Naveen Albert [Wed, 10 Sep 2025 16:15:08 +0000 (12:15 -0400)]
app_adsiprog: Fix possible NULL dereference.
get_token can return NULL, but process_token uses this result without
checking for NULL; as elsewhere, check for a NULL result to avoid
possible NULL dereference.
Ben Ford [Tue, 9 Sep 2025 18:34:39 +0000 (13:34 -0500)]
rtp_engine.c: Add exception for comfort noise payload.
In a previous commit, a change was made to
ast_rtp_codecs_payload_code_tx_sample_rate to check for differing sample
rates. This ended up returning an invalid payload int for comfort noise.
A check has been added that returns early if the payload is in fact
supposed to be comfort noise.
Naveen Albert [Tue, 9 Sep 2025 20:10:14 +0000 (16:10 -0400)]
pbx_variables.c: Create real channel for "dialplan eval function".
"dialplan eval function" has been using a dummy channel for function
evaluation, much like many of the unit tests. However, sometimes, this
can cause issues for functions that are not expecting dummy channels.
As an example, ast_channel_tech(chan) is NULL on such channels, and
ast_channel_tech(chan)->type consequently results in a NULL dereference.
Normally, functions do not worry about this since channels executing
dialplan aren't dummy channels.
While some functions are better about checking for these sorts of edge
cases, use a real channel with a dummy technology to make this CLI
command inherently safe for any dialplan function that could be evaluated
from the CLI.
app_queue.c: Add new global 'log_unpause_on_reason_change'
In many asterisk-based systems, the pause reason is used to separate
pauses by type,and logically, changing the reason defines two intervals
that should be accounted for separately. The introduction of a new
option allows me to separate the intervals of operator inactivity in
the log by the event of unpausing.
UserNote: Add new global option 'log_unpause_on_reason_change' that
is default disabled. When enabled cause addition of UNPAUSE event on
every re-PAUSE with reason changed.
app_waitforsilence.c: Use milliseconds to calculate timeout time
The functions WaitForNoise() and WaitForSilence() use the time()
functions to calculate elapsed time, which causes the timer to fire on
a whole second boundary, and the actual function execution time to fire
the timer may be 1 second less than expected. This fix replaces time()
with ast_tvnow().
Naveen Albert [Thu, 28 Aug 2025 12:29:02 +0000 (08:29 -0400)]
res_tonedetect: Add option for TONE_DETECT detection to auto stop.
One of the problems with TONE_DETECT as it was originally written
is that if a tone is detected multiple times, it can trigger
the redirect logic multiple times as well. For example, if we
do an async goto in the dialplan after detecting a tone, because
the detector is still active until explicitly disabled, if we
detect the tone again, we will branch again and start executing
that dialplan a second time. This is rarely ever desired behavior,
and can happen if the detector is not removed quickly enough.
Add a new option, 'e', which automatically disables the detector
once the desired number of matches have been heard. This eliminates
the potential race condition where previously the detector would
need to be disabled immediately, but doing so quickly enough
was not guaranteed. This also allows match criteria to be retained
longer if needed, so the detector does not need to be destroyed
prematurely.
Resolves: #1390
UserNote: The 'e' option for TONE_DETECT now allows detection to
be disabled automatically once the desired number of matches have
been fulfilled, which can help prevent race conditions in the
dialplan, since TONE_DETECT does not need to be disabled after
a hit.
Stuart Henderson [Thu, 21 Aug 2025 10:22:40 +0000 (10:22 +0000)]
app_queue: fix comparison for announce-position-only-up
Numerically comparing that the current queue position is less than
last_pos_said can only be done after at least one announcement has been
made, otherwise last_pos_said is at the default (0).
George Joseph [Thu, 28 Aug 2025 12:47:04 +0000 (06:47 -0600)]
res_pjsip_authenticator_digest: Fix SEGV if get_authorization_hdr returns NULL.
In the highly-unlikely event that get_authorization_hdr() couldn't find an
Authorization header in a request, trying to get the digest algorithm
would cauase a SEGV. We now check that we have an auth header that matches
the realm before trying to get the algorithm from it.
sorcery: Prevent duplicate objects and ensure missing objects are created on update
This patch resolves two issues in Sorcery objectset handling with multiple
backends:
1. Prevent duplicate objects:
When an object exists in more than one backend (e.g., a contact in both
'astdb' and 'realtime'), the objectset previously returned multiple instances
of the same logical object. This caused logic failures in components like the
PJSIP registrar, where duplicate contact entries led to overcounting and
incorrect deletions, when max_contacts=1 and remove_existing=yes.
This patch ensures only one instance of an object with a given key is added
to the objectset, avoiding these duplicate-related side effects.
2. Ensure missing objects are created:
When using multiple writable backends, a temporary backend failure can lead
to objects missing permanently from that backend.
Currently, .update() silently fails if the object is not present,
and no .create() is attempted.
This results in inconsistent state across backends (e.g. astdb vs. realtime).
This patch introduces a new global option in sorcery.conf:
[general]
update_or_create_on_update_miss = yes|no
Default: no (preserves existing behavior).
When enabled: if .update() fails with no data found, .create() is attempted
in that backend. This ensures that objects missing due to temporary backend
outages are re-synchronized once the backend is available again.
Added a new CLI command:
sorcery show settings
Displays global Sorcery settings, including the current value of
update_or_create_on_update_miss.
Updated tests to validate both flag enabled/disabled behavior.
Fixes: #1289
UserNote: Users relying on Sorcery multiple writable backends configurations
(e.g., astdb + realtime) may now enable update_or_create_on_update_miss = yes
in sorcery.conf to ensure missing objects are recreated after temporary backend
failures. Default behavior remains unchanged unless explicitly enabled.
Naveen Albert [Mon, 25 Aug 2025 17:05:15 +0000 (13:05 -0400)]
sig_analog: Skip Caller ID spill if usecallerid=no.
If Caller ID is disabled for an FXS port, then we should not send any
Caller ID spill on the line, as we have no Caller ID information that
we can/should be sending.
Naveen Albert [Mon, 18 Aug 2025 12:56:23 +0000 (08:56 -0400)]
chan_dahdi: Fix erroneously persistent dialmode.
It is possible to modify the dialmode setting in the chan_dahdi/sig_analog
private using the CHANNEL function, to modify it during calls. However,
it was not being reset between calls, meaning that if, for example, tone
dialing was disabled, it would never work again unless explicitly enabled.
This fixes the setting by pairing it with a "perm" version of the setting,
as a few other features have, so that it can be reset to the permanent
setting between calls. The documentation is also clarified to explain
the interaction of this setting and the digitdetect setting more clearly.
George Joseph [Wed, 13 Aug 2025 19:22:38 +0000 (13:22 -0600)]
chan_websocket: Allow additional URI parameters to be added to the outgoing URI.
* Added a new option to the WebSocket dial string to capture the additional
URI parameters.
* Added a new API ast_uri_verify_encoded() that verifies that a string
either doesn't need URI encoding or that it has already been encoded.
* Added a new API ast_websocket_client_add_uri_params() to add the params
to the client websocket session.
* Added XML documentation that will show up with `core show application Dial`
that shows how to use it.
Resolves: #1352
UserNote: A new WebSocket channel driver option `v` has been added to the
Dial application that allows you to specify additional URI parameters on
outgoing connections. Run `core show application Dial` from the Asterisk CLI
to see how to use it.
George Joseph [Tue, 19 Aug 2025 15:46:39 +0000 (09:46 -0600)]
chan_websocket: Fix buffer overrun when processing TEXT websocket frames.
ast_websocket_read() receives data into a fixed 64K buffer then continually
reallocates a final buffer that, after all continuation frames have been
received, is the exact length of the data received and returns that to the
caller. process_text_message() in chan_websocket was attempting to set a
NULL terminator on the received payload assuming the payload buffer it
received was the large 64K buffer. The assumption was incorrect so when it
tried to set a NULL terminator on the payload, it could, depending on the
state of the heap at the time, cause heap corruption.
process_text_message() now allocates its own payload_len + 1 sized buffer,
copies the payload received from ast_websocket_read() into it then NULL
terminates it prevent the possibility of the overrun and corruption.
Naveen Albert [Fri, 15 Aug 2025 12:32:00 +0000 (08:32 -0400)]
dsp.c: Improve debug logging in tone_detect().
The debug logging during DSP processing has always been kind
of overwhelming and annoying to troubleshoot. Simplify and
improve the logging in a few ways to aid DSP debugging:
* If we had a DSP hit, don't also emit the previous debug message that
was always logged. It is duplicated by the hit message, so this can
reduce the number of debug messages during detection by 50%.
* Include the hit count and required number of hits in the message so
on partial detections can be more easily troubleshot.
* Use debug level 9 for hits instead of 10, so we can focus on hits
without all the noise from the per-frame debug message.
* 1-index the hit count in the debug messages. On the first hit, it
currently logs '0', just as when we are not detecting anything,
which can be confusing.
Jose Lopes [Wed, 30 Jul 2025 12:49:16 +0000 (13:49 +0100)]
res_stasis_device_state: Fix delete ARI Devicestates after asterisk restart.
After an asterisk restart, the deletion of ARI Devicestates didn't
return error, but the devicestate was not deleted.
Found a typo on populate_cache function that created wrong cache for
device states.
This bug caused wrong assumption that devicestate didn't exist,
since it was not in cache, so deletion didn't returned error.
Naveen Albert [Wed, 13 Aug 2025 13:01:03 +0000 (09:01 -0400)]
app_chanspy: Add option to not automatically answer channel.
Add an option for ChanSpy and ExtenSpy to not answer the channel
automatically. Most applications that auto-answer by default
already have an option to disable this behavior if unwanted.
Resolves: #1358
UserNote: ChanSpy and ExtenSpy can now be configured to not
automatically answer the channel by using the 'N' option.
George Joseph [Thu, 14 Aug 2025 15:41:45 +0000 (09:41 -0600)]
xmldoc.c: Fix rendering of CLI output.
If you do a `core show application Dial`, you'll see it's kind of a mess.
Indents are wrong is some places, examples are printed in black which makes
them invisible on most terminals, and the lack of line breaks in some cases
makes it hard to follow.
* Fixed the rendering of examples so they are indented properly and changed
the color so they can be seen.
* There is now a line break before each option.
* Options are now printed on their own line with all option content indented
below them.
Example from Dial before fixes:
```
Example: Dial 555-1212 on first available channel in group 1, searching
from highest to lowest
Example: Ringing FXS channel 4 with ring cadence 2
Example: Dial 555-1212 on channel 3 and require answer confirmation
...
