Add patch to split the log level for invalid packets received on the
signaling port. The warning regarding the packet will move to level 2
so that it can still be displayed, while the raw packet will be at level
4.
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
Improve the "manager show connected" CLI command
to clarify that the last two columns are permissions
related, not counts, and use sufficient widths
to consistently display these values.
ASTERISK-30143 #close
Resolves: #482
Although `make_xml_documentation`'s `print_dependencies` command was
corrected by the previous fix (#461) for #142, the `create_xml` was
not properly handling `LOCAL_MOD_SUBDIRS` XML documentation.
This fixes a number of broken links throughout the
tree, mostly caused by wiki.asterisk.org being replaced
with docs.asterisk.org, which should eliminate the
need for sporadic fixes as in f28047db36.
Resolves: #430
Resolves: #462
UserNote: The option "j" is now available for the Dial application which
uses the initial stream topology of the caller to create the outgoing
channels.
Instead of searching for the asterisk binary and the modules in the
filesystem, we now get their locations, along with libdir, from
the coredump itself...
For the binary, we can use `gdb -c <coredump> ... "info proc exe"`.
gdb can print this even without having the executable and symbols.
Once we have the binary, we can get the location of the modules with
`gdb ... "print ast_config_AST_MODULE_DIR`
If there was no result then either it's not an asterisk coredump
or there were no symbols loaded. Either way, it's not usable.
For libdir, we now run "strings" on the note0 section of the
coredump (which has the shared library -> memory address xref) and
search for "libasteriskssl|libasteriskpj", then take the dirname.
Since we're now getting everything from the coredump, it has to be
correct as long as we're not crossing namespace boundaries like
running asterisk in a docker container but trying to run
ast_coredumper from the host using a shared file system (which you
shouldn't be doing).
There is still a case for using --asterisk-bin and/or --libdir: If
you've updated asterisk since the coredump was taken, the binary,
libraries and modules won't match the coredump which will render it
useless. If you can restore or rebuild the original files that
match the coredump and place them in a temporary directory, you can
use --asterisk-bin, --libdir, and a new --moddir option to point to
them and they'll be correctly captured in a tarball created
with --tarball-coredumps. If you also use --tarball-config, you can
use a new --etcdir option to point to what normally would be the
/etc/asterisk directory.
Also addressed many "shellcheck" findings.
Resolves: #445
The `get_documentation` awk script will only extract the first
DOCUMENTATION block that it finds in a given file. This is by design
(9bc2127) to prevent AMI event documentation from being pulled in to
the core.xml documentation file.
Because of this, the `LOG_GROUP` documentation added in 89709e2 was
not being properly extracted and was missing fom the resulting XML
documentation file. This commit moves the `LOG_GROUP` documentation to
a separate `logger.xml` file.
There are valid scenarios where res_odbc's connection pool might have some dead
or stuck connections while others are healthy (imagine network
elements/firewalls/routers silently timing out connections to a single DB and a
single IP address, or a heterogeneous connection pool connected to potentially
multiple IPs/instances of a replicated DB using a DNS front end for load
balancing and one replica fails).
In order to time out those unhealthy connections without blocking access to
other parts of Asterisk that may attempt access to the connection pool, it would
be beneficial to not lock/block access around the entire pool in
_ast_odbc_request_obj2 while doing potentially blocking operations on connection
pool objects such as the connection_dead() test, odbc_obj_connect(), or by
dereferencing a struct odbc_obj for the last time and triggering a
odbc_obj_disconnect().
This would facilitate much quicker and concurrent timeout of dead connections
via the connection_dead() test, which could block potentially for a long period
of time depending on odbc.ini or other odbc connector specific timeout settings.
This also would make rapid failover (in the clustered DB scenario) much quicker.
This patch changes the locking in _ast_odbc_request_obj2() to not lock around
odbc_obj_connect(), _disconnect(), and connection_dead(), while continuing to
lock around truly shared, non-immutable state like the connection_cnt member and
the connections list on struct odbc_class.
Fixes: #465
If the script referenced by `#exec` does not exist, writes anything to
stderr, or exits abnormally or with a non-zero exit status, we log
that to Asterisk's error logging channel.
Additionally, write out a warning if the script produces no output.
Fixes#259
Resequencing is a process that occurs when we open a voicemail folder
and discover that there are gaps between messages (e.g. `msg0000.txt`
is missing but `msg0001.txt` exists). Resequencing involves shifting
the existing messages down so we end up with a sequential list of
messages.
Currently, this process stops after reaching a threshold based on the
message limit (`maxmsg`) configured on the current folder. However, if
`maxmsg` is lowered when a voicemail folder contains more than
`maxmsg + 10` messages, resequencing will not run completely leaving
the mailbox in an inconsistent state.
We now resequence up to the maximum number of messages permitted by
`app_voicemail` (currently hard-coded at 9999 messages).
Fixes#86
When mwimonitor=yes is enabled for an FXO port,
the do_monitor thread will launch mwi_thread if it thinks
there could be MWI on an FXO channel, due to the noise
threshold being satisfied. This, in turns, calls
analog_ss_thread_start in sig_analog. However, unlike
all other instances where __analog_ss_thread is called
in sig_analog, this call path does not properly set
pvt->ss_astchan to the Asterisk channel, which means
that the Asterisk channel is NULL when __analog_ss_thread
starts executing. As a result, the thread exits and the
channel is never properly cleaned up by calling ast_hangup.
