George Joseph [Wed, 22 Jun 2016 15:37:23 +0000 (09:37 -0600)]
chan_unistim: Fix memcpy in get_to_address
A code block only enabled when HAVE_PKTINFO is not defined (FreeBSD)
was using a pointer to a pointer as the destination of a memcpy and a
'&' instead of '*' in the sizeof.
Alexander Traud [Tue, 21 Jun 2016 12:05:30 +0000 (14:05 +0200)]
res_rtp_asterisk: Use latest DTLS version available by underlying platform.
Do not use DTLSv1_method() but DTLS_method() when available in OpenSSL of the
underlying platform. This change enables DTLS 1.2 since OpenSSL 1.0.2, for
WebRTC (DTLS-SRTP via SIP-over-WebSockets). This change enables AEAD-based
cipher-suites.
Alexander Traud [Tue, 21 Jun 2016 13:01:40 +0000 (15:01 +0200)]
BuildSystem: Avoid obsolete warning with HELP_STRING on autoconf.
Some configure scripts used both AC_HELP_STRING and its replacement
AS_HELP_STRING. For consistency and to avoid obsolete warnings, those were
changed to AS_HELP_STRING.
Alexander Traud [Mon, 20 Jun 2016 13:05:09 +0000 (15:05 +0200)]
http: leverage 'bindaddr' for TLS in http.conf
The internal HTTP/WebSocket server supports both TCP and TLS, which can be
activated separately via the file http.conf. The source code intends to re-use
the TCP parameter 'bindaddr' for TLS, even if 'tlsbindaddr' is not specified
explicitly. This did not work because of a typo. This change resolves this typo.
Vasil Kolev [Tue, 31 May 2016 14:10:29 +0000 (17:10 +0300)]
chan_sip: bigger buffers for headers, better failure mode
Currently chan_sip can give weird messages if the contacts don't
fit in the From: or To: headers. This fix changes the from,to and
invite variables to use ast_str, allocates and deallocates them and
resizes them if needed.
Alexander Traud [Wed, 8 Jun 2016 12:20:26 +0000 (14:20 +0200)]
core: Not the configured but granted number of possible file descriptors.
With CLI "core show settings", simply the parameter maxfiles of the file
asterisk.conf was shown. If that parameter was not set, nothing was displayed
although the environment might have set a default number itself. Or if maxfiles
were not granted (completely), still maxfiles was shown. Now, the maximum number
of possible file descriptors in the environment is shown.
George Joseph [Thu, 9 Jun 2016 14:20:33 +0000 (08:20 -0600)]
build: Fix ast_sockaddr initialization to be more portable
A change to glibc 2.22 changed the order of the sockadddr_storage
members which caused the places where we do an initialization of
ast_sockaddr with '{ { 0, 0, } }' to fail compilation. Those
initializers (which we shouldn't have been using anyway) have been
replaced with memsets.
Alexander Traud [Wed, 8 Jun 2016 10:58:48 +0000 (12:58 +0200)]
astfd: Not maximum size of a single file but maximum file descriptors.
With menuselect "DEBUG_FD_LEAKS" and CLI "core show fd", the maximum size of a
single file was shown. Now, the maximum number of possible file descriptors is
shown.
Timo Teräs [Thu, 2 Jun 2016 19:53:39 +0000 (22:53 +0300)]
Fix #include poll.h and sys/cdefs.h
POSIX defines poll.h, sys/poll.h should not be used at is c-library
internal header which may or may not exist. Notable in musl it
generates warning of being incorrect. And add explict include of
sys/cdefs.h where needed.
Alexander Traud [Tue, 7 Jun 2016 07:16:02 +0000 (09:16 +0200)]
BuildSystem: Avoid 'ar cru' and use 'ar cr' instead.
In several internal library projects, the files are archived with the help of
'ar cr'. Only the projects editline and the Objective Open H.323 stack
implementation in C (ooh323c) use 'ar cru' instead. Recently, some platforms
changed the default parameters of AR which creates "/usr/bin/ar: `u' modifier
ignored since `D' is the default (see `U')". For consistency and to avoid this
message all projects use 'ar cr' now.
* Local fax starts rtp call to remote fax
* Remote fax starts t38 call back to local fax.
* Local fax sends t38 no-signal to Asterisk before sending an OK.
* udptl processes the frame and increments the expected sequence number.
