[asterisk-commits] bebuild: tag 1.8.13.0-rc1 r365136 - /tags/1.8.13.0-rc1/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu May 3 07:50:23 CDT 2012
Author: bebuild
Date: Thu May 3 07:50:18 2012
New Revision: 365136
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=365136
Log:
Importing files for 1.8.13.0-rc1 release.
Added:
tags/1.8.13.0-rc1/.lastclean (with props)
tags/1.8.13.0-rc1/.version (with props)
tags/1.8.13.0-rc1/ChangeLog (with props)
Added: tags/1.8.13.0-rc1/.lastclean
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.13.0-rc1/.lastclean?view=auto&rev=365136
==============================================================================
--- tags/1.8.13.0-rc1/.lastclean (added)
+++ tags/1.8.13.0-rc1/.lastclean Thu May 3 07:50:18 2012
@@ -1,0 +1,3 @@
+39
+
+
Propchange: tags/1.8.13.0-rc1/.lastclean
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tags/1.8.13.0-rc1/.lastclean
------------------------------------------------------------------------------
svn:keywords = none
Propchange: tags/1.8.13.0-rc1/.lastclean
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: tags/1.8.13.0-rc1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.13.0-rc1/.version?view=auto&rev=365136
==============================================================================
--- tags/1.8.13.0-rc1/.version (added)
+++ tags/1.8.13.0-rc1/.version Thu May 3 07:50:18 2012
@@ -1,0 +1,1 @@
+1.8.13.0-rc1
Propchange: tags/1.8.13.0-rc1/.version
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: tags/1.8.13.0-rc1/.version
------------------------------------------------------------------------------
svn:keywords = none
Propchange: tags/1.8.13.0-rc1/.version
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: tags/1.8.13.0-rc1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.13.0-rc1/ChangeLog?view=auto&rev=365136
==============================================================================
--- tags/1.8.13.0-rc1/ChangeLog (added)
+++ tags/1.8.13.0-rc1/ChangeLog Thu May 3 07:50:18 2012
@@ -1,0 +1,39552 @@
+2012-05-03 Asterisk Development Team <asteriskteam at digium.com>
+
+ * Asterisk 1.8.13.0-rc1 Released.
+
+2012-05-02 17:02 +0000 [r365006-365068] Terry Wilson <twilson at digium.com>
+
+ * main/cel.c, channels/chan_local.c: Don't leak a ref if out of
+ memory and can't link the linkedid If the ao2_link fails, we are
+ most likely out of memory and bad things are going to happen.
+ Before those bad things happen, make sure to clean up the
+ linkedid references. This patch also adds a comment explaining
+ why linkedid can't be passed to both local channel allocations
+ and combines two ao2_ref calls into 1. Review:
+ https://reviewboard.asterisk.org/r/1895/
+
+ * main/cel.c, channels/chan_local.c: Fix a CEL LINKEDID_END race
+ and local channel linkedids This patch has the ;2 channel inherit
+ the linkedid of the ;1 channel and fixes the race condition by no
+ longer scanning the channel list for "other" channels with the
+ same linkedid. Instead, cel.c has an ao2 container of linkedid
+ strings and uses the refcount of the string as a counter of how
+ many channels with the linkedid exist. Not only does this
+ eliminate the race condition, but it also allows us to look up
+ the linkedid by the hashed key instead of traversing the entire
+ channel list. Review: https://reviewboard.asterisk.org/r/1895/
+
+2012-05-01 23:11 +0000 [r364902] Richard Mudgett <rmudgett at digium.com>
+
+ * main/astobj2.c: Fixed __ao2_ref() validating user_data twice.
+ (closes issue ASTERISK-19755) Reported by: Gunther Kelleter
+ Patches: ao2_ref.patch (license #6372) patch uploaded by Gunther
+ Kelleter
+
+2012-05-01 23:08 +0000 [r364899] Mark Michelson <mmichelson at digium.com>
+
+ * funcs/func_volume.c: Fix Coverity-reported ARRAY_VS_SINGLETON
+ error. As it turned out, this wasn't a huge deal. We were calling
+ ast_app_parse_options() for a set of options of which none took
+ arguments. The proper thing to do for this case is to pass NULL
+ for the "args" parameter here. We were instead passing a
+ seemingly-randomly chosen char * from the function. While this
+ would never get written to, you can rest assured things would
+ have gotten bad had new options (which took arguments) been added
+ to func_volume. (closes issue ASTERISK-19656)
+
+2012-05-01 21:37 +0000 [r364841] Jason Parker <jparker at digium.com>
+
+ * main/manager.c: Prevent a potential crash when using manager
+ hooks. Found by me while poking at DPMA-127.
+
+2012-05-01 21:36 +0000 [r364840] Richard Mudgett <rmudgett at digium.com>
+
+ * channels/chan_local.c: * Fix error path resouce leak in
+ local_request(). * Restructure local_request() to reduce
+ indentation.
