main/config.c | 25 9 + 16 - 0 !
1 file changed, 9 insertions(+), 16 deletions(-)

 change the way that we read include files, to accommodate for changes in gcc 4.4 

Makefile | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 relax badshell tilde test

Makefile.moddir_rules | 2 1 + 1 - 0 !
apps/Makefile | 18 18 + 0 - 0 !
apps/app_voicemail.c | 3 3 + 0 - 0 !
3 files changed, 22 insertions(+), 1 deletion(-)

 build multiple versions of app_voicemail.so

Makefile | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 don't remove sounds on dist-clean

contrib/scripts/safe_asterisk | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use /etc/default/settings for configuring safe_asterisk (vendor specific)

contrib/scripts/safe_asterisk | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 add an option to safe_asterisk so that it won't background.

main/Makefile | 11 0 + 11 - 0 !
1 file changed, 11 deletions(-)

 avoid linking the asterisk binary with the h.323 libraries

main/loader.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 hack dynamic loader to workaround libopenh323 bug

contrib/scripts/astgenkey | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 astgenkey should generate a private key that is not world-readable

channels/chan_dahdi.c | 32 17 + 15 - 0 !
1 file changed, 17 insertions(+), 15 deletions(-)

 allow fxo channels to send out calls even before someone calls in through them

channels/chan_dahdi.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 give dahdi ptmp nt mode a shot

channels/chan_dahdi.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 print span number (when available) on pri trace messages

sounds/sounds.xml | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 avoid downloading extra sound files

res/res_musiconhold.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 install moh files under datadir

main/asterisk.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 make 'core show settings' should show all settable directories

Makefile | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 allow manually generating channels/h323/makefile.ast

contrib/scripts/astgenkey.8 | 15 7 + 8 - 0 !
contrib/scripts/autosupport.8 | 2 1 + 1 - 0 !
contrib/scripts/safe_asterisk.8 | 4 2 + 2 - 0 !
doc/asterisk.8 | 94 47 + 47 - 0 !
4 files changed, 57 insertions(+), 58 deletions(-)

 fix hyphen vs. minus in man pages

apps/app_voicemail.c | 2 1 + 1 - 0 !
channels/chan_dahdi.c | 6 3 + 3 - 0 !
channels/chan_iax2.c | 2 1 + 1 - 0 !
channels/chan_sip.c | 6 3 + 3 - 0 !
res/res_agi.c | 4 2 + 2 - 0 !
5 files changed, 10 insertions(+), 10 deletions(-)

 fix typos reported by lintian

Also extra typo fixed in r278934 .

main/rtp.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix rt(c)p set debug ip taking wrong argument

main/utils.c | 27 13 + 14 - 0 !
1 file changed, 13 insertions(+), 14 deletions(-)

 prevent buffer overflows in ast_uri_encode()

main/udptl.c | 48 21 + 27 - 0 !
1 file changed, 21 insertions(+), 27 deletions(-)

 multiple array overflow and crash vulnerabilities in udptl code

main/manager.c | 30 21 + 9 - 0 !
1 file changed, 21 insertions(+), 9 deletions(-)

 properly reset default manager.conf values on reload

Fixes a bug in manager.c where the default configuration values weren't
reset when the manager configuration was reloaded.

This is a simple bugfix required for cleanly applying AST-2011-005

main/manager.c | 15 10 + 5 - 0 !
1 file changed, 10 insertions(+), 5 deletions(-)

 resource exhaustion in asterisk manager interface

main/tcptls.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 remote crash vulnerability in tcp/tls server

configs/manager.conf.sample | 11 11 + 0 - 0 !
main/manager.c | 76 73 + 3 - 0 !
2 files changed, 84 insertions(+), 3 deletions(-)

 limit the number of unauthenticated manager and their time
Bug: https://issues.asterisk.org/view.php?id=18996

channels/chan_sip.c | 162 156 + 6 - 0 !
channels/chan_skinny.c | 78 74 + 4 - 0 !
configs/http.conf.sample | 5 5 + 0 - 0 !
configs/sip.conf.sample | 10 10 + 0 - 0 !
configs/skinny.conf.sample | 9 9 + 0 - 0 !
main/http.c | 15 15 + 0 - 0 !
6 files changed, 269 insertions(+), 10 deletions(-)

 limits unauthenticated tcp sessions

main/manager.c | 34 19 + 15 - 0 !
1 file changed, 19 insertions(+), 15 deletions(-)

 check for "system" privilege in the manager interface

This fix adds the missing test (added in later version, though apparently
in a slightly wrong location) for the "system" write permissions in case
a manager user attempts to execute an action that may eventually execute
a shell command.

