Author: mjordan
Revision Date: 2015-04-11 15:27:08 UTC

clang compiler warnings: Fix various warnings for tests

This patch fixes a variety of clang compiler warnings for unit tests. This
includes autological comparison issues, ignored return values, and
interestingly enough, one embedded function. Fun!

Review: https://reviewboard.asterisk.org/r/4555

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4555.patch submitted by dkdegroot (License 6600)
........

Merged revisions 434705 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 434706 from http://svn.asterisk.org/svn/asterisk/branches/13

Author: dlee
Revision Date: 2013-12-16 17:02:01 UTC

security: Inhibit execution of privilege escalating functions

This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.

A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.

Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.

(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........

Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8

Author: jrose
Revision Date: 2015-04-08 15:54:38 UTC

Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.

When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.

ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
 asterisk-null-in-cn.patch submitted by mhej (license 6085)

Author: mjordan
Revision Date: 2015-04-11 15:34:43 UTC

main/event: Remove unnecessary assignment of negative value to enum

When cleaning up some clang compiler warnings, the comparison of a negative
value to an unsigned enum was removed. However, the initial assignment of a
negative value to said enum remained in the variable declaration. This patch
removes that assignment.

Thanks to ibercom in #asterisk-bugs for pointing it out.

Author: mjordan
Revision Date: 2015-04-11 15:27:08 UTC

clang compiler warnings: Fix various warnings for tests

This patch fixes a variety of clang compiler warnings for unit tests. This
includes autological comparison issues, ignored return values, and
interestingly enough, one embedded function. Fun!

Review: https://reviewboard.asterisk.org/r/4555

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4555.patch submitted by dkdegroot (License 6600)
........

Merged revisions 434705 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 434706 from http://svn.asterisk.org/svn/asterisk/branches/13

Author: kmoore
Revision Date: 2014-09-05 13:25:56 UTC

Menuselect: Fix incorrect enabling on failed deps

This corrects a situation where menuselect can incorrectly enable a
module by default that has defaultenabled set to "no" and has
failed/non-selected dependencies. The bug is due to an inverted test
when checking for whether the given module should be set to enabled by
default on load.

Review: https://reviewboard.asterisk.org/r/3975/
Reported by: John Bigelow

Author: Guilhem Lettron
Revision Date: 2013-10-21 13:38:18 UTC

Fix colon in destdir

Author: Guilhem Lettron
Revision Date: 2013-10-21 12:45:25 UTC

New try

Author: Guilhem Lettron
Revision Date: 2013-10-18 14:20:14 UTC

Add build-depend on asterisk 10+ and no-epoch

Author: Guilhem Lettron
Revision Date: 2013-10-17 15:00:29 UTC

Import from http://asterisk.hosting.lv/src/asterisk-g72x-1.1.tar.bz2

Author: Guilhem Lettron
Revision Date: 2013-10-07 14:34:54 UTC

* Switch to dpkg-source 3.0 (native) format
* Use wildcard instead of dh-exec

Author: msp
Revision Date: 2013-09-29 04:30:52 UTC

UNRELEASED

Author: mjordan
Revision Date: 2012-05-18 13:58:05 UTC

Fix a variety of memory leaks

This patch addresses a number of memory leaks in a variety of modules that were
found by a static analysis tool. A brief summary of the changes:

* app_minivm: free ast_str objects on off nominal paths
* app_page: free the ast_dial object if the requested channel technology
                    cannot be appended to the dialing structure
* app_queue: if a penalty rule failed to match any existing rule list
                    names, the created rule would not be inserted and its memory
                    would be leaked
* app_read: dispose of the created silence detector in the presence of
                    off nominal circumstances
* app_voicemail: dispose of an allocated unique ID field for MWI event
                    un-subscribe requests in off nominal paths; dispose of
                    configuration objects when using the secret.conf option
* chan_dahdi: dispose of the allocated frame produced by ast_dsp_process
* chan_iax2: properly unref peer in CLI command "iax2 unregister"
* chan_sip: dispose of the allocated frame produced by sip_rtp_read's
                    call of ast_dsp_process; free memory in parse unit tests
* func_dialgroup: properly deref ao2 object grhead in nominal path of
                    dialgroup_read
* func_odbc: free resultset in off nominal paths of odbc_read
* cli: free match_list in off nominal paths of CLI match completion
* config: free comment_buffer/list_buffer when configuration file load
                    is unchanged; free the same buffers any time they were
                    created and config files were processed
* data: free XML nodes in various places
* enum: free context buffer in off nominal paths
* features: free ast_call_feature in off nominal paths of applicationmap
                    config processing
* netsock2: users of ast_sockaddr_resolve pass in an ast_sockaddr struct
                    that is allocated by the method. Failures in
                    ast_sockaddr_resolve could result in the users of the method
                    not knowing whether or not the buffer was allocated. The
                    method will now not allocate the ast_sockaddr struct if it
                    will return failure.
* pbx: cleanup hash table traversals in off nominal paths; free
                    ignore pattern buffer if it already exists for the specified
                    context
* xmldoc: cleanup various nodes when we no longer need them
* main/editline: various cleanup of pointers not being freed before being
                    assigned to other memory, cleanup along off nominal paths
* menuselect/mxml: cleanup of value buffer for an attribute when that attribute
                    did not specify a value
* res_calendar*: responses are allocated via the various *_request method
                    returns and should not be allocated in the various
                    write_event methods; ensure attendee buffer is freed if no
                    data exists in the parsed node; ensure that calendar objects
                    are de-ref'd appropriately
* res_jabber: free buffer in off nominal path
* res_musiconhold: close the DIR* object in off nominal paths
* res_rtp_asterisk: if we run out of ports, close the rtp socket object and free
                    the rtp object
* res_srtp: if we fail to create the session in libsrtp, destroy the
                    temporary ast_srtp object

(issue ASTERISK-19665)
Reported by: Matt Jordan

Review: https://reviewboard.asterisk.org/r/1922

Author: tzafrir
Revision Date: 2013-04-09 11:08:48 UTC

Releasing, again