An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received. The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.
* Add ast_safe_execvp() function. This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding. This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.
* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.
* Document code injection potential from untrusted data sources for other
shell commands that are under user control.
ASTERISK-27103
Change-Id: I7552472247a84cde24e1358aaf64af160107aef1
This prevents orphaned CBAnn channels from getting stuck in the bridge.
ASTERISK-26994 #close
Reported by: James Terhune
Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457
mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.
In the case of app_minivm, we also now properly clean up any temporary
files that we create.
ASTERISK-20858 #close
Reported by: Walter Doekes
Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43
If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.
Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.
Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.
ASTERISK-16777 #close
Reported by: klaus3000
Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2
Fixed to use correct initial value and fixed to use the
correct queue info to check the first value.
ASTERISK-27204
Change-Id: Ia9e36c828e566e1cc25c66f73307566e4acb8e73
GCC 7 has added capability to produce warnings, this fixes most of those
warnings. The specific warnings are disabled in a few places:
* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().
ASTERISK-27156 #close
Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88
Setting this option will cause the Queue application to only announce
the caller's position if it has improved since the last time that we
announced it.
Change-Id: I173a124121422209485b043e2bf784f54242fce6
The following testsuite voicemail tests were failing to re-enter the
mailbox after the first login attempt.
tests/apps/voicemail/authenticate_invalid_mailbox
tests/apps/voicemail/authenticate_invalid_password
The tests were noting the start of the vm-incorrect-mailbox prompt and
immediately sending the mailbox for the next login attempt. Since the
invalid message playback had to complete before the digits were
recognized, the test passed for the wrong reason and added approximately
20 seconds to the test times.
* Allow the vm-incorrect-mailbox prompt to get interrupted by the mailbox
digits like the initial vm-login prompt so the tests are able to enter the
intended mailbox.
Change-Id: I1dc53fe917bfe03a4587b2c4cd24c94696a69df8
This change does a few things to improve packet loss and renegotiation:
1. On outgoing RTP streams we will now properly reflect out of order
packets and packet loss in the sequence number. This allows the
remote jitterbuffer to better reorder things.
2. Video updates can now be discarded for a period of time
after one has been sent to prevent flooding of clients.
3. For declined and removed streams we will now release any
media session resources associated with them. This was not
previously done and caused an issue where old state was being
used for a new stream.
4. RTP bundling was not actually removing bundled RTP instances
from the parent. This has been resolved by removing based on
the RTP instance itself and not the SSRC.
5. The code did not properly handle explicitly unbundling an
RTP instance from its parent. This now works as expected.
ASTERISK-27143
Change-Id: Ibd91362f0e4990b6129638e712bc8adf0899fd45
This commit fixes two possible scenarios:
* When recording name and if during recording you hangup, file is never
removed. This is due to the fact file location is nulled.
* When recording name and if you hangup during thank-you prompt, file
is never removed.
ASTERISK-27123 #close
Change-Id: I39b7271408b4b54ce880c5111a886aa8f28c2625
In say_date_generic the timezonename parameter is passed but never
used. Fix it by passing it to the ast_localtime function.
ASTERISK-27124
Change-Id: I63106b8db10426d417d7275f22554a616e92fae4
When performing the "Queues" action via AMI, it outputs the same
text that the Asterisk CLI outputs when running a "queue show"
command, which does not conform with the AMI spec. "QueueStatus"
already does what the "Queues" action should do, so instead of
correcting the output, the "Queues" action will be removed and
"QueueStatus" should be used instead.
ASTERISK-27073 #close
Reported by: Brian
Change-Id: Id11743859758255b69cc3a557750d7a56c6d16f8
This API was not actively maintained, was not added to new modules
(such as res_pjsip), and there exist better alternatives to acquire the
same information, such as the ARI.
Change-Id: I4b2185a83aeb74798b4ad43ff8f89f971096aa83
The primary focus of this patch is adding a missing call to
ast_odbc_release_obj(), but is also a general cleanup of the ODBC
related code in app_voicemail.
