Matt Jordan [Mon, 13 Apr 2015 14:54:18 +0000 (09:54 -0500)]
build_tools/make_version: Update version parsing for Git migration
External systems - such as the Asterisk Test Suite - require knowledge of the
upstream branch. Unfortunately, after moving to Git, the Asterisk version
currently consists of only a 'GIT" prefix followed by an object blob,
e.g., GIT-as08d7. This makes it difficult for such systems to know what
features are available in a particular check out of Asterisk.
This patch fixes this by hardcoding the branch in a variable in the
make_version script. Since the mainline branches are not changed often -
typically only once a year - this is a reasonable approach to solving
the problem, and is more reliable than parsing the output of 'git branch
-vv'. Branches that track off of an upstream primary branch will then get the
benefit of knowing which mainline branch they are currently based off
of.
Jonathan Rose [Wed, 8 Apr 2015 15:54:38 +0000 (15:54 +0000)]
Security/tcptls: MitM Attack potential from certificate with NULL byte in CN.
When registering to a SIP server with TLS, Asterisk will accept CA signed
certificates with a common name that was signed for a domain other than the
one requested if it contains a null character in the common name portion of
the cert. This patch fixes that by checking that the common name length
matches the the length of the content we actually read from the common name
segment. Some certificate authorities automatically sign CA requests when
the requesting CN isn't already taken, so an attacker could potentially
register a CN with something like www.google.com\x00www.secretlyevil.net
and have their certificate signed and Asterisk would accept that certificate
as though it had been for www.google.com - this is a security fix and is
noted in AST-2015-003.
ASTERISK-24847 #close
Reported by: Maciej Szmigiero
Patches:
asterisk-null-in-cn.patch submitted by mhej (license 6085)
Mark Michelson [Thu, 20 Nov 2014 16:31:30 +0000 (16:31 +0000)]
Fix error with mixed address family ACLs.
Prior to this commit, the address family of the first item in an ACL
was used to compare all incoming traffic. This could lead to traffic
of other IP address families bypassing ACLs.
ASTERISK-24469 #close
Reported by Matt Jordan
Patches:
ASTERISK-24469-11.diff uploaded by Matt Jordan (License #6283)
Corey Farrell [Sun, 2 Nov 2014 08:01:02 +0000 (08:01 +0000)]
Fix ast_writestream leaks
Fix cleanup in __ast_play_and_record where others[x] may be leaked.
This was caught where prepend != NULL && outmsg != NULL, once
realfile[x] == NULL any further others[x] would be leaked. A cleanup
block was also added for prepend != NULL && outmsg == NULL.
11+: Fix leak of ast_writestream recording_fs in
app_voicemail:leave_voicemail.
Matthew Jordan [Fri, 31 Oct 2014 03:24:24 +0000 (03:24 +0000)]
channels/sip/reqresp_parser: Fix unit tests for r426594
When r426594 was made, it did not take into account a unit test that verified
that the function properly populated the unsupported buffer. The function
would previously memset the buffer if it detected it had any contents; since
this function can now be called iteratively on successive headers, the unit
tests would now fail. This patch updates the unit tests to reset the buffer
themselves between successive calls, and updates the documentation of the
function to note that this is now required.
Walter Doekes [Thu, 30 Oct 2014 09:11:39 +0000 (09:11 +0000)]
app_voicemail: Fix unchecked bounds of myArray in IMAP_STORAGE.
In update_messages_by_imapuser(), messages were appended to a finite
array which resulted in a crash when an IMAP mailbox contained more
than 256 entries. This memory is now dynamically increased as needed.
Observe that this patch adds a bunch of XXX's to questionable code. See
the review (url below) for more information.
ASTERISK-24190 #close
Reported by: Nick Adams
Tested by: Nick Adams
Matthew Jordan [Thu, 30 Oct 2014 01:57:11 +0000 (01:57 +0000)]
channels/chan_sip: Add improved support for 4xx error codes
This patch adds support for 414, 493, 479, and a stray 400 response in REGISTER
response handling. This helps interoperability in a number of scenarios.
Review: https://reviewboard.asterisk.org/r/3437
patches:
rb3437.patch uploaded by oej (License 5267)
Matthew Jordan [Thu, 30 Oct 2014 01:39:20 +0000 (01:39 +0000)]
channels/chan_sip: Support mutltiple Supported and Required headers
A SIP request may contain multiple Supported: and Required: headers. Currently,
chan_sip only parses the first Supported/Required header it finds. This patch
adds support for multiple Supported/Required headers for INVITE requests.
Review: https://reviewboard.asterisk.org/r/2478
ASTERISK-21721 #close
Reported by: Olle Johansson
patches:
rb2478.patch uploaded by oej (License 5267)
Matthew Jordan [Mon, 27 Oct 2014 01:39:25 +0000 (01:39 +0000)]
res/res_srtp: Fix include issue for libsrtp 1.5.0
In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.
ASTERISK-24436 #close
Reported by: Patrick Laimbock
Matthew Jordan [Mon, 20 Oct 2014 14:09:16 +0000 (14:09 +0000)]
AST-2014-011: Fix POODLE security issues
There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
will default to the OpenSSL SSLv23_method. This method allows for all
encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
and explicitly disables SSLv2/SSLv3 if using SSLv23_method.
For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.
Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.
Review: https://reviewboard.asterisk.org/r/4096/
ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
AST-2014-011-11.diff uploaded by mjordan (License 6283)
AST-2014-011-12.diff uploaded by mjordan (License 6283)
Matthew Jordan [Fri, 17 Oct 2014 13:07:36 +0000 (13:07 +0000)]
channels/chan_sip: Respect outboundproxy setting when sending qualify requests
The outboundproxy setting is currently ignored when sending OPTIONS requests
as a result of the qualify setting. This means that if an Asterisk server is
unable to send the packet directly to a peer, it is unable to qualify any
non-inbound registered peer (e.g. a peer SIP Trunk).
This patch grabs the outboundproxy information for a peer when a qualify
attempt is being constructed and, if it finds the information, uses it
when sending the OPTIONS request.
Corey Farrell [Tue, 14 Oct 2014 16:16:45 +0000 (16:16 +0000)]
res_fax: Resolve module reference leak caused by reserved sessions
Remove reference to module providing reserved session after
adding a reference to the final module. This re-reference
is done to ensure that module references are correct even
if the final session selects a different module than the
reserved session.
Walter Doekes [Sun, 12 Oct 2014 08:10:51 +0000 (08:10 +0000)]
chan_sip: Fix so asterisk won't send reINVITE after a BYE.
After a reINVITE glare situation, Asterisk would re-send the reINVITE
even though the call had been hung up in the mean time. This patch
unschedules the reinvite when handling the BYE.
ASTERISK-22791 #close
Reported by: Paolo Compagnini
Tested by: Paolo Compagnini
Review: https://reviewboard.asterisk.org/r/4056/
(testcase is in review r4055)
Walter Doekes [Sun, 12 Oct 2014 07:50:23 +0000 (07:50 +0000)]
build: Relax badshell tilde test to allow for ~ in middle of DESTDIR.
The main Makefile has a target test called 'badshell' that tests if
DESTDIR does not happen to have an an-expanded tilde (~). This might
be the case if you run: make install DESTDIR=~/somewhere/
That test also disallowed valid tildes in directory names. The test is
now changed to only trigger on a tilde at the start of the path.
Kinsey Moore [Fri, 10 Oct 2014 12:55:17 +0000 (12:55 +0000)]
CallerID: Fix parsing regression
This fixes a regression in callerid parsing introduced when another bug
was fixed. This bug occurred when the name was composed entirely of
DTMF keys and quoted without a number section (<>).
ASTERISK-24406 #close
Reported by: Etienne Lessard
Tested by: Etienne Lessard
Patches:
callerid_fix.diff uploaded by Kinsey Moore
Review: https://reviewboard.asterisk.org/r/4067/
Walter Doekes [Fri, 10 Oct 2014 07:24:24 +0000 (07:24 +0000)]
chan_sip: Fix dialog leak resulting from missing ACK to re-INVITE.
If a device re-INVITEs at the same time as the dialog is hung up, and
if then the ACK to the re-INVITE never reaches Asterisk, chan_sip would
fail to destroy the dialog after a while. This resulted in (most
prominently) file handle leaks.
Walter Doekes [Thu, 9 Oct 2014 07:59:11 +0000 (07:59 +0000)]
safe_asterisk: Don't automatically exceed MAXFILES value of 2^20.
On systems with lots of RAM (e.g. 24GB) /proc/sys/fs/file-max divided
by two can exceed the per-process file limit of 2^20. This patch
ensures the value is capped.
(Patch cleaned up by me.)
ASTERISK-24011 #close
Reported by: Michael Myles
Patches:
safe_asterisk-ulimit.diff uploaded by Michael Myles (License #6626)
Corey Farrell [Tue, 7 Oct 2014 21:28:33 +0000 (21:28 +0000)]
astobj2: Correct REF_DEBUG false leak report
When ao2_callback is run with OBJ_MULTIPLE and not OBJ_NODATA
it allocates a temporary container in a way that does not
record REF_DEBUG log entries. This changes that container
to correctly record unref's when the container is freed.
Richard Mudgett [Fri, 26 Sep 2014 15:16:11 +0000 (15:16 +0000)]
res_fax: Fix out of bounds error in update_modem_bits().
