Bug#704829: unblock: asterisk/1:1.8.13.1~dfsg-2
On Tue, Apr 09, 2013 at 01:30:01AM +0200, Tzafrir Cohen wrote:
> Done. It turned out to be much smaller than the original one. At first
> glance there isn't any other code path.
>
> http://anonscm.debian.org/viewvc/pkg-voip/asterisk/trunk/debian/patches/AST-2012-014?revision=10137&view=markup
>
> All other requested changed are commited to SVN. I'll rebuild -3
> morning.
Debdiff attached. Upload?
--
Tzafrir Cohen | tzafrir@jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir@cohens.org.il | | best
tzafrir@debian.org | | friend
diff -Nru asterisk-1.8.13.1~dfsg/debian/changelog asterisk-1.8.13.1~dfsg/debian/changelog
--- asterisk-1.8.13.1~dfsg/debian/changelog 2012-09-01 05:37:51.000000000 +0300
+++ asterisk-1.8.13.1~dfsg/debian/changelog 2013-04-09 13:23:13.000000000 +0300
@@ -1,3 +1,34 @@
+asterisk (1:1.8.13.1~dfsg-3) unstable; urgency=high
+
+ * Rewrtote sip.conf parts of AST-2012-014: dropped patches
+ fix-sip-tcp-no-FILE and fix-sip-tls-leak.
+ * Reverting other changes rejected by the release team: README.Debian,
+ powerpcspe and fix_xmpp_19532 dropped (#545272 and #701505 reopened).
+
+ -- Tzafrir Cohen <tzafrir@debian.org> Tue, 09 Apr 2013 13:23:07 +0300
+
+asterisk (1:1.8.13.1~dfsg-2) unstable; urgency=high
+
+ * Patches backported from Asterisk 1.8.19.1 (Closes: #697230):
+ - Patch AST-2012-014 (CVE-2012-5976) - fixes Crashes due to large stack
+ allocations when using TCP.
+ The following two fixes were also pulled in order to easily apply it:
+ - Patch fix-sip-tcp-no-FILE - Switch to reading with a recv loop
+ - Patch fix-sip-tls-leak - Memory leak in the SIP TLS code
+ - Patch AST-2012-015 (CVE-2012-5977) - Denial of Service Through
+ Exploitation of Device State Caching
+ * Patch powerpcspe: Fix OSARCH for powerpcspe (Closes: #701505).
+ * README.Debian: document running the testsuite.
+ * Patch fix_xmpp_19532: fix a crash of the XMPP code (Closes: #545272).
+ * Patches backported from Asterisk 1.8.20.2 (Closes: #704114):
+ - Patch AST-2013-002 (CVE-2013-2686): Prevent DoS in HTTP server with
+ a large POST.
+ - Patch AST-2013-003 (CVE-2013-2264): Prevent username disclosure in
+ SIP channel driver.
+ * Patch bluetooth_bind - fix breakage of chan_mobile (Closes: #614786).
+
+ -- Tzafrir Cohen <tzafrir@debian.org> Sat, 06 Apr 2013 14:15:41 +0300
+
asterisk (1:1.8.13.1~dfsg-1) unstable; urgency=low
* New upstream release (Closes: #680470):
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-014 asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-014
--- asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-014 1970-01-01 02:00:00.000000000 +0200
+++ asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-014 2013-04-09 02:12:37.000000000 +0300
@@ -0,0 +1,162 @@
+From: Matthew Jordan <mjordan@digium.com>
+Date: Wed, 2 Jan 2013 15:16:10 +0000
+Subject: Resolve crashes due to large stack allocations when using TCP
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=378269
+CVE: CVE-2012-5976
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-20658
+
+Asterisk had several places where messages received over various network
+transports may be copied in a single stack allocation. In the case of TCP,
+since multiple packets in a stream may be concatenated together, this can
+lead to large allocations that overflow the stack.
+
+This patch modifies those portions of Asterisk using TCP to either
+favor heap allocations or use an upper bound to ensure that the stack will not
+overflow:
+ * For SIP, the allocation now has an upper limit
+ * For HTTP, the allocation is now a heap allocation instead of a stack
+ allocation
+ * For XMPP (in res_jabber), the allocation has been eliminated since it was
+ unnecesary.
+
+Note that the HTTP portion of this issue was independently found by Brandon
+Edwards of Exodus Intelligence.
+
+Reported by: wdoekes, Brandon Edwards
+Tested by: mmichelson, wdoekes
+See also: http://downloads.asterisk.org/pub/security/AST-2012-014.html
+
+---
+ channels/chan_sip.c | 58 +++++++++++++++++++++++++++++++-------------
+ channels/sip/include/sip.h | 1 +
+ main/http.c | 20 ++++++++++++---
+ res/res_jabber.c | 5 ++--
+ 4 files changed, 60 insertions(+), 24 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -2504,6 +2504,7 @@ static void *_sip_tcp_helper_thread(stru
+ int res, cl, timeout = -1, authenticated = 0, flags, after_poll = 0, need_poll = 1;
+ time_t start;
+ struct sip_request req = { 0, } , reqcpy = { 0, };
++ size_t datalen;
+ struct sip_threadinfo *me = NULL;
+ char buf[1024] = "";
+ struct pollfd fds[2] = { { 0 }, { 0 }, };
+@@ -2640,8 +2641,9 @@ static void *_sip_tcp_helper_thread(stru
+ }
+ req.socket.fd = tcptls_session->fd;
+
++ datalen = ast_str_strlen(req.data);
+ /* Read in headers one line at a time */
+- while (ast_str_strlen(req.data) < 4 || strncmp(REQ_OFFSET_TO_STR(&req, data->used - 4), "\r\n\r\n", 4)) {
++ while (datalen < 4 || strncmp(REQ_OFFSET_TO_STR(&req, data->used - 4), "\r\n\r\n", 4)) {
+ if (!tcptls_session->client && !authenticated ) {
+ if ((timeout = sip_check_authtimeout(start)) < 0) {
+ goto cleanup;
+@@ -2688,6 +2690,14 @@ static void *_sip_tcp_helper_thread(stru
+ goto cleanup;
+ }
+ ast_str_append(&req.data, 0, "%s", buf);
++ datalen = ast_str_strlen(req.data);
++ if (datalen > SIP_MAX_PACKET_SIZE) {
++ ast_log(LOG_WARNING, "Rejecting SIP %s packet from '%s' because way too large: %zu\n",
++ tcptls_session->ssl ? "SSL" : "TCP",
++ ast_sockaddr_stringify(&tcptls_session->remote_address),
++ datalen);
++ goto cleanup;
++ }
+ }
+ copy_request(&reqcpy, &req);
+ parse_request(&reqcpy);
+--- a/channels/sip/include/sip.h
++++ b/channels/sip/include/sip.h
+@@ -96,6 +96,7 @@
+
+ #define SIP_MAX_HEADERS 64 /*!< Max amount of SIP headers to read */
+ #define SIP_MAX_LINES 256 /*!< Max amount of lines in SIP attachment (like SDP) */
++#define SIP_MAX_PACKET_SIZE 20480 /*!< Max SIP packet size */
+ #define SIP_MIN_PACKET 4096 /*!< Initialize size of memory to allocate for packets */
+ #define MAX_HISTORY_ENTRIES 50 /*!< Max entires in the history list for a sip_pvt */
+
+--- a/main/http.c
++++ b/main/http.c
+@@ -622,6 +622,7 @@ struct ast_variable *ast_http_get_post_v
+ int content_length = 0;
+ struct ast_variable *v, *post_vars=NULL, *prev = NULL;
+ char *buf, *var, *val;
++ int res;
+
+ for (v = headers; v; v = v->next) {
+ if (!strcasecmp(v->name, "Content-Type")) {
+@@ -634,21 +635,27 @@ struct ast_variable *ast_http_get_post_v
+
+ for (v = headers; v; v = v->next) {
+ if (!strcasecmp(v->name, "Content-Length")) {
+- content_length = atoi(v->value) + 1;
++ content_length = atoi(v->value);
+ break;
+ }
+ }
+
+- if (!content_length) {
++ if (content_length <= 0) {
+ return NULL;
+ }
+
+- if (!(buf = alloca(content_length))) {
++ buf = ast_malloc(content_length + 1);
++ if (!buf) {
+ return NULL;
+ }
+- if (!fgets(buf, content_length, ser->f)) {
+- return NULL;
++
++ res = fread(buf, 1, content_length, ser->f);
++ if (res < content_length) {
++ /* Error, distinguishable by ferror() or feof(), but neither
++ * is good. */
++ goto done;
+ }
++ buf[content_length] = '\0';
+
+ while ((val = strsep(&buf, "&"))) {
+ var = strsep(&val, "=");
+@@ -667,6 +674,9 @@ struct ast_variable *ast_http_get_post_v
+ prev = v;
+ }
+ }
++
++done:
++ ast_free(buf);
+ return post_vars;
+ }
+
+--- a/res/res_jabber.c
++++ b/res/res_jabber.c
+@@ -768,7 +768,7 @@ static struct ast_custom_function jabber
+ */
+ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, char *data, char *buf, size_t buflen)
+ {
+- char *aux = NULL, *parse = NULL;
++ char *parse = NULL;
+ int timeout;
+ int jidlen, resourcelen;
+ struct timeval start;
+@@ -885,7 +885,7 @@ static int acf_jabberreceive_read(struct
+ continue;
+ }
+ found = 1;
+- aux = ast_strdupa(tmp->message);
++ ast_copy_string(buf, tmp->message, buflen);
+ AST_LIST_REMOVE_CURRENT(list);
+ aji_message_destroy(tmp);
+ break;
+@@ -910,7 +910,6 @@ static int acf_jabberreceive_read(struct
+ ast_log(LOG_NOTICE, "Timed out : no message received from %s\n", args.jid);
+ return -1;
+ }
+- ast_copy_string(buf, aux, buflen);
+
+ return 0;
+ }
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-015 asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-015
--- asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-015 1970-01-01 02:00:00.000000000 +0200
+++ asterisk-1.8.13.1~dfsg/debian/patches/AST-2012-015 2013-01-08 02:33:34.000000000 +0200
@@ -0,0 +1,1012 @@
+From: Matthew Jordan <mjordan@digium.com>
+Date: Wed, 2 Jan 2013 16:54:20 +0000
+Subject: Prevent exhaustion of system resources through exploitation of event cache
+CVE: CVE-2012-5977
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=378303
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-20175
+
+Asterisk maintains an internal cache for devices in the event subsystem. The
+device state cache holds the state of each device known to Asterisk, such that
+consumers of device state information can query for the last known state for
+a particular device, even if it is not part of an active call. The concept of
+a device in Asterisk can include entities that do not have a physical
+representation. One way that this occurred was when anonymous calls are allowed
+in Asterisk. A device was automatically created and stored in the cache for
+each anonymous call that occurred; this was possible in the SIP and IAX2
+channel drivers and through channel drivers that utilized the
+res_jabber/res_xmpp resource modules (Gtalk, Jingle, and Motif). These devices
+are never removed from the system, allowing anonymous calls to potentially
+exhaust a system's resources.
