Path to this page:
Subject: CVS commit: pkgsrc/comms/asterisk18
From: John Nemeth
Date: 2024-10-21 06:53:15
Message id: 20241021045315.A6DA7FC7E@cvs.NetBSD.org
Log Message:
Upgrade to Asterisk 18.25.0.
## Change Log for Release asterisk-18.25.0
### Links:
- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.25.0.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.24.3...18.25.0)
- \
[Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.25.0.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 24
- Commit Authors: 9
- Issues Resolved: 18
- Security Advisories Resolved: 0
### User Notes:
- #### res_pjsip_notify: add dialplan application
A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify <option> channel <channel>
- #### channel: Add multi-tenant identifier.
tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
- #### res_pjsip_config_wizard.c: Refactor load process
The res_pjsip_config_wizard.so module can now be reloaded.
### Upgrade Notes:
- #### channel: Add multi-tenant identifier.
A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
### Commit Authors:
- Alexei Gradinari: (2)
- Ben Ford: (1)
- Cade Parker: (1)
- George Joseph: (10)
- Jaco Kroon: (1)
- Jean-Denis Girard: (1)
- Mike Bradeen: (3)
- Sean Bright: (2)
- Tinet-Mucw: (3)
## Issue and Commit Detail:
### Closed Issues:
- 740: [new-feature]: Add multi-tenant identifier to chan_pjsip
- 763: [bug]: autoservice thread stuck in an endless sleep
- 780: [bug]: Infinite loop of "Indicated Video Update", max CPU usage
- 799: [improvement]: Add PJSIPNOTIFY dialplan application
- 801: [bug]: res_stasis: Occasional 200ms delay adding channel to a bridge
- 809: [bug]: CLI stir_shaken show verification kills asterisk
- 816: [bug]: res_pjsip_config_wizard doesn't load properly if res_pjsip is \
loaded first
- 831: [bug]: app_voicemail ODBC
- 845: [bug]: Buffer overflow in handling of security mechanisms in res_pjsip
- 847: [bug]: Asterisk not using negotiated fall-back 8K digits
- 854: [bug]: wrong properties in stir_shaken.conf.sample
- 856: [bug]: res_pjsip_sdp_rtp leaks astobj2 ast_format
- 861: [bug]: ChanSpy unable to read audiohook read direction frame when no \
packet lost on both side of the call
- 876: [bug]: ChanSpy unable to write whisper_audiohook when set flag \
OPTION_READONLY
- 879: [bug]: res_stir_shaken/verification.c: Getting verification errors when \
global_disable=yes
- 884: [bug]: A ':' at the top of in stir_shaken.conf make Asterisk producing \
a core file when starting
- 889: [bug]: res_stir_shaken/verification.c has a stale include for jansson.h \
that can cause compilation to fail
- 904: [bug]: stir_shaken: attest_level isn't being propagated correctly from \
attestation to profile to tn
### Commits By Author:
- #### Alexei Gradinari (2):
- res_pjsip_sdp_rtp fix leaking astobj2 ast_format
- autoservice: Do not sleep if autoservice_stop is called within autoservice thr..
- #### Ben Ford (1):
- channel: Add multi-tenant identifier.
- #### Cade Parker (1):
- chan_mobile: decrease CHANNEL_FRAME_SIZE to prevent delay
- #### George Joseph (10):
- bridge_softmix: Fix queueing VIDUPDATE control frames
- res_pjsip_config_wizard.c: Refactor load process
- stir_shaken: CRL fixes and a new CLI command
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
- stir_shaken.conf.sample: Fix bad references to private_key_path
- security_agreements.c: Refactor the to_str functions and fix a few other bugs
- res_stir_shaken: Check for disabled before param validation
- res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid
- res_stir_shaken: Remove stale include for jansson.h in verification.c
- stir_shaken: Fix propagation of attest_level and a few other values
- #### Jaco Kroon (1):
- configure: Use . file rather than source file.
- #### Jean-Denis Girard (1):
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
- #### Mike Bradeen (3):
- res_stasis: fix intermittent delays on adding channel to bridge
- res_pjsip_notify: add dialplan application
- res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch
- #### Sean Bright (2):
- alembic: Make 'revises' header comment match reality.
- res_pjsip_logger.c: Fix 'OPTIONS' tab completion.
- #### Tinet-mucw (3):
- res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto
- app_chanspy.c: resolving the issue with audiohook direction read
- app_chanspy.c: resolving the issue writing frame to whisper audiohook.
### Commit List:
- stir_shaken: Fix propagation of attest_level and a few other values
- res_stir_shaken: Remove stale include for jansson.h in verification.c
- res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid
- res_stir_shaken: Check for disabled before param validation
- app_chanspy.c: resolving the issue writing frame to whisper audiohook.
