lp:asterisk/1.8

Created by Paul Belanger on 2011-10-21 and last modified on 2015-04-08
Get this branch:
bzr branch lp:asterisk/1.8

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Asterisk
Project:
Asterisk
Status:
Development

Import details

Import Status: Reviewed

This branch is an import of the Subversion branch from http://svn.asterisk.org/svn/asterisk/branches/1.8.

The next import is scheduled to run in 54 minutes.

Last successful import was 5 hours ago.

Import started 5 hours ago on alnitak and finished 5 hours ago taking 1 minute — see the log
Import started 11 hours ago on izar and finished 11 hours ago taking 1 minute — see the log
Import started 17 hours ago on izar and finished 17 hours ago taking 1 minute — see the log
Import started 23 hours ago on alnitak and finished 23 hours ago taking 1 minute — see the log
Import started on 2019-04-24 on izar and finished on 2019-04-24 taking 1 minute — see the log
Import started on 2019-04-23 on alnitak and finished on 2019-04-23 taking 1 minute — see the log
Import started on 2019-04-23 on izar and finished on 2019-04-23 taking 1 minute — see the log
Import started on 2019-04-23 on izar and finished on 2019-04-23 taking 1 minute — see the log
Import started on 2019-04-23 on alnitak and finished on 2019-04-23 taking 1 minute — see the log
Import started on 2019-04-22 on izar and finished on 2019-04-22 taking 1 minute — see the log

Recent revisions

22823. By jrose on 2015-04-08

Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.

When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.

ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
 asterisk-null-in-cn.patch submitted by mhej (license 6085)

22822. By mmichelson on 2015-01-28

Backport AST-2015-002 fix to 1.8.

This helps to prevent Asterisk from being an attack vector for
HTTP request injection attacks based on CVE-2014-8150.

22821. By mmichelson on 2014-11-20

Fix error with mixed address family ACLs.

Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.

ASTERISK-24469 #close

Reported by Matt Jordan
Patches:
 ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)

AST-2014-012

22820. By kharwell on 2014-11-20

AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)

22819. By coreyfarrell on 2014-11-06

Fix unintential memory retention in stringfields.

* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.

ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/

22818. By coreyfarrell on 2014-11-02

Fix ast_writestream leaks

Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.

11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.

ASTERISK-24476 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4138/

22817. By tzafrir on 2014-10-31

Fix syntax from r426926

22816. By tzafrir on 2014-10-31

install init.d files on GNU/kFreeBSD

Review: https://reviewboard.asterisk.org/r/4118/

22815. By mjordan on 2014-10-31

channels/sip/reqresp_parser: Fix unit tests for r426594

When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.

22814. By coreyfarrell on 2014-10-31

REF_DEBUG: Install refcounter.py to $(ASTDATADIR)/scripts

This change ensures refcounter.py is installed to a place where it
can be found by the Asterisk testsuite if REF_DEBUG is enabled.

ASTERISK-24432 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4094/

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers