rpms/asterisk/devel 0012-Merged-revisions-132778-via-svnmerge-from.patch, NONE, 1.1 asterisk.spec, 1.29, 1.30

Jeffrey C. Ollie (jcollie) fedora-extras-commits at redhat.com
Fri Jul 25 17:50:11 UTC 2008 

Author: jcollie

Update of /cvs/pkgs/rpms/asterisk/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25383

Modified Files:
	asterisk.spec 
Added Files:
	0012-Merged-revisions-132778-via-svnmerge-from.patch 
Log Message:
* Fri Jul 25 2008 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.0-0.19.beta9
- Add patch pulled from upstream SVN that fixes AST-2008-010 and AST-2008-011.


0012-Merged-revisions-132778-via-svnmerge-from.patch:

--- NEW FILE 0012-Merged-revisions-132778-via-svnmerge-from.patch ---
>From 6c1b2ef859c2ad25a42b62d731d398c77fc3bb71 Mon Sep 17 00:00:00 2001
From: tilghman <tilghman at 614ede4d-c843-0410-af14-a771ab80d22e>
Date: Tue, 22 Jul 2008 21:55:06 +0000
Subject: [PATCH] Merged revisions 132778 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/trunk

................
r132778 | tilghman | 2008-07-22 16:53:40 -0500 (Tue, 22 Jul 2008) | 18 lines

Merged revisions 132713 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4

................
r132713 | tilghman | 2008-07-22 16:19:39 -0500 (Tue, 22 Jul 2008) | 10 lines

Merged revisions 132711 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r132711 | tilghman | 2008-07-22 16:14:10 -0500 (Tue, 22 Jul 2008) | 2 lines

Fixes for AST-2008-010 and AST-2008-011

........

................

................


git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@132780 614ede4d-c843-0410-af14-a771ab80d22e
---
 channels/chan_iax2.c    |   31 +++++++++++++++++++++++++++++--
 configs/iax.conf.sample |   10 ++++++++++
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index de1b450..055aa17 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -278,6 +278,7 @@ enum iax2_flags {
 	IAX_DELAYPBXSTART =	(1 << 25),	/*!< Don't start a PBX on the channel until the peer sends us a
 						     response, so that we've achieved a three-way handshake with
 						     them before sending voice or anything else*/
+	IAX_ALLOWFWDOWNLOAD = (1 << 26),	/*!< Allow the FWDOWNL command? */
 };
 
 static int global_rtautoclear = 120;
@@ -1701,10 +1702,10 @@ static int __find_callno(unsigned short callno, unsigned short dcallno, struct s
 			snprintf(host, sizeof(host), "%s:%d", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
 
 		now = ast_tvnow();
-		start = 1 + (ast_random() % (TRUNK_CALL_START - 1));
+		start = 2 + (ast_random() % (TRUNK_CALL_START - 1));
 		for (x = start; 1; x++) {
 			if (x == TRUNK_CALL_START) {
-				x = 0;
+				x = 1;
 				continue;
 			}
 
@@ -3447,6 +3448,15 @@ struct parsed_dial_string {
 	char *options;
 };
 
