The last time configure was run, it was run on a system that
did not enable -std=gnu11 by default, which meant that the
restrict qualifier would not be recognized on certain platforms.
This regenerates the configure files from running bootstrap.sh,
so that these should be recognized on all supported platforms.
Resolves: #586
(cherry picked from commit 54b804fc3b)
The current STIR/SHAKEN implementation is not currently usable due
to encryption issues. Rather than trying to futz with OpenSSL and
the the current code, we can take advantage of the existing
capabilities of libjwt but we first need to add it to the
third-party infrastructure already in place for jansson and
pjproject.
A few tweaks were also made to the third-party infrastructure as
a whole. The jansson "dest" install directory was renamed "dist"
to better match convention, and the third-party Makefile was updated
to clean all product directories not just the ones currently in
use.
Resolves: #349
(cherry picked from commit a9d4175e1d)
Fixes#221
UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by
the underlying PJSIP library. The bundled version of PJSIP supports
TLS v1.3.
(cherry picked from commit b5762cd54e)
These were uncovered when trying to run `bootstrap.sh` with Autoconf
2.71:
* AC_CONFIG_HEADER() is deprecated in favor of AC_CONFIG_HEADERS().
* AC_HEADER_TIME is obsolete.
* $as_echo is deprecated in favor of AS_ECHO() which requires an update
to ax_pthread.m4.
Note that the generated artifacts in this commit are from Autoconf 2.69.
Resolves#139
(cherry picked from commit 21d3c4ae58)
Removed multiple patches.
Code chages in res_pjsip_pubsub due to changes in evsub.
Pjsip now calls on_evsub_state() before on_rx_refresh(),
so the sub tree deletion that used to take place in
on_evsub_state() now must take place in on_rx_refresh().
Additionally, pjsip now requires that you send the NOTIFY
from within on_rx_refresh(), otherwise it will assert
when going to send the 200 OK. The idea is that it will
look for this NOTIFY and cache it until after sending the
response in order to deal with the self-imposed message
mis-order. Asterisk previously dealt with this by pushing
the NOTIFY in on_rx_refresh(), but pjsip now forces us
to use it's method.
Changes were required to configure in order to detect
which way pjsip handles this as the two are not
compatible for the reasons mentioned above.
A corresponding change in testsuite is required in order
to deal with the small interal timing changes caused by
moving the NOTIFY send.
ASTERISK-30325
Change-Id: I50b00cac89d950d3511d7b250a1c641965d9fe7f
This change adds support using the pjsip_tls_transport_restart
function for reloading the TLS certificate and key, if the filenames
remain unchanged. This is useful for Let's Encrypt and other
situations. Note that no restart of the transport will occur if
the certificate and key remain unchanged.
ASTERISK-30186
Change-Id: I9bc95a6bf791830a9491ad9fa43c17d4010028d0
autoconfigh.h.in was missed in the original review for this
issue. Additionally it looks like I have newer pkg-config autoconf
macros on my development machine.
ASTERISK-29817
Change-Id: I3c85a4de82c5d7d6e0e23dad4c33bb650a86a57b
There are times when you need to troubleshoot issues with bundled
pjproject or add new features that need to be pushed upstream
but...
* The source directory created by extracting the pjproject tarball
is not scanned for code changes so you have to keep forcing
rebuilds.
* The source directory isn't a git repo so you can't easily create
patches, do git bisects, etc.
* Accidentally doing a make distclean will ruin your day by wiping
out the source directory, and your changes.
* etc.
This commit makes that easier.
See third-party/pjproject/README-hacking.md for the details.
ASTERISK-29824
Change-Id: Idb1251040affdab31d27cd272dda68676da9b268
OpenSSL is one of those packages that often have alternatives
with later versions. For instance, CentOS/EL 7 has an
openssl package at version 1.0.2 but there's an openssl11
package from the epel repository that has 1.1.1. This gets
installed to /usr/include/openssl11 and /usr/lib64/openssl11.
Unfortunately, the existing --with-ssl and --with-crypto
./configure options expect to point to a source tree and
don't work in this situation. Also unfortunately, the
checks in ./configure don't use pkg-config.
In order to make this work with the existing situation, you'd
have to run...
