The current STIR/SHAKEN implementation is not currently usable due
to encryption issues. Rather than trying to futz with OpenSSL and
the the current code, we can take advantage of the existing
capabilities of libjwt but we first need to add it to the
third-party infrastructure already in place for jansson and
pjproject.
A few tweaks were also made to the third-party infrastructure as
a whole. The jansson "dest" install directory was renamed "dist"
to better match convention, and the third-party Makefile was updated
to clean all product directories not just the ones currently in
use.
Resolves: #349
(cherry picked from commit 733ab35848)
The documentation on qualify_timeout does not explicitly state that the timeout
includes any time required to perform any needed DNS queries on the endpoint.
If the OPTIONS response is delayed due to the DNS query, it can still render an
endpoint as Unreachable if the net time is enough for qualify_timeout to expire.
Resolves: #352
(cherry picked from commit 7369de127a)
Previously, DETECT_DEADLOCKS depended on DEBUG_THREADS.
Unfortunately, DEBUG_THREADS adds a lot of lock tracking overhead
to all of the lock lifecycle calls whereas DETECT_DEADLOCKS just
causes the lock calls to loop over trylock in 200us intervals until
the lock is obtained and spits out log messages if it takes more
than 5 seconds. From a code perspective, the only reason they were
tied together was for logging. So... The ifdefs in lock.c were
refactored to allow DETECT_DEADLOCKS to be enabled without
also enabling DEBUG_THREADS.
Resolves: #321
UserNote: You no longer need to select DEBUG_THREADS to use
DETECT_DEADLOCKS. This removes a significant amount of overhead
if you just want to detect possible deadlocks vs needing full
lock tracing.
(cherry picked from commit 04183eb246)
Add a wrapper function around ast_cel_publish_event that
packs event and extras into a blob before publishing
Resolves:#330
(cherry picked from commit 5c58a6fd56)
To better co-exist with sounds files that may be managed by
packages, custom sound files may now be placed in
AST_DATA_DIR/sounds/custom instead of the standard
AST_DATA_DIR/sounds/<lang> directory. If the new
"sounds_search_custom_dir" option in asterisk.conf is set
to "true", asterisk will search the custom directory for sounds
files before searching the standard directory. For performance
reasons, the "sounds_search_custom_dir" defaults to "false".
Resolves: #315
UserNote: A new option "sounds_search_custom_dir" has been added to
asterisk.conf that allows asterisk to search
AST_DATA_DIR/sounds/custom for sounds files before searching the
standard AST_DATA_DIR/sounds/<lang> directory.
(cherry picked from commit 7b42ebb90d)
The previous behavior of make_buildopts_h was to not add the
non-ABI-breaking MENUSELECT_CFLAGS like DETECT_DEADLOCKS,
REF_DEBUG, etc. to the buildopts.h file because "it caused
ccache to invalidate files and extended compile times". They're
only defined by passing them on the gcc command line with '-D'
options. In practice, including them in the include file rarely
causes any impact because the only time ccache cares is if you
actually change an option so the hit occurrs only once after
you change it.
OK so why would we want to include them? Many IDEs follow the
include files to resolve defines and if the options aren't in an
include file, it can cause the IDE to mark blocks of "ifdeffed"
code as unused when they're really not.
So...
* Added a new menuselect compile option ADD_CFLAGS_TO_BUILDOPTS_H
which tells make_buildopts_h to include the non-ABI-breaking
flags in buildopts.h as well as the ABI-breaking ones. The default
is disabled to preserve current behavior. As before though,
only the ABI-breaking flags appear in AST_BUILDOPTS and only
those are used to calculate AST_BUILDOPT_SUM.
A new AST_BUILDOPT_ALL define was created to capture all of the
flags.
* make_version_c was streamlined to use buildopts.h and also to
create asterisk_build_opts_all[] and ast_get_build_opts_all(void)
* "core show settings" now shows both AST_BUILDOPTS and
AST_BUILDOPTS_ALL.
UserNote: The "Build Options" entry in the "core show settings"
CLI command has been renamed to "ABI related Build Options" and
a new entry named "All Build Options" has been added that shows
both breaking and non-breaking options.
(cherry picked from commit 8d506370f5)
func_periodic_hook does not hangup after playback, relying on hangup
which keeps the channel alive longer than necessary.
Resolves: #325
(cherry picked from commit cf623753a9)
func_periodic_hook was truncating long channel names which
causes issues when you need to run other dialplan functions/apps
on the channel.
Resolves: #319
(cherry picked from commit 2e59f9fd6a)
If the safe_asterisk script detects that the /var/lib/asterisk
directory doesn't exist, it now creates it with 755 permissions
instead of 770. safe_asterisk needing to create that directory
should be extremely rare though because it's normally created
by 'make install' which already sets the permissions to 755.
Resolves: #316
(cherry picked from commit 4e43b9d308)
Using the Set dialplan application does not actually
delete channel or global variables. Instead the
variables are set to an empty value.
This change adds two dialplan functions,
GLOBAL_DELETE and DELETE which can be used to
delete global and channel variables instead
of just setting them to empty.
There is also no ability within the dialplan to
determine if a global or channel variable has
actually been set or not.
This change also adds two dialplan functions,
GLOBAL_EXISTS and VARIABLE_EXISTS which can be
used to determine if a global or channel variable
has been set or not.
Resolves: #289
UserNote: Four new dialplan functions have been added.
GLOBAL_DELETE and DELETE have been added which allows
the deletion of global and channel variables.
GLOBAL_EXISTS and VARIABLE_EXISTS have been added
which checks whether a global or channel variable has
been set.
(cherry picked from commit 405a08aaed)
All of the links that reference page anchors with capital letters in
the ids (#Something) have been changed to lower case to match the
anchors that are generated by mkdocs.
(cherry picked from commit e54d867f25)
The new documentation site uses traditional markdown instead
of the Confluence flavored version. This required changes in
the mustache templates and the python that generates the files.
(cherry picked from commit d2172582f7)
* Fixed issue with the script not parsing the new tag format for
certified releases. The format changed from certified/18.9-cert5
to certified-18.9-cert5.
* Fixed issue where the asterisk version wasn't being considered
when looking for cached versions.
Resolves: #263
(cherry picked from commit bebf843253)
Historically these were checked in for certified releases but
since the move to github and the unified release process,
they are no longer needed and cause issues.
(cherry picked from commit 87773dc11f)
In some cases I have yet to determine some stasis messages may
be created without a channel snapshot. This change adds some
tolerance to this scenario, preventing a crash from occurring.
(cherry picked from commit c83c14ba2d)
In the case where mute was called on a channel that had no
audiohooks the code was not unlocking the channel, resulting
in a deadlock.
Resolves: #233
(cherry picked from commit b37b28e071)
The app_queue module provides both an AMI action and a CLI command
to change the priority of a caller in a queue. Up to now this change
of priority has only been reflected to new callers into the queue.
This change adds an "immediate" option to both the AMI action and
CLI command which immediately applies the priority change respective
to the other callers already in the queue. This can allow, for example,
a caller to be placed at the head of the queue immediately if their
priority is sufficient.
Resolves: #202
UserNote: The 'queue priority caller' CLI command and
'QueueChangePriorityCaller' AMI action now have an 'immediate'
argument which allows the caller priority change to be reflected
immediately, causing the position of a caller to move within the
queue depending on the priorities of the other callers.
(cherry picked from commit 82c0971e6e)
The ast_app_getdata() and ast_app_getdata_terminator() declarations
in app.h were changed recently to return enum ast_getdata_result
(which is how they were defined in app.c). The existing
declaration of ast_getdata_result in app.h was about 1000 lines
after those functions however so under certain circumstances,
a "use before declaration" error was thrown by the compiler.
The declaration of the enum was therefore moved to before those
functions.
Resolves: #200
(cherry picked from commit e46f7892a6)
in a particular mailbox folder. The forward command can be used
to copy a message within a mailbox or to another mailbox. Also adds
a VoicemailBoxSummarry, required to retrieve message ID's.
Resolves: #181
UserNote: The following manager actions have been added
VoicemailBoxSummary - Generate message list for a given mailbox
VoicemailRemove - Remove a message from a mailbox folder
VoicemailMove - Move a message from one folder to another within a mailbox
VoicemailForward - Copy a message from one folder in one mailbox
to another folder in another or the same mailbox.
(cherry picked from commit 4929a2c419)
Adds CLI commands to allow move/remove/forward individual messages
from a particular mailbox folder. The forward command can be used
to copy a message within a mailbox or to another mailbox. Also adds
a show mailbox, required to retrieve message ID's.
Resolves: #170
UserNote: The following CLI commands have been added to app_voicemail
voicemail show mailbox <mailbox> <context>
Show contents of mailbox <mailbox>@<context>
voicemail remove <mailbox> <context> <from_folder> <messageid>
Remove message <messageid> from <from_folder> in mailbox <mailbox>@<context>
voicemail move <mailbox> <context> <from_folder> <messageid> <to_folder>
Move message <messageid> in mailbox <mailbox>&<context> from <from_folder> to <to_folder>
voicemail forward <from_mailbox> <from_context> <from_folder> <messageid> <to_mailbox> <to_context> <to_folder>
Forward message <messageid> in mailbox <mailbox>@<context> <from_folder> to
mailbox <mailbox>@<context> <to_folder>
(cherry picked from commit 8f8413b494)
In PROpenedOrUpdated, the cherry-pick reminder will now be
suppressed if there are already valid 'cherry-pick-to' comments
in the PR or the PR contained a 'cherry-pick-to: none' comment.
(cherry picked from commit e1e294a5e3)
* Since ICE candidates are used for the check and pjproject is
required to use ICE, res_rtp_asterisk was failing to compile
when pjproject wasn't available. The check is now wrapped
with an #ifdef HAVE_PJPROJECT.
* The rtp->ice_active_remote_candidates container was being
used to check the address on incoming packets but that
container doesn't contain peer reflexive candidates discovered
during negotiation. This was causing the check to fail
where it shouldn't. We now check against pjproject's
real_ice->rcand array which will contain those candidates.
* Also fixed a bug in ast_sockaddr_from_pj_sockaddr() where
we weren't zeroing out sin->sin_zero before returning. This
was causing ast_sockaddr_cmp() to always return false when
one of the inputs was converted from a pj_sockaddr, even
if both inputs had the same address and port.
Resolves: #500Resolves: #503Resolves: #505
When updating an existing header the 'update' code incorrectly
just copied the new value into the existing buffer. If the
new value exceeded the available buffer size memory outside
of the buffer would be written into, potentially causing
a crash.
This change makes it so that the 'update' now duplicates
the new header value instead of copying it into the existing
buffer.
When ICE is in use, we can prevent a possible DOS attack by allowing
DTLS protocol messages (client hello, etc) only from sources that
are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
When using AMI GetConfig, it was possible to access files outside of the
Asterisk configuration directory by using filenames with ".." and "./"
even while live_dangerously was not enabled. This change resolves the
full path and ensures we are still in the configuration directory before
attempting to access the file.
Add patch to split the log level for invalid packets received on the signaling port.
The warning regarding the packet will move to level 2 so that it can still be displayed,
while the raw packet will be at level 4.
This accomplishes the same thing as a `find ... | sort` but with the
added benefit of clarity and avoiding a call to a subshell.
Additionally drop the -s option from call to patch as it is not POSIX.
The apply_patches script wasn't sorting the list of patches in
the "patches" directory before applying them. This left the list
in an indeterminate order. In most cases, the list is actually
sorted but rarely, they can be out of order and cause dependent
patches to fail to apply.
We now sort the list but the "sort" program wasn't in the
configure scripts so we needed to add that and regenerate
the scripts as well.
Resolves: #193
Adds last locked and unlocked timestamps as well as a
counter for the number of times the lock has been
attempted (vs locked/unlocked) to debug output printed
using the DEBUG_THREADS option.
Resolves: #110