O([mode]):
mode - With <mode> either not specified or set to '1', the originator
hanging up will cause the phone to ring back immediately.
- With <mode> set to '2', when the operator flashes the trunk, it will ring
their phone back.
Enables *operator services* mode. This option only works when bridging a DAHDI
channel to another DAHDI channel only. If specified on non-DAHDI interfaces, it
will be ignored. When the destination answers (presumably an operator services
station), the originator no longer has control of their line. They may hang up,
but the switch will not release their line until the destination party (the
operator) hangs up.
p: This option enables screening mode. This is basically Privacy mode
without memory.
```
After:
```
Example: Dial 555-1212 on first available channel in group 1, searching
from highest to lowest
O([mode]):
mode - With <mode> either not specified or set to '1', the originator
hanging up will cause the phone to ring back immediately.
With <mode> set to '2', when the operator flashes the trunk, it will
ring their phone back.
Enables *operator services* mode. This option only works when bridging
a DAHDI channel to another DAHDI channel only. If specified on
non-DAHDI interfaces, it will be ignored. When the destination answers
(presumably an operator services station), the originator no longer has
control of their line. They may hang up, but the switch will not
release their line until the destination party (the operator) hangs up.
p:
This option enables screening mode. This is basically Privacy mode
without memory.
```
There are still things we can do to make this more readable but this is a
start.
Alexey Khabulyak [Thu, 14 Aug 2025 08:21:41 +0000 (11:21 +0300)]
pbx_lua.c: segfault when pass null data to term_color function
This can be reproduced under certain curcomstences.
For example: call app.playback from lua with invalid data: app.playback({}).
pbx_lua.c will try to get data for this playback using lua_tostring function.
This function returs NULL for everything but strings and numbers.
Then, it calls term_color with NULL data.
term_color function can call(if we don't use vt100 compat term)
ast_copy_string with NULL inbuf which cause segfault. bt example:
ast_copy_string (size=8192, src=0x0, dst=0x7fe44b4be8b0)
at /usr/src/asterisk/asterisk-20.11.0/include/asterisk/strings.h:412
Naveen Albert [Thu, 14 Aug 2025 12:50:31 +0000 (08:50 -0400)]
bridge.c: Obey BRIDGE_NOANSWER variable to skip answering channel.
If the BRIDGE_NOANSWER variable is set on a channel, it is not supposed
to answer when another channel bridges to it using Bridge(), and this is
checked when ast_bridge_call* is called. However, another path exists
(bridge_exec -> ast_bridge_add_channel) where this variable was not
checked and channels would be answered. We now check the variable there.
app_dial.c: Moved channel lock to prevent deadlock
It's reproducible with pbx_lua, not regular dialplan.
deadlock description:
1. asterisk locks a channel
2. calls function onedigit_goto
3. calls ast_goto_if_exists funciton
4. checks ast_exists_extension -> pbx_extension_helper
5. pbx_extension_helper calls pbx_find_extension
6. Then asterisk starts autoservice in a new thread
7. autoservice run tries to lock the channel again
Because our channel is locked already, autoservice can't lock.
Autoservice can't lock -> autoservice stop is waiting forever.
onedigit_goto waits for autoservice stop.
Mike Bradeen [Thu, 7 Aug 2025 22:33:36 +0000 (16:33 -0600)]
res_pjsip_diversion: resolve race condition between Diversion header processing and redirect
Based on the firing order of the PJSIP call-backs on a redirect, it was possible for
the Diversion header to not be included in the outgoing 181 response to the UAC and
the INVITE to the UAS.
This change moves the Diversion header processing to an earlier PJSIP callback while also
preventing the corresponding update that can cause a duplicate 181 response when processing
the header at that time.
Allan Nathanson [Sun, 10 Aug 2025 17:21:53 +0000 (13:21 -0400)]
file.c: with "sounds_search_custom_dir = yes", search "custom" directory
With `sounds_search_custom_dir = yes`, we are supposed to search for sounds
in the `AST_DATA_DIR/sounds/custom` directory before searching the normal
directories. Unfortunately, a recent change
(https://github.com/asterisk/asterisk/pull/1172) had a typo resulting in
the "custom" directory not being searched. This change restores this
expected behavior.
Sperl Viktor [Mon, 30 Jun 2025 11:38:50 +0000 (13:38 +0200)]
cel: Add STREAM_BEGIN, STREAM_END and DTMF event types.
Fixes: #1280
UserNote: Enabling the tracking of the
STREAM_BEGIN and the STREAM_END event
types in cel.conf will log media files and
music on hold played to each channel.
The STREAM_BEGIN event's extra field will
contain a JSON with the file details (path,
format and language), or the class name, in
case of music on hold is played. The DTMF
event's extra field will contain a JSON with
the digit and the duration in milliseconds.
George Joseph [Wed, 30 Jul 2025 12:39:49 +0000 (06:39 -0600)]
channelstorage_cpp_map_name_id.cc: Refactor iterators for thread-safety.
The fact that deleting an object from a map invalidates any iterator
that happens to currently point to that object was overlooked in the initial
implementation. Unfortunately, there's no way to detect that an iterator
has been invalidated so the result was an occasional SEGV triggered by modules
like app_chanspy that opens an iterator and can keep it open for a long period
of time. The new implementation doesn't keep the underlying C++ iterator
open across calls to ast_channel_iterator_next() and uses a read lock
on the map to ensure that, even for the few microseconds we use the
iterator, another thread can't delete a channel from under it. Even with
this change, the iterators are still WAY faster than the ao2_legacy
storage driver.