+
+This patch changes the event cache subsystem and device state management to
+no longer cache devices that are not associated with a physical entity.
+
+Reported by: Russell Bryant, Leif Madsen, Joshua Colp
+Tested by: kmoore
+See also: http://downloads.asterisk.org/pub/security/AST-2012-015.html
+
+---
+ apps/app_confbridge.c | 4 +--
+ apps/app_meetme.c | 16 +++++------
+ channels/chan_agent.c | 12 ++++----
+ channels/chan_dahdi.c | 7 +++--
+ channels/chan_iax2.c | 31 +++++++++++---------
+ channels/chan_local.c | 3 ++
+ channels/chan_sip.c | 18 +++++++-----
+ channels/chan_skinny.c | 16 +++++------
+ funcs/func_devstate.c | 6 ++--
+ include/asterisk/channel.h | 6 ++++
+ include/asterisk/devicestate.h | 16 +++++++++--
+ include/asterisk/event_defs.h | 8 +++++-
+ main/channel.c | 5 ++--
+ main/devicestate.c | 51 +++++++++++++++++++++------------
+ main/event.c | 1 +
+ main/features.c | 2 +-
+ res/res_calendar.c | 8 +++---
+ res/res_jabber.c | 61 ++++++++++++++++++++++++++++++----------
+ 18 files changed, 177 insertions(+), 94 deletions(-)
+
+--- a/apps/app_confbridge.c
++++ b/apps/app_confbridge.c
+@@ -486,7 +486,7 @@ static struct conference_bridge *join_co
+
+ /* Set the device state for this conference */
+ if (conference_bridge->users == 1) {
+- ast_devstate_changed(AST_DEVICE_INUSE, "confbridge:%s", conference_bridge->name);
++ ast_devstate_changed(AST_DEVICE_INUSE, AST_DEVSTATE_CACHABLE, "confbridge:%s", conference_bridge->name);
+ }
+
+ /* If the caller is a marked user or is waiting for a marked user to enter pass 'em off, otherwise pass them off to do regular joining stuff */
+@@ -568,7 +568,7 @@ static void leave_conference_bridge(str
+ }
+ } else {
+ /* Set device state to "not in use" */
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "confbridge:%s", conference_bridge->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "confbridge:%s", conference_bridge->name);
+
+ ao2_unlink(conference_bridges, conference_bridge);
+ }
+--- a/apps/app_meetme.c
++++ b/apps/app_meetme.c
+@@ -2489,7 +2489,7 @@ static int conf_run(struct ast_channel *
+
+ /* This device changed state now - if this is the first user */
+ if (conf->users == 1)
+- ast_devstate_changed(AST_DEVICE_INUSE, "meetme:%s", conf->confno);
++ ast_devstate_changed(AST_DEVICE_INUSE, (conf->isdynamic ? AST_DEVSTATE_NOT_CACHABLE : AST_DEVSTATE_CACHABLE), "meetme:%s", conf->confno);
+
+ ast_mutex_unlock(&conf->playlock);
+
+@@ -3783,7 +3783,7 @@ bailoutandtrynormal:
+
+ /* Change any states */
+ if (!conf->users) {
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "meetme:%s", conf->confno);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, (conf->isdynamic ? AST_DEVSTATE_NOT_CACHABLE : AST_DEVSTATE_CACHABLE), "meetme:%s", conf->confno);
+ }
+
+ /* Return the number of seconds the user was in the conf */
+@@ -5199,8 +5199,8 @@ static void sla_change_trunk_state(const
+ || trunk_ref == exclude)
+ continue;
+ trunk_ref->state = state;
+- ast_devstate_changed(sla_state_to_devstate(state),
+- "SLA:%s_%s", station->name, trunk->name);
++ ast_devstate_changed(sla_state_to_devstate(state), AST_DEVSTATE_CACHABLE,
++ "SLA:%s_%s", station->name, trunk->name);
+ break;
+ }
+ }
+@@ -5698,8 +5698,8 @@ static void sla_handle_hold_event(struct
+ {
+ ast_atomic_fetchadd_int((int *) &event->trunk_ref->trunk->hold_stations, 1);
+ event->trunk_ref->state = SLA_TRUNK_STATE_ONHOLD_BYME;
+- ast_devstate_changed(AST_DEVICE_ONHOLD, "SLA:%s_%s",
+- event->station->name, event->trunk_ref->trunk->name);
++ ast_devstate_changed(AST_DEVICE_ONHOLD, AST_DEVSTATE_CACHABLE, "SLA:%s_%s",
++ event->station->name, event->trunk_ref->trunk->name);
+ sla_change_trunk_state(event->trunk_ref->trunk, SLA_TRUNK_STATE_ONHOLD,
+ INACTIVE_TRUNK_REFS, event->trunk_ref);
+
+@@ -6208,8 +6208,8 @@ static int sla_station_exec(struct ast_c
+ sla_change_trunk_state(trunk_ref->trunk, SLA_TRUNK_STATE_UP, ALL_TRUNK_REFS, NULL);
+ else {
+ trunk_ref->state = SLA_TRUNK_STATE_UP;
+- ast_devstate_changed(AST_DEVICE_INUSE,
+- "SLA:%s_%s", station->name, trunk_ref->trunk->name);
++ ast_devstate_changed(AST_DEVICE_INUSE, AST_DEVSTATE_CACHABLE,
++ "SLA:%s_%s", station->name, trunk_ref->trunk->name);
+ }
+ } else if (trunk_ref->state == SLA_TRUNK_STATE_RINGING) {
+ struct sla_ringing_trunk *ringing_trunk;
+--- a/channels/chan_agent.c
++++ b/channels/chan_agent.c
+@@ -611,7 +611,7 @@ static struct ast_frame *agent_read(stru
+ if (p->chan) {
+ p->chan->_bridge = NULL;
+ p->chan = NULL;
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ p->acknowledged = 0;
+ }
+ } else {
+@@ -866,7 +866,7 @@ static int agent_call(struct ast_channel
+ } else {
+ /* Agent hung-up */
+ p->chan = NULL;
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ }
+
+ if (!res) {
+@@ -985,7 +985,7 @@ static int agent_hangup(struct ast_chann
+ if (!p->loginstart) {
+ p->logincallerid[0] = '\0';
+ } else {
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ }
+
+ if (p->abouttograb) {
+@@ -2128,7 +2128,7 @@ static int login_exec(struct ast_channel
+ }
+ ast_mutex_unlock(&p->lock);
+ AST_LIST_UNLOCK(&agents);
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ while (res >= 0) {
+ ast_mutex_lock(&p->lock);
+ if (p->deferlogoff && p->chan) {
+@@ -2149,7 +2149,7 @@ static int login_exec(struct ast_channel
+ if (ast_tvdiff_ms(ast_tvnow(), p->lastdisc) > 0) {
+ ast_debug(1, "Wrapup time for %s expired!\n", p->agent);
+ p->lastdisc = ast_tv(0, 0);
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ if (p->ackcall) {
+ check_beep(p, 0);
+ } else {
+@@ -2209,7 +2209,7 @@ static int login_exec(struct ast_channel
+ ast_queue_log("NONE", chan->uniqueid, agent, "AGENTLOGOFF", "%s|%ld", chan->name, logintime);
+ ast_verb(2, "Agent '%s' logged out\n", p->agent);
+ /* If there is no owner, go ahead and kill it now */
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "Agent/%s", p->agent);
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "Agent/%s", p->agent);
+ if (p->dead && !p->owner) {
+ ast_mutex_destroy(&p->lock);
+ ast_cond_destroy(&p->app_complete_cond);
+--- a/channels/chan_dahdi.c
++++ b/channels/chan_dahdi.c
+@@ -3312,7 +3312,7 @@ static void dahdi_pri_update_span_devsta
+ }
+ if (pri->congestion_devstate != new_state) {
+ pri->congestion_devstate = new_state;
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "DAHDI/I%d/congestion", pri->span);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_NOT_CACHABLE, "DAHDI/I%d/congestion", pri->span);
+ }
+ #if defined(THRESHOLD_DEVSTATE_PLACEHOLDER)
+ /* Update the span threshold device state and report any change. */
+@@ -3328,7 +3328,7 @@ static void dahdi_pri_update_span_devsta
+ }
+ if (pri->threshold_devstate != new_state) {
+ pri->threshold_devstate = new_state;
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "DAHDI/I%d/threshold", pri->span);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_NOT_CACHABLE, "DAHDI/I%d/threshold", pri->span);
+ }
+ #endif /* defined(THRESHOLD_DEVSTATE_PLACEHOLDER) */
+ }
+@@ -9757,7 +9757,8 @@ static struct ast_channel *dahdi_new(str
+ if (dashptr) {
+ *dashptr = '\0';
+ }
+- ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, device_name);
++ tmp->flags |= AST_FLAG_DISABLE_DEVSTATE_CACHE;
++ ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, AST_DEVSTATE_NOT_CACHABLE, device_name);
+
+ for (v = i->vars ; v ; v = v->next)
+ pbx_builtin_setvar_helper(tmp, v->name, v->value);
+--- a/channels/chan_iax2.c
++++ b/channels/chan_iax2.c
+@@ -5728,7 +5728,7 @@ static int iax2_getpeertrunk(struct sock
+ }
+
+ /*! \brief Create new call, interface with the PBX core */
+-static struct ast_channel *ast_iax2_new(int callno, int state, format_t capability, const char *linkedid)
