| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
fixes #3047
|
| |
|
|
|
|
| |
cherry-pick the security fixes for:
AST-2014-001, CVE-2014-2286: Stack Overflow in HTTP/Cookie Headers handling
AST-2014-002, CVE-2014-2287: DoS FD Exhaustion with chan_sip Session-Timers
|
| |
|
|
|
|
|
| |
AST-2013-006 Buffer Overflow when receiving odd length 16 bit SMS message
AST-2013-007 Asterisk Manager User Dialplan Permission Escalation
(cherry picked from commit 52e547a6d078e1981498b8e8b2a75a39a4dfd726)
|
| |
|
|
|
|
| |
remove upstreamed patches
[upstream commit 69b3463b281dd9dc9bce1a4457c23dfa2f4e4595]
|
| |
|
|
|
| |
Picked from 11-stable branch, and is already in 11.6.0-rc1.
But I need it early for testing.
|
| |
|
|
|
| |
* do not split dahdi, speex or alsa as that might break setups
* do not build srtp as libsrtp is not in 2.6-stable
|
| |
|
|
|
|
|
| |
AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP
AST-2013-005: Remote Crash when Invalid SDP is sent in SIP Request
also cherry-pick all packaging fixes from master
|
| |
|
|
| |
(cherry picked from commit ef905175a4166e2c380c3e1dfdbc94db69db23ce)
|
| |
|
|
| |
duh.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Fixes:
- AST-2013-001, CVE-2013-2685: SIP Buffer Overflow
- AST-2013-002, CVE-2013-2686: DoS in HTTP server
- AST-2013-003, CVE-2013-2264: Username disclosure in SIP
|
| |
|
|
|
| |
Regression fixes from upstream. Rebase uclibc daemon patch,
and modify APKBUILD to use patches for the minor releases.
|
| |
|
|
|
| |
Rebase uclibc-daemon patch, and cherry-pick regression fix for
ASTERISK-20938.
|
| |
|
|
|
| |
AST-2012-014 (CVE-2012-5976): stack overflow with TCP connections
AST-2012-015 (CVE-2012-5977): DoS through device state cache exploitation
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
- re-enable libasteriskssl as the uclibc bug should be fixed now
|
| |
|
|
|
|
| |
* remove upstreamed ASTERISK-19610
* rebase ASTERISK-13456 and ASTERISK-20527 patches
* update patch applying snippet
|
| |
|
|
| |
duh!
|
| | |
|
| |
|
|
|
| |
They commit ASTERISK-19610c from upstream has a typo, that was
fixed in separate commit. Fixed here manually.
|
| |
|
|
|
|
| |
Also cherry-pick ASTERISK-19610 related commits from 10.9.0-rc1 to
fix a long-time DTMF detection regression bug early. These three
patches can be dropped when upgrading to 10.9.0.
|
| | |
|
| |
|
|
|
|
| |
An annying bug that can cause incoming SIP calls for a registered
number to be associated with wrong peer entry. This can also have
security implications on some systems.
|
| |
|
|
|
|
| |
AST-2012-012: Asterisk Manager User Unauthorized Shell Access
AST-2012-013: ACL rules ignored when placing outbound calls by
certain IAX2 users
|
| | |
|
| |
|
|
| |
Fixes a major bug in TLS connection handling.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Remove the patch requested in: http://bugs.alpinelinux.org/issues/227
This bug has been fixed in upstream with a better patch in all
asterisk branches.
See: https://issues.asterisk.org/view.php?id=15627
|
| |
|
|
|
| |
* AST-2012-10 - Possible resource leak on uncompleted re-invite
* AST-2012-11 (CVE-2012-3812) - Remote crash in voice mail application
|
| |
|
|
| |
AST-2012-009 (CVE-2012-3553) - Skinny Channel Driver Remote Crash
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Add it to a subpackage called asterisk-mobile
fixes #1178
|
| |
|
|
|
| |
AST-2012-007 (CVE-2012-2947): Remote crash vulnerability in IAX2
AST-2012-008 (CVE-2012-2948): Skinny Channel Driver Remote Crash
|
| | |
|
| |
|
|
|
|
| |
* AST-2012-004
* AST-2012-005
* AST-2012-006
|
| | |
|
| |
|
|
|
| |
AST-2012-002 Remote crash in app_milliwatt
AST-2012-003 Remote exploitable crash in HTTP Manager interface
|
| |
|
|
| |
remove patches merged upstream
|
| | |
|
| | |
|
| |
|
|
| |
instead of using post install script to do it
|
| | |
|
| |
|
|
|
|
|
| |
uclibc-0.9.33 implements res_ninit but not res_nquery or others.
The configure checks only for res_ninit and assumes other functions
are then present too, but this breaks build against new uclibc.
Just disable the res_ninit check for now.
|
| | |
|
