When fax detection occurs on an outbound PJSIP channel the
redirect operation will result in a masquerade occurring and
the underlying channel on the session changing. The code
incorrectly relocked the new channel instead of the old
channel when returning. This resulted in the new channel
being locked indefinitely. The code now always acts on the
expected channel.
ASTERISK-28538
Change-Id: I2b2e60d07e74383ae7e90d752c036c4b02d6b3a3
To make throttling by label fully active, the "throttle" option
has to be specified with a specific label.
You can now specify "skip_gate" in the Gerrit comments when you
do a +2 code review to tell Jenkins not to actually run the
gate. You'd do this if you plan to manually merge the change.
Also updated the "printenv" debug output to better sort multi-line
comments.
Change-Id: I4c0b1085acec4805f2ca207eebac50aad81f27e2
Originally, the eligible nodes for a job were labelled only by
"swdev-docker". So basically any node could run any job. We had
found that allowing a node to run more than 1 gate at a time was
problematic so we limited the nodes to processing 1 job at a time.
With the creation of the Asterisk 17 branches however, we now have
so many active branches that getting checks and gates through in
a timely manner is problematic when a node can run only 1 job
at a time.
Now the nodes are also labelled by the job type they can run.
For instance: "asterisk-check", "asterisk-gate", etc. With the
"Throttle Concurrent Builds" plugin, we can now allow a node to
run more than 1 job BUT throttle by job type. For instance:
Allow 2 jobs but only 1 asterisk-gate at a time.
Now a node can run 2 checks or 1 check and 1 gate or 1 gate but
not 2 gates at a time.
Change-Id: I2032bf6afbcec5c341d9b852214c0c812d3d6db5
We don't support non-core modules for Certified releases but we
were enabling them for CI builds which was causing lots of test
failures. Now we don't.
NOTE: This change required that the rest of the CI shell scripts
and jenkinsfiles be updates to the same level as certified/16.3.
Change-Id: I0b3254c08a2479f3d39151690350cce5ce5ad766
We now check that a body exists and it has a length > 0 before
attempting to process it.
ASTERISK-28447
Reported-by: Gil Richard
Change-Id: Ic469544b22ab848734636588d4c93426cc6f4b1f
The chan_sip module performs a T.38 re-invite using a single media
stream of udptl, and expects the SDP answer to be the same.
If an SDP answer is received instead that contains an additional
media stream with no joint codec a crash will occur as the code
assumes that at least one joint codec will exist in this
scenario.
This change removes this assumption.
ASTERISK-28465
Change-Id: I8b02845b53344c6babe867a3f0a5231045c7ac87
This adds documentation to handle_cli_malloc_trim() indicating how it
can be useful when debugging OOM conditions.
Change-Id: I1936185e78035bf123cd5e097b793a55eeebdc78
We've had multiple opportunities where Richard Mudgett's
malloc_trim patch has been useful. Let's get it
pushed up to gerrit and merged.
Since malloc_trim is only available in libc, an entry is
added to configure.ac to create a definition for
HAVE_MALLOC_TRIM.
Change-Id: Ia38308c550149d9d6eae4ca414a649957de9700c
(cherry picked from commit 40ab571e0d)
We've been seeing crashes in libbfd when we attempt to generate
a stack trace from multiple threads. It turns out that libbfd
is NOT thread-safe. It can cache the bfd structure and give it to
multiple threads without protecting itself. To get around this,
we've added a global mutex around the bfd functions and also have
refactored the use of those functions to be more efficient and
to provide more information about inlined functions.
Also added a few more tests to test_pbx.c. One just calls
ast_assert() and the other calls ast_log_backtrace(). Neither are
run by default.
WARNING: This change necessitated changing the return value of
ast_bt_get_symbols() from an array of strings to a VECTOR of
strings. However, the use of this function outside Asterisk is not
likely.
ASTERISK-28140
Change-Id: I79d02862ddaa2423a0809caa4b3b85c128131621
The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.
* No longer allocate memory from the stack in a loop to parse the header
values. NOTE: There is a slight API change when using the passed in
strings as is. We now require the passed in strings to no longer have
leading or trailing whitespace. This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.
ASTERISK-28013 #close
Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
A change recently went in which disabled the built-in PJSIP
keepalive. This defaulted to 90 seconds and kept TCP/TLS
connections alive. Disabling this functionality has resulted
in a behavior change of not doing keepalives by default resulting
in TCP/TLS connections dropping for some people.
This change makes our default keepalive interval 90 seconds
to match the previous behavior and preserve it.
ASTERISK-27978
Change-Id: Ibd9a45f3cbe5d9bb6d2161268696645ff781b1d6
Turn off the periodic sending of CRLNCRLN. Default is on (90 seconds),
which conflicts with the global section's keep_alive_interval option in
pjsip.conf.
patches:
pjsip_keep_not_alive.patch submitted by Alexander Traud (License 6520)
ASTERISK-27347
Change-Id: I6a197f56e1830d3b7e5ec70f17025840a290b057
Using the keep_alive_interval option can result in a deadlock between the
pjproject transport manager group lock and the monitored transports ao2
container lock. The pjproject transport manager group lock has to be
superior in the locking order to the monitored transports ao2 container
lock because of pjproject callbacks called when already holding the group
lock. The lock inversion happens when Asterisk attempts to send a keep
alive packet over the reliable transports.
* Made keepalive_transport_thread() iterate over the monitored transports
container rather than use the ao2_callback() method. This avoids holding
the container lock when sending the keep alive packet.
ASTERISK-26686
Change-Id: I5d5392a52e698bbe41a93f7d8e92bf0e61fe3951
Asterisk modules that use PJPROJECT services have their compiler
optimization and possibly their symbolic debug options overridden by the
PJPROJECT configure script selected settings.
* We need to filter-out any -O and -g options in PJ_CFLAGS before echoing
out the result so the PJPROJECT_INCLUDE variable does not override the
Asterisk module settings when using bundled PJPROJECT.
NOTE: This patch only has an effect when using bundled PJPROJECT.
ASTERISK-27563
Change-Id: If124169735ecf572ad1535cd43bff94cb44d5b30
This fixes build warnings found by GCC 8. In some cases format
truncation is intentional so the warning is just suppressed.
ASTERISK-27824 #close
Change-Id: I724f146cbddba8b86619d4c4a9931ee877995c84
Due to a fixed size buffer the digest authentication could be
incorrectly calculated if a large URI was provided, causing
authentication failure. The buffer is now dynamically allocated to allow
any size URI within the normal limits of the HTTP request size.
ASTERISK-27841
Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
Create tests/CI directory and add files used by Jenkins to
build and test Asterisk.
With this commit, Jenkins will run the Asterisk Unit Tests using
the Jenkinsfile at tests/CI/unittests.jenkinsfile. Bash scripts
to do the actual building and testing are also in the same directory.
Output is placed in tests/CI/output so that directory has been
added to .gitignore.
Change-Id: I9448065465e6de2b878634510ace8fd1ef378608
Separate "name" into "classname" and "name".
Use '.' for classname separator instead of '/'.
Prefix reserved words with '_'.
Wrap output with a top-level "testsuites" element.
Change-Id: Iec1a985eba1c478e5c1d65d5dfd95cb708442099
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
ASTERISK-27818
Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
There was no real reason to limit the conteny type to text/plain other
than that's what it was limited to before. Now any text/* content
type will be allowed for channel drivers that don't support enhanced
messaging and any type will be allowed for channel drivers that do
support enhanced messaging.
Change-Id: I94a90cfee98b4bc8e22aa5c0b6afb7b862f979d9
SendText now accepts new channel variables that can be used
to override the To and From display names and set the Content-Type
of a message. Since you can now set Content-Type, other text/*
content types are now valid.
Change-Id: I648b4574478119f95de09d9f08e9595831b02830
Joshua Colp
George Joseph
Asterisk Development Team
Benjamin Keith Ford
Francesco Castellano
Sean Bright
Chris-Savinovich
Alexander Traud
Richard Mudgett
Jenkins2
Corey Farrell
Jaco Kroon