When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, and the SIP SDP from the UAC does not include the telephone-event. Later, the UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, DTMF should be sent by RFC2833 rather than using inband signaling.
Resolves: asterisk#826
(cherry picked from commit 6cf6856080)
* Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to distinguish them
in the list.
* Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects.
* Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one.
* Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path.
- Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
* Added a new CLI command...
`stir_shaken verify certificate_file <certificate_file> [ <profile> ]`
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile.
* Updated the XML documentation and the sample config file.
Resolves: #809
(cherry picked from commit 2fb3215f03)
The way we have been initializing the config wizard prevented it
from registering its objects if res_pjsip happened to load
before it.
* We now use the object_type_registered sorcery observer to kick
things off instead of the wizard_mapped observer.
* The load_module function now checks if res_pjsip has been loaded
already and if it was it fires the proper observers so the objects
load correctly.
Resolves: #816
UserNote: The res_pjsip_config_wizard.so module can now be reloaded.
(cherry picked from commit d11dc5247b)
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
Resolves: #780
(cherry picked from commit 1272c28a0d)
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
Resolves: #822
When using the PJSIP_DIAL_CONTACTS() function for use in the Dial()
command, the contacts are returned in text form, so the input to
the path_outgoing_request() function is a contact value of NULL.
The issue was reported in ASTERISK-28211, but was not actually fixed
in ASTERISK-30100. This fix brings back the code that was previously
removed and adds code to search for a contact to extract the path
value from it.
(cherry picked from commit aeefedb086)
After change made in 624f509 to add support for non 8K RFC 4733/2833 digits,
Asterisk would only accept RFC 4733/2833 offers that matched the sample rate of
the negotiated codec(s).
This change allows Asterisk to accept 8K RFC 4733/2833 offers if the UAC
offfers 8K RFC 4733/2833 but negotiates for a non 8K bitrate codec.
A number of corresponding tests in tests/channels/pjsip/dtmf_sdp also needed to
be re-written to allow for these scenarios.
Fixes: #776
(cherry picked from commit 7d53986262)
Remove duplicate creation of ast_bool_values from
2b7c507d7d12_add_queue_log_option_log_restricted_.py. This was
causing alembic upgrades to fail since the enum was already created
in fe6592859b85_fix_mwi_subscribe_replaces_.py back in 2018.
Resolves: #797
(cherry picked from commit af58084855)
The `Require: mediasec` and `Proxy-Require: mediasec` headers need
to be sent whenever we send `Security-Client` or `Security-Verify`
headers but the logic to do that was only in add_security_headers()
in res_pjsip_outbound_register. So while we were sending them on
REGISTER requests, we weren't sending them on INVITE requests.
This commit moves the logic to send the two headers out of
res_pjsip_outbound_register:add_security_headers() and into
security_agreement:ast_sip_add_security_headers(). This way
they're always sent when we send `Security-Client` or
`Security-Verify`.
Resolves: #789
(cherry picked from commit 210fe614b2)
Whenver a new channel snapshot is created or when a channel is
destroyed, we need to delete any existing channel snapshot from
the snapshot cache. Historically, we used the channel->snapshot
pointer to delete any existing snapshots but this has two issues.
First, if something (possibly ast_channel_internal_swap_snapshots)
sets channel->snapshot to NULL while there's still a snapshot in
the cache, we wouldn't be able to delete it and it would be orphaned
when the channel is destroyed. Since we use the cache to list
channels from the CLI, AMI and ARI, it would appear as though the
channel was still there when it wasn't.
Second, since there are actually two caches, one indexed by the
channel's uniqueid, and another indexed by the channel's name,
deleting from the caches by pointer requires a sequential search of
all of the hash table buckets in BOTH caches to find the matching
snapshots. Not very efficient.
So, we now delete from the caches using the channel's uniqueid
and name. This solves both issues.
This doesn't address how channel->snapshot might have been set
to NULL in the first place because although we have concrete
evidence that it's happening, we haven't been able to reproduce it.
Resolves: #783
(cherry picked from commit 27f7cb6ea0)
This commit adds a new voicemail.conf option 'odbc_audio_on_disk'
which when set causes the ODBC variant of app_voicemail to leave
the message and greeting audio files on disk and only store the
message metadata in the database. This option came from a concern
that the database could grow to large and cause remote access
and/or replication to become slow. In a clustering situation
with this option, all asterisk instances would share the same
database for the metadata and either use a shared filesystem
or other filesystem replication service much more suitable
for synchronizing files.
The changes to app_voicemail to implement this feature were actually
quite small but due to the complexity of the module, the actual
source code changes were greater. They fall into the following
categories:
* Tracing. The module is so complex that it was impossible to
figure out the path taken for various scenarios without the addition
of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in
code that's not related to the functional change. Making this worse
was the fact that many "if" statements in this module didn't use
braces. Since the tracing macros add multiple statements, many "if"
statements had to be converted to use braces.
* Excessive use of PATH_MAX. Previous maintainers of this module
used PATH_MAX to allocate character arrays for filesystem paths
and SQL statements as though they cost nothing. In fact, PATH_MAX
is defined as 4096 bytes! Some functions had (and still have)
multiples of these. One function has 7. Given that the vast
majority of installations use the default spool directory path
`/var/spool/asterisk/voicemail`, the actual path length is usually
less than 80 bytes. That's over 4000 bytes wasted. It was the
same for SQL statement buffers. A 4K buffer for statement that
only needed 60 bytes. All of these PATH_MAX allocations in the
ODBC related code were changed to dynamically allocated buffers.
