According to the RFC[1] WSS should only be used in the Via header
for secure Websockets.
* Use WSS in Via for secure transport.
* Only register one transport with the WS name because it would be
ambiguous. Outgoing requests may try to find the transport by name and
pjproject only finds the first one registered. This may mess up unsecure
websockets but the impact should be minimal. Firefox and Chrome do not
support anything other than secure websockets anymore.
* Added and updated some debug messages concerning websockets.
* security_events.c: Relax case restriction when determining security
transport type.
* The res_pjsip_nat module has been updated to not touch the transport
on Websocket originating messages.
[1] https://tools.ietf.org/html/rfc7118
ASTERISK-26796 #close
Change-Id: Ie3a0fb1a41101a4c1e49d875a8aa87b189e7ab12
res_config_pgsql should match the behavior of other realtime backend
drivers so that queue_log can disable adaptive logging.
ASTERISK-25628 #close
Reported by: Dmitry Wagin
Change-Id: Ic1fb1600c7ce10fdfb1bcdc43c5576b7e0014372
The find_table() functions NULL or a locked table pointer. We are
not consistently calling release_table() in failure paths.
Change-Id: I6f665b455799c84b036e5b34904b82b05eab9544
When a subscription was being recreated and the endpoint wasn't
found, we were trying to unref the endpoint. This was causing
FRACKs. Removed the unref.
ASTERISK-26823 #close
Change-Id: If86d2aecff8fe853c7f38a1bfde721fcef3cd164
This change fixes an assumption in res_pjsip that a contact will
always have a status. There is a race condition where this is
not true and would crash. The status will now be unknown when
this situation occurs.
ASTERISK-26623 #close
Change-Id: Id52d3ca4d788562d236da49990a319118f8d22b5
Outbound registration now subscribes to network change events
published by res_stun_monitor and refreshes all registrations
when an event happens.
The 'pjsip send (un)register' CLI commands were updated to accept
'*all' as an argument to operate on all registrations.
The 'PJSIP(Un)Register' AMI commands were also updated to
accept '*all'.
ASTERISK-26808 #close
Change-Id: Iad58a9e0aa5d340477fca200bf293187a6ca5a25
This change fixes a problem where removing the DTLS configuration
options and reloading would not disable DTLS. This occurred
because the DTLS configuration was not reset to an unconfigured
state on reload.
ASTERISK-26313
Change-Id: I10952709cc4a7727fb50534b042bce9d64894b39
... and clean them both up on uninstall.
We've fixed the issue where 'make install' was installing to
/usr/lib on 64-bit systems that use /usr/lib64. Now we need
to clean up the remnants in /usr/lib.
* 'make install' now prints a warning if DESTDIR/ASTLIBDIR
contains 'lib64' and libasterisk* shared libraries or modules
are also found in DESTDIR/ASTLIBDIR with 'lib64' transformed
to 'lib'.
* 'make uninstall' ALWAYS cleans up both DESTDIR/ASTLIBDIR and
DESTDIR/ASTLIBDIR with 'lib64' transformed to 'lib'.
ASTERISK-26705
Change-Id: I6edddeb3c07a51e7c7ba7cac3c05e4bf3ec3f01f
The bridge_native_rtp module did not properly handle the case where
a smart bridge operation occurs while a channel is suspended. In this
scenario the module would incorrectly set up local or remote RTP
bridging despite the media having to flow through Asterisk. The remote
endpoint would see two media streams and experience wonky audio.
The module has been changed so that it ensures both channels are
not suspended when performing the native RTP bridging and this
requirement has been documented in the bridge technology.
ASTERISK-26781
Change-Id: Id4022d73ace837d4a293106445e3ade10dbc7c7c
This change updates the documentation for the outbound_proxy option
to ensure it is consistently stated that a full SIP URI must be
provided for the option.
The res_pjsip_outbound_registration module has also been changed so
that the provided outbound_proxy value is checked to ensure it is a
URI and if not an error is output stating so.
ASTERISK-26782
Change-Id: I6c239a32274846fd44e65b44ad9bf6373479b593
* Removed all 2.5.5 functional patches.
* Updated usages of pj_release_pool to be "safe".
* Updated configure options to disable webrtc.
* Updated config_site.h to disable webrtc in pjmedia.
* Added Richard Mudgett's recent resolver patches.
Change-Id: Ib400cc4dfca68b3d07ce14d314e829bfddc252c7
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory. To make matters worse, options were being passed
to ldconfig on both Linux and FreeBSD that actually prevented
the rebuild of the cache.
* Fedora has a /usr/share/config.site that automatically tells
autoconf to use /usr/lib64 but CentOS does not. This logic was
copied to configure.ac and modified so systems like Ubuntu,
which still use /usr/lib for 64-bit systems, aren't affected.
Now that we have them in the correct directory...
In order for the system loader to find libasteriskssl and
libasteriskpj, one of 3 things has to happen...
- The linker cache must be rebuilt including the directory
where the libasterisk* libraries were installed. Only root
can rebuild the cache. This was busted.
- We have to link the asterisk binary with an rpath pointing
to the directrory where the libasterisk* libraries were
installed. This makes things very complicated and will happen
over the collective dead bodies of everyone who's had to
package a distribution with an rpath.
- Finally, you can start asterisk with LD_LIBRARY_PATH set to the
directrory where the libasterisk* libraries were installed.
There are no other options. So...
* The invokation of ldconfig has been moved from main/Makefile
to ASTTOPDIR/Makefile, the options have been removed, and
DESTDIR/ASTLIBDIR appended. If you aren't root, you will be
warned after the "Asterisk Installation Compete" banner that
you must re-run 'make install' as root, manually run
'ldconfig DESTDIR/ASTLIBDIR' as root, or run asterisk with
LD_LIBRARY_PATH.
ASTERISK-26705
Change-Id: I2a64b7c33a7d3e9bde20f47e3d3ab771977af982
* A missing AST_LIST_UNLOCK() in find_table()
* The ESCAPE_STRING() macro uses pgsqlConn under the hood and we were
not consistently locking before calling it.
* There were a handful of other places where pgsqlConn was accessed
directly without appropriate locking.
Change-Id: Iea63f0728f76985a01e95b9912c3c5c6065836ed
The initial motivation for this patch was to properly handle memory
allocation failures - we weren't checking the return values from the
various LDAP library allocation functions.
In the process, because update_ldap() and update2_ldap() were
substantially the same code, they've been consolidated.
Change-Id: Iebcfe404177cc6860ee5087976fe97812221b822
Not sure if this is really a bug versus an improvement. I can see it being
viewed as a bug though by some.
The current build_tools/download_externals file depends on wget in order to
download external modules. The current build system is able to discover
which tool to use for fetching remote files - either wget or curl.
This patch takes advantage of this capability by modifying the two calls to
the wget binary to instead use what was discovered by the build system.
ASTERISK-26812 #close
Change-Id: If9411a2554f009274d377445613ae91192d948a1
The patterns provided by pbx_realtime were checked in the order in
which they were returned from the realtime backend. If there was
overlap between multiple patterns, the first one to correctly match was
chosen even though it may not have been the best match.
We now sort the patterns descending by their length and compare in that
order. There may be cases where this still results in a sub-optimal
match, but this patch should improve the overall behavior.
ASTERISK-18271 #close
Reported by: Charlie Smurthwaite
Change-Id: I56d9ac15810eb1775966b669c3028e32cc7bd809
The DUNDi weight field is not always converted from network byte order
to host byte order. This can result in incorrect weight values and
incorrect selection of DUNDi destinations.
ASTERISK-18731 #close
Reported by: Peter Racz
Patches:
dundi_weight.patch (license #6290) patch uploaded by Peter Racz
Change-Id: Iba3e1a700ff539db57211a7bbc26f7b22ea9a1be
* changes:
res_config_ldap: Don't try to delete non-existent attributes
res_config_ldap: Remove extraneous line numbers from log messages
res_config_ldap: Make memory allocation more consistent
res_config_ldap: Fix configuration inheritance from _general
ast_load_realtime_multientry() returns an ast_config structure whose
ast_categorys are keyed with the empty strings. Several modules were
giving semantic meaning to the category names causing problems at
runtime.
* app_directory: Treated the category name as the mailbox name, and
would fail to direct calls to the appropriate extension after an
entry was chosen.
* app_queue: Queues, queue members, and queue rules were all affected
and needed to be updated.
* pbx_realtime: Pattern matching would never succeed because the
extension entered by the user was always compared to the empty
string.
Change-Id: Ie7e44986344b0b76ea8f6ddb5879f5040c6ca8a7
All of the realtime backends create artificial ast_categorys to pass
back into the core as query results. These categories have no filename
or line number information associated with them and the backends differ
slightly on how they create them. So create a couple helper macros to
help make things more consistent.
Also updated the call sites to remove redundant error messages about
memory allocation failure.
Note that res_config_ldap sets the category filename to the 'table name'
but that is not read by anything in the core, so I've dropped it.
Change-Id: I3a1fd91e0c807dea1ce3b643b0a6fe5be9002897
On some platforms a multiarch approach is used for libraries.
The build system does not take this into account and still
places libraries into the lib directory if no --libdir is
specified to configure. On initial startup this results in
libasteriskssl.so not being found, as it is not in the multiarch
lib directory.
This change does the minimally invasive thing and executes
ldconfig so that the libraries in the lib directory are found
and their location cached. By doing so Asterisk starts up fine.
If DESTDIR is specified, however, the old logic is executed as
the install process may not have permission to alter the ldconfig
cache.
ASTERISK-26705
Change-Id: If4eca46ac510c6fea5568256280ffdb3888d7bb4
The inbound authentication object is supposed to be immutable when it is
stored in sorcery. However, the immutable property is violated if the
authentication object does not have a realm set.
The immutable contract violation has a different effect depending upon
what sorcery back end is used. If it is the config file back end you
would get the same object back until res_pjsip is reloaded. If it is the
real-time or AstDB back end you would get a new object on each query. If
it is cached you would get the same object back until it is refreshed from
the database.
Once an inbound authentication object has its realm set it may or may not
get updated again if the default_realm changes.
If the same authentication object is used for inbound and outbound
authentication then the immutable violation can make it very hard to
determine why the outbound authentication now fails. The only diagnostic
message is a complaint about no realms matching when it had worked
earlier. It fails because of the difference in behaviour for an empty
realm setting between inbound and outbound authentication objects.
* Fixed the sorcery object immutable violation by creating a new object
and setting the default_realm on it instead. The new object is a shallow
copy for speed.
* The auth_store thread storage no longer holds an auth ref. It
interferes with the shallow copy and never needed a ref anyway.
ASTERISK-26799 #close
Change-Id: I2328a52f61b78ed5fbba38180b7f183ee7e08956
