Importing release summary for 13.0.1 release.

git-svn-id: https://origsvn.digium.com/svn/asterisk/tags/13.0.1@428504 65c4cc65-6c06-0410-ace0-fbb531ad65f3

.version

@@ -1 +1 @@
-13.0.0
+13.0.1

ChangeLog

@@ -1,3 +1,90 @@
+2014-11-20  Asterisk Development Team <asteriskteam@digium.com>
+
+	* Asterisk 13.0.1 Released.
+
+	* AST-2014-012: Fix error with mixed address family ACLs.
+
+	  Prior to this commit, the address family of the first item in an ACL
+	  was used to compare all incoming traffic. This could lead to traffic
+	  of other IP address families bypassing ACLs.
+
+	  ASTERISK-24469 #close
+	  Reported by Matt Jordan
+
+	* AST-2014-013: Fix PJSIP ACLs not loading on startup and apply/ACL
+	  issues on contact
+
+	  The biggest problem this patch fixes is that ACLs weren't previously
+	  being loaded when the res_pjsip_acl module was loaded. In addition,
+	  the ACL options contact_permit and contact_acl were effectively
+	  interpreted as contact_deny and this patch fixes that as well.
+
+	  ASTERISK-24531 #close
+	  Reported by: Matt Jordan
+
+	* AST-2014-015: Fix race condition in chan_pjsip when sending responses
+	  after a CANCEL has been received.
+
+	  Due to the serialized architecture of chan_pjsip there exists a race
+	  condition where a CANCEL may be received and processed before
+	  responses (such as 180 Ringing, 183 Session Progress, and 200 OK)
+	  are sent. Since the session is in an unexpected state PJSIP will
+	  assert when this is attempted.
+
+	  This change makes it so that these responses are not sent on
+	  disconnected sessions.
+
+	  ASTERISK-24471 #close
+	  Reported by: yaron nahum
+
+	* AST-2014-016: Fix crash when receiving an in-dialog INVITE with
+	  Replaces in res_pjsip_refer.
+
+	  The implementation of INVITE with Replaces in res_pjsip_refer did not
+	  expect them to occur in-dialog. As a result it would incorrectly
+	  attempt to hang up a channel it thought was under its control. In
+	  reality the channel would be under the control of another thread.
+	  When the other thread accessed the channel it would be accessing
+	  freed memory and could crash.
+
+	  This change makes res_pjsip_refer not act on an in-dialog INVITE
+	  with Replaces.
+
+	  ASTERISK-24528 #close
+	  Reported by: Joshua Colp
+
+	* AST-2014-017 - app_confbridge: permission escalation/ class
+	  authorization.
+
+	  Confbridge dialplan function permission escalation via AMI and
+	  inappropriate class authorization on the ConfbridgeStartRecord action.
+	  The CONFBRIDGE dialplan function when executed from an external
+	  protocol (for instance AMI), could result in a privilege escalation.
+	  Also, the AMI action “ConfbridgeStartRecord” could also be used to
+	  execute arbitrary system commands without first checking for system
+	  access.
+
+	  Asterisk now inhibits the CONFBRIDGE function from being executed
+	  from an external interface if the live_dangerously option is set to
+	  no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed
+	  to execute under a user with system level access.
+
+	  ASTERISK-24490
+	  Reported by: Gareth Palmer
+
+	* AST-2014-018 - func_db: DB Dialplan function permission escalation
+	  via AMI.
+
+	  The DB dialplan function when executed from an external protocol
+	  (for instance AMI), could result in a privilege escalation.
+
+	  Asterisk now inhibits the DB function from being executed from an
+	  external interface if the live_dangerously option is set to no.
+
+	  ASTERISK-24534
+	  Reported by: Gareth Palmer
+	  patches: submitted by Gareth Palmer (license 5169)
+
 2014-10-24  Asterisk Development Team <asteriskteam@digium.com>
 
 	* Asterisk 13.0.0 Released.

apps/app_confbridge.c

@@ -3410,7 +3410,7 @@ static int load_module(void)
 
 	res |= ast_register_application_xml(app, confbridge_exec);
 
-	res |= ast_custom_function_register(&confbridge_function);
+	res |= ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE);
 	res |= ast_custom_function_register(&confbridge_info_function);
 
 	res |= ast_cli_register_multiple(cli_confbridge, ARRAY_LEN(cli_confbridge));
@@ -3422,7 +3422,7 @@ static int load_module(void)
 	res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick);
 	res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock);
 	res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock);
-	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord);
+	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord);
 	res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord);
 	res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc);
 	if (res) {