Note that:
1. In order to explit this one must already gain authenticated access to
   the manager interface with some sort of write access.
2. Asterisk is never run as root in Debian (if you use standard init.d
   script, which slightly reduces the impact of this.
3. Many poorly-written sample manager.conf config files just give any
   manager user all priviliges. There's all to big a chance the manager
   user already has the 'system' write priv (write=system in manager.conf).

See also:
  http://downloads.asterisk.org/pub/security/AST-2011-006.html

channels/chan_sip.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 addresses ast-2011-008, memory corruption and remote crash in sip driver.

If a remote user sends a SIP packet containing a null, Asterisk assumes
available data extends past the null to the end of the packet when the
buffer is actually truncated when copied.  This causes SIP header parsing
to modify data past the end of the buffer altering unrelated memory
structures.  This vulnerability does not affect TCP/TLS connections.

CVE: CVE-2011-2529
See also http://downloads.asterisk.org/pub/security/AST-2011-008.html

channels/chan_iax2.c | 14 13 + 1 - 0 !
main/features.c | 15 12 + 3 - 0 !
2 files changed, 25 insertions(+), 4 deletions(-)

 addresses ast-2011-010, crash due to dereferencing a remote pointer

A memory address was inadvertently transmitted over the network via
IAX2 via an option control frame and the remote party would try to access it.

CVE: CVE-2011-2535
See also: http://downloads.asterisk.org/pub/security/AST-2011-010.html

channels/chan_sip.c | 17 6 + 11 - 0 !
1 file changed, 6 insertions(+), 11 deletions(-)

 [patch] merged revisions 325275 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r325275 | twilson | 2011-06-28 15:03:19 -0500 (Tue, 28 Jun 2011) | 2 lines

  Don't leak SIP username information
........

channels/chan_sip.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 make sure tcptls_session exists before dereferencing it.

main/bridging.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 pthread_join to assure the thread is really gone
Bug: https://issues.asterisk.org/view.php?id=15465

CHANGES | 12 12 + 0 - 0 !
channels/chan_sip.c | 34 22 + 12 - 0 !
configs/sip.conf.sample | 17 9 + 8 - 0 !
3 files changed, 43 insertions(+), 20 deletions(-)

 default to nat=yes; warn when nat in general and peer differ
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-18862

channels/chan_sip.c | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

---

apps/app_milliwatt.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

main/manager.c | 33 30 + 3 - 0 !
1 file changed, 30 insertions(+), 3 deletions(-)

 ast-2012-004: further ami permission fixes

main/manager.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] ami originate: forbid mixmonitor as well

Add MixMonitor to the list of patters that detect a "system"
command that is forbidden to a simple "originate"-level
Originate.

Should have been included in AST-2012-004 but seem to have been lost in
the backporting.

channels/chan_skinny.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 ast-2012-005: chan_skinny: heap overflow in keypad button handling

When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue.  When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue.  The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun.  This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.

This issue can only be exploited with a registered Skinny phone (configured
in e.g. skinny.conf).

See Also: http://downloads.asterisk.org/pub/security/AST-2012-005.html

Reported by: Russell Bryant

channels/chan_iax2.c | 30 20 + 10 - 0 !
1 file changed, 20 insertions(+), 10 deletions(-)

 fix iax receiving hold without suggested moh class crash.
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19597

channels/chan_skinny.c | 8 6 + 2 - 0 !
1 file changed, 6 insertions(+), 2 deletions(-)

 [patch] only assign line and device in handle_transfer_button when
 we have a subchannel.

Simple and minor bug fix required for applying AST-2012-008 .

channels/chan_skinny.c | 44 40 + 4 - 0 !
1 file changed, 40 insertions(+), 4 deletions(-)

 [patch] ast-2012-008: remote crash issue in chan_skinny
Bug: https://issues.asterisk.org/jira/browse/ASTERISK-19905

channels/chan_sip.c | 57 47 + 10 - 0 !
1 file changed, 47 insertions(+), 10 deletions(-)

 possible resource leak on uncompleted re-invite transactions

README-SERIOUSLY.bestpractices.txt | 51 51 + 0 - 0 !
main/manager.c | 1 1 + 0 - 0 !
2 files changed, 52 insertions(+)

 ast-2012-012: ami user shell access with externalivr