ASTERISK-27093 #close
Change-Id: I8e285142eaeb3146b4287a928276b70db76c902b
Fixed the following bugs:
* calls to stream_echo_write had the last two parameters swapped
* ast_read should have been ast_read_stream
* added a null check on the frame's subclass format
This also resets the update_sent flag upon receiving SRRCHANGE control frame.
This will then force a video update.
ASTERISK-26997
Change-Id: I6ad7c8253559b800800433c52339e7f5aa583566
The fix for ASTERISK-25665 introduced a regression.
The return value of queue_exec used to be 0 in case of leavewhenempty
but it was changed to -1 (returned from wait_our_turn and passed
transparently by queue_exec), thus leading to hangup instead of returning
back to dialplan.
This commit resets the value back to 0 in this case, restoring
original behavior.
ASTERISK-27065 #close
Reported by: Marek Cervenka
Change-Id: Id9c83b75aeda463250155e88c5004be52bbca5ac
A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.
ASTERISK-27068 #close
Closing IMAP connection after loading mailbox from voicemail.conf
ASTERISK-24052 #close
Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a
A previous commit added plumbing to bridge_softmix to allow for an SFU
experience with Asterisk. This commit adds an option to app_confbridge
that allows for a confbridge to actually make use of the SFU video mode.
SFU mode is implemented in a "set it and forget it" kind of way. That
is, when the bridge is created, if SFU mode is enabled, then the video
mode gets set to SFU and cannot be changed. Future improvements may
allow for a hybrid experience (e.g. forward multiple video streams,
specifically those of the most recent talkers), but for this addition,
no such capability is present.
Change-Id: I87bbcb63dec6dbbb42488f894871b86f112b2020
This sets up the "plumbing" in bridge_softmix to
be able to accommodate Asterisk asking as an SFU
(selective forwarding unit) for conferences.
The way this works is that whenever a channel enters or leaves a
conference, all participants in the bridge get sent a stream topology
change request. The topologies consist of the channels' original
topology, along with video destination streams corresponding to each
participants' source video streams. So for instance, if Alice, Bob, and
Carol are in the conference, and each supplies one video stream, then
the topologies for each would look like so:
Alice:
Audio,
Source video(Alice),
Destination Video(Bob),
Destination video (Carol)
Bob:
Audio,
Source video(Bob)
Destination Video(Alice),
Destination video (Carol)
Carol:
Audio,
Source video(Carol)
Destination Video(Alice),
Destination video (Bob)
This way, video that arrives from a source video stream can then be
copied out to the destination video streams on the other participants'
channels.
Once the bridge gets told that a topology on a channel has changed, the
bridge constructs a map in order to get the video frames routed to the
proper destination streams. This is done using the bridge channel's
stream_map.
This change is bare-bones with regards to SFU support. Some key features
are missing at this point:
* Stream limits. This commit makes no effort to limit the number of
streams on a specific channel. This means that if there were 50 video
callers in a conference, bridge_softmix will happily send out topology
change requests to every channel in the bridge, requesting 50+
streams.
* Configuration. The plumbing has been added to bridge_softmix, but
there has been nothing added as of yet to app_confbridge to enable SFU
video mode.
* Testing. Some functions included here have unit tests.
However, the functionality as a whole has only been verified by
hand-tracing the code.
* Selectivenss. For a "selective" forwarding unit, this does not
currently have any means of being selective.
* Features. Presumably, someone might wish to only receive video from
specific sources. There are no external-facing functions at the moment
that allow for users to select who they receive video from.
* Efficiency. The current scheme treats all video streams as being
unidirectional. We could be re-using a source video stream as a
desetnation, too. But to simplify things on this first round, I did it
this way.
Change-Id: I7c44a829cc63acf8b596a337b2dc3c13898a6c4d