Full details about the new implementation are located in the comments for
iterator_next() in channelstorage_cpp_map_name_id.cc.
George Joseph [Tue, 5 Aug 2025 14:10:29 +0000 (08:10 -0600)]
res_srtp: Add menuselect options to enable AES_192, AES_256 and AES_GCM
UserNote: Options are now available in the menuselect "Resource Modules"
category that allow you to enable the AES_192, AES_256 and AES_GCM
cipher suites in res_srtp. Of course, libsrtp and OpenSSL must support
them but modern versions do. Previously, the only way to enable them was
to set the CFLAGS environment variable when running ./configure.
The default setting is to disable them preserving existing behavior.
In the original implementation, both CANCEL and NO ANSWER states were
consolidated under the NO ANSWER disposition. This patch introduces a
separate CANCEL disposition, with an optional configuration switch to
enable this new disposition.
Resolves: #1323
UserNote: A new CDR option "canceldispositionenabled" has been added
that when set to true, the NO ANSWER disposition will be split into
two dispositions: CANCEL and NO ANSWER. The default value is 'no'
Naveen Albert [Fri, 1 Aug 2025 15:58:16 +0000 (11:58 -0400)]
func_curl: Allow auth methods to be set.
Currently the CURL function only supports Basic Authentication,
the default auth method in libcurl. Add an option that also
allows enabling digest authentication.
Resolves: #1332
UserNote: The httpauth field in CURLOPT now allows the authentication
methods to be set.
safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
UpgradeNote: The safe_asterisk script now checks that, if it was run by the
root user, the /etc/asterisk/startup.d directory and all the files it contains
are owned by root. If the checks fail, safe_asterisk will exit with an error
and Asterisk will not be started. Additionally, the default logging
destination is now stderr instead of tty "9" which probably won't exist
in modern systems.
George Joseph [Mon, 21 Jul 2025 19:12:40 +0000 (13:12 -0600)]
options: Change ast_options from ast_flags to ast_flags64.
DeveloperNote: The 32-bit ast_options has no room left to accomodate new
options and so has been converted to an ast_flags64 structure. All internal
references to ast_options have been updated to use the 64-bit flag
manipulation macros. External module references to the 32-bit ast_options
should continue to work on little-endian systems because the
least-significant bytes of a 64 bit integer will be in the same location as a
32-bit integer. Because that's not the case on big-endian systems, we've
swapped the bytes in the flags manupulation macros on big-endian systems
so external modules should still work however you are encouraged to test.
res_config_odbc: Prevent Realtime fallback on record-not-found (SQL_NO_DATA)
This patch fixes an issue in the ODBC Realtime engine where Asterisk incorrectly
falls back to the next configured backend when the current one returns
SQL_NO_DATA (i.e., no record found).
This is a logical error and performance risk in multi-backend configurations.
Solution:
Introduced CONFIG_RT_NOT_FOUND ((void *)-1) as a special return marker.
ODBC Realtime backend now return CONFIG_RT_NOT_FOUND when no data is found.
Core engine stops iterating on this marker, avoiding unnecessary fallback.
Notes:
Other Realtime backends (PostgreSQL, LDAP, etc.) can be updated similarly.
This patch only covers ODBC.
Sven Kube [Wed, 30 Jul 2025 10:26:13 +0000 (12:26 +0200)]
resource_channels.c: Don't call ast_channel_get_by_name on empty optional arguments
`ast_ari_channels_create` and `ast_ari_channels_dial` called the
`ast_channel_get_by_name` function with optional arguments. Since 8f1982c4d6, this function logs an error for empty channel names.
This commit adds checks for empty optional arguments that are used
to call `ast_channel_get_by_name` to prevent these error logs.
Naveen Albert [Mon, 28 Jul 2025 13:27:07 +0000 (09:27 -0400)]
app_agent_pool: Remove documentation for removed option.
The already-deprecated "password" option for the AGENT function was
removed in commit d43b17a872e8227aa8a9905a21f90bd48f9d5348 for
Asterisk 12, but the documentation for it wasn't removed then.
pbx.c: When the AST_SOFTHANGUP_ASYNCGOTO flag is set, pbx_extension_helper should return directly.
Under certain circumstances the context/extens/prio are set in the ast_async_goto, for example action Redirect.
In the situation that action Redirect is broken by pbx_extension_helper this info is changed.
This will cause the current dialplan location to be executed twice.
In other words, the Redirect action does not take effect.
Naveen Albert [Wed, 16 Jul 2025 13:06:35 +0000 (09:06 -0400)]
ast_tls_cert: Make certificate validity configurable.
Currently, the ast_tls_cert script is hardcoded to produce certificates
with a validity of 365 days, which is not generally desirable for self-
signed certificates. Make this parameter configurable.
George Joseph [Thu, 17 Jul 2025 21:18:50 +0000 (15:18 -0600)]
cdr.c: Set tenantid from party_a->base instead of chan->base.
The CDR tenantid was being set in cdr_object_alloc from the channel->base
snapshot. Since this happens at channel creation before the dialplan is even
reached, calls to `CHANNEL(tenantid)=<something>` in the dialplan were being
ignored. Instead we now take tenantid from party_a when
cdr_object_create_public_records() is called which is after the call has
ended and all channel snapshots rebuilt. This is exactly how accountcode
and amaflags, which can also be set in tha dialplpan, are handled.
