George Joseph [Tue, 7 Apr 2026 14:36:34 +0000 (08:36 -0600)]
res_pjsip_config_wizard: Trigger reloads from a pjsip servant thread
When res_pjsip is reloaded directly, it does the sorcery reload in a pjsip
servant thread as it's supposed to. res_pjsip_config_wizard however
was not which was leading to occasional deadlocks. It now does the reload
in a servant thread just like res_pjsip.
build: remove pjsua, pjsystest, Python bindings and asterisk_malloc_debug stubs from pjproject dev build
The pjsua Python module and the pjsua/pjsystest apps were used by the
Asterisk Test Suite for SIP simulation in dev mode builds. They are now
fully obsolete for three independent reasons:
1. **pjsua Python bindings officially deprecated upstream.** The pjproject
maintainers added `pjsip-apps/src/python/DEPRECATED.txt` directing
users to the PJSUA2 SWIG binding instead. A build-fix PR
(https://github.com/pjsip/pjproject/pull/4892) was closed by the
maintainer explicitly citing this deprecation.
2. **Removed from the Asterisk Test Suite.** As confirmed by @mbradeen:
> *"We had to get rid of pjsua when we went to Python3 because it would
> hang due to a conflict between async calls within pjsua and twisted.
> There are still some old references to tests we couldn't fully convert
> to sipp, but those are skipped."*
3. **Broken and unmaintained.** Building with Python 2.7 (the only version
`configure.ac` searched for) fails with:
```
_pjsua.c: error: 'INIT_RETURN' undeclared (first use in this function)
```
due to a bug in pjproject 2.16's `python3_compat.h` that upstream
declined to fix.
This PR removes all pjsua-related build artifacts from Asterisk's bundled
pjproject build: the pjsua and pjsystest application binaries, the deprecated
Python (`_pjsua.so`) bindings, the `asterisk_malloc_debug.c` stubs, and the
`PYTHONDEV` detection from `configure.ac`. Also removes `libpjsua` from
Asterisk's main linker flags.
DeveloperNote: The pjsua and pjsystest application binaries, the deprecated
Python pjsua bindings (`_pjsua.so`), and the `asterisk_malloc_debug.c` stub
implementations are no longer built or installed as part of the bundled
pjproject dev mode build. The `PYTHONDEV` (python2.7-dev) build dependency
is also removed. Developers who relied on the pjsua binary for Test Suite
SIP simulation should use SIPp instead, which is the current Asterisk Test
Suite standard.
res_cdrel_custom: do not free config when no new config was loaded
When the res_cdrel_custom modules is reloaded and the config has not been changed asterisk should not free the old config. Otherwise the connection to the database will be closed and no new connection will be opened.
George Joseph [Tue, 31 Mar 2026 16:16:48 +0000 (10:16 -0600)]
res_cdrel_custom: Resolve several formatting issues.
Several issues are resolved:
* Internally, floats were used for timestamp values but this could result
in wrapping so they've been changed to doubles.
* Historically, the default CEL eventtime format is `<seconds>.<microseconds>`
with `<microseconds>` always being 6 digits. This should have continued to be
the case but res_cdrel_custom wasn't checking the `dateformat` setting in
cel.conf and was defaulting to `%F %T`. res_cdrel_custom now gets the default
date format from cel.conf, which will be whatever the `dateformat` parameter
is set to or `<seconds>.<microseconds>` if not set.
* The timeval field formatter for both CDR and CEL wasn't handling custom
strftime format strings correctly. This is now fixed so you should be able
to specifiy custom strftime format strings for the CEL `eventtime` and CDR
`start`, `answer` and `end` fields. For example: `eventtime(%FT%T%z)`.
Milan Kyselica [Wed, 25 Mar 2026 22:29:46 +0000 (23:29 +0100)]
callerid: fix signed char causing crash in MDMF parser
Change rawdata buffer from char to unsigned char to prevent
sign-extension of TLV length bytes >= 0x80. On signed-char
platforms (all Asterisk builds due to -fsigned-char in
configure.ac), these values become negative when assigned to
int, bypass the `if (res > 32)` bounds check, and reach
memcpy as size_t producing a ~18 EB read that immediately
crashes with SIGSEGV.
Affects DAHDI analog (FXO) channels only. Not reachable
via SIP, PRI/BRI, or DTMF-based Caller ID.
Tinet-mucw [Fri, 20 Mar 2026 10:17:31 +0000 (03:17 -0700)]
pbx: Hold channel lock for exception datastore access
ast_channel_datastore_find() and ast_channel_datastore_add() must only be
called while the channel is locked (see channel.h). raise_exception() and the
EXCEPTION dialplan function read path accessed the exception datastore without
holding ast_channel_lock, which could corrupt the per-channel datastore list
under concurrency and lead to crashes during teardown (e.g. double free in
ast_datastore_free).
Sven Kube [Tue, 17 Mar 2026 09:38:38 +0000 (10:38 +0100)]
res_audiosocket: Fix header read loop to use correct buffer offset
The PR #1522 introduced the header read loop for audiosocket packets
which does not handle partial header reads correctly. This commit
adds the missing buffer offsets.
phoneben [Mon, 16 Mar 2026 20:39:21 +0000 (22:39 +0200)]
manager.c : Fix CLI event display
manager.c: Fix CLI event display
- `manager show events`: fix event names being truncated at 20 characters, widen column to 28 to accommodate the longest registered event name
- `manager show events`: skip duplicate entries caused by multiple modules registering the same event name, list is already sorted so adjacent name comparison is sufficient
George Joseph [Tue, 10 Mar 2026 13:19:41 +0000 (07:19 -0600)]
chan_pjsip: Set correct cause codes for non-2XX responses.
