[asterisk-commits] bebuild: tag 1.8.17.0-rc1 r373016 - /tags/1.8.17.0-rc1/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Sep 13 13:09:51 CDT 2012


Author: bebuild
Date: Thu Sep 13 13:09:46 2012
New Revision: 373016

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=373016
Log:
Importing files for 1.8.17.0-rc1 release.

Added:
    tags/1.8.17.0-rc1/.lastclean   (with props)
    tags/1.8.17.0-rc1/.version   (with props)
    tags/1.8.17.0-rc1/ChangeLog   (with props)

Added: tags/1.8.17.0-rc1/.lastclean
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.17.0-rc1/.lastclean?view=auto&rev=373016
==============================================================================
--- tags/1.8.17.0-rc1/.lastclean (added)
+++ tags/1.8.17.0-rc1/.lastclean Thu Sep 13 13:09:46 2012
@@ -1,0 +1,3 @@
+39
+
+

Propchange: tags/1.8.17.0-rc1/.lastclean
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: tags/1.8.17.0-rc1/.lastclean
------------------------------------------------------------------------------
    svn:keywords = none

Propchange: tags/1.8.17.0-rc1/.lastclean
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: tags/1.8.17.0-rc1/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.17.0-rc1/.version?view=auto&rev=373016
==============================================================================
--- tags/1.8.17.0-rc1/.version (added)
+++ tags/1.8.17.0-rc1/.version Thu Sep 13 13:09:46 2012
@@ -1,0 +1,1 @@
+1.8.17.0-rc1

Propchange: tags/1.8.17.0-rc1/.version
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: tags/1.8.17.0-rc1/.version
------------------------------------------------------------------------------
    svn:keywords = none

Propchange: tags/1.8.17.0-rc1/.version
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: tags/1.8.17.0-rc1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.17.0-rc1/ChangeLog?view=auto&rev=373016
==============================================================================
--- tags/1.8.17.0-rc1/ChangeLog (added)
+++ tags/1.8.17.0-rc1/ChangeLog Thu Sep 13 13:09:46 2012
@@ -1,0 +1,41844 @@
+2012-09-13  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Asterisk 1.8.17.0-rc1 Released.
+
+2012-09-12 15:42 +0000 [r372959]  Matthew Jordan <mjordan at digium.com>
+
+	* main/astobj2.c, include/asterisk/astobj2.h: Constify
+	  __ao2_ref_debug in astobj2 When REF_DEBUG is enabled in certain
+	  files - most notably ccss.c - the 'tag' parameter passed to
+	  __ao2_ref_debug will be a const char *. The function currently
+	  expects that parameter to not be const. This causes a warning
+	  when compiling, as the const qualifier is being discarded. With
+	  dev-mode enabled, this prevents compiling Asterisk. This patch
+	  makes __ao2_ref_debug's tag and file parameters const. (closes
+	  issue ASTERISK-20408) Reported by: mjordan
+
+2012-09-12 14:51 +0000 [r372932]  Mark Michelson <mmichelson at digium.com>
+
+	* channels/chan_sip.c: Add channel name to a warning to make
+	  debugging easier. The "autodestruct with owner in place" message
+	  is typically indicative of a channel reference leak. Printing out
+	  the name of the channel in the message may be helpful when trying
+	  to debug the issue.
+
+2012-09-11 22:11 +0000 [r372902]  Jonathan Rose <jrose at digium.com>
+
+	* channels/chan_local.c: chan_local: Switch from using a random 4
+	  digit hex identifier to unique id Changes chan_local channels to
+	  use an 8 digit hex identifier generated atomically and
+	  sequentially in order to eliminate the chance of having multiple
+	  channels with the same name during high call volume situations.
+	  (issue ASTERISK-20318) Reported by: Dan Cropp Review:
+	  https://reviewboard.asterisk.org/r/2104/
+
+2012-09-11 15:26 +0000 [r372840]  Mark Michelson <mmichelson at digium.com>
+
+	* main/features.c: Fix bad channel application data reference. When
+	  channels get bridged due to an AMI bridge action or a DTMF
+	  attended transfer, the two channels that get bridged have their
+	  application data pointing to the other channel's name. This means
+	  that if one channel is hung up but the other moves on, it means
+	  that the channel that moves on will have its application data
+	  pointing at freed memory. (issue ASTERISK-20335) Reported by:
+	  aragon
+
+2012-09-10 20:53 +0000 [r372804]  Kinsey Moore <kmoore at digium.com>
+
+	* channels/chan_iax2.c: Ensure iax2 debug output is displayed when
+	  expected When IAX2 debug was changed from iax_showframe to
+	  iax_outputframe, some instances were missed (or added afterward).
+	  This was causing debug output to not be displayed when expected.