++static struct ast_channel *ast_iax2_new(int callno, int state, format_t capability, const char *linkedid, unsigned int cachable)
+ {
+ struct ast_channel *tmp;
+ struct chan_iax2_pvt *i;
+@@ -5797,6 +5797,10 @@ static struct ast_channel *ast_iax2_new(
+ i->owner = tmp;
+ i->capability = capability;
+
++ if (!cachable) {
++ tmp->flags |= AST_FLAG_DISABLE_DEVSTATE_CACHE;
++ }
++
+ /* Set inherited variables */
+ if (i->vars) {
+ for (v = i->vars ; v ; v = v->next)
+@@ -8085,7 +8089,7 @@ static int register_verify(int callno, s
+ /* if challenge has been sent, but no challenge response if given, reject. */
+ goto return_unref;
+ }
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "IAX2/%s", p->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "IAX2/%s", p->name); /* Activate notification */
+
+ /* either Authentication has taken place, or a REGAUTH must be sent before verifying registration */
+ res = 0;
+@@ -8639,7 +8643,7 @@ static void __expire_registry(const void
+ if (!ast_test_flag64(peer, IAX_TEMPONLY))
+ ast_db_del("IAX/Registry", peer->name);
+ register_peer_exten(peer, 0);
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "IAX2/%s", peer->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */
+ if (iax2_regfunk)
+ iax2_regfunk(peer->name, 0);
+
+@@ -8693,7 +8697,7 @@ static void reg_source_db(struct iax2_pe
+ }
+ }
+
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "IAX2/%s", p->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "IAX2/%s", p->name); /* Activate notification */
+
+ p->expire = iax2_sched_add(sched, (p->expiry + 10) * 1000, expire_registry, peer_ref(p));
+ if (p->expire == -1) {
+@@ -8770,14 +8774,14 @@ static int update_registry(struct sockad
+ ast_test_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED) ? "AUTHENTICATED" : "UNAUTHENTICATED", ast_inet_ntoa(sin->sin_addr), ntohs(sin->sin_port));
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: IAX2\r\nPeer: IAX2/%s\r\nPeerStatus: Registered\r\n", p->name);
+ register_peer_exten(p, 1);
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "IAX2/%s", p->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "IAX2/%s", p->name); /* Activate notification */
+ } else if (!ast_test_flag64(p, IAX_TEMPONLY)) {
+ ast_verb(3, "Unregistered IAX2 '%s' (%s)\n", p->name,
+ ast_test_flag(&iaxs[callno]->state, IAX_STATE_AUTHENTICATED) ? "AUTHENTICATED" : "UNAUTHENTICATED");
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: IAX2\r\nPeer: IAX2/%s\r\nPeerStatus: Unregistered\r\n", p->name);
+ register_peer_exten(p, 0);
+ ast_db_del("IAX/Registry", p->name);
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "IAX2/%s", p->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "IAX2/%s", p->name); /* Activate notification */
+ }
+ /* Update the host */
+ /* Verify that the host is really there */
+@@ -10278,7 +10282,8 @@ static int socket_process(struct iax2_th
+ (f.frametype == AST_FRAME_IAX)) {
+ if (ast_test_flag64(iaxs[fr->callno], IAX_DELAYPBXSTART)) {
+ ast_clear_flag64(iaxs[fr->callno], IAX_DELAYPBXSTART);
+- if (!ast_iax2_new(fr->callno, AST_STATE_RING, iaxs[fr->callno]->chosenformat, NULL)) {
++ if (!ast_iax2_new(fr->callno, AST_STATE_RING, iaxs[fr->callno]->chosenformat, NULL,
++ ast_test_flag(&iaxs[fr->callno]->state, IAX_STATE_AUTHENTICATED))) {
+ ast_variables_destroy(ies.vars);
+ ast_mutex_unlock(&iaxsl[fr->callno]);
+ return 1;
+@@ -10911,13 +10916,13 @@ static int socket_process(struct iax2_th
+ if (iaxs[fr->callno]->pingtime <= peer->maxms) {
+ ast_log(LOG_NOTICE, "Peer '%s' is now REACHABLE! Time: %d\n", peer->name, iaxs[fr->callno]->pingtime);
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: IAX2\r\nPeer: IAX2/%s\r\nPeerStatus: Reachable\r\nTime: %d\r\n", peer->name, iaxs[fr->callno]->pingtime);
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "IAX2/%s", peer->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */
+ }
+ } else if ((peer->historicms > 0) && (peer->historicms <= peer->maxms)) {
+ if (iaxs[fr->callno]->pingtime > peer->maxms) {
+ ast_log(LOG_NOTICE, "Peer '%s' is now TOO LAGGED (%d ms)!\n", peer->name, iaxs[fr->callno]->pingtime);
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: IAX2\r\nPeer: IAX2/%s\r\nPeerStatus: Lagged\r\nTime: %d\r\n", peer->name, iaxs[fr->callno]->pingtime);
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "IAX2/%s", peer->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */
+ }
+ }
+ peer->lastms = iaxs[fr->callno]->pingtime;
+@@ -11159,7 +11164,7 @@ static int socket_process(struct iax2_th
+ using_prefs);
+
+ ast_set_flag(&iaxs[fr->callno]->state, IAX_STATE_STARTED);
+- if (!(c = ast_iax2_new(fr->callno, AST_STATE_RING, format, NULL)))
++ if (!(c = ast_iax2_new(fr->callno, AST_STATE_RING, format, NULL, 1)))
+ iax2_destroy(fr->callno);
+ else if (ies.vars) {
+ struct ast_datastore *variablestore;
+@@ -11230,7 +11235,7 @@ immediatedial:
+ ast_getformatname_multiple(tmp, sizeof(tmp), iaxs[fr->callno]->peerformat));
+ ast_set_flag(&iaxs[fr->callno]->state, IAX_STATE_STARTED);
+ send_command(iaxs[fr->callno], AST_FRAME_CONTROL, AST_CONTROL_PROGRESS, 0, NULL, 0, -1);
+- if (!(c = ast_iax2_new(fr->callno, AST_STATE_RING, iaxs[fr->callno]->peerformat, NULL)))
++ if (!(c = ast_iax2_new(fr->callno, AST_STATE_RING, iaxs[fr->callno]->peerformat, NULL, 1)))
+ iax2_destroy(fr->callno);
+ else if (ies.vars) {
+ struct ast_datastore *variablestore;
+@@ -11982,7 +11987,7 @@ static void __iax2_poke_noanswer(const v
+ if (peer->lastms > -1) {
+ ast_log(LOG_NOTICE, "Peer '%s' is now UNREACHABLE! Time: %d\n", peer->name, peer->lastms);
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: IAX2\r\nPeer: IAX2/%s\r\nPeerStatus: Unreachable\r\nTime: %d\r\n", peer->name, peer->lastms);
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "IAX2/%s", peer->name); /* Activate notification */
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */
+ }
+ if ((callno = peer->callno) > 0) {
+ ast_mutex_lock(&iaxsl[callno]);
+@@ -12150,7 +12155,7 @@ static struct ast_channel *iax2_request(
+ if (cai.found)
+ ast_string_field_set(iaxs[callno], host, pds.peer);
+
+- c = ast_iax2_new(callno, AST_STATE_DOWN, cai.capability, requestor ? requestor->linkedid : NULL);
++ c = ast_iax2_new(callno, AST_STATE_DOWN, cai.capability, requestor ? requestor->linkedid : NULL, cai.found);
+
+ ast_mutex_unlock(&iaxsl[callno]);
+
+--- a/channels/chan_local.c
++++ b/channels/chan_local.c
+@@ -1143,6 +1143,9 @@ static struct ast_channel *local_new(str
+ tmp->tech_pvt = p;
+ tmp2->tech_pvt = p;
+
++ tmp->flags |= AST_FLAG_DISABLE_DEVSTATE_CACHE;
++ tmp2->flags |= AST_FLAG_DISABLE_DEVSTATE_CACHE;
++
+ p->owner = tmp;
+ p->chan = tmp2;
+ p->u_owner = ast_module_user_add(p->owner);
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -6312,7 +6312,7 @@ static int update_call_counter(struct si
+ }
+
+ if (p) {
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", p->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "SIP/%s", p->name);
+ unref_peer(p, "update_call_counter: unref_peer from call counter");
+ }
+ return 0;
+@@ -7510,6 +7510,9 @@ static struct ast_channel *sip_new(struc
+ if (i->rtp)
+ ast_jb_configure(tmp, &global_jbconf);
+
++ if (!i->relatedpeer) {
++ tmp->flags |= AST_FLAG_DISABLE_DEVSTATE_CACHE;
++ }
+ /* Set channel variables for this call from configuration */
+ for (v = i->chanvars ; v ; v = v->next) {
+ char valuebuf[1024];
+@@ -14021,7 +14024,7 @@ static int expire_register(const void *d
+
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: SIP\r\nPeer: SIP/%s\r\nPeerStatus: Unregistered\r\nCause: Expired\r\n", peer->name);
+ register_peer_exten(peer, FALSE); /* Remove regexten */
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "SIP/%s", peer->name);
+
+ /* Do we need to release this peer from memory?
