From b35fd266d1b314e024d8feeb6a2a0ef654bfc629 Mon Sep 17 00:00:00 2001 From: Asterisk Development Team Date: Thu, 31 Jul 2025 16:33:22 +0000 Subject: [PATCH] Update for 21.10.1 --- .version | 2 +- CHANGES.html | 2 +- CHANGES.md | 2 +- ChangeLogs/ChangeLog-21.10.1.html | 78 ++++++++++++++++++++++++++++ ChangeLogs/ChangeLog-21.10.1.md | 86 +++++++++++++++++++++++++++++++ README.html | 4 +- README.md | 2 +- 7 files changed, 170 insertions(+), 6 deletions(-) create mode 100644 ChangeLogs/ChangeLog-21.10.1.html create mode 100644 ChangeLogs/ChangeLog-21.10.1.md diff --git a/.version b/.version index 8fcae35c27..db4e89e9c3 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -21.10.0 +21.10.1 diff --git a/CHANGES.html b/CHANGES.html index 90f5400ac3..bae2108b85 120000 --- a/CHANGES.html +++ b/CHANGES.html @@ -1 +1 @@ -ChangeLogs/ChangeLog-21.10.0.html \ No newline at end of file +ChangeLogs/ChangeLog-21.10.1.html \ No newline at end of file diff --git a/CHANGES.md b/CHANGES.md index 53214d8fe5..63dee22f7b 120000 --- a/CHANGES.md +++ b/CHANGES.md @@ -1 +1 @@ -ChangeLogs/ChangeLog-21.10.0.md \ No newline at end of file +ChangeLogs/ChangeLog-21.10.1.md \ No newline at end of file diff --git a/ChangeLogs/ChangeLog-21.10.1.html b/ChangeLogs/ChangeLog-21.10.1.html new file mode 100644 index 0000000000..63e6d1ecb0 --- /dev/null +++ b/ChangeLogs/ChangeLog-21.10.1.html @@ -0,0 +1,78 @@ +ChangeLog for asterisk-21.10.1 +

Change Log for Release asterisk-21.10.1

Summary:

Commits: 2
Commit Authors: 2
Issues Resolved: 0
Security Advisories Resolved: 2
GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.

User Notes:

Upgrade Notes:

+
safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
+ The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems.

Developer Notes:

Commit Authors:

George Joseph: (1)
ThatTotallyRealMyth: (1)

Issue and Commit Detail:

Closed Issues:

!GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
!GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.

Commits By Author:

+
George Joseph (1):
+
+
res_stir_shaken: Test for missing semicolon in Identity header.
+
+
ThatTotallyRealMyth (1):
+
safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

Commit List:

safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
res_stir_shaken: Test for missing semicolon in Identity header.

Commit Details:

safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.

Author: ThatTotallyRealMyth + Date: 2025-06-10

UpgradeNote: The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems.

Resolves: #GHSA-v9q8-9j8m-5xwp

res_stir_shaken: Test for missing semicolon in Identity header.

Author: George Joseph + Date: 2025-07-31

ast_stir_shaken_vs_verify() now makes sure there's a semicolon in + the Identity header to prevent a possible segfault.

Resolves: #GHSA-mrq5-74j5-f5cr

+ diff --git a/ChangeLogs/ChangeLog-21.10.1.md b/ChangeLogs/ChangeLog-21.10.1.md new file mode 100644 index 0000000000..c927ee2ea4 --- /dev/null +++ b/ChangeLogs/ChangeLog-21.10.1.md @@ -0,0 +1,86 @@ + +## Change Log for Release asterisk-21.10.1 + +### Links: + + - [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.1.html) + - [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.0...21.10.1) + - [Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-21.10.1.tar.gz) + - [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk) + +### Summary: + +- Commits: 2 +- Commit Authors: 2 +- Issues Resolved: 0 +- Security Advisories Resolved: 2 + - [GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c + - [GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. + +### User Notes: + + +### Upgrade Notes: + +- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems. + + +### Developer Notes: + + +### Commit Authors: + +- George Joseph: (1) +- ThatTotallyRealMyth: (1) + +## Issue and Commit Detail: + +### Closed Issues: + + - !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c + - !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation. + +### Commits By Author: + +- #### George Joseph (1): + - res_stir_shaken: Test for missing semicolon in Identity header. + +- #### ThatTotallyRealMyth (1): + - safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + + +### Commit List: + +- safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. +- res_stir_shaken: Test for missing semicolon in Identity header. + +### Commit Details: + +#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files. + Author: ThatTotallyRealMyth + Date: 2025-06-10 + + UpgradeNote: The safe_asterisk script now checks that, if it was run by the + root user, the /etc/asterisk/startup.d directory and all the files it contains + are owned by root. If the checks fail, safe_asterisk will exit with an error + and Asterisk will not be started. Additionally, the default logging + destination is now stderr instead of tty "9" which probably won't exist + in modern systems. + + Resolves: #GHSA-v9q8-9j8m-5xwp + +#### res_stir_shaken: Test for missing semicolon in Identity header. + Author: George Joseph + Date: 2025-07-31 + + ast_stir_shaken_vs_verify() now makes sure there's a semicolon in + the Identity header to prevent a possible segfault. + + Resolves: #GHSA-mrq5-74j5-f5cr + diff --git a/README.html b/README.html index 2a81ae5637..772e6dcd70 100644 --- a/README.html +++ b/README.html @@ -1,4 +1,4 @@ -Readme for asterisk-21.10.0 +Readme for asterisk-21.10.1

The Asterisk(R) Open Source PBX

By Mark Spencer <markster@digium.com> and the Asterisk.org developer community.
 Copyright (C) 2001-2025 Sangoma Technologies Corporation and other copyright holders.
@@ -37,7 +37,7 @@ hardware.
 If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
-Change Logs
+Change Logs
 
 
 NEW INSTALLATIONS
diff --git a/README.md b/README.md
index 64cb58177e..a35d8ce995 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you are updating from a previous version of Asterisk, make sure you
 read the Change Logs.
 
 
-[Change Logs](ChangeLogs/ChangeLog-21.10.0.html)
+[Change Logs](ChangeLogs/ChangeLog-21.10.1.html)
 
 
 ### NEW INSTALLATIONS
-- 
2.47.2