| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
AST-2018-001 (CVE-2018-7285): Crash when receiving unnegotiated dynamic payload
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request
AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly
AST-2018-006 (CVE-2018-7287): WebSocket frames with 0 sized payload causes DoS
|
| | |
|
| |
|
|
| |
This is a requirement to get res_odbc built.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit updates $license variable in all APKBUILDs to comply with
short names specified by SPDX version 3.0 [1] where possible. It was
done using find-and-replace method on substrings inside $license
variables.
Only license names were updated, not "expressions" specifying relation
between the licenses (e.g. "X and Y", "X or Y", "X and (Y or Z)") or
exceptions (e.g. "X with exceptions").
Many licenses have a version or multiple variants, e.g. MPL-2.0,
BSD-2-Clause, BSD-3-Clause. However, $license in many aports do not
contain license version or variant. Since there's no way how to infer
this information just from abuild, it were left without the variant
suffix or version, i.e. non SPDX compliant.
GNU licenses (AGPL, GFDL, GPL, LGPL) are especially complicated. They
exist in two variants: -only (formerly e.g. GPL-2.0) and -or-later
(formerly e.g. GPL-2.0+). We did not systematically noted distinguish
between these variants, so GPL-2.0, GPL2, GPLv2 etc. may mean
GPL-2.0-only or GPL-2.0-or-later. Thus GNU licenses without "+" (e.g.
GPL2+) were left without the variant suffix, i.e. non SPDX compliant.
Note: This commit just fixes format of the license names, no
verification has been done if the specified license information is
actually correct!
[1]: https://spdx.org/licenses/
|
| |
|
|
| |
AST-2017-014 Crash in PJSIP resource when missing a contact header
|
| |
|
|
| |
AST-2017-012 Remote Crash Vulnerability in RTCP Stack
|
| |
|
|
| |
AST-2017-013 DOS Vulnerability in Asterisk chan_skinny
|
| | |
|
| | |
|
| |
|
|
|
|
| |
AST-2017-009 Buffer overflow in pjproject header parsing can cause crash
AST-2017-010 Buffer overflow in CDR's set user
AST-2017-011 Memory leak in pjsip session resource
|
| | |
|
| |
|
|
| |
AST-2017-008 (CVE-2017-14099): RTP/RTCP information leak
|
| |
|
|
|
|
| |
AST-2017-005: Media takeover in RTP stack
AST-2017-006: Shell access command injection in app_minivm
AST-2017-007: Remote Crash Vulerability in res_pjsip
|
| |
|
|
| |
fixes #7583
|
| | |
|
| |
|
|
| |
rebase iostream patch
|
| |
|
|
|
|
| |
AST-2017-002: Buffer Overrun in PJSIP transaction layer
AST-2017-003: Crash in PJSIP multi-part body parser
AST-2017-004: Memory exhaustion on short SCCP packets
|
| |
|
|
| |
fixes #4840
|
| | |
|
| | |
|
| |
|
|
| |
AST-2017-001 Buffer overflow in CDR's set user
|
| | |
|
| |
|
|
|
| |
- rebase ASTERISK-24517
- remove upstreamed patch
|
| | |
|
| |
|
|
| |
ref #6644
|
| | |
|
| |
|
|
| |
also disable -march=native to use proper alpine default arch target
|
| | |
|
| |
|
|
|
| |
fixes #3503
fixes #6394
|
| | |
|
| |
|
|
|
| |
- move libasteriskssl.so symlink back to main package
- fixes #6393
|
| |
|
|
| |
fixes commit "main/[various]: dont set arch in split function"
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
AST-2016-006: Crash on ACK from unknown endpoint
AST-2016-007: RTP Resource Exhaustion
Remove our custom patch ASTERISK-19109 as unneeded since the
administrative mute can be used for similar features. And remove
musl-includes.patch as it was merged upstream.
|
| | |
|
| |
|
|
|
| |
- rebased ASTERISK-19109 patch
- add findutils as "find -printf" is now used in configure
|
| | |
|
| |
|
|
|
|
|
| |
Now all invocations have following order of arguments (if present):
addgroup -S -g ... GROUP
adduser -S -u ... -D -H -h ... -s ... -G ... -g ... USER
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
|
| |
|
|
|
|
| |
This way we can avoid ugly default:
Linux user,,,
|
| |
|
|
|
|
|
|
|
|
| |
AST-2016-001 TLS defaults to mitigate BEAST
AST-2016-002 Fix fd leak with non-default timert1
AST-2016-003 Remote crash in UDPTL
This also removes the security patch mechanism, upstream seems
to change the format of these patches on every security release
so just grab the tarball.
|
| | |
|
| |
|
|
| |
fixes #4840
|
| | |
|
| | |
|
