To safeguard against non-refcounted objects being left over in a log
info piece (e.g. a string on the stack), add this new function to pop
pieces from the stack until the desired one is removed. This is needed
in case of a unpaired log_info_* without a matching log_info_pop.
closes#1511
Change-Id: I689de14d034df779521dfdf59f923fdbf7fabc9b
(cherry picked from commit 59a16e747b)
To safeguard against leftover log info pieces, add additional resets
within loops that might run repeatedly.
Relevant to #1511
Change-Id: I875f1683b7dc8cee359469e8062c08c3c3e48a9d
(cherry picked from commit 38ebbfc8dc)
The PT tracker doesn't distinguish between audio/media types and
supplemental types, so in order not to break DTMF handling we must take
all combinations of primary (audio/media) types and supplemental types
as both input types and handler types into account.
Fix-up for 74075f6396
Fix-up for I57e1278e4fad157083d9526d4829f2940581687f
closes#1508
possibly also #1504
Change-Id: If7b242def2d35fbed14b11d204ea328b8bfe5d79
/var/spool/rtpengine is used by the main daemon as well as the recording
daemon. The recording daemon is not really useful without the main
daemon, while it's perfectly fine to use the main daemon without the
recording daemon. That directory should therefore be managed by the main
daemon package.
This fixes a broken systemd unit stemming from a missing directory if
the recording daemon is not installed.
Fix-up for 26bf2b05a5
Fix-up for I4abf4df218b1ba0dc70ed8974c0661d16e0b6ea7
Fixes GH #1510
Change-Id: If75b6c1b675c8abf0bb33ae58b41e036276f8640
(cherry picked from commit de8b3d59c1)
The order between receiving the STUN success and the triggered check is
not guaranteed, therefore resolve possible race condition by expecting
the two packets in either order.
Change-Id: Ibef9907cd4116bc5f3b7d17d936007c8efcabd3b
(cherry picked from commit 7b8fa51cc1)
Fixes:
| Warning: using insecure memory!
as triggered via libgcrypt, see
https://sources.debian.org/src/libgcrypt20/1.10.1-2/src/secmem.c/?#L283
Let's use 8388608 AKA 8MB as default, as present in systemd versions
251 and newer, see commit:
| commit 852b62507b22c0a986032a2c9fa9cc464a5b7bd2
| Author: Lennart Poettering <lennart@poettering.net>
| Date: Thu Mar 10 13:22:57 2022 +0100
|
| pid1,nspawn: raise default RLIMIT_MEMLOCK to 8M
|
| This mirrors a similar check in Linux kernel 5.16
| (9dcc38e2813e0cd3b195940c98b181ce6ede8f20) that raised the
| RLIMIT_MEMLOCK to 8M.
|
| This change does two things: raise the default limit for nspawn
| containers (where we try to mimic closely what the kernel does), and
| bump it when running on old kernels which still have the lower setting.
|
| Fixes: #16300
| See: https://lwn.net/Articles/876288/
Change-Id: I56f6d173d316386501ce8b13cc7a8ad6bea4ed26
(cherry picked from commit fd2dfd0b6a)
By default we use /var/spool/rtpengine as recording directory,
so ensure we have R/W access to it.
Change-Id: I4abf4df218b1ba0dc70ed8974c0661d16e0b6ea7
(cherry picked from commit 26bf2b05a5)
Now that we run as non-root user by default, we didn't have
proper capabilities for still running under root user.
Document, what's required to do so.
NOTE: related to TT#157800 (rtpengine: run as non-root) and
TT#76552 (systemd hardening)
Change-Id: Ie9f44bb75dc63cd407b27faab2219647d079359e
(cherry picked from commit 81a9366f49)
* Use an explicitly created global event loop
* Await websocket connection closure
Relevant to #1497
Change-Id: I600189f5383ca7e5da8b45460508c1ddcddede0b
(cherry picked from commit 5d33a420a6)
The codec answer routine resets the codec storage and so also resets the
clock rate tracker for "touched" codecs. This leads to all codecs seen
as "not touched" in the answer routine, which in turn leads to
supplemental codecs present in the answer SDP that should not be there.
Use the "for transcoding" flag for previously present codecs to retain
the "touched" status across the codec answer routine.
Change-Id: Idc4624606f7f10d7983e22ddf856432b07421157
Instead of having to rely on external repositories (like the
ubuntu-cloud-archive/yoga-staging PPA for the debhelper v13 backport),
let's use the pkg script instead. The pkg scripts ensure that the
debian/ directory looks as expected for the according distribution. So
for executing coverity + unit-tests in the Ubuntu/focal / ubuntu-20.04
environment on GitHub, let's use pkg/deb/backports/focal for generating
the according Debian source tree.
Related change in pkg: make `wrap-and-sort` execution optional. We don't
have devscripts installed by default in Ubuntu/focal / ubuntu-20.04
environment on GitHub, while usage of wrap-and-sort can be considered
optional for our purposes.
Change-Id: Ic252b323408fab557e3f151a93f61aa8fac1a30f
(cherry picked from commit b657af1905)
ubuntu-20.04 + ubuntu-latest (currently also pointing at 20.04) don't
provide debhelper v13 (required for debhelper-compat (= 13)), therefore
our workflow fails with:
| The following packages have unmet dependencies:
| builddeps:. : Depends: debhelper-compat (= 13)
| E: Unable to correct problems, you have held broken packages.
So enable the ubuntu-cloud-archive/yoga-staging PPA,
which provides a backport of debhelper v13:
https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/yoga-staging/+packages
and fixes our failing unity + coverity builds on github.
While at it, using apt-get with `-qq` displays only the following
message on package installation problems:
| E: Unable to correct problems, you have held broken packages.
Whereas with `-q`, we get the actual underlying problem, being:
| The following packages have unmet dependencies:
| builddeps:. : Depends: debhelper-compat (= 13)
| E: Unable to correct problems, you have held broken packages.
Change-Id: I67439a8f2f27e902710af43ff52599c8a58a5f98
(cherry picked from commit 21665902ab)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012766
> Whilst working on the Reproducible Builds effort [0] we noticed that
> rtpengine could not be built reproducibly.
>
> Whilst it did use the value from debian/changelog, the RELEASE_DATE
> variable changed due to underlying system timezone setting. A patch
> is attached that passes -u/--utc to the call to date(1).
>
> [0] https://reproducible-builds.org/
(cherry picked from commit 821fbf7644)
Change-Id: I334fef661a55af6e7af246749cb17980b3dde7c3
When doing the initial answer, the packet_stream endpoint port isn't
filled in yet. Use the stream_params port instead to test for rejected
streams.
closes#1499
Change-Id: I8f315d95521f874fb8c5e6222263d017800b5fc9
(cherry picked from commit 447f0f52d0)
When ports are closed early (while the call is still running), we must
first update a slave rtpengine with this new information (that these
ports are now closed) before actually releasing the ports ourselves. Not
doing so leads to a race condition where the master instance re-uses a
port that was just closed before the slave instance knows about the port
being closed.
We implement this using a thread-local list to keep track of ports that
were released while processing a control message, and process this list
to actually close the ports only after Redis has been updated.
Additional calls to the function to close the ports are placed in
strategic locations to make sure this is triggered in every code path.
closes#1495
Change-Id: I803f4594f30ca315da0b84c6e76893f54ca3a7c9
(cherry picked from commit 17bda4b1e8)
Despite this code being called from userspace, we must disable
interrupts while having ssrc_stats_lock acquired, as the same lock is
acquired elsewhere from within an interrupt context.
closes#1492
Change-Id: Ia6f31eb876ee98ad355d12f9361cbc068d008608
In commit a4ee01d27f we switched to debhelper compat level 13.
debhelper v13 isn't available in (plain) Debian buster,
and therefore the Debian pipeline for buster fails with:
| The following packages have unmet dependencies:
| builddeps:. : Depends: debhelper-compat (= 13)
Since we updated packaging for bullseye, also adapt the GitHub
actions / workflow accordingly.
