Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
On a fresh Asterisk source directory, the bundled pjproject tarball is
unconditionally downloaded even if the tarball is already in a specified
cache directory.
* Made check if the pjproject tarball is valid in the cache directory
before downloading the tarball on a fresh source directory.
Change-Id: Ic7ec842d3c97ecd8dafbad6f056b7fdbce41cae5
'--with-pjproject-bundled' is now the default when running
./configure. It can be disabled with '--without-pjproject-bundled'.
To make building without an internet connection easier, a new
./configure option '--with-download-cache' was added that sets
the cache for externals (like pjproject, the codecs and the DPMA),
AND the sounds files. It can also be specified as an environment
variable named "AST_DOWNLOAD_CACHE". The existing
'--with-sounds-cache' option / SOUNDS_CACHE_DIR env variable and
'--with-externals-cache' option / EXTERNALS_CACHE_DIR env variable
remain and if specified, will override '--with-downloads-cache'.
ASTERISK-27189
Change-Id: Ifa9783fddf44aafadb060c9feba713dfa81d38ce
OpenSSL has 2 levels or error processing. It's possible for the
top layer to return SSL_ERROR_SYSCALL but the lower layer return
no error, in which case processing should continue. Only the top
layer was being examined though so connections were being torn
down when they didn't need to be. This patch adds the examination
of the lower level codes, and if they return no errors, allows
processing to continue.
ASTERISK-27001
Reported-by: Ian Gilmour
patches:
pjproject-2.6.patch submitted by Ian Gilmour (license 6889)
Updated-by: George Joseph and Sauw Ming (Teluu)
Merged to upstream pjproject on 7/27/2017 (commit 5631)
Change-Id: I23844ca0c68ef1ee550f14d46f6dae57d33b7bd2
The maximum packet size for PJSIP has been increased to handle the
multiple streams being added for WebRTC.
Change-Id: I9ea1e8d02668c544acadcb1c6200e1cc1bd588b3
There wasn't any good way to pass options like --host or --build
down to the pjproject configure which makes cross-compiling difficult.
* Added a new PJPROJECT_CONFIGURE_OPTS environment variable which
can be used to pass arbitrary options to pjproject configure.
* Automatically set the pjproject configure --host and --build
options to match those supplied for the asterisk configure.
ASTERISK-27097 #close
Reported-by: Kinsey Moore
Change-Id: I5fa776e110262851173002a26ffe1172e4c35b2e
When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation. Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.
* Updated chan_pjsip/update_connected_line_information to drop the
requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
is specified.
ASTERISK-27095
Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560
We now mirror the pjproject tarball and md5 at
https://github.com/asterisk/third-party/tree/master/pjproject
To improve download reliability, we now get the tarball from
our mirror instead of from pjsip.org.
ASTERISK-27052 #close
Reported-by: 'alex'
Change-Id: I60236587a8935bfa71fcc391f4e2ecb31918c08a
Without the disable, pjproject tries to build it's internal
webrtc implementation which requires sse2. This fails on
platforms without sse2.
ASTERISK-26930 #close
Reported-by: abelbeck
Change-Id: I07231f9160c35cfa42b194d3aad4e7d51fd9a410
When the Asterisk channel driver res_pjsip offers SIP-over-TLS, sometimes, not
reproducible, Asterisk crashed in pj_ssl_sock_get_info() because a NULL pointer
was read. This change avoids this crash.
ASTERISK-26927 #close
Change-Id: I24a6011b44d1426d159742ff4421cf806a52938b
0035-r5572-svn-backport-dialog-transaction-deadlock.patch
0036-r5573-svn-backport-ua-pjsua-transaction-deadlock.patch
0037-r5576-svn-backport-session-timer-crash.patch
Also removed the progress bar from wget download to stdout.
ASTERISK-26905 #close
Reported-by: Ross Beer
Change-Id: I268fb3cf71a3bb24283ff0d24bd8b03239d81256
After configuring Asterisk with '--with-pjproject-bundled' the configure/build
process attempts to download pjproject from its download site. Currently, a
timeout of 10 seconds is used that will stop the download process if pjproject
has not been fully downloaded in that time. For some systems this was not enough
time and the process was timing out too early.
This patch raises the download timeout value to '60'. Also, this patch fixes
another bug where the DOWNLOAD_TIMEOUT variable was not being properly exported
due to a naming error. DOWNLOAD_MAX_TIMEOUT is now properly renamed to
DOWNLOAD_TIMEOUT.
ASTERISK-26814 #close
Change-Id: Ia56e4e8a3d39db76bc8a1852b2cf07ec10b39842
Bundled pjproject should now only rebuild if one of the menuselect
"Compiler Flags" options changes.
Change-Id: If114a2e16b9e77af371a600d6a5e197bbf28fe43
This change adds a PJSIP patch (which has been contributed upstream)
to allow the registration of IPv6 transport types.
Using this the res_pjsip_transport_websocket module now registers
an IPv6 Websocket transport and uses it for the corresponding
traffic.
ASTERISK-26685
Change-Id: Id1f9126f995b31dc38db8fdb58afd289b4ad1647
* Removed all 2.5.5 functional patches.
* Updated usages of pj_release_pool to be "safe".
* Updated configure options to disable webrtc.
* Updated config_site.h to disable webrtc in pjmedia.
* Added Richard Mudgett's recent resolver patches.
Change-Id: Ib400cc4dfca68b3d07ce14d314e829bfddc252c7
* Re #1945 (misc): Don't trigger SRV complete callback when there is a
parse error.
* srv_resolver.c: Don't try to send query if already considered resolved.
** In resolve_hostnames() don't try to resolve a query that is already
considered resolved.
** In resolve_hostnames() fix DNS typo in comments.
** In build_server_entries() move a common expression assigning to cnt
earlier.
* sip_transport.c: Fix tdata object name to actually contain the pointer.
It helps if the logs referencing a tdata object buffer actually have a
name that includes the correct pointer as part of the name. Also since
the tdata has its own pool it helps if any logs referencing the pool have
the same name as the tdata object. This change brings tdata logging in
line with how tsx objects are named.
ASTERISK-26669 #close
ASTERISK-26738 #close
Change-Id: I56af2ded25476b3e870ca586ee69ed6954ef75af
This patch fixes 2 original issues and more that those 2 exposed.
* When we send a NOTIFY, and the client either doesn't respond or
responds with a non OK, pjproject only calls our
pubsub_on_evsub_state callback, no others. Since
pubsub_on_evsub_state (which does the sub_tree cleanup) does not
expect to be called back without the other callbacks being called
first, it just returns leaving the sub_tree orphaned. Now
pubsub_on_evsub_state checks the event for PJSIP_EVENT_TSX_STATE
which is what pjproject will set to tell us that it was the
transaction that timed out or failed and not the subscription
itself timing our or being terminated by the client. If is
TSX_STATE, pubsub_on_evsub_state now does the proper cleanup
regardless of the state of the subscription.
* When a client renews a subscription, we don't update the
persisted subscription with the new expires timestamp. This causes
subscription_persistence_recreate to prune the subscription if/when
asterisk restarts. Now, pubsub_on_rx_refresh calls
subscription_persistence_update to apply the new expires timestamp.
This exposed other issues however...
* When creating a dialog from rdata (which sub_persistence_recreate
does from the packet buffer) there must NOT be a tag on the To
header (which there will be when a client refreshes a
subscription). If there is one, pjsip_dlg_create_uas will fail.
To address this, subscription_persistence_update now accepts a flag
that indicates that the original packet buffer must not be updated.
New subscribes don't set the flag and renews do. This makes sure
that when the rdata is recreated on asterisk startup, it's done
from the original subscribe packet which won't have the tag on To.
* When creating a dialog from rdata, we were setting the dialog's
remote (SUBSCRIBE) cseq to be the same as the local (NOTIFY) cseq.
When the client tried to resubscribe after a restart with the
correct cseq, we'd reject the request with an Invalid CSeq error.
* The acts of creating a dialog and evsub by themselves when
recreating a subscription does NOT restart pjproject's subscription
timer. The result was that even if we did correctly recreate the
subscription, we never removed it if the client happened to go away
or send a non-OK response to a NOTIFY. However, there is no
pjproject function exposed to just set the timer on an evsub that
wasn't created by an incoming subscribe request. To address this,
we create our own timer using ast_sip_schedule_task. This timer is
used only for re-establishing subscriptions after a restart.
An earlier approach was to add support for setting pjproject's
timer (via a pjproject patch) and while that patch is still included
here, we don't use that call at the moment.
While addressing these issues, additional debugging was added and
some existing messages made more useful. A few formatting changes
were also made to 'pjsip show scheduled tasks' to make displaying
the subscription timers a little more friendly.
ASTERISK-26696
ASTERISK-26756
Change-Id: I8c605fc1e3923f466a74db087d5ab6f90abce68e
An earlier attempt to prevent pjsua from spitting out an extra 6795
lines of debug output every time the testsuite called it was also
turning off the ability for asterisk to output debug info when it
needed to. This patch reverts the earlier fix and instead adds
a pjproject patch that sets the startup log level to 1 for pjsua
pjsystest and the pjsua python binding. This is an asterisk-only
patch that does not affect pjproject functionality and will not be
submitted upstream.
Change-Id: I347a8b58b2626f2906ccfc1d339e907627a0c9e8
When MALLOC_DEBUG was specified, make was failing. Immediately
remaking would work. The issues was in the ordering of the make
dependencies.
Change-Id: If6030b54fc693f3179f32bfd20c6b5d5f1b3f7cd
A while back, we changed config_site.h to set PJ_LOG_MAX_LEVEL = 6.
This allowed us to control the log level better from inside Asterisk.
