[asterisk-commits] moy: branch moy/mfcr2-1.4 r267095 - in /team/moy/mfcr2-1.4: ./ apps/ build_to...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jun 2 13:02:54 CDT 2010


Author: moy
Date: Wed Jun  2 13:02:38 2010
New Revision: 267095

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=267095
Log:
merged 1.4.32 tag

Added:
    team/moy/mfcr2-1.4/.lastclean
      - copied unchanged from r267091, tags/1.4.32/.lastclean
    team/moy/mfcr2-1.4/.version
      - copied unchanged from r267091, tags/1.4.32/.version
    team/moy/mfcr2-1.4/ChangeLog
      - copied unchanged from r267091, tags/1.4.32/ChangeLog
    team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt   (with props)
    team/moy/mfcr2-1.4/contrib/init.d/org.asterisk.asterisk.plist   (with props)
Removed:
    team/moy/mfcr2-1.4/asterisk-1.4.28-summary.html
    team/moy/mfcr2-1.4/asterisk-1.4.28-summary.txt
    team/moy/mfcr2-1.4/contrib/firmware/
Modified:
    team/moy/mfcr2-1.4/   (props changed)
    team/moy/mfcr2-1.4/BUGS
    team/moy/mfcr2-1.4/LICENSE
    team/moy/mfcr2-1.4/Makefile
    team/moy/mfcr2-1.4/Makefile.rules
    team/moy/mfcr2-1.4/apps/app_chanspy.c
    team/moy/mfcr2-1.4/apps/app_dial.c
    team/moy/mfcr2-1.4/apps/app_echo.c
    team/moy/mfcr2-1.4/apps/app_followme.c
    team/moy/mfcr2-1.4/apps/app_meetme.c
    team/moy/mfcr2-1.4/apps/app_mixmonitor.c
    team/moy/mfcr2-1.4/apps/app_mp3.c
    team/moy/mfcr2-1.4/apps/app_parkandannounce.c
    team/moy/mfcr2-1.4/apps/app_queue.c
    team/moy/mfcr2-1.4/apps/app_userevent.c
    team/moy/mfcr2-1.4/apps/app_voicemail.c
    team/moy/mfcr2-1.4/apps/app_waitforring.c
    team/moy/mfcr2-1.4/apps/app_waitforsilence.c
    team/moy/mfcr2-1.4/build_tools/cflags.xml
    team/moy/mfcr2-1.4/build_tools/make_build_h
    team/moy/mfcr2-1.4/build_tools/make_version_h
    team/moy/mfcr2-1.4/build_tools/menuselect-deps.in
    team/moy/mfcr2-1.4/channels/chan_agent.c
    team/moy/mfcr2-1.4/channels/chan_dahdi.c
    team/moy/mfcr2-1.4/channels/chan_h323.c
    team/moy/mfcr2-1.4/channels/chan_iax2.c
    team/moy/mfcr2-1.4/channels/chan_local.c
    team/moy/mfcr2-1.4/channels/chan_mgcp.c
    team/moy/mfcr2-1.4/channels/chan_misdn.c
    team/moy/mfcr2-1.4/channels/chan_sip.c
    team/moy/mfcr2-1.4/channels/chan_skinny.c
    team/moy/mfcr2-1.4/codecs/gsm/Makefile
    team/moy/mfcr2-1.4/config.guess
    team/moy/mfcr2-1.4/configs/cdr.conf.sample
    team/moy/mfcr2-1.4/configs/chan_dahdi.conf.sample
    team/moy/mfcr2-1.4/configs/extensions.ael.sample
    team/moy/mfcr2-1.4/configs/extensions.conf.sample
    team/moy/mfcr2-1.4/configs/manager.conf.sample
    team/moy/mfcr2-1.4/configs/say.conf.sample
    team/moy/mfcr2-1.4/configs/sip.conf.sample
    team/moy/mfcr2-1.4/configure
    team/moy/mfcr2-1.4/configure.ac
    team/moy/mfcr2-1.4/contrib/init.d/rc.debian.asterisk
    team/moy/mfcr2-1.4/contrib/scripts/safe_asterisk
    team/moy/mfcr2-1.4/doc/backtrace.txt
    team/moy/mfcr2-1.4/doc/configuration.txt
    team/moy/mfcr2-1.4/doc/imapstorage.txt
    team/moy/mfcr2-1.4/doc/localchannel.txt
    team/moy/mfcr2-1.4/funcs/func_cdr.c
    team/moy/mfcr2-1.4/funcs/func_math.c
    team/moy/mfcr2-1.4/include/asterisk/acl.h
    team/moy/mfcr2-1.4/include/asterisk/app.h
    team/moy/mfcr2-1.4/include/asterisk/astobj2.h
    team/moy/mfcr2-1.4/include/asterisk/audiohook.h
    team/moy/mfcr2-1.4/include/asterisk/autoconfig.h.in
    team/moy/mfcr2-1.4/include/asterisk/cdr.h
    team/moy/mfcr2-1.4/include/asterisk/channel.h
    team/moy/mfcr2-1.4/include/asterisk/frame.h
    team/moy/mfcr2-1.4/include/asterisk/rtp.h
    team/moy/mfcr2-1.4/include/asterisk/threadstorage.h
    team/moy/mfcr2-1.4/main/Makefile
    team/moy/mfcr2-1.4/main/app.c
    team/moy/mfcr2-1.4/main/ast_expr2.fl
    team/moy/mfcr2-1.4/main/ast_expr2f.c
    team/moy/mfcr2-1.4/main/asterisk.c
    team/moy/mfcr2-1.4/main/astobj2.c
    team/moy/mfcr2-1.4/main/audiohook.c
    team/moy/mfcr2-1.4/main/cdr.c
    team/moy/mfcr2-1.4/main/channel.c
    team/moy/mfcr2-1.4/main/config.c
    team/moy/mfcr2-1.4/main/editline/configure
    team/moy/mfcr2-1.4/main/editline/configure.in
    team/moy/mfcr2-1.4/main/file.c
    team/moy/mfcr2-1.4/main/http.c
    team/moy/mfcr2-1.4/main/loader.c
    team/moy/mfcr2-1.4/main/logger.c
    team/moy/mfcr2-1.4/main/manager.c
    team/moy/mfcr2-1.4/main/pbx.c
    team/moy/mfcr2-1.4/main/rtp.c
    team/moy/mfcr2-1.4/main/say.c
    team/moy/mfcr2-1.4/main/sched.c
    team/moy/mfcr2-1.4/main/utils.c
    team/moy/mfcr2-1.4/makeopts.in
    team/moy/mfcr2-1.4/pbx/Makefile
    team/moy/mfcr2-1.4/pbx/ael/ael_lex.c
    team/moy/mfcr2-1.4/pbx/pbx_dundi.c
    team/moy/mfcr2-1.4/pbx/pbx_spool.c
    team/moy/mfcr2-1.4/res/res_agi.c
    team/moy/mfcr2-1.4/res/res_features.c
    team/moy/mfcr2-1.4/res/res_monitor.c
    team/moy/mfcr2-1.4/res/res_musiconhold.c
    team/moy/mfcr2-1.4/res/res_smdi.c
    team/moy/mfcr2-1.4/sounds/Makefile
    team/moy/mfcr2-1.4/utils/Makefile
    team/moy/mfcr2-1.4/utils/astman.c

