Update for 22.8.2

The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack.  Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.

Resolves: #GHSA-85x7-54wr-vh42

.version

@@ -1 +1 @@
-22.8.1
+22.8.2

CHANGES.html

@@ -1 +1 @@
-ChangeLogs/ChangeLog-22.8.1.html
+ChangeLogs/ChangeLog-22.8.2.html

CHANGES.md

@@ -1 +1 @@
-ChangeLogs/ChangeLog-22.8.1.md
+ChangeLogs/ChangeLog-22.8.2.md

ChangeLogs/ChangeLog-22.8.2.html

@@ -0,0 +1,103 @@
+<html><head><title>ChangeLog for asterisk-22.8.2</title></head><body>
+<h2>Change Log for Release asterisk-22.8.2</h2>
+<h3>Links:</h3>
+<ul>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.8.2.html">Full ChangeLog</a>  </li>
+<li><a href="https://github.com/asterisk/asterisk/compare/22.8.1...22.8.2">GitHub Diff</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-22.8.2.tar.gz">Tarball</a>  </li>
+<li><a href="https://downloads.asterisk.org/pub/telephony/asterisk">Downloads</a>  </li>
+</ul>
+<h3>Summary:</h3>
+<ul>
+<li>Commits: 4</li>
+<li>Commit Authors: 2</li>
+<li>Issues Resolved: 0</li>
+<li>Security Advisories Resolved: 4</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42">GHSA-85x7-54wr-vh42</a>: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3">GHSA-rvch-3jmx-3jf3</a>: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh">GHSA-v6hp-wh3r-cwxh</a>: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization</li>
+<li><a href="https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c">GHSA-xpc6-x892-v83c</a>: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation </li>
+</ul>
+<h3>User Notes:</h3>
+<ul>
+<li>
+<h4>ast_coredumper: check ast_debug_tools.conf permissions</h4>
+  ast_debug_tools.conf must be owned by root and not be
+  writable by other users or groups to be used by ast_coredumper or
+  by ast_logescalator or ast_loggrabber when run as root.</li>
+</ul>
+<h3>Upgrade Notes:</h3>
+<ul>
+<li>
+<h4>http.c: Change httpstatus to default disabled and sanitize output.</h4>
+  To prevent possible security issues, the <code>/httpstatus</code> page
+  served by the internal web server is now disabled by default.  To explicitly
+  enable it, set <code>enable_status=yes</code> in http.conf.</li>
+</ul>
+<h3>Developer Notes:</h3>
+<h3>Commit Authors:</h3>
+<ul>
+<li>George Joseph: (2)</li>
+<li>Mike Bradeen: (2)</li>
+</ul>
+<h2>Issue and Commit Detail:</h2>
+<h3>Closed Issues:</h3>
+<ul>
+<li>!GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection</li>
+<li>!GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation</li>
+<li>!GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization</li>
+<li>!GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation </li>
+</ul>
+<h3>Commits By Author:</h3>
+<ul>
+<li>
+<h4>George Joseph (2):</h4>
+</li>
+<li>
+<h4>Mike Bradeen (2):</h4>
+</li>
+</ul>
+<h3>Commit List:</h3>
+<ul>
+<li>xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.</li>
+<li>ast_coredumper: check ast_debug_tools.conf permissions</li>
+<li>http.c: Change httpstatus to default disabled and sanitize output.</li>
+<li>ast_coredumper: create gdbinit file with restrictive permissions</li>
+</ul>
+<h3>Commit Details:</h3>
+<h4>xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.</h4>
+<p>Author: George Joseph
+  Date:   2026-01-15</p>
+<p>The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
+  entities, could allow a potential XXE injection attack.  Replacing it with
+  XML_PARSE_NONET, which prevents network access, is safer.</p>
+<p>Resolves: #GHSA-85x7-54wr-vh42</p>
+<h4>ast_coredumper: check ast_debug_tools.conf permissions</h4>
+<p>Author: Mike Bradeen
+  Date:   2026-01-15</p>
+<p>Prevent ast_coredumper from using ast_debug_tools.conf files that are
+  not owned by root or are writable by other users or groups.</p>
+<p>Prevent ast_logescalator and ast_loggrabber from doing the same if
+  they are run as root.</p>
+<p>Resolves: #GHSA-rvch-3jmx-3jf3</p>
+<p>UserNote: ast_debug_tools.conf must be owned by root and not be
+  writable by other users or groups to be used by ast_coredumper or
+  by ast_logescalator or ast_loggrabber when run as root.</p>
+<h4>http.c: Change httpstatus to default disabled and sanitize output.</h4>
+<p>Author: George Joseph
+  Date:   2026-01-15</p>
+<p>To address potential security issues, the httpstatus page is now disabled
+  by default and the echoed query string and cookie output is html-escaped.</p>
+<p>Resolves: #GHSA-v6hp-wh3r-cwxh</p>
+<p>UpgradeNote: To prevent possible security issues, the <code>/httpstatus</code> page
+  served by the internal web server is now disabled by default.  To explicitly
+  enable it, set <code>enable_status=yes</code> in http.conf.</p>
+<h4>ast_coredumper: create gdbinit file with restrictive permissions</h4>
+<p>Author: Mike Bradeen
+  Date:   2026-01-15</p>
+<p>Modify gdbinit to use the install command with explicit permissions (-m 600)
+  when creating the .ast_coredumper.gdbinit file. This ensures the file is
+  created with restricted permissions (readable/writable only by the owner)
+  to avoid potential privilege escalation.</p>
+<p>Resolves: #GHSA-xpc6-x892-v83c</p>
+</body></html>