An unfortunate side effect of this was that the pjsua binary and
python bindings were also compiled with log level set to 6 so whenever
a testsuite test that uses pjsua runs, it spits out 6795 lines of
debug in an instant even before the test starts. I believe this
overruns the Jenkins capture buffer and prevents the test from
properly terminating. In turn, this results in the testsuite just
hanging until the job is killed. It's more frequent on the higher
end agents because they can spit out the messages faster.
Unfortunately, the messages are all spit out before we have control
of the python pj.Lib instance where we can set logging levels so the
only alternative was to actually compile pjsua and _pjsua.so with an
overridden PJ_LOG_MAX_LEVEL. Although defining a lower max level was
done in the Makefile, the define in config_site.h had to be wrapped
with "#ifndef" so the change would take effect.
Change-Id: I2af9e7d48dde1927279c586c9c725d868fe6f3ff
There were just too many issues in various environments with
multi threaded building of pjproject. It doesn't really speed
things up anyway since asterisk is already being compiled in
parallel.
Change-Id: Ie5648fb91bb89b4224b6bf43a0daa1af793c4ce1
If a tarball is corrupted during download, the makefile will attempt to
download it again. If the tarball somehow gets corrupted after it's
downloaded however, the makefile was just failing. We now
retry the download.
ASTERISK-26653 #close
Change-Id: I1b24d454852d80186f60c5a65dc4624ea8a1c359
Occasionally SIP message transactions are not found when they should be.
In the particular case an incoming INVITE transaction is CANCELed but the
INVITE transaction cannot be found so a 481 response is returned for the
CANCEL. The problematic calls have a '_' character in the Via branch
parameter.
The problem is in the pjproject PJ_HASH_USE_OWN_TOLOWER feature's code.
The problem with the "own tolower" code is that it does not calculate the
same hash value as when the pj_tolower() function is used. The "own
tolower" code will erroneously modify the ASCII characters '@', '[', '\\',
']', '^', and '_'. Calls to pj_hash_calc_tolower() can use the
PJ_HASH_USE_OWN_TOLOWER substitute algorithm when enabled. Calls to
pj_hash_get_lower(), pj_hash_set_lower(), and pj_hash_set_np_lower() call
find_entry() which never uses the PJ_HASH_USE_OWN_TOLOWER algorithm. As a
result you may not be able to find a hash tabled entry because the
calculated hash values would differ.
* Simply disable PJ_HASH_USE_OWN_TOLOWER.
ASTERISK-26490 #close
Change-Id: If89bfdb5f301b8b685881a9a2a6e0c3c5af32253
Added back in a -g3, and an -O3 when DONT_OPTIMIZE is not set, to
the CFLAGS. Not sure how they went missing.
Also fixed an uninstall problem where we weren't removing the
symlink from libasteriskpj.so.2 to libasteriskpj.so. While I was
there, I fixed it for libasteriskssl as well.
Change-Id: I9e00873b1e9082d05b5549d974534b48a2142556
Use of the new logging is as simple as issuing the new CLI command or
setting the new pjproject.conf option.
Other options that can affect the logging are how you have the pjproject
log levels mapped to Asterisk log types in pjproject.conf and if you have
configured Asterisk to log the DEBUG type messages. Altering the
pjproject.conf level mapping shouldn't be necessary for most installations
as the default mapping is sensible. Configuring Asterisk to log the DEBUG
message type is standard practice for collecting debug information.
* Added CLI "pjproject set log level" command to dynamically adjust the
maximum pjproject log message level.
* Added CLI "pjproject show log level" command to see the currently set
maximum pjproject log message level.
* Added pjproject.conf startup section "log_level" option to set the
initial maximum pjproject log message level so all messages could be
captured from initialization.
* Set PJ_LOG_MAX_LEVEL to 6 to compile in all defined logging levels into
bundled pjproject. Pjproject will use the currently set run time log
level to determine if a log message is generated just like Asterisk
verbose and debug logging levels.
* In log_forwarder(), made always log enabled and mapped pjproject log
messages. DEBUG mapped log messages are no longer gated by the current
Asterisk debug logging level.
* Removed RAII_VAR() from res_pjproject.c:get_log_level().
ASTERISK-26630 #close
Change-Id: I6dca12979f482ffb0450aaf58db0fe0f6d2e5389
The download process now has a timeout which will cause wget to retry
if it stops retrieving data for 5 seconds and fetch and curl to timeout
if the whole retrieval take smore than 30 seconds.
If the tarball retrieval works, the MD5SUM file is retrieved from
the downloads site and the md5 checksum is verified.
If either the tarball retrieval or MD5SUM retrieval fails, or the
checksums don't match, the entire process is retried once. If it
fails again, any incomplete tarball is deleted.
.DELETE_ON_ERROR: was also added to the Makefile. Not only does
this delete the tarball on failure, it till also delete corrupted
library files from the pjproject source directory should they
fail to build correctly.
Tested all the way back to FreeBSD 9, CentOS 6, Debian 6 and
Ubuntu 14.