- app_voicemail: Fix sql insert mismatch caused by cherry-pick
- res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch
- app_chanspy.c: resolving the issue with audiohook direction read
- security_agreements.c: Refactor the to_str functions and fix a few other bugs
- res_pjsip_sdp_rtp fix leaking astobj2 ast_format
- stir_shaken.conf.sample: Fix bad references to private_key_path
- res_pjsip_logger.c: Fix 'OPTIONS' tab completion.
- alembic: Make 'revises' header comment match reality.
- chan_mobile: decrease CHANNEL_FRAME_SIZE to prevent delay
- res_pjsip_notify: add dialplan application
- manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
- channel: Add multi-tenant identifier.
- configure: Use . file rather than source file.
- res_stasis: fix intermittent delays on adding channel to bridge
- res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto
- stir_shaken: CRL fixes and a new CLI command
- res_pjsip_config_wizard.c: Refactor load process
- bridge_softmix: Fix queueing VIDUPDATE control frames
### Commit Details:
#### stir_shaken: Fix propagation of attest_level and a few other values
Author: George Joseph
Date: 2024-09-24
attest_level, send_mky and check_tn_cert_public_url weren't
propagating correctly from the attestation object to the profile
and tn.
* In the case of attest_level, the enum needed to be changed
so the "0" value (the default) was "NOT_SET" instead of \
"A". This
now allows the merging of the attestation object, profile and tn
to detect when a value isn't set and use the higher level value.
* For send_mky and check_tn_cert_public_url, the tn default was
forced to "NO" which always overrode the profile and attestation
objects. Their defaults are now "NOT_SET" so the propagation
happens correctly.
* Just to remove some redundant code in tn_config.c, a bunch of calls to
generate_sorcery_enum_from_str() and generate_sorcery_enum_to_str() were
replaced with a single call to generate_acfg_common_sorcery_handlers().
Resolves: #904
#### res_stir_shaken: Remove stale include for jansson.h in verification.c
Author: George Joseph
Date: 2024-09-17
verification.c had an include for jansson.h left over from previous
versions of the module. Since res_stir_shaken no longer has a
dependency on jansson, the bundled version wasn't added to GCC's
include path so if you didn't also have a jansson development package
installed, the compile would fail. Removing the stale include
was the only thing needed.
Resolves: #889
#### res_stir_shaken.c: Fix crash when stir_shaken.conf is invalid
Author: George Joseph
Date: 2024-09-13
* If the call to ast_config_load() returns CONFIG_STATUS_FILEINVALID,
check_for_old_config() now returns LOAD_DECLINE instead of continuing
on with a bad pointer.
* If CONFIG_STATUS_FILEMISSING is returned, check_for_old_config()
assumes the config is being loaded from realtime and now returns
LOAD_SUCCESS. If it's actually not being loaded from realtime,
sorcery will catch that later on.
* Also refactored the error handling in load_module() a bit.
Resolves: #884
#### res_stir_shaken: Check for disabled before param validation
Author: George Joseph
Date: 2024-09-11
For both attestation and verification, we now check whether they've
been disabled either globally or by the profile before validating
things like callerid, orig_tn, dest_tn, etc. This prevents useless
error messages.
Resolves: #879
#### app_chanspy.c: resolving the issue writing frame to whisper audiohook.
Author: Tinet-mucw
Date: 2024-09-10
ChanSpy(${channel}, qEoSw): because flags set o, \
ast_audiohook_set_frame_feed_direction(audiohook, AST_AUDIOHOOK_DIRECTION_READ); \
this will effect whisper audiohook and spy audiohook, this makes writing frame \
to whisper audiohook impossible. So add function start_whispering to starting \
whisper audiohook.
Resolves: #876
#### autoservice: Do not sleep if autoservice_stop is called within autoservice thr..
Author: Alexei Gradinari
Date: 2024-09-04
It's possible that ast_autoservice_stop is called within the autoservice thread.
In this case the autoservice thread is stuck in an endless sleep.
To avoid endless sleep ast_autoservice_stop must check that it's not called
within the autoservice thread.
Fixes: #763
#### app_voicemail: Fix sql insert mismatch caused by cherry-pick
Author: Jean-Denis Girard
Date: 2024-08-07
When commit e8c9cb80 was cherry-picked in from master, the
fact that the 20 and 18 branches still had the old "macrocontext"
column wasn't taken into account so the number of named parameters
didn't match the number of '?' placeholders. They do now.
We also now use ast_asprintf to create the full mailbox query SQL
statement instead of trying to calculate the proper length ourselves.
Resolves: #831
#### res_pjsip_sdp_rtp: Use negotiated DTMF Payload types on bitrate mismatch
Author: Mike Bradeen
Date: 2024-08-21
When Asterisk sends an offer to Bob that includes 48K and 8K codecs with
matching 4733 offers, Bob may want to use the 48K audio codec but can not
accept 48K digits and so negotiates for a mixed set.
Asterisk will now check Bob's offer to make sure Bob has indicated this is
acceptible and if not, will use Bob's preference.