Propchange: team/moy/mfcr2-1.4/
------------------------------------------------------------------------------
--- svn:externals (original)
+++ svn:externals Wed Jun  2 13:02:38 2010
@@ -1,1 +1,1 @@
-menuselect https://origsvn.digium.com/svn/menuselect/tags/autotag_for_asterisk/1.4.28-rc1
+menuselect https://origsvn.digium.com/svn/menuselect/tags/autotag_for_asterisk/1.4.32-rc1

Propchange: team/moy/mfcr2-1.4/
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Wed Jun  2 13:02:38 2010
@@ -1,0 +1,5 @@
+/branches/1.4:233953-261541,265610
+/tags/1.4.32:266577-267091
+/tags/1.4.32-rc1:261542-265861
+/tags/1.4.32-rc2:265862-266576
+/trunk:228798

Modified: team/moy/mfcr2-1.4/BUGS
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/BUGS?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/BUGS (original)
+++ team/moy/mfcr2-1.4/BUGS Wed Jun  2 13:02:38 2010
@@ -4,7 +4,7 @@
 To learn about and report Asterisk bugs, please visit 
 the official Asterisk Bug Tracker at:
 
-	http://bugs.digium.com
+	https://issues.asterisk.org
 
 For more information on using the bug tracker, or to 
 learn how you can contribute by acting as a bug marshal

Modified: team/moy/mfcr2-1.4/LICENSE
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/LICENSE?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/LICENSE (original)
+++ team/moy/mfcr2-1.4/LICENSE Wed Jun  2 13:02:38 2010
@@ -7,15 +7,8 @@
 
 This package also includes various components that are not part of
 Asterisk itself; these components are in the 'contrib' directory
-and its subdirectories. Most of these components are also
-distributed under the GPL version 2 as well, except for the following:
-
-contrib/firmware/iax/iaxy.bin:
-	This file is Copyright (C) Digium, Inc. and is licensed for
-	use with Digium IAXy hardware devices only. It can be
-	distributed freely as long as the distribution is in the
-	original form present in this package (not reformatted or
-	modified).
+and its subdirectories. These components are also distributed under the
+GPL version 2 as well.
 
 Digium, Inc. (formerly Linux Support Services) holds copyright
 and/or sufficient licenses to all components of the Asterisk

Modified: team/moy/mfcr2-1.4/Makefile
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/Makefile?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/Makefile (original)
+++ team/moy/mfcr2-1.4/Makefile Wed Jun  2 13:02:38 2010
@@ -66,7 +66,6 @@
 export DOWNLOAD
 export AWK
 export GREP
-export ID
 export OSARCH
 export CURSES_DIR
 export NCURSES_DIR
@@ -74,6 +73,7 @@
 export TINFO_DIR
 export GTK2_LIB
 export GTK2_INCLUDE
+export WGET_EXTRA_ARGS
 
 # even though we could use '-include makeopts' here, use a wildcard
 # lookup anyway, so that make won't try to build makeopts if it doesn't
@@ -323,7 +323,10 @@
 	@exit 1
 
 menuselect.makeopts: menuselect/menuselect menuselect-tree makeopts build_tools/menuselect-deps $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS)
+ifeq ($(filter %menuselect,$(MAKECMDGOALS)),)
+	menuselect/menuselect --check-deps $@
 	menuselect/menuselect --check-deps $@ $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS)
+endif
 
 $(MOD_SUBDIRS_EMBED_LDSCRIPT):
 	+ at echo "EMBED_LDSCRIPTS+="`$(SUBMAKE) -C $(@:-embed-ldscript=) SUBDIR=$(@:-embed-ldscript=) __embed_ldscript` >> makeopts.embed_rules
@@ -335,8 +338,8 @@
 	+ at echo "EMBED_LIBS+="`$(SUBMAKE) -C $(@:-embed-libs=) SUBDIR=$(@:-embed-libs=) __embed_libs` >> makeopts.embed_rules
 
