The AMI Originate action can allow a remote user to specify information that can
be used to execute shell commands on the system hosting Asterisk. This can
result in an unwanted escalation of permissions, as the Originate action, which    
requires the "originate" class authorization, can be used to perform actions
that would typically require the "system" class authorization. Previous attempts
to prevent this permission escalation (AST-2011-006, AST-2012-004) have sought
to do so by inspecting the names of applications and functions passed in with
the Originate action and, if those applications/functions matched a predefined
set of values, rejecting the command if the user lacked the "system" class
authorization. As noted by IBM X-Force Research, the "ExternalIVR"
application is not listed in the predefined set of values. The solution for     
this particular vulnerability is to include the "ExternalIVR" application in the
set of defined applications/functions that require "system" class authorization.             
          
Unfortunately, the approach of inspecting fields in the Originate action against
known applications/functions has a significant flaw. The predefined set of
values can be bypassed by creative use of the Originate action or by certain
dialplan configurations, which is beyond the ability of Asterisk to analyze at
run-time. Attempting to work around these scenarios would result in severely         
restricting the applications or functions and prevent their usage for legitimate
means. As such, any additional security vulnerabilities, where an
application/function that would normally require the "system" class
authorization can be executed by users with the "originate" class authorization,
will not be addressed. Instead, the README-SERIOUSLY.bestpractices.txt file has
been updated to reflect that the AMI Originate action can result in commands
requiring the "system" class authorization to be executed. Proper system
configuration can limit the impact of such scenarios.         
          
(closes issue ASTERISK-20132)
Reported by: Zubair Ashraf of IBM X-Force Research
........

Merged revisions 371998 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371999 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 372000 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372001 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch fixes numerous doxygen warnings across Asterisk.  It also updates
the makefile to regenerate the doxygen configuration on the local system
before running doxygen to help prevent warnings/errors on the local system.

Much thanks to Andrew for tackling one of the Asterisk janitor projects!

(issue ASTERISK-20259)
Reported by: Andrew Latham
Patches:
  doxygen_partial.diff uploaded by Andrew Latham (license 5985)
  make_progdocs.diff uploaded by Andrew Latham (license 5985)



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371989 65c4cc65-6c06-0410-ace0-fbb531ad65f3

In r294740, the CODING-GUIDELINES was removed from the doc folder in favor
of the content on the Asterisk wiki.  Some folks still look in the doc folder
initially for coding guideline suggestions; as such, this patch adds a
CODING-GUIDELINES file back into the doc folder.  The content of the file
merely points to the correct page on the Asterisk wiki where the coding
guidelines currently live.

(closes issue ASTERISK-20279)
Reported by: Andrew Latham
Patches:
  CODING-GUIDELINES.diff uploaded by Andrew Latham (license 5985)
........

Merged revisions 371961 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371962 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371963 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371964 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The struct MD5Context character buffer is cast to an int32_t* without
making sure that said buffer is aligned.

Since the buffer follows two uint32_t's, the chance of 'in' being (32
bits) unaligned is nil in practice.  But adding code to ensure that 'in'
stays aligned costs nothing and removes all doubts about the casts being
safe.

(closes issue ASTERISK-20241)
Reported by: Walter Doekes
Patches:
      tmp.diff (license #5674) patch uploaded by Walter Doekes


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371952 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 371950 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371951 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 371919 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371920 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371921 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371922 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Really shows how much epoll is used since it had not been reported yet.
........

Merged revisions 371893 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371894 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Dummy channels usually aren't read from, but functions like SHELL and CURL
use autoservice on the channel.

(closes issue ASTERISK-20283)
Reported by: Gareth Palmer
Patches:
      svn-371580.patch (license #5169) patch uploaded by Gareth Palmer (modified)
........

Merged revisions 371888 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371890 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371891 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371892 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Matt Jordan  informed me that it was more appropriate to use an
astman_send_ack here instead of making an event response. I've also
used this opportunity to update UPGRADE.txt to mention this change
in behavior.

(issue AST-969)
Reported by: John Bigelow


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371889 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The v1.8 -r369258 change to fix the F and F(x) action logic introduced a
regression in passing the hangup cause from the called channel to the
caller channel.

(closes issue ASTERISK-20287)
Reported by: Konstantin Suvorov
Patches:
      app_dial_hangupcause.patch (license #6421) patch uploaded by Konstantin Suvorov (modified)
Tested by: rmudgett
........

Merged revisions 371860 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371861 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371862 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371863 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(closes issue ASTERISK-20124)
Reported by: Walter Doekes
........