George Joseph [Wed, 16 Jul 2025 15:49:22 +0000 (09:49 -0600)]
app_mixmonitor: Update the documentation concerning the "D" option.
When using the "D" option to output interleaved audio, the file extension
must be ".raw". That info wasn't being properly rendered in the markdown
and HTML on the documentation site. The XML was updated to move the
note in the option section to a warning in the description.
Naveen Albert [Mon, 14 Jul 2025 11:44:14 +0000 (07:44 -0400)]
sig_analog: Properly handle STP, ST2P, and ST3P for fgccamamf.
Previously, we were only using # (ST) as a terminator, and not handling
A (STP), B (ST2P), or C (ST3P), which erroneously led to it being
treated as part of the dialed number. Parse any of these as the start
digit.
chan_websocket: Reset frame_queue_length to 0 after FLUSH_MEDIA
In the WebSocket channel driver, the FLUSH_MEDIA command clears all frames from
the queue but does not reset the frame_queue_length counter.
As a result, the driver incorrectly thinks the queue is full after flushing,
which prevents new multimedia frames from being sent, especially after multiple
flush commands.
This fix sets frame_queue_length to 0 after flushing, ensuring the queue state
is consistent with its actual content.
When the callback() API was invoked but no channel passed the test, callback
would return the last channel tested instead of NULL. It now correctly
returns NULL when no channel matches.
Martin Tomec [Wed, 25 Jun 2025 13:20:17 +0000 (15:20 +0200)]
chan_pjsip.c: Change SSRC after media source change
When the RTP media source changes, such as after a blind transfer, the new source introduces a discontinuous timestamp. According to RFC 3550, Section 5.1, an RTP stream's timestamp for a given SSRC must increment monotonically and linearly.
To comply with the standard and avoid a large timestamp jump on the existing SSRC, a new SSRC is generated for the new media stream.
This change resolves known interoperability issues with certain SBCs (like Sonus/Ribbon) that stop forwarding media when they detect such a timestamp violation. This code uses the existing implementation from chan_sip.
George Joseph [Mon, 28 Apr 2025 16:39:50 +0000 (10:39 -0600)]
Media over Websocket Channel Driver
* Created chan_websocket which can exchange media over both inbound and
outbound websockets which the driver will frame and time.
See http://s.asterisk.net/mow for more information.
* res_http_websocket: Made defines for max message size public and converted
a few nuisance verbose messages to debugs.
* main/channel.c: Changed an obsolete nuisance error to a debug.
* ARI channels: Updated externalMedia to include chan_websocket as a supported
transport.
UserNote: A new channel driver "chan_websocket" is now available. It can
exchange media over both inbound and outbound websockets and will both frame
and re-time the media it receives.
See http://s.asterisk.net/mow for more information.
UserNote: The ARI channels/externalMedia API now includes support for the
WebSocket transport provided by chan_websocket.
George Joseph [Tue, 8 Jul 2025 11:42:51 +0000 (05:42 -0600)]
channelstorage: Rename callbacks that conflict with DEBUG_FD_LEAKS.
DEBUG_FD_LEAKS replaces calls to "open" and "close" with functions that keep
track of file descriptors, even when those calls are actually callbacks
defined in structures like ast_channelstorage_instance->open and don't touch
file descriptors. This causes compilation failures. Those callbacks
have been renamed to "open_instance" and "close_instance" respectively.
Michal Hajek [Wed, 21 May 2025 08:28:20 +0000 (10:28 +0200)]
audiohook.c: Improve frame pairing logic to avoid MixMonitor breakage with mixed codecs
This patch adjusts the read/write synchronization logic in audiohook_read_frame_both()
to better handle calls where participants use different codecs or sample sizes
(e.g., alaw vs G.722). The previous hard threshold of 2 * samples caused MixMonitor
recordings to break or stutter when frames were not aligned between both directions.
The new logic uses a more tolerant limit (1.5 * samples), which prevents audio tearing
without causing excessive buffer overruns. This fix specifically addresses issues
with MixMonitor when recording directly on a channel in a bridge using mixed codecs.
Reported-by: Michal Hajek <michal.hajek@daktela.com>
Resolves: #1276
Resolves: #1279
mkmer [Mon, 24 Mar 2025 01:04:50 +0000 (21:04 -0400)]
utils.h: Add rounding to float conversion to int.
Quote from an audio engineer NR9V:
There is a minor issue of a small amount of crossover distortion though as a result of `ast_slinear_saturated_multiply_float()` not rounding the float. This could result in some quiet but potentially audible distortion artifacts in lower volume parts of the signal. If you have for example a sign wave function with a max amplitude of just a few samples, all samples between -1 and 1 will be truncated to zero, resulting in the waveform no longer being a sine wave and in harmonic distortion.
Tinet-mucw [Thu, 19 Jun 2025 02:34:56 +0000 (19:34 -0700)]
pbx.c: when set flag AST_SOFTHANGUP_ASYNCGOTO, ast_explicit_goto should return -1.
Under certain circumstances the context/extens/prio are set in the ast_async_goto, for example action Redirect.
In the situation that action Redirect is broken by GotoIf this info is changed.
that will causes confusion in dialplan execution.
