Convert all release tags to Opsound music-on-hold.

For more details:
http://blogs.digium.com/2009/08/18/asterisk-music-on-hold-changes/



git-svn-id: https://origsvn.digium.com/svn/asterisk/tags/1.2.31@212958 65c4cc65-6c06-0410-ace0-fbb531ad65f3

.version

@@ -1 +1 @@
-1.2.29
+1.2.31

ChangeLog

@@ -1,3 +1,68 @@
+2009-01-06  Leif Madsen <lmadsen@digium.com>
+
+	* Asterisk 1.2.31 released
+
+2009-01-06 20:44 +0000 [r167259]  Tilghman Lesher <tlesher@digium.com>
+
+	* channels/chan_iax2.c: Security fix AST-2009-001.
+
+2008-12-10  Tilghman Lesher <tlesher@digium.com>
+
+	* Asterisk 1.2.30.4 released
+
+2008-12-10 21:06 +0000 [r162868]  Tilghman Lesher <tlesher@digium.com>
+
+	* channels/chan_iax2.c: Fix for AST-2008-012
+
+2008-12-05 20:50 +0000 [r161421]  Sean Bright <sean.bright@gmail.com>
+
+	* include/asterisk/astobj2.h, astobj2.c: Fix build errors on
+	  FreeBSD (uint -> unsigned int). (closes issue #14006) Reported
+	  by: alphaque Patches: astobj2.h-patch uploaded by alphaque
+	  (license 259) (Slightly modified by seanbright)
+
+2008-12-01  Tilghman Lesher <tlesher@digium.com>
+
+	* Asterisk 1.2.30.3 released
+
+2008-11-25 21:37 +0000 [r159245]  Tilghman Lesher <tlesher@digium.com>
+
+	* channels/chan_iax2.c: Regression fix for last security fix. Set
+	  the iseqno correctly. (closes issue #13918) Reported by:
+	  ffloimair Patches: 20081119__bug13918.diff.txt uploaded by
+	  Corydon76 (license 14) Tested by: ffloimair
+
+2008-08-09  Tilghman Lesher <tlesher@digium.com>
+
+	* Asterisk 1.2.30.2 released
+
+2008-08-09 15:24 +0000 [r136945]  Tilghman Lesher <tlesher@digium.com>
+
+	* include/asterisk/compat.h, include/asterisk/astobj2.h: Regression
+	  fixes for Solaris
+
+2008-07-25 15:00 +0000 [r133577]  Russell Bryant <russell@digium.com>
+
+	* LICENSE: Fix the IAX2 URI for calling Digium
+
+2008-07-23  Tilghman Lesher <tlesher@digium.com>
+
+	* Asterisk 1.2.30.1 released
+
+2008-07-24 03:46 +0000 [r133360]  Tilghman Lesher <tlesher@digium.com>
+
+	* channels/chan_iax2.c: This part was not correctly patched for
+	  AST-2008-010.
+
+2008-07-22  Russell Bryant <russell@digium.com>
+
+	* Asterisk 1.2.30 released
+
+2008-07-22 21:14 +0000 [r132711]  Tilghman Lesher <tlesher@digium.com>
+
+	* configs/iax.conf.sample, channels/chan_iax2.c: Fixes for
+	  AST-2008-010 and AST-2008-011
+
 2008-06-03  Russell Bryant <russell@digium.com>
 
 	* Asterisk 1.2.29 released

LICENSE

@@ -58,7 +58,7 @@ contact us:
 +1.877.546.8963 (via telephone in the USA)
 +1.256.428.6000 (via telephone outside the USA)
 +1.256.864.0464 (via FAX inside or outside the USA)
-IAX2/misery.digium.com/6000 (via IAX2)
+IAX2/pbx.digium.com (via IAX2)
 licensing@digium.com (via email)
 
 Digium, Inc.

astobj2.c

@@ -294,7 +294,7 @@ static int hash_zero(const void *user_obj, const int flags)
  * A container is just an object, after all!
  */
 struct ao2_container *
-ao2_container_alloc(const uint n_buckets, ao2_hash_fn hash_fn,
+ao2_container_alloc(const unsigned int n_buckets, ao2_hash_fn hash_fn,
 		ao2_callback_fn cmp_fn)
 {
 	/* XXX maybe consistency check on arguments ? */

channels/chan_iax2.c

@@ -164,6 +164,7 @@ static int trunkfreq = 20;
 static int authdebug = 1;
 static int autokill = 0;
 static int iaxcompat = 0;
+static int lastauthmethod = 0;
 
 static int iaxdefaultdpcache=10 * 60;	/* Cache dialplan entries for 10 minutes by default */
 