+	  (closes issue ASTERISK-20338) Reported-by: John Covert Patch-by:
+	  John Covert
+
+2012-09-10 18:35 +0000 [r372765]  Jonathan Rose <jrose at digium.com>
+
+	* apps/app_meetme.c: app_meetme: Document that 'p' option will
+	  continue in dialplan. (closes issue AST-991) Reported by John
+	  Bigelow
+
+2012-09-10 18:31 +0000 [r372763]  Kinsey Moore <kmoore at digium.com>
+
+	* channels/chan_sip.c: Warn on CLI when UDPTL init fails This adds
+	  a CLI warning when a SDP offer is rejected due to UDPTL
+	  initialization failure. Previously, there was no indication of
+	  the reason for offer rejection in this case. (closes issue
+	  ASTERISK-20357) Reported-by: Francesco Usseglio Gaudi
+
+2012-09-10 17:07 +0000 [r372736]  Jonathan Rose <jrose at digium.com>
+
+	* main/channel.c: Masquerade: Retain parkinglot settings made by
+	  CHANNEL function. Prior to this patch, the user would have a
+	  parkinglot set on a channel that was parked and when the channel
+	  was retrieved, any attempt by that channel to park would simply
+	  use the default. This patch makes parkinglot values set in this
+	  way be retained through the masquerade. (closes issue AST-990)
+	  Reported by: Nick Huskinson Patches:
+	  masquerade_parkinglot_patch.diff Uploaded by Jonathan Rose
+	  (license 6182)
+
+2012-09-09 01:19 +0000 [r372709]  Matthew Jordan <mjordan at digium.com>
+
+	* channels/sip/sdp_crypto.c: Only re-create an SRTP session when
+	  needed; respond with correct crypto policy In r356604, SRTP
+	  handling was fixed to accomodate multiple crypto keys in an SDP
+	  offer and the ability to re-create an SRTP session when the
+	  crypto keys changed. In certain circumstances - most notably when
+	  a phone is put on hold after having been bridged for a
+	  significant amount of time - the act of re-creating the SRTP
+	  session causes problems for certain models of phones. The patch
+	  committed in r356604 always re-created the SRTP session
+	  regardless of whether or not the cryptographic keys changed.
+	  Since this is technically not necessary, this patch modifies the
+	  behavior to only re-create the SRTP session if Asterisk detects
+	  that the remote key has changed. This allows models of phones
+	  that do not handle the SRTP session changing to continue to work,
+	  while also providing the behavior needed for those phones that do
+	  re-negotiate cryptographic keys. In addition, in Asterisk 1.8
+	  only, it was found that phones that offer AES_CM_128_HMAC_SHA1_32
+	  will end up with no audio if the phone is the initiator of the
+	  call. The phone will send an INVITE request specifying that
+	  AES_CM_128_HMAC_SHA1_32 be used for the cryptographic policy;
+	  Asterisk will set its policy to that value. Unfortunately, when
+	  the call is Answered and a 200 OK is sent back to the UA, the
+	  policy sent in the response's SDP will be the hard coded value
+	  AES_CM_128_HMAC_SHA1_80. This potentially results in Asterisk
+	  using the INVITE request's policy of AES_CM_128_HMAC_SHA1_32,
+	  while the phone uses Asterisk's response of
+	  AES_CM_128_HMAC_SHA1_80. Hilarity ensues as both endpoints think
+	  the other is crazy. This patch fixes that by caching the policy
+	  from the request and responding with it. Note that this is not a
+	  problem in Asterisk 10 and later, as the ability to configure the
+	  policy was added in that version. (issue ASTERISK-20194) Reported
+	  by: Nicolo Mazzon Tested by: Nicolo Mazzon Review:
+	  https://reviewboard.asterisk.org/r/2099
+
+2012-09-08 03:54 +0000 [r372682]  dlee <dlee at localhost>:
+
+	* main/Makefile: Add OPENSSL_INCLUDE to the CFLAGS for ssl.c and
+	  tcptls.c. Without this flag, those files will compile with the
+	  system installed OpenSSL headers (if they exist). This is a real
+	  bummer if a different path was specified using --with-ssl=
+	  (closes issue ASTERISK-20392)
+
+2012-09-07 23:05 +0000 [r372620-372655]  Richard Mudgett <rmudgett at digium.com>
+
+	* main/astmm.c: Fix MALLOC_DEBUG version of ast_strndup(). (closes
+	  issue ASTERISK-20349) Reported by: Brent Eagles
+
+	* funcs/func_math.c: Remove annoying unconditional debug message
+	  from INC/DEC functions. (closes issue AST-1001) Reported by:
+	  Guenther Kelleter
+
+	* apps/app_queue.c: Fix exception path typo in app_queue.c
+	  try_calling(). (closes issue ASTERISK-20380) Reported by: Jeremy
+	  Pepper Patches: fix-local-channel-locking.patch (license #6350)
+	  patch uploaded by Jeremy Pepper
+
+	* apps/app_voicemail.c: Fix VoicemailUserEntry event headers
+	  ServerEmail and MailCommand reported values. The AMI action
+	  VoicemailUsersList VoicemailUserEntry event headers ServerEmail
+	  and MailCommand did not report the global values if they were not
+	  overridden. The VoicemailUserEntry event header ServerEmail was
+	  not populated with the global value if the voicemail user did not
+	  override it. The VoicemailUserEntry event header MailCommand was
+	  never populated with a value. * Removed unused struct ast_vm_user
+	  member mailcmd[]. (closes issue AST-973) Reported by: John
+	  Bigelow Tested by: rmudgett
+
+2012-09-07 02:24 +0000 [r372554-372581]  Matthew Jordan <mjordan at digium.com>
+
+	* apps/app_minivm.c: Free ast_str objects when temp file fails to
+	  be created in MiniVM The previous commit (r372554) was from a
+	  patch that was written before r366880, which ensured that ast_str
+	  objects allocated in the sendmail routine were free'd in off
+	  nominal paths. This commit frees the string objects in the off
+	  nominal path introduced in r372554. (issue ASTERISK-17133)
+	  Reported by: Tzafrir Cohen
+
+	* apps/app_minivm.c: Fix file descriptor leak and pointer scope
+	  issue in MiniVM when sending mail When MiniVM sends an e-mail and
+	  it has the volgain option set, it will spawn sox in a separate
+	  process to handle the manipulation of the sound file. In doing
+	  so, it creates a temporary file. There are two problems here: 1)
+	  The file descriptor returned from mkstemp is leaked 2) The
+	  finalfilename character pointer points to a buffer that loses
+	  scope once volgain processing is finished. Note that in r316265,
+	  Russell fixed some gcc warnings by using the return value of the
+	  mkstemp call. A warning was placed in minivm that the file
+	  descriptor was going to be leaked. This patch reverts that
+	  change, as it handles the leak and 'uses' the file descriptor
+	  returned from mkstemp. (closes issue ASTERISK-17133) Reported by:
+	  Tzafrir Cohen patches: minivm_18501_demo.diff uploaded by Tzafrir
+	  Cohen (license #5035)
+
+2012-09-06 21:38 +0000 [r372517]  Kinsey Moore <kmoore at digium.com>
+
+	* apps/app_queue.c: Ensure listed queues are not offered for
+	  completion When using tab-completion for the list of queues on
+	  "queue reset stats" or "queue reload
+	  {all|members|parameters|rules}", the tab-completion listing for
+	  further queues erroneously listed queues that had already been
+	  added to the list. The tab-completion listing now only displays
+	  queues that are not already in the list. (closes issue AST-963)
+	  Reported-by: John Bigelow
+
+2012-09-06 18:54 +0000 [r372498]  dsessions <dsessions at localhost>:
+
+	* configs/res_ldap.conf.sample, channels/chan_sip.c: LDAP Realtime
+	  Peers Cannot Register Prior to 1.8, it was not necessary for an
+	  explicit "type" to be set for an asterisk LDAP realtime peer. Now
+	  the routine find_peer actually checks the type field during
+	  registration and fails to find the peer if it is not set. The
+	  attached patches make the realtime type equal whatever type is
+	  being searched for if the type is 0 upon return from routine
+	  build_peer. (closes issue ASTERISK-17222) Reported by: John
+	  Covert Patch by: David Vossel Tested by: Darren Sessions Review:
+	  https://reviewboard.asterisk.org/r/2095/
+
+2012-09-06 15:52 +0000 [r372471]  Jonathan Rose <jrose at digium.com>
+
+	* UPGRADE.txt: chan_sip: Note change in behavior to how
+	  directmediapermit/deny ACL works r366547 introduced a change to
+	  the directmedia ACL for chan_sip which modified the behavior
+	  significantly. Prior to the patch, this option would bridge peers
+	  with directmedia if a peer's IP address matched its own
+	  directmedia ACL. After that patch, the peer would check the
+	  bridged peer's ACL instead. This change has been present since
+	  1.8.14.0. That patched failed to document the change in
+	  Upgrade.txt, so this patch adds mention of that change to
+	  UPGRADE.txt (UPGRADE-1.8.txt in newer branches) (issue AST-876)
+
+2012-09-06 14:28 +0000 [r372444]  Kinsey Moore <kmoore at digium.com>
+
+	* apps/app_queue.c: Ensure "rules" is tab-completable for "queue
+	  show" Previously, tabbing at the end of "queue show" produced a
+	  list of available queues about which information could be shown,
+	  but did not include an alternative command, "rules", to access
+	  information about queue rules. The "rules" item should now be
+	  shown in the list of tab-completable items. (closes issue
+	  AST-958) Reported-by: John Bigelow
+
+2012-09-06 02:48 +0000 [r372390-372417]  Matthew Jordan <mjordan at digium.com>
+
+	* pbx/pbx_dundi.c: Fix DUNDi message routing bug when neighboring
+	  peer is unreachable Consider a scenario where DUNDi peer PBX1 has
+	  two peers that are its neighbors, PBX2 and PBX3, and where PBX2
+	  and PBX3 are also neighbors. If the connection is temporarily
+	  broken between PBX1 and PBX3, PBX1 should not include PBX3 in the
+	  list of peers it sends to PBX2 in a DPDISCOVER message, as it
+	  cannot send messages to PBX3. If it does, PBX2 will assume that
+	  PBX3 already received the message and fail to forward the message
+	  on to PBX3 itself. This patch fixes this by only including peers
+	  in a DPDISCOVER message that are reachable by the sending node.
+	  This includes all peers with an empty address (00:00:00:00:00:00)
+	  and that are have been reached by a qualify message. This patch
+	  also prevents attempting to qualify a dynamic peer with an empty
+	  address until that peer registers. (closes issue ASTERISK-19309)
+	  Reported by: Peter Racz patches: dundi_routing.patch uploaded by
+	  Peter Racz (license 6290) The patch uploaded by Peter was
+	  modified slightly for this commit.
+
+	* apps/app_followme.c: Allow configured numbers for FollowMe to be
+	  greater than 90 characters When parsing a 'number' defined in
+	  followme.conf, FollowMe previously parsed the number in the
+	  configuration file into a buffer with a length of 90 characters.