Jaco Kroon [Thu, 19 Dec 2024 14:45:15 +0000 (16:45 +0200)]
res_musiconhold: Appropriately lock channel during start.
This relates to #829
This doesn't sully solve the Ops issue, but it solves the specific crash
there. Further PRs to follow.
In the specific crash the generator was still under construction when
moh was being stopped, which then proceeded to close the stream whilst
it was still in use.
The verification process will now load a full certificate chain retrieved
via the X5U URL instead of loading only the end user cert.
* Renamed crypto_load_cert_from_file() and crypto_load_cert_from_memory()
to crypto_load_cert_chain_from_file() and crypto_load_cert_chain_from_memory()
respectively.
* The two load functions now continue to load certs from the file or memory
PEMs and store them in a separate stack of untrusted certs specific to the
current verification context.
* crypto_is_cert_trusted() now uses the stack of untrusted certs that were
extracted from the PEM in addition to any untrusted certs that were passed
in from the configuration (and any CA certs passed in from the config of
course).
Resolves: #1272
UserNote: The STIR/SHAKEN verification process will now load a full
certificate chain retrieved via the X5U URL instead of loading only
the end user cert.
UserNote: A new STIR/SHAKEN verification option "ignore_sip_date_header" has
been added that when set to true, will cause the verification process to
not consider a missing or invalid SIP "Date" header to be a failure. This
will make the IAT the sole "truth" for Date in the verification process.
The option can be set in the "verification" and "profile" sections of
stir_shaken.conf.
app_sms.c: Fix sending and receiving SMS messages in protocol 2
This fixes bugs in SMS messaging to SMS-capable analog phones that prevented app_sms.c from talking to phones using SMS protocol 2.
- Fix MORX message reception (from phone to Asterisk) in SMS protocol 2
- Fix MTTX message transmission (from Asterisk to phone) in SMS protocol 2
One of the bugs caused messages to have random characters and junk appended at the end up to the character limit. Another bug prevented Asterisk from sending messages from Asterisk to the phone at all. A final bug caused the transmission from Asterisk to the phone to take a long time because app_sms.c did not hang up after correctly sending the message, causing the phone to have to time out and hang up in order to complete the message transmission.
This was tested with a Linksys PAP2T and with a GrandStream HT814, sending and receiving messages with Telefónica DOMO Mensajes phones from Telefónica Spain. I had to play with both the network jitter buffer and the dB gain to get it to work. One of my phones required the gain to be set to +3dB for it to work, while another required it to be set to +6dB.
Only MORX and MTTX were tested, I did not test sending and receiving messages to a TelCo SMSC.
phoneben [Mon, 26 May 2025 20:52:34 +0000 (23:52 +0300)]
app_queue: queue rules – Add support for QUEUE_RAISE_PENALTY=rN to raise penalties only for members within min/max range
This update adds support for a new QUEUE_RAISE_PENALTY format: rN
When QUEUE_RAISE_PENALTY is set to rN (e.g., r4), only members whose current penalty
is greater than or equal to the defined min_penalty and less than or equal to max_penalty
will have their penalty raised to N.
Members with penalties outside the min/max range remain unchanged.
Example behaviors:
QUEUE_RAISE_PENALTY=4 → Raise all members with penalty < 4 (existing behavior)
QUEUE_RAISE_PENALTY=r4 → Raise only members with penalty in [min_penalty, max_penalty] to 4
Implementation details:
Adds parsing logic to detect the r prefix and sets the raise_respect_min flag
Modifies the raise logic to skip members outside the defined penalty range when the flag is active
UserNote: This change introduces QUEUE_RAISE_PENALTY=rN, allowing selective penalty raises
only for members whose current penalty is within the [min_penalty, max_penalty] range.
Members with lower or higher penalties are unaffected.
This behavior is backward-compatible with existing queue rule configurations.
Jaco Kroon [Thu, 12 Dec 2024 22:35:55 +0000 (00:35 +0200)]
res_odbc: cache_size option to limit the cached connections.
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
UserNote: New cache_size option for res_odbc to on a per class basis limit the
number of cached connections. Please reference the sample configuration
for details.
Jaco Kroon [Tue, 10 Dec 2024 20:36:02 +0000 (22:36 +0200)]
res_odbc: cache_type option for res_odbc.
This enables setting cache_type classes to a round-robin queueing system
rather than the historic stack mechanism.
This should result in lower risk of connection drops due to shorter idle
times (the first connection to go onto the stack could in theory never
be used again, ever, but sit there consuming resources, there could be
multiple of these).
And with a queue rather than a stack, dead connections are guaranteed to
be detected and purged eventually.
This should end up better balancing connection_cnt with actual load
over time, assuming the database doesn't keep connections open
excessively long from it's side.
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
UserNote: When using res_odbc it should be noted that back-end
connections to the underlying database can now be configured to re-use
the cached connections in a round-robin manner rather than repeatedly
re-using the same connection. This helps to keep connections alive, and
to purge dead connections from the system, thus more dynamically
adjusting to actual load. The downside is that one could keep too many
connections active for a longer time resulting in resource also begin
consumed on the database side.
George Joseph [Fri, 28 Mar 2025 12:54:21 +0000 (06:54 -0600)]
ARI Outbound Websockets
Asterisk can now establish websocket sessions _to_ your ARI applications
as well as accepting websocket sessions _from_ them.
Full details: http://s.asterisk.net/ari-outbound-ws
Code change summary:
* Added an ast_vector_string_join() function,
* Added ApplicationRegistered and ApplicationUnregistered ARI events.
* Converted res/ari/config.c to use sorcery to process ari.conf.
* Added the "outbound-websocket" ARI config object.
* Refactored res/ari/ari_websockets.c to handle outbound websockets.
* Refactored res/ari/cli.c for the sorcery changeover.
* Updated res/res_stasis.c for the sorcery changeover.
* Updated apps/app_stasis.c to allow initiating per-call outbound websockets.
* Added CLI commands to manage ARI websockets.
* Added the new "outbound-websocket" object to ari.conf.sample.
* Moved the ARI XML documentation out of res_ari.c into res/ari/ari_doc.xml
UserNote: Asterisk can now establish websocket sessions _to_ your ARI applications
as well as accepting websocket sessions _from_ them.
Full details: http://s.asterisk.net/ari-outbound-ws
George Joseph [Fri, 2 May 2025 14:52:54 +0000 (08:52 -0600)]
res_websocket_client: Create common utilities for websocket clients.
Since multiple Asterisk capabilities now need to create websocket clients
it makes sense to create a common set of utilities rather than making
each of those capabilities implement their own.
* A new configuration file "websocket_client.conf" is used to store common
client parameters in named configuration sections.
* APIs are provided to list and retrieve ast_websocket_client objects created
from the named configurations.
* An API is provided that accepts an ast_websocket_client object, connects
to the remote server with retries and returns an ast_websocket object. TLS is
supported as is basic authentication.
* An observer can be registered to receive notification of loaded or reloaded
client objects.
* An API is provided to compare an existing client object to one just
reloaded and return the fields that were changed. The caller can then decide
what action to take based on which fields changed.
Also as part of thie commit, several sorcery convenience macros were created
to make registering common object fields easier.
UserNote: A new module "res_websocket_client" and config file
"websocket_client.conf" have been added to support several upcoming new
capabilities that need common websocket client configuration.
George Joseph [Mon, 19 May 2025 14:16:53 +0000 (08:16 -0600)]
asterisk.c: Add option to restrict shell access from remote consoles.
UserNote: A new asterisk.conf option 'disable_remote_console_shell' has
been added that, when set, will prevent remote consoles from executing
shell commands using the '!' prefix.
Sven Kube [Tue, 13 May 2025 14:01:32 +0000 (16:01 +0200)]
res_audiosocket.c: Add retry mechanism for reading data from AudioSocket
The added retry mechanism addresses an issue that arises when fragmented TCP
packets are received, each containing only a portion of an AudioSocket packet.
This situation can occur if the external service sending the AudioSocket data
has Nagle's algorithm enabled.
Thomas B. Clark [Mon, 12 May 2025 21:46:00 +0000 (17:46 -0400)]
menuselect: Fix GTK menu callbacks for Fedora 42 compatibility
This patch resolves a build failure in `menuselect_gtk.c` when running
`make menuconfig` on Fedora 42. The new version of GTK introduced stricter
type checking for callback signatures.
Changes include:
- Add wrapper functions to match the expected `void (*)(void)` signature.
- Update `menu_items` array to use these wrappers.
UpgradeNote: jansson has been upgraded to 2.14.1. For more
information visit jansson Github page: https://github.com/akheron/jansson/releases/tag/v2.14.1
Joe Searle [Thu, 15 May 2025 13:06:29 +0000 (14:06 +0100)]
pjproject: Increase maximum SDP formats and attribute limits
Since Chrome 136, using Windows, when initiating a video call the INVITE SDP exceeds the maximum number of allowed attributes, resulting in the INVITE being rejected. This increases the attribute limit and the number of formats allowed when using bundled pjproject.
Nathan Monfils [Mon, 5 May 2025 08:47:43 +0000 (10:47 +0200)]
manager.c: Invalid ref-counting when purging events
We have a use-case where we generate a *lot* of events on the AMI, and
then when doing `manager show eventq` we would see some events which
would linger for hours or days in there. Obviously something was leaking.
Testing allowed us to track down this logic bug in the ref-counting on
the event purge.
Reproducing the bug was not super trivial, we managed to do it in a
production-like load testing environment with multiple AMI consumers.
The race condition itself:
1. something allocates and links `session`
2. `purge_sessions` iterates over that `session` (takes ref)
3. `purge_session` correctly de-referencess that session
4. `purge_session` re-evaluates the while() loop, taking a reference
5. `purge_session` exits (`n_max > 0` is false)
6. whatever allocated the `session` deallocates it, but a reference is
now lost since we exited the `while` loop before de-referencing.
7. since the destructor is never called, the session->last_ev->usecount
is never decremented, leading to events lingering in the queue
The impact of this bug does not seem major. The events are small and do
not seem, from our testing, to be causing meaningful additional CPU
usage. Mainly we wanted to fix this issue because we are internally
adding prometheus metrics to the eventq and those leaked events were
causing the metrics to show garbage data.
Mike Bradeen [Thu, 8 May 2025 18:12:33 +0000 (12:12 -0600)]
res_pjsip_nat.c: Do not overwrite transfer host
When a call is transfered via dialplan behind a NAT, the
host portion of the Contact header in the 302 will no longer
be over-written with the external NAT IP and will retain the
hostname.
