Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
> On Jan. 28, 2015, 5:42 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 560 > > > > > > I'm surprised that the compiler didn't complain about http_header_data > > being const because it is passed to ast_

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4374/ --- (Updated Jan. 28, 2015, 8:13 p.m.) Review request for Asterisk Developers.

[asterisk-dev] [Code Review] 4387: res_pjsip_exten_state: Reduce log clutter... change a WARNING to a VERBOSE/2.

2015-01-28 Thread George Joseph
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4387/ --- Review request for Asterisk Developers. Repository: Asterisk Description

[asterisk-dev] [Code Review] 4384: res_pjsip_outbound_publish: eventually crashes when no response is ever received

2015-01-28 Thread Kevin Harwell
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4384/ --- Review request for Asterisk Developers. Bugs: ASTERISK-24635 https://i

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread rmudgett
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4374/#review14351 --- ./branches/13/main/http.c

[asterisk-dev] AST-2015-001: File descriptor leak when incompatible codecs are offered

2015-01-28 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2015-001 ProductAsterisk SummaryFile descriptor leak when incompatible codecs are offered

[asterisk-dev] AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

2015-01-28 Thread Asterisk Security Team
Asterisk Project Security Advisory - AST-2015-002 ProductAsterisk SummaryMitigation for libcURL HTTP request injection vulnerability

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4374/ --- (Updated Jan. 28, 2015, 5:15 p.m.) Review request for Asterisk Developers.

[asterisk-dev] Asterisk 1.8.28-cert4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, 13.1.1 Now Available (Security Release)

2015-01-28 Thread Asterisk Development Team
The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, and 13.1.1. These releases are available for immedi

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
> On Jan. 27, 2015, 7:51 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 384 > > > > > > Does this need to be skipped if http_server_name is empty? > > Ashley Sanders wrote: > I think in the case of t

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
> On Jan. 27, 2015, 7:48 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 640 > > > > > > This seems kind of small for the amount that could be put in here. May > > want to switch to using an ast_str fo

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
> On Jan. 27, 2015, 7:48 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 639 > > > > > > What you had before was better: > > char *status_title = "Unauthorized"; > > > > char status_title[16

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread rmudgett
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/#review14347 --- /branches/13/include/asterisk/bridge.h

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread Scott Griepentrog
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/ --- (Updated Jan. 28, 2015, 1:35 p.m.) Review request for Asterisk Developers.

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread rmudgett
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/#review14346 --- /branches/13/main/bridge.c

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread Scott Griepentrog
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/ --- (Updated Jan. 28, 2015, 11:01 a.m.) Review request for Asterisk Developers

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread rmudgett
> On Jan. 27, 2015, 7:51 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 384 > > > > > > Does this need to be skipped if http_server_name is empty? > > Ashley Sanders wrote: > I think in the case of t

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread rmudgett
> On Jan. 27, 2015, 7:48 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 639 > > > > > > What you had before was better: > > char *status_title = "Unauthorized"; > > > > char status_title[16

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
> On Jan. 27, 2015, 7:48 p.m., rmudgett wrote: > > ./branches/13/main/http.c, line 639 > > > > > > What you had before was better: > > char *status_title = "Unauthorized"; > > > > char status_title[16

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Ashley Sanders
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4374/ --- (Updated Jan. 28, 2015, 10:57 a.m.) Review request for Asterisk Developers

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread Scott Griepentrog
> On Jan. 28, 2015, 10:42 a.m., rmudgett wrote: > > /branches/13/include/asterisk/bridge.h, lines 244-245 > > > > > > Create a new typedef for the new callback. Also the new callback > > doesn't need the swap para

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread rmudgett
> On Jan. 28, 2015, 8:15 a.m., Matt Jordan wrote: > > /branches/13/res/stasis/stasis_bridge.c, lines 115-133 > > > > > > You may want to consider the usage of a goto here (gasp!) to reduce > > indentation: > >

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread rmudgett
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/#review14341 --- /branches/13/include/asterisk/bridge.h

Re: [asterisk-dev] [Code Review] 4371: Update res_format_attr_opus & res_format_attr_silk to new media formats architecture

2015-01-28 Thread Sean Bright
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4371/ --- (Updated Jan. 28, 2015, 2:33 p.m.) Status -- This change has been mar

Re: [asterisk-dev] [Code Review] 4382: stasis bridge: handle early hangup of swap channel

2015-01-28 Thread Matt Jordan
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4382/#review14340 --- /branches/13/res/stasis/stasis_bridge.c

Re: [asterisk-dev] [Code Review] 4374: Asterisk: For httpd server, need option to define server name for security purposes

2015-01-28 Thread Corey Farrell
--- This is an automatically generated e-mail. To reply, visit: https://reviewboard.asterisk.org/r/4374/#review14339 --- If we assume that there are always unknown security vulnerabili

Re: [asterisk-dev] rtptimeout

2015-01-28 Thread Kelvin Chua
It is also noteworthy that rtptimeout looks at both call legs instead of just one. for example: I established a call between a desktop softphone and droid softphone, while on call, i turn-on airplane mode for droid. asterisk will stop receiving rtp from droid but will still receive rtp from desktop

Re: [asterisk-dev] [Code Review] 44297: config: Add option to NOT preserve the effective context when changing a template

2015-01-28 Thread Olivier
Hello, Reading back this thread which enhances templating behaviour, I would like to ask if the same kind of improvement could be looked at with setvar statements in config files. If I'm not mistaken (I didn't checked with Asterisk 13) , when the following is applied, variable foo is valued to a

Re: [asterisk-dev] rtptimeout

2015-01-28 Thread Kelvin Chua
Hi Matthew, you are right, digging around testing and found out this broke rtptimeout Set(JITTERBUFFER(adaptive)=150,,30) for reasons I haven't found out yet Kelvin Chua On Tue, Jan 27, 2015 at 11:34 PM, Matthew Jordan wrote: > > > On Mon, Jan 26, 2015 at 8:22 PM, Kelvin Chua wrote: >> >> Hi