AST-2016-006: Crash on ACK from unknown endpoint
AST-2016-007: RTP Resource Exhaustion
Remove our custom patch ASTERISK-19109 as unneeded since the
administrative mute can be used for similar features. And remove
musl-includes.patch as it was merged upstream.
Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
AST-2016-001 TLS defaults to mitigate BEAST
AST-2016-002 Fix fd leak with non-default timert1
AST-2016-003 Remote crash in UDPTL
This also removes the security patch mechanism, upstream seems
to change the format of these patches on every security release
so just grab the tarball.
AST-2014-012: Unauthorized access in the presence of ACLs with
mixed IP address families
AST-2014-018: Permission Escalation through DB dialplan function
AST-2014-017: Permission Escalation via ConfBridge dialplan function
and AMI ConfbridgeStartRecord Action
AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack
AST-2014-015: Remote crash vulnerability in PJSIP channel driver
AST-2014-016: Remote crash vulnerability in PJSIP channel driver
AST-2014-009: Remote crash based on malformed SIP subscription requests
AST-2014-010: Remote crash when handling out of call message in certain
dialplan configurations
- remove unused uclibc patches
- fix libcap with musl
- enable iconv as it is built into musl
- import mp3 addon as patch instead of svn checkout
- update ASTERISK-23818 patch from upstream
AST-2014-005: Remote Crash in PJSIP Channel Driver's Pub/Sub Framework
AST-2014-006: Permission Escalation via Manager User Unauthorized Shell Access
AST-2014-007: DoS via Exhaustion of Allowed Concurrent HTTP Connections
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
