This fixes autological comparison warnings in the following:
 * chan_skinny: letohl may return a signed or unsigned value, depending on the
   macro chosen
 * func_curl: Provide a specific cast to CURLoption to prevent mismatch
 * cel: Fix enum comparisons where the enum can never be negative
 * enum: Fix comparison of return result of dn_expand, which returns a signed
   int value
 * event: Fix enum comparisons where the enum can never be negative
 * indications: tone_data.freq1 and freq2 are unsigned, and hence can never be
   negative
 * presencestate: Use the actual enum value for INVALID state
 * security_events: Fix enum comparisons where the enum can never be negative
 * udptl: Don't bother to check if the return value from encode_length is less
   than 0, as it returns an unsigned int
 * translate: Since the parameters are unsigned int, don't bother checking
   to see if they are negative. The cast to unsigned int would already blow
   past the matrix bounds.

Review: https://reviewboard.asterisk.org/r/4533
ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4533.patch submitted by dkdegroot (License 6600)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@434469 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch fixes a bug in a unit test in func_math where a variable could be
passed to ast_free that wasn't allocated. This patch corrects the issue and
ensures that we only attempt to free a variable if we previously allocated
it.

Review: https://reviewboard.asterisk.org/r/4552

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4552.patch submitted by dkdegroot (License 6600)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@434190 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch fixes the -Wunused-value -Wunused-variable -Wunused-const-variable
errors caught by clang. Specifically:

* apps/app_queue.c: removed unused qpm_cmd_usage[], qum_cmd_usage[],
                    qsmp_cmd_usage[]
* cel/cel_sqlite3_custom.c: removed unused name[] = "cel_sqlite3_custom"
* codecs/gsm/src/gsm_create.c: removed unused ident[] = "$Header$"
* funcs/func_env.c:729: Fixed ast_str_append_substr.
* main/editline/np/strlcat.c: removed unused rcsid variable
* main/editline/np/strlcpy.c: removed unused rcsid variable
* utils/conf2ael.c: removed unused cfextension_states
* utils/extconf.c: removed unused cfextension_states

Review: https://reviewboard.asterisk.org/r/4526

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4526.patch submitted by dkdegroot (License 6600)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433693 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When r432935 was merged, it did correctly fix a situation where a FILE read
operation on the middle of a file buffer would not read the requested length
in the parameters passed to the FILE function. Unfortunately, it would also
allow the FILE function to append more bytes than what was available in the
buffer if the length exceeded the end of the buffer length.

This patch takes the minimum of the remaining bytes in the buffer along with
the calculated length to append provided by the original patch, and uses
that as the length to append in the return result. This patch also updates
the unit tests with the scenarios that were originally pointed out in
ASTERISK-21765 that the original implementation treated incorrectly.

ASTERISK-21765


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433173 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This code originally kept a lock held when performing the HTTP
request to ensure that the options provided to curl remain valid.
This doesn't seem to be necessary these days and holding the lock
caused requests to happen sequentially instead of in parallel.

ASTERISK-18708 #close
Reported by: Dave Cabot


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432948 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The loop that reads in a file was not correctly using the offset when
determining what bytes to append to the output. This patch corrects
the logic such that the correct portion of the file is extracted when an
offset is specified.

ASTERISK-21765
Reported by: John Zhong
Tested by: Matt Jordan, Di-Shi Sun
patches:
  file_read_390821.patch uploaded by Di-Shi Sun (License 5076)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432935 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431298 65c4cc65-6c06-0410-ace0-fbb531ad65f3

CVE-2014-8150 disclosed a vulnerability in libcURL where HTTP request injection
can be performed given properly-crafted URLs.

Since Asterisk makes use of libcURL, and it is possible that users of Asterisk may
get cURL URLs from user input or remote sources, we have made a patch to Asterisk
to prevent such HTTP injection attacks from originating from Asterisk.

ASTERISK-24676 #close
Reported by Matt Jordan

Review: https://reviewboard.asterisk.org/r/4364

AST-2015-002



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431297 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@430996 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When the channel datastore associated with the usage of CURLOPT on a specific
channel is freed, the underlying structure holding the list of options is not
disposed of. This patch properly frees the structure in the datastore .destroy
callback.

ASTERISK-24672 #close
Reported by: Kristian Hogh
patches:
  func_curl-memory-leak.diff uploaded by Kristian Hogh (License 6639)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@430487 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........

Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428363 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Fix code paths where it is possible for frames to leak.
Fix uninitialized variable in jb_get_fixed and jb_get_adaptive.