+ Only for realtime peers and autocreated peers
+@@ -14803,8 +14806,9 @@ static void sip_peer_hold(struct sip_pvt
+ ast_atomic_fetchadd_int(&p->relatedpeer->onHold, (hold ? +1 : -1));
+
+ /* Request device state update */
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", p->relatedpeer->name);
+-
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, (p->owner->flags & AST_FLAG_DISABLE_DEVSTATE_CACHE ? AST_DEVSTATE_NOT_CACHABLE : AST_DEVSTATE_CACHABLE),
++ "SIP/%s", p->relatedpeer->name);
++
+ return;
+ }
+
+@@ -15208,7 +15212,7 @@ static enum check_auth_result register_v
+ }
+ }
+ if (!res) {
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "SIP/%s", peer->name);
+ }
+ if (res < 0) {
+ switch (res) {
+@@ -21122,7 +21126,7 @@ static void handle_response_peerpoke(str
+
+ ast_log(LOG_NOTICE, "Peer '%s' is now %s. (%dms / %dms)\n",
+ peer->name, s, pingtime, peer->maxms);
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "SIP/%s", peer->name);
+ if (sip_cfg.peer_rtupdate) {
+ ast_update_realtime(ast_check_realtime("sipregs") ? "sipregs" : "sippeers", "name", peer->name, "lastms", str_lastms, SENTINEL);
+ }
+@@ -26540,7 +26544,7 @@ static int sip_poke_noanswer(const void
+ /* Don't send a devstate change if nothing changed. */
+ if (peer->lastms > -1) {
+ peer->lastms = -1;
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "SIP/%s", peer->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "SIP/%s", peer->name);
+ }
+
+ /* Try again quickly */
+--- a/channels/chan_skinny.c
++++ b/channels/chan_skinny.c
+@@ -1925,7 +1925,7 @@ static int skinny_register(struct skinny
+ register_exten(l);
+ /* initialize MWI on line and device */
+ mwi_event_cb(0, l);
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+ }
+ --instance;
+ }
+@@ -1963,7 +1963,7 @@ static int skinny_unregister(struct skin
+ l->instance = 0;
+ manager_event(EVENT_FLAG_SYSTEM, "PeerStatus", "ChannelType: Skinny\r\nPeer: Skinny/%s@%s\r\nPeerStatus: Unregistered\r\n", l->name, d->name);
+ unregister_exten(l);
+- ast_devstate_changed(AST_DEVICE_UNAVAILABLE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+ }
+ }
+ }
+@@ -5321,7 +5321,7 @@ static int handle_stimulus_message(struc
+ ast_verb(1, "RECEIVED UNKNOWN STIMULUS: %d(%d/%d)\n", event, instance, callreference);
+ break;
+ }
+- ast_devstate_changed(AST_DEVICE_UNKNOWN, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+
+ return 1;
+ }
+@@ -5372,7 +5372,7 @@ static int handle_offhook_message(struct
+ transmit_ringer_mode(d, SKINNY_RING_OFF);
+ l->hookstate = SKINNY_OFFHOOK;
+
+- ast_devstate_changed(AST_DEVICE_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+
+ if (sub && sub->onhold) {
+ return 1;
+@@ -5448,7 +5448,7 @@ static int handle_onhook_message(struct
+ return 0;
+ }
+
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+
+ if (sub->onhold) {
+ return 0;
+@@ -5834,7 +5834,7 @@ static int handle_soft_key_event_message
+ return 0;
+ }
+
+- ast_devstate_changed(AST_DEVICE_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+
+ switch(event) {
+ case SOFTKEY_NONE:
+@@ -6049,7 +6049,7 @@ static int handle_soft_key_event_message
+ transmit_callstate(d, l->instance, sub->callid, l->hookstate);
+ }
+
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+ if (skinnydebug)
+ ast_verb(1, "Skinny %s@%s went on hook\n", l->name, d->name);
+ if (l->transfer && sub->xferor && sub->owner->_state >= AST_STATE_RING) {
+@@ -6073,7 +6073,7 @@ static int handle_soft_key_event_message
+ }
+ }
+ if ((l->hookstate == SKINNY_ONHOOK) && (AST_LIST_NEXT(sub, list) && !AST_LIST_NEXT(sub, list)->rtp)) {
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Skinny/%s@%s", l->name, d->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Skinny/%s@%s", l->name, d->name);
+ }
+ }
+ break;
+--- a/funcs/func_devstate.c
++++ b/funcs/func_devstate.c
+@@ -132,7 +132,7 @@ static int devstate_write(struct ast_cha
+
+ ast_db_put(astdb_family, data, value);
+
+- ast_devstate_changed(state_val, "Custom:%s", data);
++ ast_devstate_changed(state_val, AST_DEVSTATE_CACHABLE, "Custom:%s", data);
+
+ return 0;
+ }
+@@ -294,7 +294,7 @@ static char *handle_cli_devstate_change(
+
+ ast_db_put(astdb_family, dev, state);
+
+- ast_devstate_changed(state_val, "Custom:%s", dev);
++ ast_devstate_changed(state_val, AST_DEVSTATE_CACHABLE, "Custom:%s", dev);
+
+ return CLI_SUCCESS;
+ }
+@@ -340,7 +340,7 @@ static int load_module(void)
+ if (dev_name <= (const char *) 1)
+ continue;
+ ast_devstate_changed(ast_devstate_val(db_entry->data),
+- "Custom:%s\n", dev_name);
++ AST_DEVSTATE_CACHABLE, "Custom:%s\n", dev_name);
+ }
+ ast_db_freetree(db_tree);
+ db_tree = NULL;
+--- a/include/asterisk/channel.h
++++ b/include/asterisk/channel.h
+@@ -936,6 +936,12 @@ enum {
+ * some non-traditional dialplans (like AGI) to continue to function.
+ */
+ AST_FLAG_DISABLE_WORKAROUNDS = (1 << 20),
++ /*! Disable device state event caching. This allows allows channel
++ * drivers to selectively prevent device state events from being cached
++ * by certain channels such as anonymous calls which have no persistent
++ * represenatation that can be tracked.
++ */
++ AST_FLAG_DISABLE_DEVSTATE_CACHE = (1 << 21),
+ };
+
+ /*! \brief ast_bridge_config flags */
+--- a/include/asterisk/devicestate.h
++++ b/include/asterisk/devicestate.h
+@@ -61,6 +61,14 @@ enum ast_device_state {
+ AST_DEVICE_TOTAL, /*/ Total num of device states, used for testing */
+ };
+
++/*! \brief Device State Cachability
++ * \note This is used to define the cachability of a device state when set.
++ */
++enum ast_devstate_cache {
++ AST_DEVSTATE_NOT_CACHABLE, /*!< This device state is not cachable */
++ AST_DEVSTATE_CACHABLE, /*!< This device state is cachable */
++};
++
+ /*! \brief Devicestate provider call back */
+ typedef enum ast_device_state (*ast_devstate_prov_cb_type)(const char *data);
+
+@@ -129,6 +137,7 @@ enum ast_device_state ast_device_state(c
+ * \brief Tells Asterisk the State for Device is changed
+ *
+ * \param state the new state of the device
++ * \param cachable whether this device state is cachable
+ * \param fmt device name like a dial string with format parameters
+ *
+ * The new state of the device will be sent off to any subscribers
+@@ -138,13 +147,14 @@ enum ast_device_state ast_device_state(c
+ * \retval 0 on success
+ * \retval -1 on failure
+ */
+-int ast_devstate_changed(enum ast_device_state state, const char *fmt, ...)
+- __attribute__((format(printf, 2, 3)));
++int ast_devstate_changed(enum ast_device_state state, enum ast_devstate_cache cachable, const char *fmt, ...)
++ __attribute__((format(printf, 3, 4)));
+
+ /*!
+ * \brief Tells Asterisk the State for Device is changed
+ *
+ * \param state the new state of the device
++ * \param cachable whether this device state is cachable
+ * \param device device name like a dial string with format parameters
+ *
+ * The new state of the device will be sent off to any subscribers
+@@ -154,7 +164,7 @@ int ast_devstate_changed(enum ast_device
+ * \retval 0 on success
+ * \retval -1 on failure
+ */
+-int ast_devstate_changed_literal(enum ast_device_state state, const char *device);
++int ast_devstate_changed_literal(enum ast_device_state state, enum ast_devstate_cache cachable, const char *device);
+
+ /*!
+ * \brief Tells Asterisk the State for Device is changed.
+--- a/include/asterisk/event_defs.h
++++ b/include/asterisk/event_defs.h
+@@ -283,8 +283,14 @@ enum ast_event_ie_type {
+ AST_EVENT_IE_CHALLENGE = 0x0032,
+ AST_EVENT_IE_RESPONSE = 0x0033,
+ AST_EVENT_IE_EXPECTED_RESPONSE = 0x0034,
++ /*!
++ * \brief Event non-cachability flag
++ * Used by: All events
++ * Payload type: UINT
++ */
++ AST_EVENT_IE_CACHABLE = 0x0035,
+ /*! \brief Must be the last IE value +1 */
+- AST_EVENT_IE_TOTAL = 0x0035,
++ AST_EVENT_IE_TOTAL = 0x0036,
+ };
+
+ /*!
+--- a/main/channel.c
++++ b/main/channel.c
+@@ -285,6 +285,7 @@ static void channel_data_add_flags(struc
+ ast_data_add_bool(tree, "BRIDGE_HANGUP_RUN", ast_test_flag(chan, AST_FLAG_BRIDGE_HANGUP_RUN));
+ ast_data_add_bool(tree, "BRIDGE_HANGUP_DONT", ast_test_flag(chan, AST_FLAG_BRIDGE_HANGUP_DONT));
+ ast_data_add_bool(tree, "DISABLE_WORKAROUNDS", ast_test_flag(chan, AST_FLAG_DISABLE_WORKAROUNDS));
++ ast_data_add_bool(tree, "DISABLE_DEVSTATE_CACHE", ast_test_flag(chan, AST_FLAG_DISABLE_DEVSTATE_CACHE));
+ }
+
+ #if defined(KEEP_TILL_CHANNEL_PARTY_NUMBER_INFO_NEEDED)
+@@ -2477,7 +2478,7 @@ static void ast_channel_destructor(void
+ * instance is dead, we don't know the state of all other possible
+ * instances.
