projects / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 383fa26)
[package] asterisk-1.8.x: add patch to fix CVE-2012-2186
authorflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 25 Sep 2012 13:37:04 +0000 (13:37 +0000)
committerflorian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Tue, 25 Sep 2012 13:37:04 +0000 (13:37 +0000)
git-svn-id: svn://svn.openwrt.org/openwrt/packages@33541 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/asterisk-1.8.x/Makefile patch | blob | history
net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch [new file with mode: 0644] patch | blob

diff --git a/net/asterisk-1.8.x/Makefile b/net/asterisk-1.8.x/Makefile
index 0766dfd..6c769cc 100644 (file)
--- a/net/asterisk-1.8.x/Makefile
+++ b/net/asterisk-1.8.x/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=asterisk18
 PKG_VERSION:=1.8.10.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://downloads.asterisk.org/pub/telephony/asterisk/releases/
diff --git a/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch b/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch
new file mode 100644 (file)
index 0000000..dbe790b
--- /dev/null
+++ b/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch
@@ -0,0 +1,10 @@
+--- a/main/manager.c
++++ b/main/manager.c
+@@ -4020,6 +4020,7 @@ static int action_originate(struct manse
+                                                                    TryExec(System(rm -rf /)) */
+                               strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+                                                                    EAGI(/bin/rm,-rf /)       */
++                              strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
+                               strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+                               strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+                               )) {
Repository of old unmaintained packages