[asterisk-commits] bebuild: tag certified-11.6-cert8 r428437 - in /certified/tags/11.6-cert8: ./...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Nov 20 10:54:11 CST 2014 

Author: bebuild
Date: Thu Nov 20 10:54:08 2014
New Revision: 428437

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428437
Log:
Merge r428432 for AST-2014-012, r428397 for AST-2014-018

Modified:
    certified/tags/11.6-cert8/   (props changed)
    certified/tags/11.6-cert8/ChangeLog
    certified/tags/11.6-cert8/funcs/func_db.c
    certified/tags/11.6-cert8/main/acl.c

Propchange: certified/tags/11.6-cert8/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 10:54:08 2014
@@ -1,3 +1,3 @@
 /branches/11:399513,401167,401179,401182,415825
 /certified/branches/1.8.15:382389
-/certified/branches/11.6:423426,426053
+/certified/branches/11.6:423426,426053,428397,428432

Modified: certified/tags/11.6-cert8/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert8/ChangeLog?view=diff&rev=428437&r1=428436&r2=428437
==============================================================================
--- certified/tags/11.6-cert8/ChangeLog (original)
+++ certified/tags/11.6-cert8/ChangeLog Thu Nov 20 10:54:08 2014
@@ -1,3 +1,29 @@
+2014-11-20  Asterisk Development Team <asteriskteam at digium.com>
+
+	* Certified Asterisk 11.6-cert8 Released.
+
+	* AST-2014-012: Fix error with mixed address family ACLs.
+
+	  Prior to this commit, the address family of the first item in an ACL
+	  was used to compare all incoming traffic. This could lead to traffic
+	  of other IP address families bypassing ACLs.
+
+	  ASTERISK-24469 #close
+	  Reported by Matt Jordan
+
+	* AST-2014-018 - func_db: DB Dialplan function permission escalation
+	  via AMI.
+
+	  The DB dialplan function when executed from an external protocol
+	  (for instance AMI), could result in a privilege escalation.
+
+	  Asterisk now inhibits the DB function from being executed from an
+	  external interface if the live_dangerously option is set to no.
+
+	  ASTERISK-24534
+	  Reported by: Gareth Palmer
+	  patches: submitted by Gareth Palmer (license 5169)
+
 2014-10-20  Asterisk Development Team <asteriskteam at digium.com>
 
 	* Certified Asterisk 11.6-cert7 Released.

Modified: certified/tags/11.6-cert8/funcs/func_db.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert8/funcs/func_db.c?view=diff&rev=428437&r1=428436&r2=428437
==============================================================================
--- certified/tags/11.6-cert8/funcs/func_db.c (original)
+++ certified/tags/11.6-cert8/funcs/func_db.c Thu Nov 20 10:54:08 2014
@@ -351,7 +351,7 @@
 {
 	int res = 0;
 
-	res |= ast_custom_function_register(&db_function);
+	res |= ast_custom_function_register_escalating(&db_function, AST_CFE_BOTH);
 	res |= ast_custom_function_register(&db_exists_function);
 	res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ);
 	res |= ast_custom_function_register(&db_keys_function);

Modified: certified/tags/11.6-cert8/main/acl.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert8/main/acl.c?view=diff&rev=428437&r1=428436&r2=428437
==============================================================================
--- certified/tags/11.6-cert8/main/acl.c (original)
+++ certified/tags/11.6-cert8/main/acl.c Thu Nov 20 10:54:08 2014
@@ -776,7 +776,7 @@
 		ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
 		ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
 #endif
-		if (ast_sockaddr_is_ipv4(&ha->addr)) {
+		if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
 			if (ast_sockaddr_is_ipv6(addr)) {
 				if (ast_sockaddr_is_ipv4_mapped(addr)) {
 					/* IPv4 ACLs apply to IPv4-mapped addresses */

More information about the asterisk-commits mailing list