Fixes: #847
#### app_chanspy.c: resolving the issue with audiohook direction read
Author: Tinet-mucw
Date: 2024-08-30
ChanSpy(${channel}, qEoS): When chanspy spy the direction read, reading frame \
is often failed when reading direction read audiohook. because chanspy only read \
audiohook direction read; write_factory_ms will greater than 100ms soon, then \
ast_slinfactory_flush will being called, then direction read will fail.
Resolves: #861
#### security_agreements.c: Refactor the to_str functions and fix a few other bugs
Author: George Joseph
Date: 2024-08-17
* A static array of security mechanism type names was created.
* ast_sip_str_to_security_mechanism_type() was refactored to do
a lookup in the new array instead of using fixed "if/else if"
statments.
* security_mechanism_to_str() and ast_sip_security_mechanisms_to_str()
were refactored to use ast_str instead of a fixed length buffer
to store the result.
* ast_sip_security_mechanism_type_to_str was removed in favor of
just referencing the new type name array. Despite starting with
"ast_sip_", it was a static function so removing it doesn't affect
ABI.
* Speaking of "ast_sip_", several other static functions that
started with "ast_sip_" were renamed to avoid confusion about
their public availability.
* A few VECTOR free loops were replaced with AST_VECTOR_RESET().
* Fixed a meomry leak in pjsip_configuration.c endpoint_destructor
caused by not calling ast_sip_security_mechanisms_vector_destroy().
* Fixed a memory leak in res_pjsip_outbound_registration.c
add_security_headers() caused by not specifying OBJ_NODATA in
an ao2_callback.
* Fixed a few ao2_callback return code misuses.
Resolves: #845
#### res_pjsip_sdp_rtp fix leaking astobj2 ast_format
Author: Alexei Gradinari
Date: 2024-08-23
PR #700 added a preferred_format for the struct ast_rtp_codecs,
but when set the preferred_format it leaks an astobj2 ast_format.
In the next code
ast_rtp_codecs_set_preferred_format(&codecs, \
ast_format_cap_get_format(joint, 0));
both functions ast_rtp_codecs_set_preferred_format
and ast_format_cap_get_format increases the ao2 reference count.
Fixes: #856
#### stir_shaken.conf.sample: Fix bad references to private_key_path
Author: George Joseph
Date: 2024-08-22
They should be private_key_file.
Resolves: #854
#### res_pjsip_logger.c: Fix 'OPTIONS' tab completion.
Author: Sean Bright
Date: 2024-08-19
Fixes #843
#### alembic: Make 'revises' header comment match reality.
Author: Sean Bright
Date: 2024-08-17
#### chan_mobile: decrease CHANNEL_FRAME_SIZE to prevent delay
Author: Cade Parker
Date: 2024-08-07
On modern Bluetooth devices or lower-powered asterisk servers, decreasing the \
channel frame size significantly improves latency and delay on outbound calls \
with only a mild sacrifice to the quality of the call (the frame size before was \
massive overkill to begin with)
#### res_pjsip_notify: add dialplan application
Author: Mike Bradeen
Date: 2024-07-09
Add dialplan application PJSIPNOTIFY to send either pre-configured
NOTIFY messages from pjsip_notify.conf or with headers defined in
dialplan.
Also adds the ability to send pre-configured NOTIFY commands to a
channel via the CLI.
Resolves: #799
UserNote: A new dialplan application PJSIPNotify is now available
which can send SIP NOTIFY requests from the dialplan.
The pjsip send notify CLI command has also been enhanced to allow
sending NOTIFY messages to a specific channel. Syntax:
pjsip send notify <option> channel <channel>
#### manager.c: Fix FRACK when doing CoreShowChannelMap in DEVMODE
Author: George Joseph
Date: 2024-08-08
If you run an AMI CoreShowChannelMap on a channel that isn't in a
bridge and you're in DEVMODE, you can get a FRACK because the
bridge id is empty. We now simply return an empty list for that
request.
#### channel: Add multi-tenant identifier.
Author: Ben Ford
Date: 2024-05-21
This patch introduces a new identifier for channels: tenantid. It's
a stringfield on the channel that can be used for general purposes. It
will be inherited by other channels the same way that linkedid is.
You can set tenantid in a few ways. The first is to set it in the
dialplan with the Set and CHANNEL functions:
exten => example,1,Set(CHANNEL(tenantid)=My tenant ID)
It can also be accessed via CHANNEL:
exten => example,2,NoOp(CHANNEL(tenantid))
Another method is to use the new tenantid option for pjsip endpoints in
pjsip.conf:
[my_endpoint]
type=endpoint
tenantid=My tenant ID
This is considered the best approach since you will be able to see the
tenant ID as early as the Newchannel event.
It can also be set using set_var in pjsip.conf on the endpoint like
setting other channel variable:
set_var=CHANNEL(tenantid)=My tenant ID
Note that set_var will not show tenant ID on the Newchannel event,
however.
Tenant ID has also been added to CDR. It's read-only and can be accessed
via CDR(tenantid). You can also get the tenant ID of the last channel
communicated with via CDR(peertenantid).
Tenant ID will also show up in CEL records if it has been set, and the
version number has been bumped accordingly.
Fixes: #740
UserNote: tenantid has been added to channels. It can be read in
dialplan via CHANNEL(tenantid), and it can be set using
Set(CHANNEL(tenantid)=My tenant ID). In pjsip.conf, it is recommended to
use the new tenantid option for pjsip endpoints (e.g., tenantid=My
tenant ID) so that it will show up in Newchannel events. You can set it
like any other channel variable using set_var in pjsip.conf as well, but
note that this will NOT show up in Newchannel events. Tenant ID is also
available in CDR and can be accessed with CDR(tenantid). The peer tenant
ID can also be accessed with CDR(peertenantid). CEL includes tenant ID
as well if it has been set.
UpgradeNote: A new versioned struct (ast_channel_initializers) has been
added that gets passed to __ast_channel_alloc_ap. The new function
ast_channel_alloc_with_initializers should be used when creating
channels that require the use of this struct. Currently the only value
in the struct is for tenantid, but now more fields can be added to the
struct as necessary rather than the __ast_channel_alloc_ap function. A
new option (tenantid) has been added to endpoints in pjsip.conf as well.
CEL has had its version bumped to include tenant ID.
#### configure: Use . file rather than source file.
Author: Jaco Kroon
Date: 2024-08-05
source is a bash concept, so when /bin/sh points to another shell the
existing construct won't work.
Reference: https://bugs.gentoo.org/927055
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
#### res_stasis: fix intermittent delays on adding channel to bridge
Author: Mike Bradeen
Date: 2024-07-10
Previously, on command execution, the control thread was awoken by
sending a SIGURG. It was found that this still resulted in some
instances where the thread was not immediately awoken.
This change instead sends a null frame to awaken the control thread,
which awakens the thread more consistently.
Resolves: #801
#### res_pjsip_sdp_rtp.c: Fix DTMF Handling in Re-INVITE with dtmf_mode set to auto
Author: Tinet-mucw
Date: 2024-08-02
When the endpoint dtmf_mode is set to auto, a SIP request is sent to the UAC, \
and the SIP SDP from the UAC does not include the telephone-event. Later, the \
UAC sends an INVITE, and the SIP SDP includes the telephone-event. In this case, \
DTMF should be sent by RFC2833 rather than using inband signaling.
Resolves: asterisk#826
#### stir_shaken: CRL fixes and a new CLI command
Author: George Joseph
Date: 2024-07-19
* Fixed a bug in crypto_show_cli_store that was causing asterisk
to crash if there were certificate revocation lists in the
verification certificate store. We're also now prefixing
certificates with "Cert:" and CRLs with "CRL:" to \
distinguish them
in the list.
* Added 'untrusted_cert_file' and 'untrusted_cert_path' options
to both verification and profile objects. If you have CRLs that
are signed by a different CA than the incoming X5U certificate
(indirect CRL), you'll need to provide the certificate of the
CRL signer here. Thse will show up as 'Untrusted" when showing
the verification or profile objects.
* Fixed loading of crl_path. The OpenSSL API we were using to
load CRLs won't actually load them from a directory, only a file.
We now scan the directory ourselves and load the files one-by-one.
* Fixed the verification flags being set on the certificate store.
- Removed the CRL_CHECK_ALL flag as this was causing all certificates
to be checked for CRL extensions and failing to verify the cert if
there was none. This basically caused all certs to fail when a CRL
was provided via crl_file or crl_path.
- Added the EXTENDED_CRL_SUPPORT flag as it is required to handle
indirect CRLs.
* Added a new CLI command...
`stir_shaken verify certificate_file <certificate_file> [ <profile> ]`
which will assist troubleshooting certificate problems by allowing
the user to manually verify a certificate file against either the
global verification certificate store or the store for a specific
profile.
* Updated the XML documentation and the sample config file.
Resolves: #809
#### res_pjsip_config_wizard.c: Refactor load process
Author: George Joseph
Date: 2024-07-23
The way we have been initializing the config wizard prevented it
from registering its objects if res_pjsip happened to load
before it.
* We now use the object_type_registered sorcery observer to kick
things off instead of the wizard_mapped observer.
* The load_module function now checks if res_pjsip has been loaded
already and if it was it fires the proper observers so the objects
load correctly.
Resolves: #816
UserNote: The res_pjsip_config_wizard.so module can now be reloaded.
#### bridge_softmix: Fix queueing VIDUPDATE control frames
Author: George Joseph
Date: 2024-07-17
softmix_bridge_write_control() now calls ast_bridge_queue_everyone_else()
with the bridge_channel so the VIDUPDATE control frame isn't echoed back.
softmix_bridge_write_control() was setting bridge_channel to NULL
when calling ast_bridge_queue_everyone_else() for VIDUPDATE control
frames. This was causing the frame to be echoed back to the
channel it came from. In certain cases, like when two channels or
bridges are being recorded, this can cause a ping-pong effect that
floods the system with VIDUPDATE control frames.