This caused issues with do_monitor on incoming calls,
as it would think the channel was still owned even while
receiving events, leading to an infinite barrage of
warning messages; additionally, the channel would persist
improperly.
To fix this, the assignment is added to the call path
where it is missing (which is only used for mwi_thread).
A warning message is also added since previously there
was no indication that __analog_ss_thread was exiting
abnormally. This resolves both the channel leak and the
condition that led to the warning messages.
Resolves: #458
Certain channel options are not set anywhere or
exposed in any way to users, making them unusable.
This exposes some of these options which make sense
for users to manipulate at runtime.
Resolves: #442
Any function or application that accepts a `&`-separated list of
filenames can now include a literal `&` in a filename by wrapping the
entire filename in single quotes, e.g.:
```
exten = _X.,n,Playback('https://example.com/sound.cgi?a=b&c=d'&hello-world)
```
Fixes#172
UpgradeNote: Ampersands in URLs passed to the `Playback()`,
`Background()`, `SpeechBackground()`, `Read()`, `Authenticate()`, or
`Queue()` applications as filename arguments can now be escaped by
single quoting the filename. Additionally, this is also possible when
using the `CONFBRIDGE` dialplan function, or configuring various
features in `confbridge.conf` and `queues.conf`.
`astcachedir` (added in b0842713) was not added to `live_ast` so
continued to point to the system `/var/cache` directory instead of the
one in the live environment.
Fixes a crash due to a lack of proper reference on the nativeformats
object before passing it into ast_request(). Also found potentially
similar use case bugs in app_chanisavail.c, bridge.c, and bridge_basic.c
Fixes: #388
This improves the documentation for the bandwidth setting
in iax.conf by making it clearer what the ramifications
of this setting are. It also changes the sample default
from low to high, since only high is compatible with good
codecs that people will want to use in the vast majority
of cases, and this is a common gotcha that trips up new users.
Resolves: #425
This adds the ability to filter console
logging by channel or groups of channels.
This can be useful on busy systems where
an administrator would like to analyze certain
calls in detail. A dialplan function is also
included for the purpose of assigning a channel
to a group (e.g. by tenant, or some other metric).
ASTERISK-30483 #close
Resolves: #242
UserNote: The console log can now be filtered by
channels or groups of channels, using the
logger filter CLI commands.
Fedora 37 started shipping ilbc 3.0.4 which we don't yet support.
configure.ac now checks the system for "libilbc < 3" instead of
just "libilbc". If true, the system version of ilbc will be used.
If not, the version included at codecs/ilbc will be used.
Resolves: #84
See UserNote below.
Exposed the existing Hangup AMI action in manager.c so we can use
all of it's channel search and AMI protocol handling without
duplicating that code in dialplan_functions.c.
Added a lookup function to res_pjsip.c that takes in the
string represenation of the pjsip_status_code enum and returns
the actual status code. I.E. ast_sip_str2rc("DECLINE") returns
603. This allows the caller to specify PJSIPHangup(decline) in
the dialplan, just like Hangup(call_rejected).
Also extracted the XML documentation to its own file since it was
almost as large as the code itself.
UserNote: A new dialplan app PJSIPHangup and AMI action allows you
to hang up an unanswered incoming PJSIP call with a specific SIP
response code in the 400 -> 699 range.
When IAX2 debugging was enabled (`iax2 set debug on`), if the last IE
in a frame was one that may not have any data - such as the CALLTOKEN
IE in an NEW request - it was not getting displayed.
This adds optional ADSI support to the Directory
application, which allows callers with ADSI CPE
to navigate the Directory system significantly
faster than is possible using the audio prompts.
Callers can see the directory name (and optionally
extension) on their screenphone and confirm or
reject a match immediately rather than waiting
for it to be spelled out, enhancing usability.
Resolves: #356
Currently, trying to call a Local channel with a slash
in the extension will fail due to the parsing of characters
after such a slash as being dial modifiers. Additionally,
core_local is inconsistent and incomplete with
its parsing of Local dial strings in that sometimes it
uses the first slash and at other times it uses the last.
For instance, something like DAHDI/5 or PJSIP/device
is a perfectly usable extension in the dialplan, but Local
channels in particular prevent these from being called.
This creates inconsistent behavior for users, since using
a slash in an extension is perfectly acceptable, and using
a Goto to accomplish this works fine, but if specified
through a Local channel, the parsing prevents this.
This fixes this by explicitly parsing options from the
last slash in the extension, rather than the first one,
which doesn't cause an issue for extensions with slashes.
ASTERISK-30013 #close
Resolves: #248
This adds an AMI event that is emitted whenever a
mailbox password is successfully changed, allowing
AMI consumers to process these.
UserNote: The VoicemailPasswordChange event is
now emitted whenever a mailbox password is updated,
containing the mailbox information and the new
password.
Resolves: #398
In simple_bridge_join, we were sending topology change requests
even when the new and old topologies were the same. In some
circumstances, this can cause unnecessary re-invites and even
a re-invite flood. We now suppress those.
Resolves: #384
If too many ciphers are specified in the PJSIP config,
include the maximum number of ciphers that may be
specified in the user-facing error message.
Resolves: #396
* Allow res_speech to translate the input channel if the
format is translatable to a format suppored by the
speech provider.
Resolves: #129
UserNote: res_speech now supports translation of an input channel
to a format supported by the speech provider, provided a translation
path is available between the source format and provider capabilites.