ASTERISK-22409 #related
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4128/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@427019 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When you call the CONFIG dialplan function with the name of a variable that
doesn't exist in the target context you get an ERROR.  This does nothing but
clutter up the logs with messages that may be perfectly acceptable.  Just
because a variable wasn't in the context doesn't mean it's an error.  Maybei
t's optional or just needs to be defaulted or ignored.

This patch changes the log level from ERROR to DEBUG.  If a dialplan developer
wants to debug their dialplan they still canby setting the console debug level 
as needed.

Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3919/
........

Merged revisions 421327 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@421328 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Audit of v1.8 usage of ast_channel_datastore_remove() for datastore memory
leaks.

* Fixed leaks in app_speech_utils and func_frame_trace.

* Fixed app_speech_utils not locking the channel when accessing the
channel datastore list.

Review: https://reviewboard.asterisk.org/r/3859/

Audit of v11 usage of ast_channel_datastore_remove() for datastore memory
leaks.

* Fixed leak in func_jitterbuffer.

Review: https://reviewboard.asterisk.org/r/3860/
........

Merged revisions 419684 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@419685 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Previously these two dialplan functions would issue warnings and
return failure when an empty string is used as the argument. Now
they will not issue a warning and will successfully return an
empty string.

ASTERISK-23911 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3745/
........

Merged revisions 418641 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@418649 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 416500 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@416501 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The change that removed the fixed size buffers in odbc-related code --
removing arbitrary column width limits -- was incomplete. This change
adds: no segfault on writesql without insertsql and return value checks
after strdup.

While I was in the vicinity I cleaned up the linefeeds in the odbc
function descriptions, moved some code for clarity, removed some blobs
and noted (but didn't fix) that the 'odbc write ... exec' CLI command
doesn't behave as the dialplan equivalent when insertsql= is used.

#ASTERISK-23582 #close
Review: https://reviewboard.asterisk.org/r/3579/
........

Merged revisions 414997 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@414998 65c4cc65-6c06-0410-ace0-fbb531ad65f3

ASTERISK-23582 #close
ASTERISk-23582 #comment Reported by: Walter Doekes

Review: https://reviewboard.asterisk.org/r/3557/
........

Merged revisions 414693 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@414694 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Recurisve usage of replace() resulted in corruption of the
temporary string storage and potential crash.  By changing
the string to be allocated separtely per instance, this is
eliminated.

ASTERISK-23650 #comment Reported by: Roel van Meer
ASTEIRSK-23650 #close

Review: https://reviewboard.asterisk.org/r/3539/
........

Merged revisions 414214 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@414215 65c4cc65-6c06-0410-ace0-fbb531ad65f3

........

Merged revisions 413592 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@413595 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This resolves a large number of compiler warnings from GCC 4.10 which
cause the build to fail under dev mode. The vast majority are
signed/unsigned mismatches in printf-style format strings.
........

Merged revisions 413586 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@413587 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(closes issue ASTERISK-23391)
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/3386/
........

Merged revisions 411313 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@411314 65c4cc65-6c06-0410-ace0-fbb531ad65f3

There was a missing comma.
This was discovered by Dan Kaplan.



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@409886 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch prevents a crash when using the function audiohookinheritance without
setting the channel.

(closes issue ASTERISK-23104)
Reported by: Joel Vandal
Tested by: Joel Vandal
Patches:
    asterisk-23104_audiohook_inherit_no_channel-11.diff
                                     uploaded by Michael L. Young (license 5026)

Review: https://reviewboard.asterisk.org/r/3272/
........

Merged revisions 409623 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@409625 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The per console verbose level feature as previously implemented caused a
large performance penalty.  The fix required some minor incompatibilities
if the new rasterisk is used to connect to an earlier version.  If the new
rasterisk connects to an older Asterisk version then the root console
verbose level is always affected by the "core set verbose" command of the
remote console even though it may appear to only affect the current
console.  If an older version of rasterisk connects to the new version
then the "core set verbose" command will have no effect.

* Fixed the verbose performance by not generating a verbose message if
nothing is going to use it and then filtered any generated verbose
messages before actually sending them to the remote consoles.

* Split the "core set debug" and "core set verbose" CLI commands to remove
the per module verbose support that cannot work with the per console
verbose level.

* Added a silent option to the "core set verbose" command.

* Fixed "core set debug off" tab completion.

* Made "core show settings" list the current console verbosity in addition
to the root console verbosity.

* Changed the default verbose level of the 'verbose' setting in the
logger.conf [logfiles] section.  The default is now to once again follow
the current root console level.  As a result, using the AMI Command action
with "core set verbose" could again set the root console verbose level and
affect the verbose level logged.

