Two functions are deprecated as of libxml2 2.12:
* xmlSubstituteEntitiesDefault
* xmlParseMemory
So we update those with supported API.
Additionally, `res_calendar_caldav` has been updated to use libxml2's
xmlreader API instead of the SAX2 API which has always felt a little
hacky (see deleted comment block in `res_calendar_caldav.c`).
The xmlreader API has been around since libxml2 2.5.0 which was
released in 2003.
Fixes#725
(cherry picked from commit b46f447530)
* Fixed possible memory leak in tn_config:tn_get_etn() where we
weren't releasing etn if tn or eprofile were null.
* We now canonicalize TNs before using them for lookups or adding
them to Identity headers.
* Fixed a typo in stir_shaken.conf.sample.
Resolves: #716
(cherry picked from commit 200da52128)
Fixed crash error when cli "module reload". The error appears when
compiling with res_prometheus and using the sorcery memory cache for
registrations
(cherry picked from commit 7210a03816)
If you're tracing a large function that may call another function
multiple times in different circumstances, it can be difficult to
see from the trace output exactly which location that function
was called from. There's no good way to automatically determine
the calling location. SCOPE_CALL and SCOPE_CALL_WITH_RESULT
simply print out a trace line before and after the call.
The difference between SCOPE_CALL and SCOPE_CALL_WITH_RESULT is
that SCOPE_CALL ignores the function's return value (if any) where
SCOPE_CALL_WITH_RESULT allows you to specify the type of the
function's return value so it can be assigned to a variable.
SCOPE_CALL_WITH_INT_RESULT is just a wrapper for SCOPE_CALL_WITH_RESULT
and the "int" return type.
(cherry picked from commit 951be188ba)
* OpenSSL 1.0.2 doesn't support X509_get0_pubkey so we now use
X509_get_pubkey. The difference is that X509_get_pubkey requires
the caller to free the EVP_PKEY themselves so we now let
RAII_VAR do that.
* OpenSSL 1.0.2 doesn't support upreffing an X509_STORE so we now
wrap it in an ao2 object.
* OpenSSL 1.0.2 doesn't support X509_STORE_get0_objects to get all
the certs from an X509_STORE and there's no easy way to polyfill
it so the CLI commands that list profiles will show a "not
supported" message instead of listing the certs in a store.
Resolves: #676
(cherry picked from commit 7bbc7b5a3a)
SQLAlchemy 2.0 changed the way that commits/rollbacks are handled
causing the final `UPDATE` to our `alembic_version_<whatever>` tables
to be rolled back instead of committed.
We now use one connection to determine which
`alembic_version_<whatever>` table to use and another to run the
actual migrations. This prevents the erroneous rollback.
This change is compatible with both SQLAlchemy 1.4 and 2.0.
(cherry picked from commit 42fbf5c22f)
It is possible for dialplan to result in an infinite
recursion of variable substitution, which eventually
leads to stack overflow. If we detect this, abort
substitution and log an error for the user to fix
the broken dialplan.
Resolves: #480
UpgradeNote: The maximum amount of dialplan recursion
using variable substitution (such as by using EVAL_EXTEN)
is capped at 15.
(cherry picked from commit f9f36ca702)
Send "RELOADING=1" instead of "RELOAD=1" to follow the format
expected by systemd (see sd_notify(3) man page).
Do not send STOPPING=1 in remote console mode:
attempting to execute "asterisk -rx" by the main process leads to
a warning if NotifyAccess=main (the default) or to a forced termination
if NotifyAccess=all.
(cherry picked from commit d7e638f2c3)
If the hostname field of the ast_tcptls_session_args structure is
set (which it is for websocket client connections), that hostname
will now automatically be used in an SNI TLS extension in the client
hello.
Resolves: #713
UserNote: Secure websocket client connections now send SNI in
the TLS client hello.
(cherry picked from commit 5b9da1213c)
Since DETECT_DEADLOCKS is now split from DEBUG_THREADS, it must
always be included in buildopts.h instead of only when
ADD_CFLAGS_TO_BUILDOPTS_H is defined. A SEGV will result otherwise.
Resolves: #719
(cherry picked from commit 7d69eafb5c)
rtp_engine.c and stun.c were calling ast_register_cleanup which
is skipped if any loadable module can't be cleanly unloaded
when asterisk shuts down. Since this will always be the case,
their cleanup functions never get run. In a practical sense
this makes no difference since asterisk is shutting down but if
you're in development mode and trying to use the leak sanitizer,
the leaks from both of those modules clutter up the output.
(cherry picked from commit 3767e14d15)
There were a few references in the embedded documentation XML
where the case didn't match or where the referenced app or function
simply didn't exist any more. These were causing 404 responses
in docs.asterisk.org.
(cherry picked from commit be6dee18dc)
* Added checks for missing session, session->channel and rdata
in stir_shaken_incoming_request.
* Added checks for missing session, session->channel and tdata
in stir_shaken_outgoing_request.
Resolves: #645
Add a timeout option to control the amount of time
to wait if no early media is received before giving
up. This allows aborting early if the destination
is not being responsive.
Resolves: #588
UserNote: The timeout argument to Dial now allows
specifying the maximum amount of time to dial if
early media is not received.
(cherry picked from commit e4adc962ca)
Most app_voicemail unit tests were not properly cleaning up
after themselves after running. This led to test mailboxes
lingering around in the system. It also meant that if any
unit tests in app_voicemail that create mailboxes were executed
and the module was not unloaded/loaded again prior to running
the test_voicemail_vm_info unit test, Asterisk would segfault
due to an attempt to copy a NULL string.
The load_config test did actually have logic to reinitialize
the config after the test. However, this did not work in practice
since load_config() would not reload the config since voicemail.conf
had not changed during the test; thus, additional logic has been
added to ensure that voicemail.conf is truly reloaded, after any
unit tests which modify the users list.
This prevents the SEGV due to invalid mailboxes lingering around,
and also ensures that the system state is restored to what it was
prior to the tests running.
Resolves: #629
(cherry picked from commit 082966bdad)
This adds an option to allow preventing callers from leaving
messages marked as 'urgent'.
Resolves: #619
UserNote: The leaveurgent mailbox option can now be used to
control whether callers may leave messages marked as 'Urgent'.
(cherry picked from commit 3c42b141d7)
This migrates the relevant schema objects from the `('yes', 'no')`
definition to the `('0', '1', 'off', 'on', 'false', 'true', 'yes', 'no')`
one.
Fixes#617
(cherry picked from commit 93e40968c3)
In as_check_common_config, we were calling ast_std_free on
raw_key but raw_key was allocated with ast_malloc so it
should be freed with ast_free.
Resolves: #636
(cherry picked from commit 267348bee3)
The default location for the stir_shaken cache is
/var/lib/asterisk/keys/stir_shaken/cache but we were only creating
/var/lib/asterisk/keys/stir_shaken on istall. We now create
the cache sub-directory.
Resolves: #634
(cherry picked from commit df0221b53d)
Why do we need a refactor?
The original stir/shaken implementation was started over 3 years ago
when little was understood about practical implementation. The
result was an implementation that wouldn't actually interoperate
with any other stir-shaken implementations.
There were also a number of stir-shaken features and RFC
requirements that were never implemented such as TNAuthList
certificate validation, sending Reason headers in SIP responses
when verification failed but we wished to continue the call, and
the ability to send Media Key(mky) grants in the Identity header
when the call involved DTLS.
Finally, there were some performance concerns around outgoing
calls and selection of the correct certificate and private key.
The configuration was keyed by an arbitrary name which meant that
for every outgoing call, we had to scan the entire list of
configured TNs to find the correct cert to use. With only a few
TNs configured, this wasn't an issue but if you have a thousand,
it could be.
What's changed?
* Configuration objects have been refactored to be clearer about
their uses and to fix issues.
* The "general" object was renamed to "verification" since it
contains parameters specific to the incoming verification
process. It also never handled ca_path and crl_path
correctly.
* A new "attestation" object was added that controls the
outgoing attestation process. It sets default certificates,
keys, etc.
* The "certificate" object was renamed to "tn" and had it's key
change to telephone number since outgoing call attestation
needs to look up certificates by telephone number.
* The "profile" object had more parameters added to it that can
override default parameters specified in the "attestation"
and "verification" objects.
* The "store" object was removed altogther as it was never
implemented.
* We now use libjwt to create outgoing Identity headers and to
parse and validate signatures on incoming Identiy headers. Our
previous custom implementation was much of the source of the
interoperability issues.
* General code cleanup and refactor.
* Moved things to better places.
* Separated some of the complex functions to smaller ones.
* Using context objects rather than passing tons of parameters
in function calls.
* Removed some complexity and unneeded encapsuation from the
config objects.
Resolves: #351Resolves: #46
UserNote: Asterisk's stir-shaken feature has been refactored to
correct interoperability, RFC compliance, and performance issues.
See https://docs.asterisk.org/Deployment/STIR-SHAKEN for more
information.
UpgradeNote: The stir-shaken refactor is a breaking change but since
it's not working now we don't think it matters. The
stir_shaken.conf file has changed significantly which means that
existing ones WILL need to be changed. The stir_shaken.conf.sample
file in configs/samples/ has quite a bit more information. This is
also an ABI breaking change since some of the existing objects
needed to be changed or removed, and new ones added. Additionally,
if res_stir_shaken is enabled in menuselect, you'll need to either
have the development package for libjwt v1.15.3 installed or use
the --with-libjwt-bundled option with ./configure.
(cherry picked from commit e6c7f1aee0)
This adds a dummy migration to 18 and 20 so that our alembic heads are
synchronized across all supported branches.
In this case the migration we are stubbing (24c12d8e9014) is:
775352ee6c
(cherry picked from commit d122225279)
The new mode lists for each codec translation the actual real cost in cpu microseconds per second translated audio.
This allows to compare the real cpu usage of translations and helps in evaluation of codec implementation changes regarding performance (regression testing).
- add new table mode
- hide the 999999 comp values, as these only indicate an issue with transcoding
- hide the 0 values, as these also do not contain any information (only indicate a multistep transcoding)
Resolves: #601
(cherry picked from commit a47acba99b)
If a dynamic string is created with an initial length of 0,
`ast_str_buffer(…)` will return an invalid pointer.
This was a secondary discovery when fixing #65.
(cherry picked from commit 31fc2877cb)
Media Experience Score relies on incorrect pseudo_mos variable
calculation. According to forming an opinion section of the
documentation, calculation relies on ITU-T G.107 standard:
https://docs.asterisk.org/Deployment/Media-Experience-Score/#forming-an-opinion
ITU-T G.107 Annex B suggests to calculate MOS with a coefficient
"seven times ten to the power of negative six", 7 * 10^(-6). which
would mean 6 digits after the decimal point. Current implementation
has 7 digits after the decimal point, which downrates the calls.
Fixes: #597
(cherry picked from commit 335b925fac)
If ast_dsp_process is called with a codec besides slin, ulaw,
or alaw, a warning is logged that in-band DTMF is not supported,
but this message is not always appropriate or correct, because
ast_dsp_process is much more generic than just DTMF detection.
This logs a more generic message in those cases, and also improves
codec-mismatch logging throughout dsp.c by ensuring incompatible
codecs are printed out.
Resolves: #595
(cherry picked from commit 59df4892ad)
Under rare circumstances, it's possible for the original audio
session in the active_media_state default_session to be corrupted
instead of removed when switching to the t38/image media session
during fax negotiation. This can cause a segfault when a "pjsip
show channelstats" attempts to print that audio media session's
rtp statistics. In these cases, the active_media_state
topology is correctly showing only a single t38/image stream
so we now check that there's an audio stream in the topology
before attempting to use the audio media session to get the rtp
statistics.
Resolves: #592
(cherry picked from commit cb057a6381)
When started with a verbose level of 3, asterisk can emit over 1500
verbose message that serve no real purpose other than to fill up
logs. When asterisk shuts down, it emits another 1100 that are of
even less use. Since the testsuite runs asterisk with a verbose
level of 3, and asterisk starts and stops for every one of the 700+
tests, the number of log messages is staggering. Besides taking up
resources, it also makes it hard to debug failing tests.
This commit changes the log level for those verbose messages to 5
instead of 3 which reduces the number of log messages to only a
handful. Of course, NOTICE, WARNING and ERROR message are
unaffected.
There's also one other minor change...
ast_context_remove_extension_callerid2() logs a DEBUG message
instead of an ERROR if the extension you're deleting doesn't exist.
The pjsip_config_wizard calls that function to clean up the config
and has been triggering that annoying error message for years.
Resolves: #582
(cherry picked from commit a433ed0d5a)
The last time configure was run, it was run on a system that
did not enable -std=gnu11 by default, which meant that the
restrict qualifier would not be recognized on certain platforms.
This regenerates the configure files from running bootstrap.sh,
so that these should be recognized on all supported platforms.
Resolves: #586
(cherry picked from commit 54b804fc3b)
Fixes: #406
UserNote: Bundled pjproject has been upgraded to 2.14. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
(cherry picked from commit bbfaff33cf)