+ */
+- ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, device_name);
++ ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, (chan->flags & AST_FLAG_DISABLE_DEVSTATE_CACHE ? AST_DEVSTATE_NOT_CACHABLE : AST_DEVSTATE_CACHABLE), device_name);
+ }
+ }
+
+@@ -6918,7 +6919,7 @@ int ast_setstate(struct ast_channel *cha
+ /* We have to pass AST_DEVICE_UNKNOWN here because it is entirely possible that the channel driver
+ * for this channel is using the callback method for device state. If we pass in an actual state here
+ * we override what they are saying the state is and things go amuck. */
+- ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, name);
++ ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, (chan->flags & AST_FLAG_DISABLE_DEVSTATE_CACHE ? AST_DEVSTATE_NOT_CACHABLE : AST_DEVSTATE_CACHABLE), name);
+
+ /* setstate used to conditionally report Newchannel; this is no more */
+ ast_manager_event(chan, EVENT_FLAG_CALL, "Newstate",
+--- a/main/devicestate.c
++++ b/main/devicestate.c
+@@ -170,6 +170,7 @@ static AST_RWLIST_HEAD_STATIC(devstate_p
+
+ struct state_change {
+ AST_LIST_ENTRY(state_change) list;
++ enum ast_devstate_cache cachable;
+ char device[1];
+ };
+
+@@ -187,6 +188,7 @@ struct devstate_change {
+ AST_LIST_ENTRY(devstate_change) entry;
+ uint32_t state;
+ struct ast_eid eid;
++ enum ast_devstate_cache cachable;
+ char device[1];
+ };
+
+@@ -422,7 +424,7 @@ static int getproviderstate(const char *
+ return res;
+ }
+
+-static void devstate_event(const char *device, enum ast_device_state state)
++static void devstate_event(const char *device, enum ast_device_state state, int cachable)
+ {
+ struct ast_event *event;
+ enum ast_event_type event_type;
+@@ -438,18 +440,23 @@ static void devstate_event(const char *d
+ ast_debug(3, "device '%s' state '%d'\n", device, state);
+
+ if (!(event = ast_event_new(event_type,
+- AST_EVENT_IE_DEVICE, AST_EVENT_IE_PLTYPE_STR, device,
+- AST_EVENT_IE_STATE, AST_EVENT_IE_PLTYPE_UINT, state,
+- AST_EVENT_IE_END))) {
++ AST_EVENT_IE_DEVICE, AST_EVENT_IE_PLTYPE_STR, device,
++ AST_EVENT_IE_STATE, AST_EVENT_IE_PLTYPE_UINT, state,
++ AST_EVENT_IE_CACHABLE, AST_EVENT_IE_PLTYPE_UINT, cachable,
++ AST_EVENT_IE_END))) {
+ return;
+ }
+
+- ast_event_queue_and_cache(event);
++ if (cachable) {
++ ast_event_queue_and_cache(event);
++ } else {
++ ast_event_queue(event);
++ }
+ }
+
+ /*! Called by the state change thread to find out what the state is, and then
+ * to queue up the state change event */
+-static void do_state_change(const char *device)
++static void do_state_change(const char *device, int cachable)
+ {
+ enum ast_device_state state;
+
+@@ -457,10 +464,10 @@ static void do_state_change(const char *
+
+ ast_debug(3, "Changing state for %s - state %d (%s)\n", device, state, ast_devstate2str(state));
+
+- devstate_event(device, state);
++ devstate_event(device, state, cachable);
+ }
+
+-int ast_devstate_changed_literal(enum ast_device_state state, const char *device)
++int ast_devstate_changed_literal(enum ast_device_state state, enum ast_devstate_cache cachable, const char *device)
+ {
+ struct state_change *change;
+
+@@ -481,14 +488,15 @@ int ast_devstate_changed_literal(enum as
+ */
+
+ if (state != AST_DEVICE_UNKNOWN) {
+- devstate_event(device, state);
++ devstate_event(device, state, cachable);
+ } else if (change_thread == AST_PTHREADT_NULL || !(change = ast_calloc(1, sizeof(*change) + strlen(device)))) {
+ /* we could not allocate a change struct, or */
+ /* there is no background thread, so process the change now */
+- do_state_change(device);
++ do_state_change(device, cachable);
+ } else {
+ /* queue the change */
+ strcpy(change->device, device);
++ change->cachable = cachable;
+ AST_LIST_LOCK(&state_changes);
+ AST_LIST_INSERT_TAIL(&state_changes, change, list);
+ ast_cond_signal(&change_pending);
+@@ -500,10 +508,10 @@ int ast_devstate_changed_literal(enum as
+
+ int ast_device_state_changed_literal(const char *dev)
+ {
+- return ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, dev);
++ return ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, dev);
+ }
+
+-int ast_devstate_changed(enum ast_device_state state, const char *fmt, ...)
++int ast_devstate_changed(enum ast_device_state state, enum ast_devstate_cache cachable, const char *fmt, ...)
+ {
+ char buf[AST_MAX_EXTENSION];
+ va_list ap;
+@@ -512,7 +520,7 @@ int ast_devstate_changed(enum ast_device
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+
+- return ast_devstate_changed_literal(state, buf);
++ return ast_devstate_changed_literal(state, cachable, buf);
+ }
+
+ int ast_device_state_changed(const char *fmt, ...)
+@@ -524,7 +532,7 @@ int ast_device_state_changed(const char
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+
+- return ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, buf);
++ return ast_devstate_changed_literal(AST_DEVICE_UNKNOWN, AST_DEVSTATE_CACHABLE, buf);
+ }
+
+ /*! \brief Go through the dev state change queue and update changes in the dev state thread */
+@@ -544,7 +552,7 @@ static void *do_devstate_changes(void *d
+ /* Process each state change */
+ while ((current = next)) {
+ next = AST_LIST_NEXT(current, list);
+- do_state_change(current->device);
++ do_state_change(current->device, current->cachable);
+ ast_free(current);
+ }
+ }
+@@ -588,7 +596,7 @@ static void devstate_cache_cb(const stru
+ collection->num_states++;
+ }
+
+-static void process_collection(const char *device, struct change_collection *collection)
++static void process_collection(const char *device, enum ast_devstate_cache cachable, struct change_collection *collection)
+ {
+ int i;
+ struct ast_devstate_aggregate agg;
+@@ -639,7 +647,11 @@ static void process_collection(const cha
+ return;
+ }
+
+- ast_event_queue_and_cache(event);
++ if (cachable) {
++ ast_event_queue_and_cache(event);
++ } else {
++ ast_event_queue(event);
++ }
+ }
+
+ static void handle_devstate_change(struct devstate_change *sc)
+@@ -665,7 +677,7 @@ static void handle_devstate_change(struc
+ /* Populate the collection of device states from the cache */
+ ast_event_dump_cache(tmp_sub);
+
+- process_collection(sc->device, &collection);
++ process_collection(sc->device, sc->cachable, &collection);
+
+ ast_event_sub_destroy(tmp_sub);
+ }
+@@ -694,10 +706,12 @@ static void devstate_change_collector_cb
+ const char *device;
+ const struct ast_eid *eid;
+ uint32_t state;
++ enum ast_devstate_cache cachable = AST_DEVSTATE_CACHABLE;
+
+ device = ast_event_get_ie_str(event, AST_EVENT_IE_DEVICE);
+ eid = ast_event_get_ie_raw(event, AST_EVENT_IE_EID);
+ state = ast_event_get_ie_uint(event, AST_EVENT_IE_STATE);
++ cachable = ast_event_get_ie_uint(event, AST_EVENT_IE_CACHABLE);
+
+ if (ast_strlen_zero(device) || !eid) {
+ ast_log(LOG_ERROR, "Invalid device state change event received\n");
+@@ -710,6 +724,7 @@ static void devstate_change_collector_cb
+ strcpy(sc->device, device);
+ sc->eid = *eid;
+ sc->state = state;
++ sc->cachable = cachable;
+
+ ast_mutex_lock(&devstate_collector.lock);
+ AST_LIST_INSERT_TAIL(&devstate_collector.devstate_change_q, sc, entry);
+--- a/main/event.c
++++ b/main/event.c
+@@ -264,6 +264,7 @@ static const struct ie_map {
+ [AST_EVENT_IE_CHALLENGE] = { AST_EVENT_IE_PLTYPE_STR, "Challenge" },
+ [AST_EVENT_IE_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "Response" },
+ [AST_EVENT_IE_EXPECTED_RESPONSE] = { AST_EVENT_IE_PLTYPE_STR, "ExpectedResponse" },
++ [AST_EVENT_IE_CACHABLE] = { AST_EVENT_IE_PLTYPE_UINT, "Cachable" },
+ };
+
+ const char *ast_event_get_type_name(const struct ast_event *event)
+--- a/main/features.c
++++ b/main/features.c
+@@ -1061,7 +1061,7 @@ static void notify_metermaids(const char
+ ast_debug(4, "Notification of state change to metermaids %s@%s\n to state '%s'",
+ exten, context, ast_devstate2str(state));
+
+- ast_devstate_changed(state, "park:%s@%s", exten, context);
++ ast_devstate_changed(state, AST_DEVSTATE_CACHABLE, "park:%s@%s", exten, context);
+ }
+
+ /*! \brief metermaids callback from devicestate.c */
+--- a/res/res_calendar.c
++++ b/res/res_calendar.c
+@@ -571,9 +571,9 @@ static struct ast_calendar_event *destro
+ * but haven't hit the end event yet, go ahead and set the devicestate to the current busy status */
+ if (event->bs_start_sched < 0 && event->bs_end_sched >= 0) {
+ if (!calendar_is_busy(event->owner)) {
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Calendar:%s", event->owner->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Calendar:%s", event->owner->name);
+ } else {
+- ast_devstate_changed(AST_DEVICE_BUSY, "Calendar:%s", event->owner->name);
