From 2d47ed093f0a4d4eeb324a3d8fd47d2c497d71bd Mon Sep 17 00:00:00 2001 From: Asterisk Development Team Date: Thu, 31 Jul 2025 16:32:51 +0000 Subject: [PATCH] Update for certified-18.9-cert16 --- .version | 2 +- CHANGES.html | 2 +- CHANGES.md | 2 +- .../ChangeLog-certified-18.9-cert16.html | 62 ++++++++++++++++ ChangeLogs/ChangeLog-certified-18.9-cert16.md | 70 +++++++++++++++++++ README.html | 4 +- README.md | 2 +- 7 files changed, 138 insertions(+), 6 deletions(-) create mode 100644 ChangeLogs/ChangeLog-certified-18.9-cert16.html create mode 100644 ChangeLogs/ChangeLog-certified-18.9-cert16.md diff --git a/.version b/.version index 45e22dc4ab..a1c705aafd 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -certified-18.9-cert15 +certified-18.9-cert16 diff --git a/CHANGES.html b/CHANGES.html index 1dafb9f16e..cd7214e54e 120000 --- a/CHANGES.html +++ b/CHANGES.html @@ -1 +1 @@ -ChangeLogs/ChangeLog-certified-18.9-cert15.html \ No newline at end of file +ChangeLogs/ChangeLog-certified-18.9-cert16.html \ No newline at end of file diff --git a/CHANGES.md b/CHANGES.md index bed12de23f..993b80241b 120000 --- a/CHANGES.md +++ b/CHANGES.md @@ -1 +1 @@ -ChangeLogs/ChangeLog-certified-18.9-cert15.md \ No newline at end of file +ChangeLogs/ChangeLog-certified-18.9-cert16.md \ No newline at end of file diff --git a/ChangeLogs/ChangeLog-certified-18.9-cert16.html b/ChangeLogs/ChangeLog-certified-18.9-cert16.html new file mode 100644 index 0000000000..826df7f3a0 --- /dev/null +++ b/ChangeLogs/ChangeLog-certified-18.9-cert16.html @@ -0,0 +1,62 @@ +ChangeLog for asterisk-certified-18.9-cert16 +

Change Log for Release asterisk-certified-18.9-cert16

+

Links:

+ +

Summary:

+ +

User Notes:

+

Upgrade Notes:

+ +

Developer Notes:

+

Commit Authors:

+ +

Issue and Commit Detail:

+

Closed Issues:

+ +

Commits By Author:

+ +

Commit List:

+ +

Commit Details:

+

safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

+

Author: ThatTotallyRealMyth + Date: 2025-06-10

+

UpgradeNote: The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems.

+

Resolves: #GHSA-v9q8-9j8m-5xwp

+ diff --git a/ChangeLogs/ChangeLog-certified-18.9-cert16.md b/ChangeLogs/ChangeLog-certified-18.9-cert16.md new file mode 100644 index 0000000000..4e92c80554 --- /dev/null +++ b/ChangeLogs/ChangeLog-certified-18.9-cert16.md @@ -0,0 +1,70 @@ + +## Change Log for Release asterisk-certified-18.9-cert16 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-18.9-cert16.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-18.9-cert15...certified-18.9-cert16) + - [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-18.9-cert16.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk) + +### Summary: + +- Commits: 1 +- Commit Authors: 1 +- Issues Resolved: 0 +- Security Advisories Resolved: 1 + - [GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. + +### User Notes: + + +### Upgrade Notes: + +- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems. + + +### Developer Notes: + + +### Commit Authors: + +- ThatTotallyRealMyth: (1) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. + +### Commits By Author: + +- #### ThatTotallyRealMyth (1): + - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + + +### Commit List: + +- safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + +### Commit Details: + +#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + Author: ThatTotallyRealMyth + Date: 2025-06-10 + + UpgradeNote: The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems. + + Resolves: #GHSA-v9q8-9j8m-5xwp + diff --git a/README.html b/README.html index af1f1ea081..668c4da720 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -Readme for asterisk-certified-18.9-cert15 +Readme for asterisk-certified-18.9-cert16

The Asterisk(R) Open Source PBX

By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
 Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.

 
If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.

 
-
Change Logs

+
Change Logs

 
 
 
NEW INSTALLATIONS

diff --git a/README.md b/README.md
index b9ab3011de..fde9cb0676 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
 
-[Change Logs](ChangeLogs/ChangeLog-certified-18.9-cert15.html)
+[Change Logs](ChangeLogs/ChangeLog-certified-18.9-cert16.html)
 
 
 ### NEW INSTALLATIONS
-- 
2.47.2