Resolves: #780
## Change Log for Release asterisk-18.24.3
### Links:
- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.24.3.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.24.2...18.24.3)
- \
[Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.24.3.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- \
[GHSA-v428-g3cw-7hv9](https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9): \
A malformed Contact or Record-Route URI in an incoming SIP request can cause \
Asterisk to crash when res_resolver_unbound is used
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (1)
## Issue and Commit Detail:
### Closed Issues:
- !GHSA-v428-g3cw-7hv9: A malformed Contact or Record-Route URI in an incoming \
SIP request can cause Asterisk to crash when res_resolver_unbound is used
### Commits By Author:
- #### George Joseph (1):
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
### Commit List:
- res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
### Commit Details:
#### res_resolver_unbound: Test for NULL ub_result in unbound_resolver_callback
Author: George Joseph
Date: 2024-08-12
The ub_result pointer passed to unbound_resolver_callback by
libunbound can be NULL if the query was for something malformed
like `.1` or `[.1]`. If it is, we now set a 'ns_r_formerr' result
and return instead of crashing with a SEGV. This causes pjproject
to simply cancel the transaction with a "No answer record in the DNS
response" error. The existing "off nominal" unit test was also
updated to check this condition.
Although not necessary for this fix, we also made
ast_dns_resolver_completed() tolerant of a NULL result.
Resolves: GHSA-v428-g3cw-7hv9
## Change Log for Release asterisk-18.24.2
### Links:
- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.24.2.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.24.1...18.24.2)
- \
[Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.24.2.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 1
- Commit Authors: 1
- Issues Resolved: 0
- Security Advisories Resolved: 1
- \
[GHSA-c4cg-9275-6w44](https://github.com/asterisk/asterisk/security/advisories/GHSA-c4cg-9275-6w44): \
Write=originate, is sufficient permissions for code execution / System() \
dialplan
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (1)
## Issue and Commit Detail:
### Closed Issues:
- !GHSA-c4cg-9275-6w44: Write=originate, is sufficient permissions for code \
execution / System() dialplan
### Commits By Author:
- #### George Joseph (1):
- manager.c: Add entries to Originate blacklist
### Commit List:
- manager.c: Add entries to Originate blacklist
### Commit Details:
#### manager.c: Add entries to Originate blacklist
Author: George Joseph
Date: 2024-07-22
Added Reload and DBdeltree to the list of dialplan application that
can't be executed via the Originate manager action without also
having write SYSTEM permissions.
Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan
functions that can't be executed via the Originate manager action
without also having write SYSTEM permissions.
If the Queue application is attempted to be run by the Originate
manager action and an AGI parameter is specified in the app data,
it'll be rejected unless the manager user has either the AGI or
SYSTEM permissions.
Resolves: #GHSA-c4cg-9275-6w44
## Change Log for Release asterisk-18.24.1
### Links:
- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.24.1.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.24.0...18.24.1)
- \
[Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.24.1.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 2
- Commit Authors: 1
- Issues Resolved: 2
- Security Advisories Resolved: 0
### User Notes:
### Upgrade Notes:
### Commit Authors:
- George Joseph: (2)
## Issue and Commit Detail:
### Closed Issues:
- 819: [bug]: Typo in voicemail.conf.sample that stops it from loading when \
using "make samples"
- 822: [bug]: segfault in main/rtp_engine.c:1489 after updating 20.8.1 -> 20.9.0
### Commits By Author:
- #### George Joseph (2):
- voicemail.conf.sample: Fix ':' comment typo
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
### Commit List:
- rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
- voicemail.conf.sample: Fix ':' comment typo
### Commit Details:
#### rtp_engine.c: Prevent segfault in ast_rtp_codecs_payloads_unset()
Author: George Joseph
Date: 2024-07-25
There can be empty slots in payload_mapping_tx corresponding to
dynamic payload types that haven't been seen before so we now
check for NULL before attempting to use 'type' in the call to
ast_format_cmp.
Note: Currently only chan_sip calls ast_rtp_codecs_payloads_unset()
Resolves: #822
#### voicemail.conf.sample: Fix ':' comment typo
Author: George Joseph
Date: 2024-07-24
...and removed an errant trailing space.
Resolves: #819
## Change Log for Release asterisk-18.24.0
### Links:
- [Full \
ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-18.24.0.md)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/18.23.1...18.24.0)
- \
[Tarball](https://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18.24.0.tar.gz)
- [Downloads](https://downloads.asterisk.org/pub/telephony/asterisk)
### Summary:
- Commits: 19
- Commit Authors: 8
- Issues Resolved: 8
- Security Advisories Resolved: 0
### User Notes:
- #### app_voicemail_odbc: Allow audio to be kept on disk
This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
- #### app_queue: Add option to not log Restricted Caller ID to queue_log
Add a Queue option log-restricted-caller-id to control whether the Restricted \
Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the \
Caller ID is restricted.