ChangeLogs/ChangeLog-22.8.2.md

@@ -0,0 +1,119 @@
+
+## Change Log for Release asterisk-22.8.2
+
+### Links:
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.8.2.html)  
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/22.8.1...22.8.2)  
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-22.8.2.tar.gz)  
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  
+
+### Summary:
+
+- Commits: 4
+- Commit Authors: 2
+- Issues Resolved: 0
+- Security Advisories Resolved: 4
+  - [GHSA-85x7-54wr-vh42](https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42): Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
+  - [GHSA-rvch-3jmx-3jf3](https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3): ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
+  - [GHSA-v6hp-wh3r-cwxh](https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh): The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
+  - [GHSA-xpc6-x892-v83c](https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c): ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation 
+
+### User Notes:
+
+- #### ast_coredumper: check ast_debug_tools.conf permissions
+  ast_debug_tools.conf must be owned by root and not be
+  writable by other users or groups to be used by ast_coredumper or
+  by ast_logescalator or ast_loggrabber when run as root.
+
+
+### Upgrade Notes:
+
+- #### http.c: Change httpstatus to default disabled and sanitize output.
+  To prevent possible security issues, the `/httpstatus` page
+  served by the internal web server is now disabled by default.  To explicitly
+  enable it, set `enable_status=yes` in http.conf.
+
+
+### Developer Notes:
+
+
+### Commit Authors:
+
+- George Joseph: (2)
+- Mike Bradeen: (2)
+
+## Issue and Commit Detail:
+
+### Closed Issues:
+
+  - !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
+  - !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
+  - !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
+  - !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation 
+
+### Commits By Author:
+
+- #### George Joseph (2):
+
+- #### Mike Bradeen (2):
+
+### Commit List:
+
+-  xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
+-  ast_coredumper: check ast_debug_tools.conf permissions
+-  http.c: Change httpstatus to default disabled and sanitize output.
+-  ast_coredumper: create gdbinit file with restrictive permissions
+
+### Commit Details:
+
+#### xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
+  Author: George Joseph
+  Date:   2026-01-15
+
+  The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
+  entities, could allow a potential XXE injection attack.  Replacing it with
+  XML_PARSE_NONET, which prevents network access, is safer.
+
+  Resolves: #GHSA-85x7-54wr-vh42
+
+#### ast_coredumper: check ast_debug_tools.conf permissions
+  Author: Mike Bradeen
+  Date:   2026-01-15
+
+  Prevent ast_coredumper from using ast_debug_tools.conf files that are
+  not owned by root or are writable by other users or groups.
+
+  Prevent ast_logescalator and ast_loggrabber from doing the same if
+  they are run as root.
+
+  Resolves: #GHSA-rvch-3jmx-3jf3
+
+  UserNote: ast_debug_tools.conf must be owned by root and not be
+  writable by other users or groups to be used by ast_coredumper or
+  by ast_logescalator or ast_loggrabber when run as root.
+
+#### http.c: Change httpstatus to default disabled and sanitize output.
+  Author: George Joseph
+  Date:   2026-01-15
+
+  To address potential security issues, the httpstatus page is now disabled
+  by default and the echoed query string and cookie output is html-escaped.
+
+  Resolves: #GHSA-v6hp-wh3r-cwxh
+
+  UpgradeNote: To prevent possible security issues, the `/httpstatus` page
+  served by the internal web server is now disabled by default.  To explicitly
+  enable it, set `enable_status=yes` in http.conf.
+
+#### ast_coredumper: create gdbinit file with restrictive permissions
+  Author: Mike Bradeen
+  Date:   2026-01-15
+
+  Modify gdbinit to use the install command with explicit permissions (-m 600)
+  when creating the .ast_coredumper.gdbinit file. This ensures the file is
+  created with restricted permissions (readable/writable only by the owner)
+  to avoid potential privilege escalation.
+
+  Resolves: #GHSA-xpc6-x892-v83c
+

