<div>
<style type="text/css">
.successful a, .successful a:visited, .successful a:link, .successful a:hover,.successful a:active {color:#393}
.failed a, .failed a:visited, .failed a:link, .failed a:hover,.failed a:active {color:#d62829}
.notexecuted a, .notexecuted a:visited, .notexecuted a:link, .notexecuted a:hover,.notexecuted a:active {color:#ffcc66}
td a, td a:link, td a:visited, td a:hover, td a:active {background:transparent;font-family: Arial, sans-serif;text-decoration:underline;}
td a:link {color:#369;}
td a:visited {color:#444;}
td a:hover, td a:active {color:#036;}
td a:hover {text-decoration:none;}
</style>
<font size="2" color="black" face="Arial, Helvetica, sans-serif" style="font-family: Arial, sans-serif;font-size: 13px;color:#000">
<table align="center" border="0" cellpadding="5" cellspacing="0" width="98%">
<tr>
<td style="vertical-align:top">
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ffe6e7;border-top:1px solid #eec0c0;border-bottom:1px solid #eec0c0;color:#d62829;">
<tr>
<td width="20" style="vertical-align:top;padding:5px 0 5px 10px">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#d62829;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">Asterisk Testing</a> >
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">AST1.8-digiumphones</a> >
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">#9</a>
<span class="failed" style="font-family: Arial, sans-serif; font-size: 14px;"> has failed.</span>
<span class="failed" style="font-family: Arial, sans-serif; font-size: 13px;">
<br/>Code has been updated by <a href="http://bamboo.asterisk.org/browse/author/qwell">qwell</a>.
<br/><strong>2/2</strong> jobs failed with <strong>0</strong> failing tests. </span>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9/" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Failing Jobs</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20" style="vertical-align:top;padding:11px 0 5px 10px; border-bottom:1px solid #EEEEEE; ">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS32-9/" style="color:red;">Asterisk 1.8 CentOS 6 32-Bit</a>
<span style="color:#444444; font-size:11px; font-style:italic;">(CentOS 6)</span>
</td>
<td width="120" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Duration:</b> 3 minutes
</td>
<td width="130" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Tests:</b> 68 passed
</td>
<td width="80" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;font-size:11px">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS32-9/log">Logs</a> | <a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS32-9/artifact">Artifacts</a>
</td>
</tr>
<tr>
<td width="20" style="vertical-align:top;padding:11px 0 5px 10px; border-bottom:1px solid #EEEEEE; ">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS64-9/" style="color:red;">Asterisk 1.8 CentOS 6 64-Bit</a>
<span style="color:#444444; font-size:11px; font-style:italic;">(CentOS 6)</span>
</td>
<td width="120" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Duration:</b> 6 minutes
</td>
<td width="130" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Tests:</b> 69 passed
</td>
<td width="80" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;font-size:11px">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS64-9/log">Logs</a> | <a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-AST18CENTOS64-9/artifact">Artifacts</a>
</td>
</tr>
</table>
<br/>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9/commit/" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Code Changes</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9/commit/" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">See full change details</a><img src="http://bamboo.asterisk.org/images/icons/more.gif" width="15" height="15" style="vertical-align:middle;padding:2px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td width="20" style="vertical-align:top;padding:10px 0 0px 10px">
<img src="http://bamboo.asterisk.org/images/icons/businessman.gif" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#000;vertical-align:top;padding:10px 10px 0px 10px">
<a href="http://bamboo.asterisk.org/browse/author/qwell" style="font-family: Arial, sans-serif; font-size: 13px; font-weight:bold; color:#000">
qwell</a><br>
Multiple revisions 359656,359706,359979<br/>
<br/>
........<br/>
r359656 | mjordan | 2012-03-15 13:35:59 -0500 (Thu, 15 Mar 2012) | 22 lines<br/>
<br/>
Fix remotely exploitable stack overrun in Milliwatt<br/>
<br/>
Milliwatt is vulnerable to a remotely exploitable stack overrun when using<br/>
the 'o' option. This occurs due to the milliwatt_generate function not<br/>
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of<br/>
samples it can put in the output buffer.<br/>
