Created by Steve Beattie on 2010-03-02 and last modified on 2010-03-02
Get this branch:
bzr branch lp:~sbeattie/ubuntu/lucid/asterisk/reenable-hardening
Only Steve Beattie can upload to this branch. If you are Steve Beattie please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Steve Beattie

Recent revisions

55. By Steve Beattie on 2010-03-02

debian/{control,rules}: re-enable hardened options to gain PIE build
(Debian bug 542741, LP: #527538)

54. By Jean-Michel Dault on 2010-02-16

* Merge from Debian: security update
  * Changes:
  - debian/control: Change Maintainer
  - debian/control: Removed Uploaders field.
  - debian/control: Removed Debian Vcs-Svn entry and replaced with
      ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
  - debian/asterisk.init : chown /dev/dahdi
  - debian/backports/hardy : add file
  - debian/backports/asterisk.init.hardy : add file

53. By Devid Antonio Filoni on 2009-12-30

debian/control: remove libreadline5-dev from Depends field.

52. By Roberto D'Auria on 2009-12-30

[ Dave Walker (Daviey) ]
* SECURITY UPDATE: ACL not respected on SIP INVITE (LP: #491632).
  - debian/patches/AST-2009-007: Additional check in channels/chan_sip.c to
    check ACL for handling SIP INVITEs. This blocks calls on networks
    intended to be prohibited, by configuration. Based on upstream patch.
  - AST-2009-007
  - CVE-2009-3723
* SECURITY UPDATE: SIP responses expose valid usernames (LP: #491637).
  - debian/patches/AST-2009-008: Sanitise certain return of REGISTER message
    to stop a specially crafted series of requests returning valid usernames.
    Based on upstream patch.
  - AST-2009-008
  - CVE-2009-3727
* SECURITY UPDATE: RTP Remote Crash Vulnerability (LP: #493555).
  - debian/patches/AST-2009-010: Stops Asterisk from crashing when an RTP
    comfort noise payload containing 24 bytes or greater is recieved.
  - AST-2009-010
  - CVE-2009-4055

[ Roberto D'Auria ]
* debian/patches/iax2-heavy-traffic-fix: Stops asterisk crashing on
  heavy traffic on iax2 channel, editing channels/chan_iax2.c.
  Based on upstream patch. (LP: #501116)

51. By Dave Walker on 2009-09-22

* New upstream version, upstream is now DFSG compliant.
  - ilibc has been removed upstream.
  - Music on Hold is now cc-by-sa.
  - binary firmware iaxy.bin has been removed upstream.
* debian/rules: Santitised UPSTREAM variable for compatiability
  with Ubuntu and other variants.
* debian/control: Removed Debian Vcs-Svn entry and replaced
  with ubuntu-voip Vcs-Bzr, to reflect divergence in packages.
* patches/makefile_appdocs_dtd: Removed, merged upstream.
* patches/disable_moh: Previosly disabled, removed from pool.
* patches/ubuntu-banner: Ported debian-banner to display Ubuntu
  centric bug report information.
* Refresh quilt patches

50. By Kees Cook on 2009-09-03

debian/{control,rules}: enable hardened options to gain PIE build
(Debian bug 542741).

49. By Jean-Michel Dault on 2009-08-20

* Merge from Debian.
  - Lsb patches dropped: fixed upstream
  - Patch for LP #350732 dropped: fixed upstream
* Added:
  - Add support for web interface
  - Don't enable voicetronix cards by default
  - Chown /dev/dahdi in init script
  - Add files for potential backports
  - Change maintainer
  - Standards version 3.8.3

* Debian changes

 [ Faidon Liambotis ]
 * Fix FTBFS on armel. (Closes: #532971)

 [ Tzafrir Cohen ]
 * New upstream beta.
 * Patch hardware_dtmf_mute_fix removed: Applied upstream.
 * No need for a separate app_directory_odbc (will use app_voicemail_odbc).
 * Fix name of voicemail 'openssl' dep. (Thomas Renard) (Closes: #539150)

48. By Faidon Liambotis on 2009-07-28

[ Faidon Liambotis ]
* New upstream release.
  - Drop patches astvarrundir, pubkey_jnctn; merged upstream (finally!).
  - Adapt patch safe_asterisk-nobg.
* Switch to downloads.asterisk.org instead of downloads.digium.com.
* Add depends on libxml2-dev for the new XML documentation.
* Remove Conflicts/Replaces with asterisk-classic, asterisk-bristuff,
  asterisk-chan-capi (<< 1.1.1-1~), since those are pre-lenny.
* Revert upstream's r190830 that ported app_osplookup to OSP Toolkit 3.5;
  the API is not backwards compatible and Debian still has 3.4.2.
* Accommodate for the rename of libcap2-dev to libcap-dev (Closes: #532971).
* Add dependency to libspandsp to build the fax applications.
* Update Standards-Version to 3.8.2, no changes needed.
* Remove init script's "zaptel-fix" action; there's no zaptel anymore and
  was also lintian-buggy in its current form.
* Don't include /var/run/asterisk in the package, it is created at boot-time
  by the init script (thanks lintian).
* Remove asterisk-progdocs: it is of very limited use but a) is enormous in
  size and b) takes too long to build.
* Re-enable and port to 1.6 the h323 segfault patch, apparently it's still
* Fix asterisk's Makefiles so that the openh323/libpt dependencies are added
  to chan_h323.so instead of the main asterisk binary.
* Fix astgenkey to respect system's umask. Thanks Jonas Smedegaard.
  (Closes: #531730)
* Create /var/log/asterisk/* directories if non-existent, for /var/log on
  tmpfs scenarios. Thanks martin f krafft! (Closes: #524015)
* Use the lsb-base standard way of gathering and reporting status in the
  init script. Thanks Dustin Kirkland and Ubuntu! (Closes: #506453)
* Fix debian/rules so that configure isn't called twice during a build.
* Install Zaptel-to-DAHDI.txt, explains the migration procedure from Zaptel
  to DAHDI and is therefore useful when upgrading from lenny.

[ Tzafrir Cohen ]
* New upstream release.
  - Fixes that bashism in safe_asterisk (Closes: #530047) (not dashism).
  - Dropped patch astcanary_startup: merged upstream.
* Patch makefile_appdocs_dtd: fix location of DTD installation.
* Register the HTML docs with doc-base as well.

47. By Fran├žois Marier on 2009-03-29

Fix for IAX2 encrypted channels dropping out due to normal packet loss
(LP: #350732)

46. By Bhavani Shankar on 2009-01-05

* Merge from debian unstable, remaining changes: LP: #313988
  - debian/asterisk.init: Fix status action so that it returns the
    LSB-compliant return codes
  - debian/control: added lsb-base dependency for using status_of_proc.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.