 $(MOD_SUBDIRS_MENUSELECT_TREE):
-	@$(SUBMAKE) -C $(@:-menuselect-tree=) SUBDIR=$(@:-menuselect-tree=) moduleinfo
-	@$(SUBMAKE) -C $(@:-menuselect-tree=) SUBDIR=$(@:-menuselect-tree=) makeopts
+	+@$(SUBMAKE) -C $(@:-menuselect-tree=) SUBDIR=$(@:-menuselect-tree=) moduleinfo
+	+@$(SUBMAKE) -C $(@:-menuselect-tree=) SUBDIR=$(@:-menuselect-tree=) makeopts
 
 makeopts.embed_rules: menuselect.makeopts
 	@echo "Generating embedded module rules ..."
@@ -354,10 +357,10 @@
 main: $(filter-out main,$(MOD_SUBDIRS))
 
 $(MOD_SUBDIRS):
-	+ at _ASTCFLAGS="$(MOD_SUBDIR_CFLAGS) $(_ASTCFLAGS)" $(MAKE) --no-builtin-rules -C $@ SUBDIR=$@ all
+	+ at _ASTCFLAGS="$(MOD_SUBDIR_CFLAGS) $(_ASTCFLAGS)" ASTCFLAGS="$(ASTCFLAGS)" _ASTLDFLAGS="$(_ASTLDFLAGS)" ASTLDFLAGS="$(ASTLDFLAGS)" $(SUBMAKE) --no-builtin-rules -C $@ SUBDIR=$@ all
 
 $(OTHER_SUBDIRS):
-	+ at _ASTCFLAGS="$(OTHER_SUBDIR_CFLAGS) $(_ASTCFLAGS)" $(MAKE) --no-builtin-rules -C $@ SUBDIR=$@ all
+	+ at _ASTCFLAGS="$(OTHER_SUBDIR_CFLAGS) $(_ASTCFLAGS)" ASTCFLAGS="$(ASTCFLAGS)" _ASTLDFLAGS="$(_ASTLDFLAGS)" ASTLDFLAGS="$(ASTLDFLAGS)" $(SUBMAKE) --no-builtin-rules -C $@ SUBDIR=$@ all
 
 defaults.h: makeopts
 	@build_tools/make_defaults_h > $@.tmp
@@ -410,9 +413,7 @@
 	rm -f build_tools/menuselect-deps
 
 datafiles: _all
-	if [ `$(ID) -u` = 0 ]; then \
-		CFLAGS="$(_ASTCFLAGS) $(ASTCFLAGS)" build_tools/mkpkgconfig $(DESTDIR)/usr/lib/pkgconfig; \
-	fi
+	CFLAGS="$(_ASTCFLAGS) $(ASTCFLAGS)" build_tools/mkpkgconfig $(DESTDIR)$(libdir)/pkgconfig;
 # Should static HTTP be installed during make samples or even with its own target ala
 # webvoicemail?  There are portions here that *could* be customized but might also be
 # improved a lot.  I'll put it here for now.
@@ -615,9 +616,13 @@
 		echo ";maxcalls = 10 ; Maximum amount of calls allowed" ; \
 		echo ";maxload = 0.9 ; Asterisk stops accepting new calls if the load average exceed this limit" ; \
 		echo ";cache_record_files = yes ; Cache recorded sound files to another directory during recording" ; \
-		echo ";record_cache_dir = /tmp ; Specify cache directory (used in cnjunction with cache_record_files)" ; \
+		echo ";record_cache_dir = /tmp ; Specify cache directory (used in conjunction with cache_record_files)" ; \
 		echo ";transmit_silence_during_record = yes ; Transmit SLINEAR silence while a channel is being recorded" ; \
-		echo ";transmit_silence = yes ; Transmit SLINEAR silence while a channel is being recorded or DTMF is being generated" ; \
+		echo ";transmit_silence = yes ; Transmit silence while a channel is in a waiting state, a recording only state, or when DTMF is" ; \
+		echo "                        ; being generated.  Note that the silence internally is generated in raw signed linear format." ; \
+		echo "                        ; This means that it must be transcoded into the native format of the channel before it can be sent" ; \
+		echo "                        ; to the device.  It is for this reason that this is optional, as it may result in requiring a" ; \
+		echo "                        ; temporary codec translation path for a channel that may not otherwise require one." ; \
 		echo ";transcode_via_sln = yes ; Build transcode paths via SLINEAR, instead of directly" ; \
 		echo ";runuser = asterisk ; The user to run as" ; \
 		echo ";rungroup = asterisk ; The group to run as" ; \
@@ -683,6 +688,8 @@
 		elif [ -f /etc/SuSE-release -o -f /etc/novell-release ]; then \
 			$(INSTALL) -m 755 contrib/init.d/rc.suse.asterisk $(DESTDIR)/etc/init.d/asterisk; \
 			if [ -z "$(DESTDIR)" ]; then /sbin/chkconfig --add asterisk; fi; \
+		elif [ -d $(DESTDIR)/Library/LaunchDaemons -a ! -f $(DESTDIR)/Library/LaunchDaemons/org.asterisk.asterisk.plist ]; then \
+			$(INSTALL) -m 644 contrib/init.d/org.asterisk.asterisk.plist $(DESTDIR)/Library/LaunchDaemons/org.asterisk.asterisk.plist; \
 		elif [ -f /etc/slackware-version ]; then \
 			echo "Slackware is not currently supported, although an init script does exist for it."; \
 		else \
@@ -746,19 +753,51 @@
 