<br/>
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET<br/>
when determining the maximum number of samples allowed. Note that at no<br/>
point is remote code execution possible. The data that is written into the<br/>
buffer is the pre-defined Milliwatt data, and not custom data.<br/>
<br/>
(closes issue ASTERISK-19541)<br/>
Reported by: Russell Bryant<br/>
Tested by: Matt Jordan<br/>
Patches:<br/>
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)<br/>
Note that this patch was written by Russell, even though Matt uploaded it<br/>
........<br/>
<br/>
Merged revisions 359645 from <a href="http://svn.asterisk.org/svn/asterisk/branches/1.6.2">http://svn.asterisk.org/svn/asterisk/branches/1.6.2</a><br/>
........<br/>
r359706 | mjordan | 2012-03-15 14:01:22 -0500 (Thu, 15 Mar 2012) | 16 lines<br/>
<br/>
Fix remotely exploitable stack overflow in HTTP manager<br/>
<br/>
There exists a remotely exploitable stack buffer overflow in HTTP digest<br/>
authentication handling in Asterisk. The particular method in question<br/>
is only utilized by HTTP AMI. When parsing the digest information, the<br/>
length of the string is not checked when it is copied into temporary buffers<br/>
allocated on the stack.<br/>
<br/>
This patch fixes this behavior by parsing out pre-defined key/value pairs<br/>
and avoiding unnecessary copies to the stack.<br/>
<br/>
(closes issue ASTERISK-19542)<br/>
Reported by: Russell Bryant<br/>
Tested by: Matt Jordan<br/>
........<br/>
r359979 | rmudgett | 2012-03-20 12:21:16 -0500 (Tue, 20 Mar 2012) | 28 lines<br/>
<br/>
Allow AMI action callback to be reentrant.<br/>
<br/>
Fix AMI module reload deadlock regression from ASTERISK-18479 when it<br/>
tried to fix the race between calling an AMI action callback and<br/>
unregistering that action. Refixes ASTERISK-13784 broken by<br/>
ASTERISK-17785 change.<br/>
<br/>
Locking the ao2 object guaranteed that there were no active callbacks that<br/>
mattered when ast_manager_unregister() was called. Unfortunately, this<br/>
causes the deadlock situation. The patch stops locking the ao2 object to<br/>
allow multiple threads to invoke the callback re-entrantly. There is no<br/>
way to guarantee a module unload will not crash because of an active<br/>
callback. The code attempts to minimize the chance with the registered<br/>
flag and the maximum 5 second delay before ast_manager_unregister()<br/>
returns.<br/>
<br/>
The trunk version of the patch changes the API to fix the race condition<br/>
correctly to prevent the module code from unloading from memory while an<br/>
action callback is active.<br/>
<br/>
* Don't hold the lock while calling the AMI action callback.<br/>
<br/>
(closes issue ASTERISK-19487)<br/>
Reported by: Philippe Lindheimer<br/>
<br/>
Review: <a href="https://reviewboard.asterisk.org/r/1818/">https://reviewboard.asterisk.org/r/1818/</a><br/>
Review: <a href="https://reviewboard.asterisk.org/r/1820/">https://reviewboard.asterisk.org/r/1820/</a><br/>
........<br/>
<br/>
Merged revisions 359656,359706,359979 from <a href="http://svn.asterisk.org/svn/asterisk/branches/1.8">http://svn.asterisk.org/svn/asterisk/branches/1.8</a><br/>
</td>
<td width="60" style="font-family: Arial, sans-serif; font-size: 13px; ;color:#036;vertical-align:top;padding:10px 10px 0px 10px">
(360826)
</td></tr>
</table><br>
</td>
<td width="150" style="vertical-align:top">
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;vertical-align:top;padding:5px 10px">
Actions
</td>
</tr>
</table>
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#f5f9fc;border-bottom:1px solid #bbd0e5;">
<tr>
<td style="font-family: Ariel, sans-serif; font-size: 13px; color:#036;vertical-align:top;padding:5px 10px;line-height:1.7">
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">View Online</a>
<br>
<a href="http://bamboo.asterisk.org/browse/TESTING-AST18DIGIUMPHONES-9?commentMode=true" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">Add Comments</a>
<br>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td colspan="2" align="center" style="font-family: Arial, sans-serif;text-align:center;font-size:11px;font-weight:bold;color:#999;vertical-align:top;padding:20px">
Email generated by <a href="http://bamboo.asterisk.org" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">Atlassian Bamboo</a> - if you wish to stop receiving these emails edit your <a href="http://bamboo.asterisk.org/profile/userNotifications.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">user profile</a> or <a href="http://bamboo.asterisk.org/viewAdministrators.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">notify your administrator</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
</font>
</div>