main/asterisk: backport patch for CVE-2024-53566

https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh
2026-05-05 04:16:46 +02:00 · 2025-01-10 09:27:38 +01:00 · 2025-01-10 09:27:38 +01:00 · bf9dc38c8c
commit bf9dc38c8c
parent cbf913004c
2 changed files with 53 additions and 1 deletions
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@ -4,7 +4,7 @@
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=asterisk
 pkgver=20.9.3
-pkgrel=0
+pkgrel=1
 pkgdesc="Modular Open Source PBX System"
 pkgusers="asterisk"
 pkggroups="asterisk"
@ -79,12 +79,15 @@ source="$_download/asterisk-$pkgver.tar.gz
 	40-asterisk-cdefs.patch
 	41-asterisk-ALLPERMS.patch
 	gethostbyname_r.patch
+	CVE-2024-53566.patch
 	asterisk.initd
 	asterisk.confd
 	asterisk.logrotate
 	"

 # secfixes:
+#   20.9.3-r1:
+#     - CVE-2024-53566
 #   20.9.3-r0:
 #     - CVE-2024-35190
 #     - CVE-2024-42365
@ -266,6 +269,7 @@ aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddf
 ba33f11169284f190b7dabab1da7d2751cb65d7976408db635a892fa17d7552e1660350017e7aada3464ecc7d9d6e99d6ad76d66c0036de062a386cffbc948e6  40-asterisk-cdefs.patch
 8c7dd38b7317642d3bbd7e90d8bd57f1e7b57ec57955634eebf71bb373c0d418ea3b42a2a248f625a3d3aaad3648f43e27903f5e5a92733c7a2f03de1a87f1d1  41-asterisk-ALLPERMS.patch
 90c8a777108f9d974917d57600aa1d154412415b1085b55ca2c0230aa3e566c35cdd82003e946a348c4f69229dbf9b120983bd4d4eaa4f65a491a0fc11ba84e8  gethostbyname_r.patch
+b079b1fbb19787361bd89765f7b23ef7fab4eef337ec71559e9e5a7e475fd482d46903cef1ae1b329f8f1cfda99e7b932ab6440e6287bdaea379817de541d954  CVE-2024-53566.patch
 0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4  asterisk.initd
 ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed  asterisk.confd
 449b5808d90c813c23432274fba47e53227e3a924a55719d2f9e5a90fd2dfb33660a5c85c7e8f11fbb1cd93387e5c68329ed5583f7a64c2451fadad62a9f87dd  asterisk.logrotate
--- a/main/asterisk/CVE-2024-53566.patch
+++ b/main/asterisk/CVE-2024-53566.patch
@ -0,0 +1,48 @@
+Patch-Source: https://github.com/asterisk/asterisk/commit/83dcc884668b6d77ce4fff45a54ac3c6a8e1c34f
+From 83dcc884668b6d77ce4fff45a54ac3c6a8e1c34f Mon Sep 17 00:00:00 2001
+From: Ben Ford <bford@digium.com>
+Date: Tue, 17 Dec 2024 11:42:48 -0600
+Subject: [PATCH] manager.c: Restrict ListCategories to the configuration
+ directory.
+
+When using the ListCategories AMI action, it was possible to traverse
+upwards through the directories to files outside of the configured
+configuration directory. This action is now restricted to the configured
+directory and an error will now be returned if the specified file is
+outside of this limitation.
+
+Resolves: #GHSA-33x6-fj46-6rfh
+
+UserNote: The ListCategories AMI action now restricts files to the
+configured configuration directory.
+---
+ main/manager.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/main/manager.c b/main/manager.c
+index 68e4e877259..fa3f395b44f 100644
+--- a/main/manager.c
+++ b/main/manager.c
+@@ -2561,12 +2561,22 @@ static int action_listcategories(struct mansession *s, const struct message *m)
+ 	struct ast_category *category = NULL;
+ 	struct ast_flags config_flags = { CONFIG_FLAG_WITHCOMMENTS | CONFIG_FLAG_NOCACHE };
+ 	int catcount = 0;
+	int ret = 0;
+ 
+ 	if (ast_strlen_zero(fn)) {
+ 		astman_send_error(s, m, "Filename not specified");
+ 		return 0;
+ 	}
+ 
+	ret = restrictedFile(fn);
+	if (ret == 1) {
+		astman_send_error(s, m, "File requires escalated priveledges");
+		return 0;
+	} else if (ret == -1) {
+		astman_send_error(s, m, "Config file not found");
+		return 0;
+	}
+
+ 	if (!(cfg = ast_config_load2(fn, "manager", config_flags))) {
+ 		astman_send_error(s, m, "Config file not found");
+ 		return 0;