+
+2012-05-01 19:03 +0000 [r364786] Kinsey Moore <kmoore at digium.com>
+
+ * apps/app_confbridge.c: Play conf-placeintoconf message to the
+ correct channel Correct the code in app_confbridge to play the
+ conf-placeintoconf message to the marked user entering the bridge
+ instead of to the conference while the marked user hears silence.
+ (closes issue ASTERISK-19641) Reported-by: Mark A Walters
+
+2012-05-01 18:16 +0000 [r364769] Jonathan Rose <jrose at digium.com>
+
+ * main/app.c: Fix bad check in voicemail functions for
+ ast_inboxcount2_func Check looks for ast_inboxcount_func instead
+ of ast_inboxcount2_func on ast_inboxcount2_func calls. (closes
+ issue ASTERISK-19718) Reported by: Corey Farrell Patches:
+ ast_app_inboxcount2-null-refcheck.patch uploaded by Corey Farrell
+ (license 5909)
+
+2012-04-30 19:39 +0000 [r364706] Mark Michelson <mmichelson at digium.com>
+
+ * channels/chan_sip.c: Revert improved identities sent in
+ dialog-info NOTIFY requests in r360862 Revision 360862 was
+ intended to improve identities sent in dialog-info NOTIFY
+ requests. Some users reported that hint became broken once this
+ was done. It's not clear exactly what part of the patch has
+ caused this regression, but broken hints are bad. For now, this
+ revision is being reverted so that the next releases of Asterisk
+ do not have bad behavior in them. The original reported issue
+ will have to be fixed differently in the next version of
+ Asterisk. (issue ASTERISK-16735)
+
+2012-04-30 16:37 +0000 [r364649] Alexandr Anikin <may at telecom-service.ru>
+
+ * addons/ooh323cDriver.c: Fix use freed pointer in return value
+ from call thread (issue ASTERISK-19663) Reported by: Matt Jordan
+ Patches: ASTERISK-19663-ooh323.patch (License #5415)
+
+2012-04-30 15:51 +0000 [r364635] Mark Murawki <markm at intellasoft.net>
+
+ * main/logger.c: Sanatize result from bfd_find_nearest_line
+ (BETTER_BACKTRACES) bfd_find_nearest_line can possibly set file
+ to null resulting in a crash when strrchr(file) runs (closes
+ issue ASTERISK-19815) Reported by Mark Murawski Tested by Mark
+ Murawski
+
+2012-04-29 19:31 +0000 [r364578] Matthew Jordan <mjordan at digium.com>
+
+ * formats/format_g723.c, formats/format_h263.c,
+ formats/format_h264.c, formats/format_sln16.c,
+ formats/format_wav_gsm.c, formats/format_siren14.c,
+ formats/format_gsm.c, formats/format_g719.c,
+ formats/format_siren7.c, formats/format_g729.c,
+ formats/format_ilbc.c, formats/format_sln.c,
+ formats/format_vox.c, formats/format_wav.c, formats/format_pcm.c:
+ Fix error that caused truncate operations to fail Another very
+ inappropriate placement of a ')' (again introduced in r362151)
+ caused the various truncate operations to attempt to truncate the
+ sound file at a position of '0'. (issue ASTERISK-19655) Reported
+ by: Matt Jordan (issue ASTERISK-19810) Reported by: colbec
+
+2012-04-27 21:48 +0000 [r364341] Mark Michelson <mmichelson at digium.com>
+
+ * channels/chan_sip.c: Don't attempt to make use of the
+ dynamic_exclude_static ACL if DNS lookup fails. (closes issue
+ ASTERISK-18321) Reported by Dan Lukes Patches:
+ ASTERISK-18321.patch by Mark Michelson (license #5049)
+
+2012-04-27 21:45 +0000 [r364340] Terry Wilson <twilson at digium.com>
+
+ * tests/test_config.c (added), main/config.c: Fix ast_parse_arg
+ numeric type range checking and add tests ast_parse_arg wasn't
+ checking for strto* parse errors or limiting the results by the
+ actual range of the numeric types. This patch fixes that and adds
+ unit tests as well. Review:
+ https://reviewboard.asterisk.org/r/1879/
+
+2012-04-27 19:26 +0000 [r364277] Matthew Jordan <mjordan at digium.com>
+
+ * include/asterisk/time.h: Prevent overflow in calculation in
+ ast_tvdiff_ms on 32-bit machines The method ast_tvdiff_ms
+ attempts to calculate the difference, in milliseconds, between
+ two timeval structs, and return the difference in a 64-bit
+ integer. Unfortunately, it assumes that the long tv_sec/tv_usec
+ members in the timeval struct are large enough to hold the
+ calculated values before it returns. On 64-bit machines, this
+ might be the case, as a long may be 64-bits. On 32-bit machines,
+ however, a long may be less (32-bits), in which case, the
+ calculation can overflow. This overflow caused significant
+ problems in MixMonitor, which uses the method to determine if an
+ audio factory, which has not presented audio to an audiohook, is
+ merely late in providing said audio or will never provide audio.