@@ -272,6 +273,7 @@ enum {
 	IAX_DELAYPBXSTART =	(1 << 25),	/*!< Don't start a PBX on the channel until the peer sends us a
 						     response, so that we've achieved a three-way handshake with
 						     them before sending voice or anything else*/
+	IAX_ALLOWFWDOWNLOAD = (1 << 26),	/*!< Allow the FWDOWNL command? */
 } iax2_flags;
 
 static int global_rtautoclear = 120;
@@ -1282,7 +1284,7 @@ static int find_callno(unsigned short callno, unsigned short dcallno, struct soc
  		}
 
 		/* Look for an existing connection first */
-		for (x=1;(res < 1) && (x<maxnontrunkcall);x++) {
+		for (x=2;(res < 1) && (x<maxnontrunkcall);x++) {
 			ast_mutex_lock(&iaxsl[x]);
 			if (iaxs[x]) {
 				/* Look for an exact match */
@@ -1317,10 +1319,10 @@ static int find_callno(unsigned short callno, unsigned short dcallno, struct soc
 
 		gettimeofday(&now, NULL);
 
-		start = 1 + (rand() % (TRUNK_CALL_START - 1));
+		start = 2 + (rand() % (TRUNK_CALL_START - 1));
 		for (x = start; 1; x++) {
 			if (x == TRUNK_CALL_START) {
-				x = 0;
+				x = 1;
 				continue;
 			}
 
@@ -2749,7 +2751,7 @@ static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in
 	if (peername) {
 		var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
 		if (!var && sin)
-			var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
+			var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), (char *) NULL);
 	} else if (sin) {
 		char porta[25];
 		ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr);
@@ -2873,7 +2875,7 @@ static struct iax2_user *realtime_user(const char *username, struct sockaddr_in
 
 	var = ast_load_realtime("iaxusers", "name", username, "host", "dynamic", NULL);
 	if (!var && sin)
-		var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
+		var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), (char *) NULL);
 	if (!var && sin) {
 		char porta[6];
 		snprintf(porta, sizeof(porta), "%d", ntohs(sin->sin_port));
@@ -3098,6 +3100,15 @@ struct parsed_dial_string {
 	char *options;
 };
 
+static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
+{
+	struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
+		.ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
+		.csub = compress_subclass(command) };
+
+	return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
+}
+
 /*!
  * \brief Parses an IAX dial string into its component parts.
  * \param data the string to be parsed
@@ -6077,23 +6088,34 @@ static int registry_authrequest(char *name, int callno)
 {
 	struct iax_ie_data ied;
 	struct iax2_peer *p;
+	int authmethods;
+
+	if (!iaxs[callno]) {
+		return 0;
+	}
+
 	/* SLD: third call to find_peer in registration */
-	p = find_peer(name, 1);
-	if (p) {
-		memset(&ied, 0, sizeof(ied));
-		iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
-		if (p->authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
-			/* Build the challenge */
-			snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand());
-			iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge);
-		}
-		iax_ie_append_str(&ied, IAX_IE_USERNAME, name);
-		if (ast_test_flag(p, IAX_TEMPONLY))
-			destroy_peer(p);
-		return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
-	} 
-	ast_log(LOG_WARNING, "No such peer '%s'\n", name);
-	return 0;
+	if ((p = find_peer(name, 1))) {
+		lastauthmethod = p->authmethods;
+	}
+
+	authmethods = p ? p->authmethods : lastauthmethod ? lastauthmethod : (IAX_AUTH_PLAINTEXT | IAX_AUTH_MD5);
+	if (p && ast_test_flag(p, IAX_TEMPONLY)) {
+		destroy_peer(p);
+	} else if (!delayreject) {
+		ast_log(LOG_WARNING, "No such peer '%s'\n", name);
+		return 0;
+	}
+	
+	memset(&ied, 0, sizeof(ied));
+	iax_ie_append_short(&ied, IAX_IE_AUTHMETHODS, p->authmethods);
+	if (authmethods & (IAX_AUTH_RSA | IAX_AUTH_MD5)) {
+		/* Build the challenge */
+		snprintf(iaxs[callno]->challenge, sizeof(iaxs[callno]->challenge), "%d", rand());
+		iax_ie_append_str(&ied, IAX_IE_CHALLENGE, iaxs[callno]->challenge);
+	}
+	iax_ie_append_str(&ied, IAX_IE_USERNAME, name);
+	return send_command(iaxs[callno], AST_FRAME_IAX, IAX_COMMAND_REGAUTH, 0, ied.buf, ied.pos, -1);;
 }
 