Change-Id: Iea7d33b96a31622ab1b6e54baebaf271959514e1
OpenBSD's 'find' doesn't take the -delete argument so you have to pipe
through 'xargs rm -rf'.
'echo -e' doesn't like \t starting a line. It just prints 't' which
causes the libasteriskpj.exports file to be garbage. They were just
cosmetic so they were removed.
librt doesn't exist so the link of libasteriskpj.so fails. It's not
actually needed for linux anyway so -lrt was removed from the link.
res_rtp_asterisk was failing to load because of an undefined
DTLS_method. '|| defined(LIBRESSL_VERSION_NUMBER)' was added to the #if
so DTLSv1_method is used instead.
ASTERISK-26608
Change-Id: I926ec95b0b69633231e3ad1d6e803b977272c49c
Responding to authentication challenges leaks PJSIP memory pools.
The leak was introduced with a pjproject 2.5.5 API change.
https://trac.pjsip.org/repos/ticket/1929 changed the API usage of
pjsip_auth_clt_init() to require the new API pjsip_auth_clt_deinit() to
clean up cached authentication allocations that get allocated with
pjsip_auth_clt_reinit_req().
ASTERISK-26516 #close
Change-Id: I4473141b8c3961d0dc91c382beb3876b3efb45c8
The PJ_ICE_MAX_CHECKS constant is used by pjproject to determine how
many pairs of local/remote candidates will be made. If for some reason
we reach this upper bound, ICE will generally fail and no media will
flow between the browser and Asterisk.
This patch makes PJ_ICE_MAX_CHECKS set to the total possible number of
pairs of candidates we'd theoretically allow, which is
PJ_ICE_MAX_CAND^2. Prior to this patch, we simply multiplied
PJ_ICE_MAX_CAND by two; on systems with multiple interfaces (I blame
Docker), this is far too low to allow WebRTC calls to succeed.
Setting this to be PJ_ICE_MAX_CAND^2 allowed WebRTC calls to succeed
even when the system Asterisk was running on had quite a few virtual
interfaces.
Change-Id: Icd4f17de0ac9d3a83dddfc8bf1cb7616bc107d55
libresample is only needed by pjproject if we're building pjsua, which
we only do if TEST_FRAMEWORK is selected. It's required by pjsua to
process audio which is needed by some testsuite tests. Unfortunately,
pjproject relies on a newer version of libresample than the version
that ships by most distros so we need to compile the version that's
bundled with pjproject. Since we only need it for pjsua, we DON'T want
it's symbols exposed when we actually build asterisk.
There was a problem however... TEST_FRAMEWORK is only known AFTER we've
already run ./configure on both asterisk and pjproject but pjproject's
./configure needs to test it to know whether to set up to build
libresample or not. The previous way of figuring this out was to
always tell ./configure "yes" but not actually build the library. This
caused an issue where building libasteriskpj was being told to include
libresample but it wasn't actually there.
The solution is to still do a default pjproject configure during an
asterisk ./configure but if makeopts or menuselect.makeopts changes
subsequently, we now reconfigure pjproject, taking into account the
current state of TEST_FRAMEWORK. Previously, if makeopts or
menuselect.makeopts changed, only a recompile of pjproject was done.
Change-Id: I9b5d84c61384a3ae07fe30e85c49698378cc4685
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patch below fixes a write to freed memory under cartain DNS lookup
conditions.
0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
ASTERISK-26516
Reported by: Richard Mudgett
Change-Id: Ifdfae9ecf1e41b53080f33aab44ce1a220f349c5
The res_pjsip_sdp_rtp module did not restrict the number of
formats added to a media stream in the SDP to the defined
limit. If allow=all was used with additional loaded codecs this
could result in the next media stream being overwritten some.
This change restricts the module to limit it to the defined
maximum and also increases the maximum in our bundled pjproject.
ASTERISK-26541 #close
Change-Id: I0dc5f59d3891246cafa2f3df5ec406f088559ee8
In order for pjsua and its python binding to actually negotiate
audio for the testsuite tests, it needs g711 and resample. The
pj* libraries themselves do not. Unfortunately, pjproject relies
on a brand new libresample that most distros don't ship so we need
to use the libresample already bundled with pjproject. Only the pjsua
executable and the _pjsua.so python library are linked with it so it
shouldn't interfere with asterisk itself.
Also it was pointed out that apply_patches couldn't handle multiple
patches that depended on each other during the dry-run, so the
dry-run was removed.
Change-Id: I24f397462b486dcdde0dcafe40e6c55a6593f098
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patches below fix the DNS lookup race condition crash caused by
attempting to send the same message twice for the single DNS lookup.
0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch
0006-r5473-svn-backport-Fix-pending-query.patch
The patch below removes a cached DNS response from the hash table when
another thread is referencing the old entry. The table still contained
the entry when it was destroyed which can result in inexplicable crashes.
0006-r5475-svn-backport-Remove-DNS-cache-entry.patch
ASTERISK-26344 #close
Reported by: Ian Gilmour
ASTERISK-26387 #close
Reported by: Harley Peters
Change-Id: I17fde80359e66f65a91341ceca58d914d0f61cc4
Older versions of tar don't support the --strip-components option so
instead of doing 'tar --strip-components=1 -C source', we now just
untar to the tarball's root directory (pjproject-<version>) and
rename that directory to 'source'.
Also fixed an issue where the pjproject source directory is a hard
coded absolute pathname.
ASTERISK-26510 #close
ASTERISK-22480 #close
Change-Id: I9ec92952507a91ff4e4d01e0149e09fd8e8f32b0
* CFLAGS is now properly set when using older gcc.
* All third-party pjproject targets have been removed. This fixes
an issue with older libsrtp in some distros.
* Manually removing the source directory now causes a rebuild.
* EXTERNALS_CACHE_DIR is now properly checked.
* Whitespace fixes.
Change-Id: I98fec6847efc5602a9f41cb95096fd660a49fa60
Addresses crashes when an attempt is made to operate on an SSL socket
after the socket has been closed.
ASTERISK-26477 #close
Change-Id: I421305b357558b4f9e690210dc0f4831ef4b3002
Previously when testing I had a preexisting makeopts in ASTTOPDIR. The
ordering of configure.ac causes --with-externals-cache to be processed
after third-party configure. In cases where the Asterisk clone is
cleaned it would cause pjproject to be downloaded to /tmp. This
moves processing of the externals cache and sounds cache to happen
before third-party configure.
This also addresses a possible issue with the third-party Makefile. If
TMPDIR is set by the environment it would override the path given to
--with-externals-cache.
ASTERISK-26416
Change-Id: Ifab7f35bfcd5a31a31a3a4353cc26a68c8c6592d
Added tests for bzip2, tar, patch, sed and nm to configure.ac.
Set DOWNLOAD_TO_STDOUT to a working command line regardless of
whether the download program is wget, curl or fetch.
Added a 'configure.m4' file to the third-party directory which takes
care of calling any third-party project setup. Had to move some
pjproject_bundled stuff up in configure.ac so it was called before
the third-party configure macro.
The pjproject tarball is now downloaded to the externals_cache_dir if
it was specified on the ./configure command line
Removed regeneration of the pjproject aconfigure file. It was only
needed for an old patch that no longer applies.
Converted the tests for symbols to explicit tests since we know that
they're now available in the bundled version. Saves a little time
during configure.
ASTERISK-26416 #close
Reported-by: Corey Farrell
Change-Id: Id1d94251c0155f8dd41b7de7067f35cfbaafbb9b
(cherry picked from commit e6b0053d75)
(cherry picked from commit a0d02f3832)
pjproject_bundled will now use the asterisk memory debugging APIs
if MALLOC_DEBUG is turned on in menuselect.
Because this required stubs for the executable programs and the python
bindings, some Makefile reorganization was needed to properly handle
the dependencies. As a result, the makefile now individually makes
each of the pjproject libraries separately instead of making them all
in 1 shot. The only visible change is that there are separate status
lines printed for each library instead oif 1 for all libs. Also, the
making of the pjproject dependency files was eliminated. They're not
needed for building unless you're actively modifying pjproject source
files and it makes the build process faster. Finally, any issues with
parallel builds should be resolved again making the build faster.
Change-Id: Icc5e3d658fbfb00e0a46b44c66dcc2522d5171b0
A name server that returns "Server Failure" is indicating only that
the server couldn't process that particular request. We should NOT
assume that the name server is incapable of serving other requests.
Here's the scenario we've been encountering...
* 2 local name servers configured in resolv.conf.
* An OPTIONS request causes a request for A and AAAA records to go out
to both nameservers.
* The A responses both come back successfully resolved.
* Because of an issue at some upstream nameserver, the AAAA responses
for that particular query come back as "SERVFAIL" from both local
name servers.
* Both local servers are marked as bad and no further queries can be
sent until the 60 second ttl expires. Only previously cached results
can be used.
* In this case, 60 seconds is just enough time for another OPTIONS
request to go out to the same host so the cycle repeats.
We could set the bad ttl really low but that also affects REFUSED and
NOTAUTH which probably DO signal a real server issue. Besides, even
a really low bad ttl would be an issue on a pbx.
Although we use our own resolver in 14 and master and don't have this
issue there, Teluu has merged this patch upstream so it's appropriate
to cherry-pick to 14 and master to keep pjproject consistent.
Change-Id: Ie03ba902288e274aff23f9b9bb2786e1e8be09e0
On heavy loaded system the TCP/TLS incoming calls could be
disconnected by pjproject while these calls are being
processed by asterisk which could use the session's memory pools.
If the session in the disconnected state then the session memory
pools were already freed, so we get segfault.
This patch adds a lifetime control on an INVITE session to pjproject.
