Update for 18.20.1

diff --git a/.version b/.version
index f4e1dd5b00ce98b18c09463158c54e8e0317c09b..99c98cdd6a88ff32f000020a0390673620f31062 100644 (file)
--- a/.version
+++ b/.version
@@ -1 +1 @@
-18.20.0
+18.20.1

diff --git a/CHANGES.md b/CHANGES.md
index 7dd200999f79fea70424d05c35b16951683bf51d..b4db25a01235b2cab27d1f4ea49f7b73990f86b5 120000 (symlink)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1 +1 @@
-ChangeLogs/ChangeLog-18.20.0.md
\ No newline at end of file
+ChangeLogs/ChangeLog-18.20.1.md
\ No newline at end of file

diff --git a/ChangeLogs/ChangeLog-18.20.1.md b/ChangeLogs/ChangeLog-18.20.1.md
new file mode 100644 (file)
index 0000000..287205b
--- /dev/null
+++ b/ChangeLogs/ChangeLog-18.20.1.md
@@ -0,0 +1,95 @@
+
+Change Log for Release asterisk-18.20.1
+========================================
+
+Links:
+----------------------------------------
+
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.20.1.md)  
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.20.0...18.20.1)  
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.20.1.tar.gz)  
+ - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)  
+
+Summary:
+----------------------------------------
+
+- res_pjsip_header_funcs: Duplicate new header value, don't copy.
+- res_pjsip: disable raw bad packet logging
+- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
+- manager.c: Prevent path traversal with GetConfig.
+
+User Notes:
+----------------------------------------
+
+
+Upgrade Notes:
+----------------------------------------
+
+
+Closed Issues:
+----------------------------------------
+
+None
+
+Commits By Author:
+----------------------------------------
+
+- ### Ben Ford (1):
+  - manager.c: Prevent path traversal with GetConfig.
+
+- ### George Joseph (1):
+  - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
+
+- ### Gitea (1):
+  - res_pjsip_header_funcs: Duplicate new header value, don't copy.
+
+- ### Mike Bradeen (1):
+  - res_pjsip: disable raw bad packet logging
+
+
+Detail:
+----------------------------------------
+
+- ### res_pjsip_header_funcs: Duplicate new header value, don't copy.
+  Author: Gitea  
+  Date:   2023-07-10  
+
+  When updating an existing header the 'update' code incorrectly
+  just copied the new value into the existing buffer. If the
+  new value exceeded the available buffer size memory outside
+  of the buffer would be written into, potentially causing
+  a crash.
+
+  This change makes it so that the 'update' now duplicates
+  the new header value instead of copying it into the existing
+  buffer.
+
+- ### res_pjsip: disable raw bad packet logging
+  Author: Mike Bradeen  
+  Date:   2023-07-25  
+
+  Add patch to split the log level for invalid packets received on the
+  signaling port.  The warning regarding the packet will move to level 2
+  so that it can still be displayed, while the raw packet will be at level
+  4.
+
+- ### res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
+  Author: George Joseph  
+  Date:   2023-11-09  
+
+  When ICE is in use, we can prevent a possible DOS attack by allowing
+  DTLS protocol messages (client hello, etc) only from sources that
+  are in the active remote candidates list.
+
+  Resolves: GHSA-hxj9-xwr8-w8pq
+
+- ### manager.c: Prevent path traversal with GetConfig.
+  Author: Ben Ford  
+  Date:   2023-11-13  
+
+  When using AMI GetConfig, it was possible to access files outside of the
+  Asterisk configuration directory by using filenames with ".." and "./"
+  even while live_dangerously was not enabled. This change resolves the
+  full path and ensures we are still in the configuration directory before
+  attempting to access the file.
+