 static int registry_rerequest(struct iax_ies *ies, int callno, struct sockaddr_in *sin)
@@ -6828,6 +6850,17 @@ static int socket_read(int *id, int fd, short events, void *cbdata)
 		} else {
 			f.subclass = uncompress_subclass(fh->csub);
 		}
+
+		/* Deal with POKE/PONG without allocating a callno */
+		if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
+			/* Reply back with a PONG, but don't care about the result. */
+			send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
+			return 1;
+		} else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
+			/* Ignore */
+			return 1;
+		}
+
 		if ((f.frametype == AST_FRAME_IAX) && ((f.subclass == IAX_COMMAND_NEW) || (f.subclass == IAX_COMMAND_REGREQ) ||
 						       (f.subclass == IAX_COMMAND_POKE) || (f.subclass == IAX_COMMAND_FWDOWNL) ||
 						       (f.subclass == IAX_COMMAND_REGREL)))
@@ -7921,6 +7954,10 @@ retryowner2:
 				break;
 			case IAX_COMMAND_FWDOWNL:
 				/* Firmware download */
+				if (!ast_test_flag(&globalflags, IAX_ALLOWFWDOWNLOAD)) {
+					send_command_final(iaxs[fr->callno], AST_FRAME_IAX, IAX_COMMAND_UNSUPPORT, 0, NULL, 0, -1);
+					break;
+				}
 				memset(&ied0, 0, sizeof(ied0));
 				res = iax_firmware_append(&ied0, (unsigned char *)ies.devicetype, ies.fwdesc);
 				if (res < 0)
@@ -9188,6 +9225,8 @@ static int set_config(char *config_file, int reload)
 			delayreject = ast_true(v->value);
 		else if (!strcasecmp(v->name, "mailboxdetail"))
 			ast_set2_flag((&globalflags), ast_true(v->value), IAX_MESSAGEDETAIL);	
+		else if (!strcasecmp(v->name, "allowfwdownload"))
+			ast_set2_flag((&globalflags), ast_true(v->value), IAX_ALLOWFWDOWNLOAD);
 		else if (!strcasecmp(v->name, "rtcachefriends"))
 			ast_set2_flag((&globalflags), ast_true(v->value), IAX_RTCACHEFRIENDS);	
 		else if (!strcasecmp(v->name, "rtignoreregexpire"))

configs/iax.conf.sample

@@ -255,6 +255,16 @@ autokill=yes
 ; The default value is 'host'
 ;
 ;codecpriority=host
+;
+; allowfwdownload controls whether this host will serve out firmware to
+; IAX clients which request it.  This has only been used for the IAXy,
+; and it has been recently proven that this firmware distribution method
+; can be used as a source of traffic amplification attacks.  Also, the
+; IAXy firmware has not been updated for at least 18 months, so unless
+; you are provisioning IAXys in a secure network, we recommend that you
+; leave this option to the default, off.
+;
+;allowfwdownload=yes
 
 ;rtcachefriends=yes		; Cache realtime friends by adding them to the internal list
 				; just like friends added from the config file only on a

include/asterisk/astobj2.h

@@ -17,6 +17,8 @@
 #ifndef _ASTERISK_ASTOBJ2_H
 #define _ASTERISK_ASTOBJ2_H
 
+#include "asterisk/compat.h"
+
 /*! \file 
  *
  * \brief Object Model implementing objects and containers.
@@ -330,7 +332,7 @@ struct ao2_container;
  *
  * destructor is set implicitly.
  */
-struct ao2_container *ao2_container_alloc(const uint n_buckets,
+struct ao2_container *ao2_container_alloc(const unsigned int n_buckets,
 		ao2_hash_fn hash_fn, ao2_callback_fn cmp_fn);
 
 /*!
@@ -527,11 +529,11 @@ struct ao2_iterator {
 	/*! current bucket */
 	int bucket;
 	/*! container version */
-	uint c_version;
+	unsigned int c_version;
 	/*! pointer to the current object */
 	void *obj;
 	/*! container version when the object was created */
-	uint version;
+	unsigned int version;
 };
 
 struct ao2_iterator ao2_iterator_init(struct ao2_container *c, int flags);

include/asterisk/compat.h

@@ -54,6 +54,7 @@
 typedef unsigned char	u_int8_t;
 typedef unsigned short	u_int16_t;
 typedef unsigned int	u_int32_t;
+typedef unsigned int	uint;
 #endif
 
 char* strsep(char** str, const char* delims);