lp:ubuntu/intrepid-security/asterisk
- Get this branch:
- bzr branch lp:ubuntu/intrepid-security/asterisk
Branch merges
Branch information
Recent revisions
- 44. By Brian Thomason
-
* SECURITY UPDATE: information leak in IAX2 authentication
- added debian/patches/ CVE-2009- 0041: Adjust chan_iax2.c to fix
information leak in IAX2 authentication. Based on upstream patch.
- CVE-2009-0041
- AST-2009-001 - 43. By Thierry Carrez
-
* debian/
asterisk. init: Fix status action so that it returns the
LSB-compliant return codes (LP: #248947)
* debian/control: added lsb-base dependency for using status_of_proc - 41. By Steve Kowalik
-
* Rebuild for the libct3 -> libct4 transistion.
* Replace libc-client2007b-dev with libc-client2007-dev in the
Build-Depends. - 40. By Faidon Liambotis
-
[ Victor Seva ]
* asterisk.postinst should always check group memberships (Closes:
#486097) patch by Tim Retout <email address hidden>
* changed libc-client2007-dev to libc-client2007b-dev on Build-Depends
(fixes FTBFS).[ Tzafrir Cohen ]
* Depend on debhelper >= 6.0.7 due to dh_lintian (Closes: #492202).
* New upstream bugfix release. Fixes CVE-2008-3263 and CVE-2008-3264.[ Faidon Liambotis ]
* Do a quilt refresh on all patches.
* Remove the dh_makeshlibs call as it is unneeded and generates a lintian
warning. - 39. By Faidon Liambotis
-
[ Victor Seva ]
* Patch sample files pointing now to the correct doc files. (Closes: #475681)
* Added support for armel, thanks to Riku Voipio. (Closes: #477389)
* Added asterisk-config. dirs in order to create etc/asterisk/ manager. d dir,
and added a README.conf on it on rule install-indep.[ Tzafrir Cohen ]
* Provide /usr/include/asterisk. h as well (through a symlink).
* Remove {,} bashism from debian/rules (Closes: #478361).[ Faidon Liambotis ]
* New upstream version.
- Fix IAX performance issues introduced by security fix in 1.4.19.1
- Dropped patches samples, vpb-driver-4.2.18, vpb_no_cards, incorporated
by upstream.
* Update to bristuff-0.4.0-RC1:
- Revert API changes to res_agi (xagi).
- Revert API changes to ast_sendtext() (ast-send-message).
- Merge several chan_zap changes (zapata-bri+euroisdn, zapata-gsm).
- Remove unused zapata-device- state, feature- parking_ con, find-feature,
chan-capi, ast_channel_masquerade_ locked, find-feature patches,
obsoleted by upstream.
- Remove uniqueid-01-use- pid-on- uniqueid- generation patch, dropped by
upstream.
- Rename app-zapras-fix-audiomode to isdn-fixes and include another fix
that we dropped earlier by mistake (r5162).
- Merge ast-send-message with ast-send-message- users, following upstream
split.
- Other minor and cosmetic fixes.
- Comment-out the only use of ast-send-message (in GSM) to avoid an ABI
change. We are not shipping GSM, hence this is not a feature regression.
* Conflict with asterisk-chan-capi << 1.1.1-1 which we broke with an ABI
change :( (Closes: #472379).
* Drop doc-base entries for sip.conf and zapata.conf, there was no point in
just listing those two configuration files.
* Remove -1 revision dependency on libpri and libopenh323-dev.
* Override some lintian warnings for asterisk (empty IAX firmware and
static-http directories) and asterisk-sounds- main (empty MOH and es/fr
sounds directories). - 38. By William Grant
-
* SECURITY UPDATE: arbitrary code execution and authentication bypass.
(LP: #210124)
- debian/patches/ CVE-2008- 1289: Check that incoming RTP payloads are
within buffer limits. Patch from Debian.
- debian/patches/ CVE-2008- 1332: Ensure that allowguest has been enabled
before deciding that authentication isn't required. Patch from Debian.
- debian/patches/ CVE-2008- 1333: Interpret logging output as a character
string, not a format string. Patch from Debian.
- References:
+ CVE-2008-1289
+ CVE-2008-1332
+ CVE-2008-1333
+ AST-2008-002
+ AST-2008-003
+ AST-2008-004
* Modify Maintainer value to match the DebianMaintainerField
specification. - 35. By Faidon Liambotis
-
* New upstream release (Closes: #452054)
- Fix a potential corrupt of voicemail.conf on simultaneous PIN updates
(Closes: #353227)[ Tzafrir Cohen ]
* Add some sample/reference config files as documentation.
* Provide asterisk-bristuff for upgrading from Etch.
* Move libc-client to not be last, so debian/backports/ xorcom. etch would
still work.[ Faidon Liambotis ]
* Really enable the libcap/ToS functionality; the previous patch didn't
enable the functionality, even though the code and the libcap.so
dependency were there. (Closes: #454342)
* Fix a minor issue with init script's stop target when running with
safe_asterisk.
* Add chan_vpb, adding support for VoiceTronix OpenSwitch and OpenLine
cards. (Closes: #396499)
* Fix debian/watch by using a pkg-voip wrapper to avoid upstream's silly
redirections. (Closes: #449706)
* Use DEBVERSION as asterisk's version string.
* Disable the MD5 build sum that breaks all out-of-tree plugins (duh!).
* Create /usr/local/share/asterisk/ sounds to put all site-specific
non-modifiable sounds.
* Add a note about bugs.debian.org to the banner.
* Add noload for res_config_* since loading them results in errors and
doesn't provide any functionality.
* News entries were added but we never shipped the file; ship NEWS.Debian.
* Add an entry to NEWS.Debian warning users about app_voicemail_*.so
(Closes: #452596)
* Provide options in /etc/default/asterisk for configuring safe_asterisk.
(Closes: #381786)[ Tzafrir Cohen ]
* Provide a custom sounds directory under /var/lib - user-modifieble at
runtime and hence not under /usr. (Closes: #337209)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/asterisk