README.html

@@ -1,4 +1,4 @@
-<html><head><title>Readme for asterisk-22.8.1</title></head><body>
+<html><head><title>Readme for asterisk-22.8.2</title></head><body>
 <h1>The Asterisk(R) Open Source PBX</h1>
 <pre><code>By Mark Spencer &lt;markster@digium.com&gt; and the Asterisk.org developer community.
 Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.</p>
 <p>If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.</p>
 <!-- CHANGELOGS (the URL will change based on the location of this README) -->
-<p><a href="ChangeLogs/ChangeLog-22.8.1.html">Change Logs</a></p>
+<p><a href="ChangeLogs/ChangeLog-22.8.2.html">Change Logs</a></p>
 <!-- END-CHANGELOGS -->
 
 <h3>NEW INSTALLATIONS</h3>

README.md

@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
 <!-- CHANGELOGS (the URL will change based on the location of this README) -->
-[Change Logs](ChangeLogs/ChangeLog-22.8.1.html)
+[Change Logs](ChangeLogs/ChangeLog-22.8.2.html)
 <!-- END-CHANGELOGS -->
 
 ### NEW INSTALLATIONS

configs/samples/http.conf.sample

@@ -69,9 +69,9 @@ bindaddr=127.0.0.1
 ;
 ; Whether Asterisk should serve a status page showing the running
 ; configuration of this built-in HTTP server.
-; Default is yes.
+; Default is no.
 ;
-;enable_status=no
+;enable_status=yes
 ;
 ; Redirect one URI to another.  This is how you would set a
 ; default page.

contrib/scripts/ast_coredumper

@@ -42,11 +42,9 @@ COMMANDLINE_COREDUMPS=false
 
 # Read config files from most important to least important.
 # Variables set on the command line or environment always take precedence.
-# shellcheck disable=SC1091
-[ -f ./ast_debug_tools.conf ] && source ./ast_debug_tools.conf
-# shellcheck disable=SC1090
-[ -f ~/ast_debug_tools.conf ] && source ~/ast_debug_tools.conf
-[ -f /etc/asterisk/ast_debug_tools.conf ] && source /etc/asterisk/ast_debug_tools.conf
+safe_source_config ./ast_debug_tools.conf
+safe_source_config ~/ast_debug_tools.conf
+safe_source_config /etc/asterisk/ast_debug_tools.conf
 
 if [ -n "${DATEFORMAT}" ] ; then
 	err <<-EOF
@@ -117,6 +115,7 @@ if $RUNNING ; then
 		if ${DRY_RUN} ; then
 			echo "Would run: ${GDB} -p $MAIN_PID -q --batch --ex gcore $cf"
 		else
+			install -m 0600 /dev/null "$cf"
 			${GDB} -p "$MAIN_PID" -q --batch --ex "gcore $cf" >/dev/null 2>&1
 		fi
 		echo "$(S_COR "${DRY_RUN}" 'Simulated dump' 'Dump') is complete."
@@ -245,7 +244,7 @@ fi
 
 gdbinit=${OUTPUTDIR}/.ast_coredumper.gdbinit
 trap 'rm $gdbinit' EXIT
-sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0" >"$gdbinit"
+install -m 600 /dev/stdin "$gdbinit" < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
 
