The '*' list indicator for default values and allowable values for
path, query and POST parameters need to be indented 4 spaces
instead of 2.
Should resolve issue 38 in the documentation repo.
(cherry picked from commit b619b64137)
Per RFC8827:
Implementations MUST NOT implement DTLS renegotiation and MUST
reject it with a "no_renegotiation" alert if offered.
So we disable it when webrtc=yes is set.
Fixes#378
UpgradeNote: The dtls_rekey will be disabled if webrtc support is
requested on an endpoint. A warning will also be emitted.
(cherry picked from commit 9d329da346)
Commit f66f77f last year prevents the res_pjsip_exten_state and
res_pjsip_mwi modules from unloading due to possible pjproject
asserts if the modules are reloaded. A side effect of the
implementation is that the taskprocessors these modules use aren't
being released. When asterisk is doing a graceful shutdown, it
waits AST_TASKPROCESSOR_SHUTDOWN_MAX_WAIT seconds for all
taskprocessors to stop but since those 2 modules don't release
theirs, the shutdown hangs for that amount of time.
This change allows the modules to be unloaded and their resources to
be released when ast_shutdown_final is true.
Resolves: #379
(cherry picked from commit 9efc4bdfbc)
This commit introduces an extension to the endpoint and relevant
resource sizes for PJSIP, transitioning from its current 40-character
constraint to a more versatile 255-character capacity. This enhancement
significantly overcomes limitations related to domain qualification and
practical usage, ultimately delivering improved functionality. In
addition, it includes adjustments to accommodate the expanded realm size
within the ARI, specifically enhancing the maximum realm length.
Resolves: #345
UserNote: With this update, the PJSIP realm lengths have been extended
to support up to 255 characters.
UpgradeNote: As part of this update, the maximum allowable length
for PJSIP endpoints and relevant resources has been increased from
40 to 255 characters. To take advantage of this enhancement, it is
recommended to run the necessary procedures (e.g., Alembic) to
update your schemas.
(cherry picked from commit f89e56c178)
The workflows that get triggered when PRs are submitted or updated
have been replaced with ones that are more secure and have
a higher level of parallelism.
(cherry picked from commit 289aa1840e)
The workflows that get triggered when PRs are submitted or updated
have been replaced with ones that are more secure and have
a higher level of parallelism.
(cherry picked from commit 0c1c6e9ada)
res_statsis's app loop sleeps for up to .2s waiting on input
to a channel before re-checking the command queue. This can
cause delays between channel setup and bridge.
This change is to send a SIGURG on the sleeping thread when
a new command is enqueued. This exits the sleeping thread out
of the ast_waitfor() call triggering the new command being
processed on the channel immediately.
Resolves: #362
UserNote: Call setup times should be significantly improved
when using ARI.
(cherry picked from commit 79220e3f0c)
Make it possible to start a playback and the calling party
to receive audio on a bridge before the call is connected.
Model the implementation after play_on_channel and deliver a
AST_CONTROL_PROGRESS before starting the playback.
For a PJSIP channel this will result in sending a SIP 183
Session Progress.
(cherry picked from commit 1171dcee02)
You can now define the _TRACE_PREFIX_ macro to change the
default trace line prefix of "file:line function" to
something else. Full documentation in logger.h.
(cherry picked from commit b52e07ee1b)
The current STIR/SHAKEN implementation is not currently usable due
to encryption issues. Rather than trying to futz with OpenSSL and
the the current code, we can take advantage of the existing
capabilities of libjwt but we first need to add it to the
third-party infrastructure already in place for jansson and
pjproject.
A few tweaks were also made to the third-party infrastructure as
a whole. The jansson "dest" install directory was renamed "dist"
to better match convention, and the third-party Makefile was updated
to clean all product directories not just the ones currently in
use.
Resolves: #349
(cherry picked from commit a9d4175e1d)
The documentation on qualify_timeout does not explicitly state that the timeout
includes any time required to perform any needed DNS queries on the endpoint.
If the OPTIONS response is delayed due to the DNS query, it can still render an
endpoint as Unreachable if the net time is enough for qualify_timeout to expire.
Resolves: #352
(cherry picked from commit 933490b758)
Internally, chan_dahdi only applies callgroup and
pickupgroup to FXO signalled channels, but this is
not documented anywhere. This is now documented in
the sample config, and a warning is emitted if a
user tries configuring these settings for channel
types that do not support these settings, since they
will not have any effect.
Resolves: #294
(cherry picked from commit 945babf25c)
This commit fixes crashes in JSON_DECODE() for types null, true, false
and real numbers.
In addition it ensures that a path is not deeper than 32 levels.
Also allow root object to be an array.
Add unit tests for above cases.
(cherry picked from commit e6d5b8d8cf)
res_speech_aeap previously did not register an error handler
with aeap, so it was not notified of a disconnect. This resulted
in SpeechBackground never exiting upon a websocket disconnect.
Resolves: #303
(cherry picked from commit 8c934fb7ed)
If ADSI is available on a channel, app_voicemail will repeatedly
try to use ADSI, even if there is no CPE that supports it. This
leads to many unnecessary delays during the session. If ADSI is
available but ADSI setup fails, we now disable it to prevent
further attempts to use ADSI during the session.
Resolves: #354
(cherry picked from commit c04923fcda)
Some providers require a multiple of 20 for the maxptime or fail to complete calls,
e.g. Vivo in Brazil. To increase compatibility, only multiples of 20 are now used.
Resolves: #260
(cherry picked from commit 11d87713eb)
Previously, DETECT_DEADLOCKS depended on DEBUG_THREADS.
Unfortunately, DEBUG_THREADS adds a lot of lock tracking overhead
to all of the lock lifecycle calls whereas DETECT_DEADLOCKS just
causes the lock calls to loop over trylock in 200us intervals until
the lock is obtained and spits out log messages if it takes more
than 5 seconds. From a code perspective, the only reason they were
tied together was for logging. So... The ifdefs in lock.c were
refactored to allow DETECT_DEADLOCKS to be enabled without
also enabling DEBUG_THREADS.
Resolves: #321
UserNote: You no longer need to select DEBUG_THREADS to use
DETECT_DEADLOCKS. This removes a significant amount of overhead
if you just want to detect possible deadlocks vs needing full
lock tracing.
(cherry picked from commit 7e2243f9e1)
The CLI .asterisk_history file is read from/written to the directory
specified by the HOME environment variable. If the root user starts
asterisk with the -U/-G options, or with runuser/rungroup set in
asterisk.conf, the asterisk process is started as root but then it
calls setuid/setgid to set the new user/group. This does NOT reset
the HOME environment variable to the new user's home directory
though so it's still left as "/root". In this case, the new user
will almost certainly NOT have access to read from or write to the
history file.
* Added function process_histfile() which calls
getpwuid(geteuid()) and uses pw->dir as the home directory
instead of the HOME environment variable.
* ast_el_read_default_histfile() and ast_el_write_default_histfile()
have been modified to use the new process_histfile()
function.
Resolves: #337
(cherry picked from commit 07cf37531a)
From the gdb information, ast_websocket_read reads a message successfully,
then transport_read is called in the serializer. During execution of pjsip_transport_down,
ws_session->stream->fd is closed; ast_websocket_read encounters an error and exits the while loop.
After executing transport_shutdown, the transport's reference count becomes 0, causing a crash when sending SIP messages.
This was due to pjsip_transport_dec_ref executing earlier than pjsip_rx_data_clone, leading to this issue.
In websocket_cb executeing pjsip_transport_add_ref, this we now ensure the transport is not destroyed while in the loop.
Resolves: asterisk#299
(cherry picked from commit edc674a6ca)
Add a wrapper function around ast_cel_publish_event that
packs event and extras into a blob before publishing
Resolves:#330
(cherry picked from commit 248b92563c)
To terminate a console channel, stop_stream causes pthread_cancel
to make stream_monitor exit. However, commit 5b8fea93d1
added locking to this function which results in deadlock due to
the stream_monitor thread being killed while it's holding the pvt lock.
To resolve this, a flag is now set and read to indicate abort, so
the use of pthread_cancel and pthread_kill can be avoided altogether.
Resolves: #308
(cherry picked from commit 71215561d8)
To better co-exist with sounds files that may be managed by
packages, custom sound files may now be placed in
AST_DATA_DIR/sounds/custom instead of the standard
AST_DATA_DIR/sounds/<lang> directory. If the new
"sounds_search_custom_dir" option in asterisk.conf is set
to "true", asterisk will search the custom directory for sounds
files before searching the standard directory. For performance
reasons, the "sounds_search_custom_dir" defaults to "false".
Resolves: #315
UserNote: A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/<lang> directory.
(cherry picked from commit 4493d2b2fc)
In function rtp_ioqueue_thread_remove counter in ioqueue object is not decreased
which prevents unused ICE TURN threads from being removed.
Resolves: #301
(cherry picked from commit 5179f1af24)
The previous behavior of make_buildopts_h was to not add the
non-ABI-breaking MENUSELECT_CFLAGS like DETECT_DEADLOCKS,
REF_DEBUG, etc. to the buildopts.h file because "it caused
ccache to invalidate files and extended compile times". They're
only defined by passing them on the gcc command line with '-D'
options. In practice, including them in the include file rarely
causes any impact because the only time ccache cares is if you
actually change an option so the hit occurrs only once after
you change it.
OK so why would we want to include them? Many IDEs follow the
include files to resolve defines and if the options aren't in an
include file, it can cause the IDE to mark blocks of "ifdeffed"
code as unused when they're really not.
So...
* Added a new menuselect compile option ADD_CFLAGS_TO_BUILDOPTS_H
which tells make_buildopts_h to include the non-ABI-breaking
flags in buildopts.h as well as the ABI-breaking ones. The default
is disabled to preserve current behavior. As before though,
only the ABI-breaking flags appear in AST_BUILDOPTS and only
those are used to calculate AST_BUILDOPT_SUM.
A new AST_BUILDOPT_ALL define was created to capture all of the
flags.
* make_version_c was streamlined to use buildopts.h and also to
create asterisk_build_opts_all[] and ast_get_build_opts_all(void)
* "core show settings" now shows both AST_BUILDOPTS and
AST_BUILDOPTS_ALL.
UserNote: The "Build Options" entry in the "core show settings"
CLI command has been renamed to "ABI related Build Options" and
a new entry named "All Build Options" has been added that shows
both breaking and non-breaking options.
(cherry picked from commit 06da7b342e)
func_periodic_hook does not hangup after playback, relying on hangup
which keeps the channel alive longer than necessary.
Resolves: #325
(cherry picked from commit dd817c2708)
func_periodic_hook was truncating long channel names which
causes issues when you need to run other dialplan functions/apps
on the channel.
Resolves: #319
(cherry picked from commit 9e2433f73f)
If the safe_asterisk script detects that the /var/lib/asterisk
directory doesn't exist, it now creates it with 755 permissions
instead of 770. safe_asterisk needing to create that directory
should be extremely rare though because it's normally created
by 'make install' which already sets the permissions to 755.
Resolves: #316
(cherry picked from commit c929146c61)
Resolves: #298
UserNote: The dial string option 'g' was added to the UnicastRTP channel
which enables RTP glue and therefore native RTP bridges with those
channels.
(cherry picked from commit 98ffcfebda)
This newly introduced periodic-announce-startdelay makes it possible to
configure the initial start delay of the first periodic announcement
after which periodic-announce-frequency takes over.
UserNote: Introduce a new queue configuration option called
'periodic-announce-startdelay' which will vary the normal (historic)
behavior of starting the periodic announcement cycle at
periodic-announce-frequency seconds after entering the queue to start
the periodic announcement cycle at period-announce-startdelay seconds
after joining the queue. The default behavior if this config option is
not set remains unchanged.
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
(cherry picked from commit a4cb63e231)
Using the Set dialplan application does not actually
delete channel or global variables. Instead the
variables are set to an empty value.
This change adds two dialplan functions,
GLOBAL_DELETE and DELETE which can be used to
delete global and channel variables instead
of just setting them to empty.
There is also no ability within the dialplan to
determine if a global or channel variable has
actually been set or not.
This change also adds two dialplan functions,
GLOBAL_EXISTS and VARIABLE_EXISTS which can be
used to determine if a global or channel variable
has been set or not.
Resolves: #289
UserNote: Four new dialplan functions have been added.
GLOBAL_DELETE and DELETE have been added which allows
the deletion of global and channel variables.
GLOBAL_EXISTS and VARIABLE_EXISTS have been added
which checks whether a global or channel variable has
been set.
(cherry picked from commit abe4f62554)
* Since ICE candidates are used for the check and pjproject is
required to use ICE, res_rtp_asterisk was failing to compile
when pjproject wasn't available. The check is now wrapped
with an #ifdef HAVE_PJPROJECT.
* The rtp->ice_active_remote_candidates container was being
used to check the address on incoming packets but that
container doesn't contain peer reflexive candidates discovered
during negotiation. This was causing the check to fail
where it shouldn't. We now check against pjproject's
real_ice->rcand array which will contain those candidates.
* Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where
we weren't zeroing out sin->sin_zero before returning. This
was causing ast_sockaddr_cmp() to always return false when
one of the inputs was converted from a pj_sockaddr, even
if both inputs had the same address and port.
Resolves: #500Resolves: #503Resolves: #505
When updating an existing header the 'update' code incorrectly
just copied the new value into the existing buffer. If the
new value exceeded the available buffer size memory outside
of the buffer would be written into, potentially causing
a crash.
This change makes it so that the 'update' now duplicates
the new header value instead of copying it into the existing
buffer.
Add patch to split the log level for invalid packets received on the
signaling port. The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.