asterisk-13.0.1-summary.html

@@ -0,0 +1,72 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /><title>Release Summary - asterisk-13.0.1</title></head>
+<body>
+<h1 align="center"><a name="top">Release Summary</a></h1>
+<h3 align="center">asterisk-13.0.1</h3>
+<h3 align="center">Date: 2014-11-20</h3>
+<h3 align="center">&lt;asteriskteam@digium.com&gt;</h3>
+<hr/>
+<h2 align="center">Table of Contents</h2>
+<ol>
+   <li><a href="#summary">Summary</a></li>
+   <li><a href="#contributors">Contributors</a></li>
+   <li><a href="#commits">Other Changes</a></li>
+   <li><a href="#diffstat">Diffstat</a></li>
+</ol>
+<hr/>
+<a name="summary"><h2 align="center">Summary</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This release has been made to address one or more security vulnerabilities that have been identified.  A security advisory document has been published for each vulnerability that includes additional information.  Users of versions of Asterisk that are affected are strongly encouraged to review the advisories and determine what action they should take to protect their systems from these issues.</p>
+<p>Security Advisories: <a href="http://downloads.asterisk.org/pub/security/AST-2014-012.html">AST-2014-012</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2014-013.html">AST-2014-013</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2014-015.html">AST-2014-015</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2014-016.html">AST-2014-016</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2014-017.html">AST-2014-017</a>, <a href="http://downloads.asterisk.org/pub/security/AST-2014-018.html">AST-2014-018</a></p>
+<p>The data in this summary reflects changes that have been made since the previous release, asterisk-13.0.0.</p>
+<hr/>
+<a name="contributors"><h2 align="center">Contributors</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This table lists the people who have submitted code, those that have tested patches, as well as those that reported issues on the issue tracker that were resolved in this release.  For coders, the number is how many of their patches (of any size) were committed into this release.  For testers, the number is the number of times their name was listed as assisting with testing a patch.  Finally, for reporters, the number is the number of issues that they reported that were closed by commits that went into this release.</p>
+<table width="100%" border="0">
+<tr>
+<td width="33%"><h3>Coders</h3></td>
+<td width="33%"><h3>Testers</h3></td>
+<td width="33%"><h3>Reporters</h3></td>
+</tr>
+<tr valign="top">
+<td>
+8 bebuild<br/>
+</td>
+<td>
+</td>
+<td>
+</td>
+</tr>
+</table>
+<hr/>
+<a name="commits"><h2 align="center">Commits Not Associated with an Issue</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a list of all changes that went into this release that did not directly close an issue from the issue tracker.  The commits may have been marked as being related to an issue.  If that is the case, the issue numbers are listed here, as well.</p>
+<table width="100%" border="1">
+<tr><td><b>Revision</b></td><td><b>Author</b></td><td><b>Summary</b></td><td><b>Issues Referenced</b></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428338">428338</a></td><td>bebuild</td><td>Create 13.0.1</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428377">428377</a></td><td>bebuild</td><td>Update .version, remove summaries</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428429">428429</a></td><td>bebuild</td><td>Merge 428425 for AST-2014-012</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428435">428435</a></td><td>bebuild</td><td>Merge r428413 for AST-2014-018</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428439">428439</a></td><td>bebuild</td><td>Merge r428343 for AST-2014-013</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428443">428443</a></td><td>bebuild</td><td>Merge r428302 for AST-2014-015</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428445">428445</a></td><td>bebuild</td><td>Merge r428305 for AST-2014-016</td>
+<td></td></tr><tr><td><a href="http://svn.digium.com/view/asterisk/tags/13.0.1?view=revision&revision=428449">428449</a></td><td>bebuild</td><td>Merge r428339 for AST-2014-017</td>
+<td></td></tr></table>
+<hr/>
+<a name="diffstat"><h2 align="center">Diffstat Results</h2></a>
+<center><a href="#top">[Back to Top]</a></center><br/><p>This is a summary of the changes to the source code that went into this release that was generated using the diffstat utility.</p>
+<pre>
+.version                     |    2
+ChangeLog                    |   87
+apps/app_confbridge.c        |    4
+asterisk-13.0.0-summary.html | 6034 -------------------------------
+asterisk-13.0.0-summary.txt  | 8206 -------------------------------------------
+channels/chan_pjsip.c        |   12
+funcs/func_db.c              |    2
+main/acl.c                   |    2
+res/res_pjsip_acl.c          |    7
+res/res_pjsip_refer.c        |   26
+10 files changed, 127 insertions(+), 14255 deletions(-)
+</pre><br/>
+<hr/>
+</body>
+</html>