 # Now iterate over the coredumps and dump the debugging info
 for i in "${!COREDUMPS[@]}" ; do
@@ -297,6 +296,7 @@ for i in "${!COREDUMPS[@]}" ; do
 				of=${OUTPUTDIR}/${cfname}-${BASH_REMATCH[1]}
 				of=${of//:/-}
 				rm -f "$of"
+				install -m 0600 /dev/null "$of"
 				msg "    Creating $of"
 			fi
 			echo -e $"$line" >> "$of"
@@ -315,6 +315,7 @@ for i in "${!COREDUMPS[@]}" ; do
 		rm -rf "${dest}" 2>/dev/null || :
 
 		astbindir=$(dirname "${astbin}")
+		install -m 0700 -d "${dest}"
 		mkdir -p "${dest}/tmp" "${dest}/${moddir}" "${dest}/etc" \
 		"${dest}/${etcdir}" "${dest}/${libdir}" "${dest}/${astbindir}"
 
@@ -339,6 +340,7 @@ for i in "${!COREDUMPS[@]}" ; do
 		cp -a "${astbin}" "${dest}/${astbin}"
 		rm -rf "${tf}"
 		msg "    Creating ${tf}"
+		install -m 0600 /dev/null "$tf"
 		tar -chzf "${tf}" --transform="s/^[.]/${cfname}.output/" -C "${dest}" .
 		sleep 3
 		rm -rf "${dest}"
@@ -352,6 +354,7 @@ for i in "${!COREDUMPS[@]}" ; do
 		rm -rf "${dest}" 2>/dev/null || :
 		mkdir -p "${dest}"
 		cp "${OUTPUTDIR}/${cfname}"*.txt "${dest}/"
+		install -m 0600 /dev/null "$tf"
 		tar -chzf "${tf}" --transform="s/^[.]/${cfname}/" -C "${dest}" .
 		rm -rf "${dest}"
 		echo "Created $tf"
@@ -432,6 +435,43 @@ check_gdb() {
 	fi
 }
 
+# Function to safely source a config file with security checks
+# This prevents privilege escalation by ensuring config files are
+# owned by root and not writable by group or others
+safe_source_config() {
+	local config_file="$1"
+
+	# Return if file doesn't exist
+	[ -f "$config_file" ] || return 0
+
+	# Get the absolute path
+	config_file=$(readlink -f "$config_file")
+
+	# Get file owner UID and permissions
+	local file_stat
+	file_stat=$(stat -c "%u %a" "$config_file" 2>/dev/null) || return 0
+	local owner_uid=${file_stat%% *}
+	local perms=${file_stat##* }
+
+	# File must be owned by root (UID 0)
+	if [ "$owner_uid" -ne 0 ]; then
+		err "Config file $config_file is not owned by root. Skipping for security." >&2
+		return 1
+	fi
+
+	# File must not be writable by group or others (check group-write and other-write bits)
+	# Extract the group and other permission digits
+	local group_perms=$((perms / 10 % 10))
+	local other_perms=$((perms % 10))
+
+	if [ $((group_perms & 2)) -ne 0 ] || [ $((other_perms & 2)) -ne 0 ]; then
+		err "Config file $config_file is writable by group or others. Skipping for security." >&2
+		return 1
+	fi
+
+	source "$config_file"
+}
+
 # shellcheck disable=SC2317
 find_pid() {
 	if [ -n "$PID" ] ; then

contrib/scripts/ast_logescalator

@@ -127,10 +127,51 @@ declare -A DEBUG_COMMANDS=(
 VERBOSE_LEVELS="NOTICE,WARNING,ERROR,VERBOSE"
 DEBUG_LEVELS="DEBUG"
 
+# Function to safely source a config file with security checks
+# This prevents privilege escalation by ensuring config files are
+# owned by root and not writable by group or others when running as root
+safe_source_config() {
+	local config_file="$1"
+
+	# Return if file doesn't exist
+	[ -f "$config_file" ] || return 0
+
+	# Get the absolute path
+	config_file=$(readlink -f "$config_file")
+
+	# Check if running as root (effective UID is 0)
+	if [ $EUID -eq 0 ]; then
+		# Running as root - apply strict security checks
+		# Get file owner UID and permissions
+		local file_stat
+		file_stat=$(stat -c "%u %a" "$config_file" 2>/dev/null) || return 0
+		local owner_uid=${file_stat%% *}
+		local perms=${file_stat##* }
+
+		# File must be owned by root (UID 0)
+		if [ "$owner_uid" -ne 0 ]; then
+			echo "WARNING: Config file $config_file is not owned by root. Skipping for security." >&2
+			return 1
+		fi
+
+		# File must not be writable by group or others (check group-write and other-write bits)
+		# Extract the group and other permission digits
+		local group_perms=$((perms / 10 % 10))
+		local other_perms=$((perms % 10))
+
+		if [ $((group_perms & 2)) -ne 0 ] || [ $((other_perms & 2)) -ne 0 ]; then
+			echo "WARNING: Config file $config_file is writable by group or others. Skipping for security." >&2
+			return 1
+		fi
+	fi
+
+	source "$config_file"
+}
+
 # Read config files from least important to most important
-[ -f /etc/asterisk/ast_debug_tools.conf ] && source /etc/asterisk/ast_debug_tools.conf
-[ -f ~/ast_debug_tools.conf ] && source ~/ast_debug_tools.conf
-[ -f ./ast_debug_tools.conf ] && source ./ast_debug_tools.conf
+safe_source_config /etc/asterisk/ast_debug_tools.conf
+safe_source_config ~/ast_debug_tools.conf
+safe_source_config ./ast_debug_tools.conf
 