ASTERISK-24357 #close
Reported by: Jeremy Laine
Patches:
res_fax_bounds.patch (license #6561) patch uploaded by Jeremy Laine
Modified patch to not use magic numbers.
Richard Mudgett [Thu, 18 Sep 2014 16:08:51 +0000 (16:08 +0000)]
astobj2.c/refcounter.py: Fix to deal with invalid object refs.
* Make astob2 REF_DEBUG output an invalid object line when an invalid ao2
object ref/unref is attempted. This is similar to the
constructor/destructor lines.
* Fixed refcounter.py to handle skewed objects that have
constructor/destructor states.
* Made refcounter.py highlight the invalid ao2 object refs by putting them
in their own section of the processed output file.
* Made refcounter.py highlight unreffing an object by more than one that
results in a negative ref count and the object being destroyed. The
abnormally destroyed object is reported in the invalid and finalized
object sections of the output.
George Joseph [Thu, 18 Sep 2014 14:37:08 +0000 (14:37 +0000)]
config: bug: Fix SEGV in ast_category_insert when matching category isn't found
If you call ast_category_insert with a match category that doesn't exist, the
list traverse runs out of 'next' categories and you get a SEGV. This patch
adds check for the end-of-list condition and changes the signature to return
an int for success/failure indication instead of a void.
The only consumer of this function is manager and it was also changed to use
the return value.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3993/
Kinsey Moore [Fri, 12 Sep 2014 18:17:44 +0000 (18:17 +0000)]
Bridging: Fix bouncing native bridge
This fixes a situation in Asterisk 1.8 and 11 where ast_channel_bridge
could cause a bouncing native bridge. In the case of the
dial_LS_options test, this was a remote RTP bridge which caused the
audio path to continually cycle between Asterisk and the remote
endpoints generating a large number of SIP messages and delaying the
test long enough to cause it to fail (checking timing was part of the
test). The root cause was that the code to decide whether to use native
bridging was expecting a time-remaining value of 0 to be the default
instead of the actual default value of -1. A value of 0 or negative
numbers could also be generated by preceding code in some
circumstances. Both issues are addressed in this patch.
ASTERISK-24211 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3987/
George Joseph [Wed, 10 Sep 2014 15:58:45 +0000 (15:58 +0000)]
config: bug: fix truncation of included config files on permissions error
ast_config_text_file_save() currently truncates include files as they
are processed. If a subsequent include file or the main config file has
a permissions error that prevents writing, earlier include files are left
truncated resulting in a frantic search for backups.
This patch causes ast_config_text_file_save to check for write access
on all files before it truncates any of them.
Will be applied 1.8 > trunk.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3986/
Rusty Newton [Sun, 7 Sep 2014 00:07:39 +0000 (00:07 +0000)]
Sounds/BuildSystem: Modifications to include new releases and Japanese language.
Modifying Makefile and sounds.xml to include new core 1.4.26 and extra 1.4.15
sound prompt releases, plus the new Japanese core sound prompts contributed
by QLOOG.
ASTERISK-23324
Reported by: Kevin McCoy
Tested by: Rusty Newton
George Joseph [Sat, 30 Aug 2014 17:19:07 +0000 (17:19 +0000)]
manager: Make WaitEvent action respect eventfilters
A WaitEvent issued via an http session isn't respecting eventfilters defined
for the user. I just added a match_filter to the predicate that controls
astman_append.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3958/
Matthew Jordan [Fri, 29 Aug 2014 19:38:51 +0000 (19:38 +0000)]
doc: Add a manpage for the smsq utility
This patch adds a manpage for the smsq utility. Note that this is one of
the patches the Debian distro applies for the Asterisk project, as per
ASTERISK-24191.
Review: https://reviewboard.asterisk.org/r/3895/
ASTERISK-24171 #close
Reported by: Jeremy Laine
patches:
smsq.8 uploaded by Jeremy Laine (License 6561)
Matthew Jordan [Fri, 29 Aug 2014 19:31:42 +0000 (19:31 +0000)]
doc: Add a manpage for the aelparse utility
This patch adds a manpage for the aelparse utility. Note that this is one of
the patches the Debian distro applies for the Asterisk project, as per
ASTERISK-24191.
Review: https://reviewboard.asterisk.org/r/3896/
ASTERISK-24171 #close
Reported by: Jeremy Laine
patches:
aelparse.8 uploaded by Jeremy Laine (License 6561)
Matthew Jordan [Thu, 28 Aug 2014 21:52:50 +0000 (21:52 +0000)]
LICENSE: Clarify language in Asterisk's LICENSE to allow for linking to UniMRCP
The UniMRCP project distributes Asterisk modules that integrate Asterisk with
UniMRCP, and other Asterisk users use the UniMRCP library as well.
Unfortunately, the UniMRCP license is Apache 2.0, which per the Free Software
Foundation, is not a compatible license with the GPLv2.
"Please note that this license is not compatible with GPL version 2, because it
has some requirements that are not in that GPL version. These include certain
patent termination and indemnification provisions. The patent termination
provision is a good thing, which is why we recommend the Apache 2.0 license for
substantial programs over other lax permissive licenses."
On the other hand, UniMRCP is a great project and we'd like to let people use
it with Asterisk.
This patch updates the LICENSE text to allow users to link Asterisk with
UniMRCP and distribute the resulting binaries.
Kinsey Moore [Wed, 27 Aug 2014 14:25:34 +0000 (14:25 +0000)]
CallerID: Fix parsing of malformed callerid
This allows the callerid parsing function to handle malformed input
strings and strings containing escaped and unescaped double quotes.
This also adds a unittest to cover many of the cases where the parsing
algorithm previously failed.
Richard Mudgett [Mon, 25 Aug 2014 16:00:12 +0000 (16:00 +0000)]
res_musiconhold: Fix MOH restarting where it left off from the last hold.
Restore code removed by https://reviewboard.asterisk.org/r/3536/ that
introduced a regression that prevents MOH from restarting were it left off
the last time.
ASTERISK-24019 #close
Reported by: Jason Richards
Patches:
jira_asterisk_24019_v1.8.patch (license #5621) patch uploaded by rmudgett
Matthew Jordan [Thu, 21 Aug 2014 17:32:12 +0000 (17:32 +0000)]
chan_sip: Don't use port derived from fromdomain if it isn't set
If a user does not provide a port in the fromdomain setting, chan_sip will set
the fromdomainport to STANDARD_SIP_PORT (5060). The fromdomainport value will
then get used unilaterally in certain places. This causes issues with TLS,
where the default port is expected to be 5061.
This patch modifies chan_sip such that fromdomainport is only used if it is
not the standard SIP port; otherwise, the port from the SIP pvt's recorded
self IP address is used.
Richard Mudgett [Wed, 20 Aug 2014 22:13:44 +0000 (22:13 +0000)]
cli.c: Fix tab completion of "module load" when MALLOC_DEBUG is enabled.
filename_completion_function() returns memory that was not allocated by
the MALLOC_DEBUG allocation tracker so the memory must be freed by
ast_std_free().
George Joseph [Mon, 18 Aug 2014 20:14:32 +0000 (20:14 +0000)]
func_config: Change 'Not Found' message from ERROR to DEBUG
When you call the CONFIG dialplan function with the name of a variable that
doesn't exist in the target context you get an ERROR. This does nothing but
clutter up the logs with messages that may be perfectly acceptable. Just
because a variable wasn't in the context doesn't mean it's an error. Maybei
t's optional or just needs to be defaulted or ignored.
This patch changes the log level from ERROR to DEBUG. If a dialplan developer
wants to debug their dialplan they still canby setting the console debug level
as needed.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3919/
Matthew Jordan [Sun, 17 Aug 2014 23:06:29 +0000 (23:06 +0000)]
apps/app_dial: Fix Dial 'z' option
The 'z' option is supposed to disable the dial timeout in the case of a call
forward. Unfortunately, the wrong timeout timer was passed to the do_forward
function, resulting in the option not working.
Matthew Jordan [Sun, 17 Aug 2014 22:31:23 +0000 (22:31 +0000)]
configure: Undefine FORTIFY_SOURCE prior to defining it for patched gcc
Some distributions of Linux patch gcc to define FORTIFY_SOURCE when gcc is
executed with optimization. This "help" unfortunately results in re-definition
warnings when FORTIFY_SOURCE is later defined in Asterisk's build system. This
patch undefines FORTIFY_SOURCE prior to defining it to prevent this warning.
Review: https://reviewboard.asterisk.org/r/3912/
ASTERISK-24032 #close
Reported by: Kilburn
Tested by: Kilburn, wdoekes
patches:
1.8.diff uploaded by cloos (License 5956)
10.diff uploaded by cloos (License 5956)
11.diff uploaded by cloos (License 5956)
12.diff uploaded by cloos (License 5956)
13.diff uploaded by cloos (License 5956)
Matthew Jordan [Fri, 15 Aug 2014 14:43:44 +0000 (14:43 +0000)]
app_voicemail/app: Remove test events that were duplicated by r421059
Moving the test event raised when a file is played back (which occurred in
r421059) broke the ever loving snot out of the voicemail tests. This caused
duplicate test events to get raised, as app_voicemail and main/app were raising
events prior to call ast_streamfile. The voicemail tests did not enjoy getting
multiple events.
Since raising the playback event in ast_streamfile is far more useful to the
vast majority of tests, this patch keeps the call there and simply removes the
extraneous calls that duplicated the event.
Walter Doekes [Mon, 11 Aug 2014 10:24:06 +0000 (10:24 +0000)]
general: Fix memory Corruption in __ast_string_field_ptr_build_va.
If the space left in a stringfield is between 0 and
(alignof(ast_string_field_allocation)-1) adding new data would cause
memory corruption, because we would assume enough space (unsigned
underrun).
Thanks Arnd Schmitter for reporting and finding out the cause!
George Joseph [Wed, 6 Aug 2014 16:05:39 +0000 (16:05 +0000)]
pbx_lua: fix regression with global sym export and context clash by pbx_config.
ASTERISK-23818 (lua contexts being overwritten by contexts of the same name in
pbx_config) surfaced because pbx_lua, having the AST_MODFLAG_GLOBAL_SYMBOLS
set, was always force loaded before pbx_config. Since I couldn't find any
reason for pbx_lua to export it's symbols to the rest of Asterisk, I simply
changed the flag to AST_MODFLAG_DEFAULT. Problem solved. What I didn't
realize was that the symbols need to be exported not because Asterisk needs
them but because any external Lua modules like luasql.mysql need the base
Lua language APIs exported (ASTERISK-17279).
Back to ASTERISK-23818... It looks like there's an issue in pbx.c where
context_merge was only merging includes, switches and ignore patterns if
the context was already existing AND has extensions, or if the context was
brand new. If pbx_lua is loaded before pbx_config, the context will exist
BUT pbx_lua, being implemented as a switch, will never place extensions in
it, just the switch statement. The result is that when pbx_config loads,
it never merges the switch statement created by pbx_lua into the final
context.
This patch sets pbx_lua's modflag back to AST_MODFLAG_GLOBAL_SYMBOLS and adds
an "else if" in context_merge that catches the case where an existing context
has includes, switchs or ingore patterns but no actual extensions.
ASTERISK-23818 #close
Reported by: Dennis Guse
Reported by: Timo Teräs
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3891/
Rusty Newton [Mon, 4 Aug 2014 19:42:24 +0000 (19:42 +0000)]
Manager - Improve documentation for manager commands Getvar and Setvar.
The documentation for these commands did not make it clear that they could
accept expressions and functions. Modified to make this clear, but tried
not to be overly explicit.
ASTERISK-21178 #close
Reported by: Rusty Newton
Tested by: Rusty Newton
Richard Mudgett [Fri, 25 Jul 2014 23:04:09 +0000 (23:04 +0000)]
features.c: Allow appliationmap to use Gosub.
Using DYNAMIC_FEATURES with a Gosub application as the mapped application
does not work. It does not work because Gosub just pushes the current
dialplan context, exten, and priority onto a stack and sets the specified
Gosub location. Gosub does not have a dialplan execution loop to run
dialplan like Macro.
* Made the DYNAMIC_FEATURES application mapping feature call
ast_app_exec_macro() and ast_app_exec_sub() for the Macro and Gosub
applications respectively.
* Backported ast_app_exec_macro() and ast_app_exec_sub() from v11 to
execute dialplan routines from the DYNAMIC_FEATURES application mapping
feature.
NOTE: This issue does not affect v12+ because it already does what this
patch implements.
chan_sip: sip_subscribe_mwi_destroy should not call sip_destroy
sip_subscribe_mwi_destroy calls sip_destroy on the reference counted
mwi->call. This results in the fields of mwi->call being freed, but
mwi->call itself it leaked. If other code is still using mwi->call
it can cause problems. This change uses dialog_unref instead, to
balance the ref provided by sip_alloc().
Jonathan Rose [Tue, 15 Jul 2014 17:19:52 +0000 (17:19 +0000)]
func_uri: URIENCODE/URIDECODE - allow empty strings as argument
Previously these two dialplan functions would issue warnings and
return failure when an empty string is used as the argument. Now
they will not issue a warning and will successfully return an
empty string.
ASTERISK-23911 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3745/
The new inband_on_setup_ack option causes Asterisk to assume inband audio
may be present when a SETUP_ACKNOWLEDGE message is received.
Q.931 Section 5.1.3 says that in scenarios with overlap dialing, when a
dialtone is sent from the network side, progress indicator 8 "Inband info
now available" MAY be sent to the CPE if no digits were received with the
SETUP. It is thus implied that the ie is mandatory if digits came with
the SETUP and dialtone is needed. This option should be enabled, when the
network sends dialtone and you want to hear it, but the network doesn't
send the progress indicator when needed.
NOTE: For Q.SIG setups this option should be enabled when outgoing overlap
dialing is also enabled because Q.SIG does not send the progress indicator
with the SETUP ACK.
The commit -r413714 (AST-1338) which causes this issue was dealing with a
SIP-to-ISDN interoperability issue.
This commit is a merge of the two patches indicated below.
ASTERISK-23897 #close
Reported by: Pavel Troller
Patches:
pri-4.diff (license #6302) patch uploaded by Pavel Troller
jira_asterisk_23897_v11.patch (license #5621) patch uploaded by rmudgett
Matthew Jordan [Thu, 3 Jul 2014 11:19:40 +0000 (11:19 +0000)]
main/untils: Prevent potential infinite loop in ast_careful_fwrite
A loop in ast_careful_fwrite exists that will continually attempt to write to
a file stream, even in the presence of EAGAIN/EINTR errors. However, if a
connection that uses ast_careful_fwrite closes suddenly, ast_careful_fwrite's
call to fflush may return EAGAIN/EINTER along with EOF. A subsequent call to
fflush will return EOF but not clear errno, resulting in an infinite loop.
This patch clears errno after it is detected and handled the loop, such that
any subsequent call to fflush will not get erroneously stuck.
Review: https://reviewboard.asterisk.org/r/3704
ASTERISK-23984 #close
Reported by: Steve Davies
patches:
fflush_loop_fix uploaded by one47 (License 5012)
Matthew Jordan [Mon, 30 Jun 2014 03:20:12 +0000 (03:20 +0000)]
chan_sip: be more tolerant of whitespace between attributes in SDP fmtp line
This patch is essentially a backport of a small portion of r397526 from
ASTERISK-21981. In that patch, pass through support and format attribute
negotiation was added for Opus. Part of that included being more tolerant to
whitespace in the fmtp line of an SDP; that part of the patch is being
applied here.
As the author of the backport pointed out, in SDP, the fmtp line is allowed to
include whitespace between attributes. RFC 3267 chapter 8.3 (from 2001)
includes an example for this. This was not removed in the updated RFC 4867 in
2007.
Note that this patch only applies to audio in Asterisk 1.8, which is a bit more
limited in its support for format attributes. It does have limited support for
some codecs, so this patch is still useful in this version.
Review: https://reviewboard.asterisk.org/r/3658
ASTERISK-23916
Reported by: Alexander Traud
patches:
sdpFMTPspace_Asterisk11.patch uploaded by Alexander Traud (License 6520)
Corey Farrell [Fri, 27 Jun 2014 19:24:20 +0000 (19:24 +0000)]
Ensure REF_DEBUG records entrys for attempts to ao2_ref an invalid object
This change ensures that __ao2_ref_debug writes to ref_log when given a
non-NULL pointer to an invalid ao2 object. This is to ensure that we
record any attempt manipulate references of already freed objects.
Matthew Jordan [Thu, 26 Jun 2014 12:21:27 +0000 (12:21 +0000)]
udptl: Correct FEC to not consider negative sequence numbers as missing
When using FEC, with span=3 and entries=4 Asterisk will attempt to repair
the packet with sequence number 5, as it will see that packet -4 is
missing. The result is Asterisk sending garbage packets that can kill a
fax.
This patch adds a check to see if the sequence number is valid before
checking if the packet is missing.
Rusty Newton [Mon, 23 Jun 2014 14:34:17 +0000 (14:34 +0000)]
main/features - documentation - reformat examples and options in features.conf.sample to show clearly which options apply in which section
The features.conf sample can be a bit confusing about what parking options can be set only in the general context, or both in the general context (for the default parking lot) and in other parking lot contexts. A bug was filed due to confusion and a little googling will show lots of other confused users.
Despite some comments on the individual options, it still reads in a confusing way. In this patch I separate out those options with some headings in to attempt a better layout. I went ahead and modified other headings in the file, or added them to facilitate better visual scanning.
George Joseph [Sun, 22 Jun 2014 20:46:38 +0000 (20:46 +0000)]
build: Turn FORTIFY_SOURCE off if DONT_OPTIMIZE is set.
AST_FORTIFY_SOURCE is automatically set in ./Makefile even if DONT_OPTIMIZE
is set in menuselect. This causes gcc to complain that _FORTIFY_SOURCE
requires optimization and the build will fail. You can specify
"make AST_FORTIFY_SOURCE=''" but I always forget.
This patch moves the set of AST_FORTIFY_SOURCE to Makefile.rules and only
sets it if DONT_OPTIMIZE is "no". The move is necessary because the
top-level Makefile doesn't include menuselect.makeopts.
This doesn't solve the entire problem however because res_config_mysql
seems to force _FORTIFY_SOURCE so res_config_mysql has to be disabled
for now if DONT_OPTIMIZE is set.
Tested by: George Joseph
Review: https://reviewboard.asterisk.org/r/3664/
George Joseph [Fri, 20 Jun 2014 23:12:25 +0000 (23:12 +0000)]
build: Allow autoconf/ast_ext_tool_check to handle cross-compiling better.
ast_ext_tool_check.m4 isn't handling cases where a path to a package is
provided (E.G. --with-mysqlclient=/some/sysroot) and the package has a config
tool (E.G. mysql_config) and the package has its own subdirectories in include
or lib. For example, mysql's libraries are in ${MYSQLCLIENT_DIR}/usr/lib/mysql
but ast_ext_tool_check sets MYSQLCLIENT_LIB to ${MYSQLCLIENT_DIR}/usr/lib.
libxml2 has the same problem with its includes. They're in
${LIBXML2_DIR}/usr/include/libxml2 not directly in ${LIBXML2_DIR}/usr/include.
Both cause configure to fail and there are others in the same boat.
The problem is caused by logic in ast_ext_tool_check that overrides the result
of the config tool's --cflags and --libs options if package_DIR is set.
This patch prepends package_DIR (if specified) to the -L and -I results from
the package's config tool instead of overriding them.
A regenerated ./configure and include/asterisk/autoconfig.h.in are included
but can be regenerated by running ./bootstrap.sh at any time.
Tested by: George Joseph
Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3550/
George Joseph [Fri, 20 Jun 2014 21:55:41 +0000 (21:55 +0000)]
build: Allow autoconf/ast_ext_tool_check to handle cross-compiling better.
ast_ext_tool_check.m4 isn't handling cases where a path to a package is
provided (E.G. --with-mysqlclient=/some/sysroot) and the package has a config
tool (E.G. mysql_config) and the package has its own subdirectories in include
or lib. For example, mysql's libraries are in ${MYSQLCLIENT_DIR}/usr/lib/mysql
but ast_ext_tool_check sets MYSQLCLIENT_LIB to ${MYSQLCLIENT_DIR}/usr/lib.
libxml2 has the same problem with its includes. They're in
${LIBXML2_DIR}/usr/include/libxml2 not directly in ${LIBXML2_DIR}/usr/include.
Both cause configure to fail and there are others in the same boat.
The problem is caused by logic in ast_ext_tool_check that overrides the result
of the config tool's --cflags and --libs options if package_DIR is set.
This patch prepends package_DIR (if specified) to the -L and -I results from
the package's config tool instead of overriding them.
Tested by: George Joseph
Tested by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/3550/
George Joseph [Thu, 19 Jun 2014 15:59:45 +0000 (15:59 +0000)]
Remove the problematic and unneeded AST_MODFLAG_GLOBAL_SYMBOLS from pbx_lua.c
AST_MODFLAG_GLOBAL_SYMBOLS was causing the module to be incorrectly loaded
before pbx_config. pbx_config was therefore blowing away contexts that were
created by pbx_lua. With AST_MODFLAG_DEFAULT the load order is now correct
and contexs are being properly merged. AST_MODFLAG_GLOBAL_SYMBOLS was not
needed anyway since no other modules needed its global symbols that early.
ASTERISK-23818 #close
Reported by: Dennis Guse
Tested by: Dennis Guse
Tested by: George Joseph
George Joseph [Wed, 18 Jun 2014 16:41:50 +0000 (16:41 +0000)]
Update extensions.lua.sample with naming conflict guidance.
The sample extensions.lua was causing pbx_lua to fail to load when parsing
'app.goto("default", "s", 1)' because in Lua 5.2, 'goto' is now a reserved
word. This patch adds guidance to extensions.lua.sample and changed
'app.goto("default", "s", 1)' to 'app.['goto']("default", "s", 1)'.
https://reviewboard.asterisk.org/r/3627/
ASTERISK-23844 #comment This commit fixes 1.8, patch for 11->trunk coming.
Kinsey Moore [Tue, 17 Jun 2014 16:20:22 +0000 (16:20 +0000)]
MoH: Don't restart stream on repeated start calls
Currently, music on hold will stop and then start again from the
beginning if ast_moh_start() is called multiple times. This can happen
if a call is put on hold repeatedly (the channel receives multiple
HOLD control frames) and can be triggered from ARI by starting MoH on a
channel multiple times. This is fairly jarring/annoying to users.
This change prevents MoH from being restarted if the requested music
class is the same as the one currently playing.
This includes an extra check to prevent the errors previously
experienced in the testsuite and has 100+ test runs behind it.
We have faced situation when using CDR and CEL by sqlite3 modules. With system having high load (~100 concurrent calls created by sipp) we found many cdr and cel records missed. There is special finction in sqlite3, that make able to fix this situation - sqlite3_wait_timeout, that also can replace awful code cdr_sqlite3 ad cel_sqlite3 modules. Also this function can be used for aastdb and res_config_sqlite3 to avoid missed writes to sqlite db.
#ASTERISK-23766 #close
Reported by: Igor Goncharovsky
Matthew Jordan [Sun, 15 Jun 2014 21:16:17 +0000 (21:16 +0000)]
MoH: Undo commit r416150 (1.8)
This patch reverts r416150. When the comparison between mohclass->name and
state->class->name is made, you are not guaranteed that (a) state->class is
non-NULL or that state or state->class are in a safe state.
Crashes caught by the bridges/transfer_capabilities test.
Kinsey Moore [Fri, 13 Jun 2014 13:03:35 +0000 (13:03 +0000)]
MoH: Don't restart stream on repeated start calls
Currently, music on hold will stop and then start again from the
beginning if ast_moh_start() is called multiple times. This can happen
if a call is put on hold repeatedly (the channel receives multiple
HOLD control frames) and can be triggered from ARI by starting MoH on a
channel multiple times. This is fairly jarring/annoying to users.
This change prevents MoH from being restarted if the requested music
class is the same as the one currently playing.
Corey Farrell [Thu, 12 Jun 2014 17:16:38 +0000 (17:16 +0000)]
chan_sip: DEBUG messages in sdp_crypto.c display despite a DEBUG level of zero
Change debug level for messages in sdp_crypto.c from zero to one. This
ensures the messages are not displayed when debugging is disabled. Change
does not apply to 12+ as it was already fixed in those versions.
ASTERISK-23246 #close
Reported by: Rusty Newton
Review: https://reviewboard.asterisk.org/r/3605/
Richard Mudgett [Thu, 12 Jun 2014 16:05:50 +0000 (16:05 +0000)]
AST-2014-007: Fix DOS by consuming the number of allowed HTTP connections.
Simply establishing a TCP connection and never sending anything to the
configured HTTP port in http.conf will tie up a HTTP connection. Since
there is a maximum number of open HTTP sessions allowed at a time you can
block legitimate connections.
A similar problem exists if a HTTP request is started but never finished.
* Added http.conf session_inactivity timer option to close HTTP
connections that aren't doing anything. Defaults to 30000 ms.
* Removed the undocumented manager.conf block-sockets option. It
interferes with TCP/TLS inactivity timeouts.
* AMI and SIP TLS connections now have better authentication timeout
protection. Though I didn't remove the bizzare TLS timeout polling code
from chan_sip.
* chan_sip can now handle SSL certificate renegotiations in the middle of
a session. It couldn't do that before because the socket was non-blocking
and the SSL calls were not restarted as documented by the OpenSSL
documentation.
* Fixed an off nominal leak of the ssl struct in
handle_tcptls_connection() if the FILE stream failed to open and the SSL
certificate negotiations failed.
The patch creates a custom FILE stream handler to give the created FILE
streams inactivity timeout and timeout after a specific moment in time
capability. This approach eliminates the need for code using the FILE
stream to be redesigned to deal with the timeouts.
This patch indirectly fixes most of ASTERISK-18345 by fixing the usage of
the SSL_read/SSL_write operations.
ASTERISK-23673 #close
Reported by: Richard Mudgett
app_queue: delayed state can cause early leavewhenempty ringing
In app_queue, device state changes arrive in event messages and
update the queue member status value. That value is checked in
get_member_status() to decide that the caller should leave when
there are no available members. Although event messages can be
delayed by other activity, there is no adverse affect by lagged
status except in one specific case: there is only one available
member, it was just rung, and leavewhenempty is enabled set for
ringing members. This change adds a direct check of the device
state only under this condition where the caller may be dropped
incorrectly, resolving this issue without affecting performance
of app_queue normally.
AST-1248 #close
Review: https://reviewboard.asterisk.org/r/3595/
Reported by: Thomas Arimont
Walter Doekes [Mon, 9 Jun 2014 11:55:16 +0000 (11:55 +0000)]
safe_asterisk: Cleanup additions to r415132.
Replaced a stray echo that should've been a message call in
safe_asterisk. I'm using the contents of the old message inside the
if $NOTIFY so peoples log parsing scripts won't get confused by new
messages. I'll clean that up in trunk.
(Note that a 'make install' still won't overwrite your old safe_asterisk
if it exists. See ASTERISK-21965.)
Corey Farrell [Mon, 9 Jun 2014 03:43:21 +0000 (03:43 +0000)]
autoservice: stop thread on graceful shutdown
This change adds thread shutdown to autoservice for graceful shutdowns only.
ast_register_cleanup is backported to 1.8 to allow this. The logger callid
is also released on shutdown in 11+.
projects / thirdparty / asterisk.git / log