+ In an overflow situation, the audiohook would incorrectly
+ determine that an audio factory that will never provide audio is
+ merely late instead. This led to situations where a MixMonitor
+ never recorded any audio. Note that this happened most frequently
+ when that MixMonitor was started by the ConfBridge application
+ itself, or when the MixMonitor was attached to a Local channel.
+ (issue ASTERISK-19497) Reported by: Ben Klang Tested by: Ben
+ Klang Patches: 32-bit-time-overflow-10-2012-04-26.diff (license
+ #6283) by mjordan (closes issue ASTERISK-19727) Reported by: Mark
+ Murawski Tested by: Michael L. Young Patches:
+ 32-bit-time-overflow-2012-04-27.diff (license #6283) by mjordan)
+ (closes issue ASTERISK-19471) Reported by: feyfre Tested by:
+ feyfre (issue ASTERISK-19426) Reported by: Johan Wilfer Review:
+ https://reviewboard.asterisk.org/r/1889/
+
+2012-04-27 18:57 +0000 [r364258] Kinsey Moore <kmoore at digium.com>
+
+ * channels/chan_sip.c: Allow SIP pvts involved in Replaces
+ transfers to fall out of reference sooner Unref the SIP pvt
+ stored in the refer structure as soon as it is no longer needed
+ so that the pvt and associated file descriptors can be freed
+ sooner. This change makes a reference decrement unnecessary in
+ code that handles SIP BYE/Also transfers which should not touch
+ the reference anyway. (related to issue ASTERISK-19579)
+
+2012-04-27 14:42 +0000 [r364203] Matthew Jordan <mjordan at digium.com>
+
+ * channels/chan_sip.c: Allow for reloading SRTP crypto keys within
+ the same SIP dialog As a continuation of the patch in r356604,
+ which allowed for the reloading of SRTP keys in re-INVITE
+ transfer scenarios, this patch addresses the more common case
+ where a new key is requested within the context of a current SIP
+ dialog. This can occur, for example, when certain phones request
+ a SIP hold. Previously, once a dialog was associated with an SRTP
+ object, any subsequent attempt to process crypto keys in any SDP
+ offer - either the current one or a new offer in a new SIP
+ request - were ignored. This patch changes this behavior to only
+ ignore subsequent crypto keys within the current SDP offer, but
+ allows future SDP offers to change the keys. (issue
+ ASTERISK-19253) Reported by: Thomas Arimont Tested by: Thomas
+ Arimont Review: https://reviewboard.asteriskorg/r/1885/
+
+2012-04-26 21:10 +0000 [r364060-364108] Richard Mudgett <rmudgett at digium.com>
+
+ * apps/app_directed_pickup.c: Update Pickup application
+ documentation. (With feeling this time.)
+
+ * main/features.c: Fix DTMF atxfer running h exten after the wrong
+ bridge ends. When party B does an attended transfer of party A to
+ party C, the attending bridge between party B and C should not be
+ running an h exten when the bridge ends. Running an h exten now
+ sets a softhangup flag to ensure that an AGI will run in dead AGI
+ mode. * Set the AST_FLAG_BRIDGE_HANGUP_DONT on the party B
+ channel for the attending bridge between party B and C. (closes
+ issue AST-870) (closes issue ASTERISK-19717) Reported by: Mario
+ (closes issue ASTERISK-19633) Reported by: Andrey Solovyev
+ Patches: jira_asterisk_19633_v1.8.patch (license #5621) patch
+ uploaded by rmudgett Tested by: rmudgett, Andrey Solovyev, Mario
+
+2012-04-26 19:24 +0000 [r364046] Terry Wilson <twilson at digium.com>
+
+ * main/asterisk.c: Add more constness to the end_buf pointer in the
+ netconsole issue ASTERISK-18308 Review:
+ https://reviewboard.asterisk.org/r/1876/
+
+2012-04-26 13:24 +0000 [r363986] Kinsey Moore <kmoore at digium.com>
+
+ * channels/chan_sip.c: Fix reference leaks involving SIP Replaces
+ transfers The reference held for SIP blind transfers using the
+ Replaces header in an INVITE was never freed on success and also
+ failed to be freed in some error conditions. This caused a file
+ descriptor leak since the RTP structures in use at the time of
+ the transfer were never freed. This reference leak and another
+ relating to subscriptions in the same code path have now been
+ corrected. (closes issue ASTERISK-19579)
+
+2012-04-26 09:44 +0000 [r363934] Alec L Davis <sivad.a at paradise.net.nz>
+
+ * channels/chan_sip.c: chan_sip: [general] maxforwards, not checked
+ for a value greater than 255 The peer maxforwards is checked for
+ both '< 1' and '> 255', but the default 'maxforwards' in the
+ [general] section is only checked for '< 1' alecdavis (license
+ 585) Reported by: alecdavis Tested by: alecdavis Review:
+ https://reviewboard.asterisk.org/r/1888/
+
+2012-04-26 03:11 +0000 [r363375-363875] Richard Mudgett <rmudgett at digium.com>
+
+ * apps/app_directed_pickup.c: Update Pickup application
+ documentation. (Even better)
+
+ * apps/app_directed_pickup.c: Update Pickup application
+ documentation.