 DATEFORMAT=${DATEFORMAT:-'date +%FT%H-%M-%S%z'}
 UNIQUEID=$($DATEFORMAT)

contrib/scripts/ast_loggrabber

@@ -101,10 +101,51 @@ append_logfiles=false
 declare -a LOGFILES
 declare -a ARGS_LOGFILES
 
+# Function to safely source a config file with security checks
+# This prevents privilege escalation by ensuring config files are
+# owned by root and not writable by group or others when running as root
+safe_source_config() {
+	local config_file="$1"
+
+	# Return if file doesn't exist
+	[ -f "$config_file" ] || return 0
+
+	# Get the absolute path
+	config_file=$(readlink -f "$config_file")
+
+	# Check if running as root (effective UID is 0)
+	if [ $EUID -eq 0 ]; then
+		# Running as root - apply strict security checks
+		# Get file owner UID and permissions
+		local file_stat
+		file_stat=$(stat -c "%u %a" "$config_file" 2>/dev/null) || return 0
+		local owner_uid=${file_stat%% *}
+		local perms=${file_stat##* }
+
+		# File must be owned by root (UID 0)
+		if [ "$owner_uid" -ne 0 ]; then
+			echo "WARNING: Config file $config_file is not owned by root. Skipping for security." >&2
+			return 1
+		fi
+
+		# File must not be writable by group or others (check group-write and other-write bits)
+		# Extract the group and other permission digits
+		local group_perms=$((perms / 10 % 10))
+		local other_perms=$((perms % 10))
+
+		if [ $((group_perms & 2)) -ne 0 ] || [ $((other_perms & 2)) -ne 0 ]; then
+			echo "WARNING: Config file $config_file is writable by group or others. Skipping for security." >&2
+			return 1
+		fi
+	fi
+
+	source "$config_file"
+}
+
 # Read config files from least important to most important
-[ -f /etc/asterisk/ast_debug_tools.conf ] && source /etc/asterisk/ast_debug_tools.conf
-[ -f ~/ast_debug_tools.conf ] && source ~/ast_debug_tools.conf
-[ -f ./ast_debug_tools.conf ] && source ./ast_debug_tools.conf
+safe_source_config /etc/asterisk/ast_debug_tools.conf
+safe_source_config ~/ast_debug_tools.conf
+safe_source_config ./ast_debug_tools.conf
 
 if [ ${#LOGFILES[@]} -eq 0 ] ; then
 	LOGFILES+=(/var/log/asterisk/messages* /var/log/asterisk/queue* \
@@ -178,15 +219,14 @@ df=${tarball_uniqueid:-$(${DATEFORMAT})}
 # Extract the Python timestamp conver script from the end of this
 # script and save it to /tmp/.ast_tsconvert.py
 
-ss=`egrep -n "^#@@@SCRIPTSTART@@@" $0 |cut -f1 -d:`
-tail -n +${ss} $0 >/tmp/.ast_tsconvert.py
+install -m 0600 /dev/stdin /tmp/.ast_tsconvert.py < <(sed '1,/^#@@@SCRIPTSTART@@@/ d' "$0")
 
 tmpdir=$(mktemp -d)
 if [ -z "$tmpdir" ] ; then
 	echo "${prog}: Unable to create temporary directory."
 	exit 1
 fi
-trap "rm -rf $tmpdir" EXIT
+trap "rm -rf $tmpdir /tmp/.ast_tsconvert.py" EXIT
 tardir=asterisk-${df}.logfiles
 