./configure --with-ssl=/usr/lib64/openssl11 \
--with-crypto=/usr/lib64/openssl11 \
CFLAGS=-I/usr/include/openssl11
BUT... those options don't get passed down to bundled pjproject
so when you run make, you have to include the CFLAGS again
which is a big pain.
Oh... To make matters worse, although you can specify
PJPROJECT_CONFIGURE_OPTS on the ./configure command line,
they don't get saved so if you do a make clean, which will
force a re-configure of bundled pjproject, those options
don't get used.
So...
* In configure.ac... Since pkg-config is installed by install_prereq
anyway, we now use it to check for the system openssl >= 1.1.0.
If that works, great. If not, we check for the openssl11
package. If that works, great. If not, we fall back to just
checking for any openssl. If pkg-config isn't installed for some
reason, or --with-ssl=<dir> or --with-crypto=<dir> were specified
on the ./configure command line, we fall back to the existing
logic that uses AST_EXT_LIB_CHECK().
* The whole OpenSSL check process has been moved up before
THIRD_PARTY_CONFIGURE(), which does the initial pjproject
bundled configure, is run. This way the results of the above
checks, which may result in new include or library directories,
is included.
* Although not strictly needed for openssl, We now save the value of
PJPROJECT_CONFIGURE_OPTS in the makeopts file so it can be used
again if a re-configure is triggered.
ASTERISK-29693
Change-Id: I341ab7603e6b156aa15a66f43675ac5029d5fbde
Discovered while looking at ASTERISK~29684. Usage was removed in change
I3c77c7b00b2ffa2e935632097fa057b9fdf480c0.
Change-Id: Iaf2f7a16ea5a7eee6375319347e4b40b8e7b10e3
IPv6 nameserver addresses are stored in different part of the
__res_state structure, so look there if we appear to have support for
it.
ASTERISK-28004 #close
Change-Id: I67067077d8a406ee996664518d9c8fbf11f6977d
When handling ICE negotiations, it's possible that there can be a delay
between STUN binding requests which in turn will cause a delay in ICE
completion, preventing media from flowing. It should be possible to send
media when there is at least one valid pair, preventing this scenario
from occurring.
A change was added to PJPROJECT that adds an optional callback
(on_valid_pair) that will be called when the first valid pair is found
during ICE negotiation. Asterisk uses this to start the DTLS handshake,
allowing media to flow. It will only be called once, either on the first
valid pair, or when ICE negotiation is complete.
ASTERISK-28716
Change-Id: Ia7b68c34f06d2a1d91c5ed51627b66fd0363d867
Instead of trying to use the defined MySQL client version from the
header use a configure check to determine whether the bool or my_bool
type should be used for defining a boolean.
ASTERISK-28604
Change-Id: Id2225b3785115de074c50c123ff1a68005b4a9c7
This change adds support for larger TLS certificates by allowing
OpenSSL to fragment the DTLS packets according to the configured
MTU. By default this is set to 1200.
This is accomplished by implementing our own BIO method that
supports MTU querying. The configured MTU is returned to OpenSSL
which fragments the packet accordingly. When a packet is to be
sent it is done directly out the RTP instance.
ASTERISK-28018
Change-Id: If2d5032019a28ffd48f43e9e93ed71dbdbf39c06
Asterisk assumes that dlopen() will always run the constructor of a
shared library and every dlclose() will run its destructor. But dlopen()
may be permanent, meaning the constructor will only be run once, as is
the case with musl libc.
With a permanent dlopen() the Asterisk module loader does not work
correctly, because it's expectations regarding when the constructors and
destructors are run are not met. In fact a segmentation fault will occur
when the first module is "re-opened" that has AST_MODFLAG_GLOBAL_SYMBOLS
set (the dlopen() does not call the constructor, resource_being_loaded
is not set to NULL, then strlen is called with NULL instead of a string,
see issue ASTERISK-28319).
This commit adds code to the loader that will manually run the
constructors/destructors of the (non-builtin) modules where needed. To
achieve this a new ao2 container (linked list) is started and filled
with objects that contain the names of the modules and the pointers to
their respective info structs.
This behavior can be activated when configuring Asterisk
(--enable-permanent-dlopen). By default this is disabled, of course.
