When building check_expr2 with ASLR PIE hardening enabled the linker
fails. This is resolved by adding the regular compiler flags when
building the object files from ast_expr2f.c and ast_expr2.c.
Note: The STANDALONE define is removed because it is already defined in
_ASTCFLAGS. YY_NO_INPUT is defined so that the compile survives
'--enable-dev-mode'.
Also, a Makefile variable "CROSS_COMPILING" is added so that the
build system doesn't try to run check_expr2 when cross-compiling,
because that will fail the build as will.
ASTERISK-28685 #close
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Change-Id: If435b7db9f9ad8266245bda51c81c220f9658915
Dump OpenSSL's error stack to the error log when things fail.
ASTERISK-28750 #close
Reported by: Martin Zeh
Change-Id: Ib63cd0df20275586e68ac4c2ddad222ed7bd9c0a
In order to retry outbound registrations for some situations, we
need access to the tdata from the original request. For instance,
for 401/407 responses we need it to properly construct the
subsequent request with the authentication. We also need it if
we're iterating over a DNS SRV response record set so we can skip
entries we've already tried.
We've been getting the tdata from the server response rdata and
transaction but that only works for the failures where there was
actually a response (4XX, 5XX, etc). For timeouts there's no
response and therefore no rdata or transaction from which to get
the tdata. When processing a single A/AAAA record for a server,
this wasn't an issue as we just retried that same server after the
retry timer expired. If we got an SRV record set for the server
though, without the state from the tdata, we just kept trying the
first entry in the set repeatedly instead of skipping to the next
one in the list.
* Added a "last_tdata" member to the client state structure to keep
track of the sent tdata.
* Updated registration_client_send() to save the tdata it used into
the client_state.
* Updated sip_outbound_registration_response_cb() to use the tdata
saved in client_state when we don't get a response from the
server. We still use the tdata from the transaction when we DO
get a response from the server so we can properly handle 4XX
responses where our new request depends on it.
General note on timeouts:
Although res_pjsip_outbound_registration skips to the next record
immediately when a timeout occurs during SRV set traversal, it's
pjproject that determines how long to wait before a timeout is
declared. As with other SIP message types, pjproject will continue
trying the same server at an interval specified by "timer_t1" until
"timer_b" expires. Both of those timers are set in the pjsip.conf
"system" section.
ASTERISK-28746
Change-Id: I199b8274392d17661dd3ce3b4d69a3968368fa06
This change adds support to bridge_softmix to allow the addition
and removal of additional video source streams. When such a change
occurs each participant is renegotiated as needed to reflect the
update. If another video source is added then each participant
gets another source. If a video source is removed then it is
removed from each participant. This functionality allows you to
have both your webcam and screenshare providing video if you
desire, or even more streams. Mapping has been changed to use
the topology index on the source channel as a unique identifier
for outgoing participant streams, this will never change and
provides an easy way to establish the mapping.
The bridge_simple and bridge_native_rtp modules have also been
updated to renegotiate when the stream topology of a party changes
allowing the same behavior to occur as added to bridge_softmix.
If a screen share is added then the opposite party is renegotiated.
If that screen share is removed then the opposite party is
renegotiated again.
Some additional fixes are also included in here. Stream state is
now conveyed in SDP so sendonly/recvonly/inactive streams can
be requested. Removed streams now also remove previous state
from themselves so consumers don't get confused.
ASTERISK-28733
Change-Id: I93f41fb41b85646bef71408111c17ccea30cb0c5
When handling ICE negotiations, it's possible that there can be a delay
between STUN binding requests which in turn will cause a delay in ICE
completion, preventing media from flowing. It should be possible to send
media when there is at least one valid pair, preventing this scenario
from occurring.
A change was added to PJPROJECT that adds an optional callback
(on_valid_pair) that will be called when the first valid pair is found
during ICE negotiation. Asterisk uses this to start the DTLS handshake,
allowing media to flow. It will only be called once, either on the first
valid pair, or when ICE negotiation is complete.
ASTERISK-28716
Change-Id: Ia7b68c34f06d2a1d91c5ed51627b66fd0363d867
When opening a file for writing, Asterisk silently converts filenames
ending with 'wav49' to 'WAV.' We aren't taking that in to account when
setting the MIXMONITOR_FILENAME variable in MixMonitor.