+static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
+{
+	struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
+		.ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
+		.csub = compress_subclass(command) };
+
+	return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
+}
+
 /*!
  * \brief Parses an IAX dial string into its component parts.
  * \param data the string to be parsed
@@ -7990,6 +8000,17 @@ static int socket_process(struct iax2_thread *thread)
 		} else {
 			f.subclass = uncompress_subclass(fh->csub);
 		}
+
+		/* Deal with POKE/PONG without allocating a callno */
+		if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
+			/* Reply back with a PONG, but don't care about the result. */
+			send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
+			return 1;
+		} else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
+			/* Ignore */
+			return 1;
+		}
+
 		if ((f.frametype == AST_FRAME_IAX) && ((f.subclass == IAX_COMMAND_NEW) || (f.subclass == IAX_COMMAND_REGREQ) ||
 						       (f.subclass == IAX_COMMAND_POKE) || (f.subclass == IAX_COMMAND_FWDOWNL) ||
 						       (f.subclass == IAX_COMMAND_REGREL)))
@@ -9305,6 +9326,10 @@ retryowner2:
 				break;
 			case IAX_COMMAND_FWDOWNL:
 				/* Firmware download */
+				if (!ast_test_flag(&globalflags, IAX_ALLOWFWDOWNLOAD)) {
+					send_command_final(iaxs[fr->callno], AST_FRAME_IAX, IAX_COMMAND_UNSUPPORT, 0, NULL, 0, -1);
+					break;
+				}
 				memset(&ied0, 0, sizeof(ied0));
 				res = iax_firmware_append(&ied0, (unsigned char *)ies.devicetype, ies.fwdesc);
 				if (res < 0)
@@ -10964,6 +10989,8 @@ static int set_config(char *config_file, int reload)
 			ast_set2_flag((&globalflags), ast_true(v->value), IAX_FORCEJITTERBUF);	
 		else if (!strcasecmp(v->name, "delayreject"))
 			delayreject = ast_true(v->value);
+		else if (!strcasecmp(v->name, "allowfwdownload"))
+			ast_set2_flag((&globalflags), ast_true(v->value), IAX_ALLOWFWDOWNLOAD);
 		else if (!strcasecmp(v->name, "rtcachefriends"))
 			ast_set2_flag((&globalflags), ast_true(v->value), IAX_RTCACHEFRIENDS);	
 		else if (!strcasecmp(v->name, "rtignoreregexpire"))
diff --git a/configs/iax.conf.sample b/configs/iax.conf.sample
index 2441f2c..854a243 100644
--- a/configs/iax.conf.sample
+++ b/configs/iax.conf.sample
@@ -264,6 +264,16 @@ autokill=yes
 ; The default value is 'host'
 ;
 ;codecpriority=host
+;
+; allowfwdownload controls whether this host will serve out firmware to
+; IAX clients which request it.  This has only been used for the IAXy,
+; and it has been recently proven that this firmware distribution method
+; can be used as a source of traffic amplification attacks.  Also, the
+; IAXy firmware has not been updated for at least 18 months, so unless
+; you are provisioning IAXys in a secure network, we recommend that you
+; leave this option to the default, off.
+;
+;allowfwdownload=yes
 
 ;rtcachefriends=yes	; Cache realtime friends by adding them to the internal list
 			; just like friends added from the config file only on a
-- 
1.5.5.2



Index: asterisk.spec
===================================================================
RCS file: /cvs/pkgs/rpms/asterisk/devel/asterisk.spec,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- asterisk.spec	25 Jul 2008 15:58:22 -0000	1.29
+++ asterisk.spec	25 Jul 2008 17:49:41 -0000	1.30
@@ -4,7 +4,7 @@
 Summary: The Open Source PBX
 Name: asterisk
 Version: 1.6.0
-Release: 0.18.beta%{beta}%{?dist}
+Release: 0.19.beta%{beta}%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://www.asterisk.org/
@@ -45,6 +45,7 @@
 Patch9:  0009-Update-cdr_tds-to-latest.patch
 Patch10: 0010-Update-autoconf.patch
 Patch11: 0011-Merged-revisions-123952-via-svnmerge-from.patch
+Patch12: 0012-Merged-revisions-132778-via-svnmerge-from.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-root-%(%{__id_u} -n)
 
@@ -415,6 +416,7 @@
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 cp %{SOURCE2} menuselect.makedeps
 cp %{SOURCE3} menuselect.makeopts
@@ -1025,6 +1027,9 @@
 %{_libdir}/asterisk/modules/codec_zap.so
 
 %changelog
+* Fri Jul 25 2008 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.0-0.19.beta9
+- Add patch pulled from upstream SVN that fixes AST-2008-010 and AST-2008-011.
+
 * Fri Jul 25 2008 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.0-0.18.beta9
 - Add patch for LDAP extracted from upstream SVN (#442011)

More information about the fedora-extras-commits mailing list