 menuconfig: menuselect
 
+cmenuconfig: cmenuselect
+
 gmenuconfig: gmenuselect
 
-menuselect: menuselect/menuselect menuselect-tree
-	- at menuselect/menuselect menuselect.makeopts $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS) && (echo "menuselect changes saved!"; rm -f channels/h323/Makefile.ast main/asterisk) || echo "menuselect changes NOT saved!"
-
-gmenuselect: menuselect/gmenuselect menuselect-tree
-	- at menuselect/gmenuselect menuselect.makeopts $(GLOBAL_MAKEOPTS) $(USER_MAKEOPTS) && (echo "menuselect changes saved!"; rm -f channels/h323/Makefile.ast main/asterisk) || echo "menuselect changes NOT saved!"
-
-menuselect/menuselect: makeopts menuselect/menuselect.c menuselect/menuselect_curses.c menuselect/menuselect_stub.c menuselect/menuselect.h menuselect/linkedlists.h makeopts
-	@CC="$(HOST_CC)" LD="" AR="" RANLIB="" CFLAGS="" $(MAKE) -C menuselect CONFIGURE_SILENT="--silent"
-
-menuselect/gmenuselect: makeopts menuselect/menuselect.c menuselect/menuselect_gtk.c menuselect/menuselect_stub.c menuselect/menuselect.h menuselect/linkedlists.h makeopts
-	@CC="$(HOST_CC)" CXX="$(CXX)" LD="" AR="" RANLIB="" CFLAGS="" $(MAKE) -C menuselect _gmenuselect CONFIGURE_SILENT="--silent"
+nmenuconfig: nmenuselect
+
+menuselect: menuselect/cmenuselect menuselect/nmenuselect menuselect/gmenuselect
+	@if [ -x menuselect/nmenuselect ]; then \
+		$(MAKE) nmenuselect; \
+	elif [ -x menuselect/cmenuselect ]; then \
+		$(MAKE) cmenuselect; \
+	elif [ -x menuselect/gmenuselect ]; then \
+		$(MAKE) gmenuselect; \
+	else \
+		echo "No menuselect user interface found. Install ncurses,"; \
+		echo "newt or GTK libraries to build one and re-rerun"; \
+		echo "'make menuselect'."; \
+	fi
+
+cmenuselect: menuselect/cmenuselect menuselect-tree menuselect.makeopts
+	- at menuselect/cmenuselect menuselect.makeopts && (echo "menuselect changes saved!"; rm -f channels/h323/Makefile.ast main/asterisk) || echo "menuselect changes NOT saved!"
+
+gmenuselect: menuselect/gmenuselect menuselect-tree menuselect.makeopts
+	- at menuselect/gmenuselect menuselect.makeopts && (echo "menuselect changes saved!"; rm -f channels/h323/Makefile.ast main/asterisk) || echo "menuselect changes NOT saved!"
+
+nmenuselect: menuselect/nmenuselect menuselect-tree menuselect.makeopts
+	- at menuselect/nmenuselect menuselect.makeopts && (echo "menuselect changes saved!"; rm -f channels/h323/Makefile.ast main/asterisk) || echo "menuselect changes NOT saved!"
+
+# options for make in menuselect/
+MAKE_MENUSELECT=CC="$(HOST_CC)" CXX="$(CXX)" LD="" AR="" RANLIB="" CFLAGS="" $(MAKE) -C menuselect CONFIGURE_SILENT="--silent"
+
+menuselect/menuselect: menuselect/makeopts
+	+$(MAKE_MENUSELECT) menuselect
+
+menuselect/cmenuselect: menuselect/makeopts
+	+$(MAKE_MENUSELECT) cmenuselect
+
+menuselect/gmenuselect: menuselect/makeopts
+	+$(MAKE_MENUSELECT) gmenuselect
+
+menuselect/nmenuselect: menuselect/makeopts
+	+$(MAKE_MENUSELECT) nmenuselect
+
+menuselect/makeopts: makeopts
+	+$(MAKE_MENUSELECT) makeopts
 
 menuselect-tree: $(foreach dir,$(filter-out main,$(MOD_SUBDIRS)),$(wildcard $(dir)/*.c) $(wildcard $(dir)/*.cc)) build_tools/cflags.xml build_tools/cflags-devmode.xml sounds/sounds.xml build_tools/embed_modules.xml configure
 	@echo "Generating input for menuselect ..."

Modified: team/moy/mfcr2-1.4/Makefile.rules
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/Makefile.rules?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/Makefile.rules (original)
+++ team/moy/mfcr2-1.4/Makefile.rules Wed Jun  2 13:02:38 2010
@@ -36,6 +36,12 @@
 endif
 
 OPTIMIZE?=-O6
+ifneq ($(findstring darwin,$(OSARCH)),)
+  ifeq ($(shell /usr/bin/sw_vers -productVersion | cut -c1-4),10.6)
+    # Snow Leopard has an issue with this optimization flag on large files (like chan_sip)
+    OPTIMIZE+=-fno-inline-functions
+  endif
+endif
 
 ifeq ($(findstring DONT_OPTIMIZE,$(MENUSELECT_CFLAGS)),)
     _ASTCFLAGS+=$(OPTIMIZE)

Added: team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt?view=auto&rev=267095
==============================================================================
--- team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt (added)
+++ team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt Wed Jun  2 13:02:38 2010
@@ -1,0 +1,295 @@
+==================
+| Best Practices |
+==================
+
+The purpose of this document is to define best practices when working with
+Asterisk in order to minimize possible security breaches and to provide tried
+examples in field deployments. This is a living document and is subject to 
+change over time as best practices are defined.
+
+--------
+Sections
+--------
+
+* Filtering Data: 
+        How to protect yourself from redial attacks
+
+* Proper Device Naming: 
+        Why to not use numbered extensions for devices
+
+* Secure Passwords: 
+        Secure passwords limit your risk to brute force attacks
+
+* Reducing Pattern Match Typos: 
+        Using the 'same' prefix, or using Goto()
+
+----------------
+Additional Links
+----------------
+
+Additional links that contain useful information about best practices or
+security are listed below.
+
+* Seven Steps to Better SIP Security:
+        http://blogs.digium.com/2009/03/28/sip-security/
+
+* Asterisk VoIP Security (webinar):
+        http://www.asterisk.org/security/webinar/
+
+
+==============
+Filtering Data
+==============
+
+In the Asterisk dialplan, several channel variables contain data potentially 
+supplied by outside sources. This could lead to a potential security concern 
+where those outside sources may send cleverly crafted strings of data which 
+could be utilized, e.g. to place calls to unexpected locations.
+
+An example of this can be found in the use of pattern matching and the ${EXTEN}
+channel variable. Note that ${EXTEN} is not the only system created channel
+variable, so it is important to be aware of where the data you're using is
+coming from.
+
+For example, this common dialplan takes 2 or more characters of data, starting 
+with a number 0-9, and then accepts any additional information supplied by the
+request.
+
+[NOTE: We use SIP in this example, but is not limited to SIP only; protocols
+       such as Jabber/XMPP or IAX2 are also susceptible to the same sort of
+       injection problem.]
+       
+
+[incoming]
+exten => _X.,1,Verbose(2,Incoming call to extension ${EXTEN})
+exten => _X.,n,Dial(SIP/${EXTEN})
+exten => _X.,n,Hangup()
+
+This dialplan may be utilized to accept calls to extensions, which then dial a
+numbered device name configured in one of the channel configuration files (such
+as sip.conf, iax.conf, etc...) (see the section Proper Device Naming for more
+information on why this approach is flawed).
+
+The example we've given above looks harmless enough until you take into
+consideration that several channel technologies accept characters that could
+be utilized in a clever attack. For example, instead of just sending a request
+to dial extension 500 (which in our example above would create the string
+SIP/500 and is then used by the Dial() application to place a call), someone
+could potentially send a string like "500&SIP/itsp/14165551212".
+
+The string "500&SIP/itsp/14165551212" would then be contained within the 
+${EXTEN} channel variable, which is then utilized by the Dial() application in
+our example, thereby giving you the dialplan line of:
+
+exten => _X.,n,Dial(SIP/500&SIP/itsp/14165551212)
+
+Our example above has now provided someone with a method to place calls out of
+your ITSP in a place where you didn't expect to allow it. There are a couple of
+ways in which you can mitigate this impact: stricter pattern matching, or using
+the FILTER() dialplan function.
+
+Strict Pattern Matching
+-----------------------
+
+The simple way to mitigate this problem is with a strict pattern match that does
+not utilize the period (.) or bang (!) characters to match on one-or-more 
+characters or zero-or-more characters (respectively). To fine tune our example
+to only accept three digit extensions, we could change our pattern match to
+be:
+
+exten => _XXX,n,Dial(SIP/${EXTEN})
+
+In this way, we have minimized our impact because we're not allowing anything
+other than the numbers zero through nine. But in some cases we really do need to
+handle variable pattern matches, such as when dialing international numbers
+or when we want to handle something like a SIP URI. In this case, we'll need to
+utilize the FILTER() dialplan function.
+
+Using FILTER()
+--------------
+
+The FILTER() dialplan function is used to filter strings by only allowing
+characters that you have specified. This is a perfect candidate for controlling
+which characters you want to pass to the Dial() application, or any other
+application which will contain dynamic information passed to Asterisk from an
+external source. Lets take a look at how we can use FILTER() to control what
+data we allow.
+
+Using our previous example to accept any string length of 2 or more characters, 
+starting with a number of zero through nine, we can use FILTER() to limit what 
+we will accept to just numbers. Our example would then change to something like:
+
+[incoming]
+exten => _X.,1,Verbose(2,Incoming call to extension ${EXTEN})
+exten => _X.,n,Dial(SIP/${FILTER(0123456789,${EXTEN})})
+exten => _X.,n,Hangup()
+
+Note how we've wrapped the ${EXTEN} channel variable with the FILTER() function
+which will then only pass back characters that fit into the numerical range that
+we've defined.
+
+Alternatively, if we didn't want to utilize the FILTER() function within the
+Dial() application directly, we could save the value to a channel variable,
+which has a side effect of being usable in other locations of your dialplan if
+necessary, and to handle error checking in a separate location.
+
+[incoming]
+exten => _X.,1,Verbose(2,Incoming call to extension ${EXTEN})
+exten => _X.,n,Set(SAFE_EXTEN=${FILTER(0123456789,${EXTEN})})
+exten => _X.,n,Dial(SIP/${SAFE_EXTEN})
+exten => _X.,n,Hangup()
+
+Now we can use the ${SAFE_EXTEN} channel variable anywhere throughout the rest
+of our dialplan, knowing we've already filtered it. We could also perform an
+error check to verify that what we've received in ${EXTEN} also matches the data
+passed back by FILTER(), and to fail the call if things do not match.
+
+[incoming]
+exten => _X.,1,Verbose(2,Incoming call to extension ${EXTEN})
+exten => _X.,n,Set(SAFE_EXTEN=${FILTER(0123456789,${EXTEN})})
+exten => _X.,n,GotoIf($[${EXTEN} != ${SAFE_EXTEN}]?error,1)
+exten => _X.,n,Dial(SIP/${SAFE_EXTEN})
+exten => _X.,n,Hangup()
+
+exten => error,1,Verbose(2,Values of EXTEN and SAFE_EXTEN did not match.)
+exten => error,n,Verbose(2,EXTEN: "${EXTEN}" -- SAFE_EXTEN: "${SAFE_EXTEN}")
+exten => error,n,Playback(silence/1&invalid)
+exten => error,n,Hangup()
+
+Another example would be using FILTER() to control the characters we accept when
+we're expecting to get a SIP URI for dialing.
+
+[incoming]
+exten => _[0-9a-zA-Z].,1,Verbose(2,Incoming call to extension ${EXTEN})
+exten => _[0-9a-zA-Z].,n,Dial(SIP/${FILTER(. at 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,${EXTEN})
+exten => _[0-9a-zA-Z].,n,Hangup()
+
+Of course the FILTER() function doesn't check the formatting of the incoming
+request. There is also the REGEX() dialplan function which can be used to
+determine if the string passed to it matches the regular expression you've
+created, and to take proper action on whether it matches or not. The creation of
+regular expressions is left as an exercise for the reader.
+
+More information about the FILTER() and REGEX() dialplan functions can be found
+by typing "core show function FILTER" and "core show function REGEX" from your
+Asterisk console.
+
+
+====================
+Proper Device Naming
+====================
+
+In Asterisk, the concept of an extension number being tied to a specific device
+does not exist. Asterisk is aware of devices it can call or receive calls from,
+and how you define in your dialplan how to reach those devices is up to you.
+
+Because it has become common practice to think of a specific device as having an
+extension number associated with it, it only becomes natural to think about
+naming your devices the same as the extension number you're providing it. But
+by doing this, you're limiting the powerful concept of separating user from
+extensions, and extensions from devices.
+
+It can also be a security hazard to name your devices with a number, as this can
+open you up to brute force attacks. Many of the current exploits deal with
+device configurations which utilize a number, and even worse, a password that
+matches the devices name. For example, take a look at this poorly created device
+in sip.conf:
+
+[1000]
+type=friend
+context=international_dialing
+secret=1000
+
+As implied by the context, we've permitted a device named 1000 with a password
+of 1000 to place calls internationally. If your PBX system is accessible via
+the internet, then your system will be vulnerable to expensive international
+calls. Even if your system is not accessible via the internet, people within
+your organization could get access to dialing rules you'd prefer to reserve only
+for certain people.
+
+A more secure example for the device would be to use something like the MAC
+address of the device, along with a strong password (see the section Secure
+Passwords). The following example would be more secure:
+
+[0004f2040001]
+type=friend
+context=international_dialing
+secret=aE3%B8*$jk^G
+
+Then in your dialplan, you would reference the device via the MAC address of the
+device (or if using the softphone, a MAC address of a network interface on the
+computer).
+
+Also note that you should NOT use this password, as it will likely be one of the
+first ones added to the dictionary for brute force attacks.
+
+
+================
+Secure Passwords
+================
+
+Secure passwords are necessary in many (if not all) environments, and Asterisk 
+is certainly no exception, especially when it comes to expensive long distance
+calls that could potentially cost your company hundreds or thousands of dollars
+on an expensive monthly phone bill, with little to no recourse to fight the
+charges.
+
+Whenever you are positioned to add a password to your system, whether that is
+for a device configuration, a database connection, or any other secure 
+connection, be sure to use a secure password. A good example of a secure
+password would be something like:
+
+aE3%B8*$jk^G
+
+Our password also contains 12 characters with a mixture of upper and
+lower case characters, numbers, and symbols. Because these passwords are likely 
+to only be entered once, or loaded via a configuration file, there is
+no need to create simple passwords, even in testing. Some of the holes found in
+production systems used for exploitations involve finding the one test extension
+that contains a weak password that was forgotten prior to putting a system into
+production.
+
+Using a web search you can find several online password generators such as
+http://www.strongpasswordgenerator.com or there are several scripts that can be
+used to generate a strong password.
+
+
+============================
+Reducing Pattern Match Typos
+============================
+
+As of Asterisk 1.6.2, a new method for reducing the number of complex pattern
+matches you need to enter, which can reduce typos in your dialplan, has been
+implemented. Traditionally, a dialplan with a complex pattern match would look
+something like:
+
+exten => _[3-5]XXX,1,Verbose(Incoming call to ${EXTEN})
+exten => _[3-5]XXX,n,Set(DEVICE=${DB(device/mac_address/${EXTEN})})
+exten => _[3-5]XXX,n,Set(TECHNOLOGY=${DB(device/technology/${EXTEN})})
+exten => _[3-5]XXX,n,GotoIf($[${ISNULL(${TECHNOLOGY})} | ${ISNULL(${DEVICE})}]?error,1)
+exten => _[3-5]XXX,n,Dial(${TECHNOLOGY}/${DEVICE},${GLOBAL(TIMEOUT)})
+exten => _[3-5]XXX,n,Set(vmFlag=${IF($[${DIALSTATUS} = BUSY]?b:u)})
+exten => _[3-5]XXX,n,Voicemail(${EXTEN}@${GLOBAL(VOICEMAIL_CONTEXT)},${vmFlag})
+exten => _[3-5]XXX,n,Hangup()
+
+exten => error,1,Verbose(2,Unable to lookup technology or device for extension)
+exten => error,n,Playback(silence/1&num-not-in-db)
+exten => error,n,Hangup()
+
+Of course there exists the possibility for a typo when retyping the pattern
+match _[3-5]XXX which will match on extensions 3000 through 5999. We can
+minimize this error by utilizing the same => prefix on all lines beyond the
+first one. Our same dialplan with using same => would look like the following:
+
+exten => _[3-5]XXX,1,Verbose(Incoming call to ${EXTEN})
+same => n,Set(DEVICE=${DB(device/mac_address/${EXTEN})})
+same => n,Set(TECHNOLOGY=${DB(device/technology/${EXTEN})})
+same => n,GotoIf($[${ISNULL(${TECHNOLOGY})} | ${ISNULL(${DEVICE})}]?error,1)
+same => n,Dial(${TECHNOLOGY}/${DEVICE},${GLOBAL(TIMEOUT)})
+same => n,Set(vmFlag=${IF($[${DIALSTATUS} = BUSY]?b:u)})
+same => n,Voicemail(${EXTEN}@${GLOBAL(VOICEMAIL_CONTEXT)},${vmFlag})
+same => n,Hangup()
+
+exten => error,1,Verbose(2,Unable to lookup technology or device for extension)
+same => n,Playback(silence/1&num-not-in-db)
+same => n,Hangup()