(closes issue AST-1252)
Reported by: Guenther Kelleter

Review: https://reviewboard.asterisk.org/r/3114/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@405431 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When calling REPLACE() with an empty replace-char argument, strcpy
is used to overwrite the the matching <find-char>.  However as the
src and dest arguments to strcpy must not overlap, it causes other
parts of the string to be overwritten with adjacent characters and
the result is mangled.  Patch replaces call to strcpy with memmove
and adds a test suite case for REPLACE.

(closes issue ASTERISK-22910)
Reported by: Gareth Palmer
Review: https://reviewboard.asterisk.org/r/3083/
Patches:
    func_strings.patch uploaded by Gareth Palmer (license 5169)
........

Merged revisions 404674 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@404675 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Example output was inaccurate.

(issue ASTERISK-22970)
(closes issue ASTERISK-22970)
Reported by: Gareth Palmer
Patches:
   func_strings.patch uploaded by Gareth Palmer (license 5169)
........

Merged revisions 404081 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@404087 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch allows individual dialplan functions to be marked as
'dangerous', to inhibit their execution from external sources.

A 'dangerous' function is one which results in a privilege escalation.
For example, if one were to read the channel variable SHELL(rm -rf /)
Bad Things(TM) could happen; even if the external source has only read
permissions.

Execution from external sources may be enabled by setting
'live_dangerously' to 'yes' in the [options] section of asterisk.conf.
Although doing so is not recommended.

(closes issue ASTERISK-22905)
Review: http://reviewboard.digium.internal/r/432/
........

Merged revisions 403913 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@403917 65c4cc65-6c06-0410-ace0-fbb531ad65f3

(issue ASTERSIK-22467)
Reported by: Corey Farrell
Patches:
    chan_sip-parse_contact_header_test-free-contacts.patch uploaded by coreyfarrell (license 5909)
    cli-filename-completion-leak.patch uploaded by coreyfarrell (license 5909)
    func_math.patch uploaded by corefarrell (license 5909)
    main-test-cleanup.patch uploaded by coreyfarrell (license 5909)
    test_dlinklists.patch uploaded by coreyfarrell (license 5909)
........

Merged revisions 401660 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@401661 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The AST_CONFIG dialplan function defined in func_config.c allocates its
config file list entries using ast_malloc. List entry allocations
destined for use with Asterisk's linked list API must be ast_calloc()d
or otherwise initialized so that list pointers are set to NULL. These
uses of ast_malloc have been replaced by ast_calloc to prevent
dereferencing of uninitialized pointer values when traversing the list.

(closes issue ASTERISK-22483)
Reported by: Brian Scott
........

Merged revisions 400694 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@400697 65c4cc65-6c06-0410-ace0-fbb531ad65f3

There are several locations in the code base where this is done:
buf = ast_realloc(buf, new_size);

This is going to leak the original buf contents if the realloc fails.

Review: https://reviewboard.asterisk.org/r/2832/
........

Merged revisions 398757 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@398758 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Missed a spot in the previous commit.


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@396310 65c4cc65-6c06-0410-ace0-fbb531ad65f3

We try to keep the system running even when all available memory is
spent.

Review: https://reviewboard.asterisk.org/r/2734/
........

Merged revisions 396279 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@396287 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch cleans up documentation in func_channel for the following items:
* rtpsource
* secure_signaling
* secure_media
* various OOH323 parameters

(closes issue ASTERISK-20969)
Reported by: snuffy
patches:
  func_chan-update.diff uploaded by snuffy (License 5024)
........

Merged revisions 394980 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@394981 65c4cc65-6c06-0410-ace0-fbb531ad65f3

It is not apparent to the average user that the PASSTHRU function should not
be passed as ${PASSTHRU(string)} but just as PASSTHRU(string) to functions
which take a variable name and not its contents.

This patch clarifies the behavior in the documentation and provides an example.

(closes issue ASTERISK-21717)
Reported by: Richard Miller
patches:
  func_strings.diff uploaded by Richard Miller (license 5685)
........

Merged revisions 394302 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@394303 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Document that you can read/write the 'accountcode' and 'amaflags' on a channel.
........

Merged revisions 384640 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@384641 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/2403/
........

Merged revisions 383460 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@383461 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Review: https://reviewboard.asterisk.org/r/2402/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@383457 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Notes that the 'e' option actually decodes data when used as a write function
such as with the SET application while it encodes data when used to read.

Review: https://reviewboard.asterisk.org/r/2335/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@381655 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch fixes a crash in Asterisk that could be caused by using the
PresenceState AMI action while providing an invalid provider. This patch
also adds some additional warnings when a user attempts to provide the
PresenceState action with invalid data, and removes some NOTICE statements
that were still lurking in the code from testing.

(closes issue AST-1084)
Reported by: John Bigelow
Tested by: John Bigelow


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@381594 65c4cc65-6c06-0410-ace0-fbb531ad65f3