+	  This can artificially limit some parallel dial scenarios. This
+	  patch allows for numbers of any length to be defined in the
+	  configuration file. Note that Clod Patry originally wrote a patch
+	  to fix this problem and received a Ship It! on the JIRA issue.
+	  The patch originally expanded the buffer to 256 characters.
+	  Instead, the patch being committed duplicates the string in the
+	  config file on the stack before parsing it for consumption by the
+	  application. (closes issue ASTERISK-16879) Reported by: Clod
+	  Patry Tested by: mjordan patches: followme_no_limit.diff uploaded
+	  by Clod Patry (license #5138) Slightly modified for this commit.
+
+2012-09-05 19:20 +0000 [r372354]  Kinsey Moore <kmoore at digium.com>
+
+	* main/manager.c: Correct documentation for ModuleLoad AMI action
+	  The documentation incorrectly listed 'rtp' as a reloadable
+	  subsystem and left out many other reloadable subsystems. It is
+	  now also documented that subsystems may only be reloaded, not
+	  loaded or unloaded. (closes issue AST-977) Reported-by: John
+	  Bigelow
+
+2012-09-05 18:34 +0000 [r372339]  Alec L Davis <sivad.a at paradise.net.nz>
+
+	* main/dsp.c: dsp.c: in ast_mf_detect_init incorrectly sets
+	  goertzel samples to 160, should be MF_GSIZE Related
+	  https://reviewboard.asterisk.org/r/2097/
+
+2012-09-05 18:29 +0000 [r372337]  Kinsey Moore <kmoore at digium.com>
+
+	* main/pbx.c: Ensure counts generated in
+	  manager_show_dialplan_helper are correct When
+	  manager_show_dialplan_helper was written, the counter increment
+	  for the total number of contexts was placed with the extensions
+	  increment instead of in the enclosing loop. This function should
+	  now generate correct context counts. (closes issue AST-970)
+	  Reported-by: John Bigelow
+
+2012-09-05 13:13 +0000 [r372268]  Matthew Jordan <mjordan at digium.com>
+
+	* apps/app_voicemail.c: Fix memory leaks in app_voicemail when
+	  using IMAP storage or realtime config This patch fixes two memory
+	  leaks: 1. When find_user is called with NULL as its first
+	  parameter, the voicemail user returned is allocated on the heap.
+	  The inboxcount2 function uses find_user in such a fashion when
+	  counting new messages, and fails to free the resulting voicemail
+	  user object. 2. When populate_defaults is called on a voicemail
+	  user, it wipes whatever flags have been set on the object by
+	  copying over the global flags object. If the VM_ALLOCED flag was
+	  ste on the voicemail user prior to doing so, that flag is
+	  removed. This leaks the voicemail user when free_user is later
+	  called. (closes issue ASTERISK-19155) Reported by: Filip Jenicek
+	  patches: asterisk.patch2 uploaded by Filip Jenicek (license 6277)
+	  Patch slightly modified for this commit. Review:
+	  https://reviewboard.asterisk.org/r/2096
+
+2012-09-05 07:35 +0000 [r372212-372239]  Alec L Davis <sivad.a at paradise.net.nz>
+
+	* main/dsp.c: dsp.c: Fix multiple issues when no-interdigit delay
+	  is present, and fast DTMF 50ms/50ms Revert DTMF hit/miss detector
+	  to original -r349249 method with some changes, remove
+	  unnecessary; 1. reseting of hits=0, when no signal, only need to
+	  set it once. 2. incrementing of hits, when the hit is the same as
+	  the current hit. 3. setting of lasthit, when it's the same as
+	  before. Change HITS_TO_BEGIN to 2, MISSES_TO_END to 3 & 3
+	  spelling mistakes (closes issue ASTERISK-19610) alecdavis
+	  (license 585) Reported by: Jean-Philippe Lord Tested by:
+	  alecdavis Review: https://reviewboard.asterisk.org/r/2085/
+
+	* main/dsp.c: dsp.c: optimize goerztzel sample loops, in
+	  dtmf_detect, mf_detect and tone_detect use a temporary short int
+	  when repeatedly used to call goertzel_sample. alecdavis (license
+	  585) Reported by: alecdavis Tested by: alecdavis Review:
+	  https://reviewboard.asterisk.org/r/2093/
+
+2012-09-05 03:45 +0000 [r372185]  Michael L. Young <elgueromexicano at gmail.com>
+
+	* res/res_rtp_asterisk.c: Fix Incrementing Sequence Number For
+	  Retransmitted DTMF End Packets In Asterisk 1.4+, a fix was put in
+	  place to increment the sequence number for retransmitted DTMF end
+	  packets. With the introduction of the RTP engine API in 1.8, the
+	  sequence number was no longer being incremented. This patch fixes
+	  this regression as well as cleans up a few lines that were not
+	  doing anything. (closes issue ASTERISK-20295) Reported by: Nitesh
+	  Bansal Tested by: Michael L. Young Patches:
+	  01_rtp_event_seq_num.patch uploaded by Nitesh Bansal (license
+	  6418) asterisk-20295-dtmf-fix-cleanup.diff uploaded by Michael L.
+	  Young (license 5026) Review:
+	  https://reviewboard.asterisk.org/r/2083/
+
+2012-09-05 02:16 +0000 [r372158]  Matthew Jordan <mjordan at digium.com>
+
+	* cel/cel_pgsql.c: Fix memory leak when CEL is successfully written
+	  to PostgreSQL database PQClear is not called when the result
+	  object of a call to PQExec has a status of PGRES_COMMAND_OK.
