Created by Paul Belanger and last modified
Get this branch:
bzr branch lp://qastaging/asterisk/1.8

Branch merges

Related bugs

Related blueprints

Branch information

Registry Administrators

Import details

Import Status: Suspended

This branch is an import of the Subversion branch from http://svn.asterisk.org/svn/asterisk/branches/1.8.

Last successful import was .

Import started on izar and finished taking 5 minutes — see the log
Import started on izar and finished taking 50 seconds — see the log
Import started on alnitak and finished taking 50 seconds — see the log
Import started on alnitak and finished taking 50 seconds — see the log

Recent revisions

22823. By jrose

Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.

When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.

ASTERISK-24847 #close
Reported by: Maciej Szmigiero
 asterisk-null-in-cn.patch submitted by mhej (license 6085)

22822. By mmichelson

Backport AST-2015-002 fix to 1.8.

This helps to prevent Asterisk from being an attack vector for
HTTP request injection attacks based on CVE-2014-8150.

22821. By mmichelson

Fix error with mixed address family ACLs.

Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.

ASTERISK-24469 #close

Reported by Matt Jordan
 ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)


22820. By kharwell

AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)

22819. By coreyfarrell

Fix unintential memory retention in stringfields.

* Fix missing / unreachable calls to __ast_string_field_release_active.
* Reset pool->used to zero when the current pool->active reaches zero.

ASTERISK-24307 #close
Reported by: Etienne Lessard
Tested by: ibercom, Etienne Lessard
Review: https://reviewboard.asterisk.org/r/4114/

22818. By coreyfarrell

Fix ast_writestream leaks

Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.

11+: Fix leak of ast_writestream recording_fs in

ASTERISK-24476 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4138/

22817. By tzafrir

Fix syntax from r426926

22816. By tzafrir

install init.d files on GNU/kFreeBSD

Review: https://reviewboard.asterisk.org/r/4118/

22815. By mjordan

channels/sip/reqresp_parser: Fix unit tests for r426594

When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.

22814. By coreyfarrell

REF_DEBUG: Install refcounter.py to $(ASTDATADIR)/scripts

This change ensures refcounter.py is installed to a place where it
can be found by the Asterisk testsuite if REF_DEBUG is enabled.

ASTERISK-24432 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4094/

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.