Merged revisions 371824 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371825 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371845 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371851 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Prior to this patch, Issuing SIPqualifypeer either resulted in an
error or if it succeeded, a few \r\ns.  This patch adds a
SIPqualifypeerComplete event issued as a response when the command
is successfully executed.

(closes issue AST-969)
Reported by: John Bigelow



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371823 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The documentation made it sound as if the DTMF acknowledgment was needed
at the time the agent logs in, rather than when the agent is called. This
is likely a relic from the days when there were multiple ways of logging
in agents.

(closes issue AST-962)
reported by Steve Pitts
........

Merged revisions 371787 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371789 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371790 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371791 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The "Waiting" field was misdocumented as reporting the number of
messages waiting. In reality, it simply indicated the presence or
absence of waiting messages.
........

Merged revisions 371782 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371783 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371784 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371785 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 371753 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371754 65c4cc65-6c06-0410-ace0-fbb531ad65f3

sharedlastcall defaults to "no" not "yes"

(closes issue AST-979)
reported by Steve Pitts
........

Merged revisions 371747 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371748 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371750 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371751 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The original implementations simply wrap pthread functions, which take
absolute time as an argument. The spinlock version for systems without
those functions treated the argument as a delta. This patch fixes the
spinlock version to be consistent with the pthread version.

(closes issue ASTERISK-20240)
Reported by: Egor Gorlin
Patches:
	lock.c.patch uploaded by Egor Gorlin (license 6416)
........

Merged revisions 371718 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371720 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371721 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When compiling with BETTER_BACKTRACES enabled, Asterisk will sometimes
crash when "core show locks" is run. This happens regularly in the
testsuite since several tests run "core show locks" to help with
debugging. This seems to be a fault with libraries on certain operating
systems (notably CentOS 6.2/6.3) running on virtual machines and
utilizing gcc 4.4.6.

(closes issue ASTERISK-20090)
........

Merged revisions 371690 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371691 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371692 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371693 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 371662 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371663 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371664 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371665 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371633 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/2077/
........

Merged revisions 371619 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371620 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This fixes three main issues

* Change asprintf() uses to ast_asprintf() so that it
pairs properly with ast_free() and no longer causes
MALLOC_DEBUG to freak out.

* When ast_asprintf() fails, set the pointer NULL if
it will be referenced later.

* Fix some memory leaks that were spotted while taking
care of the first two points.

(Closes issue ASTERISK-20135)
reported by Richard Mudgett

Review: https://reviewboard.asterisk.org/r/2071
........

Merged revisions 371590 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371591 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371592 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371593 65c4cc65-6c06-0410-ace0-fbb531ad65f3

With the SCOPED_LOCK macro, you can create a variable
that locks a specific lock and unlocks the lock when the
variable goes out of scope. This is useful for situations
where many breaks, continues, returns, or other interruptions
would require separate unlock statements. With a scoped lock,
these aren't necessary.

There are specializations for mutexes, read locks, write locks,
ao2 locks, ao2 read locks, ao2 write locks, and channel locks.
Each of these is a SCOPED_LOCK at heart though.

Review: https://reviewboard.asterisk.org/r/2060



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371582 65c4cc65-6c06-0410-ace0-fbb531ad65f3

pj_thread_register() takes a parameter of type pj_thread_desc.
It was assumed that pj_thread_register either used this item
temporarily or made a copy of it. Unfortunately, all it does is
keep a pointer to the structure in thread-local storage. This
means that if our pj_thread_desc goes out of scope, then pjlib
will be referencing bogus data quite often, most commonly on
operations involving a pj_mutex_t.

In our case, our pj_thread_desc was on the stack and went out
of scope very shortly after registering our thread with pjlib.
With this change, the pj_thread_desc is stored in thread-local
storage so the pointer that pjlib keeps in thread-local storage
will reference legitimate memory.

(closes issue ASTERISK-20237)
reported by Jeremy Pepper
Patches:
	ASTERISK-20237.patch uploaded by Mark Michelson (license #5049)
Tested by Jeremy Pepper
........

Merged revisions 371571 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371572 65c4cc65-6c06-0410-ace0-fbb531ad65f3

In some cases, recovering lost packets using the secondary packet
recovery mechanism with UDPTL/T.38 can result in the recovery of
zero-length packets. These must be ignored or the frame generated from
them can cause segfaults and allocation failures.

(closes issue ASTERISK-19762)
(closes issue ASTERISK-19373)
Reported-by: Benjamin (bulkorok)
Reported-by: Rob Gagnon (rgagnon)
........

