| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
| |
Now all invocations have following order of arguments (if present):
addgroup -S -g ... GROUP
adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
|
|
|
|
|
|
|
|
|
|
|
|
| |
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
|
|
|
|
|
|
| |
This way we can avoid ugly default:
Linux user,,,
|
|
|
|
|
|
|
|
|
|
| |
AST-2016-001 TLS defaults to mitigate BEAST
AST-2016-002 Fix fd leak with non-default timert1
AST-2016-003 Remote crash in UDPTL
This also removes the security patch mechanism, upstream seems
to change the format of these patches on every security release
so just grab the tarball.
|
| |
|
|
|
|
| |
fixes #4840
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
AST-2015-003: TLS Certificate Common name NULL byte exploit
|
|
|
|
|
| |
rebase libcap patch, and add speexdsp-dev dependency due to
recent package split.
|
| |
|
|
|
|
|
| |
AST-2015-001: File descriptor leak when incompatible codecs are offered (chan_pjsip)
AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
|
| |
|
| |
|
|
|
|
| |
AST-2014-019: Remote Crash Vulnerability in WebSocket Server
|
|
|
|
|
|
|
|
|
|
|
| |
AST-2014-012: Unauthorized access in the presence of ACLs with
mixed IP address families
AST-2014-018: Permission Escalation through DB dialplan function
AST-2014-017: Permission Escalation via ConfBridge dialplan function
and AMI ConfbridgeStartRecord Action
AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack
AST-2014-015: Remote crash vulnerability in PJSIP channel driver
AST-2014-016: Remote crash vulnerability in PJSIP channel driver
|
| |
|
|
|
|
| |
rebase the conference 'deafen' patch
|
|
|
|
|
|
| |
AST-2014-009: Remote crash based on malformed SIP subscription requests
AST-2014-010: Remote crash when handling out of call message in certain
dialplan configurations
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
- remove unused uclibc patches
- fix libcap with musl
- enable iconv as it is built into musl
- import mp3 addon as patch instead of svn checkout
- update ASTERISK-23818 patch from upstream
|
| |
|
|
|
|
| |
and make sure things fail if make install did not work
|
|
|
|
| |
revert incorrect fix for ASTERISK-23818
|
|
|
|
|
|
| |
... the default type should not be assumed to be recursive as
it's not specified in any spec. And in musl it defaults to non-recursive
mutex.
|
| |
|
|
|
|
| |
libasteriskssl requires libssl, but only for dynamic symbol lookups.
|
| |
|
|
|
|
| |
Fixes a major regression in the fix to AST-2014-007
|
|
|
|
|
|
|
| |
AST-2014-005: Remote Crash in PJSIP Channel Driver's Pub/Sub Framework
AST-2014-006: Permission Escalation via Manager User Unauthorized Shell Access
AST-2014-007: DoS via Exhaustion of Allowed Concurrent HTTP Connections
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
AST-2014-001, CVE-2014-2286: Stack Overflow in HTTP/Cookie Headers handling
AST-2014-002, CVE-2014-2287: DoS FD Exhaustion with chan_sip Session-Timers
AST-2014-003, CVE-2014-2288: DoS Vulnerability in PJSIP channel driver
AST-2014-004, CVE-2014-2289 was fixed before announcement already in 12.1.0
|
|
|
|
|
| |
ASTERISK-19109, rebased against 12.x (untested)
ASTERISK-19499, cherry picked from upstream
|
|
|
|
|
|
| |
app_meetme used to be there, but as it's deprecated it is no longer
built by default. add it back for the time being, but be prepared
for it to be removed in Asterisk 12.
|
|
|
|
| |
appears that busybox 1.22 requires it
|
| |
|
| |
|
|
|
|
|
| |
AST-2013-006 Buffer Overflow when receiving odd length 16 bit SMS message
AST-2013-007 Asterisk Manager User Dialplan Permission Escalation
|
| |
|
|
|
|
| |
remove upstreamed patches
|
|
|
|
|
| |
Picked from 11-stable branch, and is already in 11.6.0-rc1.
But I need it early for testing.
|
| |
|
| |
|