From: Asterisk Development Team Date: Thu, 14 Dec 2023 19:56:32 +0000 (+0000) Subject: Update for 18.20.1 X-Git-Tag: 18.20.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=14d0e59f3d8f7521621561168ef4a297702d978f;p=thirdparty%2Fasterisk.git Update for 18.20.1 --- diff --git a/.version b/.version index f4e1dd5b00..99c98cdd6a 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -18.20.0 +18.20.1 diff --git a/CHANGES.md b/CHANGES.md index 7dd200999f..b4db25a012 120000 --- a/CHANGES.md +++ b/CHANGES.md @@ -1 +1 @@ -ChangeLogs/ChangeLog-18.20.0.md \ No newline at end of file +ChangeLogs/ChangeLog-18.20.1.md \ No newline at end of file diff --git a/ChangeLogs/ChangeLog-18.20.1.md b/ChangeLogs/ChangeLog-18.20.1.md new file mode 100644 index 0000000000..287205bd82 --- /dev/null +++ b/ChangeLogs/ChangeLog-18.20.1.md @@ -0,0 +1,95 @@ + +Change Log for Release asterisk-18.20.1 +======================================== + +Links: +---------------------------------------- + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.20.1.md) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.20.0...18.20.1) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.20.1.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +Summary: +---------------------------------------- + +- res_pjsip_header_funcs: Duplicate new header value, don't copy. +- res_pjsip: disable raw bad packet logging +- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list +- manager.c: Prevent path traversal with GetConfig. + +User Notes: +---------------------------------------- + + +Upgrade Notes: +---------------------------------------- + + +Closed Issues: +---------------------------------------- + +None + +Commits By Author: +---------------------------------------- + +- ### Ben Ford (1): + - manager.c: Prevent path traversal with GetConfig. + +- ### George Joseph (1): + - res_rtp_asterisk.c: Check DTLS packets against ICE candidate list + +- ### Gitea (1): + - res_pjsip_header_funcs: Duplicate new header value, don't copy. + +- ### Mike Bradeen (1): + - res_pjsip: disable raw bad packet logging + + +Detail: +---------------------------------------- + +- ### res_pjsip_header_funcs: Duplicate new header value, don't copy. + Author: Gitea + Date: 2023-07-10 + + When updating an existing header the 'update' code incorrectly + just copied the new value into the existing buffer. If the + new value exceeded the available buffer size memory outside + of the buffer would be written into, potentially causing + a crash. + + This change makes it so that the 'update' now duplicates + the new header value instead of copying it into the existing + buffer. + +- ### res_pjsip: disable raw bad packet logging + Author: Mike Bradeen + Date: 2023-07-25 + + Add patch to split the log level for invalid packets received on the + signaling port. The warning regarding the packet will move to level 2 + so that it can still be displayed, while the raw packet will be at level + 4. + +- ### res_rtp_asterisk.c: Check DTLS packets against ICE candidate list + Author: George Joseph + Date: 2023-11-09 + + When ICE is in use, we can prevent a possible DOS attack by allowing + DTLS protocol messages (client hello, etc) only from sources that + are in the active remote candidates list. + + Resolves: GHSA-hxj9-xwr8-w8pq + +- ### manager.c: Prevent path traversal with GetConfig. + Author: Ben Ford + Date: 2023-11-13 + + When using AMI GetConfig, it was possible to access files outside of the + Asterisk configuration directory by using filenames with ".." and "./" + even while live_dangerously was not enabled. This change resolves the + full path and ensures we are still in the configuration directory before + attempting to access the file. +