Redirects initiated by 302 response codes weren't handled correctly
when setting the hangup cause code and tech cause code on the responding
channel. They're now set to 23 (REDIRECTED_TO_NEW_DESTINATION) and
302 (Moved permanently). Other non-2XX response codes also had issues.
A new API ast_channel_dialed_causes_iterator() was added to retrieve
the hangup cause codes for a channel.
chan_pjsip_session_end() in chan_pjsip has been refactored to set the
correct cause codes on a channel based on the cause codes added by
chan_pjsip_incoming_response_update_cause(). Copious amounts of
debugging and comments were also added.
Michal Hajek [Wed, 10 Dec 2025 13:51:40 +0000 (14:51 +0100)]
res_pjsip_config_wizard: Force reload on Named ACL change events
Currently, endpoints created via the PJSIP Config Wizard do not update
their ACL rules if the underlying Named ACL (in acl.conf) changes.
This occurs because the wizard relies on file timestamp and content
caching of pjsip_wizard.conf, which remains unchanged during an external
ACL update. As a result, endpoints retain stale ACL rules even after
a reload.
This patch updates res_pjsip_config_wizard to subscribe to the
ast_named_acl_change_type Stasis event. A local generation counter is
incremented whenever an ACL change event is received.
During a reload, the wizard compares the current local generation against
the generation stored in the wizard object. If a change is detected:
1. The file cache optimization (CONFIG_FLAG_FILEUNCHANGED) is bypassed.
2. Wizard objects utilizing 'acl' or 'contact_acl' are forced to update,
ensuring they pick up the new IP rules.
Signed-off-by: Michal Hajek michal.hajek@daktela.com Fixes: #1641
George Joseph [Fri, 6 Mar 2026 18:52:53 +0000 (11:52 -0700)]
rtp: Set RTPAUDIOQOS variables when ast_softhangup is called.
If a channel in Stasis/ARI is hung up by the channel driver, the RTPAUDIOQOS
variables are set before the channel leaves Stasis and are therefore
available to the ARI app via ChannelVarset events. If the channel is hung up
by ARI however, the channel leaves Stasis before the RTPAUDIOQOS variables
are set so the app may not get the ChannelVarset events.
We now set the RTPAUDIOQOS variables when ast_softhangup() is called as well
as when the channel driver hangs up a channel. Since ARI hangups call
ast_softhangup(), the variables will be set before the channel leaves Stasis
and the app should get the ChannelVarset events.
ast_rtp_instance_set_stats_vars(), which actually sets the variables, now
checks to see if the variables are already set before attempting to set them.
This prevents double messages from being generated.
channel: Prevent crash during DTMF emulation when no timing module is loaded
Description:
When Asterisk is running without a timing module, attempting to process DTMF
triggers a segmentation fault. This occurs because the system
attempts to access a null timing file descriptor when setting up the
DTMF emulation timer.
This fix ensures that the system checks for a valid timing source before
attempting to start the DTMF emulation timer. If no timing module is
present, it logs a warning and skips the emulation instead of crashing
the process.
Changes:
- Modified main/channel.c to add a safety check within the __ast_read function.
- Implemented a graceful return path when no timing source is available
- Added a LOG_WARNING to inform the administrator that DTMF emulation
was skipped due to missing timing modules.
Testing:
- Disabled all timing_ modules in modules.conf and confirmed with
'timing test'.
- Reproduced the crash by modifying the dialplan with:
exten => 707,1,NoOp(Starting DTMF - No Timing Mode)
same => n,Answer()
same => n,Background(demo-congrats)
same => n,WaitExten(10)
same => n,Hangup()
And calling 707 followed by 1
- Verified that with the fix applied, the system logs "No timing module
loaded; skipping DTMF timer" and continues dialplan
execution without crashing.
- Confirmed stability during concurrent media sessions and DTMF input.
George Joseph [Fri, 6 Mar 2026 13:50:22 +0000 (06:50 -0700)]
res_pjsip: Remove temp transport state when a transport fails to load.
If a pjsip transport (A) fails to load, its temporary state gets left behind
causing the next transport to load (B) to pick up some of its parameters,
including its name. This can cause B to have the correct name (B) in its
transport object but the wrong name (A) in its internal state object. When a
transport state is searched for later on, transport state B is returned but a
retrieval of the actual transport object will fail because B's transport
state id is actually "A" and transport "A" doesn't exist because it failed
to load.
remove_temporary_state() is now being called in all error paths in
config_transport.c functions that call find_or_create_temporary_state().
A bit of extra debugging was also added to res_pjsip_nat.c.
res_pjsip_messaging: Remove Contact header from out-of-dialog MESSAGE as per RFC3428
According to RFC 3428 (Section 5), a Contact header is not required in a
MESSAGE request unless the sender wants to establish a session. This
patch ensures that the Contact header is removed from out-of-dialog
MESSAGE requests within res_pjsip_messaging.c.
Mike Bradeen [Fri, 27 Feb 2026 19:35:37 +0000 (12:35 -0700)]
acl: Add ACL support to http and ari
Add uri prefix based acl support to the built in http server.
This allows an acl to be added per uri prefix (ie '/metrics'
or '/ws') to restrict access.
