From: Asterisk Development Team Date: Thu, 22 May 2025 15:57:26 +0000 (+0000) Subject: Update for 21.9.1 X-Git-Tag: 21.9.1^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d8b6b4f8c66bbab9ef93b1765960232a6828209;p=thirdparty%2Fasterisk.git Update for 21.9.1 --- diff --git a/.version b/.version index 6ff4c57062..191022a619 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -21.9.0 +21.9.1 diff --git a/CHANGES.html b/CHANGES.html index e3516a0431..81f61943e7 120000 --- a/CHANGES.html +++ b/CHANGES.html @@ -1 +1 @@ -ChangeLogs/ChangeLog-21.9.0.html \ No newline at end of file +ChangeLogs/ChangeLog-21.9.1.html \ No newline at end of file diff --git a/CHANGES.md b/CHANGES.md index 1ceb173e4e..e80edf4e3d 120000 --- a/CHANGES.md +++ b/CHANGES.md @@ -1 +1 @@ -ChangeLogs/ChangeLog-21.9.0.md \ No newline at end of file +ChangeLogs/ChangeLog-21.9.1.md \ No newline at end of file diff --git a/ChangeLogs/ChangeLog-21.9.1.html b/ChangeLogs/ChangeLog-21.9.1.html new file mode 100644 index 0000000000..070415057a --- /dev/null +++ b/ChangeLogs/ChangeLog-21.9.1.html @@ -0,0 +1,66 @@ +ChangeLog for asterisk-21.9.1 +

Change Log for Release asterisk-21.9.1

+

Links:

+ +

Summary:

+ +

User Notes:

+ +

Upgrade Notes:

+

Commit Authors:

+ +

Issue and Commit Detail:

+

Closed Issues:

+ +

Commits By Author:

+ +

Commit List:

+ +

Commit Details:

+

asterisk.c: Add option to restrict shell access from remote consoles.

+

Author: George Joseph + Date: 2025-05-19

+

UserNote: A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix.

+

Resolves: #GHSA-c7p6-7mvq-8jq2

+

res_pjsip_messaging.c: Mask control characters in received From display name

+

Author: George Joseph + Date: 2025-03-24

+

Incoming SIP MESSAGEs will now have their From header's display name + sanitized by replacing any characters < 32 (space) with a space.

+

Resolves: #GHSA-2grh-7mhv-fcfw

+ diff --git a/ChangeLogs/ChangeLog-21.9.1.md b/ChangeLogs/ChangeLog-21.9.1.md new file mode 100644 index 0000000000..5d6d99aafc --- /dev/null +++ b/ChangeLogs/ChangeLog-21.9.1.md @@ -0,0 +1,75 @@ + +## Change Log for Release asterisk-21.9.1 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.9.1.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.9.0...21.9.1) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.9.1.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +### Summary: + +- Commits: 2 +- Commit Authors: 1 +- Issues Resolved: 0 +- Security Advisories Resolved: 2 + - [GHSA-2grh-7mhv-fcfw](https://github.com/asterisk/asterisk/security/advisories/GHSA-2grh-7mhv-fcfw): Using malformed From header can forge identity with ";" or NULL in name portion + - [GHSA-c7p6-7mvq-8jq2](https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2): cli_permissions.conf: deny option does not work for disallowing shell commands + +### User Notes: + +- #### asterisk.c: Add option to restrict shell access from remote consoles. + A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix. + Resolves: #GHSA-c7p6-7mvq-8jq2 + + +### Upgrade Notes: + + +### Commit Authors: + +- George Joseph: (2) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-2grh-7mhv-fcfw: Using malformed From header can forge identity with ";" or NULL in name portion + - !GHSA-c7p6-7mvq-8jq2: cli_permissions.conf: deny option does not work for disallowing shell commands + +### Commits By Author: + +- #### George Joseph (2): + - res_pjsip_messaging.c: Mask control characters in received From display name + - asterisk.c: Add option to restrict shell access from remote consoles. + + +### Commit List: + +- asterisk.c: Add option to restrict shell access from remote consoles. +- res_pjsip_messaging.c: Mask control characters in received From display name + +### Commit Details: + +#### asterisk.c: Add option to restrict shell access from remote consoles. + Author: George Joseph + Date: 2025-05-19 + + UserNote: A new asterisk.conf option 'disable_remote_console_shell' has + been added that, when set, will prevent remote consoles from executing + shell commands using the '!' prefix. + + Resolves: #GHSA-c7p6-7mvq-8jq2 + +#### res_pjsip_messaging.c: Mask control characters in received From display name + Author: George Joseph + Date: 2025-03-24 + + Incoming SIP MESSAGEs will now have their From header's display name + sanitized by replacing any characters < 32 (space) with a space. + + Resolves: #GHSA-2grh-7mhv-fcfw + diff --git a/README.html b/README.html index 927f9333f8..4952d3e59e 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -Readme for asterisk-21.9.0 +Readme for asterisk-21.9.1

The Asterisk(R) Open Source PBX

By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
 Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.

 
If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.

 
-
Change Logs

+
Change Logs

 
 
 
NEW INSTALLATIONS

diff --git a/README.md b/README.md
index 6b1cd146d2..be069468ea 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
 
-[Change Logs](ChangeLogs/ChangeLog-21.9.0.html)
+[Change Logs](ChangeLogs/ChangeLog-21.9.1.html)
 
 
 ### NEW INSTALLATIONS