asterisk-13.0.1-summary.txt

@@ -0,0 +1,113 @@
+                                Release Summary
+
+                                asterisk-13.0.1
+
+                                Date: 2014-11-20
+
+                           <asteriskteam@digium.com>
+
+     ----------------------------------------------------------------------
+
+                               Table of Contents
+
+    1. Summary
+    2. Contributors
+    3. Other Changes
+    4. Diffstat
+
+     ----------------------------------------------------------------------
+
+                                    Summary
+
+                                 [Back to Top]
+
+   This release has been made to address one or more security vulnerabilities
+   that have been identified. A security advisory document has been published
+   for each vulnerability that includes additional information. Users of
+   versions of Asterisk that are affected are strongly encouraged to review
+   the advisories and determine what action they should take to protect their
+   systems from these issues.
+
+   Security Advisories: AST-2014-012, AST-2014-013, AST-2014-015,
+   AST-2014-016, AST-2014-017, AST-2014-018
+
+   The data in this summary reflects changes that have been made since the
+   previous release, asterisk-13.0.0.
+
+     ----------------------------------------------------------------------
+
+                                  Contributors
+
+                                 [Back to Top]
+
+   This table lists the people who have submitted code, those that have
+   tested patches, as well as those that reported issues on the issue tracker
+   that were resolved in this release. For coders, the number is how many of
+   their patches (of any size) were committed into this release. For testers,
+   the number is the number of times their name was listed as assisting with
+   testing a patch. Finally, for reporters, the number is the number of
+   issues that they reported that were closed by commits that went into this
+   release.
+
+     Coders                   Testers                  Reporters              
+   8 bebuild                
+
+     ----------------------------------------------------------------------
+
+                      Commits Not Associated with an Issue
+
+                                 [Back to Top]
+
+   This is a list of all changes that went into this release that did not
+   directly close an issue from the issue tracker. The commits may have been
+   marked as being related to an issue. If that is the case, the issue
+   numbers are listed here, as well.
+
+   +------------------------------------------------------------------------+
+   | Revision | Author  | Summary                       | Issues Referenced |
+   |----------+---------+-------------------------------+-------------------|
+   | 428338   | bebuild | Create 13.0.1                 |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428377   | bebuild | Update .version, remove       |                   |
+   |          |         | summaries                     |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428429   | bebuild | Merge 428425 for AST-2014-012 |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428435   | bebuild | Merge r428413 for             |                   |
+   |          |         | AST-2014-018                  |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428439   | bebuild | Merge r428343 for             |                   |
+   |          |         | AST-2014-013                  |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428443   | bebuild | Merge r428302 for             |                   |
+   |          |         | AST-2014-015                  |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428445   | bebuild | Merge r428305 for             |                   |
+   |          |         | AST-2014-016                  |                   |
+   |----------+---------+-------------------------------+-------------------|
+   | 428449   | bebuild | Merge r428339 for             |                   |
+   |          |         | AST-2014-017                  |                   |
+   +------------------------------------------------------------------------+
+
+     ----------------------------------------------------------------------
+
+                                Diffstat Results
+
+                                 [Back to Top]
+
+   This is a summary of the changes to the source code that went into this
+   release that was generated using the diffstat utility.
+
+ .version                     |    2
+ ChangeLog                    |   87
+ apps/app_confbridge.c        |    4
+ asterisk-13.0.0-summary.html | 6034 -------------------------------
+ asterisk-13.0.0-summary.txt  | 8206 -------------------------------------------
+ channels/chan_pjsip.c        |   12
+ funcs/func_db.c              |    2
+ main/acl.c                   |    2
+ res/res_pjsip_acl.c          |    7
+ res/res_pjsip_refer.c        |   26
+ 10 files changed, 127 insertions(+), 14255 deletions(-)
+
+     ----------------------------------------------------------------------

channels/chan_pjsip.c

@@ -489,6 +489,11 @@ static int answer(void *data)
 	pjsip_tx_data *packet = NULL;
 	struct ast_sip_session *session = data;
 
+	if (session->inv_session->state == PJSIP_INV_STATE_DISCONNECTED) {
+		ao2_ref(session, -1);
+		return 0;
+	}
+
 	pjsip_dlg_inc_lock(session->inv_session->dlg);
 	if (session->inv_session->invite_tsx) {
 		status = pjsip_inv_answer(session->inv_session, 200, NULL, NULL, &packet);
@@ -1001,7 +1006,8 @@ static int indicate(void *data)
 	struct ast_sip_session *session = ind_data->session;
 	int response_code = ind_data->response_code;
 
-	if (pjsip_inv_answer(session->inv_session, response_code, NULL, NULL, &packet) == PJ_SUCCESS) {
+	if ((session->inv_session->state != PJSIP_INV_STATE_DISCONNECTED) &&
+		(pjsip_inv_answer(session->inv_session, response_code, NULL, NULL, &packet) == PJ_SUCCESS)) {
 		ast_sip_session_send_response(session, packet);
 	}
 
@@ -1053,6 +1059,10 @@ static int update_connected_line_information(void *data)
 	if ((ast_channel_state(session->channel) != AST_STATE_UP) && (session->inv_session->role == PJSIP_UAS_ROLE)) {
 		int response_code = 0;
 
