK-25449 + + Change-Id: Ie6d3cb4adc7b1a6c078b1c38c19fc84cf787cda7 + +2015-10-05 21:34 +0000 [6851c42eeb] Matt Jordan + + * Fix improper usage of scheduler exposed by 5c713fdf18f + + When 5c713fdf18f was merged, it allowed for scheduled items to have an ID of + '0' returned. While this was valid per the documentation for the API, it was + apparently never returned previously. As a result, several users of the + scheduler API viewed the result as being invalid, causing them to reschedule + already scheduled items or otherwise fail in interesting ways. + + This patch corrects the users such that they view '0' as valid, and a returned + ID of -1 as being invalid. + + Note that the failing HEP RTCP tests now pass with this patch. These tests + failed due to a duplicate scheduling of the RTCP transmissions. + + ASTERISK-25449 #close + + Change-Id: I019a9aa8b6997584f66876331675981ac9e07e39 + +2013-10-08 15:14 +0000 [64fce13486] Clod Patry (modified) + + * app_confbridge: Set the language used for announcements to the conference. + + ConfBridge now has the ability to set the language of announcements to the + conference. The language can be set on a bridge profile in + confbridge.conf or by the dialplan function + CONFBRIDGE(bridge,language)=en. + + (closes issue ASTERISK-19983) + Reported by: Jonathan White + Patches: + M19983_rev2.diff (license #5138) patch uploaded by junky (modified) + Tested by: rmudgett + + Change-Id: Ibb77668ecfa626f66aa0eae6d555c516a1d5cd32 + +2015-09-10 17:19 +0000 [c3b6fcf028] Mark Michelson + + * scheduler: Use queue for allocating sched IDs. + + It has been observed that on long-running busy systems, a scheduler + context can eventually hit INT_MAX for its assigned IDs and end up + overflowing into a very low negative number. When this occurs, this can + result in odd behaviors, because a negative return is interpreted by + callers as being a failure. However, the item actually was successfully + scheduled. The result may be that a freed item remains in the scheduler, + resulting in a crash at some point in the future. + + The scheduler can overflow because every time that an item is added to + the scheduler, a counter is bumped and that counter's current value is + assigned as the new item's ID. + + This patch introduces a new method for assigning scheduler IDs. Instead + of assigning from a counter, a queue of available IDs is maintained. + When assigning a new ID, an ID is pulled from the queue. When a + scheduler item is released, its ID is pushed back onto the queue. This + way, IDs may be reused when they become available, and the growth of ID + numbers is directly related to concurrent activity within a scheduler + context rather than the uptime of the system. + + Change-Id: I532708eef8f669d823457d7fefdad9a6078b99b2 + +2015-05-13 15:41 +0000 [7c65465298] Jonathan Rose + + * Message.c: Clear message channel frames on cleanup + + The message channel is a special channel that doesn't actually process frames. + However, certain actions can cause frames to be placed in the channel's read + queue including the Hangup application which is called on the channel after + each message is processed. Since the channel will continually be reused for + many messages, it's necessary to flush these frames at some point. + + ASTERISK-25083 #close + Reported by: Jonathan Rose + + Change-Id: Idf18df73ccd8c220be38743335b5c79c2a4c0d0f + (cherry picked from commit 02c513058905dae19f28393ea840a47ae4a9e66d) + +2015-08-26 05:40 +0000 [059591091a] Joshua Colp + + * chan_sip: Allow call pickup to set the hangup cause. + + The call pickup implementation in chan_sip currently sets the channel + hangup cause to "normal clearing" if call pickup is successfully + performed. This action overwrites the "answered elsewhere" hangup cause + set by the call pickup code and can result in the SIP device in + question showing a missed call when it should not. + + This change sets the hangup cause to "normal clearing" as a + default initially but allows the call pickup to change it as + needed. + + ASTERISK-25346 #close + + Change-Id: I00ac2c269cee9e29586ee2c65e83c70e52a02cff + +2015-08-12 12:59 +0000 [c11ec74f1d] Kevin Harwell + + * chan_sip.c: wrong peer searched in sip_report_security_event + + In chan_sip, after handling an incoming invite a security event is raised + describing authorization (success, failure, etc...). However, it was doing + a lookup of the peer by extension. This is fine for register messages, but + in the case of an invite it may search and find the wrong peer, or a non + existent one (for instance, in the case of call pickup). Also, if the peers + are configured through realtime this may cause an unnecessary database lookup + when caching is enabled. + + This patch makes it so that sip_report_security_event searches by IP address + when looking for a peer instead of by extension after an invite is processed. + + ASTERISK-25320 #close + + Change-Id: I9b3f11549efb475b6561c64f0e6da1a481d98bc4 +2015-04-15 16:08 +0000 [f7c83499d2] gtjoseph + + * More .gitignore updates + + Added .pyc and .sha1 to the top-level .gitignore. + + Change-Id: I7dfc4f554d54d22947b38140d3305007503cc16a + Tested-by: George Joseph + +2015-04-13 19:34 +0000 [3116f0e73b] gtjoseph + + * Backport menuselect to 12,11,1.8 + + Backport menuselect from 13->12->11->1.8 + + Change-Id: I54c4dd2bdacd3c9d858be3acab08706941f2e585 + +2015-04-13 20:17 +0000 [a10e548a7e] gtjoseph + + * .gitignore updates for 11 + + Added bootstrap products + Added channels/h323/Makefile + Added res/pjproject + + Change-Id: I6b3bc56bf7bdaee0554f36fc2ce3a77e9eaf8aa3 + +2015-04-13 09:54 +0000 [d38f08c744] Matt Jordan + + * build_tools/make_version: Update version parsing for Git migration + + External systems - such as the Asterisk Test Suite - require knowledge of the + upstream branch. Unfortunately, after moving to Git, the Asterisk version + currently consists of only a 'GIT" prefix followed by an object blob, + e.g., GIT-as08d7. This makes it difficult for such systems to know what + features are available in a particular check out of Asterisk. + + This patch fixes this by hardcoding the branch in a variable in the + make_version script. Since the mainline branches are not changed often - + typically only once a year - this is a reasonable approach to solving + the problem, and is more reliable than parsing the output of 'git branch + -vv'. Branches that track off of an upstream primary branch will then get the + benefit of knowing which mainline branch they are currently based off + of. + + ASTERISK-24954 #close + + Change-Id: I8090d5d548b6d19e917157ed530b914b7eaf9799 + +2015-04-12 12:59 +0000 [7175c668f1] Matt Jordan + + * git migration: Remove support for file versions + + Git does not support the ability to replace a token with a version + string during check-in. While it does have support for replacing a + token on clone, this is somewhat sub-optimal: the token is replaced + with the object hash, which is not particularly easy for human + consumption. What's more, in practice, the source file version was often + not terribly useful. Generally, when triaging bugs, the overall version + of Asterisk is far more useful than an individual SVN version of a file. + As a result, this patch removes Asterisk's support for showing source file + versions. + + Specifically, it does the following: + * main/asterisk: + - Refactor the file_version structure to reflect that it no longer + tracks a version field. + - Alter the "core show file version" CLI command such that it always + reports the version of Asterisk. The file version is no longer + available. + + * main/manager: The Version key now always reports the Asterisk version. + + * UPGRADE: Add notes for: + - Modification to the ModuleCheck AMI Action. + - Modification to the CLI "core show file version" command. + + Change-Id: Ia932d3c64cd18a14a3c894109baa657ec0a85d28 + +2015-04-12 06:12 +0000 [d783053f3d] Corey Farrell + + * main/editline: Add .gitignore. + + This patch adds a .gitignore for main/editline to ignore all build results. + + Change-Id: I68c7bf375ea46282689e5a706534b69fca233b5d + +2015-04-11 23:22 +0000 [4d061198cf] Matt Jordan + + * .gitignore: Ignore tarballs (*.gz) + + This patch updates the root .gitignore file to ignore files with a .gz + extension. This will cause git to ignore downloaded sound tarballs in + the the sounds/ directory. + + Change-Id: Ic153642236ea8aee100443b94c563d0318711af3 + +2015-04-11 13:20 +0000 [eb43a4d989] gtjoseph + + * Add .gitignore and .gitreview files + + Add the .gitignore and .gitreview files to the asterisk repo. + + NB: You can add local ignores to the .git/info/exclude file + without having to do a commit. + + Common ignore patterns are in the top-level .gitignore file. + Subdirectory-specific ignore patterns are in their own .gitignore + files. + + Change-Id: I2b7513fc9acf5d432cf9587c25faa9786af14abf + Tested-by: George Joseph + +2015-04-08 12:15 +0000 [a6a98c7ef1] Maciej Szmigiero (license 6085) + + * Security/tcptls: MitM Attack potential from certificate with NULL byte in CN. + + When registering to a SIP server with TLS, Asterisk will accept CA signed + certificates with a common name that was signed for a domain other than the + one requested if it contains a null character in the common name portion of + the cert. This patch fixes that by checking that the common name length + matches the the length of the content we actually read from the common name + segment. Some certificate authorities automatically sign CA requests when + the requesting CN isn't already taken, so an attacker could potentially + register a CN with something like www.google.com\x00www.secretlyevil.net + and have their certificate signed and Asterisk would accept that certificate + as though it had been for www.google.com - this is a security fix and is + noted in AST-2015-003. + + ASTERISK-24847 #close + Reported by: Maciej Szmigiero + Patches: + asterisk-null-in-cn.patch submitted by mhej (license 6085) + ........ + + Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8 + ........ + + Merged revisions 434338 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@434393 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2015-01-28 15:45 +0000 [d3f4cea69e] Mark Michelson + + * Multiple revisions 431297-431298 + + ........ + r431297 | mmichelson | 2015-01-28 11:05:26 -0600 (Wed, 28 Jan 2015) | 17 lines + + Mitigate possible HTTP injection attacks using CURL() function in Asterisk. + + CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection + can be performed given properly-crafted URLs. + + Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may + get cURL URLs from user input or remote sources, we have made a patch to Asterisk + to prevent such HTTP injection attacks from originating from Asterisk. + + ASTERISK-24676 #close + Reported by Matt Jordan + + Review: https://reviewboard.asterisk.org/r/4364 + + AST-2015-002 + ........ + r431298 | mmichelson | 2015-01-28 11:12:49 -0600 (Wed, 28 Jan 2015) | 3 lines + + Fix compilation error from previous patch. + ........ + + Merged revisions 431297-431298 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@431330 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-22 14:31 +0000 [c12a800aea] Richard Mudgett + + * queue_log: Post QUEUESTART entry when Asterisk fully boots. + + The QUEUESTART log entry has historically acted like a fully booted event + for the queue_log file. When the QUEUESTART entry was posted to the log + was broken by the change made by ASTERISK-15863. + + * Made post the QUEUESTART queue_log entry when Asterisk fully boots. + This restores the intent of that log entry and happens after realtime has + had a chance to load. + + AST-1444 #close + Reported by: Denis Martinez + + Review: https://reviewboard.asterisk.org/r/4282/ + ........ + + Merged revisions 430009 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@430029 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-19 14:34 +0000 [b1dd2375a7] Andreas Steinmetz (license 6523) + + * chan_sip: Allow T.38 switch-over when SRTP is in use. + + Previously when SRTP was enabled on a channel it was not possible + to switch to T.38 as no crypto attributes would be present. + + This change makes it so it is now possible. If a T.38 re-invite + comes in SRTP is terminated since in practice you can't encrypt + a UDPTL stream. Now... if we were doing T.38 over RTP (which + does exist) then we'd have a chance but almost nobody does that so + here we are. + + ASTERISK-24449 #close + Reported by: Andreas Steinmetz + patches: + udptl-ignore-srtp-v2.patch submitted by Andreas Steinmetz (license 6523) + ........ + + Merged revisions 429632 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429857 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-19 13:58 +0000 [c00dc51636] Matt Jordan + + * stun: correct attribute string padding to match rfc + + When sending the USERNAME attribute in an RTP STUN + response, the implementation in append_attr_string + passed the actual length, instead of padding it up + to a multiple of four bytes as required by the RFC + 3489. This change adds separate variables for the + string and padded attributed lengths, and performs + padding correctly. + + Reported by: Thomas Arimont + Review: https://reviewboard.asterisk.org/r/4139/ + ........ + + Merged revisions 427874 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429854 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-19 11:41 +0000 [61d40b749d] Richard Mudgett + + * chan_dahdi: Don't ignore setvar when using configuration section scheme. + + When the configuration section scheme of chan_dahdi.conf is used (keyword + dahdichan instead of channel) all setvar= options are completely ignored. + No variable defined this way appears in the created DAHDI channels. + + * Move the clearing of setvar values to after the deferred processing of + dahdichan. + + AST-1378 #close + Reported by: Guenther Kelleter + Patch by: Guenther Kelleter + ........ + + Merged revisions 429825 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429831 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-12 18:08 +0000 [d2ac3e5b01] Richard Mudgett + + * DEBUG_THREADS: Fix regression and lock tracking initialization problems. + + This patch started with David Lee's patch at + https://reviewboard.asterisk.org/r/2826/ and includes a regression fix + introduced by the ASTERISK-22455 patch. + + The initialization of a mutex's lock tracking structure was not protected + in a critical section. This is fine for any mutex that is explicitly + initialized, but a static mutex may have its lock tracking double + initialized if multiple threads attempt the first lock simultaneously. + + * Added a global mutex to properly serialize initialization of the lock + tracking structure. The painful global lock can be mitigated by adding a + double checked lock flag as discussed on the original review request. + + * Defer lock tracking initialization until first use. + + * Don't be "helpful" and initialize an uninitialized lock when + DEBUG_THREADS is enabled. Debug code is not supposed to fix or change + normal code behavior. We don't need a lock initialization race that would + force a re-setup of lock tracking. Lock tracking already handles + initialization on first use. + + * Properly handle allocation failures of the lock tracking structure. + + * No need to initialize tracking data in __ast_pthread_mutex_destroy() + just to turn around and destroy it. + + + The regression introduced by ASTERISK-22455 is the result of manipulating + a pthread_mutex_t struct outside of the pthread library code. The + pthread_mutex_t struct seems to have a global linked list pointer member + that can get changed by other threads. Therefore, saving and restoring + the contents of a pthread_mutex_t struct is a bad thing. + + Thanks to Thomas Airmont for finding this obscure regression. + + * Don't overwrite the struct ast_lock_track.reentr_mutex member to restore + tracking data in __ast_cond_wait() and __ast_cond_timedwait(). The + pthread_mutex_t struct must be treated as a read-only opaque variable. + + + Miscellaneous other items fixed by this patch: + + * Match ast_suspend_lock_info() with ast_restore_lock_info() in + __ast_cond_timedwait(). + + * Made some uninitialized lock sanity checks return EINVAL and try a + DO_THREAD_CRASH. + + * Fix bad canlog initialization expressions. + + ASTERISK-24614 #close + Reported by: Thomas Airmont + + Review: https://reviewboard.asterisk.org/r/4247/ + Review: https://reviewboard.asterisk.org/r/2826/ + ........ + + Merged revisions 429539 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429544 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-12-10 07:31 +0000 [7a206a0799] Joshua Colp + + * res_http_websocket: Fix crash due to double freeing memory when receiving a payload length of zero. + + Frames with a payload length of 0 were incorrectly handled in res_http_websocket. + Provided a frame with a payload had been received prior it was possible for a double + free to occur. The realloc operation would succeed (thus freeing the payload) but be + treated as an error. When the session was then torn down the payload would be + freed again causing a crash. The read function now takes this into account. + + This change also fixes assumptions made by users of res_http_websocket. There is no + guarantee that a frame received from it will be NULL terminated. + + ASTERISK-24472 #close + Reported by: Badalian Vyacheslav + + Review: https://reviewboard.asterisk.org/r/4220/ + Review: https://reviewboard.asterisk.org/r/4219/ + ........ + + Merged revisions 429270 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@429271 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-11-20 10:44 +0000 [ad80a0c4e3] Matt Jordan (License #6283) + + * Fix error with mixed address family ACLs. + + Prior to this commit, the address family of the first item in an ACL + was used to compare all incoming traffic. This could lead to traffic + of other IP address families bypassing ACLs. + + ASTERISK-24469 #close + + Reported by Matt Jordan + Patches: + ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283) + + AST-2014-012 + ........ + + Merged revisions 428402 from http://svn.asterisk.org/svn/asterisk/branches/1.8 + ........ + + Merged revisions 428417 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428432 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-11-20 10:30 +0000 [009d95c79a] Gareth Palmer (license 5169) + + * AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. + + The DB dialplan function when executed from an external protocol (for instance + AMI), could result in a privilege escalation. + + Asterisk now inhibits the DB function from being executed from an external + interface if the live_dangerously option is set to no. + + ASTERISK-24534 + Reported by: Gareth Palmer + patches: submitted by Gareth Palmer (license 5169) + ........ + + Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8 + ........ + + Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428397 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-11-20 10:16 +0000 [7d03c1ec5f] Kevin Harwell + + * AST-2014-017 - app_confbridge: permission escalation/ class authorization. + + Confbridge dialplan function permission escalation via AMI and inappropriate + class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan + function when executed from an external protocol (for instance AMI), could + result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord” + could also be used to execute arbitrary system commands without first checking + for system access. + + Asterisk now inhibits the CONFBRIDGE function from being executed from an + external interface if the live_dangerously option is set to no. Also, the + “ConfbridgeStartRecord” AMI action is now only allowed to execute under a + user with system level access. + + ASTERISK-24490 + Reported by: Gareth Palmer + ........ + + Merged revisions 428332 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428344 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-11-20 08:23 +0000 [601bdf3dd6] Joshua Colp + + * AST-2014-014: Fix race condition where channels may get stuck in ConfBridge under load. + + Under load it was possible for the bridging API, and thus ConfBridge, to get + channels that may have hung up stuck in it. This is because handling of state + transitions for a bridged channel within a bridge was not protected and simply + set the new state without regard to the existing state. If the existing state + had been hung up this would get overwritten. + + This change adds locking to protect changing of the state and also + takes into consideration the existing state. + + ASTERISK-24440 #close + Reported by: Ben Klang + + Review: https://reviewboard.asterisk.org/r/4173/ + ........ + + Merged revisions 428299 from http://svn.asterisk.org/svn/asterisk/branches/11 + + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428300 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-10-28 13:08 +0000 [ab694992b4] Malcolm Davenport + + * ASTERISK-23512, correct inaccurate comment in manager.conf.sample + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426457 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-10-28 09:56 +0000 [1cfc97ae0e] Malcolm Davenport + + * ASTERISK-24323, fix bug in documentation of AGI STREAM FILE CONTROL + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426360 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2014-10-28 08:12 +0000 [2d7a0360b2] Malcolm Davenport + + * ASTERISK-24419, fix incorrect syntax for setting language in extensions.conf.sample + + git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@426292 65c4cc65-6c06-0410-ace0-fbb531ad65f3 + +2015-04-08 Asterisk Development Team + + * Certified Asterisk 11.6-cert11 Released. + + * Mitigate MitM attack potential from certificate with NULL byte in CN. + + When registering to a SIP server with TLS, Asterisk will accept CA + signed certificates with a common name that was signed for a domain + other than the one requested if it contains a null character in the + common name portion of the cert. This patch fixes that by checking + that the common name length matches the the length of the content we + actually read from the common name segment. Some certificate + authorities automatically sign CA requests when the requesting CN + isn't already taken, so an attacker could potentially register a CN + with something like www.google.com\x00www.secretlyevil.net and have + their certificate signed and Asterisk would accept that certificate + as though it had been for www.google.com. + + ASTERISK-24847 #close + Reported by: Maciej Szmigiero + patches: + asterisk-null-in-cn.patch uploaded by mhej (license 6085) + + AST-2015-003 + +2015-01-28 Asterisk Development Team + + * Certified Asterisk 11.6-cert10 Released. + + * Mitigate possible HTTP injection attacks using CURL() function in + Asterisk. + + CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request + injection can be performed given properly-crafted URLs. + + Since Asterisk makes use of libcURL, and it is possible that users of + Asterisk may get cURL URLs from user input or remote sources, we have + made a patch to Asterisk to prevent such HTTP injection attacks from + originating from Asterisk. + + ASTERISK-24676 #close + Reported by: Matt Jordan, Olle Johansson + + Review: https://reviewboard.asterisk.org/r/4364 + + AST-2015-002 + +2014-12-10 Asterisk Development Team + + * Certified Asterisk 11.6-cert9 Released. + + * AST-2014-019: Fix crash when receiving a WebSocket packet with a + payload length of zero. + + Frames with a payload length of 0 were incorrectly handled in + res_http_websocket. Provided a frame with a payload had been + received prior it was possible for a double free to occur. The + realloc operation would succeed (thus freeing the payload) but be + treated as an error. When the session was then torn down the payload + would be freed again causing a crash. The read function now takes + this into account. + + This change also fixes assumptions made by users of + res_http_websocket. There is no guarantee that a frame received from + it will be NULL terminated. + + ASTERISK-24472 #close + Reported by: Badalian Vyacheslav + +2014-11-20 Asterisk Development Team + + * Certified Asterisk 11.6-cert8 Released. + + * AST-2014-012: Fix error with mixed address family ACLs. + + Prior to this commit, the address family of the first item in an ACL + was used to compare all incoming traffic. This could lead to traffic + of other IP address families bypassing ACLs. + + ASTERISK-24469 #close + Reported by Matt Jordan + + * AST-2014-014: Fix race condition where channels may get stuck in + ConfBridge under load. + + Under load it was possible for the bridging API, and thus ConfBridge, + to get channels that may have hung up stuck in it. This is because + handling of state transitions for a bridged channel within a bridge + was not protected and simply set the new state without regard to the + existing state. If the existing state had been hung up this would get + overwritten. + + This change adds locking to protect changing of the state and also + takes into consideration the existing state. + + ASTERISK-24440 #close + Reported by: Ben Klang + + * AST-2014-017 - app_confbridge: permission escalation/ class + authorization. + + Confbridge dialplan function permission escalation via AMI and + inappropriate class authorization on the ConfbridgeStartRecord action. + The CONFBRIDGE dialplan function when executed from an external + protocol (for instance AMI), could result in a privilege escalation. + Also, the AMI action “ConfbridgeStartRecord” could also be used to + execute arbitrary system commands without first checking for system + access. + + Asterisk now inhibits the CONFBRIDGE function from being executed + from an external interface if the live_dangerously option is set to + no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed + to execute under a user with system level access. + + ASTERISK-24490 + Reported by: Gareth Palmer + + * AST-2014-018 - func_db: DB Dialplan function permission escalation + via AMI. + + The DB dialplan function when executed from an external protocol + (for instance AMI), could result in a privilege escalation. + + Asterisk now inhibits the DB function from being executed from an + external interface if the live_dangerously option is set to no. + + ASTERISK-24534 + Reported by: Gareth Palmer + patches: submitted by Gareth Palmer (license 5169) + +2014-10-20 Asterisk Development Team + + * Certified Asterisk 11.6-cert7 Released. + + * AST-2014-011: Fix POODLE security issues + + There are two aspects to the vulnerability: + (1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module + to use TLSv1+. At this time, it does not refactor res_jabber/ + res_xmpp to use the TCP/TLS core, which should be done as an + improvement at a latter date. + (2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left + unspecified, will default to the OpenSSL SSLv23_method. This + method allows for all encryption methods, including SSLv2/SSLv3. + A MITM can exploit this by forcing a fallback to SSLv3, which + leaves the server vulnerable to POODLE. This patch adds WARNINGS + if a user uses SSLv2/SSLv3 in their configuration, and explicitly + disables SSLv2/SSLv3 if using SSLv23_method. + + For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or + SSLv3 is explicitly chosen. For TLS servers, Asterisk will no longer + support SSLv2 or SSLv3. + + Much thanks to abelbeck for reporting the vulnerability and providing + a patch for the res_jabber/res_xmpp modules. + +2014-09-18 Asterisk Development Team + + * Certified Asterisk 11.6-cert6 Released. + + * AST-2014-010: Resolve crash when the Message channel technology + enters into the ReceiveFax application using res_fax_spandsp + + If faxing fails at a very early stage, then it is possible for + us to pass a NULL t30 state pointer to spandsp, which spandsp + is none too pleased with. + + This patch ensures that we pass the correct pointer to spandsp + in the situation where we have not yet set our local t30 state + pointer. + + An advisory was made for this issue due to the likelihood of + it occurring in some Asterisk configurations. + + ASTERISK-24301 #close + Reported by Matt Jordan, Philippe Lindheimer + +2014-09-05 Asterisk Development Team + + * Certified Asterisk 11.6-cert5 Released. + +2014-08-17 01:54 +0000 [r421209] Kinsey Moore + + * res/res_snmp.c, apps/app_dictate.c, apps/app_test.c, + apps/app_ices.c, res/res_http_websocket.c, cdr/cdr_radius.c, + build_tools/cflags.xml, funcs/func_pitchshift.c, + apps/app_osplookup.c, funcs/func_frame_trace.c, + channels/console_gui.c, apps/app_mp3.c, pbx/pbx_ael.c, + channels/console_board.c, formats/format_jpeg.c, + channels/chan_mgcp.c, res/res_config_pgsql.c, cel/cel_tds.c, + apps/app_dahdiras.c, res/res_ael_share.c, apps/app_talkdetect.c, + utils/conf2ael.c, channels/chan_jingle.c, channels/chan_misdn.c, + formats/format_vox.c, res/res_timing_pthread.c, + res/res_corosync.c, cel/cel_sqlite3_custom.c, apps/app_sms.c, + apps/app_zapateller.c, res/res_fax_spandsp.c, + res/res_timing_kqueue.c, utils/check_expr.c, + channels/chan_unistim.c, build_tools/cflags-devmode.xml, + utils/muted.c, cdr/cdr_sqlite3_custom.c, res/res_phoneprov.c, + channels/console_video.c, apps/app_alarmreceiver.c, + apps/app_chanisavail.c, apps/app_image.c, channels/chan_gtalk.c, + cdr/cdr_pgsql.c, res/res_config_sqlite.c, res/res_pktccops.c, + cdr/cdr_csv.c, utils/stereorize.c, channels/chan_phone.c, + channels/chan_skinny.c, build_tools/embed_modules.xml, + apps/app_minivm.c, pbx/pbx_realtime.c, apps/app_amd.c, + channels/chan_alsa.c, apps/app_url.c, apps/app_externalivr.c, + cdr/cdr_odbc.c, res/res_config_ldap.c, apps/app_jack.c, + apps/app_adsiprog.c, utils/refcounter.c, apps/app_nbscat.c, + apps/app_festival.c, apps/app_waitforsilence.c, utils/astman.c, + apps/app_morsecode.c, utils/smsq.c, pbx/pbx_lua.c, + channels/chan_console.c, apps/app_getcpeid.c, + channels/chan_oss.c, cdr/cdr_tds.c, apps/app_waitforring.c, + pbx/pbx_dundi.c, utils/ael_main.c, utils/extconf.c, + channels/chan_nbs.c, utils/streamplayer.c, cel/cel_pgsql.c, + cel/cel_radius.c: Add missing commit from 11.2-cert This disables + building by default for all extended modules for Certified + Asterisk 11.6. This commit was missed from 11.2-cert when + creating the 11.6-cert branch. ASTERISK-24104 #close Reported by: + Rusty Newton + +2014-08-08 17:18 +0000 [r420559] Richard Mudgett + + * /, channels/chan_sip.c: chan_sip: Replace sip_tls_read() and + resolve the large SDP poll issue. Replace sip_tls_read() and + sip_tcp_read() with a single function and resolve the poll/wait + issue with large SDP payloads. ASTERISK-18345 #close Reported by: + Stephane Chazelas Patches: tcptls_pollv4.diff (license #5835) + patch uploaded by Elazar Broad Review: + https://reviewboard.asterisk.org/r/3882/ ........ Merged + revisions 420434 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 420435 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-07-25 23:27 +0000 [r419662] Richard Mudgett + + * main/features.c, /: features.c: Allow appliationmap to use Gosub. + Using DYNAMIC_FEATURES with a Gosub application as the mapped + application does not work. It does not work because Gosub just + pushes the current dialplan context, exten, and priority onto a + stack and sets the specified Gosub location. Gosub does not have + a dialplan execution loop to run dialplan like Macro. * Made the + DYNAMIC_FEATURES application mapping feature call + ast_app_exec_macro() and ast_app_exec_sub() for the Macro and + Gosub applications respectively. * Backported + ast_app_exec_macro() and ast_app_exec_sub() from v11 to execute + dialplan routines from the DYNAMIC_FEATURES application mapping + feature. NOTE: This issue does not affect v12+ because it already + does what this patch implements. AST-1391 #close Reported by: + Guenther Kelleter Review: + https://reviewboard.asterisk.org/r/3844/ ........ Merged + revisions 419630 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 419631 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-07-23 14:34 +0000 [r419308] Scott Griepentrog + + * /, apps/app_voicemail.c: app_voicemail: use a consistent + generator string When updating voicemail.conf when a user changes + their pin, change the generator string to be the same as the + module name when reading so that the same config_hook will be + called. Review: https://reviewboard.asterisk.org/r/3837/ ........ + Merged revisions 419284 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-07-11 16:39 +0000 [r418368] Scott Griepentrog + + * /, main/config.c: config: inform config hook of change when + writing file When updated configuration is written back to the + conf file - for example when a user changes their voicemail pin, + make sure that any config hook that wants to know of changes is + informed. Review: https://reviewboard.asterisk.org/r/3708/ + ........ Merged revisions 418366 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-07-01 15:37 +0000 [r417724] Joshua Colp + + * res/res_rtp_asterisk.c, main/rtp_engine.c, /, + channels/chan_sip.c, UPGRADE.txt, configs/sip.conf.sample, + include/asterisk/rtp_engine.h, channels/sip/include/sip.h: + Multiple revisions + 402345,405234,409129-409130,409565,413008,417141,417677 ........ + r402345 | kmoore | 2013-11-01 05:31:49 -0700 (Fri, 01 Nov 2013) | + 11 lines chan_sip: Fix RTCP port for SRFLX ICE candidates This + corrects one-way audio between Asterisk and Chrome/jssip as a + result of Asterisk inserting the incorrect RTCP port into RTCP + SRFLX ICE candidates. This also exposes an ICE component + enumeration to extract further details from candidates. (closes + issue ASTERISK-21383) Reported by: Shaun Clark Review: + https://reviewboard.asterisk.org/r/2967/ ........ r405234 | + kharwell | 2014-01-09 08:49:55 -0800 (Thu, 09 Jan 2014) | 19 + lines res_rtp_asterisk: Fails to resume WebRTC call from hold In + ast_rtp_ice_start if the ice session create check list failed, + start check was never initiated and ice_started was never set to + true. Upon re-entering the function (for instance, [un]hold) it + would try to create the check list again with duplicate remote + candidates. Fixed so that if the create check list fails the + necessary data structures are properly re-initialized for any + subsequent retries. Note, it was decided to not stop ice support + (by calling ast_rtp_ice_stop) on a check list failure because it + possible things might still work. However, a debug message was + added to help with any future troubleshooting. (closes issue + ASTERISK-22911) Reported by: Vytis Valentinavičius Patches: + works_on_my_machine.patch uploaded by xytis (license 6558) + ........ r409129 | jrose | 2014-02-27 11:19:02 -0800 (Thu, 27 Feb + 2014) | 15 lines res_rtp_asterisk: Fix checklist creating + problems in ICE sessions Prior to this patch, local candidate + lists including SRFLX would fail to start properly when building + ICE candidate check lists. This patch fixes that problem by + making sure that each SRFLX candidate is associated with the + proper base address so that the check list can create matches + properly. This patch was written by jcolp. The issue will be left + open to await testing by the issue participants. (issue + ASTERISK-23213) Reported by: Andrea Suisani Review: + https://reviewboard.asterisk.org/r/3256/ ........ r409130 | jrose + | 2014-02-27 11:38:10 -0800 (Thu, 27 Feb 2014) | 8 lines + res_rtp_asterisk: correct build error from r409129 Accidentally + placed a declaration below functional code (issue ASTERISK-23213) + Reported by: Andrea Suisani Review: + https://reviewboard.asterisk.org/r/3256/ ........ r409565 | jrose + | 2014-03-04 08:40:39 -0800 (Tue, 04 Mar 2014) | 9 lines + res_rtp_asterisk: Fix one way audio problems with hold/unhold + when using ICE ICE sessions will now be restarted if sessions are + changed to use new sets of remote candidates. (closes issue + ASTERISK-22911) Reported by: Vytis Valentinavičius Review: + https://reviewboard.asterisk.org/r/3275/ ........ r413008 | + mjordan | 2014-04-25 10:47:21 -0700 (Fri, 25 Apr 2014) | 14 lines + res_rtp_asterisk: Add support for DTLS handshake retransmissions + On congested networks, it is possible for the DTLS handshake + messages to get lost. This patch adds a timer to res_rtp_asterisk + that will periodically check to see if the handshake has + succeeded. If not, it will retransmit the DTLS handshake. Review: + https://reviewboard.asterisk.org/r/3337 ASTERISK-23649 #close + Reported by: Nitesh Bansal patches: dtls_retransmission.patch + uploaded by Nitesh Bansal (License 6418) ........ r417141 | file + | 2014-06-23 11:49:14 -0700 (Mon, 23 Jun 2014) | 5 lines + res_rtp_asterisk: Return the length of data written when sending + via ICE instead of 0. ASTERISK-23834 #close Reported by: Richard + Kenner ........ r417677 | file | 2014-06-30 12:42:18 -0700 (Mon, + 30 Jun 2014) | 12 lines res_rtp_asterisk: Add SHA-256 support for + DTLS and perform DTLS negotiation on RTCP. This change fixes up + DTLS support in res_rtp_asterisk so it can accept and provide a + SHA-256 fingerprint, so it occurs on RTCP, and so it occurs after + ICE negotiation completes. Configuration options to chan_sip have + also been added to allow behavior to be tweaked (such as forcing + the AVP type media transports in SDP). ASTERISK-22961 #close + Reported by: Jay Jideliov Review: + https://reviewboard.asterisk.org/r/3679/ ........ Merged + revisions 402345,405234,409129-409130,409565,413008,417141,417677 + from http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-06-13 05:29 +0000 [r415977-416106] Richard Mudgett + + * main/tcptls.c, main/manager.c, /, channels/chan_sip.c, + main/http.c, include/asterisk/tcptls.h: AST-2014-007: Fix of fix + to allow AMI and SIP TCP to send messages. ASTERISK-23673 #close + Reported by: Richard Mudgett Review: + https://reviewboard.asterisk.org/r/3617/ ........ Merged + revisions 416066 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 416067 from + http://svn.asterisk.org/svn/asterisk/branches/11 + + * main/http.c, UPGRADE.txt, main/utils.c, + include/asterisk/tcptls.h, res/res_http_websocket.c, + configs/http.conf.sample, include/asterisk/utils.h, + main/tcptls.c, main/manager.c, /, channels/chan_sip.c: + AST-2014-007: Fix DOS by consuming the number of allowed HTTP + connections. Simply establishing a TCP connection and never + sending anything to the configured HTTP port in http.conf will + tie up a HTTP connection. Since there is a maximum number of open + HTTP sessions allowed at a time you can block legitimate + connections. A similar problem exists if a HTTP request is + started but never finished. * Added http.conf session_inactivity + timer option to close HTTP connections that aren't doing + anything. Defaults to 30000 ms. * Removed the undocumented + manager.conf block-sockets option. It interferes with TCP/TLS + inactivity timeouts. * AMI and SIP TLS connections now have + better authentication timeout protection. Though I didn't remove + the bizzare TLS timeout polling code from chan_sip. * chan_sip + can now handle SSL certificate renegotiations in the middle of a + session. It couldn't do that before because the socket was + non-blocking and the SSL calls were not restarted as documented + by the OpenSSL documentation. * Fixed an off nominal leak of the + ssl struct in handle_tcptls_connection() if the FILE stream + failed to open and the SSL certificate negotiations failed. The + patch creates a custom FILE stream handler to give the created + FILE streams inactivity timeout and timeout after a specific + moment in time capability. This approach eliminates the need for + code using the FILE stream to be redesigned to deal with the + timeouts. This patch indirectly fixes most of ASTERISK-18345 by + fixing the usage of the SSL_read/SSL_write operations. + ASTERISK-23673 #close Reported by: Richard Mudgett ........ + Merged revisions 415841 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 415854 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-06-12 16:27 +0000 [r415867] Scott Griepentrog + + * /, apps/app_queue.c: app_queue: delayed state can cause early + leavewhenempty ringing In app_queue, device state changes arrive + in event messages and update the queue member status value. That + value is checked in get_member_status() to decide that the caller + should leave when there are no available members. Although event + messages can be delayed by other activity, there is no adverse + affect by lagged status except in one specific case: there is + only one available member, it was just rung, and leavewhenempty + is enabled set for ringing members. This change adds a direct + check of the device state only under this condition where the + caller may be dropped incorrectly, resolving this issue without + affecting performance of app_queue normally. AST-1248 #close + Review: https://reviewboard.asterisk.org/r/3595/ Reported by: + Thomas Arimont ........ Merged revisions 415833 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 + +2014-06-12 16:06 +0000 [r415842] Jonathan Rose + + * /, UPGRADE.txt, apps/app_mixmonitor.c: MixMonitor: Add class + authorization requirements to MixMonitor AMI commands MixMonitor + AMI commands StartMixMonitor and StopMixMonitor lacked class + authorization. StopMixMonitor now requires that the manager user + either have the call or system class authorization. + StartMixMonitor is a slightly larger issue since it can execute + shell commands if the right arguments are passed into it, and we + consider this a permission escalation. A security release will be + issued for problem this shortly. ASTERISK-23609 #close Reported + by: Corey Farrell ........ Merged revisions 415837 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-05-13 00:48 +0000 [r413773] Richard Mudgett + + * /, configure, include/asterisk/autoconfig.h.in, configure.ac, + channels/sig_pri.c: chan_dahdi/sig_pri: Prevent unnecessary + PROGRESS events when overlap dialing is enabled. When overlap + dialing is enabled, the lack of inband audio available + information in the SETUP_ACKNOWLEDGE events causes an + interoperability problem with SIP. sig_pri doesn't know if there + is dialtone present when a SETUP_ACKNOWLEDGE is received so it + assumes it is there and posts an AST_CONTROL_PROGRESS frame. The + SIP channel driver then sends out a 183 Session Progress and + blocks the desired 180 Ringing message when the ALERTING message + comes in. * Made the configure script detect if the installed + version of libpri supports the SETUP_ACKNOWLEDGE enhancements. * + Using the new API, made generate an AST_CONTROL_PROGRESS frame on + an incoming SETUP_ACKNOWLEDGE message when the message indicates + inband audio is present instead of assuming that dialtone is + present. * Using the new API, made SETUP_ACKNOWLEDGE send out an + inband audio available indication only if dialtone is expected. + The change also makes the fallback behaviour of sending the + PROGRESS message better by sending it only if dialtone is + expected. * Changed receiving a PROCEEDING message to not + generate an AST_CONTROL_PROGRESS frame if the progress indication + ie indicates non-end-to-end-ISDN. This helps interoperability + with SIP. * Changed sending a PROCEEDING message in response to + an AST_CONTROL_PROCEEDING frame to not indicate inband audio + available. It was silly to do so anyway because the channel + driver doesn't know if inband audio is even available. This helps + interoperability with SIP. This patch and a corresponding change + in libpri work together to allow Asterisk to control the inband + audio available progress indication ie on the SETUP_ACKNOWLEDGE + message when dialtone is present. AST-1338 #close Reported by: + Tyler Stewart Review: https://reviewboard.asterisk.org/r/3521/ + ........ Merged revisions 413714 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 413765 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-04-11 17:27 +0000 [r412212] Kevin Harwell + + * main/asterisk.c, /: asterisk.c: suppress live_dangerously warning + on rasterisk Even since the fixes of AST-2013-007, Asterisk + prints the following warning on startup if the user decided to + live dangerously: Privilege escalation protection disabled! See + https://wiki.asterisk.org/wiki/x/1gKfAQ for more details. This + message is intended for the logs and interactive startup. No need + for it to appear on a remote console. This commit removes it from + there. (closes issue ASTERISK-23084) Review: + https://reviewboard.asterisk.org/r/3101/ ........ Merged + revisions 404861 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 404888 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-03-10 17:34 +0000 [r410429] Richard Mudgett + + * /, main/http.c: AST-2014-001: Stack overflow in HTTP processing + of Cookie headers. Sending a HTTP request that is handled by + Asterisk with a large number of Cookie headers could overflow the + stack. Another vulnerability along similar lines is any HTTP + request with a ridiculous number of headers in the request could + exhaust system memory. (closes issue ASTERISK-23340) Reported by: + Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. + Manuel Sadosky, Buenos Aires, Argentina ........ Merged revisions + 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8 + ........ Merged revisions 410381 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-03-10 14:04 +0000 [r410359] Kinsey Moore + + * /, channels/chan_sip.c: AST-2014-002: chan_sip: Exit early on bad + session timers request This change allows chan_sip to avoid + creation of the channel and consumption of associated file + descriptors altogether if the inbound request is going to be + rejected anyway. (closes issue ASTERISK-23373) Reported by: Corey + Farrell Patches: chan_sip-earlier-st-1.8.patch uploaded by Corey + Farrell (license 5909) chan_sip-earlier-st-11.patch uploaded by + Corey Farrell (license 5909) ........ Merged revisions 410308 + from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ + Merged revisions 410311 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-02-19 19:17 +0000 [r408392] Richard Mudgett + + * main/config.c, /: config: Add file size and nanosecond resolution + fields to the cached modified config file information. Repeatedly + modifying config files and reloading too fast sometimes fails to + reload the configuration because the cached modification + timestamp has one second resolution. * Added file size and + nanosecond resolution fields to the cached config file + modification timestamp information. Now if the file size changes + or the file system supports nanosecond resolution the modified + file has a better chance of being detected for reload. * Added a + missing unlock in an off-nominal code path. (closes issue + AST-1303) Review: https://reviewboard.asterisk.org/r/3235/ + ........ Merged revisions 408387 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 408388 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-02-07 19:30 +0000 [r407746] Richard Mudgett + + * channels/chan_iax2.c, include/asterisk/frame.h, + configs/iax.conf.sample, /: chan_iax2: Block unnecessary control + frames to/from the wire. Establishing an IAX2 call between + Asterisk v1.4 and v1.8 (or later) results in an unexpected call + disconnect. The problem happens because newer values in the enum + ast_control_frame_type are not consistent between the branch + versions of Asterisk. For example: 1) v1.4 calls v1.8 (or later) + using IAX2 2) v1.8 answers and sends a connected line update + control frame. (on v1.8 AST_CONTROL_CONNECTED_LINE = 22) 3) v1.4 + receives the control frame as an end-of-q (on v1.4 + AST_CONTROL_END_OF_Q = 22) 4) v1.4 disconnects the call once the + receive queue becomes empty. Several things are done by this + patch to fix the problem and attempt to prevent it from happening + again in the future: * Added a warning at the definition of enum + ast_control_frame_type about how to add new control frame values. + * Made block sending and receiving control frames that have no + reason to go over the wire. * Extended the connectedline iax.conf + parameter to also include the redirecting information updates. * + Updated the connectedline iax.conf parameter documentation to + include a notice that the parameter must be "no" when the peer is + an Asterisk v1.4 instance. (closes issue AST-1302) Review: + https://reviewboard.asterisk.org/r/3174/ ........ Merged + revisions 407678 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 407727 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-01-25 00:13 +0000 [r406358-406469] Richard Mudgett + + * /, main/cel.c: CEL: Protect data structures during reload and + shutdown. The CEL data structures need to be protected during a + configuration reload and shutdown. Asterisk crashed during a + shutdown because CEL events were still in flight and the CEL data + structures were already destroyed. * Protected the appset and + linkedids ao2 containers using the reload_lock. As a result + appset, linkedids, and held objects don't need a lock. * Added + NULL checks before use of the appset and linkedids ao2 containers + in case the CEL module is already shutdown. * Fixed overloading + of the linkedids held objects reference count. During shutdown + any held objects would be leaked. * Fixed memory leak of + linkedids held objects if the LINKEDID_END is not being tracked. + The objects in the linkedids container were not removed if the + LINKEDID_END event is not used. * Added access protection to the + appset container during the CLI "cel show status" command. * Made + CEL config reload not set defaults if the cel.conf file is + invalid. (closes issue AST-1253) Reported by: Guenther Kelleter + Review: https://reviewboard.asterisk.org/r/3127/ ........ Merged + revisions 406417 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 406418 from + http://svn.asterisk.org/svn/asterisk/branches/11 + + * main/manager.c, /: manager: Protect data structures during + shutdown. Occasionally, the manager module would get an + "INTERNAL_OBJ: bad magic number" error on a "core restart + gracefully" command if an AMI connection is established. * Added + ao2_global_obj protection to the sessions global container. * + Fixed the order of unreferencing a session object in + session_destroy(). * Removed unnecessary container traversals of + the white/black filters during session_destructor(). (closes + issue AST-1242) Reported by: Guenther Kelleter Review: + https://reviewboard.asterisk.org/r/3144/ ........ Merged + revisions 406341 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-01-15 15:27 +0000 [r405536-405578] Matthew Jordan + + * main/pbx.c, /: pbx.c: put copy of ast_exten.data on stack to + prevent memory corruption During dialplan execution in + pbx_extension_helper(), the contexts global read lock prevents + link list corruption, but was released with a pointer to the + ast_exten and data later used in variable substitution. Instead, + this patch removes pbx_substitute_variables() and locates a copy + of the ast_exten data on the stack before releasing the lock, + where ast_exten could get free'd by another thread performing a + module reload. (issue AST-1179) Reported by: Thomas Arimont + (issue AST-1246) Reported by: Alexander Hömig Review: + https://reviewboard.asterisk.org/r/3055/ ........ Merged + revisions 403862 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 403863 from + http://svn.asterisk.org/svn/asterisk/branches/11 + + * /, channels/chan_sip.c: chan_sip: Hangup transferer/transferee + when transfer to Parking fails When performing a SIP transfer to + a Park extension, if the Park fails, chan_sip will currently not + hang up either the transferer or the transfer target. This + results in the channels being orphaned with no thread to service + frames, resulting in stuck channels. This patch immediately hangs + up the two channels if a Park fails. (closes issue + ASTERISK-22834) Reported by: rsw686 Tested by: rsw686 (closes + issue ASTERISK-23047) Reported by: Tommy Thompson Tested by: + Tommy Thomspon Review: https://reviewboard.asterisk.org/r/3107 + ........ Merged revisions 405380 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-01-14 18:50 +0000 [r405488] Richard Mudgett + + * apps/app_verbose.c, main/asterisk.c, configs/logger.conf.sample, + main/cli.c, include/asterisk/logger.h, main/pbx.c, + main/manager.c, /, funcs/func_timeout.c, apps/app_dumpchan.c, + main/logger.c, UPGRADE.txt: verbosity: Fix performance of console + verbose messages. The per console verbose level feature as + previously implemented caused a large performance penalty. The + fix required some minor incompatibilities if the new rasterisk is + used to connect to an earlier version. If the new rasterisk + connects to an older Asterisk version then the root console + verbose level is always affected by the "core set verbose" + command of the remote console even though it may appear to only + affect the current console. If an older version of rasterisk + connects to the new version then the "core set verbose" command + will have no effect. * Fixed the verbose performance by not + generating a verbose message if nothing is going to use it and + then filtered any generated verbose messages before actually + sending them to the remote consoles. * Split the "core set debug" + and "core set verbose" CLI commands to remove the per module + verbose support that cannot work with the per console verbose + level. * Added a silent option to the "core set verbose" command. + * Fixed "core set debug off" tab completion. * Made "core show + settings" list the current console verbosity in addition to the + root console verbosity. * Changed the default verbose level of + the 'verbose' setting in the logger.conf [logfiles] section. The + default is now to once again follow the current root console + level. As a result, using the AMI Command action with "core set + verbose" could again set the root console verbose level and + affect the verbose level logged. (closes issue AST-1252) Reported + by: Guenther Kelleter Review: + https://reviewboard.asterisk.org/r/3114/ ........ Merged + revisions 405431 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2014-01-09 16:34 +0000 [r405233] Matthew Jordan + + * /, apps/app_confbridge.c, + apps/confbridge/conf_state_multi_marked.c: app_confbridge: Fix + crash caused when waitmarked/marked users leave together When + waitmarked users join a ConfBridge, the conference state is + transitioned from EMPTY -> INACTIVE. In this state, the users are + maintined in a waiting users list. When a marked user joins, the + ConfBridge conference transitions from INACTIVE -> MULTI_MARKED, + and all users are put onto the active list of users. This process + works correctly. When the marked user leaves, if they are the + last marked user, the MULTI_MARKED state does the following: (1) + It plays back a message to the bridge stating that the leader has + left the conference. This requires an unlocking of the bridge. + (2) It moves waitmarked users back to the waiting list (3) It + transitions to the appropriate state: in this case, INACTIVE + However, because it plays the prompt back to the bridge before + moving the users and before finishing the state transition, this + creates a race condition: with the bridge unlocked, waitmarked + users who leave the conference (or are kicked from it) can cause + a state transition of the bridge to another state before the + conference is transitioned to the INACTIVE state. This causes the + state machine to get a bit wonky, often leading to a crash when + the MULTI_MARKED state attempts to conclude its processing. This + patch fixes this problem: (1) It prevents kicked users from being + kicked again. That's just a nicety. (2) More importantly, it + fixes the race condition by only playing the prompt once the + state has transitioned correctly to INACTIVE. If waitmarked users + sneak out during the prompt being played, no harm no foul. + Review: https://reviewboard.asterisk.org/r/3108/ (closes issue + AST-1258) Reported by: Steve Pitts ........ Merged revisions + 405215 from http://svn.asterisk.org/svn/asterisk/branches/11 + +2013-12-19 16:38 +0000 [r404349] Scott Griepentrog + + * main/db.c, /: astdb: crash in sqlite3 during shutdown When + Asterisk is shut down, the astdb_atexit() function releases + (finalize) the previously initiated (prepared) SQL statements in + sqlite3. Another thread making a subsequent request can cause a + crash in sqlite3. This patch eliminates that issue by resetting + the statement pointer after it is released/cleared. The sqlite3 + code detects the null pointer, and aborts the operation cleanly. + (closes issue AST-1265) Reported by: Alexander Hömig (closes + issue ASTERISK-22350) Reported by: Birger "WIMPy" Harzenetter + Review: https://reviewboard.asterisk.org/r/3078/ ........ Merged + revisions 404344 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2013-12-16 17:29 +0000 [r403956] David M. Lee + + * funcs/func_realtime.c, main/pbx.c, main/tcptls.c, + funcs/func_db.c, /, README-SERIOUSLY.bestpractices.txt, + configs/asterisk.conf.sample, funcs/func_shell.c, + funcs/func_env.c, funcs/func_lock.c, UPGRADE.txt, + include/asterisk/pbx.h, main/asterisk.c: security: Inhibit + execution of privilege escalating functions This patch allows + individual dialplan functions to be marked as 'dangerous', to + inhibit their execution from external sources. A 'dangerous' + function is one which results in a privilege escalation. For + example, if one were to read the channel variable SHELL(rm -rf /) + Bad Things(TM) could happen; even if the external source has only + read permissions. Execution from external sources may be enabled + by setting 'live_dangerously' to 'yes' in the [options] section + of asterisk.conf. Although doing so is not recommended. (closes + issue ASTERISK-22905) Review: + http://reviewboard.digium.internal/r/432/ ........ Merged + revisions 403913 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 403917 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2013-12-16 15:38 +0000 [r403860] Scott Griepentrog + + * apps/app_sms.c: app_sms: BufferOverflow when receiving odd length + 16 bit message This patch prevents an infinite loop overwriting + memory when a message is received into the unpacksms16() + function, where the length of the message is an odd number of + bytes. (closes issue ASTERISK-22590) Reported by: Jan Juergens + Tested by: Jan Juergens + +2013-11-04 21:20 +0000 [r402463] Kevin Harwell + + * /, channels/chan_sip.c: chan_sip: notify dialog info ignores + presentation indicator in callerid The presentation indicator in + a callerid (e.g. set by dialplan function + Set(CALLERID(name-pres)= ...)) is not checked when SIP Dialog + Info Notifies are generated during extension monitoring. Added a + check to make sure the name and/or number presentations on the + callee (remote identity) are set to allow. If they are restricted + then "anonymous" is used instead. (closes issue AST-1175) + Reported by: Thomas Arimont Review: + https://reviewboard.asterisk.org/r/2976/ ........ Merged + revisions 402450 from + http://svn.asterisk.org/svn/asterisk/branches/11 + +2013-11-01 20:39 +0000 [r402377-402383] Matthew Jordan + + * asterisk-11.6.0-summary.html (removed), + asterisk-11.6.0-summary.txt (removed): Remove old summaries + + * include/asterisk/pbx.h, res/res_rtp_asterisk.c, main/pbx.c, /, + configure, configure.ac: Multiple revisions + 396884,400075,400093,401446,401960 ........ r396884 | jbigelow | + 2013-08-16 17:45:10 -0500 (Fri, 16 Aug 2013) | 8 lines Add test + suite events to indicate when a feature is detected or not These + are needed by the bridge test suite tests for them to be able to + run against Asterisk 11. Review: + https://reviewboard.asterisk.org/r/2751/ ........ r400075 | + mjordan | 2013-09-28 16:59:12 -0500 (Sat, 28 Sep 2013) | 16 lines + Add check for openSUSE when detecting bfd library In + ASTERISK-17842, some additional library checks were added to the + configure script so that the bfd library could be found on CentOS + and Fedora systems. As it turns out, openSUSE requires an + additional library. This patch adds another check to the + configure script for openSUSE that will add that library. Review: + https://reviewboard.asterisk.org/r/2885/ (closes issue AST-1169) + Reported by: Guenther Kelleter ........ Merged revisions 400073 + from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ + r400093 | mjordan | 2013-09-28 17:21:37 -0500 (Sat, 28 Sep 2013) + | 23 lines res_rtp_asterisk: Correct erroneous lost packet + information in RTCP reports RTCP's calculation of the number of + lost packets in an RTP stream is based on that stream's sequence + number count, the number of received packets, and how many + packets we expect to receive. When the SSRC for an RTP stream + changes, there can - and almost always will be - a large jump in + the next packet's timestamp and sequence number. If we don't + reset the number of received packets, sequence number count, and + other metrics used by RTCP, the next RR/SR report will use the + previous SSRC's values to calculate the lost packet count for the + new SSRC - resulting in a very large number of lost packets. This + patch modifies res_rtp_asterisk such that, if it detects a SSRC + change, it will reset the various values used by the RTCP + calculations. From the perspective of RTCP, this appears as a new + media stream - which is what it is. Review: + https://reviewboard.asterisk.org/r/2886/ (closes issue AST-1174) + Reported by: Thomas Arimont ........ Merged revisions 400089 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ + r401446 | mjordan | 2013-10-22 17:42:24 -0500 (Tue, 22 Oct 2013) + | 15 lines res_rtp_asterisk: Fix crash when RTCP is not available + during SSRC change In r400089, a patch was put in to correct + erroneous RTCP statistic resets. Unfortunately, ast_rtp_read can + be called on an RTP instance that does not have RTCP information. + This patch prevents that crash by only resetting the statistics + if we do actually have an RTCP instance. (issue AST-1174) (closes + issue ASTERISK-22667) Reported by: John Bigelow ........ Merged + revisions 401445 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ + r401960 | sgriepentrog | 2013-10-25 15:44:40 -0500 (Fri, 25 Oct + 2013) | 15 lines pbx.c: fix confused match caller id that deleted + exten still in hash This fixes a bug where a zero length callerid + match adjacent to a no match callerid extension entry would be + deleted together, which then resulted in hashtable references to + free'd memory. A third state of the matchcid value has been added + to indicate match to any extension which allows enforcing + comparison of matchcid on/off without errors. (closes issue + AST-1235) Reported by: Guenther Kelleter Review: + https://reviewboard.asterisk.org/r/2930/ ........ Merged + revisions 401959 from + http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged + revisions 396884,400075,400093,401446,401960 from + http://svn.asterisk.org/svn/asterisk/branches/11 + + * /: SVN properties: Add svnmerge properties for 11 + +2013-10-22 16:10 +0000 [r401416] bebuild : + + * / (added): Create branch for Certified Asterisk 11.6. + 2013-10-21 Asterisk Development Team * Asterisk 11.6.0 Released.