Patches refreshed, no longer needed patches are dropped.
This adds directory "/usr/share/asterisk/firmware/iax" to silence a
run-time warning.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
AST_MAJOR_VERSION:=16
PKG_NAME:=asterisk$(AST_MAJOR_VERSION)
-PKG_VERSION:=$(AST_MAJOR_VERSION).6.1
-PKG_RELEASE:=4
+PKG_VERSION:=$(AST_MAJOR_VERSION).10.0
+PKG_RELEASE:=1
PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.asterisk.org/pub/telephony/asterisk/releases
-PKG_HASH:=9a028b4e3e608c1b8325671a249183adc00e1b29a95d82cb5e6fb35980aef053
+PKG_HASH:=8733f137b4b4e01d90bb796fa41d992e656b4cf1c28d2d7e81863a6839975702
PKG_BUILD_DIR:=$(BUILD_DIR)/asterisk-$(PKG_VERSION)
PKG_BUILD_DEPENDS:=libxml2/host
$(call Package/$(PKG_NAME)/install/sbin,$(1),astgenkey)
$(foreach m,$(AST_CFG_FILES),$(call Package/$(PKG_NAME)/install/conffile,$(1),$(m));)
$(foreach m,$(AST_EMB_MODULES),$(call Package/$(PKG_NAME)/install/module,$(1),$(m));)
- $(INSTALL_DIR) $(1)/usr/share/asterisk/sounds/
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_DIR) $(1)/usr/share/asterisk/firmware/iax
+ $(INSTALL_DIR) $(1)/usr/share/asterisk/sounds
$(INSTALL_BIN) ./files/asterisk.init $(1)/etc/init.d/asterisk
$(INSTALL_CONF) ./files/asterisk.conf $(1)/etc/config/asterisk
endef
--- a/configure.ac
+++ b/configure.ac
-@@ -1033,15 +1033,18 @@ AC_LINK_IFELSE(
+@@ -1031,15 +1031,18 @@ AC_LINK_IFELSE(
# Some platforms define sem_init(), but only support sem_open(). joyous.
AC_MSG_CHECKING(for working unnamed semaphores)
--- a/configure.ac
+++ b/configure.ac
-@@ -1427,7 +1427,11 @@ AC_LINK_IFELSE(
+@@ -1425,7 +1425,11 @@ AC_LINK_IFELSE(
#include <arpa/nameser.h>
#endif
#include <resolv.h>],
+++ /dev/null
---- a/utils/Makefile
-+++ b/utils/Makefile
-@@ -180,14 +180,13 @@ conf2ael: conf2ael.o ast_expr2f.o ast_ex
-
- check_expr2: $(ASTTOPDIR)/main/ast_expr2f.c $(ASTTOPDIR)/main/ast_expr2.c $(ASTTOPDIR)/main/ast_expr2.h astmm.o
- $(ECHO_PREFIX) echo " [CC] ast_expr2f.c -> ast_expr2fz.o"
-- $(CC) -g -c -I$(ASTTOPDIR)/include -DSTANDALONE $(ASTTOPDIR)/main/ast_expr2f.c -o ast_expr2fz.o
-+ $(CC) -g -c -I$(ASTTOPDIR)/include $(_ASTCFLAGS) $(ASTTOPDIR)/main/ast_expr2f.c -o ast_expr2fz.o
- $(ECHO_PREFIX) echo " [CC] ast_expr2.c -> ast_expr2z.o"
-- $(CC) -g -c -I$(ASTTOPDIR)/include -DSTANDALONE2 $(ASTTOPDIR)/main/ast_expr2.c -o ast_expr2z.o
-+ $(CC) -g -c -I$(ASTTOPDIR)/include $(_ASTCFLAGS) -DSTANDALONE2 $(ASTTOPDIR)/main/ast_expr2.c -o ast_expr2z.o
- $(ECHO_PREFIX) echo " [LD] ast_expr2fz.o ast_expr2z.o -> check_expr2"
- $(CC) -g -o check_expr2 ast_expr2fz.o ast_expr2z.o astmm.o -lm $(_ASTLDFLAGS)
- $(ECHO_PREFIX) echo " [RM] ast_expr2fz.o ast_expr2z.o"
- rm ast_expr2z.o ast_expr2fz.o
-- ./check_expr2 expr2.testinput
-
- smsq: smsq.o strcompat.o
- smsq: LIBS+=$(POPT_LIB)
* build.h
--- a/Makefile
+++ b/Makefile
-@@ -484,7 +484,7 @@ doc/core-en_US.xml: makeopts .lastclean
+@@ -488,7 +488,7 @@ doc/core-en_US.xml: makeopts .lastclean
@echo "<docs xmlns:xi=\"http://www.w3.org/2001/XInclude\">" >> $@
@for x in $(MOD_SUBDIRS); do \
printf "$$x " ; \
--- a/configure.ac
+++ b/configure.ac
-@@ -1206,7 +1206,7 @@ if test "${ac_cv_have_variable_fdset}x"
+@@ -1204,7 +1204,7 @@ if test "${ac_cv_have_variable_fdset}x"
fi
AC_MSG_CHECKING([if we have usable eventfd support])
+++ /dev/null
-From 8cdaa93e658a46e7baf6b606468b5e2c88a0133b Mon Sep 17 00:00:00 2001
-From: Ben Ford <bford@digium.com>
-Date: Mon, 21 Oct 2019 14:55:06 -0500
-Subject: [PATCH] chan_sip.c: Prevent address change on unauthenticated SIP request.