The rest will have to be addressed separately.
* Bug fixes. During the development of this feature, several
pre-existing ODBC related bugs were discovered and fixed. They
had to do with leaving orphaned files on disk, not preserving
original message ids when moving messages between folders,
not honoring the "formats" config parameter in certain circumstances,
etc.
UserNote: This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
(cherry picked from commit 1b3a73cb24)
From the gdb information, we can see that while iterating over bridge->channels, the ast_bridge_channel reference count is 0, indicating it has already been destroyed.Additionally, when ast_bridge_channel is removed from bridge->channels, the bridge is first locked. Therefore, locking the bridge before iterating over bridge->channels can resolve the race condition.
Resolves: https://github.com/asterisk/asterisk/issues/768
(cherry picked from commit 68a9c5683a)
Add a queue option log-restricted-caller-id to strip the Caller ID when storing the ENTERQUEUE event
in the queue log if the Caller ID is restricted.
Resolves: #765
UpgradeNote: Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
UserNote: Add a Queue option log-restricted-caller-id to control whether the Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the Caller ID is restricted.
(cherry picked from commit 192a848311)
The current width for "extension" is 20 and "device state id" is 20, which is too small.
The "extension" field contains "ext"@"context", so 20 characters is not enough.
The "device state id" field, for example for Queue pause state contains Queue:"queue_name"_pause_PSJIP/"endpoint", so the 20 characters is not enough.
Increase the width of "extension" field to 30 characters and the width of the "device state id" field to 60 characters.
Resolves: #770
UserNote: The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters.
(cherry picked from commit 8d7ee89047)
Various SIP headers permit a URI to be prefaced with a `display-name`
production that can include characters (like commas and parentheses)
that are problematic for Asterisk's dialplan parser and, specifically
in the case of this patch, the PJSIP_PARSE_URI function.
This patch introduces a new function - `PJSIP_PARSE_URI_FROM` - that
behaves identically to `PJSIP_PARSE_URI` except that the first
argument is now a variable name and not a literal URI.
Fixes#756
(cherry picked from commit 78d63bc11c)
Since Asterisk 19 it is possible to cache recorded files into another
directory [1] [2].
Show configured location of cache dir in CLI's core show settings.
[1] ASTERISK-29143
[2] b08427134f
(cherry picked from commit b56d50ba16)
Two functions are deprecated as of libxml2 2.12:
* xmlSubstituteEntitiesDefault
* xmlParseMemory
So we update those with supported API.
Additionally, `res_calendar_caldav` has been updated to use libxml2's
xmlreader API instead of the SAX2 API which has always felt a little
hacky (see deleted comment block in `res_calendar_caldav.c`).
The xmlreader API has been around since libxml2 2.5.0 which was
released in 2003.
Fixes#725
(cherry picked from commit f9a359c5c5)
Missing or corrupt cdr_pgsql.conf configuration file can cause the
second attempt to load the PostgreSQL CDR module to crash Asterisk via
the Command Line Interface because a null CLI command is registered on
the first failed attempt to load the module.
Resolves: #736
(cherry picked from commit 735330bbd1)
Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs.
Asterisk currently treats RFC2833 Digits as a single rtp payload type
with a fixed bitrate of 8K. This change would expand that to 8, 16,
24 and 32K.
This requires checking the offered rtp types for any of these bitrates
and then adding an offer for each (if configured for RFC2833.) DTMF
generation must also be changed in order to look at the current outbound
codec in order to generate appropriately timed rtp.
For cases where no outgoing audio has yet been sent prior to digit
generation, Asterisk now has a concept of a 'preferred' codec based on
offer order.
On inbound calls Asterisk will mimic the payload types of the RFC2833
digits.
On outbound calls Asterisk will choose the next free payload types starting
with 101.
UserNote: No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
(cherry picked from commit 624f509ce4)
Send "RELOADING=1" instead of "RELOAD=1" to follow the format
expected by systemd (see sd_notify(3) man page).
Do not send STOPPING=1 in remote console mode:
attempting to execute "asterisk -rx" by the main process leads to
a warning if NotifyAccess=main (the default) or to a forced termination
if NotifyAccess=all.
(cherry picked from commit d3ff7c3eee)
Include signal.h to avoid the following build failure with uclibc-ng
raised since
2694792e13:
stasis/control.c: In function 'exec_command_on_condition':
stasis/control.c:313:3: warning: implicit declaration of function 'pthread_kill'; did you mean 'pthread_yield'? [-Wimplicit-function-declaration]
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~~~~~~~
| pthread_yield
stasis/control.c:313:41: error: 'SIGURG' undeclared (first use in this function)
313 | pthread_kill(control->control_thread, SIGURG);
| ^~~~~~
cherry-pick-to: 18
cherry-pick-to: 20
cherry-pick-to: 21
Fixes: #729
(cherry picked from commit c47307567a)
Currently, reloading res_pjsip will cause logging
to be disabled. This is because logging can also
be controlled via the debug option in pjsip.conf
and this defaults to "no".
To improve this, logging is no longer disabled on
reloads if logging had not been previously
enabled using the debug option from the config.
This ensures that logging enabled from the CLI
will persist through a reload.
ASTERISK-29912 #close
Resolves: #246
UserNote: Issuing "pjsip reload" will no longer disable
logging if it was previously enabled from the CLI.
(cherry picked from commit 9fc596aaa7)
Add unique verbose prefixes for levels higher than 4, so
that these can be visually differentiated from each other.
Resolves: #721
(cherry picked from commit 57bb09667d)
