- GUI
- bugfixes
- experimental daala support
- GTK-dependent modules isolated in -gtk2 subpackage
- default config now only mentions modules that are packaged
OK feinerer@, sthen@
- GUI
- bugfixes
- experimental daala support
- GTK-dependent modules isolated in -gtk2 subpackage
- default config now only mentions modules that are packaged
OK feinerer@, sthen@
instructions are meant to work on a fresh install.
- easy cases: replace some '$ sudo somecommand' with '# somecommand'
(while there I've swapped some "${RCDIR}/foo start" with "rcctl foo start").
- replace some 'sudo -u user somecommand foo bar' with
'su -s /bin/sh user "/path/to/somecommand foo bar"' and similar.
Not pretty with the -s, but many of the uids that need to run
these commands have /sbin/nologin as their usual shell.
a crash when receiving a WebSocket packet with a payload length of zero.
"Frames with a payload length of 0 were incorrectly handled in
res_http_websocket. Provided a frame with a payload had been received
prior it was possible for a double free to occur. The realloc operation
would succeed (thus freeing the payload) but be treated as an error.
When the session was then torn down the payload would be freed again
causing a crash. The read function now takes this into account."
* AST-2014-012: Fix error with mixed address family ACLs.
* AST-2014-014: Fix race condition where channels may get stuck in
ConfBridge under load.
* AST-2014-017 - app_confbridge: permission escalation/class authorization.
* AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.
...
2014-012 doesn't really affect OpenBSD; Asterisk generally only allows
a single bind address so can't really do multi AF on OpenBSD where
v4-mapped-in-v6 is disabled.
2014-017 is a priv escalation via AMI; ConfbridgeStartRecord didn't require
system privs, but allowed arbitrary system commands to be executed.