Mike Bradeen [Mon, 5 May 2025 18:05:15 +0000 (12:05 -0600)]
chan_pjsip: Serialize INVITE creation on DTMF attended transfer
When a call is transfered via DTMF feature code, the Transfer Target and
Transferer are bridged immediately. This opens the possibilty of a race
condition between the creation of an INVITE and the bridge induced colp
update that can result in the set caller ID being over-written with the
transferer's default info.
The previous proof-of-concept showed that the cpp_map_name_id alternate
storage backed performed better than all the others so this final PR
adds only that option. You still need to enable it in menuselect under
the "Alternate Channel Storage Backends" category.
To select which one is used at runtime, set the "channel_storage_backend"
option in asterisk.conf to one of the values described in
asterisk.conf.sample. The default remains "ao2_legacy".
UpgradeNote: With this release, you can now select an alternate channel
storage backend based on C++ Maps. Using the new backend may increase
performance and reduce the chances of deadlocks on heavily loaded systems.
For more information, see http://s.asterisk.net/dc679ec3
Naveen Albert [Thu, 24 Aug 2023 14:07:06 +0000 (14:07 +0000)]
sig_analog: Add Call Waiting Deluxe support.
Adds support for Call Waiting Deluxe options to enhance
the current call waiting feature.
As part of this change, a mechanism is also added that
allows a channel driver to queue an audio file for Dial()
to play, which is necessary for the announcement function.
ASTERISK-30373 #close
Resolves: #271
UserNote: Call Waiting Deluxe can now be enabled for FXS channels
by enabling its corresponding option.
Ignore gcc warning about writing 32 bytes into a region of size 6,
since we check that we don't go out of bounds for each byte.
This is due to a vectorization bug in gcc 15, stemming from
gcc commit 68326d5d1a593dc0bf098c03aac25916168bc5a9.
George Joseph [Fri, 2 May 2025 18:19:25 +0000 (12:19 -0600)]
lock.h: Add include for string.h when DEBUG_THREADS is defined.
When DEBUG_THREADS is defined, lock.h uses strerror(), which is defined
in the libc string.h file, to print warning messages. If the including
source file doesn't include string.h then strerror() won't be found and
and compile errors will be thrown. Since lock.h depends on this, string.h
is now included from there if DEBUG_THREADS is defined. This way, including
source files don't have to worry about it.
Naveen Albert [Sat, 26 Apr 2025 12:33:20 +0000 (08:33 -0400)]
res_pjsip_caller_id: Also parse URI parameters for ANI2.
If the isup-oli was sent as a URI parameter, rather than a header
parameter, it was not being parsed. Make sure we parse both if
needed so the ANI2 is set regardless of which type of parameter
the isup-oli is sent as.
Mike Bradeen [Thu, 17 Apr 2025 15:50:21 +0000 (09:50 -0600)]
stasis/control.c: Set Hangup Cause to No Answer on Dial timeout
Other Dial operations (dial, app_dial) use Q.850 cause 19 when a dial timeout occurs,
but the Dial command via ARI did not set an explicit reason. This resulted in a
CANCEL with Normal Call Clearing and corresponding ChannelDestroyed.
This change sets the hangup cause to AST_CAUSE_NO_ANSWER to be consistent with the
other operations.
Fixes: #963
UserNote: A Dial timeout on POST /channels/{channelId}/dial will now result in a
CANCEL and ChannelDestroyed with cause 19 / User alerting, no answer. Previously
no explicit cause was set, resulting in a cause of 16 / Normal Call Clearing.
Naveen Albert [Fri, 18 Apr 2025 13:03:10 +0000 (09:03 -0400)]
chan_iax2: Minor improvements to documentation and warning messages.
* Update Dial() documentation for IAX2 to include syntax for RSA
public key names.
* Add additional details to a couple warnings to provide more context
when an undecodable frame is received.
Andreas Wehrmann [Fri, 18 Apr 2025 08:56:05 +0000 (10:56 +0200)]
pbx_ael: unregister AELSub application and CLI commands on module load failure
This fixes crashes/hangs I noticed with Asterisk 20.3.0 and 20.13.0 and quickly found out,
that the AEL module doesn't do proper cleanup when it fails to load.
This happens for example when there are syntax errors and AEL fails to compile in which case pbx_load_module()
returns an error but load_module() doesn't then unregister CLI cmds and the application.
Albrecht Oster [Thu, 10 Apr 2025 21:54:00 +0000 (23:54 +0200)]
res_pjproject: Fix DTLS client check failing on some platforms
Certain platforms (mainly BSD derivatives) have an additional length
field in `sockaddr_in6` and `sockaddr_in`.
`ast_sockaddr_from_pj_sockaddr()` does not take this field into account
when copying over values from the `pj_sockaddr` into the `ast_sockaddr`.
The resulting `ast_sockaddr` will have an uninitialized value for
`sin6_len`/`sin_len` while the other `ast_sockaddr` (not converted from
a `pj_sockaddr`) to check against in `ast_sockaddr_pj_sockaddr_cmp()`
has the correct length value set.
This has the effect that `ast_sockaddr_cmp()` will always indicate
an address mismatch, because it does a bitwise comparison, and all DTLS
packets are dropped even if addresses and ports match.
`ast_sockaddr_from_pj_sockaddr()` now checks whether the length fields
are available on the current platform and sets the values accordingly.