Add user based acl support for ARI. This adds new acl options
to the user section of ari.conf to restrict access on a per
user basis.
resolves: #1799
UserNote: A new section, type=restriction has been added to http.conf
to allow an uri prefix based acl to be configured. See
http.conf.sample for examples and more information.
The user section of ari.conf can now contain an acl configuration
to restrict users access. See ari.conf.sample for examples and more
information
Robert Wilson [Tue, 3 Mar 2026 13:30:15 +0000 (13:30 +0000)]
res_rtp_asterisk.c: Fix DTLS packet drop when TURN loopback re-injection occurs before ICE candidate check
When TURN is configured in rtp.conf, pjproject re-injects TURN packets
via 127.0.0.1 (the loopback address). The DTLS packet handler checks the
source address against the ICE active candidate list before the loopback
address substitution runs, causing the packet to be silently dropped as
the source 127.0.0.1 is not in the candidate list.
Fix by performing the loopback address substitution before the ICE
candidate source check in the DTLS path, mirroring the logic already
present in the non-DTLS RTP path.
Fixes: #1795
UserNote: WebRTC calls using TURN configured in rtp.conf (turnaddr,
turnusername, turnpassword) will now correctly complete DTLS/SRTP
negotiation. Previously all DTLS packets were silently dropped due to
the loopback re-injection address not being in the ICE active candidate
list.
Naveen Albert [Sun, 1 Mar 2026 19:20:13 +0000 (14:20 -0500)]
dsp.c: Add support for detecting R2 signaling tones.
Extend the existing DTMF/MF tone detection support by adding support
for R2 tones, another variant of MF (R1) signaling. Both forward
and backward signaling are supported.
George Joseph [Tue, 24 Feb 2026 21:32:45 +0000 (14:32 -0700)]
docs: Add "Provided-by" to doc XML and CLI output.
For application, function, manager, managerEvent, managerEventInstance
and info XML documentation nodes, the make_xml_documentation script will
add a "module" attribute if not already present. For XML in separate
"*_doc.xml" files, the script figures out the correct module name. For
documentation in the "main" directory, the module name is set to "builtin".
The CLI handlers for "core show application", "core show function",
"manager show command" and "manager show event", have been updated to
show the following after the Synopsis...
```
[Provided By]
<modulename>
```
For modules that provide additional "info" elements (like the technologies
do for Dial), the providing module has also been added.
Sean Bright [Sun, 1 Mar 2026 21:22:30 +0000 (21:22 +0000)]
resource_channels.c: Fix validation response for externalMedia with AudioSockets
The AudioSocket encapsulation for externalMedia requires a UUID to be
provided in the `data` parameter of the ARI call. If not provided, we
should return a 400 Bad Request instead of a 500 Internal Server
Error.
George Joseph [Tue, 27 Jan 2026 19:57:21 +0000 (12:57 -0700)]
CDR/CEL Custom Performance Improvements
There is a LOT of work in this commit but the TL;DR is that it takes
CEL processing from using 38% of the CPU instructions used by a call,
which is more than that used by the call processing itself, down to less
than 10% of the instructions.
So here's the deal... cdr_custom, cdr_sqlite3_custom, cel_custom
and cel_sqlite3_custom all shared one ugly trait...they all used
ast_str_substitute_variables() or pbx_substitute_variables_helper()
to resolve the dialplan functions used in their config files. Not only
are they both extraordinarily expensive, they both require a dummy
channel to be allocated and destroyed for each record written. For CDRs,
that's not too bad because we only write one CDR per call. For CELs however,
it's a disaster.
As far as source code goes, the modules basically all did the same thing.
Unfortunately, they did it badly. The config files simply contained long
opaque strings which were intepreted by ast_str_substitute_variables() or
pbx_substitute_variables_helper(), the very functions that ate all the
instructions. This meant introducing a new "advanced" config format much
like the advanced manager event filtering added to manager.conf in 2024.
Fortunately however, if the legacy config was recognizable, we were able to
parse it as an advanced config and gain the benefit. If not, then it
goes the legacy, and very expensive, route.
Given the commonality among the modules, instead of making the same
improvements to 4 modules then trying to maintain them over time, a single
module "res_cdrel_custom" was created that contains all of the common code.
A few bonuses became possible in the process...
* The cdr_custom and cel_custom modules now support JSON formatted output.
* The cdr_sqlite_custom and cel_sqlite3_custom modules no longer have
to share an Sqlite3 database.
Summary of changes:
A new module "res/res_cdrel_custom.c" has been created and the existing
cdr_custom, cdr_sqlite3_custom, cel_custom and cel_sqlite3_custom modules
are now just stubs that call the code in res_cdrel_custom.
res_cdrel_custom contains:
* A common configuration facility.
* Getters for both CDR and CEL fields that share the same abstraction.
* Formatters for all data types found in the ast_cdr and ast_event
structures that share the same abstraction.
* Common writers for the text file and database backends that, you guessed it,
share the same abstraction.
The result is that while there is certainly a net increase in the number of
lines in the code base, most of it is in the configuration handling at
load-time. The run-time instruction path length is now significanty shorter.