ASTERISK-28319 #close
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Change-Id: I86693a0ecf25d5ba81c73773a03df4abc3426875
Some platforms provide an implementation of socket() and pipe2() that allow the
caller to specify that the resulting file descriptors should be non-blocking.
Using these allows us to potentially elide 3 calls into 1 by avoiding extraneous
calls to fcntl() to set the O_NONBLOCK flag afterwards.
In passing, change ast_alertpipe_init() to use pipe2() directly instead of the
wrapper if it is available.
Change-Id: I3ebe654fb549587537161506c6c950f4ab298bb0
We've had multiple opportunities where Richard Mudgett's
malloc_trim patch has been useful. Let's get it
pushed up to gerrit and merged.
Since malloc_trim is only available in libc, an entry is
added to configure.ac to create a definition for
HAVE_MALLOC_TRIM.
Change-Id: Ia38308c550149d9d6eae4ca414a649957de9700c
This change implements a few different generic things which were brought
on by Google Voice SIP.
1. The concept of flow transports have been introduced. These are
configurable transports in pjsip.conf which can be used to reference a
flow of signaling to a target. These have runtime configuration that can
be changed by the signaling itself (such as Service-Routes and
P-Preferred-Identity). When used these guarantee an individual connection
(in the case of TCP or TLS) even if multiple flow transports exist to the
same target.
2. Service-Routes (RFC 3608) support has been added to the outbound
registration module which when received will be stored on the flow
transport and used for requests referencing it.
3. P-Associated-URI / P-Preferred-Identity (RFC 3325) support has been
added to the outbound registration module. If a P-Associated-URI header
is received it will be used on requests as the P-Preferred-Identity.
4. Configurable outbound extension support has been added to the outbound
registration module. When set the extension will be placed in the
Supported header.
5. Header parameters can now be configured on an outbound registration
which will be placed in the Contact header.
6. Google specific OAuth / Bearer token authentication
(draft-ietf-sipcore-sip-authn-02) has been added to the outbound
registration module.
All functionality changes are controlled by pjsip.conf configuration
options and do not affect non-configured pjsip endpoints otherwise.
ASTERISK-27971 #close
Change-Id: Id214c2d1c550a41fcf564b7df8f3da7be565bd58
In order to do this and provide good feedback, a new macro was
created (AST_EXT_LIB_EXTRA_CHECK) which does the normal check and
path setups for the library then compiles, links and runs a supplied
code fragment to do the final determination. In this case, the
final code fragment compares UNBOUND_VERSION_MAJOR
and UNBOUND_VERSION_MINOR to determine if they're greater than or
equal to 1.5.
Since we require version 1.5, some code in res_resolver_unbound
was also simplified.
ASTERISK-28045
Reported by: Samuel Galarneau
Change-Id: Iee94ad543cd6f8b118df8c4c7afd9c4e2ca1fa72
Use json_vsprintf from versions which contain fix for va_copy leak.
Apply fixes from jansson master:
* va_copy leak fix.
* Avoid potential invalid memory read in json_pack.
* Rename variable that shadowed another.
Change-Id: I7522e462d2a52f53010ffa1e7d705c666ec35539
When writing an RTCP report to json the code attempts to pack the "ssrc" and
"source_ssrc" unsigned integer values as a signed int value type. This of course
means if the ssrc's unsigned value is greater than that which can fit into a
signed integer value it gets converted to a negative number. Subsequently, the
negative value goes out in the json report.
This patch now packs the value as a json_int_t, which is the widest integer type
available on a given system. This should make it so the value no longer
overflows.
Note, this was caught by two failing tests hep/rtcp-receiver/ and
hep/rtcp-sender.
Change-Id: I2af275286ee5e795b79f0c3d450d9e4b28e958b0
This change brings in PJSIP 2.8, removes all the patches
that were merged upstream, and makes a minor change to
support a breaking change that was done.
ASTERISK-28059
Change-Id: I5097772b11b0f95c3c1f52df6400158666f0a189
In Solaris, the header <jansson.h> is in /usr/include/jansson. To find
Jansson even in such a subdirectory, the tool pkg-config is queried via
AST_PKG_CONFIG_CHECK. For those platforms, which do not list Jansson via
pkg-config, the previous check remains and is executed thereafter.
