lp:~guilhem-fr/asterisk/11

Branch merges

This import branch has no branches proposed for merge into it.

No branches dependent on this one.

Related source package recipes

3 recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

24021. By mjordan on 2015-04-11

main/event: Remove unnecessary assignment of negative value to enum

When cleaning up some clang compiler warnings, the comparison of a negative
value to an unsigned enum was removed. However, the initial assignment of a
negative value to said enum remained in the variable declaration. This patch
removes that assignment.

Thanks to ibercom in #asterisk-bugs for pointing it out.

24020. By mjordan on 2015-04-11

clang compiler warnings: Fix various warnings for tests

This patch fixes a variety of clang compiler warnings for unit tests. This
includes autological comparison issues, ignored return values, and
interestingly enough, one embedded function. Fun!

Review: https://reviewboard.asterisk.org/r/4555

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4555.patch submitted by dkdegroot (License 6600)

24019. By rmudgett on 2015-04-10

translate.c: Only select audio codecs to determine the best translation choice.

Given a source capability of h264 and ulaw, a destination capability of
h264 and g722 then ast_translator_best_choice() would pick h264 as the
best choice even though h264 is a video codec and Asterisk only supports
translation of audio codecs. When the audio starts flowing, there are
warnings about a codec mismatch when the channel tries to write a frame to
the peer.

* Made ast_translator_best_choice() only select audio codecs.

* Restore a check in channel.c:set_format() lost after v1.8 to prevent
trying to set a non-audio codec.

This is an intermediate patch for a series of patches aimed at improving
translation path choices for ASTERISK-24841.

This patch is a complete enough fix for ASTERISK-21777 as the v11 version
of ast_translator_best_choice() does the same thing. However, chan_sip.c
still somehow tries to call ast_codec_choose() which then calls
ast_best_codec() with a capability set that doesn't contain any audio
formats for the incoming call. The remaining warning message seems to be
a benign transient.

ASTERISK-21777 #close
Reported by: Nick Ruggles

ASTERISK-24380 #close
Reported by: Matt Jordan

Review: https://reviewboard.asterisk.org/r/4605/

24018. By mjordan on 2015-04-10

channels/chan_iax2: Improve POKE expiration time calculation for lossy networks

POKE is used to check for peer availability; however, in networks with packet
loss, the current calculations may result in POKE expiration times that are too
short. This patch alters the expiration/retry time logic to take into account
the last known qualify round trip time, as opposed to always using a static
value for each peer.

Review: https://reviewboard.asterisk.org/r/4536

ASTERISK-22352 #close
Reported by: Frederic Van Espen

ASTERISK-24894 #close
Reported by: Y Ateya
patches:
  poke_noanswer_duration.diff submitted by Y Ateya (License 6693)

24017. By mjordan on 2015-04-09

clang compiler warnings: Fix autological comparisons

This fixes autological comparison warnings in the following:
 * chan_skinny: letohl may return a signed or unsigned value, depending on the
   macro chosen
 * func_curl: Provide a specific cast to CURLoption to prevent mismatch
 * cel: Fix enum comparisons where the enum can never be negative
 * enum: Fix comparison of return result of dn_expand, which returns a signed
   int value
 * event: Fix enum comparisons where the enum can never be negative
 * indications: tone_data.freq1 and freq2 are unsigned, and hence can never be
   negative
 * presencestate: Use the actual enum value for INVALID state
 * security_events: Fix enum comparisons where the enum can never be negative
 * udptl: Don't bother to check if the return value from encode_length is less
   than 0, as it returns an unsigned int
 * translate: Since the parameters are unsigned int, don't bother checking
   to see if they are negative. The cast to unsigned int would already blow
   past the matrix bounds.

Review: https://reviewboard.asterisk.org/r/4533
ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4533.patch submitted by dkdegroot (License 6600)

24016. By mjordan on 2015-04-09

apps/app_queue: Prevent possible crash when evaluating queue penalty rules

Although it only occurred once, a crash occurred when a queue attempted to
evaluate a queue penalty rule that appeared to have already been destroyed.
In many locations in app_queue, a test is done to see if qe->pr is NULL;
however, when we dispose of a queue's penalty rules, we don't set the pointer
to NULL after free'ing it. This patch does that to prevent any dangling
pointers from lingering on the queue object.

Review: https://reviewboard.asterisk.org/r/4522

ASTERISK-23319 #close
Reported by: Vadim
patches:
  rb4552.patch submitted by Stefan Engström (License 6691)

24015. By jrose on 2015-04-08

Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.

When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.

ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
 asterisk-null-in-cn.patch submitted by mhej (license 6085)
........

Merged revisions 434337 from http://svn.asterisk.org/svn/asterisk/branches/1.8

24014. By mjordan on 2015-04-08

chan_iax2: Fix mixup of code/declarations

Interestingly enough, clang doesn't care about this.

24013. By mjordan on 2015-04-08

chan_iax2: Fix crash caused by unprotected access to iaxs[peer->callno]

This patch fixes an access to the peer callnumber that is unprotected by a
corresponding mutex. The peer->callno value can be changed by multiple threads,
and all data inside the iaxs array must be procted by a corresponding lock
of iaxsl.

The patch moves the unprotected access to a location where the mutex is
safely obtained.

Review: https://reviewboard.asterisk.org/r/4599/

ASTERISK-21211 #close
Reported by: Jaco Kroon
patches:
  asterisk-11.2.1-iax2_poke-segfault.diff submitted by Jaco Kroon (License 5671)

24012. By mjordan on 2015-04-08

chan_sip: Handle IPv4 mapped IPv6 clients when NAT is enabled

When udpbindaddr is set to the IPv6 bind all address of '::', Asterisk will
attempt to handle both IPv4 and IPv6 addresses, although the information will
be stored in a struct with an AF_INET6 address type. However, the current
NAT handling code won't handle the IPv4 mapped IPv6 addresses correctly.
This patch adds an additional check for the mapped address case, allowing
the NAT code to handle clients even when the address is IPv6.

Review: https://reviewboard.asterisk.org/r/4563/

ASTERISK-18032 #close
Reported by: Christoph Timm
patches:
  nat_with_ipv6.diff submitted by Valentin Vidić (License 6697)