 # Now iterate over the logfiles

main/http.c

@@ -381,6 +381,34 @@ out403:
 	return 0;
 }
 
+static void str_append_escaped(struct ast_str **str, const char *in)
+{
+	const char *cur = in;
+
+	while(*cur) {
+		switch (*cur) {
+		case '<':
+			ast_str_append(str, 0, "&lt;");
+			break;
+		case '>':
+			ast_str_append(str, 0, "&gt;");
+			break;
+		case '&':
+			ast_str_append(str, 0, "&amp;");
+			break;
+		case '"':
+			ast_str_append(str, 0, "&quot;");
+			break;
+		default:
+			ast_str_append(str, 0, "%c", *cur);
+			break;
+		}
+		cur++;
+	}
+
+	return;
+}
+
 static int httpstatus_callback(struct ast_tcptls_session_instance *ser,
 	const struct ast_http_uri *urih, const char *uri,
 	enum ast_http_method method, struct ast_variable *get_vars,
@@ -419,13 +447,21 @@ static int httpstatus_callback(struct ast_tcptls_session_instance *ser,
 	}
 	ast_str_append(&out, 0, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
 	for (v = get_vars; v; v = v->next) {
-		ast_str_append(&out, 0, "<tr><td><i>Submitted GET Variable '%s'</i></td><td>%s</td></tr>\r\n", v->name, v->value);
+		ast_str_append(&out, 0, "<tr><td><i>Submitted GET Variable '");
+		str_append_escaped(&out, v->name);
+		ast_str_append(&out, 0, "'</i></td><td>");
+		str_append_escaped(&out, v->value);
+		ast_str_append(&out, 0, "</td></tr>\r\n");
 	}
 	ast_str_append(&out, 0, "<tr><td colspan=\"2\"><hr></td></tr>\r\n");
 
 	cookies = ast_http_get_cookies(headers);
 	for (v = cookies; v; v = v->next) {
-		ast_str_append(&out, 0, "<tr><td><i>Cookie '%s'</i></td><td>%s</td></tr>\r\n", v->name, v->value);
+		ast_str_append(&out, 0, "<tr><td><i>Cookie '");
+		str_append_escaped(&out, v->name);
+		ast_str_append(&out, 0, "'</i></td><td>");
+		str_append_escaped(&out, v->value);
+		ast_str_append(&out, 0, "</td></tr>\r\n");
 	}
 	ast_variables_destroy(cookies);
 
@@ -2444,7 +2480,7 @@ static int __ast_http_load(int reload)
 	struct ast_variable *v;
 	int enabled = 0;
 	int new_static_uri_enabled = 0;
-	int new_status_uri_enabled = 1; /* Default to enabled for BC */
+	int new_status_uri_enabled = 0;
 	char newprefix[MAX_PREFIX] = "";
 	char server_name[MAX_SERVER_NAME_LENGTH];
 	struct http_uri_redirect *redirect;

main/xml.c

@@ -99,7 +99,7 @@ struct ast_xml_doc *ast_xml_open(char *filename)
 		return NULL;
 	}
 
-	doc = xmlReadFile(filename, NULL, XML_PARSE_RECOVER | XML_PARSE_NOENT);
+	doc = xmlReadFile(filename, NULL, XML_PARSE_RECOVER | XML_PARSE_NONET);
 	if (!doc) {
 		return NULL;
 	}
@@ -503,7 +503,7 @@ struct ast_xslt_doc *ast_xslt_open(char *filename)
 	xsltStylesheet *xslt;
 	xmlDoc *xml;
 
-	xml = xmlReadFile(filename, NULL, XML_PARSE_RECOVER | XML_PARSE_NOENT);
+	xml = xmlReadFile(filename, NULL, XML_PARSE_RECOVER | XML_PARSE_NONET);
 	if (!xml) {
 		return NULL;
 	}
@@ -531,7 +531,7 @@ struct ast_xslt_doc *ast_xslt_read_memory(char *buffer, size_t size)
 		return NULL;
 	}
 
-	doc = xmlReadMemory(buffer, (int) size, NULL, NULL, XML_PARSE_RECOVER | XML_PARSE_NOENT);
+	doc = xmlReadMemory(buffer, (int) size, NULL, NULL, XML_PARSE_RECOVER | XML_PARSE_NONET);
 	if (!doc) {
 		return NULL;
 	}