-
-If the name of a peer is known and a SIP request is sent using that
-peer's name, the address of the peer will change even if the request
-fails the authentication challenge. This means that an endpoint can
-be altered and even rendered unusuable, even if it was in a working
-state previously. This can only occur when the nat option is set to the
-default, or auto_force_rport.
-
-This change checks the result of authentication first to ensure it is
-successful before setting the address and the nat option.
-
-ASTERISK-28589 #close
-
-Change-Id: I581c5ed1da60ca89f590bd70872de2b660de02df
----
-
-diff --git a/channels/chan_sip.c b/channels/chan_sip.c
-index 6ac2e61..4d79a47 100644
---- a/channels/chan_sip.c
-+++ b/channels/chan_sip.c
-@@ -19245,18 +19245,6 @@
- bogus_peer = NULL;
- }
-
-- /* build_peer, called through sip_find_peer, is not able to check the
-- * sip_pvt->natdetected flag in order to determine if the peer is behind
-- * NAT or not when SIP_PAGE3_NAT_AUTO_RPORT or SIP_PAGE3_NAT_AUTO_COMEDIA
-- * are set on the peer. So we check for that here and set the peer's
-- * address accordingly.
-- */
-- set_peer_nat(p, peer);
--
-- if (p->natdetected && ast_test_flag(&peer->flags[2], SIP_PAGE3_NAT_AUTO_RPORT)) {
-- ast_sockaddr_copy(&peer->addr, &p->recv);
-- }
--
- if (!ast_apply_acl(peer->acl, addr, "SIP Peer ACL: ")) {
- ast_debug(2, "Found peer '%s' for '%s', but fails host access\n", peer->name, of);
- sip_unref_peer(peer, "sip_unref_peer: check_peer_ok: from sip_find_peer call, early return of AUTH_ACL_FAILED");
-@@ -19325,6 +19313,21 @@
- ast_string_field_set(p, peermd5secret, NULL);
- }
- if (!(res = check_auth(p, req, peer->name, p->peersecret, p->peermd5secret, sipmethod, uri2, reliable))) {
-+
-+ /* build_peer, called through sip_find_peer, is not able to check the
-+ * sip_pvt->natdetected flag in order to determine if the peer is behind
-+ * NAT or not when SIP_PAGE3_NAT_AUTO_RPORT or SIP_PAGE3_NAT_AUTO_COMEDIA
-+ * are set on the peer. So we check for that here and set the peer's
-+ * address accordingly. The address should ONLY be set once we are sure
-+ * authentication was a success. If, for example, an INVITE was sent that
-+ * matched the peer name but failed the authentication check, the address
-+ * would be updated, which is bad.
-+ */
-+ set_peer_nat(p, peer);
-+ if (p->natdetected && ast_test_flag(&peer->flags[2], SIP_PAGE3_NAT_AUTO_RPORT)) {
-+ ast_sockaddr_copy(&peer->addr, &p->recv);
-+ }
-+
- /* If we have a call limit, set flag */
- if (peer->call_limit)
- ast_set_flag(&p->flags[0], SIP_CALL_LIMIT);
-@@ -19424,6 +19427,7 @@
- }
- }
- sip_unref_peer(peer, "check_peer_ok: sip_unref_peer: tossing temp ptr to peer from sip_find_peer");
-+
- return res;
- }
-
+++ /dev/null
-From 7574be5110e049a44b8c8ead52cd1c2a5d442afa Mon Sep 17 00:00:00 2001
-From: George Joseph <gjoseph@digium.com>
-Date: Thu, 24 Oct 2019 11:41:23 -0600
-Subject: [PATCH] manager.c: Prevent the Originate action from running the Originate app
-
-If an AMI user without the "system" authorization calls the
-Originate AMI command with the Originate application,
-the second Originate could run the "System" command.
-
-Action: Originate
-Channel: Local/1111
-Application: Originate
-Data: Local/2222,app,System,touch /tmp/owned
-
-If the "system" authorization isn't set, we now block the
-Originate app as well as the System, Exec, etc. apps.
-
-ASTERISK-28580
-Reported by: Eliel SardaƱons
-
-Change-Id: Ic4c9dedc34c426f03c8c14fce334a71386d8a5fa
----
-
-diff --git a/doc/UPGRADE-staging/AMI-Originate.txt b/doc/UPGRADE-staging/AMI-Originate.txt
-new file mode 100644
-index 0000000..f2d3133
---- /dev/null
-+++ b/doc/UPGRADE-staging/AMI-Originate.txt
-@@ -0,0 +1,5 @@
-+Subject: AMI
-+
-+The AMI Originate action, which optionally takes a dialplan application as
-+an argument, no longer accepts "Originate" as the application due to
-+security concerns.
-diff --git a/main/manager.c b/main/manager.c
-index f138801..1963151 100644
---- a/main/manager.c
-+++ b/main/manager.c
-@@ -5744,6 +5744,7 @@
- EAGI(/bin/rm,-rf /) */
- strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */
- strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */
-+ strcasestr(app, "originate") || /* Originate(Local/1234,app,System,rm -rf) */
- (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */
- (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
- )) {
projects / feed / telephony.git / commitdiff