Propchange: team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt
------------------------------------------------------------------------------
    svn:keywords = wtf

Propchange: team/moy/mfcr2-1.4/README-SERIOUSLY.bestpractices.txt
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: team/moy/mfcr2-1.4/apps/app_chanspy.c
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/apps/app_chanspy.c?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/apps/app_chanspy.c (original)
+++ team/moy/mfcr2-1.4/apps/app_chanspy.c Wed Jun  2 13:02:38 2010
@@ -77,7 +77,7 @@
 "  Options:\n"
 "    b             - Only spy on channels involved in a bridged call.\n"
 "    g(grp)        - Match only channels where their ${SPYGROUP} variable is set to\n"
-"                    contain 'grp' in an optional : delimited list.\n"
+"                    contain 'grp'.\n"
 "    q             - Don't play a beep when beginning to spy on a channel, or speak the\n"
 "                    selected channel name.\n"
 "    r[(basename)] - Record the session to the monitor spool directory. An\n"
@@ -105,7 +105,7 @@
 "  Options:\n"
 "    b             - Only spy on channels involved in a bridged call.\n"
 "    g(grp)        - Match only channels where their ${SPYGROUP} variable is set to\n"
-"                    contain 'grp' in an optional : delimited list.\n"
+"                    contain 'grp'.\n"
 "    q             - Don't play a beep when beginning to spy on a channel, or speak the\n"
 "                    selected channel name.\n"
 "    r[(basename)] - Record the session to the monitor spool directory. An\n"

Modified: team/moy/mfcr2-1.4/apps/app_dial.c
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/apps/app_dial.c?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/apps/app_dial.c (original)
+++ team/moy/mfcr2-1.4/apps/app_dial.c Wed Jun  2 13:02:38 2010
@@ -203,10 +203,12 @@
 "           answered the call.\n"  	
 "    t    - Allow the called party to transfer the calling party by sending the\n"
 "           DTMF sequence defined in the blindxfer setting in the featuremap section\n"
-"           of features.conf.\n"
+"           of features.conf. This setting does not perform policy enforcement on\n"
+"           transfers initiated by other methods.\n"
 "    T    - Allow the calling party to transfer the called party by sending the\n"
 "           DTMF sequence defined in the blindxfer setting in the featuremap section\n"
-"           of features.conf.\n"
+"           of features.conf. This setting does not perform policy enforcement on\n"
+"           transfers initiated by other methods.\n"
 "    w    - Allow the called party to enable recording of the call by sending\n"
 "           the DTMF sequence defined in the automon setting in the featuremap section\n"
 "           of features.conf.\n"
@@ -870,12 +872,12 @@
 
 	ast_channel_lock(chan);
 	if (chan->cdr->answer.tv_sec) {
-		snprintf(buf, sizeof(buf), "%ld", end - chan->cdr->answer.tv_sec);
+		snprintf(buf, sizeof(buf), "%ld", (long) end - chan->cdr->answer.tv_sec);
 		pbx_builtin_setvar_helper(chan, "ANSWEREDTIME", buf);
 	}
 
 	if (chan->cdr->start.tv_sec) {
-		snprintf(buf, sizeof(buf), "%ld", end - chan->cdr->start.tv_sec);
+		snprintf(buf, sizeof(buf), "%ld", (long) end - chan->cdr->start.tv_sec);
 		pbx_builtin_setvar_helper(chan, "DIALEDTIME", buf);
 	}
 	ast_channel_unlock(chan);

Modified: team/moy/mfcr2-1.4/apps/app_echo.c
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/apps/app_echo.c?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/apps/app_echo.c (original)
+++ team/moy/mfcr2-1.4/apps/app_echo.c Wed Jun  2 13:02:38 2010
@@ -65,8 +65,9 @@
 
 	while (ast_waitfor(chan, -1) > -1) {
 		struct ast_frame *f = ast_read(chan);
-		if (!f)
+		if (!f) {
 			break;
+		}
 		f->delivery.tv_sec = 0;
 		f->delivery.tv_usec = 0;
 		if (ast_write(chan, f)) {

Modified: team/moy/mfcr2-1.4/apps/app_followme.c
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/apps/app_followme.c?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/apps/app_followme.c (original)
+++ team/moy/mfcr2-1.4/apps/app_followme.c Wed Jun  2 13:02:38 2010
@@ -928,12 +928,12 @@
 
 	ast_channel_lock(chan);
 	if (chan->cdr->answer.tv_sec) {
-		snprintf(buf, sizeof(buf), "%ld", end - chan->cdr->answer.tv_sec);
+		snprintf(buf, sizeof(buf), "%ld", (long) end - chan->cdr->answer.tv_sec);
 		pbx_builtin_setvar_helper(chan, "ANSWEREDTIME", buf);
 	}
 
 	if (chan->cdr->start.tv_sec) {
-		snprintf(buf, sizeof(buf), "%ld", end - chan->cdr->start.tv_sec);
+		snprintf(buf, sizeof(buf), "%ld", (long) end - chan->cdr->start.tv_sec);
 		pbx_builtin_setvar_helper(chan, "DIALEDTIME", buf);
 	}
 	ast_channel_unlock(chan);

Modified: team/moy/mfcr2-1.4/apps/app_meetme.c
URL: http://svnview.digium.com/svn/asterisk/team/moy/mfcr2-1.4/apps/app_meetme.c?view=diff&rev=267095&r1=267094&r2=267095
==============================================================================
--- team/moy/mfcr2-1.4/apps/app_meetme.c (original)
+++ team/moy/mfcr2-1.4/apps/app_meetme.c Wed Jun  2 13:02:38 2010
@@ -319,6 +319,9 @@
 #define MAX_CONFNUM 80
 #define MAX_PIN     80
 