Change-Id: I411a6ab16ee48c5c5fc1ca43c58c016df83e1ff7
ngcp-rtpengine-daemon service state BEFORE this change:
| $ sudo systemd-analyze security ngcp-rtpengine-daemon | tail -1
| → Overall exposure level for ngcp-rtpengine-daemon.service: 9.3 UNSAFE 😨
ngcp-rtpengine-daemon service state AFTER this change:
| $ sudo SYSTEMD_COLORS=0 PAGER= COLUMNS=100 unbuffer systemd-analyze security ngcp-rtpengine-daemon | grep -v '✓'
| NAME DESCRIPTION EXPOSURE
| ✗ PrivateNetwork= Service has access to the host's network 0.5
| ✗ RestrictAddressFamilies=~AF_(INET|INET6) Service may allocate Internet sockets 0.3
| ✗ DeviceAllow= Service has a device ACL with some special … 0.1
| ✗ IPAddressDeny= Service does not define an IP address allow… 0.2
| ✗ SystemCallFilter=~@privileged System call allow list defined for service,… 0.2
| ✗ SystemCallFilter=~@resources System call allow list defined for service,… 0.2
| ✗ AmbientCapabilities= Service process receives ambient capabiliti… 0.1
| ✗ RestrictAddressFamilies=~AF_NETLINK Service may allocate netlink sockets 0.1
| ✗ RootDirectory=/RootImage= Service runs within the host's root directo… 0.1
| ✗ RestrictAddressFamilies=~AF_UNIX Service may allocate local sockets 0.1
| ✗ ProcSubset= Service has full access to non-process /pro… 0.1
|
| → Overall exposure level for ngcp-rtpengine-daemon.service: 1.4 OK 🙂
As of systemd v247.3-7.
Change-Id: I1bc2a82b0b9a945a3fa25f3e35d1b751ee0e4041
These packages do not provide architecture-specific interfaces. The only
problematic one is the kernel module, which requires a matching kernel
where to run on, independently of the userland. In addition the kernel
interface is arch-specific so running, say, a 64-bit kernel and module
and a 32-bit userland will not work.
Change-Id: Ic7327e422ec6f2e3cd4145b8ae172db9149287b4
We have had DKMS support for a long time, which is easier to integrate
to, and manage as a user. As we have not been testing module-assistant
support and it's redundant with the DKMS support, let's just remove it.
Change-Id: Iff546a4a333a2e4e48fbc1e49fecee9bab3a0138
This prevents empty mixed output files from being created when mixed
output is enabled in the config but recording isn't active for that
call.
Change-Id: I66ead89dc8a7ea80b81164b3e24d997b0df5f37e
Provide a standard output format if no other outputs are configured, so
that the decoder has something to work with. Applicable to TLS-send-only
scenarios without recording.
Change-Id: I627bb7af3f3033e1025009c21a4da6991e491dcf
DTX and delay buffers and their timers are shut down during the codec
negotiation phase, which also happens for the offer side while
processing an answer. If the codec negotiation routine determines that
the existing codec handlers can be kept intact, we must restart the DTX
and delay buffers that have previously been shut down.
Buffer objects are never freed during a shutdown, therefore we simply
need to restore the contained references to indicate that these buffers
are active again.
closes#1481
Change-Id: I57181ba1655fd781a7c543ee31aa67fd179ba89b
This eliminates a spurious false warning log message for rejected
streams that use a dummy payload type
Change-Id: Id628cafb8d7c4ea576cd01ff35f5dd9cd2151280
Since we're already doing the full parsing of the request flags, use the
same function to parse all required flags
Change-Id: I0880ccbbbc36eae7b172440ce51afc1c544583a1
Richard Fuchs
Michael Prokop
Sipwise Jenkins Builder
Chris Lamb
Guillem Jover
Victor Seva
szcom