+
+ * channels/sig_pri.c, channels/chan_dahdi.c: Make
+ DAHDISendCallreroutingFacility wait 5 seconds for a reply before
+ disconnecting the call. Some switches may not handle the
+ call-deflection/call-rerouting message if the call is
+ disconnected too soon after being sent. Asteisk was not waiting
+ for any reply before disconnecting the call. * Added a 5 second
+ delay before disconnecting the call to wait for a potential
+ response if the peer does not disconnect first. (closes issue
+ ASTERISK-19708) Reported by: mehdi Shirazi Patches:
+ jira_asterisk_19708_v1.8.patch (license #5621) patch uploaded by
+ rmudgett Tested by: rmudgett
+
+ * channels/sig_pri.c, channels/sig_pri.h, channels/chan_dahdi.c:
+ Clear ISDN channel resetting state if the peer continues to use
+ it. Some ISDN switches occasionally fail to send a RESTART
+ ACKNOWLEDGE in response to a RESTART request. * Made the second
+ SETUP received after sending a RESTART request clear the channel
+ resetting state as if the peer had sent the expected RESTART
+ ACKNOWLEDGE before continuing to process the SETUP. The peer may
+ not be sending the expected RESTART ACKNOWLEDGE. (issue
+ ASTERISK-19608) (issue AST-844) (issue AST-815) Patches:
+ jira_ast_815_v1.8.patch (license #5621) patch uploaded by
+ rmudgett (modified)
+
+ * main/features.c: Fix recalled party B feature flags for a failed
+ DTMF atxfer. 1) B calls A with Dial option T 2) B DTMF atxfer to
+ C 3) B hangs up 4) C does not answer 5) B is called back 6) B
+ answers 7) B cannot initiate transfers anymore * Add dial
+ features datastore to recalled party B channel that is a copy of
+ the original party B channel's dial features datastore. *
+ Extracted add_features_datastore() from
+ add_features_datastores(). * Renamed struct ast_dial_features
+ features_caller and features_callee members to my_features and
+ peer_features respectively. These better names eliminate the need
+ for some explanatory comments. * Simplified code accessing the
+ struct ast_dial_features datastore. (closes issue ASTERISK-19383)
+ Reported by: lgfsantos
+
+ * main/features.c: Hangup affected channel in error paths of
+ bridge_call_thread().
+
+2012-04-23 16:02 +0000 [r363209] Tilghman Lesher <tilghman at meg.abyt.es>
+
+ * main/astfd.c: On some platforms, O_RDONLY is not a flag to be
+ checked, but merely the absence of O_RDWR and O_WRONLY. The POSIX
+ specification does not mandate how these 3 flags must be
+ specified, only that one of the three must be specified in every
+ call.
+
+2012-04-23 14:33 +0000 [r363141] Jonathan Rose <jrose at digium.com>
+
+ * main/manager.c, /: AST-2012-004: Fix an error that allows AMI
+ users to run shell commands sans authorization. As detailed in
+ the advisory, AMI users without write authorization for SYSTEM
+ class AMI actions were able to run system commands by going
+ through other AMI commands which did not require that
+ authorization. Specifically, GetVar and Status allowed users to
+ do this by setting their variable/s options to the SHELL or EVAL
+ functions. Also, within 1.8, 10, and trunk there was a similar
+ flaw with the Originate action that allowed users with originate
+ permission to run MixMonitor and supply a shell command in the
+ Data argument. That flaw is fixed in those versions of this
+ patch. (closes issue ASTERISK-17465) Reported By: David Woolley
+ Patches: 162_ami_readfunc_security_r2.diff uploaded by jrose
+ (license 6182) 18_ami_readfunc_security_r2.diff uploaded by jrose
+ (license 6182) 10_ami_readfunc_security_r2.diff uploaded by jrose
+ (license 6182) ........ Merged revisions 363117 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.6.2
+
+2012-04-23 14:05 +0000 [r363102-363106] Matthew Jordan <mjordan at digium.com>
+
+ * channels/chan_sip.c: AST-2012-006: Fix crash in UPDATE handling
+ when no channel owner exists If Asterisk receives a SIP UPDATE
+ request after a call has been terminated and the channel has been
+ destroyed but before the SIP dialog has been destroyed, a
+ condition exists where a connected line update would be attempted
+ on a non-existing channel. This would cause Asterisk to crash.
+ The patch resolves this by first ensuring that the SIP dialog has
+ an owning channel before attempting a connected line update. If
+ an UPDATE request is received and no channel is associated with
+ the dialog, a 481 response is sent. (closes issue ASTERISK-19770)
+ Reported by: Thomas Arimont Tested by: Matt Jordan Patches:
+ ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license
+ 6283)
+
+ * /, channels/chan_skinny.c: AST-2012-005: Fix remotely exploitable
+ heap overflow in keypad button handling When handling a keypad
+ button message event, the received digit is placed into a fixed
+ length buffer that acts as a queue. When a new message event is
+ received, the length of that buffer is not checked before placing
+ the new digit on the end of the queue. The situation exists where
+ sufficient keypad button message events would occur that would
+ cause the buffer to be overrun. This patch explicitly checks that
+ there is sufficient room in the buffer before appending a new
+ digit. (closes issue ASTERISK-19592) Reported by: Russell Bryant
+ ........ Merged revisions 363100 from
+ http://svn.asterisk.org/svn/asterisk/branches/1.6.2
+
+2012-04-21 01:44 +0000 [r362997] Richard Mudgett <rmudgett at digium.com>
+
+ * apps/app_dial.c: Update app_dial M and U option GOTO return value
+ documentation.
+
+2012-04-20 16:09 +0000 [r362815-362868] Terry Wilson <twilson at digium.com>
+
+ * main/asterisk.c: OpenBSD doesn't have rawmemchr, use strchr
+ (closes issue ASTERISK-19758) Reported by: Barry Miller Tested
+ by: Terry Wilson Patches: 362758-diff uploaded by Barry Miller
+ (license 5434)
+
+ * apps/app_speech_utils.c: Document Speech* apps hangup on failure
+ and suggest TryExec The Speech API apps return -1 on failure,
+ which will hang up the channel. This may not be desirable
+ behavior for some, but it isn't something that can be changed
+ without breaking people's dialplans or writing an option to all
+ of the Speech apps that does what TryExec already does. This
+ patch documents the hangup behavior of the apps, and suggests
+ TryExec as the solution. (closes issue AST-813)
+
+2012-04-19 21:58 +0000 [r362729] Walter Doekes <walter+asterisk at wjd.nu>
+
+ * funcs/func_version.c: Fix documentation for
+ ${VERSION(ASTERISK_VERSION_NUM)}.
+
+2012-04-19 21:05 +0000 [r362680] Michael L. Young <elgueromexicano at gmail.com>
+
+ * tests/test_linkedlists.c, tests/test_poll.c: Add leading and
+ trailing backslashes A couple of unit tests did not have have
+ leading or trailing backslashes when setting their test category
+ resulting in a warning message being displayed. Added the
+ backslash where needed.
+
+2012-04-19 20:59 +0000 [r362677] Richard Mudgett <rmudgett at digium.com>
+
+ * configs/queues.conf.sample: Update membermacro and membergosub
+ documentation in queues.conf.sample.
+
+2012-04-19 15:53 +0000 [r362586] Sean Bright <sean at malleable.com>
+
+ * apps/app_externalivr.c: Prevent a crash in ExternalIVR when the
+ 'S' command is sent first. If the first command sent from an
+ ExternalIVR client is an 'S' command, we were blindly removing
+ the first element from the play list and deferencing it, even if
+ it was NULL. This corrects that and also locks appropriately in
+ one place. (issue ASTERISK-17889) Reported by: Chris Maciejewski
+
+2012-04-19 14:26 +0000 [r362536] Terry Wilson <twilson at digium.com>
+
+ * main/asterisk.c: Handle multiple commands per connection via
+ netconsole Asterisk would accept multiple NULL-delimited CLI
+ commands via the netconsole socket, but would occasionally miss a
+ command due to the command not being completely read into the
+ buffer. This patch ensures that any partial commands get moved to
+ the front of the read buffer, appended to, and properly sent.
+ (closes issue ASTERISK-18308) Review:
+ https://reviewboard.asterisk.org/r/1876/
+
+2012-04-19 02:08 +0000 [r362485] Matthew Jordan <mjordan at digium.com>
+
+ * apps/app_sms.c, main/stdtime/localtime.c, utils/extconf.c,
+ addons/chan_mobile.c, main/asterisk.c, channels/chan_unistim.c,
+ main/frame.c, main/tdd.c, main/jitterbuf.c: Fix a variety of
+ potential buffer overflows * chan_mobile: Fixed an overrun where
+ the cind_state buffer (an integer array of size 16) would be
+ overrun due to improper bounds checking. At worst, the buffer can
+ be overrun by a total of 48 bytes (assuming 4-byte integers),
+ which would still leave it within the allocated memory of struct
+ hfp. This would corrupt other elements in that struct but not
+ necessarily cause any further issues. * app_sms: The array imsg
+ is of size 250, while the array (ud) that the data is copied into
+ is of size 160. If the size of the inbound message is greater
+ then 160, up to 90 bytes could be overrun in ud. This would
+ corrupt the user data header (array udh) adjacent to ud. *
+ chan_unistim: A number of invalid memmoves are corrected. These
+ would move data (which may or may not be valid) into the ends of
+ these buffers. * asterisk: ast_console_toggle_loglevel does not
+ check that the console log level being set is less then or equal
+ to the allowed log levels of 32. * frame: In
+ ast_codec_pref_prepend, if any occurrence of the specified codec