The lifetime of the session is manipulated by calling
pjsip_inv_add_ref/pjsip_inv_dec_ref.
This patch uses these functions to inform pjproject that the
session is in use.
This patch adds check if the session state is not disconnected
and also checks if the memory pool is not NULL.
This patch also places tasks 'session_end' and 'session_end_completion'
into session's serializer to avoid race condition.
ASTERISK-26291 #close
Change-Id: I4d28b1fb3b91f0492a911d110049d670fdc3c8d7
The reason for the disable is that while Asterisk works fine with older
libsrtp versions, newer versions of pjproject won't compile with them.
Debian 6 for instance, has libsrtp 1.4.4 which is older than what
pjproject is expecting.
We don't use most of pjmedia but we DO use it for SDP negotiation.
Luckily disabling srtp in pjmedia doesn't interfere with it's ability
to negitiate a secure channel. The proper crypto attributes are
negotiated in both directions.
ASTERISK-26279 #close
Change-Id: Id25a92cdf3df97a26c53cffae65b6b82de33c8e2
PJProject supports a lot of platforms even Windows, some with different defaults
when it comes to IPv6. In many Linux platforms like Ubuntu 16.04 LTS,
"/proc/sys/net/ipv6/bindv6only" is set to 0 (false). Different than in Windows.
Because of this, if configured with just an IPv6 address/transport, PJProject
listens to both IPv4 and IPv6. However, this is not supported by the PJProject
team. As consequence, you end-up with IPv4-mapped IPv6 addresses in SDP,
incompatible with IPv4-only clients. Technically, you end-up with an IPv6-only
server which accepts incoming connections on IPv4.
If you try to configure two transports, one with IPv4 and one with IPv6 on the
same interface, as expected by the PJProject team, the IPv4 transport is not
able to bind because the IPv6 transport listens to both already.
One solution would be to change "/proc/sys/net/ipv6/bindv6only" system-wide.
Then, you are able to configure two transports, one for each IP version on the
same interface. That way, you get a server which works with IPv4 clients and
IPv6 clients at the same time over the same interface.
Here, this change sets this parameter directly within PJProject to match the
expectations of the PJProject team in any case. This allows IPv4/IPv6 Dual Stack
servers out of the box like in chan_sip. This change was accepted by the
PJProject team as <http://trac.pjsip.org/repos/changeset/5403> and is expected
to arrive in the next version, PJProject 2.6.0. Until then, this change is
incorporated in the bundled PJProject of Asterisk.
ASTERISK-26309
Change-Id: I3335d8718f79f4b2feae91b5b005a3ce684a63ae
This patch fixes the issue in pjsip_tx_data_dec_ref()
when tx_data_destroy can be called more than once,
and checks if invalid value (e.g. NULL) is passed to.
This patch updates array limit checks and docs
in pjsip_evsub_register_pkg() and pjsip_endpt_add_capability().
Change-Id: I4c7a132b9664afaecbd6bf5ea4c951e43e273e40
Add more --disable-* switches to Makefile.rules including
--disable-opus which was causing bundled pjproject to fail with
"undefined reference" errors in libasteriskpj.
Changed PJ_ENABLE_EXTRA_CHECK to 1.
Removed 2 obsolete patches and added a new one.
The new one was merged by Teluu on 6/27/2016.
ASTERISK-26148 #close
Change-Id: Ib8af6c6a9d31f7238ce65b336134c2efdc855063
When negotiating ICE candidates with WebRTC capable endpoints, many
networks will result in a browser offering ICE candidates that exceeds
the default number of max candidates, 16. This patch bumps the max
candidates to 32, with the max checks at twice the number of candidates.
In practice, this has shown to be sufficient for browser/WebRTC
negotiation.
Change-Id: Ifd8da8b315f5ae14814d4ce20e10d2e6355020e5
Occasionally under load we'll attempt to send a final NOTIFY on a
subscription that's already been terminated and a SEGV will occur
down in pjproject's evsub_destroy function. This is a result of a
race condition between all the paths that can generate a notify
and/or destroy the underlying pjproject evsub object:
* The client can send a SUBSCRIBE with Expires: 0.
* The client can send a SUBSCRIBE/refresh.
* The subscription timer can expire.
* An extension state can change.
* An MWI event can be generated.
* The pjproject transaction timer (timer_b) can expire.
Normally when our pubsub_on_evsub_state is called with a terminate,
we push a task to the serializer and return at which point the dialog
is unlocked. This is usually not a problem because the task runs
immediately and locks the dialog again. When the system is heavily
loaded though, there may be a delay between the unlock and relock
during which another event may occur such as the subscription timer
or timer_b expiring, an extension state change, etc. These may also
cause a terminate to be processed and if so, we could cause pjproject
to try to destroy the evsub structure twice. There's no way for us to
tell that the evsub was already destroyed and the evsub's group lock
can't tolerate this and SEGVs.
The remedy is twofold.
* A patch has been submitted to Teluu and added to the bundled
pjproject which adds add/decrement operations on evsub's group lock.