Merged revisions 371544 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371545 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371546 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371547 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371536 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When compiling with BETTER_BACKTRACES enabled, Asterisk will sometimes
crash when "core show locks" is run. This happens regularly in the
testsuite since several tests run "core show locks" to help with
debugging. This seems to be a fault with libraries on certain operating
systems (notably CentOS 6.2/6.3) running on virtual machines and
utilizing gcc 4.4.6.

(issue ASTERISK-20090)


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371535 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(closes issue ASTERISK-20254)
Reported by: Andrew Latham
Patches:
  http.diff uploaded by Andrew Latham (license #5985)
........

Merged revisions 371520 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371521 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The summary says about all there is to say.

(closes issue ASTERISK-20239)
Reported by: Gregory Porras
........

Merged revisions 371518 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371519 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The name of the "HangupCauseClear" application is "HangupCauseClear",
not "HangupcauseClear".  The incorrect case of 'cause' caused the
XML documentation to not register properly.

As an aside, this commit message felt very awkward, but I'm not sure
how else to note that "X", which has to be "X", was referred to as "x".

(closes issue ASTERISK-20253)
Reported by: Andrew Latham
Patches:
  hangupcause.diff uploaded by Andrew Latham (license #5985)
........

Merged revisions 371516 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371517 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Some core support modules and compiler options were no longer tagged with a
module support level.  This patch adds 'core' back to those options.

Note that this patch modifies a few of the patches provided by Andrew Latham
slightly.  res_curl and res_fax are both 'core' supported modules.

(closes issue ASTERISK-20215)
Reported by: Andrew Latham
Tested by: mjordan
Patches:
  astcanary.diff (license #5985) uploaded by Andrew Latham
  cflagsxml.diff (license #5985) uploaded by Andrew Latham
  curl_fax.diff (license #5985) uploaded by Andrew Latham
  soundsxml.diff (license #5985) uploaded by Andrew Latham
........

Merged revisions 371507 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371508 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When formatting documentation fields, the XML documentation parser calls
xmldoc_get_formatted.  This function allocates a string buffer at the
beginning of its routine.  Unfortunately, on certain code paths, it also
calls xmldoc_string_cleanup, which assumes that it will create the string
buffer.  The previously allocated string buffer is then leaked by the
xmldoc_string_cleanup routine.

Now: we don't do that.

(closes issue AST-932)
Reported by: Alexander Homig
........

Merged revisions 371469 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371491 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371492 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371493 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(closes issue ASTERISK-20238)
Reported by: james.mortensen
........

Merged revisions 371482 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371483 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When Asterisk is built with TEST_FRAMEWORK defined, Asterisk will now
generate TestEvent AMI events on subsystem reloads such as cdr, dnsmgr,
extconfig, etc.

(issue PQ-1126)
........

Merged revisions 371436 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371437 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371438 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371439 65c4cc65-6c06-0410-ace0-fbb531ad65f3

While building up a new install to test chan_motif, I ran into a failure
due to icesupport being disabled.  This was due to me not having an
rtp.conf.  It was intended in the code for it to be enabled by default,
but it was only applied if rtp.conf existed.

This patch updates res_rtp_asterisk to be consistent in how it handles
defaults.  A few options didn't have their default values set globally,
including icesupport.  They are now set and icesupport is enabled by
default, even if you do not have an rtp.conf.
........

Merged revisions 371425 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371428 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(closes issue ASTERISK-20206)
Reported by: ddkprog
Patches:
     res_format_attr_h264.c.diff uploaded by ddkprog (license 6008)
........

Merged revisions 371426 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371427 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The strtol family of functions will return *_MIN/*_MAX on overflow. To
detect when an overflow has happened, errno must be set to 0 before
calling the function, then checked afterward.

(closes issue ASTERISK-20120)
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/2073/
........

Merged revisions 371392 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371398 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371399 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371400 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This adds AMI events for module reloads when Asterisk is built with
TEST_FRAMEWORK enabled and corrects generation of the module load AMI
event.

(issue PQ-1126)
........

Merged revisions 371393 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371394 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371395 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371396 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Previously the pvt SIP_OUTGOING flag was used instead, which will frequently
flip during reinvites.

(closes issue AST-897)
Reported by: Thomas Arimont
........

Merged revisions 371357 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371358 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371382 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371383 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Under certain conditions, a SIP transaction involving directmedia wouldn't
trigger a re-invite because the SDP answer was included in an ACK instead
of in a message that we would have triggered the invite with. This patch
just queues a source change control frame if the dialog is using
directmedia when we find sdp for an ACK.

(closes issue AST-913)
Reported by: Thomas Arimont
........

Merged revisions 371337 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 371338 from http://svn.asterisk.org/svn/asterisk/branches/10
........

Merged revisions 371355 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@371356 65c4cc65-6c06-0410-ace0-fbb531ad65f3