+ is not found, the value used to index into the array pref->order
+ would be one greater then the maximum size of the array. *
+ jitterbuf: If the element being placed into the jitter buffer
+ lands in the last available slot in the jitter history buffer,
+ the insertion sort attempts to move the last entry in the buffer
+ into one slot past the maximum length of the buffer. Note that
+ this occurred for both the min and max jitter history buffers. *
+ tdd: If a read from fsk_serial returns a character that is
+ greater then 32, an attempt to read past one of the statically
+ defined arrays containing the values that character maps to would
+ occur. * localtime: struct ast_time and tm are not the same size
+ - ast_time is larger, although it contains the elements of tm
+ within it in the same layout. Hence, when using memcpy to copy
+ the contents of tm into ast_time, the size of tm should be used,
+ as opposed to the size of ast_time. * extconf: this treats
+ ast_timing's minmask array as if it had a length of 48, when it
+ has defined the size of the array as 24. pbx.h defines minmask as
+ having a size of 48. (issue ASTERISK-19668) Reported by: Matt
+ Jordan
+
+2012-04-18 16:20 +0000 [r362428] Richard Mudgett <rmudgett at digium.com>
+
+ * channels/sig_pri.c, channels/sig_pri.h, channels/chan_dahdi.c,
+ configs/chan_dahdi.conf.sample: Add ability to ignore layer 1
+ alarms for BRI PTMP lines. Several telcos bring the BRI PTMP
+ layer 1 down when the line is idle. When layer 1 goes down,
+ Asterisk cannot make outgoing calls. Incoming calls could fail as
+ well because the alarm processing is handled by a different code
+ path than the Q.931 messages. * Add the layer1_presence
+ configuration option to ignore layer 1 alarms when the telco
+ brings layer 1 down. This option can be configured by span while
+ the similar DAHDI driver teignorered=1 option is system wide.
+ This option unlike layer2_persistence does not require libpri
+ v1.4.13 or newer. Related to JIRA AST-598 JIRA ABE-2845
+
+2012-04-17 21:18 +0000 [r362355-362368] Matthew Jordan <mjordan at digium.com>
+
+ * main/frame.c: Handle case where an unknown format is used to get
+ the preferred codec size In ast_codec_pref_getsize, if an unknown
+ format is passed to the method, no preferred codec will be
+ selected and a negative number will be used to index into the
+ format list. The method now logs an unknown format as a warning,
+ and returns an empty format list. (issue ASTERISK-19655) Reported
+ by: Matt Jordan Review: https://reviewboard.asterisk.org/r/1863/
+
+ * res/res_musiconhold.c, res/res_rtp_asterisk.c, res/res_agi.c: Fix
+ places in resources where a negative return value could impact
+ execution This patch addresses a number of modules in resources
+ that did not handle the negative return value from function calls
+ adequately. This includes: * res_agi.c: if the result of the read
+ function is a negative number, indicating some failure, the
+ result would instead be treated as the number of bytes read. This
+ patch now treats negative results in the same manner as an end of
+ file condition, with the exception that it also logs the error
+ code indicated by the return. * res_musiconhold.c: if spawn_mp3
+ fails to assign a file descriptor to srcfd, and instead assigns a
+ negative value, that file descriptor could later be passed to
+ functions that require a valid file descriptor. If spawn_mp3
+ fails, we now immediately retry instead of continuing in the
+ logic. * res_rtp_asterisk.c: if no codec can be matched between
+ two RTP instances in a peer to peer bridge, we immediately return
+ instead of attempting to use the codec payload type as an index
+ to determine the appropriate negotiated codec. (issue
+ ASTERISK-19655) Reported by: Matt Jordan Review:
+ https://reviewboard.asterisk.org/r/1863/
+
+ * main/asterisk.c, main/manager.c, main/translate.c: Fix places in
+ main where a negative return value could impact execution This
+ patch addresses a number of modules in main that did not handle
+ the negative return value from function calls adequately, or were
+ not sufficiently clear that the conditions leading to improper
+ handling of the return values could not occur. This includes: *
+ asterisk.c: A negative return value from the read function would
+ be used directly as an index into a buffer. We now check for
+ success of the read function prior to using its result as an
+ index. * manager.c: Check for failures in mkstemp and lseek when
+ handling the temporary file created for processing data returned
+ from a CLI command in action_command. Also check that the result
+ of an lseek is sanitized prior to using it as the size of a
+ memory map to allocate. * translate.c: Note in the appropriate
+ locations where powerof cannot return a negative value, due to
+ proper checks placed on the inputs to that function. (issue
+ ASTERISK-19655) Reported by: Matt Jordan Review:
+ https://reviewboard.asterisk.org/r/1863/
+
+ * funcs/func_env.c: Fix places where a negative return from ftello
+ could be used as invalid input In a variety of locations in both
+ reading and writing a file, the result from the C library
