Following rules have been applied:
- script starts with shebang !#/bin/sh followed by blank line,
- script ends with exit 0 prepended by blank line,
- only stderr of adduser, addgroup or passwd is redirected to /dev/null,
- getent passwd/group instances has been removed,
- manual checking of file and group existence has been removed,
- `|| true` instances has been removed.
Comments and line wrapping have been preserved.
AST-2016-001 TLS defaults to mitigate BEAST
AST-2016-002 Fix fd leak with non-default timert1
AST-2016-003 Remote crash in UDPTL
This also removes the security patch mechanism, upstream seems
to change the format of these patches on every security release
so just grab the tarball.
AST-2014-012: Unauthorized access in the presence of ACLs with
mixed IP address families
AST-2014-018: Permission Escalation through DB dialplan function
AST-2014-017: Permission Escalation via ConfBridge dialplan function
and AMI ConfbridgeStartRecord Action
AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack
AST-2014-015: Remote crash vulnerability in PJSIP channel driver
AST-2014-016: Remote crash vulnerability in PJSIP channel driver
AST-2014-009: Remote crash based on malformed SIP subscription requests
AST-2014-010: Remote crash when handling out of call message in certain
dialplan configurations
- remove unused uclibc patches
- fix libcap with musl
- enable iconv as it is built into musl
- import mp3 addon as patch instead of svn checkout
- update ASTERISK-23818 patch from upstream
AST-2014-005: Remote Crash in PJSIP Channel Driver's Pub/Sub Framework
AST-2014-006: Permission Escalation via Manager User Unauthorized Shell Access
AST-2014-007: DoS via Exhaustion of Allowed Concurrent HTTP Connections
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
AST-2014-001, CVE-2014-2286: Stack Overflow in HTTP/Cookie Headers handling
AST-2014-002, CVE-2014-2287: DoS FD Exhaustion with chan_sip Session-Timers
AST-2014-003, CVE-2014-2288: DoS Vulnerability in PJSIP channel driver
AST-2014-004, CVE-2014-2289 was fixed before announcement already in 12.1.0
app_meetme used to be there, but as it's deprecated it is no longer
built by default. add it back for the time being, but be prepared
for it to be removed in Asterisk 12.