* In res_pjsip_pubsub:
* configure.ac and pjproject-bundled's configure.m4 were updated
to check for the new evsub group lock APIs.
* We now add a reference to the evsub group lock when we create
the subscription and remove the reference when we clean up the
subscription. This prevents evsub from being destroyed before
we're done with it.
* A state has been added to the subscription tree structure so
termination progress can be tracked through the asyncronous tasks.
* The pubsub_on_evsub_state callback has been split so it's not doing
double duty. It now only handles the final cleanup of the
subscription tree. pubsub_on_rx_refresh now handles both client
refreshes and client terminates. It was always being called for
both anyway.
* The serialized_on_server_timeout task was removed since
serialized_pubsub_on_rx_refresh was almost identical.
* Missing state checks and ao2_cleanups were added.
* Some debug levels were adjusted to make seeing only off-nominal
things at level 1 and nominal or progress things at level 2+.
ASTERISK-26099 #close
Reported-by: Ross Beer.
Change-Id: I779d11802cf672a51392e62a74a1216596075ba1
Although all the patches we had against 2.4.5 were applied by Teluu,
a new bug was introduced preventing re-use of tcp and tls transports
This patch removes all the previous patches against 2.4.5, updates
the version to 2.5, and adds a new patch to correct the transport
re-use problem.
Change-Id: I0dc6c438c3910f7887418a5832ca186aea23d068
The pjsua and pjsystest apps are now built only if TEST_FRAMEWORK is set.
The python bindings are now built only if TEST_FRAMEWORK is set and a
python development package is installed.
libresample was also disabled.
ASTERISK-25993 #close
Reported-by: Joshua Colp
Change-Id: If4e91c503a02f113d5b71bc8b972081fa3ff6f03
For all OSes:
* Disabled third-party codecs in pjproject and added
'--disable-speex-codec --disable-speex-aec --disable-gsm-codec' to the
configure options since we don't use the pjsip codec capability.
FreeBSD:
* Added FreeBSD support to install_prereq.
* Changed pjproject/configure.m4 to use $GNU_MAKE instead of hardcoding "make".
* Added __progname and environ to asterisk.exports.in.
* Reverted the use of ldconfig to create shared library symlinks to ln.
* Only enable epoll in pjproject if `uname -s` is Linux.
* Added a patch to pjproject to take the name of the 'make' command from
an environment variable if supplied. This is needed for the python bindings.
(merged by Teluu into pjproject trunk 5/3/2016)
FreeBSD support isn't complete. Still some general issues regarding
make/gmake having nothing to do with pjproject. With some handholding it DOES
build successfully.
CentOS:
Added 'patch' and 'bzip2' to install_prereq PACKAGES_RH.
CentOS 6/7 32/64 build and run the pjsip testsuite successfully.
Ubuntu:
No changes required.
Ubuntu 15/16 32/64 build and run the pjsip testsuite successfully.
Debian:
No changes required.
Debian 6/7/8 32/64 build and run the pjsip testsuite successfully.
There will utimately be a follow-up patch to create an install_prereq for
the testsuite as I've discovered a few missing requirements.
ASTERISK-25968 #close
Change-Id: I5756a07facfc63798115a5e73a8709382fe9259c
When pjsip_parse_uri is called with PJSIP_UNESCAPE_IN_PLACE enabled,
the input uri string will become corrupted if it contains escape sequences.
It's not possible to automatically strdup or strdupa the input string because
the output uri pj_str_t's will have pointers to chunks of the input string.
Getting around this would require more memory management code and wouldn't
be worth the savings of doing the unescape in place.
ASTERISK-25970 #close
Reported-by: Dmitriy Serov
Change-Id: I28dc0e599b5108f7959b9c46dc8278371b372f88
From the patch submitted to Teluu on 4/12/2016
<<<<<<<<<
The wholesale stripping of '[]' from header parameters causes issues if
something (like a port) occurs after the final ']'.
'[2001🅰️:b]' will correctly parse to '2001🅰️:b'
'[2001🅰️:b]:8080' will correctly parse to '2001🅰️:b' but the scanner is left
with ':8080' and parsing stops with a syntax error.
I can't even find a case where stripping the '[]' is a good thing anyway. Even
if you continued to parse and resulted in a string that looks like this...
'2001🅰️🅱️8080', it's not valid.
This came up in Asterisk because Kamailio sends us a Contact with an alias
URI parameter that has an IPv6 address in it like this:
Contact: <sip:1171@127.0.0.1:5080;alias=[2001:1:2::3]~43691~6>
which should be legal but causes a syntax error because of the characters
after the final ']'. Even if it didn't, the '[]' should still not be stripped.
I've run the Asterisk Test Suite for PJSIP (252 tests) many of which are IPv6
enabled. No issues were caused by removing the code that strips the '[]'.