+		if (session->inv_session->state == PJSIP_INV_STATE_DISCONNECTED) {
+			return 0;
+		}
+
 		if (ast_channel_state(session->channel) == AST_STATE_RING) {
 			response_code = !session->endpoint->inband_progress ? 180 : 183;
 		} else if (ast_channel_state(session->channel) == AST_STATE_RINGING) {

funcs/func_db.c

@@ -351,7 +351,7 @@ static int load_module(void)
 {
 	int res = 0;
 
-	res |= ast_custom_function_register(&db_function);
+	res |= ast_custom_function_register_escalating(&db_function, AST_CFE_BOTH);
 	res |= ast_custom_function_register(&db_exists_function);
 	res |= ast_custom_function_register_escalating(&db_delete_function, AST_CFE_READ);
 	res |= ast_custom_function_register(&db_keys_function);

main/acl.c

@@ -743,7 +743,7 @@ enum ast_acl_sense ast_apply_ha(const struct ast_ha *ha, const struct ast_sockad
 		ast_copy_string(iabuf2, ast_inet_ntoa(ha->netaddr), sizeof(iabuf2));
 		ast_debug(1, "##### Testing %s with %s\n", iabuf, iabuf2);
 #endif
-		if (ast_sockaddr_is_ipv4(&ha->addr)) {
+		if (ast_sockaddr_is_ipv4(&current_ha->addr)) {
 			if (ast_sockaddr_is_ipv6(addr)) {
 				if (ast_sockaddr_is_ipv4_mapped(addr)) {
 					/* IPv4 ACLs apply to IPv4-mapped addresses */

res/res_pjsip_acl.c

@@ -233,8 +233,9 @@ static int acl_handler(const struct aco_option *opt, struct ast_variable *var, v
 	struct ast_sip_acl *sip_acl = obj;
 	int error = 0;
 	int ignore;
-	if (!strncmp(var->name, "contact", 7)) {
-		ast_append_acl(var->name + 7, var->value, &sip_acl->contact_acl, &error, &ignore);
+
+	if (!strncmp(var->name, "contact_", 8)) {
+		ast_append_acl(var->name + 8, var->value, &sip_acl->contact_acl, &error, &ignore);
 	} else {
 		ast_append_acl(var->name, var->value, &sip_acl->acl, &error, &ignore);
 	}
@@ -287,6 +288,8 @@ static int load_module(void)
 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contact_deny", "", acl_handler, NULL, NULL, 0, 0);
 	ast_sorcery_object_field_register_custom(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE, "contact_acl", "", acl_handler, NULL, NULL, 0, 0);
 
+	ast_sorcery_load_object(ast_sip_get_sorcery(), SIP_SORCERY_ACL_TYPE);
+
 	ast_sip_register_service(&acl_module);
 	return AST_MODULE_LOAD_SUCCESS;
 }

res/res_pjsip_refer.c

@@ -785,6 +785,12 @@ static int refer_incoming_invite_request(struct ast_sip_session *session, struct
 	other_session = ast_sip_dialog_get_session(other_dlg);
 	pjsip_dlg_dec_lock(other_dlg);
 
+	/* Don't accept an in-dialog INVITE with Replaces as it does not make much sense */
+	if (session->inv_session->dlg->state == PJSIP_DIALOG_STATE_ESTABLISHED) {
+		response = 488;
+		goto end;
+	}
+
 	if (!other_session) {
 		response = 481;
 		ast_debug(3, "INVITE with Replaces received on channel '%s' from endpoint '%s', but requested session does not exist\n",
@@ -831,14 +837,20 @@ static int refer_incoming_invite_request(struct ast_sip_session *session, struct
 
 end:
 	if (response) {
-		ast_debug(3, "INVITE with Replaces failed on channel '%s', sending response of '%d'\n",
-			ast_channel_name(session->channel), response);
-		session->defer_terminate = 1;
-		ast_hangup(session->channel);
-		session->channel = NULL;
+		if (session->inv_session->dlg->state != PJSIP_DIALOG_STATE_ESTABLISHED) {
+			ast_debug(3, "INVITE with Replaces failed on channel '%s', sending response of '%d'\n",
+				ast_channel_name(session->channel), response);
+			session->defer_terminate = 1;
+			ast_hangup(session->channel);
+			session->channel = NULL;
 
-		if (pjsip_inv_end_session(session->inv_session, response, NULL, &packet) == PJ_SUCCESS) {
-			ast_sip_session_send_response(session, packet);
+			if (pjsip_inv_end_session(session->inv_session, response, NULL, &packet) == PJ_SUCCESS) {
+				ast_sip_session_send_response(session, packet);
+			}
+		} else {
+			ast_debug(3, "INVITE with Replaces in-dialog on channel '%s', hanging up\n",
+				ast_channel_name(session->channel));
+			ast_queue_hangup(session->channel);
 		}
 	}