- #### pbx.c: expand fields width of "core show hints"
The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters.
- #### rtp_engine: add support for multirate RFC2833 digits
No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
### Upgrade Notes:
- #### app_queue: Add option to not log Restricted Caller ID to queue_log
Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
### Commit Authors:
- Alexei Gradinari: (2)
- Chrsmj: (1)
- George Joseph: (4)
- Igor Goncharovsky: (1)
- Mike Bradeen: (2)
- Sean Bright: (7)
- Tinet-Mucw: (1)
- Walter Doekes: (1)
## Issue and Commit Detail:
### Closed Issues:
- 699: [improvement]: Add support for multi-rate DTMF
- 736: [bug]: Seg fault on CLI after PostgreSQL CDR module fails to load for a \
second time
- 765: [improvement]: Add option to not log Restricted Caller ID to queue_log
- 770: [improvement]: pbx.c: expand fields width of "core show hints"
- 776: [bug] DTMF broken after rtp_engine: add support for multirate RFC2833 \
digits commit
- 783: [bug]: Under certain circumstances a channel snapshot can get orphaned \
in the cache
- 789: [bug]: Mediasec headers aren't sent on outgoing INVITEs
- 797: [bug]:
### Commits By Author:
- ### Alexei Gradinari (2):
- pbx.c: expand fields width of "core show hints"
- app_queue: Add option to not log Restricted Caller ID to queue_log
- ### George Joseph (4):
- app_voicemail_odbc: Allow audio to be kept on disk
- stasis_channels: Use uniqueid and name to delete old snapshots
- security_agreement.c: Always add the Require and Proxy-Require headers
- ast-db-manage: Remove duplicate enum creation
- ### Igor Goncharovsky (1):
- res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS()
- ### Mike Bradeen (2):
- rtp_engine: add support for multirate RFC2833 digits
- res_pjsip_sdp_rtp: Add support for default/mismatched 8K RFC 4733/2833 digits
- ### Sean Bright (7):
- file.h: Rename function argument to avoid C++ keyword clash.
- bundled_pjproject: Disable UPnP support.
- asterisk.c: Don't log an error if .asterisk_history does not exist.
- xml.c: Update deprecated libxml2 API usage.
- manager.c: Properly terminate `CoreShowChannelMap` event.
- pjsip: Add PJSIP_PARSE_URI_FROM dialplan function.
- logger.h: Include SCOPE_CALL_WITH_INT_RESULT() in non-dev-mode builds.
- ### Tinet-mucw (1):
- bridge_basic.c: Make sure that ast_bridge_channel is not destroyed while itera..
- ### Walter Doekes (1):
- chan_ooh323: Fix R/0 typo in docs
- ### chrsmj (1):
- cdr_pgsql: Fix crash when the module fails to load multiple times.
### Commit List:
- res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS()
- res_pjsip_sdp_rtp: Add support for default/mismatched 8K RFC 4733/2833 digits
- ast-db-manage: Remove duplicate enum creation
- security_agreement.c: Always add the Require and Proxy-Require headers
- logger.h: Include SCOPE_CALL_WITH_INT_RESULT() in non-dev-mode builds.
- stasis_channels: Use uniqueid and name to delete old snapshots
- app_voicemail_odbc: Allow audio to be kept on disk
- app_queue: Add option to not log Restricted Caller ID to queue_log
- pbx.c: expand fields width of "core show hints"
- pjsip: Add PJSIP_PARSE_URI_FROM dialplan function.
- manager.c: Properly terminate `CoreShowChannelMap` event.
- xml.c: Update deprecated libxml2 API usage.
- cdr_pgsql: Fix crash when the module fails to load multiple times.
- asterisk.c: Don't log an error if .asterisk_history does not exist.
- chan_ooh323: Fix R/0 typo in docs
- bundled_pjproject: Disable UPnP support.
- file.h: Rename function argument to avoid C++ keyword clash.
- rtp_engine: add support for multirate RFC2833 digits
### Commit Details:
#### res_pjsip_path.c: Fix path when dialing using PJSIP_DIAL_CONTACTS()
Author: Igor Goncharovsky
Date: 2024-05-12
When using the PJSIP_DIAL_CONTACTS() function for use in the Dial()
command, the contacts are returned in text form, so the input to
the path_outgoing_request() function is a contact value of NULL.
The issue was reported in ASTERISK-28211, but was not actually fixed
in ASTERISK-30100. This fix brings back the code that was previously
removed and adds code to search for a contact to extract the path
value from it.
#### res_pjsip_sdp_rtp: Add support for default/mismatched 8K RFC 4733/2833 digits
Author: Mike Bradeen
Date: 2024-06-21
After change made in 624f509 to add support for non 8K RFC 4733/2833 digits,
Asterisk would only accept RFC 4733/2833 offers that matched the sample rate of
the negotiated codec(s).
This change allows Asterisk to accept 8K RFC 4733/2833 offers if the UAC
offfers 8K RFC 4733/2833 but negotiates for a non 8K bitrate codec.
A number of corresponding tests in tests/channels/pjsip/dtmf_sdp also needed to
be re-written to allow for these scenarios.
Fixes: #776
#### ast-db-manage: Remove duplicate enum creation
Author: George Joseph
Date: 2024-07-08
Remove duplicate creation of ast_bool_values from
2b7c507d7d12_add_queue_log_option_log_restricted_.py. This was
causing alembic upgrades to fail since the enum was already created
in fe6592859b85_fix_mwi_subscribe_replaces_.py back in 2018.
Resolves: #797
#### security_agreement.c: Always add the Require and Proxy-Require headers
Author: George Joseph
Date: 2024-07-03
The `Require: mediasec` and `Proxy-Require: mediasec` headers need
to be sent whenever we send `Security-Client` or `Security-Verify`
headers but the logic to do that was only in add_security_headers()
in res_pjsip_outbound_register. So while we were sending them on
REGISTER requests, we weren't sending them on INVITE requests.
This commit moves the logic to send the two headers out of
res_pjsip_outbound_register:add_security_headers() and into
security_agreement:ast_sip_add_security_headers(). This way
they're always sent when we send `Security-Client` or
`Security-Verify`.
Resolves: #789
#### logger.h: Include SCOPE_CALL_WITH_INT_RESULT() in non-dev-mode builds.
Author: Sean Bright
Date: 2024-06-29
Fixes #785
#### stasis_channels: Use uniqueid and name to delete old snapshots
Author: George Joseph
Date: 2024-05-08
Whenver a new channel snapshot is created or when a channel is
destroyed, we need to delete any existing channel snapshot from
the snapshot cache. Historically, we used the channel->snapshot
pointer to delete any existing snapshots but this has two issues.
First, if something (possibly ast_channel_internal_swap_snapshots)
sets channel->snapshot to NULL while there's still a snapshot in
the cache, we wouldn't be able to delete it and it would be orphaned
when the channel is destroyed. Since we use the cache to list
channels from the CLI, AMI and ARI, it would appear as though the
channel was still there when it wasn't.
Second, since there are actually two caches, one indexed by the
channel's uniqueid, and another indexed by the channel's name,
deleting from the caches by pointer requires a sequential search of
all of the hash table buckets in BOTH caches to find the matching
snapshots. Not very efficient.
So, we now delete from the caches using the channel's uniqueid
and name. This solves both issues.
This doesn't address how channel->snapshot might have been set
to NULL in the first place because although we have concrete
evidence that it's happening, we haven't been able to reproduce it.
Resolves: #783
#### app_voicemail_odbc: Allow audio to be kept on disk
Author: George Joseph
Date: 2024-04-09
This commit adds a new voicemail.conf option 'odbc_audio_on_disk'
which when set causes the ODBC variant of app_voicemail to leave
the message and greeting audio files on disk and only store the
message metadata in the database. This option came from a concern
that the database could grow to large and cause remote access
and/or replication to become slow. In a clustering situation
with this option, all asterisk instances would share the same
database for the metadata and either use a shared filesystem
or other filesystem replication service much more suitable
for synchronizing files.
The changes to app_voicemail to implement this feature were actually
quite small but due to the complexity of the module, the actual
source code changes were greater. They fall into the following
categories:
* Tracing. The module is so complex that it was impossible to
figure out the path taken for various scenarios without the addition
of many SCOPE_ENTER, SCOPE_EXIT and ast_trace statements, even in
code that's not related to the functional change. Making this worse
was the fact that many "if" statements in this module didn't use
braces. Since the tracing macros add multiple statements, many "if"
statements had to be converted to use braces.
* Excessive use of PATH_MAX. Previous maintainers of this module
used PATH_MAX to allocate character arrays for filesystem paths
and SQL statements as though they cost nothing. In fact, PATH_MAX
is defined as 4096 bytes! Some functions had (and still have)
multiples of these. One function has 7. Given that the vast
majority of installations use the default spool directory path
`/var/spool/asterisk/voicemail`, the actual path length is usually
less than 80 bytes. That's over 4000 bytes wasted. It was the
same for SQL statement buffers. A 4K buffer for statement that
only needed 60 bytes. All of these PATH_MAX allocations in the
ODBC related code were changed to dynamically allocated buffers.
The rest will have to be addressed separately.
* Bug fixes. During the development of this feature, several
pre-existing ODBC related bugs were discovered and fixed. They
had to do with leaving orphaned files on disk, not preserving
original message ids when moving messages between folders,
not honoring the "formats" config parameter in certain circumstances,
etc.
UserNote: This commit adds a new voicemail.conf option
'odbc_audio_on_disk' which when set causes the ODBC variant of
app_voicemail_odbc to leave the message and greeting audio files
on disk and only store the message metadata in the database.