* chan_sip drops the frame because the call isn't up so nothing goes out
the external interface to open the port for incoming packets.
* Local fax sends OK and Asterisk sends OK to the remote fax.
* Remote fax sends t38 packets which are dropped by the firewall.
* Local fax re-sends t38 no-signal with the same sequence number.
* udptl drops the frame because it thinks it's a dup.
* Still no outgoing packets to open the firewall.
* t38 negotiation fails.
The patch drops frames t38 received before udptl sequence processing
when the call hasn't been answered yet. The second no-signal frame
is then seen as new and is relayed out the external interface which
opens the port and allows negotiation to continue.
George Joseph [Tue, 17 May 2016 16:14:51 +0000 (10:14 -0600)]
chan_sip: Prevent extra Session-Expires headers from being added
When chan_sip does a re-INVITE to refresh a session and authentication
is required, the INVITE with the Authorization header containes a
second Session-Expires header without the ";refersher=" parameter.
This is causing some proxies to return a 400. Also, when Asterisk is
the uas and the refresher, it is including the Session-Expires and
Min-SE headers in OPTIONS messages which is not allowed per RFC4028.
This patch (based on the reporter's) Checks to see if a Session-Expires
header is already in the message before adding another one. It also
checks that the method is INVITE or UPDATE.
Tzafrir Cohen [Tue, 10 May 2016 13:17:29 +0000 (16:17 +0300)]
followme: delete the right recorded name file
FollowMe with the option a records the name of the caller and plays it
to the callee. However it has failed to clean up that recorded file
as it tried to delete the file name without the '.sln' extension.
Alexei Gradinari [Tue, 10 May 2016 14:20:54 +0000 (10:20 -0400)]
res_fax/t38_gateway: Peer V.21 session is created on wrong channel
The channel and peer V.21 sessions are created on the same channel now.
The peer V.21 session should be created only on peer channel
when one of channel can handle T.38.
Also this patch enable debug for T.38 gateway session
if global fax debug enabled.
Andrew Nagy [Thu, 17 Mar 2016 19:29:38 +0000 (12:29 -0700)]
app_voicemail: always copy dynamic struct to avoid race condition
Voicemail email addresses can be corrupt or voicemail
emails can end up being sent to the wrong email address if asterisk is
reading voicemail.conf during a reload and processing an email at the
same time. This patch always copies the struct that would otherwise only
be copied once.
ASTERISK-24463 #close
Reported by: John Campbell
Tested by: Etienne Lessard
Tested by: Andrew Nagy
Change-Id: I3a0643813116da84e2617291903d0d489b7425fb
George Joseph [Mon, 25 Apr 2016 03:51:16 +0000 (21:51 -0600)]
config: Fix ast_config_text_file_save writability check for missing files
A patch I did back in 2014 modified ast_config_text_file_save to check the
writability of the main file and include files before truncating and re-writing
them. An unintended side-effect of this was that if a file doesn't exist,
the check fails and the write is aborted.
This patch causes ast_config_text_file_save to check the writability of the
parent directory of missing files instead of checking the file itself. This
allows missing files to be created again. A unit test was also added to
test_config to test saving of config files.
The regression was discovered when app_voicemail's passwordlocation=spooldir
feature stopped working.
ASTERISK-25917 #close Reported-by: Jonathan Rose
Change-Id: Ic4dbe58c277a47b674679e49daed5fc6de349f80
Kevin Harwell [Thu, 21 Apr 2016 20:35:26 +0000 (15:35 -0500)]
app_queue: queue members can receive multiple calls
It was possible for a queue member that is a member of at least 2 or more
queues to receive mulitiple calls at the same time. This happened because
of a race between when a member was being rung and when the device state
notified the other queue(s) member object of the state change.
This patch makes it so when a queue member is being rung it gets added to
a global pool of queue members. If that same member is tried again, e.g.
from another queue, and it is found to already exist in the pending member
container then it will not ring that member.
The test_voicemail_notify_endl test checks the end-of-line
characters of an email message to confirm that they are consistent.
The test wrongfully assumed that reading from the email message
into a buffer will always result in more than 1 character being
read. This is incorrect. If only 1 character was read the test
would go outside of the buffer and access other memory causing
a crash.
The test now checks to ensure that 2 or more characters are read
in ensuring the test stays within the buffer.
app_voicemail/IMAP: IMAP access FATAL error: Out of memory
Sometimes uw-imap function 'mail_fetchbody' returns huge len
which then pass to uw-imap function 'rfc822_base64'.
uw-imap tries to allocate huge memory and abort() on fail.
This patch check the len.
If the len more than max size (128 Mbytes) log error.
This patch also set variables len, newlen to avoid uninizialezed len.
This patch also check pointer returned by rfc822_base64.
Walter Doekes [Thu, 24 Mar 2016 12:36:39 +0000 (13:36 +0100)]
musiconhold: Only warn if music class is not found in memory and database.
The log message when a MusicOnHold music class was not found was changed
from debug level to WARNING level in Asterisk 11.19 and 13.5. For those
using realtime musiconhold, this message is wrong because it warns
before checking the database.
This changeset delays the warning until after the database has been
checked.
Walter Doekes [Thu, 24 Mar 2016 10:38:16 +0000 (11:38 +0100)]
core/logging: Fix broken syslog levels on older glibc.
The fix to ASTERISK-25407 introduced the usage of LOG_MAKEPRI. However
this macro is broken in older glibc (< 2.17); it would left-shift the
facility a second time, causing the resultant priority to become
invalid.
The syslog manpage mentions nothing about LOG_MAKEPRI and suggests this:
The priority argument is formed by ORing the facility and the level
values [...].
chan_sip.c: Space after port causes unnecessary resolution attempt
check_via() already skips leading blanks where the sent-by address (with the
optional port) should be placed.
Since RFC 3261 allows for blanks between the port ant the Via parameters:
> https://tools.ietf.org/html/rfc3261#section-20.42
(actually it allows a lot of blanks more ;-)). I just switched from
ast_skip_blanks() to ast_strip() on the local copy of the string.
Gianluca Merlo [Sat, 19 Mar 2016 12:34:26 +0000 (13:34 +0100)]
config: fix flags in uint option handler
The configuration unsigned integer option handler sets flags for the
parser as if the option should be a signed integer (PARSE_INT32),
leading to errors on "out of range" values. Fix flags (PARSE_UINT32).
Gianluca Merlo [Sat, 19 Mar 2016 01:32:51 +0000 (02:32 +0100)]
func_aes: fix misuse of strlen on binary data
The encryption code for AES_ENCRYPT evaluates the length of the data to
be encoded in base64 using strlen. The data is binary, thus the length
of it can be underestimated at the first NULL character.
Reuse the write pointer offset to evaluate it, instead.
Walter Doekes [Fri, 11 Mar 2016 21:57:30 +0000 (22:57 +0100)]
app_chanspy: Fix occasional deadlock with ChanSpy and Local channels.
Channel masquerading had a conflict with autochannel locking.
When locking autochannel->channel, the channel is fetched from the
autochannel and then locked. During the fetch, the autochannel -- which
has no locks itself -- can be modified by someone who owns the channel
lock. That means that the value of autochan->channel cannot be trusted
until you hold the lock.
In practice, this caused problems with Local channels getting
masqueraded away while the ChanSpy attempted to get info from that
channel. The old channel which was about to get removed got locked, but
the new (replaced) channel got unlocked (no-op). Because the replaced
channel was now locked (and would never get unlocked), it couldn't get
removed from the channel list in a timely manner, and would now cause
deadlocks when iterating over the channel list.
This change checks the autochannel after locking the channel for changes
to the autochannel. If the channel had been changed, the lock is
reobtained on the new channel.
In theory it seems possible that after this fix, the lock attempt on the
old (wrong) channel can be on an already destroyed lock, maybe causing
a crash. But that hasn't been observed in the wild and is harder induce
than the current deadlock.
Thanks go to Filip Frank for suggesting a fix similar to this and
especially to IRC user hexanol for pointing out why this deadlock was
possible and testing this fix. And to Richard for catching my rookie
while loop mistake ;)
Richard Mudgett [Wed, 17 Feb 2016 19:30:06 +0000 (13:30 -0600)]
cel.c: Fix mismatch in ast_cel_track_event() return type.
The return type of ast_cel_track_event() is not large enough to return all
64 potential bits of the event enable mask. Fortunately, the defined CEL
events do not really need all 64 bits and the return value is only used to
determine if the requested CEL event is enabled.
* Made the ast_cel_track_event() return 0 or 1 only so the return value
can fit inside an int type instead of zero or a truncated 64 bit non-zero
value.
Corey Farrell [Sat, 21 Feb 2015 02:51:35 +0000 (02:51 +0000)]
main/asterisk.c: Reverse #if statement in listener() to fix code folding.
listener() opens the same code block in two places (#if and #else). This
confuses some folding editors causing it to think that an extra code block
was opened. Folding in 'geany' causes all code after listener() to be
folded as if it were part of that procedure.
Corey Farrell [Tue, 9 Feb 2016 20:21:05 +0000 (15:21 -0500)]
Simplify and fix conditional in FD_SET.
FD_SET contains a conditional statement to protect against buffer
overruns. The statement was overly complicated and prevented use
of the last array element of ast_fdset. We now just verify the fd
is less than ast_FDMAX.
Mark Michelson [Thu, 4 Feb 2016 22:17:55 +0000 (16:17 -0600)]
Check for OpenSSL defines before trying to use them.
The SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 defines did not exist prior
to OpenSSL version 1.0.1. A recent commit attempts to, by default, set
these options, which can cause problems on systems with older OpenSSL
installations.
This commit adds a configure script check for those defines and will not
attempt to make use of those if they do not exist. We will print a
warning urging the user to upgrade their OpenSSL installation if those
defines are not present.
Joshua Colp [Wed, 3 Feb 2016 18:02:01 +0000 (14:02 -0400)]
AST-2016-001 http: Provide greater control of TLS and set modern defaults.
This change exposes the configuration of various aspects of the TLS
support and sets the default to the modern standards.
The TLS cipher is now set to the best values according to the
Mozilla OpSec team, different TLS versions can now be disabled, and
the cipher order can be forced to be that of the server instead of
the client.
Richard Mudgett [Mon, 7 Dec 2015 18:46:53 +0000 (12:46 -0600)]
AST-2016-003 udptl.c: Fix uninitialized values.
Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.
Setting the sip.conf timert1 value to a value higher than 1245 can cause
an integer overflow and result in large retransmit timeout times. These
large timeout times hold system file descriptors hostage and can cause the
system to run out of file descriptors.
NOTE: The default sip.conf timert1 value is 500 which does not expose the
vulnerability.
* The overflow is now detected and the previous timeout time is
calculated.
ASTERISK-25397 #close
Reported by: Alexander Traud
The module res_xmpp does not accept usernames in the form used in component
mode (XEP-0114). In component mode there is no @something in the name.
In component mode the connection is now not dropped anymore.
If the xmpp server sends out a "stream" tag before handshake is finished,
the connection gets dropped in res_xmpp. Now this tag will be ignored and
the connection will be established.
After connecting there will be an exchange of presence states. This does
not work as expected in component mode. The responsible function
"xmpp_pak_presence" is left before the states get sent out. Sending
presence states in component mode is now moved to the top of the function.
StefanEng86 [Fri, 29 Jan 2016 13:39:06 +0000 (14:39 +0100)]
chan_sip.c: AMI & CLI notify methods get different values of asterisk's own ip.
When I ask asterisk to send a SIP NOTIFY message to a sip peer using either a)
AMI action: SIPnotify or b) cli command: sip notify <cmd> <peer>, I expect
asterisk to include the same value for its own ip in both cases a) and b),
but it seems a) produces a contact header like Contact:
<sip:asterisk@192.168.1.227:8060> whereas b) produces a contact header like
<sip:asterisk@127.0.0.1:8060>. 0.0.0.0:8060 is my udpbindaddr in sip.conf
My guess is that manager_sipnotify should call
ast_sip_ouraddrfor(&p->sa, &p->ourip, p) the same way sip_cli_notify does,
because after applying this patch, both cases a) and b) produce
the contact header that I expect: <sip:asterisk@192.168.1.227:8060>
Reported by: Stefan Engström
Tested by: Stefan Engström
George Joseph [Wed, 27 Jan 2016 16:29:13 +0000 (09:29 -0700)]
build_system: Prevent goals needing makeopts from running when it's missing
The Makefile only optionally includes makeopts so when goals like uninstall that
dont depend on anything else are run after a distclean, rules like
'rm -f "$(DESTDIR)$(ASTMODDIR)/"*' get run as 'rm -f ""/*' which attempts
to remove everything in the root directory.
Although there's a rule defined for makeopts which prints a message and does
an 'exit 1', since '-include makepopts' was specified (with the -), the exit
was ignored letting the rest of the rules run.
This patch makes makeopts required unless the goal has the string 'clean' in it.
ASTERISK-25730 #close Reported-by: George Joseph
Change-Id: I1bce59a7ea4f48e7a468e22b2abbb13c63417ac7
Rusty Newton [Mon, 25 Jan 2016 22:56:04 +0000 (16:56 -0600)]
sounds/Makefile: Incremented core and extra sounds versions to 1.5
Core and extra sounds 1.5 was recently released! The tarballs contain
change descriptions however I figure more people will see this one so
I'll try to be a bit detailed. Approximately 60 sounds were moved from Extra
to Core for en, en_GB, fr and added for languages that didn't already
have Extra sound sets (it,ja,ru).
In addition all of the English and Russian sounds have been completely
re-recorded.
Sounds moved and added:
activated,added,all-circuits-busy-now,astcc-followed-by-pound
at-tone-time-exactly,call-forwarding,call-fwd-no-ans,call-fwd-on-busy
,call-fwd-unconditional,calling,call-waiting,cancelled,
cannot-complete-as-dialed,check-number-dial-again,conf-full,de-activated
,disabled,do-not-disturb,enabled,enter-num-blacklist,entr-num-rmv-blklist
,extension,feature-not-avail-line,for,from-unknown-caller,goodbye,hello
,if-correct-press,im-sorry,info-about-last-call,is,is-in-use,is-set-to
,location,number,number-not-answering,num-was-successfully,one-moment-please
,please-try-again,pls-hold-while-try,pls-try-call-later,pm-invalid-option
,privacy-to-blacklist-last-caller,removed,simul-call-limit-reached
,something-terribly-wrong,sorry,sorry-youre-having-problems,speed-dial
,speed-dial-empty,telephone-number,time,to-call-this-number,to-extension
,to-listen-to-it,to-rerecord-it,unidentified-no-callback,with,you-entered
,your
There were also a few random fixes here and there to file names for a few
of the languages.
Corey Farrell [Mon, 25 Jan 2016 17:03:21 +0000 (12:03 -0500)]
chan_sip: Fix buffer overrun in sip_sipredirect.
sip_sipredirect uses sscanf to copy up to 256 characters to a stacked buffer
of 256 characters. This patch reduces the copy to 255 characters to leave
room for the string null terminator.
Joshua Colp [Tue, 12 Jan 2016 17:14:29 +0000 (13:14 -0400)]
app: Queue hangup if channel is hung up during sub or macro execution.
This issue was exposed when executing a connected line subroutine.
When connected or redirected subroutines or macros are executed it is
expected that the underlying applications and logic invoked are fast
and do not consume frames. In practice this constraint is not enforced
and if not adhered to will cause channels to continue when they shouldn't.
This is because each caller of the connected or redirected logic does not
check whether the channel has been hung up on return. As a result the
the hung up channel continues.
This change makes it so when the API to execute a subroutine or
macro is invoked the channel is checked to determine if it has hung up.
If it has then a hangup is queued again so the caller will see it
and stop.
Kevin Harwell [Wed, 6 Jan 2016 19:03:28 +0000 (13:03 -0600)]
pbx: Deadlock between contexts container and context_merge locks
Recent changes (ASTERISK-25394 commit 2bd27d12223fe33b58c453965ed5c6ed3af7c4f5)
introduced the possibility of a deadlock. Due to the mentioned modifications
ast_change_hints now needs to keep both merge/delete and state callbacks from
occurring while it executes. Unfortunately, sometimes ast_change_hints can be
called with the contexts container locked. When this happens it's possible for
another thread to grab the context_merge_lock before the thread calling into
ast_change_hints does and then try to obtain the contexts container lock. This
of course causes a deadlock between the two threads. The thread calling into
ast_change_hints waits for the other thread to release context_merge_lock and
the other thread is waiting on that one to release the contexts container lock.
Unfortunately, there is not a great way to fix this problem. When hints change,
the subsequent state callbacks cannot run at the same time as a merge/delete,
nor when the usual state callbacks do. This patch alleviates the problem by
having those particular callbacks (the ones run after a hint change) occur in a
serialized task. By moving the context_merge_lock to a task it can now safely be
attempted or held without a deadlock occurring.
ASTERISK-25640 #close
Reported by: Krzysztof Trempala
projects / thirdparty / asterisk.git / log