Because the check for the NetBSD Editline library uses the tool pkg-config
the code of PKG_PROG_PKG_CONFIG must be used. Because that check happens
earlier than Jansson, it must be placed in front of that.
ASTERISK-27991
Change-Id: I69ea0f379f87a50049654b2487c76ee1c04fa53a
pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response. We handle this correctly. There have
been reported cases where the To tag is the same but we still need to
follow the media. The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime. The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.
So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.
The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.
Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer
Furthermore, allow OpenSSL configured with no-dh. Additionally, this change
allows auto-negotiation of the elliptic curve/group for servers, not only with
OpenSSL 1.0.2 but also with OpenSSL 1.1.0 and newer. This enables X25519
(since OpenSSL 1.1.0) and X448 (since OpenSSL 1.1.1) as a side-effect.
ASTERISK-27910
Change-Id: I5b0dd47c5194ee17f830f869d629d7ef212cf537
Asterisk does not need the development package of libltdl, because it does not
use any symbol of -lltdl directly. Instead, it uses the runtime package via the
shared library -lodbc. On the supported platforms, that shared library declares
its dependency on -lltdl correctly, otherwise AST_EXT_LIB_CHECK would have
failed.
ASTERISK-27745
Change-Id: Icd315809b8e7978203431f3afb66240dd3a040ba
In NetBSD, PortAudio 1 is still the default version. PortAudio 2 can be
installed side by side but gets placed in a 'portaudio2' subdirectory. To
find PortAudio 2 even in a subdirectory, the tool pkg-config is queried via
AST_PKG_CONFIG_CHECK. For those platforms, which do not list PowerAudio 2
via pkg-config, the previous check remains and is executed thereafter.
ASTERISK-27721
Change-Id: I4175500126909ad1b181fff8e11bb4a3a6ae4fa9
This change causes the configure script to throw an error if neither
__sync nor __atomic builtin functions are available.
ASTERISK-27619
Change-Id: Ie01a281e0f5c41dfeeb5f250c1ccea8752f56ef9
Add a check to configure.ac for __atomic_fetch_add support. If found
use the __atomic built-in operators for ast_atomic_dec_and_test and
ast_atomic_fetchadd_int.
ASTERISK~27619
Change-Id: I65b4feb02bae368904ed0fb03f585c05f50a690e
This check is being added to make it easier for end-users of third party
open source Opus modules. This was removed by ASTERISK-26426 but only
the module needed to be removed.
Change-Id: I62b9cd0c4fa8a77596ab0e042948a643a1152677
The configure option to disable XML documentation does not currently
work. This patch makes it effective, but also causes an ABI change by
removing the ast_xmldoc_* symbols. Disabling xmldoc also prevents docs
from being automatically generated, but they can still be manually
generated with 'make doc/core-en_US.xml'.
ASTERISK-26639
Change-Id: Ifac562340c09f80c83e0203de098fcac93bf8c44
Beanstalkd is a simple to use job queue. It provides a means to
create multiple job queues called "tubes". Each tube can store
multiple jobs, with varying priorities with the queue. Queue
processing is available via a simple TCP socket or via well defined
libraries, avaialble at
https://github.com/kr/beanstalkd/wiki/client-libraries
This module is based upon the beanstalk-client library, available
for download at: https://github.com/deepfryed/beanstalk-client
Change-Id: I5fe4089a34ab3b39230786d9bbfddafa56715f48
The primary win of switching to eventfd when possible is that it only
uses a single file descriptor while pipe() will use two. This means for
each bridge channel we're reducing the number of required file
descriptors by 1, and - if you're using timerfd - we also now have 1
less file descriptor per Asterisk channel.
The API is not ideal (passing int arrays), but this is the cleanest
approach I could come up with to maintain API/ABI.
I've also removed what I believe to be an erroneous code block that
checked the non-blocking flag on the pipe ends for each read. If the
file descriptor is 'losing' its non-blocking mode, it is because of a
bug somewhere else in our code.
In my testing I haven't seen any measurable difference in performance.
Change-Id: Iff0fb1573e7f7a187d5211ddc60aa8f3da3edb1d