+/* Enough space for "<conference #>,<pin>,<admin pin>" followed by a 0 byte. */
+#define MAX_SETTINGS (MAX_CONFNUM + MAX_PIN + MAX_PIN + 3)
+
 enum announcetypes {
 	CONF_HASJOIN,
 	CONF_HASLEFT
@@ -1487,6 +1490,35 @@
 	}
 
 	return (chan->_state == AST_STATE_UP);
+}
+
+static void send_talking_event(struct ast_channel *chan, struct ast_conference *conf, struct ast_conf_user *user, int talking)
+{
+	manager_event(EVENT_FLAG_CALL, "MeetmeTalking",
+	      "Channel: %s\r\n"
+	      "Uniqueid: %s\r\n"
+	      "Meetme: %s\r\n"
+	      "Usernum: %d\r\n"
+	      "Status: %s\r\n",
+	      chan->name, chan->uniqueid, conf->confno, user->user_no, talking ? "on" : "off");
+}
+
+static void set_user_talking(struct ast_channel *chan, struct ast_conference *conf, struct ast_conf_user *user, int talking, int monitor)
+{
+	int last_talking = user->talking;
+	if (last_talking == talking)
+		return;
+
+	user->talking = talking;
+
+	if (monitor) {
+		/* Check if talking state changed. Take care of -1 which means unmonitored */
+		int was_talking = (last_talking > 0);
+		int now_talking = (talking > 0);
+		if (was_talking != now_talking) {
+			send_talking_event(chan, conf, user, now_talking);
+		}
+	}
 }
 
 static int conf_run(struct ast_channel *chan, struct ast_conference *conf, int confflags, char *optargs[])
@@ -1815,7 +1847,9 @@
 		close(fd);
 		goto outrun;
 	}
-	ast_log(LOG_DEBUG, "Placed channel %s in %s conf %d\n", chan->name, dahdi_chan_name, conf->zapconf);
+	if (option_debug) {
+		ast_log(LOG_DEBUG, "Placed channel %s in %s conf %d\n", chan->name, dahdi_chan_name, conf->zapconf);
+	}
 
 	if (!sent_event) {
 		manager_event(EVENT_FLAG_CALL, "MeetmeJoin", 
@@ -1993,6 +2027,11 @@
 					break;
 				}
 
+				/* Indicate user is not talking anymore - change him to unmonitored state */
+				if ((confflags & (CONFFLAG_MONITORTALKER | CONFFLAG_OPTIMIZETALKER))) {
+					set_user_talking(chan, conf, user, -1, confflags & CONFFLAG_MONITORTALKER);
+				}
+
 				manager_event(EVENT_FLAG_CALL, "MeetmeMute", 
 						"Channel: %s\r\n"
 						"Uniqueid: %s\r\n"
@@ -2071,27 +2110,11 @@
 							user->talking = 0;
 
 						res = ast_dsp_silence(dsp, f, &totalsilence);
-						if (!user->talking && totalsilence < MEETME_DELAYDETECTTALK) {
-							user->talking = 1;
-							if (confflags & CONFFLAG_MONITORTALKER)
-								manager_event(EVENT_FLAG_CALL, "MeetmeTalking",
-								      "Channel: %s\r\n"
-								      "Uniqueid: %s\r\n"
-								      "Meetme: %s\r\n"
-								      "Usernum: %d\r\n"
-								      "Status: on\r\n",
-								      chan->name, chan->uniqueid, conf->confno, user->user_no);
+						if (totalsilence < MEETME_DELAYDETECTTALK) {
+							set_user_talking(chan, conf, user, 1, confflags & CONFFLAG_MONITORTALKER);
 						}
-						if (user->talking && totalsilence > MEETME_DELAYDETECTENDTALK) {
-							user->talking = 0;
-							if (confflags & CONFFLAG_MONITORTALKER)
-								manager_event(EVENT_FLAG_CALL, "MeetmeTalking",
-								      "Channel: %s\r\n"
-								      "Uniqueid: %s\r\n"
-								      "Meetme: %s\r\n"
-								      "Usernum: %d\r\n"
-								      "Status: off\r\n",
-								      chan->name, chan->uniqueid, conf->confno, user->user_no);
+						if (totalsilence > MEETME_DELAYDETECTENDTALK) {
+							set_user_talking(chan, conf, user, 0, confflags & CONFFLAG_MONITORTALKER);
 						}
 					}
 					if (using_pseudo) {
@@ -2545,7 +2568,6 @@
 	struct ast_config *cfg;
 	struct ast_variable *var;
 	struct ast_conference *cnf;
-	char *parse;
 	AST_DECLARE_APP_ARGS(args,
 		AST_APP_ARG(confno);
 		AST_APP_ARG(pin);
@@ -2584,13 +2606,15 @@
 				ast_log(LOG_WARNING, "No %s file :(\n", CONFIG_FILE_NAME);
 				return NULL;
 			}
+
 			for (var = ast_variable_browse(cfg, "rooms"); var; var = var->next) {
+				char parse[MAX_SETTINGS];
+
 				if (strcasecmp(var->name, "conf"))
 					continue;
-				
-				if (!(parse = ast_strdupa(var->value)))
-					return NULL;
-				
+
+				ast_copy_string(parse, var->value, sizeof(parse));
+
 				AST_NONSTANDARD_APP_ARGS(args, parse, ',');
 				if (!strcasecmp(args.confno, confno)) {
 					/* Bingo it's a valid conference */
@@ -2756,33 +2780,32 @@
 				if (cfg) {
 					var = ast_variable_browse(cfg, "rooms");
 					while (var) {
+						char parse[MAX_SETTINGS], *stringp = parse, *confno_tmp;

[... 7072 lines stripped ...]



More information about the asterisk-commits mailing list