+	  Interestingly enough, the off nominal case was handled properly,
+	  so this memory leak only occurred when CEL records were
+	  successfully written. This patch properly clears the result in
+	  the nominal code path. (closes issue ASTERISK-19991) Reported by:
+	  Etienne Lessard Tested by: Etienne Lessard patches:
+	  mem_leak_cel_pgsql.patch uploaded by Etienne Lessard (license
+	  #6394)
+
+2012-08-30 20:51 +0000 [r372048-372089]  Mark Michelson <mmichelson at digium.com>
+
+	* apps/app_queue.c: Prevent crash on shutdown due to refcount error
+	  on queues container. When app_queue is unloaded, the queues
+	  container has its refcount decremented, potentially to 0. Then
+	  the taskprocessor responsible for handling device state changes
+	  is unreferenced. If the taskprocessor happens to be just about to
+	  run its task, then it will create and destroy an iterator on the
+	  queues container. This can cause the refcount on the queues
+	  container to increase to 1 and then back to 0. Going back to 0 a
+	  second time results in double frees. This failure was seen
+	  periodically in the testsuite when Asterisk would shut down.
+
+	* apps/app_queue.c: Help prevent ringing queue members from being
+	  rung when ringinuse set to no. Queue member status would not
+	  always get updated properly when the member was called, thus
+	  resulting in the member getting multiple calls. With this change,
+	  we update the member's status at the time of calling, and we also
+	  check to make sure the member is still available to take the call
+	  before placing an outbound call. (closes issue ASTERISK-16115)
+	  reported by nik600 Patches: app_queue.c-svn-r370418.patch
+	  uploaded by Italo Rossi (license #6409)
+
+2012-08-30 16:21 +0000 [r371961-372015]  Matthew Jordan <mjordan at digium.com>
+
+	* channels/chan_iax2.c: AST-2012-013: Resolve ACL rules being
+	  ignored during calls by some IAX2 peers When an IAX2 call is made
+	  using the credentials of a peer defined in a dynamic Asterisk
+	  Realtime Architecture (ARA) backend, the ACL rules for that peer
+	  are not applied to the call attempt. This allows for a remote
+	  attacker who is aware of a peer's credentials to bypass the ACL
+	  rules set for that peer. This patch ensures that the ACLs are
+	  applied for all peers, regardless of their storage mechanism.
+	  (closes issue ASTERISK-20186) Reported by: Alan Frisch Tested by:
+	  mjordan, Alan Frisch
+
+	* main/manager.c, README-SERIOUSLY.bestpractices.txt: AST-2012-012:
+	  Resolve AMI User Unauthorized Shell Access through ExternalIVR
+	  The AMI Originate action can allow a remote user to specify
+	  information that can be used to execute shell commands on the
+	  system hosting Asterisk. This can result in an unwanted
+	  escalation of permissions, as the Originate action, which
+	  requires the "originate" class authorization, can be used to
+	  perform actions that would typically require the "system" class
+	  authorization. Previous attempts to prevent this permission
+	  escalation (AST-2011-006, AST-2012-004) have sought to do so by
+	  inspecting the names of applications and functions passed in with
+	  the Originate action and, if those applications/functions matched
+	  a predefined set of values, rejecting the command if the user
+	  lacked the "system" class authorization. As noted by IBM X-Force
+	  Research, the "ExternalIVR" application is not listed in the
+	  predefined set of values. The solution for this particular
+	  vulnerability is to include the "ExternalIVR" application in the
+	  set of defined applications/functions that require "system" class
+	  authorization. Unfortunately, the approach of inspecting fields
+	  in the Originate action against known applications/functions has
+	  a significant flaw. The predefined set of values can be bypassed
+	  by creative use of the Originate action or by certain dialplan
+	  configurations, which is beyond the ability of Asterisk to
+	  analyze at run-time. Attempting to work around these scenarios
+	  would result in severely restricting the applications or
+	  functions and prevent their usage for legitimate means. As such,
+	  any additional security vulnerabilities, where an
+	  application/function that would normally require the "system"
+	  class authorization can be executed by users with the "originate"
+	  class authorization, will not be addressed. Instead, the
+	  README-SERIOUSLY.bestpractices.txt file has been updated to
+	  reflect that the AMI Originate action can result in commands
+	  requiring the "system" class authorization to be executed. Proper
+	  system configuration can limit the impact of such scenarios.
+	  (closes issue ASTERISK-20132) Reported by: Zubair Ashraf of IBM
+	  X-Force Research
+
+	* doc/CODING-GUIDELINES (added): Restore CODING-GUIDELINES to doc
+	  folder In r294740, the CODING-GUIDELINES was removed from the doc
+	  folder in favor of the content on the Asterisk wiki. Some folks
+	  still look in the doc folder initially for coding guideline
+	  suggestions; as such, this patch adds a CODING-GUIDELINES file
+	  back into the doc folder. The content of the file merely points
+	  to the correct page on the Asterisk wiki where the coding
+	  guidelines currently live. (closes issue ASTERISK-20279) Reported
+	  by: Andrew Latham Patches: CODING-GUIDELINES.diff uploaded by
+	  Andrew Latham (license 5985)
+
+2012-08-29 20:42 +0000 [r371919]  Jonathan Rose <jrose at digium.com>
+
+	* apps/app_meetme.c: app_meetme: Adding test events for following
+	  activity in MeetMe.
+
+2012-08-29 19:38 +0000 [r371860-371888]  Richard Mudgett <rmudgett at digium.com>
+
+	* main/channel.c: Initialize file descriptors for dummy channels to
+	  -1. Dummy channels usually aren't read from, but functions like
+	  SHELL and CURL use autoservice on the channel. (closes issue
+	  ASTERISK-20283) Reported by: Gareth Palmer Patches:
+	  svn-371580.patch (license #5169) patch uploaded by Gareth Palmer
+	  (modified)
+
+	* apps/app_dial.c: Fix hangup cause passthrough regression. The
+	  v1.8 -r369258 change to fix the F and F(x) action logic
+	  introduced a regression in passing the hangup cause from the
+	  called channel to the caller channel. (closes issue
+	  ASTERISK-20287) Reported by: Konstantin Suvorov Patches:
+	  app_dial_hangupcause.patch (license #6421) patch uploaded by
+	  Konstantin Suvorov (modified) Tested by: rmudgett
+
+2012-08-29 16:59 +0000 [r371824]  Jonathan Rose <jrose at digium.com>
+
+	* channels/chan_sip.c: chan_sip: Send 408 on retransmit timeout
+	  instead of 603 (closes issue ASTERISK-20124) Reported by: Walter
+	  Doekes
+
+2012-08-27 21:47 +0000 [r371747-371787]  Mark Michelson <mmichelson at digium.com>
+
+	* configs/agents.conf.sample: Fix misleading documentation in
+	  agents.conf.sample regarding ackcall usage. The documentation
+	  made it sound as if the DTMF acknowledgment was needed at the
+	  time the agent logs in, rather than when the agent is called.
+	  This is likely a relic from the days when there were multiple
+	  ways of logging in agents. (closes issue AST-962) reported by
+	  Steve Pitts
+
+	* main/manager.c: Fix incorrect documentation of the MailboxStatus
+	  manager command. The "Waiting" field was misdocumented as
+	  reporting the number of messages waiting. In reality, it simply
+	  indicated the presence or absence of waiting messages. (closes
+	  issue AST-975) reported by John Bigelow
+
+	* configs/queues.conf.sample: Fix incorrectly documented option in
+	  queues.conf sharedlastcall defaults to "no" not "yes" (closes
+	  issue AST-979) reported by Steve Pitts
+
+2012-08-27 16:40 +0000 [r371718]  dlee <dlee at localhost>:
+
+	* main/lock.c: Fixes ast_rwlock_timed[rd|wr]lock for BSD and
+	  variants. The original implementations simply wrap pthread
+	  functions, which take absolute time as an argument. The spinlock
+	  version for systems without those functions treated the argument
+	  as a delta. This patch fixes the spinlock version to be
+	  consistent with the pthread version. (closes issue
+	  ASTERISK-20240) Reported by: Egor Gorlin Patches: lock.c.patch
+	  uploaded by Egor Gorlin (license 6416)
+
+2012-08-27 13:43 +0000 [r371690]  Kinsey Moore <kmoore at digium.com>
+
+	* main/utils.c: Implement workaround for BETTER_BACKTRACES crash
+	  When compiling with BETTER_BACKTRACES enabled, Asterisk will
+	  sometimes crash when "core show locks" is run. This happens
+	  regularly in the testsuite since several tests run "core show
+	  locks" to help with debugging. This seems to be a fault with
+	  libraries on certain operating systems (notably CentOS 6.2/6.3)
+	  running on virtual machines and utilizing gcc 4.4.6. (closes
+	  issue ASTERISK-20090)
+
+2012-08-26 23:03 +0000 [r371662]  Alec L Davis <sivad.a at paradise.net.nz>
+
+	* main/dsp.c: mf_detect: incorrectly used DTMF_GSIZE instead of
+	  MF_GSIZE
+
+2012-08-21 20:35 +0000 [r371590]  Mark Michelson <mmichelson at digium.com>
+
+	* main/utils.c, apps/app_queue.c, pbx/pbx_config.c,
+	  res/res_jabber.c, apps/app_stack.c, channels/chan_oss.c,
+	  res/res_config_sqlite.c, cdr/cdr_tds.c, main/xmldoc.c,
+	  apps/app_dial.c, channels/chan_dahdi.c, channels/chan_sip.c,
+	  funcs/func_odbc.c, main/file.c: Fix misuses of asprintf
+	  throughout the code. This fixes three main issues * Change
+	  asprintf() uses to ast_asprintf() so that it pairs properly with
+	  ast_free() and no longer causes MALLOC_DEBUG to freak out. * When
+	  ast_asprintf() fails, set the pointer NULL if it will be
+	  referenced later. * Fix some memory leaks that were spotted while
+	  taking care of the first two points. (Closes issue
+	  ASTERISK-20135) reported by Richard Mudgett Review:
+	  https://reviewboard.asterisk.org/r/2071
+
+2012-08-20 15:25 +0000 [r371544]  Kinsey Moore <kmoore at digium.com>
+
+	* main/udptl.c: Ignore recovered zero-length secondary UDPTL
+	  packets In some cases, recovering lost packets using the
+	  secondary packet recovery mechanism with UDPTL/T.38 can result in
+	  the recovery of zero-length packets. These must be ignored or the
+	  frame generated from them can cause segfaults and allocation
+	  failures. (closes issue ASTERISK-19762) (closes issue
+	  ASTERISK-19373) Reported-by: Benjamin (bulkorok) Reported-by: Rob
+	  Gagnon (rgagnon)
+
+2012-08-17 18:51 +0000 [r371469]  Matthew Jordan <mjordan at digium.com>
+
+	* main/xmldoc.c: Fix memory leak in XML documentation When
+	  formatting documentation fields, the XML documentation parser
+	  calls xmldoc_get_formatted. This function allocates a string
+	  buffer at the beginning of its routine. Unfortunately, on certain
+	  code paths, it also calls xmldoc_string_cleanup, which assumes
+	  that it will create the string buffer. The previously allocated
+	  string buffer is then leaked by the xmldoc_string_cleanup
+	  routine. Now: we don't do that. (closes issue AST-932) Reported
+	  by: Alexander Homig
+
+2012-08-17 15:49 +0000 [r371393-371436]  Kinsey Moore <kmoore at digium.com>
+
+	* main/loader.c: Add instrumentation to subsystem reloads When
+	  Asterisk is built with TEST_FRAMEWORK defined, Asterisk will now
+	  generate TestEvent AMI events on subsystem reloads such as cdr,
+	  dnsmgr, extconfig, etc. (issue PQ-1126)
+
+	* main/loader.c: Add module reload instrumentation for
+	  TEST_FRAMEWORK This adds AMI events for module reloads when
+	  Asterisk is built with TEST_FRAMEWORK enabled and corrects
+	  generation of the module load AMI event. (issue PQ-1126)
+
+2012-08-16 22:30 +0000 [r371392]  Terry Wilson <twilson at digium.com>
+
+	* main/config.c: Handle integer over/under-flow in ast_parse_args
+	  The strtol family of functions will return *_MIN/*_MAX on
+	  overflow. To detect when an overflow has happened, errno must be
+	  set to 0 before calling the function, then checked afterward.
+	  (closes issue ASTERISK-20120) Reported by: Matt Jordan Review:
+	  https://reviewboard.asterisk.org/r/2073/
+
+2012-08-16 18:57 +0000 [r371337-371357]  Jonathan Rose <jrose at digium.com>
+
+	* channels/chan_sip.c: chan_sip: Use pvt outgoing_call variable to
+	  set Remote-Party-ID Header Previously the pvt SIP_OUTGOING flag
+	  was used instead, which will frequently flip during reinvites.
+	  (closes issue AST-897) Reported by: Thomas Arimont
+
+	* channels/chan_sip.c: chan_sip: Trigger reinvite if the SDP answer
+	  is included in the SIP ACK Under certain conditions, a SIP
+	  transaction involving directmedia wouldn't trigger a re-invite
+	  because the SDP answer was included in an ACK instead of in a
+	  message that we would have triggered the invite with. This patch
+	  just queues a source change control frame if the dialog is using
+	  directmedia when we find sdp for an ACK. (closes issue AST-913)
+	  Reported by: Thomas Arimont
+
+2012-08-15 23:10 +0000 [r371306]  Mark Michelson <mmichelson at digium.com>
+
+	* apps/app_queue.c: Fix bug where final queue member would not be
+	  removed from memory. If a static queue had realtime members, then
+	  there could be a potential for those realtime members not to be
+	  properly deleted from memory. If the queue's members were loaded
+	  from realtime and then all the members were deleted from the
+	  backend, then the queue would still think these members existed.
+	  The reason was that there was a short- circuit in code such that
+	  if there were no members found in the backend, then the queue
+	  would not be updated to reflect this. Note that this only
+	  affected static queues with realtime members. Realtime queues
+	  with realtime members were unaffected by this issue. (closes
+	  issue ASTERISK-19793) reported by Marcus Haas
+
+2012-08-15 20:14 +0000 [r371270]  Kinsey Moore <kmoore at digium.com>
+
+	* channels/chan_sip.c: Avoid unconditional NULLing of mwipvt on
+	  relatedpeer on SIP dialog destruction The other instance of this
+	  bug was fixed by jcolp/file in r121496. If we are destroying a
+	  dialog only set the MWI dialog pointer on the related peer to
+	  NULL if it is the dialog currently being destroyed. (closes issue
+	  ASTERISK-20119) Patch-by: Misha Vodsedalek
+
+2012-08-13 20:00 +0000 [r371201]  Kinsey Moore <kmoore at digium.com>
+
+	* main/loader.c, apps/app_meetme.c: Add test instrumentation This
+	  adds test instrumentation for loading and unloading of modules
+	  and for certain actions in MeetMe to be used in the testsuite or
+	  any other consumer of AMI events. These will only be generated
+	  when Asterisk is built with TEST_FRAMEWORK enabled. (issue
+	  PQ-1131) (issue PQ-1133)
+
+2012-08-13 19:49 +0000 [r371198]  Mark Michelson <mmichelson at digium.com>
+
+	* channels/chan_sip.c: Fix problem where incorrect pointer was
+	  checked for nullity.
+
+2012-08-10 21:21 +0000 [r371141]  Mark Michelson <mmichelson at digium.com>
+
+	* apps/app_queue.c: Fix a couple of documentation problems in
+	  app_queue.c * The RemoveQueueMember app made mention of options
+	  that could be passed in, but no options are supported. I have
+	  removed the listing of options from the documentation. * The
+	  RQMSTATUS variable did not list "NOTDYNAMIC" as a possible value
+	  that could be set. (closes issue AST-949) reported by Steve Pitts
+	  (closes issue AST-954) reported by Steve Pitts
+
+2012-08-10 16:40 +0000 [r371060-371089]  Alexandr Anikin <may at telecom-service.ru>
+
+	* addons/chan_ooh323.c: remove ALREADYGONE flag on ooh323 call data
+	  by ooh323_indicate (CONGESTION/BUSY) due to call hasn't gone
+	  there really. This indication arrive from asterisk core not h.323
+	  stack (closes issue ASTERISK-19308) Reported by: Dmitry Melekhov
+	  Patches: ASTERISK-19308.patch
+
+	* addons/ooh323c/src/ooGkClient.c: Send re-register packets by GRQ
+	  (gatekeeper request) interval (close issue ASTERISK-20094)
+	  Patches: ASTERISK-20094-2.patch
+
+2012-08-09 18:58 +0000 [r371012]  Richard Mudgett <rmudgett at digium.com>
+
+	* channels/sig_pri.c, channels/sig_ss7.c, channels/chan_dahdi.c,
+	  configure, include/asterisk/autoconfig.h.in, configure.ac: Use
+	  better libss7 detection test and move libpri compile test.
+
+2012-08-09 18:58 +0000 [r370988-371011]  Alexandr Anikin <may at telecom-service.ru>
+
+	* addons/ooh323c/src/ooGkClient.c: Fix to resend GRQ/RRQ if RRJ
+	  (registration reject) is received (close issue ASTERISK-20094)
+	  Patches: ASTERISK-20094.patch
+
+	* addons/ooh323c/src/ooh323ep.c: change opening h323 logfile with
+	  append mode instead of overwrite
+
+2012-08-09 17:39 +0000 [r370985]  Kinsey Moore <kmoore at digium.com>
+
+	* apps/app_meetme.c: Correct documentation for the MeetMe x flag
+	  The documentation for the x flag for MeetMe incorrectly described
+	  its function as closing down the conference when the last marked
+	  user left. It actually causes the users with that flag to leave
+	  the conference when the last marked user exits. The functionality
+	  of this flag is not changing.
+
+2012-08-08 22:40 +0000 [r370952]  Michael L. Young <elgueromexicano at gmail.com>
+
+	* apps/app_chanspy.c: Fix Not Unreferencing A Spied Channel When a
+	  channel hangs up while being spied upon and the option to exit
+	  the ChanSpy application when the spied on channel hangs up is
+	  set, ast_autochan_destroy is not being called and therefore a
+	  reference to the spied upon channel is not removed. The symptom
+	  being reported was that when using func_group in the dialplan and
+	  calling "group show channels" at the cli, the spied upon channel
+	  was still being shown while "core show channels" showed that the
+	  channel was not up. This patch calls ast_autochan_destroy when a
+	  spied upon channel hangs up and the option to exit the ChanSpy
+	  application is set, removing the reference to the channel
+	  allowing the count for the group that the spied channel was part
+	  of to be decremented. (closes issue ASTERISK-17515) Reported by:
+	  Arkadiusz Malka Tested by: Alexandr Gordeev, Michael L. Young
+	  Patches: asterisk-17515-destroy-autochan.diff uploaded by Michael
+	  L. Young (license 5026)
+
+2012-08-08 20:28 +0000 [r370923]  Kinsey Moore <kmoore at digium.com>
+
+	* main/channel.c: Do not define a cause that doesn't actually exist
+	  AST_CAUSE_NOTDEFINED is a placeholder for usage when there is no
+	  cause information. As such, it should not be defined and
+	  translatable as a cause.
+
+2012-08-08 19:58 +0000 [r370900]  Richard Mudgett <rmudgett at digium.com>
+
+	* channels/chan_dahdi.c, channels/sig_analog.c,
+	  channels/sig_analog.h: Fix the analog dial *0 flash-hook of
+	  bridged peer feature. The flash-hook the bridged peer feature now
+	  correctly determines if the bridged peer is another chan_dahdi
+	  channel, that it is an analog channel, and that it has the
+	  correct signaling for an FXO port. It now also flash-hooks the
+	  correct channel.
+
+2012-08-07 19:19 +0000 [r370856]  Kinsey Moore <kmoore at digium.com>
+
+	* main/channel.c: Add missing AST_CAUSE_* -> text translations
+
+2012-08-06 15:00 +0000 [r370797]  Mark Michelson <mmichelson at digium.com>
+
+	* channels/chan_sip.c: Improve debug message for temporary outbound
+	  proxies. Thanks to Paul Belanger for pointing this out.
+
+2012-08-03 21:43 +0000 [r370769-370771]  Mark Michelson <mmichelson at digium.com>
+
+	* channels/sip/config_parser.c: Seriously? Another compilation
+	  error fixed. Somebody beat me.
+
+	* channels/chan_sip.c: Remove unused variable.
+
+	* channels/sip/config_parser.c, channels/sip/include/sip.h,
+	  channels/chan_sip.c: Fix error in the "IPorHost" section of a SIP
+	  dialstring. This is based on the review request posted by Walter
+	  Doekes (referenced lower in the commit message) The main fix here

[... 41135 lines stripped ...]



More information about the asterisk-commits mailing list