```
Scenario Instructions Latency
=====================================================
CEL pre changes 38.49% 37.51%
CEL Advanced 9.68% 6.06%
CEL Legacy (auto-conv to adv) 9.95% 6.13%
CEL Sqlite3 pre changes 39.41% 39.90%
CEL Sqlite3 Advanced 25.68% 24.24%
CEL Sqlite3 Legacy (auto conv) 25.88% 24.53%
CDR pre changes 4.79% 2.95%
CDR Advanced 0.79% 0.47%
CDR Legacy (auto conv to adv) 0.86% 0.51%
CDR Sqlite3 pre changes 4.47% 2.89%
CEL Sqlite3 Advanced 2.16% 1.29%
CEL Sqlite3 Legacy (auto conv) 2.19% 1.30%
```
Notes:
* We only write one CDR per call but every little bit helps.
* Sqlite3 still takes a fair amount of resources but the new config
makes a decent improvement.
* Legacy configs that we can't auto convert will still take the
"pre changes" path.
If you're interested in more implementation details, see the comments
at the top of the res_cdrel_custom.c file.
One minor fix to CEL is also included...Although TenantID was added to the
ast_event structure, it was always rendered as an empty string. It's now
properly rendered.
UserNote: Significant performance improvements have been made to the
cdr_custom, cdr_sqlite3_custom, cel_custom and cel_sqlite3_custom modules.
See the new sample config files for those modules to see how to benefit
from them.
George Joseph [Thu, 19 Feb 2026 16:07:23 +0000 (09:07 -0700)]
chan_websocket: Remove silence generation and frame padding.
The original chan_websocket implementation attempted to improve the
call quality experience by generating silence frames to send to the core
when no media was being read from the websocket and padding frames with
silence when short frames were read from the websocket. Both of these
required switching the formats on the channel to slin for short periods
of time then switching them back to whatever format the websocket channel
was configured for. Unfortunately, the format switching caused issues
when transcoding was required and the transcode_via_sln option was enabled
in asterisk.conf (which it is by default). The switch would cause the
transcoding path to be incorrectly set resulting in malformed RTP packets
being sent back out to the caller on the other end which the caller heard
as loud noise.
After looking through the code and performing multiple listening tests,
the best solution to this problem was to just remove the code that was
attempting to generate the silence. There was no decrease in call quality
whatsoever and the code is a bit simpler. None of the other channel drivers
nor res_rtp_asterisk generate silence frames or pad short frames which
backed up decision.
Ben Ford [Tue, 10 Feb 2026 20:39:56 +0000 (14:39 -0600)]
chan_websocket: Add media direction.
Currently, WebSockets both accept and send media without the option to
disable one or the other. This commit adds the ability to set the media
direction for a WebSocket, making it unidirectional or bidirectional
(the default). Direction is done from the point of view of the
application, NOT Asterisk. The allowed values are 'both', 'in', and
'out'. If media direction is 'both' (the default), Asterisk accepts and
sends media to the application. If it is 'in', Asterisk will drop any
media received from the application. If it is 'out', Asterisk will not
write any media frames to the application.
UserNote: WebSocket now supports media direction, allowing for
unidirectional media. This is done from the perspective of the
application and can be set via channel origination, external media, or
commands sent from the application. Check out
https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket/ for
more.
Julian C. Dunn [Wed, 18 Feb 2026 02:06:59 +0000 (18:06 -0800)]
astconfigparser.py: Fix regex pattern error by properly escaping string
"SyntaxWarning: invalid escape sequence '\s'" occurs when using the pjsip
migration script because '\' is an escape character in Python. Instead,
use a raw string for the regex.
Sean Bright [Thu, 12 Feb 2026 21:44:55 +0000 (21:44 +0000)]
res_pjsip_outbound_registration.c: Prevent crash if load_module() fails
`ast_cli_unregister_multiple()` expects internal data members to be heap
allocated which happens during a successful call to
`ast_cli_register_multiple()`. CLI handlers defined traditionally - those whose
handler responds to the CLI_INIT message - take care of this automatically. But
when we statically provide a `command` or `usage` member, we _must_ initialize
them with `ast_cli_register_multiple()` before attempting to destroy them.
pjsip_configuration: Ensure s= and o= lines in SDP are never empty
According to RFC 8866 (Section 5.2), the Session Name (s=) field and
the username part of origin (o=) are both mandatory and cannot be
empty. If a session has no name, or no username part of origin, the
RFC recommends using a single dash (-) as a placeholder.
This fix ensures that if the session name or the username part of
origin length is zero , it defaults to -.
Arcadiy Ivanov [Wed, 14 Jan 2026 18:29:24 +0000 (13:29 -0500)]
res_pjsip_session: Make sure NAT hook runs when packet is retransmitted for whatever reason.
This hook may not be necessary when we do a retransmit, but when there are two
INVITEs, one *initial* and one with auth digest, the second INVITE contains wrong (unmodified) media address
due to the commented line below.
The NAT hook needs to run due to filters potentially reverting previously modified packets.
Naveen Albert [Thu, 19 Feb 2026 01:35:46 +0000 (20:35 -0500)]
chan_dahdi: Fix discarded-qualifiers errors.
Fix discarded-qualifiers errors to compile successfully with gcc 15.2.1.
Associated changes have also been made to libss7; however, for compatibility
we cast const char* values to char*. In the future, these casts could be
removed.
Naveen Albert [Thu, 8 Jan 2026 17:34:45 +0000 (12:34 -0500)]
chan_iax2: Fix crash due to negative length frame lengths.
chan_iax2 has several code paths where a frame's data length
is calculated by subtraction. On some paths, there is a check
for negative length. One of these paths is missing this check,
and on this path, it is possible for the result to be negative,
leading to a crash as a result of memory operations using the
bogus length.
Add a check to capture this off-nominal case. This will log
the appropriate warnings as in other cases and prevent a crash.
Also update the log messages to be clearer.
Joshua C. Colp [Thu, 12 Feb 2026 09:44:45 +0000 (05:44 -0400)]
build: Fix GCC discarded-qualifiers const errors.
GCC 15.2.1 pays attention to the discarding of the const
qualifier when strchr, strrchr, memchr, or memrchr are now
used. This change fixes numerous errors with this throughout
the tree. The fixes can be broken down into the following:
1. The return value should be considered const.
2. The value passed to strchr or strrchr can be cast as it is
expected and allowed to be modified.
3. The pointer passed to strchr or strrchr is not meant to be
modified and so the contents must be duplicated.
4. It was declared const and never should have been.
Joshua C. Colp [Tue, 10 Feb 2026 14:33:53 +0000 (10:33 -0400)]
endpoints: Allow access to latest snapshot directly.
This change adds an API call to allow direct access to the latest
snapshot of an ast_endpoint. This is then used by chan_pjsip when
calculating device state, eliminating the need to access the cache
which would incur a container find and access.
Mike Bradeen [Thu, 15 Jan 2026 19:43:22 +0000 (12:43 -0700)]
ast_coredumper: create gdbinit file with restrictive permissions
Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.
George Joseph [Thu, 15 Jan 2026 18:46:21 +0000 (11:46 -0700)]
http.c: Change httpstatus to default disabled and sanitize output.
To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.
Resolves: #GHSA-v6hp-wh3r-cwxh
UpgradeNote: To prevent possible security issues, the `/httpstatus` page
served by the internal web server is now disabled by default. To explicitly
enable it, set `enable_status=yes` in http.conf.
Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.
Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.
Resolves: #GHSA-rvch-3jmx-3jf3
UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.
George Joseph [Thu, 15 Jan 2026 15:38:26 +0000 (08:38 -0700)]
xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.
serfreeman1337 [Thu, 29 Jan 2026 16:52:10 +0000 (21:52 +0500)]
app_queue: Add 'prio' setting to the 'force_longest_waiting_caller' option
This adds a 'prio' setting to ensure that call priority is respected across multiple queues.
Using 'yes' could cause high-priority callers to be skipped if a caller
in another queue had a longer wait time, regardless of priority.
Resolves: #1637
UserNote: The 'force_longest_waiting_caller' option now supports a 'prio' setting.
When set to 'prio', calls are offered by priority first, then by wait time.
Mike Bradeen [Tue, 27 Jan 2026 16:24:30 +0000 (09:24 -0700)]
Upgrade bundled pjproject to 2.16.
Resolves: #1612
UserNote: Bundled pjproject has been upgraded to 2.16. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
Mike Bradeen [Wed, 19 Nov 2025 18:31:50 +0000 (11:31 -0700)]
res_pjsip_header_funcs: Add new PJSIP_INHERITABLE_HEADER dialplan function
Adds a new PJSIP_INHERITABLE_HEADER dialplan function to add
inheritable headers from the inbound channel to an outbound
bridged channel. This works similarly to the existing
PJSIP_HEADER function, but will set the header on the bridged
outbound channel's INVITE upon Dial.
Inheritable headers can be updated or removed from the inbound
channel as well as from a pre-dial handler
Resolves: #1670
UserNote: A new PJSIP_HEADER option has been added that allows
inheriting pjsip headers from the inbound to the outbound bridged
channel.
Example- same => n,Set(PJSIP_INHERITABLE_HEADER(add,X-custom-1)=alpha)
will add X-custom-1: alpha to the outbound pjsip channel INVITE
upon Dial.
phoneben [Sun, 18 Jan 2026 18:34:01 +0000 (20:34 +0200)]
app_queue: Queue Timing Parity with Dial() and Accurate Wait Metrics
app_queue: Set Dial-compatible timing variables
Extends Queue() to set Dial-compatible timing variables (ANSWEREDTIME, DIALEDTIME) and introduces a precise QUEUEWAIT metric calculated at agent connect time, with proper initialization to prevent stale or misleading values.
phoneben [Tue, 6 Jan 2026 19:53:45 +0000 (21:53 +0200)]
app_queue: Fix rN raise_penalty ignoring min_penalty in calc_metric
QUEUE_RAISE_PENALTY=rN was not respected during member selection. calc_metric() raised penalties below QUEUE_MIN_PENALTY, allowing excluded members to be selected.
This change makes calc_metric() honor raise_respect_min, keeping behavior consistent with queue empty checks and expected rN semantics
UserNote: Fixes an issue where QUEUE_RAISE_PENALTY=rN could raise a member’s penalty below QUEUE_MIN_PENALTY during member selection. This could allow members intended to be excluded to be selected. The queue now consistently respects the minimum penalty when raising penalties, aligning member selection behavior with queue empty checks and documented rN semantics.
serfreeman1337 [Mon, 5 Jan 2026 15:47:22 +0000 (20:47 +0500)]
app_queue: Only compare calls at 1st position across queues when forcing longest waiting caller.
This prevents a situation where a call joining at 1st position to a queue with calls
leads to a state where no callers are considered the longest waiting,
causing queues to stop offering calls.
Talha Asghar [Thu, 22 Jan 2026 15:33:12 +0000 (15:33 +0000)]
say.c: added language support for pashto and dari
With this new feature, users who speak these languages can now benefit from the
text-to-speech functionality provided by asterisk. This will make the platform
more accessible and useful to a wider range of users, particularly those in
regions where Pashto and Dari are spoken. This contribution will help to improve
the overall usability and inclusivity of the asterisk platform.
hishamway [Thu, 15 Jan 2026 09:34:08 +0000 (15:04 +0530)]
res_pjsip_session.c: Prevent INVITE failover when session is cancelled
When an outbound INVITE transaction times out (408) or receives a 503 error,
check_request_status() attempts to failover to the next available address by
restarting the INVITE session. However, the function did not check if the
inv_session was already cancelled before attempting the failover.
This caused unexpected behavior when a caller hung up during a ring group
scenario: after CANCEL was sent but the remote endpoint failed to respond
with 487 (e.g., due to network disconnection), the transaction timeout
would trigger a NEW outbound INVITE to the next address, even though the
session was already terminated.
This violates RFC 3261 Section 9.1 which states that if no final response
is received after CANCEL within 64*T1 seconds, the client should consider
the transaction cancelled and destroy it, not retry to another address.
The fix adds a check for both PJSIP_INV_STATE_DISCONNECTED and inv->cancelling
at the beginning of check_request_status(). This ensures that:
- Failover is blocked when the user explicitly cancelled the call (CANCEL sent)
- Failover is still allowed for legitimate timeout/503 scenarios where no
CANCEL was initiated (e.g., SRV failover when first server is unreachable)
res_pjsip_pubsub: Fix ao2 reference leak of subscription tree in ast_sip_subscription
allocate_subscription() increments the ao2 reference count of the subscription tree,
but the reference was not consistently released during subscription destruction,
resulting in leaked sip_subscription_tree objects.
This patch makes destroy_subscription() responsible for releasing sub->tree,
removes ad-hoc cleanup in error paths,
and guards tree cleanup to ensure refcount symmetry and correct ownership.
Joe Garlick [Thu, 15 Jan 2026 14:56:47 +0000 (14:56 +0000)]
chan_websocket: Fixed Ping/Pong messages hanging up the websocket channel
When chan_websocket received a Ping or a Pong opcode it would cause the channel to hangup. This change allows Ping/Pong opcodes and allows them to silently pass
Sean Bright [Mon, 5 Jan 2026 16:44:47 +0000 (11:44 -0500)]
cli.c: Allow 'channel request hangup' to accept patterns.
This extends 'channel request hangup' to accept multiple channel
names, a POSIX Extended Regular Expression, a glob-like pattern, or a
combination of all of them.
UserNote: The 'channel request hangup' CLI command now accepts
multiple channel names, POSIX Extended Regular Expressions, glob-like
patterns, or a combination of all of them. See the CLI command 'core
show help channel request hangup' for full details.
Mike Bradeen [Tue, 6 Jan 2026 17:04:50 +0000 (10:04 -0700)]
res_sorcery_memory_cache: Reduce cache lock time for sorcery memory cache populate command
Reduce cache lock time for AMI and CLI sorcery memory cache populate
commands by adding a new populate_lock to the sorcery_memory_cache
struct which is locked separately from the existing cache lock so that
the cache lock can be maintained for a reduced time, locking only when
the cache objects are removed and re-populated.
Resolves: #1700
UserNote: The AMI command sorcery memory cache populate will now
return an error if there is an internal error performing the populate.
The CLI command will display an error in this case as well.
George Joseph [Tue, 30 Dec 2025 19:15:26 +0000 (12:15 -0700)]
chan_websocket: Use the channel's ability to poll fds for the websocket read.
We now add the websocket's file descriptor to the channel's fd array and let
it poll for data availability instead if having a dedicated thread that
does the polling. This eliminates the thread and allows removal of most
explicit locking since the core channel code will lock the channel to prevent
simultaneous calls to webchan_read, webchan_hangup, etc.
While we were here, the hangup code was refactored to use ast_hangup_with_cause
instead of directly queueing an AST_CONTROL_HANGUP frame. This allows us
to set hangup causes and generate snapshots.
For a bit of extra debugging, a table of websocket close codes was added
to http_websocket.h with an accompanying "to string" function added to
res_http_websocket.c
Sean Bright [Sat, 13 Dec 2025 20:15:24 +0000 (15:15 -0500)]
asterisk.c: Allow multi-byte characters on the Asterisk CLI.
Versions of libedit that support Unicode expect that the
EL_GETCFN (the function that does character I/O) will fill in a
`wchar_t` with a character, which may be multi-byte. The built-in
function that libedit provides, but does not expose with a public API,
does properly handle multi-byte sequences.
Due to the design of Asterisk's console processing loop, Asterisk
provides its own implementation which does not handle multi-byte
characters. Changing Asterisk to use libedit's built-in function would
be ideal, but would also require changing some fundamental things
about console processing which could be fairly disruptive.
Instead, we bring in libedit's `read_char` implementation and modify
it to suit our specific needs.
Peter Krall [Wed, 17 Dec 2025 12:23:17 +0000 (13:23 +0100)]
res/ari/resource_bridges.c: Normalize channel_format ref handling for bridge media
Always take an explicit reference on the format used for bridge playback
and recording channels, regardless of where it was sourced, and release
it after prepare_bridge_media_channel. This aligns the code paths and
avoids mixing borrowed and owned references while preserving behavior.
George Joseph [Wed, 17 Dec 2025 22:49:06 +0000 (15:49 -0700)]
res_geolocation: Fix multiple issues with XML generation.
* 3d positions were being rendered without an enclosing `<gml:pos>`
element resulting in invalid XML.
* There was no way to set the `id` attribute on the enclosing `tuple`, `device`
and `person` elements.
* There was no way to set the value of the `deviceID` element.
* Parsing of degree and radian UOMs was broken resulting in them appearing
outside an XML element.
* The UOM schemas for degrees and radians were reversed.
* The Ellipsoid shape was missing and the Ellipse shape was defined multiple
times.
* The `crs` location_info parameter, although documented, didn't work.
* The `pos3d` location_info parameter appears in some documentation but
wasn't being parsed correctly.
* The retransmission-allowed and retention-expiry sub-elements of usage-rules
were using the `gp` namespace instead of the `gbp` namespace.
In addition to fixing the above, several other code refactorings were
performed and the unit test enhanced to include a round trip
XML -> eprofile -> XML validation.
Resolves: #1667
UserNote: Geolocation: Two new optional profile parameters have been added.
* `pidf_element_id` which sets the value of the `id` attribute on the top-level
PIDF-LO `device`, `person` or `tuple` elements.
* `device_id` which sets the content of the `<deviceID>` element.
Both parameters can include channel variables.
UpgradeNote: Geolocation: In order to correct bugs in both code and
documentation, the following changes to the parameters for GML geolocation
locations are now in effect:
* The documented but unimplemented `crs` (coordinate reference system) element
has been added to the location_info parameter that indicates whether the `2d`
or `3d` reference system is to be used. If the crs isn't valid for the shape
specified, an error will be generated. The default depends on the shape
specified.
* The Circle, Ellipse and ArcBand shapes MUST use a `2d` crs. If crs isn't
specified, it will default to `2d` for these shapes.
The Sphere, Ellipsoid and Prism shapes MUST use a `3d` crs. If crs isn't
specified, it will default to `3d` for these shapes.
The Point and Polygon shapes may use either crs. The default crs is `2d`
however so if `3d` positions are used, the crs must be explicitly set to `3d`.
* The `geoloc show gml_shape_defs` CLI command has been updated to show which
coordinate reference systems are valid for each shape.
* The `pos3d` element has been removed in favor of allowing the `pos` element
to include altitude if the crs is `3d`. The number of values in the `pos`
element MUST be 2 if the crs is `2d` and 3 if the crs is `3d`. An error
will be generated for any other combination.
* The angle unit-of-measure for shapes that use angles should now be included
in the respective parameter. The default is `degrees`. There were some
inconsistent references to `orientation_uom` in some documentation but that
parameter never worked and is now removed. See examples below.
Examples...
```
location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
location_info = shape="Point", pos="39.0 -105.0"
location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
pidf_element_id = ${CHANNEL(name)}-${EXTEN}
device_id = mac:001122334455
Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
```
`nm` might, especially in cross-compilation scenarios, be available but prefixed with the target triple. So: use `AC_PATH_TOOL` rather than `AC_PATH_PROG` to find it. (See https://www.gnu.org/software/autoconf/manual/autoconf-2.68/html_node/Generic-Programs.html .)
Found and proposed fix tested by cross-compiling Asterisk using Nixpkgs on x86_64 targeting aarch64. :)
res_pjsip_messaging: Add support for following 3xx redirects
This commit integrates the redirect module into res_pjsip_messaging
to enable following 3xx redirect responses for outgoing SIP MESSAGEs.
When follow_redirect_methods contains 'message' on an endpoint, Asterisk
will now follow 3xx redirect responses for MESSAGEs, similar to how
it behaves for INVITE responses.
Resolves: #1576
UserNote: A new pjsip endpoint option follow_redirect_methods was added.
This option is a comma-delimited, case-insensitive list of SIP methods
for which SIP 3XX redirect responses are followed. An alembic upgrade
script has been added for adding this new option to the Asterisk
database.
res_pjsip: Introduce redirect module for handling 3xx responses
This commit introduces a new redirect handling module that provides
infrastructure for following SIP 3xx redirect responses. The redirect
functionality respects the endpoint's redirect_method setting and only
follows redirects when set to 'uri_pjsip'. This infrastructure can be
used by any PJSIP module that needs to handle 3xx redirect responses.
Naveen Albert [Thu, 23 Oct 2025 12:18:45 +0000 (08:18 -0400)]
chan_dahdi.conf.sample: Avoid warnings with default configs.
callgroup and pickupgroup may only be specified for FXO-signaled channels;
however, the chan_dahdi sample config had these options uncommented in
the [channels] section, thus applying these settings to all channels,
resulting in warnings. Comment these out so there are no warnings with
an unmodified sample config.
sarangr7 [Thu, 18 Dec 2025 06:04:14 +0000 (11:34 +0530)]
main/dial.c: Set channel hangup cause on timeout in handle_timeout_trip
When dial attempts timeout in the core dialing API, the channel's hangup
cause was not being set before hanging up. Only the ast_dial_channel
structure's internal cause field was updated, but the actual ast_channel
hangup cause remained unset.
This resulted in incorrect or missing hangup cause information being
reported through CDRs, AMI events, and other mechanisms that read the
channel's hangup cause when dial timeouts occurred via applications
using the dialing API (FollowMe, Page, etc.).
The fix adds proper channel locking and sets AST_CAUSE_NO_ANSWER on
the channel before calling ast_hangup(), ensuring consistent hangup
cause reporting across all interfaces.
Sean Bright [Fri, 12 Dec 2025 19:44:15 +0000 (14:44 -0500)]
cel: Add missing manager documentation.
The LOCAL_OPTIMIZE_BEGIN, STREAM_BEGIN, STREAM_END, and DTMF CEL
events were not all documented in the CEL configuration file or the
manager documentation for the CEL event.
Justin T. Gibbs [Mon, 22 Dec 2025 01:30:10 +0000 (18:30 -0700)]
rtp/rtcp: Configure dual-stack behavior via IPV6_V6ONLY
Dual-stack behavior (simultaneous listening for IPV4 and IPV6
connections on a single socket) is required by Asterisk's ICE
implementation. On systems with the IPV6_V6ONLY sockopt, set
the option to 0 (dual-stack enabled) when binding to the IPV6
any address. This ensures correct behavior regardless of the
system's default dual-stack configuration.
Joshua C. Colp [Thu, 4 Dec 2025 21:08:58 +0000 (17:08 -0400)]
pjsip: Move from threadpool to taskpool
This change moves the PJSIP module from the threadpool API
to the taskpool API. PJSIP-specific implementations for
task usage have been removed and replaced with calls to
the optimized taskpool implementations instead. The need
for a pool of serializers has also been removed as
taskpool inherently provides this. The default settings
have also been changed to be more realistic for common
usage.
UpgradeNote: The threadpool_* options in pjsip.conf have now
been deprecated though they continue to be read and used.
They have been replaced with taskpool options that give greater
control over the underlying taskpool used for PJSIP. An alembic
upgrade script has been added to add these options to realtime
as well.
George Joseph [Wed, 10 Dec 2025 17:45:24 +0000 (10:45 -0700)]
chan_websocket: Add locking in send_event and check for NULL websocket handle.
On an outbound websocket connection, when the triggering caller hangs up,
webchan_hangup() closes the outbound websocket session and sets the websocket
session handle to NULL. If the hangup happened in the tiny window between
opening the outbound websocket connection and before read_thread_handler()
was able to send the MEDIA_START message, it could segfault because the
websocket session handle was NULL. If it didn't actually segfault, there was
also the possibility that the websocket instance wouldn't get cleaned up which
could also cause the channel snapshot to not get cleaned up. That could
cause memory leaks and `core show channels` to list phantom WebSocket
channels.
To prevent the race, the send_event() macro now locks the websocket_pvt
instance and checks the websocket session handle before attempting to send
the MEDIA_START message.
George Joseph [Mon, 8 Dec 2025 20:40:00 +0000 (13:40 -0700)]
endpoint.c: Plug a memory leak in ast_endpoint_shutdown().
Commit 26795be introduced a memory leak of ast_endpoint when
ast_endpoint_shutdown() was called. The leak occurs only if a configuration
change removes an endpoint and isn't related to call volume or the length of
time asterisk has been running. An ao2_ref(-1) has been added to
ast_endpoint_shutdown() to plug the leak.
Paul Donald [Wed, 3 Dec 2025 19:32:59 +0000 (20:32 +0100)]
configs: rename phoneprov_users.conf to .sample so make installs it
This conf file should be suffixed .sample so that make installs it
at compile time. Otherwise res_phoneprov complains at runtime as to
its absence and refuses to start.
Mike Bradeen [Tue, 28 Oct 2025 21:26:03 +0000 (15:26 -0600)]
taskprocessors: Improve logging and add new cli options
This change makes some small changes to improve log readability in
addition to the following changes:
Modified 'core show taskprocessors' to now show Low time and High time
for task execution.
New command 'core show taskprocessor name <taskprocessor-name>' to dump
taskprocessor info and current queue.
Addionally, a new test was added to demonstrate the 'show taskprocessor
name' functionality:
test execute category /main/taskprocessor/ name taskprocessor_cli_show
Setting 'core set debug 3 taskprocessor.c' will now log pushed tasks.
(Warning this is will cause extremely high levels of logging at even
low traffic levels.)
Resolves: #1566
UserNote: New CLI command has been added -
core show taskprocessor name <taskprocessor-name>
phoneben [Wed, 26 Nov 2025 12:00:21 +0000 (14:00 +0200)]
channelstorage_cpp: Fix fallback return value in channelstorage callback
callback returned the last iterated channel when no match existed, causing invalid channel references and potential double frees. Updated to correctly return NULL when there is no match.
George Joseph [Wed, 19 Nov 2025 21:57:46 +0000 (14:57 -0700)]
ccss: Add option to ccss.conf to globally disable it.
The Call Completion Supplementary Service feature is rarely used but many of
it's functions are called by app_dial and channel.c "just in case". These
functions lock and unlock the channel just to see if CCSS is enabled on it,
which it isn't 99.99% of the time.
UserNote: A new "enabled" parameter has been added to ccss.conf. It defaults
to "yes" to preserve backwards compatibility but CCSS is rarely used so
setting "enabled = no" in the "general" section can save some unneeded channel
locking operations and log message spam. Disabling ccss will also prevent
the func_callcompletion and chan_dahdi modules from loading.
DeveloperNote: A new API ast_is_cc_enabled() has been added. It should be
used to ensure that CCSS is enabled before making any other ast_cc_* calls.
George Joseph [Thu, 20 Nov 2025 14:45:27 +0000 (07:45 -0700)]
app_directed_pickup.c: Change some log messages from NOTICE to VERBOSE.
UpgradeNote: In an effort to reduce log spam, two normal progress
"pickup attempted" log messages from app_directed_pickup have been changed
from NOTICE to VERBOSE(3). This puts them on par with other normal
dialplan progress messages.
projects / thirdparty / asterisk.git / log