++ ast_devstate_changed(AST_DEVICE_BUSY, AST_DEVSTATE_CACHABLE, "Calendar:%s", event->owner->name);
+ }
+ }
+
+@@ -814,9 +814,9 @@ static int calendar_devstate_change(cons
+ /* We can have overlapping events, so ignore the event->busy_state and check busy state
+ * based on all events in the calendar */
+ if (!calendar_is_busy(event->owner)) {
+- ast_devstate_changed(AST_DEVICE_NOT_INUSE, "Calendar:%s", event->owner->name);
++ ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "Calendar:%s", event->owner->name);
+ } else {
+- ast_devstate_changed(AST_DEVICE_BUSY, "Calendar:%s", event->owner->name);
++ ast_devstate_changed(AST_DEVICE_BUSY, AST_DEVSTATE_CACHABLE, "Calendar:%s", event->owner->name);
+ }
+
+ event = ast_calendar_unref_event(event);
+--- a/res/res_jabber.c
++++ b/res/res_jabber.c
+@@ -350,7 +350,7 @@ static char *aji_cli_create_leafnode(str
+ static void aji_create_affiliations(struct aji_client *client, const char *node);
+ static iks* aji_pubsub_iq_create(struct aji_client *client, const char *type);
+ static void aji_publish_device_state(struct aji_client *client, const char * device,
+- const char *device_state);
++ const char *device_state, unsigned int cachable);
+ static int aji_handle_pubsub_error(void *data, ikspak *pak);
+ static int aji_handle_pubsub_event(void *data, ikspak *pak);
+ static void aji_pubsub_subscribe(struct aji_client *client, const char *node);
+@@ -364,7 +364,7 @@ static void aji_publish_mwi(struct aji_c
+ static void aji_devstate_cb(const struct ast_event *ast_event, void *data);
+ static void aji_mwi_cb(const struct ast_event *ast_event, void *data);
+ static iks* aji_build_publish_skeleton(struct aji_client *client, const char *node,
+- const char *event_type);
++ const char *event_type, unsigned int cachable);
+ /* No transports in this version */
+ /*
+ static int aji_create_transport(char *label, struct aji_client *client);
+@@ -3198,6 +3198,7 @@ static void aji_devstate_cb(const struct
+ {
+ const char *device;
+ const char *device_state;
++ unsigned int cachable;
+ struct aji_client *client;
+ if (ast_eid_cmp(&ast_eid_default, ast_event_get_ie_raw(ast_event, AST_EVENT_IE_EID)))
+ {
+@@ -3209,7 +3210,8 @@ static void aji_devstate_cb(const struct
+ client = ASTOBJ_REF((struct aji_client *) data);
+ device = ast_event_get_ie_str(ast_event, AST_EVENT_IE_DEVICE);
+ device_state = ast_devstate_str(ast_event_get_ie_uint(ast_event, AST_EVENT_IE_STATE));
+- aji_publish_device_state(client, device, device_state);
++ cachable = ast_event_get_ie_uint(ast_event, AST_EVENT_IE_CACHABLE);
++ aji_publish_device_state(client, device, device_state, cachable);
+ ASTOBJ_UNREF(client, ast_aji_client_destroy);
+ }
+
+@@ -3249,11 +3251,13 @@ static void aji_init_event_distribution(
+ */
+ static int aji_handle_pubsub_event(void *data, ikspak *pak)
+ {
+- char *item_id, *device_state, *context;
++ char *item_id, *device_state, *context, *cachable_str;
+ int oldmsgs, newmsgs;
+ iks *item, *item_content;
+ struct ast_eid pubsub_eid;
+ struct ast_event *event;
++ unsigned int cachable = AST_DEVSTATE_CACHABLE;
++
+ item = iks_find(iks_find(iks_find(pak->x, "event"), "items"), "item");
+ if (!item) {
+ ast_log(LOG_ERROR, "Could not parse incoming PubSub event\n");
+@@ -3268,11 +3272,14 @@ static int aji_handle_pubsub_event(void
+ }
+ if (!strcasecmp(iks_name(item_content), "state")) {
+ device_state = iks_find_cdata(item, "state");
++ if ((cachable_str = iks_find_cdata(item, "cachable"))) {
++ sscanf(cachable_str, "%30d", &cachable);
++ }
+ if (!(event = ast_event_new(AST_EVENT_DEVICE_STATE_CHANGE,
+- AST_EVENT_IE_DEVICE, AST_EVENT_IE_PLTYPE_STR, item_id, AST_EVENT_IE_STATE,
+- AST_EVENT_IE_PLTYPE_UINT, ast_devstate_val(device_state), AST_EVENT_IE_EID,
+- AST_EVENT_IE_PLTYPE_RAW, &pubsub_eid, sizeof(pubsub_eid),
+- AST_EVENT_IE_END))) {
++ AST_EVENT_IE_DEVICE, AST_EVENT_IE_PLTYPE_STR, item_id, AST_EVENT_IE_STATE,
++ AST_EVENT_IE_PLTYPE_UINT, ast_devstate_val(device_state), AST_EVENT_IE_EID,
++ AST_EVENT_IE_PLTYPE_RAW, &pubsub_eid, sizeof(pubsub_eid),
++ AST_EVENT_IE_END))) {
+ return IKS_FILTER_EAT;
+ }
+ } else if (!strcasecmp(iks_name(item_content), "mailbox")) {
+@@ -3292,7 +3299,13 @@ static int aji_handle_pubsub_event(void
+ iks_name(item_content));
+ return IKS_FILTER_EAT;
+ }
+- ast_event_queue_and_cache(event);
++
++ if (cachable == AST_DEVSTATE_CACHABLE) {
++ ast_event_queue_and_cache(event);
++ } else {
++ ast_event_queue(event);
++ }
++
+ return IKS_FILTER_EAT;
+ }
+
+@@ -3367,7 +3380,7 @@ static void aji_pubsub_subscribe(struct
+ * \return iks *
+ */
+ static iks* aji_build_publish_skeleton(struct aji_client *client, const char *node,
+- const char *event_type)
++ const char *event_type, unsigned int cachable)
+ {
+ iks *request = aji_pubsub_iq_create(client, "set");
+ iks *pubsub, *publish, *item;
+@@ -3381,8 +3394,24 @@ static iks* aji_build_publish_skeleton(s
+ }
+ item = iks_insert(publish, "item");
+ iks_insert_attrib(item, "id", node);
+- return item;
+
++ if (cachable == AST_DEVSTATE_NOT_CACHABLE) {
++ iks *options, *x, *field_form_type, *field_persist;
++
++ options = iks_insert(pubsub, "publish-options");
++ x = iks_insert(options, "x");
++ iks_insert_attrib(x, "xmlns", "jabber:x:data");
++ iks_insert_attrib(x, "type", "submit");
++ field_form_type = iks_insert(x, "field");
++ iks_insert_attrib(field_form_type, "var", "FORM_TYPE");
++ iks_insert_attrib(field_form_type, "type", "hidden");
++ iks_insert_cdata(iks_insert(field_form_type, "value"), "http://jabber.org/protocol/pubsub#publish-options";, 0);
++ field_persist = iks_insert(x, "field");
++ iks_insert_attrib(field_persist, "var", "pubsub#persist_items");
++ iks_insert_cdata(iks_insert(field_persist, "value"), "0", 1);
++ }
++
++ return item;
+ }
+
+ /*!
+@@ -3393,11 +3422,11 @@ static iks* aji_build_publish_skeleton(s
+ * \return void
+ */
+ static void aji_publish_device_state(struct aji_client *client, const char *device,
+- const char *device_state)
++ const char *device_state, unsigned int cachable)
+ {
+- iks *request = aji_build_publish_skeleton(client, device, "device_state");
++ iks *request = aji_build_publish_skeleton(client, device, "device_state", cachable);
+ iks *state;
+- char eid_str[20];
++ char eid_str[20], cachable_str[2];
+ if (ast_test_flag(&pubsubflags, AJI_PUBSUB_AUTOCREATE)) {
+ if (ast_test_flag(&pubsubflags, AJI_XEP0248)) {
+ aji_create_pubsub_node(client, "leaf", device, "device_state");
+@@ -3409,6 +3438,8 @@ static void aji_publish_device_state(str
+ state = iks_insert(request, "state");
+ iks_insert_attrib(state, "xmlns", "http://asterisk.org";);
+ iks_insert_attrib(state, "eid", eid_str);
++ snprintf(cachable_str, sizeof(cachable_str), "%u", cachable);
++ iks_insert_attrib(state, "cachable", cachable_str);
+ iks_insert_cdata(state, device_state, strlen(device_state));
+ ast_aji_send(client, iks_root(request));
+ iks_delete(request);
+@@ -3428,7 +3459,7 @@ static void aji_publish_mwi(struct aji_c
+ char eid_str[20];
+ iks *mailbox_node, *request;
+ snprintf(full_mailbox, sizeof(full_mailbox), "%s@%s", mailbox, context);
+- request = aji_build_publish_skeleton(client, full_mailbox, "message_waiting");
++ request = aji_build_publish_skeleton(client, full_mailbox, "message_waiting", 1);
+ ast_eid_to_str(eid_str, sizeof(eid_str), &ast_eid_default);
+ mailbox_node = iks_insert(request, "mailbox");
+ iks_insert_attrib(mailbox_node, "xmlns", "http://asterisk.org";);
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-002 asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-002
--- asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-002 1970-01-01 02:00:00.000000000 +0200
+++ asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-002 2013-03-28 10:19:22.000000000 +0200
@@ -0,0 +1,55 @@
+From: Matthew Jordan <mjordan@digium.com>
+Date: Wed, 27 Mar 2013 14:35:11 +0000
+Subject: AST-2013-002: Prevent denial of service in HTTP server
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=383976
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-20967
+CVE: CVE-2013-2686
+
+AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
+HTTP server for a remotely-triggered crash. While the fix put in place fixed
+the possibility for the crash to be triggered, a denial of service vector still
+exists with that solution if an attacker sends one or more HTTP POST requests
+with very large Content-Length values. This patch resolves this by capping
+the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
+Content-Length greater than this cap will not result in any memory allocation.
+The POST will be responded to with an HTTP 413 "Request Entity Too Large"
+response.