* If the user wants to write to a wav49 file, make sure that it is
reflected properly in MIXMONITOR_FILENAME.
* Add a note to the documentation describing this behavior.
* Add a note in main/file.c indicating that app_mixmonitor needs to be
changed if the logic in build_filename was changed.
ASTERISK-24798 #close
Reported by: xrobau
Change-Id: I384691ce624eb55c80a125b9ca206d2d691c574c
When moh_passthrough is used, asterisk is only generating invites
of type sendonly and sendrecv instead of taking fully into account
the on hold state of the local and remote parties
ASTERISK-28738 #close
Change-Id: Iaaad9fbc033cb14803d433b8a4071bc337047761
There was a race condition between client initiated DTLS setup, and handling
of server side ice completion that caused the underlying SSL object to get
cleared during DTLS initialization. If this happened Asterisk would be left
in a partial DTLS setup state. RTP packets were sent and received, but were
not being encrypted and decrypted. This resulted in no audio, or static.
Specifically, this occurred when '__rtp_recvfrom' was processing the handshake
sequence from the client to the server, and then 'ast_rtp_on_ice_complete'
gets called from another thread and clears the SSL object when calling the
'dtls_perform_setup' function. The timing had to be just right in the sense
that from the external SSL library perspective SSL initialization completed
(rtp recv), Asterisk clears/resets the SSL object (ice done), and then checks
to see if SSL is intialized (rtp recv). Since it was cleared, Asterisk thinks
it is not finished, thus not completing 'dtls_srtp_setup'.
This patch removes calls to 'dtls_perform_setup', which clears the SSL object,
in 'ast_rtp_on_ice_complete'. When ice completes, there is no reason to clear
the underlying SSL object. If an ice candidate changes a full protocol level
renegotiation occurs. Also, in the case of bundled ICE candidates are reused
when a stream is added. So no real reason to have to clear, and reset in this
instance.
Also, this patch adds a bit of extra logging to aid in diagnosis of any future
problems.
ASTERISK-28742 #close
Change-Id: I34c9e6bad5a39b087164646e2836e3e48fe6892f
The change to res_config_odbc that allowed empty strings to be
returned to realtime consumers¹ causes a warning to be emitted when
loading MoH classes. So we need to treat an empty 'format' as if it
was not specified to avoid the warning.
ASTERISK-28735 #close
Reported by: Ross Beer
[1] https://gerrit.asterisk.org/c/asterisk/+/13722
Change-Id: I9a271d721e1a0973e80ebe7d75b46a0d8fa0e5a5
Given a scenario where session refreshes occur close to
each other while another is finishing it was possible for
the session refreshes to occur out of order. It was
also possible for session refreshes to be delayed for
quite some time if a session refresh did not result in
a topology change.
For the out of order session refreshes the first session
refresh would be queued due to a transaction in progress.
This transaction would then finish. When finished a
separate task to process the delayed requests queue
would be queued for handling. A second refresh would
be requested internally before this delayed request
queued task was processed. As no transaction was in
progress this session refresh would be immediately
handled before the queued session refresh.
The code will now check if any delayed requests exist
before allowing a session refresh to immediately occur.
If any exist then the session refresh is queued.
For the delayed session refreshes if a session refresh
did not result in a topology change the attempt would
be immediately stopped and no other delayed requests would
be processed.
The code will now go through the entire delayed requests
queue until a delayed request results in a request
actually being sent.
ASTERISK-28730
Change-Id: Ied640280133871f77d3f332be62265e754605088
Although the wiki page for the new CHANGES and UPGRADE scheme
states that the files must have the ".txt" suffix, the READMEs
didn't.
Change-Id: I490306aa2cc24d6f014738e9ebbc78592efe0f05
(cherry picked from commit 7416703f04)
Currently aptitude is installed using interactive mode. This patch
changes this to use the non-interactive mode as it can block
automatic dependencies installation, ex: CI, Docker build.
ASTERISK-28726 #close
Change-Id: I271ee00d230513a6f044810351a32d83b2181133
The code assumed that when the transport-cc feedback
function was called at least one packet will have been
received. In practice this isn't always true, so now
we just reschedule the sending and do nothing.
Change-Id: Iabe7b358704da446fc3b0596b847bff8b8a0da6a
In order to reduce the amount of AMI and ARI events generated,
the global "Message/ast_msg_queue" channel can be set to suppress
it's normal channel housekeeping events such as "Newexten",
"VarSet", etc. This can greatly reduce load on the manager
and ARI applications when the Digium Phone Module for Asterisk
is in use. To enable, set "hide_messaging_ami_events" in
asterisk.conf to "yes" In Asterisk versions <18, the default
is "no" preserving existing behavior. Beginning with
Asterisk 18, the option will default to "yes".
NOTE: This change does not affect UserEvents or the ARI
TextMessageReceived events.
* Added the "hide_messaging_ami_events" option to asterisk.conf.
* Changed message.c to set the AST_CHAN_TP_INTERNAL property on
the "Message/ast_msg_queue" channel if the option is set in
asterisk.conf. This suppresses the reporting of the events.
Change-Id: Ia2e3516d43f4e0df994fc6598565d6bba2d7018b
If you're for some reason out of RTP ports, chan_sip would previously
responde to an INVITE with a 403, which will fail the call.
Now, it returns a 503, allowing the device/proxy to retry the call on a
different machine.
ASTERISK-28718
Change-Id: I968dcf6c1e30ecddcce397dcda36db727c83ca90
When res_config_odbc (and perhaps other realtime backends) reads a SQL
NULL from the database, it coalesces the value to the empty string
which prevents it from being returned to the realtime core.
However, if it instead reads the empty string from the database, it
needs a way to encode that fact without having the value omitted
entirely. It does this by changing the value to a string with a single
space. The realtime code in main/config.c recognizes this special case
and _turns the string back into the empty string_ before passing it to
realtime API consumers.
For all of this to work, we need to ensure that we actually pass the
single-space-string back to the realtime core, which is currently
failing because we are trimming the value before checking its
content. So instead we now special case the single-space-string case
so that empty values are returned properly.
ASTERISK-28719 #close
Reported by: EDV O-TON
Change-Id: I673ed8c31ad037aa224e80c78c7a1dc4e4a4e3de
Incrementing stasis_app_playback.media_index directly in our playback
loop means that when we reach the end of our playlist the index into
the vector will be outside of the bounds of the vector.
Instead use a temporary variable and only assign when we're sure that
we are in bounds.
ASTERISK-28713 #close
Reported by: Sébastien Duthil
Change-Id: Ib53f7f156097e0607eb5871d9d78d246ed274928
Each subscription needs to have a reference to the persisted data
for it, as well as the main JSON contained within the tree. When
recreating a subscription this did not occur and they both shared
the same reference.
ASTERISK-28714
Change-Id: I706abd49ea182ea367a4ac3feca2706460ae9f4a
It said "restrict [...] which peers should be able to pass [audio]
to each other".
However, these settings are not global (for which you would expect
signaling IPs to be checked). These settings are available per peer
only, and the IPs being checked, are the RTP IPs.
Change-Id: I2a6c6cd7c2f5f30d1df4844e3e0308a077021660
Calling 'app_send' eventually calls the app's message handler. It's possible
for a handler to obtain a lock on another object, and then need/want to lock
the app object. If the caller of 'app_send' locks the app object prior to
calling then there's a potential for a deadlock, if another thread calls
'app_send' without locking.
This patch makes it so 'app_send' is not called with the app object locked in
the section of code doing such.
ASTERISK-28423 #close
Change-Id: I6767c6d0933c7db1b984018966eefca4c0638a27
The cleanup code in stasis shuts down applications if they are in a deactivated
state, and no longer have explicit subscriptions. When registering an app the
cleanup code was running before calling 'update'. When it should be executed
after 'update' since a call to register may re-activate the app. We don't want
it to shutdown before the 'update' otherwise the app won't be re-activated,
or registered.
This patch makes it so the cleanup code is executed post 'update'.
ASTERISK-28679 #close
Change-Id: I8f2c0b17e33bb8128441567b97fd4c7bf74a327b