Much more information can be found in the voicemail.conf.sample
file.
#### bridge_basic.c: Make sure that ast_bridge_channel is not destroyed while itera..
Author: Tinet-mucw
Date: 2024-06-13
Resolves: https://github.com/asterisk/asterisk/issues/768
#### app_queue: Add option to not log Restricted Caller ID to queue_log
Author: Alexei Gradinari
Date: 2024-06-12
Add a queue option log-restricted-caller-id to strip the Caller ID when \
storing the ENTERQUEUE event
in the queue log if the Caller ID is restricted.
Resolves: #765
UpgradeNote: Add a new column to the queues table:
queue_log_option_log_restricted ENUM('0','1','off','on','false','true','no','yes')
to control whether the Restricted Caller ID will be stored in the queue log.
UserNote: Add a Queue option log-restricted-caller-id to control whether the \
Restricted Caller ID
will be stored in the queue log.
If log-restricted-caller-id=no then the Caller ID will be stripped if the \
Caller ID is restricted.
#### pbx.c: expand fields width of "core show hints"
Author: Alexei Gradinari
Date: 2024-06-13
The current width for "extension" is 20 and "device state \
id" is 20, which is too small.
The "extension" field contains "ext"@"context", \
so 20 characters is not enough.
The "device state id" field, for example for Queue pause state \
contains Queue:"queue_name"_pause_PSJIP/"endpoint", so the \
20 characters is not enough.
Increase the width of "extension" field to 30 characters and the \
width of the "device state id" field to 60 characters.
Resolves: #770
UserNote: The fields width of "core show hints" were increased.
The width of "extension" field to 30 characters and
the width of the "device state id" field to 60 characters.
#### pjsip: Add PJSIP_PARSE_URI_FROM dialplan function.
Author: Sean Bright
Date: 2024-06-02
Various SIP headers permit a URI to be prefaced with a `display-name`
production that can include characters (like commas and parentheses)
that are problematic for Asterisk's dialplan parser and, specifically
in the case of this patch, the PJSIP_PARSE_URI function.
This patch introduces a new function - `PJSIP_PARSE_URI_FROM` - that
behaves identically to `PJSIP_PARSE_URI` except that the first
argument is now a variable name and not a literal URI.
Fixes #756
#### manager.c: Properly terminate `CoreShowChannelMap` event.
Author: Sean Bright
Date: 2024-06-10
Fixes #761
#### xml.c: Update deprecated libxml2 API usage.
Author: Sean Bright
Date: 2024-05-23
Two functions are deprecated as of libxml2 2.12:
* xmlSubstituteEntitiesDefault
* xmlParseMemory
So we update those with supported API.
Additionally, `res_calendar_caldav` has been updated to use libxml2's
xmlreader API instead of the SAX2 API which has always felt a little
hacky (see deleted comment block in `res_calendar_caldav.c`).
The xmlreader API has been around since libxml2 2.5.0 which was
released in 2003.
Fixes #725
#### cdr_pgsql: Fix crash when the module fails to load multiple times.
Author: chrsmj
Date: 2024-05-16
Missing or corrupt cdr_pgsql.conf configuration file can cause the
second attempt to load the PostgreSQL CDR module to crash Asterisk via
the Command Line Interface because a null CLI command is registered on
the first failed attempt to load the module.
Resolves: #736
#### asterisk.c: Don't log an error if .asterisk_history does not exist.
Author: Sean Bright
Date: 2024-05-27
Fixes #751
#### chan_ooh323: Fix R/0 typo in docs
Author: Walter Doekes
Date: 2024-05-27
#### bundled_pjproject: Disable UPnP support.
Author: Sean Bright
Date: 2024-05-24
Fixes #747
#### file.h: Rename function argument to avoid C++ keyword clash.
Author: Sean Bright
Date: 2024-05-24
Fixes #744
#### rtp_engine: add support for multirate RFC2833 digits
Author: Mike Bradeen
Date: 2024-04-08
Add RFC2833 DTMF support for 16K, 24K, and 32K bitrate codecs.
Asterisk currently treats RFC2833 Digits as a single rtp payload type
with a fixed bitrate of 8K. This change would expand that to 8, 16,
24 and 32K.
This requires checking the offered rtp types for any of these bitrates
and then adding an offer for each (if configured for RFC2833.) DTMF
generation must also be changed in order to look at the current outbound
codec in order to generate appropriately timed rtp.
For cases where no outgoing audio has yet been sent prior to digit
generation, Asterisk now has a concept of a 'preferred' codec based on
offer order.
On inbound calls Asterisk will mimic the payload types of the RFC2833
digits.
On outbound calls Asterisk will choose the next free payload types starting
with 101.
UserNote: No change in configuration is required in order to enable this
feature. Endpoints configured to use RFC2833 will automatically have this
enabled. If the endpoint does not support this, it should not include it in
the SDP offer/response.
Resolves: #699
Files: