+++ /dev/null
-
-## Change Log for Release asterisk-21.7.0-rc2
-
-### Links:
-
- - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.7.0-rc2.md)
- - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.7.0-rc1...21.7.0-rc2)
- - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.7.0-rc2.tar.gz)
- - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
-
-### Summary:
-
-- Commits: 3
-- Commit Authors: 1
-- Issues Resolved: 2
-- Security Advisories Resolved: 0
-
-### User Notes:
-
-
-### Upgrade Notes:
-
-- #### alembic: Database updates required.
- Two commits in this release...
- 'Add SHA-256 and SHA-512-256 as authentication digest algorithms'
- 'res_pjsip: Add new AOR option "qualify_2xx_only"'
- ...have modified alembic scripts for the following database tables: ps_aors,
- ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update
- your database, reads from those tables will succeeed but inserts into the
- ps_contacts table by res_pjsip_registrar will fail.
-
-
-### Commit Authors:
-
-- George Joseph: (3)
-
-## Issue and Commit Detail:
-
-### Closed Issues:
-
- - 1095: [bug]: res_pjsip missing "Failed to authenticate" log entry for unknown endpoint
- - 1097: [bug]: res_pjsip/pjsip_options. ODBC: Unknown column 'qualify_2xx_only'
-
-### Commits By Author:
-
-- #### George Joseph (3):
- - res_pjsip: Fix startup/reload memory leak in config_auth.
- - alembic: Database updates required.
- - res_pjsip_authenticator_digest: Make correct error messages appear again.
-
-
-### Commit List:
-
-- res_pjsip_authenticator_digest: Make correct error messages appear again.
-- alembic: Database updates required.
-- res_pjsip: Fix startup/reload memory leak in config_auth.
-
-### Commit Details:
-
-#### res_pjsip_authenticator_digest: Make correct error messages appear again.
- Author: George Joseph
- Date: 2025-01-28
-
- When an incoming request can't be matched to an endpoint, the "artificial"
- auth object is used to create a challenge to return in a 401 response and we
- emit a "No matching endpoint found" log message. If the client then responds
- with an Authorization header but the request still can't be matched to an
- endpoint, the verification will fail and, as before, we'll create a challenge
- to return in a 401 response and we emit a "No matching endpoint found" log
- message. HOWEVER, because there WAS an Authorization header and it failed
- verification, we should have also been emitting a "Failed to authenticate"
- log message but weren't because there was a check that short-circuited that
- it if the artificial auth was used. Since many admins use the "Failed to
- authenticate" message with log parsers like fail2ban, those attempts were not
- being recognized as suspicious.
-
- Changes:
-
- * digest_check_auth() now always emits the "Failed to authenticate" log
- message if verification of an Authorization header failed even if the
- artificial auth was used.
-
- * The verification logic was refactored to be clearer about the handling
- of the return codes from verify().
-
- * Comments were added clarify what return codes digest_check_auth() should
- return to the distributor and the implications of changing them.
-
- Resolves: #1095
-
-#### alembic: Database updates required.
- Author: George Joseph
- Date: 2025-01-28
-
- This commit doesn't actually change anything. It just adds the following
- upgrade notes that were omitted from the original commits.
-
- Resolves: #1097
-
- UpgradeNote: Two commits in this release...
- 'Add SHA-256 and SHA-512-256 as authentication digest algorithms'
- 'res_pjsip: Add new AOR option "qualify_2xx_only"'
- ...have modified alembic scripts for the following database tables: ps_aors,
- ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update
- your database, reads from those tables will succeeed but inserts into the
- ps_contacts table by res_pjsip_registrar will fail.
-
-#### res_pjsip: Fix startup/reload memory leak in config_auth.
- Author: George Joseph
- Date: 2025-01-23
-
- An issue in config_auth.c:ast_sip_auth_digest_algorithms_vector_init() was
- causing double allocations for the two supported_algorithms vectors to the
- tune of 915 bytes. The leak only happens on startup and when a reload is done
- and doesn't get bigger with the number of auth objects defined.
-
- * Pre-initialized the two vectors in config_auth:auth_alloc().
- * Removed the allocations in ast_sip_auth_digest_algorithms_vector_init().
- * Added a note to the doc for ast_sip_auth_digest_algorithms_vector_init()
- noting that the vector passed in should be initialized and empty.
- * Simplified the create_artificial_auth() function in pjsip_distributor.
- * Set the vector initialization count to 0 in config_global:global_apply().
-
-## Change Log for Release asterisk-21.7.0-rc1
+## Change Log for Release asterisk-21.7.0
### Links:
- - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.7.0-rc1.md)
- - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.6.1...21.7.0-rc1)
- - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.7.0-rc1.tar.gz)
+ - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.7.0.md)
+ - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.6.1...21.7.0)
+ - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.7.0.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
-- Commits: 50
+- Commits: 53
- Commit Authors: 20
-- Issues Resolved: 17
+- Issues Resolved: 19
- Security Advisories Resolved: 0
### User Notes:
### Upgrade Notes:
+- #### alembic: Database updates required.
+ Two commits in this release...
+ 'Add SHA-256 and SHA-512-256 as authentication digest algorithms'
+ 'res_pjsip: Add new AOR option "qualify_2xx_only"'
+ ...have modified alembic scripts for the following database tables: ps_aors,
+ ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update
+ your database, reads from those tables will succeeed but inserts into the
+ ps_contacts table by res_pjsip_registrar will fail.
+
### Commit Authors:
- Alexey Vasilyev: (1)
- Allan Nathanson: (2)
- Artem Umerov: (1)
-- George Joseph: (14)
+- George Joseph: (17)
- Jaco Kroon: (1)
- James Terhune: (1)
- Joshua C. Colp: (1)
- 1058: [bug]: Asterisk fails to compile following commit 71a2e8c on Ubuntu 20.04
- 1064: [improvement]: ast_tls_script: Add option to skip passphrase for CA private key
- 1075: [bug]: res_prometheus does not set Content-Type header in HTTP response
+ - 1095: [bug]: res_pjsip missing "Failed to authenticate" log entry for unknown endpoint
+ - 1097: [bug]: res_pjsip/pjsip_options. ODBC: Unknown column 'qualify_2xx_only'
### Commits By Author:
- #### Artem Umerov (1):
- logger.h: Fix build when AST_DEVMODE is not defined.
-- #### George Joseph (14):
+- #### George Joseph (17):
- res_stir_shaken: Allow sending Identity headers for unknown TNs
- Allow C++ source files (as extension .cc) in the main directory
- Add ability to pass arguments to unit tests from the CLI
- README.md, asterisk.c: Update Copyright Dates
- docs: Add version information to manager event instance XML elements
- docs: Add version information to application and function XML elements
+ - res_pjsip: Fix startup/reload memory leak in config_auth.
+ - alembic: Database updates required.
+ - res_pjsip_authenticator_digest: Make correct error messages appear again.
- #### Jaco Kroon (1):
- res_odbc: release threads from potential starvation.
### Commit List:
+- res_pjsip_authenticator_digest: Make correct error messages appear again.
+- alembic: Database updates required.
+- res_pjsip: Fix startup/reload memory leak in config_auth.
- docs: Add version information to application and function XML elements
- docs: Add version information to manager event instance XML elements
- LICENSE: Update company name, email, and address.
### Commit Details:
+#### res_pjsip_authenticator_digest: Make correct error messages appear again.
+ Author: George Joseph
+ Date: 2025-01-28
+
+ When an incoming request can't be matched to an endpoint, the "artificial"
+ auth object is used to create a challenge to return in a 401 response and we
+ emit a "No matching endpoint found" log message. If the client then responds
+ with an Authorization header but the request still can't be matched to an
+ endpoint, the verification will fail and, as before, we'll create a challenge
+ to return in a 401 response and we emit a "No matching endpoint found" log
+ message. HOWEVER, because there WAS an Authorization header and it failed
+ verification, we should have also been emitting a "Failed to authenticate"
+ log message but weren't because there was a check that short-circuited that
+ it if the artificial auth was used. Since many admins use the "Failed to
+ authenticate" message with log parsers like fail2ban, those attempts were not
+ being recognized as suspicious.
+
+ Changes:
+
+ * digest_check_auth() now always emits the "Failed to authenticate" log
+ message if verification of an Authorization header failed even if the
+ artificial auth was used.
+
+ * The verification logic was refactored to be clearer about the handling
+ of the return codes from verify().
+
+ * Comments were added clarify what return codes digest_check_auth() should
+ return to the distributor and the implications of changing them.
+
+ Resolves: #1095
+
+#### alembic: Database updates required.
+ Author: George Joseph
+ Date: 2025-01-28
+
+ This commit doesn't actually change anything. It just adds the following
+ upgrade notes that were omitted from the original commits.
+
+ Resolves: #1097
+
+ UpgradeNote: Two commits in this release...
+ 'Add SHA-256 and SHA-512-256 as authentication digest algorithms'
+ 'res_pjsip: Add new AOR option "qualify_2xx_only"'
+ ...have modified alembic scripts for the following database tables: ps_aors,
+ ps_contacts, ps_auths, ps_globals. If you don't use the scripts to update
+ your database, reads from those tables will succeeed but inserts into the
+ ps_contacts table by res_pjsip_registrar will fail.
+
+#### res_pjsip: Fix startup/reload memory leak in config_auth.
+ Author: George Joseph
+ Date: 2025-01-23
+
+ An issue in config_auth.c:ast_sip_auth_digest_algorithms_vector_init() was
+ causing double allocations for the two supported_algorithms vectors to the
+ tune of 915 bytes. The leak only happens on startup and when a reload is done
+ and doesn't get bigger with the number of auth objects defined.
+
+ * Pre-initialized the two vectors in config_auth:auth_alloc().
+ * Removed the allocations in ast_sip_auth_digest_algorithms_vector_init().
+ * Added a note to the doc for ast_sip_auth_digest_algorithms_vector_init()
+ noting that the vector passed in should be initialized and empty.
+ * Simplified the create_artificial_auth() function in pjsip_distributor.
+ * Set the vector initialization count to 0 in config_global:global_apply().
+
#### docs: Add version information to application and function XML elements
Author: George Joseph
Date: 2025-01-23
projects / thirdparty / asterisk.git / commitdiff