>>>>>>>>>>>
ASTERISK-25123 #close
Reported-by: Anthony Messina
Change-Id: I5cb33f4ebf07ee1f2b26d07caae715e2ec65595a
There's a bug in pjproject's sip_parser where the ":" wasn't correctly
interpreted. This is causing IPv6 addresses in the "received" parameter of the
Via header to cause a syntax check failure.
This patch was submitted to Teluu on 4/10/2016.
ASTERISK-25910 #close
Reported-by: Anthony Messina
Change-Id: Ic7e4c4aa14ded61860401ec349f5177568c4d922
PortAudio should no longer be required
PJSIP_MAX_PKT_LEN is now 6000
Older autoconf issue fixed. (CentOS 6)
Change-Id: I463fa9586cbe7c6b3b603289f535bd8e361611dd
Older versions of PJSIP do not have the proto field on the TLS transport
setting structure. This change adds a configure check so even if it is
not present we will still be able to build.
Change-Id: Ibf3f47befb91ed1b8194bf63888baa6fee05aba9
The pjproject Makefile now uses the Asterisk optimization flags which
are determined by the setting of the DONT_OPTMIZE menuselect flag.
The Makefile was also restructured so a change to the top level
menuselect.makeopts will result in a rebuild of pjproject.
Also, "--disable-resample" was removed from the pjproject configure
options. Without resample, pjsua (which is used by the testsuite)
can't make audio calls. When it can't, it segfaults.
Change-Id: I24b0a4d0872acef00ed89b3c527a713ee4c2ccd4
Apparently the != operator is fairly new so I've replaced it with
the old $(shell ...) syntax.
Change-Id: I16b2e1878a4f91e7e9740abd427f9639f933c479
Reported-by: Richard Mudgett
Background here:
http://lists.digium.com/pipermail/asterisk-dev/2016-January/075266.html
From CHANGES:
* To help insure that Asterisk is compiled and run with the same known
version of pjproject, a new option (--with-pjproject-bundled) has been
added to ./configure. When specified, the version of pjproject specified
in third-party/versions.mak will be downloaded and configured. When you
make Asterisk, the build process will also automatically build pjproject
and Asterisk will be statically linked to it. Once a particular version
of pjproject is configured and built, it won't be configured or built
again unless you run a 'make distclean'.
To facilitate testing, when 'make install' is run, the pjsua and pjsystest
utilities and the pjproject python bindings will be installed in
ASTDATADIR/third-party/pjproject.
The default behavior remains building with the shared pjproject
installation, if any.
Building:
All you have to do is include the --with-pjproject-bundled option on
the ./configure command line (and remove any existing --with-pjproject
option if specified). Everything else is automatic.
Behind the scenes:
The top-level Makefile was modified to include 'third-party' in the
list of MOD_SUBDIRS.
The third-party directory was created to contain any third party
packages that may be needed in the future. Its Makefile automatically
iterates over any subdirectories passing on targets.
The third-party/pjproject directory was created to house the pjproject
source distribution. Its Makefile contains targets to download, patch
configure, generate dependencies, compile libs, apps and python bindings,
sanitized build.mak and generate a symbols list.
When bootstrap.sh is run, it automatically includes the configure.m4
file in third-party/pjproject. This file has a macro to download and
conifgure pjproject and get and set PJPROJECT_INCLUDE, PJPROJECT_DIR
and PJPROJECT_BUNDLED. It also tests for the capabilities like
PJ_TRANSACTION_GRP_LOCK by parsing preprocessor output as opposed to
trying to compile. Of course, bootstrap.sh is only run once and the
configure file is incldued in the patch.
When configure is run with the new options, the macro in configure.m4
triggers the download, patch, conifgure and tests. No compilation is
performed at this time. The downloaded tarball is cached in /tmp so
it doesn't get downloaded again on a distclean.
When make is run in the top-level Asterisk source directory, it will
automatically descend all the subdirectories in third_party just as it
does for addons, apps, etc. The top-level Makefile makes sure that
the 'third-party' is built before 'main' so that dependencies from the
other directories are built first.
When main does build, a new shared library (libasteriskpj) is created that
links statically to the pjproject .a files and exports all their symbols.
The asterisk binary links to that, just as it does with libasteriskssl.
When Asterisk is installed, the pjsua and pjsystest apps, and the pjproject
python bindings are installed in ASTDATADIR/third-party/pjproject. This
will facilitate testing, including running the testsuite which will be
updated to check that directory for the pjsua module ahead of the system
python library.
Modules should continue to depend on pjproject if they use pjproject APIs
directly. They should not care about the implementation. No changes to any
res_pjsip modules were made.
Change-Id: Ia7a60c28c2e9ba9537c5570f933c1ebcb20a3103
George Joseph
Joshua Colp
Corey Farrell
Richard Mudgett
Sean Bright
Benjamin Keith Ford
Jenkins2
Mark Michelson
Alexander Traud
Kevin Harwell
Joshua Elson
zuul
Matt Jordan
Alexei Gradinari
George Joseph