+ function ftello is used as input to other functions. For the
+ parameters and functions in question, a negative value is invalid
+ input. This patch checks the return value from the ftello
+ function to determine if we were able to determine the current
+ position in the file stream and, if not, fail gracefully. (issue
+ ASTERISK-19655) Reported by: Matt Jordan Review:
+ https://reviewboard.asterisk.org/r/1863/
+
+2012-04-17 20:43 +0000 [r362354] Jonathan Rose <jrose at digium.com>
+
+ * main/utils.c, res/res_config_curl.c, res/res_config_pgsql.c,
+ res/res_config_odbc.c: Make use of va_args more appropriate to
+ form in various res_config modules plus utils. A number of
+ va_copy operations weren't matched with a corresponding va_end in
+ res_config_odbc. Also, there was a potential for va_end to be
+ invoked twice on the same va_arg in utils, which would mean
+ invoking va_end on an undefined variable... which is bad. va_end
+ is removed from various functions in config_pgsql and config_curl
+ since they aren't making their own copy. The invokers of those
+ functions are responsible for calling va_end on them. (issue
+ ASTERISK-19451) Reported by: Walter Doekes Review:
+ https://reviewboard.asterisk.org/r/1848/
+
+2012-04-17 18:25 +0000 [r362304] Matthew Jordan <mjordan at digium.com>
+
+ * formats/format_sln16.c, formats/format_wav_gsm.c,
+ formats/format_siren14.c, formats/format_gsm.c,
+ formats/format_g719.c, formats/format_siren7.c,
+ formats/format_sln.c, formats/format_vox.c, formats/format_wav.c,
+ formats/format_pcm.c: Fix error that caused seek format
+ operations to set max file size to '1' or '0' A very
+ inappropriate placement of a ')' (introduced in r362151) caused
+ the maximum size of a file to be set as the result of a
+ comparison operation, as opposed to the result of the ftello
+ operation. This resulted in seeking being restricted to the
+ beginning of the file, or 1 byte into the file. Thanks to the
+ Asterisk Test Suite for properly freaking out about this on at
+ least one test. (issue ASTERISK-19655) Reported by: Matt Jordan
+
+2012-04-17 02:37 +0000 [r362253] Michael L. Young <elgueromexicano at gmail.com>
+
+ * channels/chan_sip.c: Turn off warning message when bind address
+ is set to any. When a bind address is set to an ANY address
+ (udpbindport=::), a warning message is displayed stating that
+ "Address remapping activated in sip.conf but we're using IPv6,
+ which doesn't need it. Please remove 'localnet' and/or
+ 'externaddr' settings." But if one is running dual stack, we
+ shouldn't be told to turn those settings off. This patch checks
+ if the bind address is an ANY address or not. The warning message
+ will now only be displayed if the bind address is NOT an ANY
+ address and IPv6 is being used. Also, updated the copyright year.
+ (closes issue ASTERISK-19456) Reported by: Michael L. Young
+ Tested by: Michael L. Young Patches: chan_sip_ipv6_message.diff
+ uploaded by Michael L. Young (license 5026)
+
+2012-04-16 21:56 +0000 [r362151-362204] Matthew Jordan <mjordan at digium.com>
+
+ * channels/chan_dahdi.c, channels/chan_agent.c: Fix negative return
+ handling in channel drivers In chan_agent, while handling a
+ channel indicate, the agent channel driver must obtain a lock on
+ both the agent channel, as well as the channel the agent channel
+ is using. To do so, it attempts to lock the other channel first,
+ then unlock the agent channel which is locked prior to entry into
+ the indicate handler. If this unlock fails with a negative return
+ value, which can occur if the object passed to agent_indicate is
+ an invalid ao2 object or is NULL, the return value is passed
+ directly to strerror, which can only accept positive integer
+ values. In chan_dahdi, the return value of dahdi_get_index is
+ used to directly index into the sub-channel array. If
+ dahd_get_index returns a negative value, it would use that value
+ to index into the array, which could cause an invalid memory
+ access. If dahdi_get_index returns a negative number, we now
+ default to SUB_REAL. (issue ASTERISK-19655) Reported by: Matt
+ Jordan Review: https://reviewboard.asterisk.org/r/1863/
+
+ * apps/app_voicemail.c: Fix handling of negative return code when
+ storing voicemails in ODBC storage When storing a voicemail
+ message using an ODBC connection to a database, the voicemail
+ message is first stored on disk. The sound file associated with
+ the message is read into memory before being transmitted to the
+ database. When this occurs, a failure in the C library's lseek
+ function would cause a negative value to be passed to the mmap as
+ the size of the memory map to create. This would almost certainly
+ cause the creation of the memory map to fail, resulting in the
+ message being lost. (issue ASTERISK-19655) Reported by: Matt
+ Jordan Review: https://reviewboard.asterisk.org/r/1863
+
+ * formats/format_g723.c, formats/format_h263.c,
+ formats/format_h264.c, formats/format_sln16.c,
+ formats/format_wav_gsm.c, formats/format_siren14.c,
+ formats/format_gsm.c, formats/format_g719.c,
+ formats/format_siren7.c, formats/format_g729.c,
+ formats/format_ilbc.c, formats/format_sln.c,
+ formats/format_vox.c, formats/format_wav.c, formats/format_pcm.c:
+ Check for IO stream failures in various format's truncate/seek
+ operations For the formats that support seek and/or truncate
+ operations, many of the C library calls used to determine or set
+ the current position indicator in the file stream were not being
+ checked. In some situations, if an error occurred, a negative
+ value would be returned from the library call. This could then be
+ interpreted inappropriately as positional data. This patch checks
+ the return values from these library calls before using them in
+ subsequent operations. (issue ASTERISK-19655) Reported by: Matt
+ Jordan Review: https://reviewboard.asterisk.org/r/1863/
+
+2012-04-13 15:54 +0000 [r362079-362082] Jonathan Rose <jrose at digium.com>
+
+ * apps/app_forkcdr.c: Make ForkCDR e option not set end time of the
+ newly forked CDR log Prior to this patch, ForkCDR's e option
+ would immediately set the end time of the forked CDR to that of
+ the CDR that is being terminated. This resulted in the new CDR's
+ end time being roughly the same as it's beginning time (which is
+ in turn roughly the same as the original's end time). (closes
+ issue ASTERISK-19164) Reported by: Steve Davies Patches:
+ cdr_fork_end.v10.patch uploaded by Steve Davies (license 5012)
+
+ * apps/app_meetme.c: Send relative path named recordings to the
+ meetme directory instead of sounds Prior to this patch, no effort
+ was made to parse the path name to determine a proper destination
+ for recordings of MeetMe's r option. This fixes that. Review:
+ https://reviewboard.asterisk.org/r/1846/
+
+2012-04-12 16:18 +0000 [r361955-361972] Kinsey Moore <kmoore at digium.com>
+
+ * channels/chan_iax2.c: Make trunkfreq take effect when set
+ Previously, setting trunkfreq had no effect on initial load or on
+ reload and only ever used the default value. This causes
+ trunkfreq to be used appropriately on initial load and reload.
+ (closes issue ASTERISK-19521) Patch-by: Jaco Kroon
+
+ * Makefile.rules, makeopts.in, codecs/lpc10/Makefile, Makefile,
+ build_tools/cflags.xml, build_tools/menuselect-deps.in,
+ codecs/gsm/src/k6opt.s, configure, codecs/gsm/Makefile,
+ configure.ac: Simplify build system architecture optimization
+ This change to the build system rips out any usage of PROC along
+ with architecture-specific optimizations in favor of using
+ -march=native where it is supported. This fixes broken builds on
+ 64bit Intel systems and results in better optimized code on
+ systems running GCC 4.2+. Review:
+ https://reviewboard.asterisk.org/r/1852/ (closes issue
+ ASTERISK-19462)
+
+2012-04-10 21:43 +0000 [r361854] Richard Mudgett <rmudgett at digium.com>
+
+ * channels/chan_dahdi.c: Prevent invalid access of free'd memory if
+ DAHDI channel during an MWI event In the MWI processing loop,
+ when a valid event occurs the temporary caller ID information is
+ deallocated. If a new DAHDI channel is successfully created, the
+ event is passed up to the analog_ss_thread without error and the
+ loop exits. If, however, the DAHDI channel is not created, then
+ the caller ID struct has been free'd, and the gains reset to
+ their previous level. This will almost certainly cause an invalid
+ access to the free'd memory, either in subsequent calls to
+ callerid_free or calls to callerid_feed. * Rework the -r361705
+ patch to better manage the cs and mtd allocated resources. *
+ Fixed use of mwimonitoractive flag to be correct if the
+ mwi_thread() fails to start.
+
+2012-04-10 19:57 +0000 [r361657-361803] Matthew Jordan <mjordan at digium.com>
+
+ * main/http.c: Fix crash caused by unloading or reloading of
+ res_http_post When unlinking itself from the registered HTTP
+ URIs, res_http_post could inadvertently free all URIs registered
+ with the HTTP server. This patch modifies the unregister method
+ to only free the URI that is actually being unregistered, as
+ opposed to all of them.
+
+ * funcs/func_curl.c: Allow func_curl to exit gracefully if list
+ allocation fails during write If the global_curl_info data
+ structure could not be allocated, the datastore associated with
+ the operation would be free'd, but the function would not return.
+ This would later dereference the datastore, almost certainly
+ causing Asterisk to crash. With this patch, if the data structure
+ is not allocated the method will return an error code, and not
+ attempt any further operation.
+
+ * channels/chan_dahdi.c: Prevent invalid access of free'd memory if
+ DAHDI channel during an MWI event In the MWI processing loop,
+ when a valid event occurs the temporary caller ID information is
+ deallocated. If a new DAHDI channel is successfully created, the
+ event is passed up to the analog_ss_thread without error and the
+ loop exits. If, however, the DAHDI channel is not created, then
+ the caller ID struct has been free'd, and the gains reset to
+ their previous level. This will almost certainly cause an invalid
+ access to the free'd memory, either in subsequent calls to
+ callerid_free or calls to callerid_feed. This patch makes it so
+ that we only free the caller ID structure if a DAHDI channel is
[... 38872 lines stripped ...]
More information about the asterisk-commits
mailing list