+
+This issue was reported by Christoph Hebeisen of TELUS Security Labs
+
+See Also: http://downloads.asterisk.org/pub/security/AST-2013-002.html
+
+---
+ main/http.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/main/http.c b/main/http.c
+index 1b5f2b6..4b73acb 100644
+--- a/main/http.c
++++ b/main/http.c
+@@ -612,6 +612,8 @@ static void http_decode(char *s)
+ ast_uri_decode(s);
+ }
+
++#define MAX_POST_CONTENT 1025
++
+ /*
+ * get post variables from client Request Entity-Body, if content type is
+ * application/x-www-form-urlencoded
+@@ -644,6 +646,13 @@ struct ast_variable *ast_http_get_post_vars(
+ return NULL;
+ }
+
++ if (content_length > MAX_POST_CONTENT - 1) {
++ ast_log(LOG_WARNING, "Excessively long HTTP content. %d is greater than our max of %d\n",
++ content_length, MAX_POST_CONTENT);
++ ast_http_send(ser, AST_HTTP_POST, 413, "Request Entity Too Large", NULL, NULL, 0, 0);
++ return NULL;
++ }
++
+ buf = ast_malloc(content_length + 1);
+ if (!buf) {
+ return NULL;
+--
+1.7.10.4
+
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-003 asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-003
--- asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-003 1970-01-01 02:00:00.000000000 +0200
+++ asterisk-1.8.13.1~dfsg/debian/patches/AST-2013-003 2013-04-06 14:15:37.000000000 +0300
@@ -0,0 +1,370 @@
+From: Matthew Jordan <mjordan@digium.com>
+Date: Wed, 27 Mar 2013 14:53:13 +0000
+Subject: AST-2013-003: Prevent username disclosure in SIP channel driver
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-21013
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=383981
+CVE: CVE-2013-2264
+
+When authenticating a SIP request with alwaysauthreject enabled, allowguest
+disabled, and autocreatepeer disabled, Asterisk discloses whether a user
+exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways. The
+information is disclosed when:
+ * A "407 Proxy Authentication Required" response is sent instead of a
+ "401 Unauthorized" response
+ * The presence or absence of additional tags occurs at the end of "403
+ Forbidden" (such as "(Bad Auth)")
+ * A "401 Unauthorized" response is sent instead of "403 Forbidden" response
+ after a retransmission
+ * Retransmission are sent when a matching peer did not exist, but not when a
+ matching peer did exist.
+
+This patch resolves these various vectors by ensuring that the responses sent
+in all scenarios is the same, regardless of the presence of a matching peer.
+
+This issue was reported by Walter Doekes, OSSO B.V. A substantial portion of
+the testing and the solution to this problem was done by Walter as well - a
+huge thanks to his tireless efforts in finding all the ways in which this
+setting didn't work, providing automated tests, and working with Kinsey on
+getting this fixed.
+
+Patch slightly adapted due to irrelevant changes in r367362.
+
+See Also: http://downloads.asterisk.org/pub/security/AST-2013-003.html
+
+---
+ channels/chan_sip.c | 128 ++++++++++++++++++++++++++++----------------
+ channels/sip/include/sip.h | 1 -
+ 2 files changed, 83 insertions(+), 46 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -1110,6 +1110,11 @@ static struct ao2_container *threadt;
+ static struct ao2_container *peers;
+ static struct ao2_container *peers_by_ip;
+
++/*! \brief A bogus peer, to be used when authentication should fail */
++static struct sip_peer *bogus_peer;
++/*! \brief We can recognise the bogus peer by this invalid MD5 hash */
++#define BOGUS_PEER_MD5SECRET "intentionally_invalid_md5_string"
++
+ /*! \brief The register list: Other SIP proxies we register with and receive calls from */
+ static struct ast_register_list {
+ ASTOBJ_CONTAINER_COMPONENTS(struct sip_registry);
+@@ -1250,7 +1255,7 @@ static int transmit_response_with_unsupp
+ static int transmit_response_with_auth(struct sip_pvt *p, const char *msg, const struct sip_request *req, const char *rand, enum xmittype reliable, const char *header, int stale);
+ static int transmit_provisional_response(struct sip_pvt *p, const char *msg, const struct sip_request *req, int with_sdp);
+ static int transmit_response_with_allow(struct sip_pvt *p, const char *msg, const struct sip_request *req, enum xmittype reliable);
+-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable);
++static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable);
+ static int transmit_request(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
+ static int transmit_request_with_auth(struct sip_pvt *p, int sipmethod, uint32_t seqno, enum xmittype reliable, int newbranch);
+ static int transmit_publish(struct sip_epa_entry *epa_entry, enum sip_publish_type publish_type, const char * const explicit_uri);
+@@ -14621,6 +14626,7 @@ static enum check_auth_result check_auth
+ char a1_hash[256];
+ char resp_hash[256]="";
+ char *c;
++ int is_bogus_peer = 0;
+ int wrongnonce = FALSE;
+ int good_response;
+ const char *usednonce = p->randdata;
+@@ -14715,8 +14721,14 @@ static enum check_auth_result check_auth
+ }
+ }
+
++ /* We cannot rely on the bogus_peer having a bad md5 value. Someone could
++ * use it to construct valid auth. */
++ if (md5secret && strcmp(md5secret, BOGUS_PEER_MD5SECRET) == 0) {
++ is_bogus_peer = 1;
++ }
++
+ /* Verify that digest username matches the username we auth as */
+- if (strcmp(username, keys[K_USER].s)) {
++ if (strcmp(username, keys[K_USER].s) && !is_bogus_peer) {
+ ast_log(LOG_WARNING, "username mismatch, have <%s>, digest has <%s>\n",
+ username, keys[K_USER].s);
+ /* Oops, we're trying something here */
+@@ -14755,7 +14767,8 @@ static enum check_auth_result check_auth
+ }
+
+ good_response = keys[K_RESP].s &&
+- !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash));
++ !strncasecmp(keys[K_RESP].s, resp_hash, strlen(resp_hash)) &&
++ !is_bogus_peer; /* lastly, check that the peer isn't the fake peer */
+ if (wrongnonce) {
+ if (good_response) {
+ if (sipdebug)
+@@ -14899,7 +14912,7 @@ static int cb_extensionstate(char *conte
+ /*! \brief Send a fake 401 Unauthorized response when the administrator
+ wants to hide the names of local devices from fishers
+ */
+-static void transmit_fake_auth_response(struct sip_pvt *p, int sipmethod, struct sip_request *req, enum xmittype reliable)
++static void transmit_fake_auth_response(struct sip_pvt *p, struct sip_request *req, enum xmittype reliable)
+ {
+ /* We have to emulate EXACTLY what we'd get with a good peer
+ * and a bad password, or else we leak information. */
+@@ -14938,13 +14951,13 @@ static void transmit_fake_auth_response(
+ }
+
+ if (!(buf = ast_str_thread_get(&check_auth_buf, CHECK_AUTH_BUF_INITLEN))) {
+- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
++ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
+ return;
+ }
+
+ /* Make a copy of the response and parse it */
+ if (ast_str_set(&buf, 0, "%s", authtoken) == AST_DYNSTR_BUILD_FAILED) {
+- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
++ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
+ return;
+ }
+
+@@ -14982,7 +14995,7 @@ static void transmit_fake_auth_response(
+ /* Schedule auto destroy in 32 seconds */
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ } else {
+- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
++ __transmit_response(p, "403 Forbidden", &p->initreq, reliable);
+ }
+ }
+
+@@ -15077,7 +15090,7 @@ static enum check_auth_result register_v
+ if (!AST_LIST_EMPTY(&domain_list)) {
+ if (!check_sip_domain(domain, NULL, 0)) {
+ if (sip_cfg.alwaysauthreject) {
+- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
++ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
+ } else {
+ transmit_response(p, "404 Not found (unknown domain)", &p->initreq);
+ }
+@@ -15104,6 +15117,13 @@ static enum check_auth_result register_v
+ }
+ peer = find_peer(name, NULL, TRUE, FINDPEERS, FALSE, 0);
+
++ /* If we don't want username disclosure, use the bogus_peer when a user
++ * is not found. */
++ if (!peer && sip_cfg.alwaysauthreject && !sip_cfg.autocreatepeer) {
++ peer = bogus_peer;
++ ref_peer(peer, "register_verify: ref the bogus_peer");
++ }
++
+ if (!(peer && ast_apply_ha(peer->ha, addr))) {
+ /* Peer fails ACL check */
+ if (peer) {
+@@ -15183,7 +15203,7 @@ static enum check_auth_result register_v
+ switch (parse_register_contact(p, peer, req)) {
+ case PARSE_REGISTER_DENIED:
+ ast_log(LOG_WARNING, "Registration denied because of contact ACL\n");
+- transmit_response_with_date(p, "403 Forbidden (ACL)", req);
++ transmit_response_with_date(p, "403 Forbidden", req);
+ peer->lastmsgssent = -1;
+ res = 0;
+ break;
+@@ -15218,7 +15238,7 @@ static enum check_auth_result register_v
+ switch (res) {
+ case AUTH_SECRET_FAILED:
+ /* Wrong password in authentication. Go away, don't try again until you fixed it */
+- transmit_response(p, "403 Forbidden (Bad auth)", &p->initreq);
++ transmit_response(p, "403 Forbidden", &p->initreq);
+ if (global_authfailureevents) {
+ const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
+ const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
+@@ -15241,7 +15261,7 @@ static enum check_auth_result register_v
+ case AUTH_PEER_NOT_DYNAMIC:
+ case AUTH_ACL_FAILED:
+ if (sip_cfg.alwaysauthreject) {
+- transmit_fake_auth_response(p, SIP_REGISTER, &p->initreq, XMIT_UNRELIABLE);
++ transmit_fake_auth_response(p, &p->initreq, XMIT_UNRELIABLE);
+ if (global_authfailureevents) {
+ const char *peer_addr = ast_strdupa(ast_sockaddr_stringify_addr(addr));
+ const char *peer_port = ast_strdupa(ast_sockaddr_stringify_port(addr));
+@@ -16242,7 +16262,19 @@ static enum check_auth_result check_peer
+ ast_verbose("No matching peer for '%s' from '%s'\n",
+ of, ast_sockaddr_stringify(&p->recv));
+ }
+- return AUTH_DONT_KNOW;
++
++ /* If you don't mind, we can return 404s for devices that do
++ * not exist: username disclosure. If we allow guests, there
++ * is no way around that. */
++ if (sip_cfg.allowguest || !sip_cfg.alwaysauthreject) {
++ return AUTH_DONT_KNOW;
++ }
++
++ /* If you do mind, we use a peer that will never authenticate.
++ * This ensures that we follow the same code path as regular
++ * auth: less chance for username disclosure. */
++ peer = bogus_peer;
++ ref_peer(peer, "ref_peer: check_peer_ok: must ref bogus_peer so unreffing it does not fail");
+ }
+
+ if (!ast_apply_ha(peer->ha, addr)) {
+@@ -16250,9 +16282,10 @@ static enum check_auth_result check_peer
+ unref_peer(peer, "unref_peer: check_peer_ok: from find_peer call, early return of AUTH_ACL_FAILED");
+ return AUTH_ACL_FAILED;
+ }
+- if (debug)
++ if (debug && peer != bogus_peer) {
+ ast_verbose("Found peer '%s' for '%s' from %s\n",
+ peer->name, of, ast_sockaddr_stringify(&p->recv));
++ }
+
+ /* XXX what about p->prefs = peer->prefs; ? */
+ /* Set Frame packetization */
+@@ -16517,8 +16550,6 @@ static enum check_auth_result check_user
+ } else {
+ res = AUTH_RTP_FAILED;
+ }
+- } else if (sip_cfg.alwaysauthreject) {
+- res = AUTH_FAKE_AUTH; /* reject with fake authorization request */
+ } else {
+ res = AUTH_SECRET_FAILED; /* we don't want any guests, authentication will fail */
+ }
+@@ -22225,13 +22256,8 @@ static int handle_request_options(struct
+ return 0;
+ }
+ if (res < 0) { /* Something failed in authentication */
+- if (res == AUTH_FAKE_AUTH) {
+- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+- transmit_fake_auth_response(p, SIP_OPTIONS, req, XMIT_UNRELIABLE);
+- } else {
+- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+- transmit_response(p, "403 Forbidden", req);
+- }
++ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
++ transmit_response(p, "403 Forbidden", req);
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ return 0;
+ }
+@@ -22896,13 +22922,8 @@ static int handle_request_invite(struct
+ goto request_invite_cleanup;
+ }
+ if (res < 0) { /* Something failed in authentication */
+- if (res == AUTH_FAKE_AUTH) {
+- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
+- } else {
+- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+- transmit_response_reliable(p, "403 Forbidden", req);
+- }
++ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
++ transmit_response_reliable(p, "403 Forbidden", req);
+ p->invitestate = INV_COMPLETED;
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ res = 0;
+@@ -24712,18 +24733,13 @@ static int handle_request_publish(struct
+ return -1;
+ }
+
+- auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_RELIABLE, addr);
++ auth_result = check_user(p, req, SIP_PUBLISH, uri, XMIT_UNRELIABLE, addr);
+ if (auth_result == AUTH_CHALLENGE_SENT) {
+ p->lastinvite = seqno;
+ return 0;
+ } else if (auth_result < 0) {
+- if (auth_result == AUTH_FAKE_AUTH) {
+- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+- transmit_fake_auth_response(p, SIP_INVITE, req, XMIT_RELIABLE);
+- } else {
+- ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
+- transmit_response_reliable(p, "403 Forbidden", req);
+- }
++ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
++ transmit_response(p, "403 Forbidden", req);
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ ast_string_field_set(p, theirtag, NULL);
+ return 0;
+@@ -24938,19 +24954,14 @@ static int handle_request_subscribe(stru
+ * use if !req->ignore, because then we'll end up sending
+ * a 200 OK if someone retransmits without sending auth */
+ if (p->subscribed == NONE || resubscribe) {
+- res = check_user_full(p, req, SIP_SUBSCRIBE, e, 0, addr, &authpeer);
++ res = check_user_full(p, req, SIP_SUBSCRIBE, e, XMIT_UNRELIABLE, addr, &authpeer);
+
+ /* if an authentication response was sent, we are done here */
+ if (res == AUTH_CHALLENGE_SENT) /* authpeer = NULL here */
+ return 0;
+ if (res != AUTH_SUCCESSFUL) {
+- if (res == AUTH_FAKE_AUTH) {
+- ast_log(LOG_NOTICE, "Sending fake auth rejection for device %s\n", get_header(req, "From"));
+- transmit_fake_auth_response(p, SIP_SUBSCRIBE, req, XMIT_UNRELIABLE);
+- } else {
+- ast_log(LOG_NOTICE, "Failed to authenticate device %s for SUBSCRIBE\n", get_header(req, "From"));
+- transmit_response_reliable(p, "403 Forbidden", req);
+- }
++ ast_log(LOG_NOTICE, "Failed to authenticate device %s\n", get_header(req, "From"));
++ transmit_response(p, "403 Forbidden", req);
+
+ pvt_set_needdestroy(p, "authentication failed");
+ return 0;
+@@ -29988,6 +29999,7 @@ static int sip_do_reload(enum channelrel
+ /*! \brief Force reload of module from cli */
+ static char *sip_reload(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
+ {
++ static struct sip_peer *tmp_peer, *new_peer;
+
+ switch (cmd) {
+ case CLI_INIT:
+@@ -30010,6 +30022,18 @@ static char *sip_reload(struct ast_cli_e
+ ast_mutex_unlock(&sip_reload_lock);
+ restart_monitor();
+
++ tmp_peer = bogus_peer;
++ /* Create new bogus peer possibly with new global settings. */
++ if ((new_peer = temp_peer("(bogus_peer)"))) {
++ ast_string_field_set(new_peer, md5secret, BOGUS_PEER_MD5SECRET);
++ ast_clear_flag(&new_peer->flags[0], SIP_INSECURE);
++ bogus_peer = new_peer;
++ ao2_t_ref(tmp_peer, -1, "unref the old bogus_peer during reload");
++ } else {
++ ast_log(LOG_ERROR, "Could not update the fake authentication peer.\n");
++ /* You probably have bigger (memory?) issues to worry about though.. */
++ }
++
+ return CLI_SUCCESS;
+ }
+
+@@ -31130,6 +31154,17 @@ static int load_module(void)
+ return AST_MODULE_LOAD_DECLINE;
+ }
+
++ /* Initialize bogus peer. Can be done first after reload_config() */
++ if (!(bogus_peer = temp_peer("(bogus_peer)"))) {
++ ast_log(LOG_ERROR, "Unable to create bogus_peer for authentication\n");
++ io_context_destroy(io);
++ sched_context_destroy(sched);
++ return AST_MODULE_LOAD_FAILURE;
++ }
++ /* Make sure the auth will always fail. */
++ ast_string_field_set(bogus_peer, md5secret, BOGUS_PEER_MD5SECRET);
++ ast_clear_flag(&bogus_peer->flags[0], SIP_INSECURE);
++
+ /* Prepare the version that does not require DTMF BEGIN frames.
+ * We need to use tricks such as memcpy and casts because the variable
+ * has const fields.
+@@ -31140,6 +31175,7 @@ static int load_module(void)
+ /* Make sure we can register our sip channel type */
+ if (ast_channel_register(&sip_tech)) {
+ ast_log(LOG_ERROR, "Unable to register channel type 'SIP'\n");
++ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
+ io_context_destroy(io);
+ sched_context_destroy(sched);
+ return AST_MODULE_LOAD_FAILURE;
+@@ -31378,6 +31414,8 @@ static int unload_module(void)
+ ast_debug(2, "TCP/TLS thread container did not become empty :(\n");
+ }
+
++ ao2_t_ref(bogus_peer, -1, "unref the bogus_peer");
++
+ ao2_t_ref(peers, -1, "unref the peers table");
+ ao2_t_ref(peers_by_ip, -1, "unref the peers_by_ip table");
+ ao2_t_ref(dialogs, -1, "unref the dialogs table");
+--- a/channels/sip/include/sip.h
++++ b/channels/sip/include/sip.h
+@@ -470,7 +470,6 @@ enum check_auth_result {
+ AUTH_SECRET_FAILED = -1,
+ AUTH_USERNAME_MISMATCH = -2,
+ AUTH_NOT_FOUND = -3, /*!< returned by register_verify */
+- AUTH_FAKE_AUTH = -4,
+ AUTH_UNKNOWN_DOMAIN = -5,
+ AUTH_PEER_NOT_DYNAMIC = -6,
+ AUTH_ACL_FAILED = -7,
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/bluetooth_bind asterisk-1.8.13.1~dfsg/debian/patches/bluetooth_bind
--- asterisk-1.8.13.1~dfsg/debian/patches/bluetooth_bind 1970-01-01 02:00:00.000000000 +0200
+++ asterisk-1.8.13.1~dfsg/debian/patches/bluetooth_bind 2013-04-06 14:15:37.000000000 +0300
@@ -0,0 +1,30 @@
+From: Matthew Jordan <mjordan@digium.com>
+Date: Thu, 17 Jan 2013 02:28:31 +0000
+Subject: Fix issue where chan_mobile fails to bind to first available port
+Bug: https://issues.asterisk.org/jira/browse/ASTERISK-16357
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=379342
+
+Per the bluez API, in order to bind to the first available port, the rc_channel
+field of the socket addressing structure used to bind the socket should be set
+to 0. Previously, Asterisk had set the rc_channel field set to 1, causing it
+to connect to whatever happens to be on port 1.
+
+We could probably not explicitly set rc_channel to 0 since we memset the struct
+earlier, but explicitly setting it will hopefully prevent someone from coming
+in and setting it to some explicit port in the future.
+
+---
+ addons/chan_mobile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/addons/chan_mobile.c
++++ b/addons/chan_mobile.c
+@@ -1370,7 +1370,7 @@ static int rfcomm_connect(bdaddr_t src,
+ memset(&addr, 0, sizeof(addr));
+ addr.rc_family = AF_BLUETOOTH;
+ bacpy(&addr.rc_bdaddr, &src);
+- addr.rc_channel = (uint8_t) 1;
++ addr.rc_channel = (uint8_t) 0;
+ if (bind(s, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ ast_debug(1, "bind() failed (%d).\n", errno);
+ close(s);
diff -Nru asterisk-1.8.13.1~dfsg/debian/patches/series asterisk-1.8.13.1~dfsg/debian/patches/series
--- asterisk-1.8.13.1~dfsg/debian/patches/series 2012-08-31 01:57:06.000000000 +0300
+++ asterisk-1.8.13.1~dfsg/debian/patches/series 2013-04-09 02:27:03.000000000 +0300
@@ -28,3 +28,8 @@
AST-2012-012
AST-2012-013
+AST-2012-014
+AST-2012-015
+AST-2013-002
+AST-2013-003
+bluetooth_bind
Reply to: