Commit Graph

181 Commits

Author SHA1 Message Date
Joshua C. Colp
f97e9aed85 pjsip: Add TLS transport reload support for certificate and key.
This change adds support using the pjsip_tls_transport_restart
function for reloading the TLS certificate and key, if the filenames
remain unchanged. This is useful for Let's Encrypt and other
situations. Note that no restart of the transport will occur if
the certificate and key remain unchanged.

ASTERISK-30186

Change-Id: I9bc95a6bf791830a9491ad9fa43c17d4010028d0
2022-09-09 18:41:02 -05:00
Stanislav Abramenkov
2d500a090f pjsip: Upgrade bundled version to pjproject 2.12.1
More information:
https://github.com/pjsip/pjproject/releases/tag/2.12.1

Pull request to third-party
https://github.com/asterisk/third-party/pull/11

ASTERISK-30050

Change-Id: Icb4e86d4b85ef9b975355c91f3ed56a50b51c6bd
2022-06-17 12:42:32 -05:00
Joshua C. Colp
8500210611 pjsip: Increase maximum number of format attributes.
Chrome has added more attributes, causing the limit to be
exceeded. This raises it up some more.

ASTERISK-30015

Change-Id: I964957c005c4e6f7871b15ea1ccd9b4659c7ef32
2022-04-25 18:31:45 -05:00
Joshua C. Colp
e5e02f783d pjproject: Update bundled to 2.12 release.
This change removes patches which have been merged into
upstream and updates some existing ones. It also adds
some additional config_site.h changes to restore previous
behavior, as well as a patch to allow multiple Authorization
headers. There seems to be some confusion or disagreement
on language in RFC 8760 in regards to whether multiple
Authorization headers are supported. The RFC implies it
is allowed, as does some past sipcore discussion. There is
also the catch all of "local policy" to allow it. In
the case of Asterisk we allow it.

ASTERISK-29351

Change-Id: Id39ece02dedb7b9f739e0e37ea47d76854af7191
2022-03-30 16:10:30 -05:00
Kevin Harwell
9e74563a50 AST-2022-006: pjproject - unconstrained malformed multipart SIP message
ASTERISK-29945 #close

Change-Id: Ic58957afc453195d53c2bd25c905df3d91d1abe6
2022-03-04 12:48:57 -06:00
Kevin Harwell
742d265ff5 AST-2022-005: pjproject - undefined behavior after freeing a dialog set
ASTERISK-29945 #close

Change-Id: Ia8ce6d82b115c82c1138747c72a0adcaa42b718c
2022-03-04 12:45:34 -06:00
Kevin Harwell
fc160abb67 AST-2022-004: pjproject - possible integer underflow on STUN message
ASTERISK-29945 #close

Change-Id: I721cd254e4f8aa6d3a97a37529cca53519694c54
2022-03-04 12:33:44 -06:00
Joshua C. Colp
3771074a45 jansson: Update bundled to 2.14 version.
ASTERISK-29353

Change-Id: I4ea43eda1691565563a4c03ef37166952d211b2b
2022-02-25 15:17:04 -06:00
George Joseph
0d53ce35f9 bundled_pjproject: Add additional multipart search utils
Added the following APIs:
pjsip_multipart_find_part_by_header()
pjsip_multipart_find_part_by_header_str()
pjsip_multipart_find_part_by_cid_str()
pjsip_multipart_find_part_by_cid_uri()

Change-Id: I6aee3dcf59eb171f93aae0f0564ff907262ef40d
2022-02-01 10:31:01 -06:00
George Joseph
cc38ed9c21 bundled_pjproject: Fix srtp detection
Reverted recent change that set '--with-external-srtp' instead
of '--without-external-srtp'.  Since Asterisk handles all SRTP,
we don't need it enabled in pjproject at all.

ASTERISK-29867

Change-Id: I2ce1bdd30abd21c062eac8f8fefe9b898787b801
2022-01-19 07:38:51 -06:00
George Joseph
b59bd3d3e4 build: Fix issues building pjproject
The change to allow easier hacking on bundled pjproject created
a few issues:

* The new Makefile was trying to run the bundled make even if
  PJPROJECT_BUNDLED=no.  third-party/Makefile now checks for
  PJPROJECT_BUNDLED and JANSSON_BUNDLED and skips them if they
  are "no".

* When building with bundled, config_site.h was being copied
  only if a full make or a "make main" was done.  A "make res"
  would fail all the pjsip modules because they couldn't find
  config_site.h.  The Makefile now copies config_site.h and
  asterisk_malloc_debug.h into the pjproject source tree
  when it's "configure" is performed.  This is how it used
  to be before the big change.

ASTERISK-29858

Change-Id: I9427264fa3cb8b3f59a95e5f9693eac236a6f76d
2022-01-17 08:53:56 -06:00
George Joseph
f10947ecc2 bundled_pjproject: Create generic pjsip_hdr_find functions
pjsip_msg_find_hdr(), pjsip_msg_find_hdr_by_name(), and
pjsip_msg_find_hdr_by_names() require a pjsip_msg to be passed in
so if you need to search a header list that's not in a pjsip_msg,
you have to do it yourself.  This commit adds generic versions of
those 3 functions that take in the actual header list head instead
of a pjsip_msg so if you need to search a list of headers in
something like a pjsip_multipart_part, you can do so easily.

Change-Id: I6f2c127170eafda48e5e0d5d4d187bcd52b4df07
2022-01-17 07:54:56 -06:00
George Joseph
3f093b8dda bundled_pjproject: Make it easier to hack
There are times when you need to troubleshoot issues with bundled
pjproject or add new features that need to be pushed upstream
but...

* The source directory created by extracting the pjproject tarball
  is not scanned for code changes so you have to keep forcing
  rebuilds.
* The source directory isn't a git repo so you can't easily create
  patches, do git bisects, etc.
* Accidentally doing a make distclean will ruin your day by wiping
  out the source directory, and your changes.
* etc.

This commit makes that easier.
See third-party/pjproject/README-hacking.md for the details.

ASTERISK-29824

Change-Id: Idb1251040affdab31d27cd272dda68676da9b268
2022-01-07 08:44:12 -06:00
Sean Bright
ee69441fbd pjproject: Fix incorrect unescaping of tokens during parsing
ASTERISK-29664 #close

Change-Id: I29dcde52e9faeaf2609c604eada61c6a9e49d8f5
2022-01-05 13:13:47 -06:00
George Joseph
0cf4e325aa bundled_pjproject: Add more support for multipart bodies
Adding upstream patch for pull request...
https://github.com/pjsip/pjproject/pull/2920
---------------------------------------------------------------

sip_inv:  Additional multipart support (#2919)

sip_inv.c:inv_check_sdp_in_incoming_msg() deals with multipart
message bodies in rdata correctly. In the case where early media is
involved though, the existing sdp has to be retrieved from the last
tdata sent in this transaction. This, however, always assumes that
the sdp sent is in a non-multipart body. While there's a function
to retrieve the sdp from multipart and non-multpart rdata bodies,
no similar function for tdata exists.  So...

* The existing pjsip_rdata_get_sdp_info2 was refactored to
  find the sdp in any body, multipart or non-multipart, and
  from either an rdata or tdata.  The new function is
  pjsip_get_sdp_info.  This new function detects whether the
  pjsip_msg->body->data is the text representation of the sdp
  from an rdata or an existing pjmedia_sdp_session object
  from a tdata, or whether pjsip_msg->body is a multipart
  body containing either of the two sdp formats.

* The exsting pjsip_rdata_get_sdp_info and pjsip_rdata_get_sdp_info2
  functions are now wrappers that get the body and Content-Type
  header from the rdata and call pjsip_get_sdp_info.

* Two new wrappers named pjsip_tdata_get_sdp_info and
  pjsip_tdata_get_sdp_info2 have been created that get the body
  from the tdata and call pjsip_get_sdp_info.

* inv_offer_answer_test.c was updated to test multipart scenarios.

ASTERISK-29804

Change-Id: I483c7c3d413280c9e247a96ad581278347f9c71b
2021-12-22 09:46:26 -05:00
George Joseph
c07e3c2f4d BuildSystem: Check for alternate openssl packages
OpenSSL is one of those packages that often have alternatives
with later versions.  For instance, CentOS/EL 7 has an
openssl package at version 1.0.2 but there's an openssl11
package from the epel repository that has 1.1.1.  This gets
installed to /usr/include/openssl11 and /usr/lib64/openssl11.
Unfortunately, the existing --with-ssl and --with-crypto
./configure options expect to point to a source tree and
don't work in this situation.  Also unfortunately, the
checks in ./configure don't use pkg-config.

In order to make this work with the existing situation, you'd
have to run...
./configure --with-ssl=/usr/lib64/openssl11 \
    --with-crypto=/usr/lib64/openssl11 \
    CFLAGS=-I/usr/include/openssl11

BUT...  those options don't get passed down to bundled pjproject
so when you run make, you have to include the CFLAGS again
which is a big pain.

Oh...  To make matters worse, although you can specify
PJPROJECT_CONFIGURE_OPTS on the ./configure command line,
they don't get saved so if you do a make clean, which will
force a re-configure of bundled pjproject, those options
don't get used.

So...

* In configure.ac... Since pkg-config is installed by install_prereq
  anyway, we now use it to check for the system openssl >= 1.1.0.
  If that works, great.  If not, we check for the openssl11
  package. If that works, great.  If not, we fall back to just
  checking for any openssl.  If pkg-config isn't installed for some
  reason, or --with-ssl=<dir> or --with-crypto=<dir> were specified
  on the ./configure command line, we fall back to the existing
  logic that uses AST_EXT_LIB_CHECK().

* The whole OpenSSL check process has been moved up before
  THIRD_PARTY_CONFIGURE(), which does the initial pjproject
  bundled configure, is run.  This way the results of the above
  checks, which may result in new include or library directories,
  is included.

* Although not strictly needed for openssl, We now save the value of
  PJPROJECT_CONFIGURE_OPTS in the makeopts file so it can be used
  again if a re-configure is triggered.

ASTERISK-29693

Change-Id: I341ab7603e6b156aa15a66f43675ac5029d5fbde
2021-10-20 13:21:16 -05:00
George Joseph
0947c30224 pjproject: Add patch to fix trailing whitespace issue in rtpmap
An issue was found where a particular manufacturer's phones add a
trailing space to the end of the rtpmap attribute when specifying
a payload type that has a "param" after the format name and clock
rate. For example:

a=rtpmap:120 opus/48000/2 \r\n

Because pjmedia_sdp_attr_get_rtpmap currently takes everything after
the second '/' up to the line end as the param, the space is
included in future comparisons, which then fail if the param being
compared to doesn't also have the space.

We now use pj_scan_get() to parse the param part of rtpmap so
trailing whitespace is automatically stripped.

ASTERISK-29654

Change-Id: Ibd0a4e243a69cde7ba9312275b13ab62ab86bc1b
2021-09-15 12:14:20 -05:00
Kevin Harwell
3025ef4f6e AST-2021-009 - pjproject-bundled: Avoid crash during handshake for TLS
If an SSL socket parent/listener was destroyed during the handshake,
depending on timing, it was possible for the handling callback to
attempt access of it after the fact thus causing a crash.

ASTERISK-29415 #close

Change-Id: I105dacdcd130ea7fdd4cf2010ccf35b5eaf1432d
2021-07-22 16:19:37 -05:00
George Joseph
655ee680cd res_pjsip_outbound_authenticator_digest: Be tolerant of RFC8760 UASs
RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm.  The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred.  We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.

The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.

It doesn't stop there though... Each realm can require a
different username from the others.  There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.

So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header.  We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.

In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.

NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5.  We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5.  When we support the
others, we'll move the check into the loop that searches the
objects.

Changes:

 * Added a new API ast_sip_retrieve_auths_vector() that takes in
   a vector of auth ids (usually supplied on a call to
   ast_sip_create_request_with_auth()) and populates another
   vector with the actual objects.

 * Refactored res_pjsip_outbound_authenticator_digest to handle
   multiple Authenticate headers and set the stage for handling
   additional digest algorithms.

 * Added a pjproject patch that allows them to ignore digest
   algorithms they don't support.  This patch has already been
   merged upstream.

 * Updated documentation for auth objects in the XML and
   in pjsip.conf.sample.

 * Although res_pjsip_authenticator_digest isn't affected
   by this change, some debugging and a testsuite AMI event
   was added to facilitate testing.

Discovered during OpenSIPit 2021.

ASTERISK-29397

Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281
2021-05-20 14:21:02 -05:00
Joshua C. Colp
6d5cac1d10 pjsip: Add patch for resolving STUN packet lifetime issues.
In some cases it was possible for a STUN packet to be destroyed
prematurely or even destroyed partially multiple times.

This patch provided by Teluu fixes the lifetime of these
packets and ensures they aren't partially destroyed multiple
times.

https://github.com/pjsip/pjproject/pull/2709

ASTERISK-29377

Change-Id: Ie842ad24ddf345e01c69a4d333023f05f787abca
2021-05-17 08:54:34 -05:00
Joshua C. Colp
acb7ce4fe7 pjsip: Make modify_local_offer2 tolerate previous failed SDP.
If a remote side is broken and sends an SDP that can not be
negotiated the call will be torn down but there is a window
where a second 183 Session Progress or 200 OK that is forked
can be received that also attempts to negotiate SDP. Since
the code marked the SDP negotiation as being done and complete
prior to this it assumes that there is an active local and remote
SDP which it can modify, while in fact there is not as the SDP
did not successfully negotiate. Since there is no local or remote
SDP a crash occurs.

This patch changes the pjmedia_sdp_neg_modify_local_offer2
function to no longer assume that a previous SDP negotiation
was successful.

ASTERISK-29196

Change-Id: I22de45916d3b05fdc2a67da92b3a38271ee5949e
2021-02-18 09:51:53 -06:00
Pirmin Walthert
7a6cfde4db res_pjsip_nat.c: Create deep copies of strings when appropriate
In rewrite_uri asterisk was not making deep copies of strings when
changing the uri. This was in some cases causing garbage in the route
header and in other cases even crashing asterisk when receiving a
message with a record-route header set. Thanks to Ralf Kubis for
pointing out why this happens. A similar problem was found in
res_pjsip_transport_websocket.c. Pjproject needs as well to be patched
to avoid garbage in CANCEL messages.

ASTERISK-29024 #close

Change-Id: Ic5acd7fa2fbda3080f5f36ef12e46804939b198b
2020-12-17 09:10:54 -06:00
Michael Neuhauser
6482ab5bea pjproject: clone sdp to protect against (nat) modifications
PJSIP, UDP transport with external_media_address and session timers
enabled. Connected to SIP server that is not in local net. Asterisk
initiated the connection and is refreshing the session after 150s
(timeout 300s). The 2nd refresh-INVITE triggered by the pjsip timer has
a malformed IP address in its SDP (garbage string). This only happens
when the SDP is modified by the nat-code to replace the local IP address
with the configured external_media_address.
Analysis: the code to modify the SDP (in
res_pjsip_session.c:session_outgoing_nat_hook() and also (redundantly?)
in res_pjsip_sdp_rtp.c:change_outgoing_sdp_stream_media_address()) uses
the tdata->pool to allocate the replacement string. But the same
pjmedia_sdp_stream that was modified for the 1st refresh-INVITE is also
used for the 2nd refresh-INVITE (because it is stored in pjmedia's
pjmedia_sdp_neg structure). The problem is, that at that moment, the
tdata->pool that holds the stringified external_media_address from the
1. refresh-INVITE has long been reused for something else.
Fix by Sauw Ming of pjproject (see
https://github.com/pjsip/pjproject/pull/2476): the local, potentially
modified pjmedia_sdp_stream is cloned in
pjproject/source/pjsip/src/pjmedia/sip_neg.c:process_answer() and the
clone is stored, thereby detaching from the tdata->pool (which is only
released *after* process_answer())

ASTERISK-28973
Reported-by: Michael Neuhauser

Change-Id: I272ac22436076596e06aa51b9fa23fd1c7734a0e
2020-08-10 06:33:25 -05:00
Joshua C. Colp
af70bbb13a websocket / pjsip: Increase maximum packet size.
When dealing with a lot of video streams on WebRTC
the resulting SDPs can grow to be quite large. This
effectively doubles the maximum size to allow more
streams to exist.

The res_http_websocket module has also been changed
to use a buffer on the session for reading in packets
to ensure that the stack space usage is not excessive.

Change-Id: I31d4351d70c8e2c11564807a7528b984f3fbdd01
2020-07-23 07:30:17 -05:00
Joshua C. Colp
8d15f72721 pjsip: Include timer patch to prevent cancelling timer 0.
I noticed this while looking at another issue and brought
it up with Teluu. It was possible for an uninitialized timer
to be cancelled, resulting in the invalid timer id of 0
being placed into the timer heap causing issues.

This change is a backport from the pjproject repository
preventing this from happening.

Change-Id: I1ba318b1f153a6dd7458846396e2867282b428e7
2020-07-16 07:26:00 -05:00
Kevin Harwell
415b55af5a pjproject: Upgrade bundled version to pjproject 2.10
This patch makes the usual necessary changes when upgrading to a new
version pjproject. For instance, version number bump, patches removed
from third-party, new *.md5 file added, etc..

This patch also includes a change to the Asterisk pjproject Makefile to
explicitly create the 'source/pjsip-apps/lib' directory. This directory
is no longer there by default so needs to be added so the Asterisk
malloc debug can be built.

This patch also includes some minor changes to Asterisk that were a result
of the upgrade. Specifically, there was a backward incompatibility change
made in 2.10 that modified the "expires header" variable field from a
signed to an unsigned value. This potentially effects comparison. Namely,
those check for a value less than zero. This patch modified a few locations
in the Asterisk code that may have been affected.

Lastly, this patch adds a new macro PJSIP_MINVERSION that can be used to
check a minimum version of pjproject at compile time.

ASTERISK-28899 #close

Change-Id: Iec8821c6cbbc08c369d0e3cd2f14e691b41d0c81
2020-06-16 08:07:17 -05:00
Guido Falsi
801d570f6e pjproject: Fix race condition when building with parallel make
Pjproject makefiles miss some dependencies which can cause race
conditions when building with parallel make processes. This patch
adds such dependencies correctly.

ASTERISK-28879 #close
Reported-by: Dmitry Wagin <dmitry.wagin@ya.ru>

Change-Id: Ie1b0dc365dafe4a84c5248097fe8d73804043c22
2020-05-11 17:08:25 -05:00
Guido Falsi
c831f03273 pjproject: Remove bashism from configure.m4 script
The configure.m4 script for pjproject contains some += syntax, which
is specific to bash, replacing it with string substitutions makes
the script compatible with traditional Bourne shells.

ASTERISK-28866 #close
Reported-by: Christoph Moench-Tegeder <cmt@FreeBSD.org>

Change-Id: I382a78160e028044598b7da83ec7e1ff42b91c05
2020-05-05 09:28:01 -05:00
Joshua C. Colp
3078a00a6d pjsip: Increase maximum ICE candidate count.
In practice it has been seen that some users come
close to our maximum ICE candidate count of 32.
In case people have gone over this increases the
count to 64, giving ample room.

ASTERISK-28859

Change-Id: I35cd68948ec0ada86c14eb53092cdaf8b62996cf
2020-04-29 13:53:01 -05:00
Alexander Traud
966acc6251 pjproject_bundled: Honor --without-pjproject.
ASTERISK-28837

Change-Id: Id057324912a3cfe6f50af372675626bb515907d9
2020-04-17 06:35:06 -05:00
Alexander Traud
3431949a52 pjproject_bundled: Repair ./configure --with-ssl without ARG.
ASTERISK-28758
Reported by: Patrick Wakano
Reported by: Dmitriy Serov

Change-Id: Ifb6b85c559d116739af00bc48d1f547caa85efac
2020-04-13 18:22:35 -05:00
Alexander Traud
52ecbbd014 _pjsua: Build even with Clang.
Change-Id: Iebf7687613aa0295ea3c82256460b337f1595be2
2020-04-13 15:02:19 -05:00
Ben Ford
168637cc0c RTP/ICE: Send on first valid pair.
When handling ICE negotiations, it's possible that there can be a delay
between STUN binding requests which in turn will cause a delay in ICE
completion, preventing media from flowing. It should be possible to send
media when there is at least one valid pair, preventing this scenario
from occurring.

A change was added to PJPROJECT that adds an optional callback
(on_valid_pair) that will be called when the first valid pair is found
during ICE negotiation. Asterisk uses this to start the DTLS handshake,
allowing media to flow. It will only be called once, either on the first
valid pair, or when ICE negotiation is complete.

ASTERISK-28716

Change-Id: Ia7b68c34f06d2a1d91c5ed51627b66fd0363d867
2020-02-18 09:55:12 -06:00
Sean Bright
9d9bde76a9 pjproject_bundled: Allow brackets in via parameters
ASTERISK-26955 #close
Reported by: Peter Sokolov

Change-Id: Ib2803640905a77b65d0cee2d0ed2c7b310d470ac
2020-02-06 06:35:23 -06:00
George Joseph
5d9f9f4871 pjproject_bundled: Replace earlier reverts with official fixes.
Issues in pjproject 2.9 caused us to revert some of their changes
as a work around.  This introduced another issue where pjproject
wouldn't build with older gcc versions such as that found on
CentOS 6.  This commit replaces the reverts with the official
fixes for the original issues and allows pjproject to be built
on CentOS 6 again.

ASTERISK-28574
Reported-by: Niklas Larsson

Change-Id: I06f8507bea553d1a01b0b8874197d35b9d47ec4c
2019-10-10 06:43:34 -05:00
George Joseph
cc83e76aa5 pjproject_bundled: Revert pjproject 2.9 commits causing leaks
We've found a connection re-use regression in pjproject 2.9
introduced by commit
"Close #1019: Support for multiple listeners."
https://trac.pjsip.org/repos/changeset/6002
https://trac.pjsip.org/repos/ticket/1019

Normally, multiple SSL requests should reuse the same connection
if one already exists to the remote server.  When a transport
error occurs, the next request should establish a new connection
and any following requests should use that same one.  With this
patch, when a transport error occurs, every new request creates
a new connection so you can wind up with thousands of open tcp
sockets, possibly exhausting file handles, and increasing memory
usage.

Reverting pjproject commit 6002 (and related 6021) restores the
expected behavior.

We also found a memory leak in SSL processing that was introduced by
commit
"Fixed #2204: Add OpenSSL remote certificate chain info"
https://trac.pjsip.org/repos/changeset/6014
https://trac.pjsip.org/repos/ticket/2204

Apparently the remote certificate chain is continually recreated
causing the leak.

Reverting pjproject commit 6014 (and related 6022) restores the
expected behavior.

Both of these issues have been acknowledged by Teluu.

ASTERISK-28521

Change-Id: I8ae7233c3ac4ec29a3b991f738e655dabcaba9f1
2019-09-24 08:17:01 -05:00
Dan Cropp
0844d6b127 pjproject: Configurable setting for cnonce to include hyphens or not
NEC SIP Station interface with authenticated registration only supports cnonce
up to 32 characters.  In Linux, PJSIP would generate 36 character cnonce
which included hyphens.  Teluu developed this patch adding a compile time
setting to default to not include the hyphens.  They felt it best to still
generate the UUID and strip the hyphens.
They have indicated it will be part of PJSIP 2.10.

ASTERISK-28509
Reported-by: Dan Cropp

Change-Id: Ibdfcf845d4f8c0a14df09fd983b11f2d72c5f470
2019-08-21 10:58:00 -05:00
George Joseph
8b3ee7fe61 pjproject_bundled: Add peer information to most SSL/TLS errors
Most SSL/TLS error messages coming from pjproject now have either
the peer address:port or peer hostname, depending on what was
available at the time and code location where the error was
generated.

ASTERISK-28444
Reported by: Bernhard Schmidt

Change-Id: I41770e8a1ea5e96f6e16b236692c4269ce1ba91e
2019-06-27 12:53:13 -05:00
Sean Bright
c70d874f7d pjproject: Update to 2.9 release
Relies on https://github.com/asterisk/third-party/pull/4

Change-Id: Iec9cad42cb4ae109a86a3d4dae61e8bce4424ce3
2019-06-13 12:24:32 -04:00
Friendly Automation
3d4cc9c30d Merge "pjproject-bundled: Add upstream timer fixes" 2019-05-22 12:07:50 -05:00
Matt Jordan
54f7f7dc20 pjproject/Makefile: Updates for Darwin compatible builds
This patch fixes three compatibility issues for Darwin compatible builds:

(1) Use BSD compatible command line option for sed

For some versions of BSD sed, the -r command line option is unknown.
Both GNU and BSD sed support the -E command line option for enabling
extended regular expressions; as such, this patch replaces the -r
option with -E.

(2) Look for '_' in pjproject generated symbols

In Darwin comaptible systems, the symbols generated for pjproject may be
prefixed with an '_'. When exporting these to a symbol file, the invocation
to sed has to optionally look for a prefix of said '_' character.

(3) Use -all_load/-noall_load when linking

The flags -whole-archive/-no-whole-archive are not supported by the
linker, and must instead be replaced with -all_load/-noall_load.

Change-Id: I58121756de6a0560a6e49ca9d6bf9566a333cde3
2019-05-21 10:15:50 -05:00
Joshua Colp
3853fab3f5 pjproject-bundled: Add upstream timer fixes
Fixed #2191:
  - Stricter double timer entry scheduling prevention.
  - Integrate group lock in SIP transport, e.g: for add/dec ref,
    for timer scheduling.

ASTERISK-28161
Reported-by: Ross Beer

Change-Id: I2e09aa66de0dda9414d8a8259a649c4d2d96a9f5
2019-05-20 12:37:07 -06:00
George Joseph
089581f20a build: Pass --fno-partial-inlining to third-party when appropriate
When the gcc version is >= 8.2.1, we were already setting the
--fno-partial-inlining flag for Asterisk source files to get around
a gcc bug but we weren't passing the flag down to the bundled
builds of pjproject and jansson.

ASTERISK-28392

Change-Id: I99ede9bc35408ecd096f7d5369e8192d3dc75704
2019-05-03 12:42:27 -06:00
Sean Bright
7043ed6ac9 pjproject: Add timer patch from pjproject r5934
ASTERISK-28161 #close
Reported by: Ross Beer

Change-Id: I65331d554695753005eaa66c1d5d4807fe9009c8
2019-03-27 08:10:51 -06:00
George Joseph
ac2d302c2c bundled-jansson: On OpenSuse Leap libjansson.a was placed in lib64
On OpenSuse Leap, libjansson.a is installed in
third-party/jansson/dest/lib64 instead of lib (which is where
the top-level makeopts looks).  This causes a link failure.

* Updated jansson/Makefile to add an explicit --libdir to force
  the installation to third-party/jansson/dest/lib.

ASTERISK-28271
Reported by: David Wilcox

Change-Id: Ibf8af75e5da13562105fcc39ed898c6ef0b5a5f3
2019-02-04 07:17:50 -06:00
Jean Aunis
d9fae4a824 build : Fix cross-compilation errors
Bundled pjproject and jansson must be configured with the host and build
parameters provided to the configure script.
Autotools do not permit to check for the existence of local header files, so
the control of hrirs.h must not be done when cross-compiling.

ASTERISK-28250

Change-Id: If0a76e52a87d4ab82b7d4c72d27d8759ca931880
2019-01-23 15:19:26 +01:00
George Joseph
deffb8a6e0 pjproject_bundled: Add patch for double free issue in timer heap
Fixed #2172: Avoid double reference counter decrements in
timer in the scenario of race condition between
pj_timer_heap_cancel() and pj_timer_heap_poll().

Change-Id: If000e9438c83ac5084b678eb811e902c035bd2d8
2019-01-22 09:04:43 -06:00
Pirmin Walthert
ecb9ed0958 pjproject_bundled: check whether UPDATE is supported on outgoing calls
In ASTERISK-27095 an issue had been fixed because of which chan_pjsip was not
trying to send UPDATE messages when connected_line_method was set to invite.
However this only solved the issue for incoming INVITES. For outgoing INVITES
(important when transferring calls) the options variable needs to be updated
at a different place.

ASTERISK-28182 #close
Reported-by: nappsoft

Change-Id: I76cc06da4ca76ddd6dce814a8b97cc66b98aaf29
2018-11-30 09:34:09 -05:00
Corey Farrell
8e1ab4f11c jansson: Upgrade to 2.12.
This brings in jansson-2.12, removes all patches that were merged
upstream.  README is created in third-party/jansson/patches to explain
how to add patches but also because the patches folder must exist for
the build process to succeed.

Change-Id: If0f2d541c50997690660c21fb7b03d625a5cdadd
2018-11-26 07:17:54 -05:00
Corey Farrell
752fd06d12 pjproject-bundled: Use AST_DEVMODE for conditional compilation.
We previously allowed resample and g711 codecs to be built when
TEST_FRAMEWORK was enabled.  This could cause errors if the testsuite
was run without this option enabled.  Switch the build system to allow
those codecs to be built when --enable-dev-mode is used.  This removes a
chance for strange testsuite errors from use of an inadequate pjsua
binary.

Change-Id: Iee8a3613cdb711fa7e7d217c5a775a575907ae22
2018-11-16 08:26:32 -05:00