[package] asterisk-1.8.x: add patch to fix CVE-2012-2186

git-svn-id: svn://svn.openwrt.org/openwrt/packages@33541 3c298f89-4303-0410-b956-a3cf2f4a3e73
2012-09-25 13:37:04 +00:00 · 2012-09-25 13:37:04 +00:00 · f727451c17
commit f727451c17
parent 383fa26083
2 changed files with 11 additions and 1 deletions
--- a/net/asterisk-1.8.x/Makefile
+++ b/net/asterisk-1.8.x/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=asterisk18
 PKG_VERSION:=1.8.10.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://downloads.asterisk.org/pub/telephony/asterisk/releases/
--- a/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch
+++ b/net/asterisk-1.8.x/patches/600-CVE-2012-2186.patch
@ -0,0 +1,10 @@
+--- a/main/manager.c
+++ b/main/manager.c
+@@ -4020,6 +4020,7 @@ static int action_originate(struct manse
+ 				                                     TryExec(System(rm -rf /)) */
+ 				strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+ 				                                     EAGI(/bin/rm,-rf /)       */
+				strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf)       */
+ 				strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+ 				strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+ 				)) {