Currently, WebSockets both accept and send media without the option to
disable one or the other. This commit adds the ability to set the media
direction for a WebSocket, making it unidirectional or bidirectional
(the default). Direction is done from the point of view of the
application, NOT Asterisk. The allowed values are 'both', 'in', and
'out'. If media direction is 'both' (the default), Asterisk accepts and
sends media to the application. If it is 'in', Asterisk will drop any
media received from the application. If it is 'out', Asterisk will not
write any media frames to the application.
UserNote: WebSocket now supports media direction, allowing for
unidirectional media. This is done from the perspective of the
application and can be set via channel origination, external media, or
commands sent from the application. Check out
https://docs.asterisk.org/Configuration/Channel-Drivers/WebSocket/ for
more.
"SyntaxWarning: invalid escape sequence '\s'" occurs when using the pjsip
migration script because '\' is an escape character in Python. Instead,
use a raw string for the regex.
`ast_cli_unregister_multiple()` expects internal data members to be heap
allocated which happens during a successful call to
`ast_cli_register_multiple()`. CLI handlers defined traditionally - those whose
handler responds to the CLI_INIT message - take care of this automatically. But
when we statically provide a `command` or `usage` member, we _must_ initialize
them with `ast_cli_register_multiple()` before attempting to destroy them.
Resolves: #1651
According to RFC 8866 (Section 5.2), the Session Name (s=) field and
the username part of origin (o=) are both mandatory and cannot be
empty. If a session has no name, or no username part of origin, the
RFC recommends using a single dash (-) as a placeholder.
This fix ensures that if the session name or the username part of
origin length is zero , it defaults to -.
Fixes: #1524
This hook may not be necessary when we do a retransmit, but when there are two
INVITEs, one *initial* and one with auth digest, the second INVITE contains wrong (unmodified) media address
due to the commented line below.
The NAT hook needs to run due to filters potentially reverting previously modified packets.
Fixes: #449
Fix discarded-qualifiers errors to compile successfully with gcc 15.2.1.
Associated changes have also been made to libss7; however, for compatibility
we cast const char* values to char*. In the future, these casts could be
removed.
Resolves: #1786
chan_iax2 has several code paths where a frame's data length
is calculated by subtraction. On some paths, there is a check
for negative length. One of these paths is missing this check,
and on this path, it is possible for the result to be negative,
leading to a crash as a result of memory operations using the
bogus length.
Add a check to capture this off-nominal case. This will log
the appropriate warnings as in other cases and prevent a crash.
Also update the log messages to be clearer.
Resolves: #1707
GCC 15.2.1 pays attention to the discarding of the const
qualifier when strchr, strrchr, memchr, or memrchr are now
used. This change fixes numerous errors with this throughout
the tree. The fixes can be broken down into the following:
1. The return value should be considered const.
2. The value passed to strchr or strrchr can be cast as it is
expected and allowed to be modified.
3. The pointer passed to strchr or strrchr is not meant to be
modified and so the contents must be duplicated.
4. It was declared const and never should have been.
This change adds an API call to allow direct access to the latest
snapshot of an ast_endpoint. This is then used by chan_pjsip when
calculating device state, eliminating the need to access the cache
which would incur a container find and access.
Modify gdbinit to use the install command with explicit permissions (-m 600)
when creating the .ast_coredumper.gdbinit file. This ensures the file is
created with restricted permissions (readable/writable only by the owner)
to avoid potential privilege escalation.
Resolves: #GHSA-xpc6-x892-v83c
To address potential security issues, the httpstatus page is now disabled
by default and the echoed query string and cookie output is html-escaped.
Resolves: #GHSA-v6hp-wh3r-cwxh
UpgradeNote: To prevent possible security issues, the `/httpstatus` page
served by the internal web server is now disabled by default. To explicitly
enable it, set `enable_status=yes` in http.conf.
Prevent ast_coredumper from using ast_debug_tools.conf files that are
not owned by root or are writable by other users or groups.
Prevent ast_logescalator and ast_loggrabber from doing the same if
they are run as root.
Resolves: #GHSA-rvch-3jmx-3jf3
UserNote: ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.
The xmlReadFile XML_PARSE_NOENT flag, which allows parsing of external
entities, could allow a potential XXE injection attack. Replacing it with
XML_PARSE_NONET, which prevents network access, is safer.
Resolves: #GHSA-85x7-54wr-vh42
This adds a 'prio' setting to ensure that call priority is respected across multiple queues.
Using 'yes' could cause high-priority callers to be skipped if a caller
in another queue had a longer wait time, regardless of priority.
Resolves: #1637
UserNote: The 'force_longest_waiting_caller' option now supports a 'prio' setting.
When set to 'prio', calls are offered by priority first, then by wait time.
Resolves: #1612
UserNote: Bundled pjproject has been upgraded to 2.16. For more
information on what all is included in this change, check out the
pjproject Github page: https://github.com/pjsip/pjproject/releases
Adds a new PJSIP_INHERITABLE_HEADER dialplan function to add
inheritable headers from the inbound channel to an outbound
bridged channel. This works similarly to the existing
PJSIP_HEADER function, but will set the header on the bridged
outbound channel's INVITE upon Dial.
Inheritable headers can be updated or removed from the inbound
channel as well as from a pre-dial handler
Resolves: #1670
UserNote: A new PJSIP_HEADER option has been added that allows
inheriting pjsip headers from the inbound to the outbound bridged
channel.
Example- same => n,Set(PJSIP_INHERITABLE_HEADER(add,X-custom-1)=alpha)
will add X-custom-1: alpha to the outbound pjsip channel INVITE
upon Dial.
app_queue: Set Dial-compatible timing variables
Extends Queue() to set Dial-compatible timing variables (ANSWEREDTIME, DIALEDTIME) and introduces a precise QUEUEWAIT metric calculated at agent connect time, with proper initialization to prevent stale or misleading values.
stasis.c: Fix deadlock in stasis_topic_pool_get_topic during module load.
Deadlock occurs when res_manager_devicestate loads concurrently with
device state operations due to lock ordering violation:
Thread 1: Holds pool lock → needs topic lock (in stasis_forward_all)
Thread 2: Holds topic lock → needs pool lock (in stasis_topic_pool_get_topic)
Fix: Release pool lock before calling stasis_topic_create() and
stasis_forward_all(). Re-acquire only for insertion with race check.
Preserves borrowed reference semantics while breaking the deadlock cycle.
Fixes: #1611
QUEUE_RAISE_PENALTY=rN was not respected during member selection. calc_metric() raised penalties below QUEUE_MIN_PENALTY, allowing excluded members to be selected.
This change makes calc_metric() honor raise_respect_min, keeping behavior consistent with queue empty checks and expected rN semantics
UserNote: Fixes an issue where QUEUE_RAISE_PENALTY=rN could raise a member’s penalty below QUEUE_MIN_PENALTY during member selection. This could allow members intended to be excluded to be selected. The queue now consistently respects the minimum penalty when raising penalties, aligning member selection behavior with queue empty checks and documented rN semantics.
This prevents a situation where a call joining at 1st position to a queue with calls
leads to a state where no callers are considered the longest waiting,
causing queues to stop offering calls.
Resolves: #1691
With this new feature, users who speak these languages can now benefit from the
text-to-speech functionality provided by asterisk. This will make the platform
more accessible and useful to a wider range of users, particularly those in
regions where Pashto and Dari are spoken. This contribution will help to improve
the overall usability and inclusivity of the asterisk platform.
Fixes: #1724
When an outbound INVITE transaction times out (408) or receives a 503 error,
check_request_status() attempts to failover to the next available address by
restarting the INVITE session. However, the function did not check if the
inv_session was already cancelled before attempting the failover.
This caused unexpected behavior when a caller hung up during a ring group
scenario: after CANCEL was sent but the remote endpoint failed to respond
with 487 (e.g., due to network disconnection), the transaction timeout
would trigger a NEW outbound INVITE to the next address, even though the
session was already terminated.
This violates RFC 3261 Section 9.1 which states that if no final response
is received after CANCEL within 64*T1 seconds, the client should consider
the transaction cancelled and destroy it, not retry to another address.
The fix adds a check for both PJSIP_INV_STATE_DISCONNECTED and inv->cancelling
at the beginning of check_request_status(). This ensures that:
- Failover is blocked when the user explicitly cancelled the call (CANCEL sent)
- Failover is still allowed for legitimate timeout/503 scenarios where no
CANCEL was initiated (e.g., SRV failover when first server is unreachable)
Resolves: #1716
allocate_subscription() increments the ao2 reference count of the subscription tree,
but the reference was not consistently released during subscription destruction,
resulting in leaked sip_subscription_tree objects.
This patch makes destroy_subscription() responsible for releasing sub->tree,
removes ad-hoc cleanup in error paths,
and guards tree cleanup to ensure refcount symmetry and correct ownership.
Fixes: #1703
When chan_websocket received a Ping or a Pong opcode it would cause the channel to hangup. This change allows Ping/Pong opcodes and allows them to silently pass
This extends 'channel request hangup' to accept multiple channel
names, a POSIX Extended Regular Expression, a glob-like pattern, or a
combination of all of them.
UserNote: The 'channel request hangup' CLI command now accepts
multiple channel names, POSIX Extended Regular Expressions, glob-like
patterns, or a combination of all of them. See the CLI command 'core
show help channel request hangup' for full details.
Reduce cache lock time for AMI and CLI sorcery memory cache populate
commands by adding a new populate_lock to the sorcery_memory_cache
struct which is locked separately from the existing cache lock so that
the cache lock can be maintained for a reduced time, locking only when
the cache objects are removed and re-populated.
Resolves: #1700
UserNote: The AMI command sorcery memory cache populate will now
return an error if there is an internal error performing the populate.
The CLI command will display an error in this case as well.
We now add the websocket's file descriptor to the channel's fd array and let
it poll for data availability instead if having a dedicated thread that
does the polling. This eliminates the thread and allows removal of most
explicit locking since the core channel code will lock the channel to prevent
simultaneous calls to webchan_read, webchan_hangup, etc.
While we were here, the hangup code was refactored to use ast_hangup_with_cause
instead of directly queueing an AST_CONTROL_HANGUP frame. This allows us
to set hangup causes and generate snapshots.
For a bit of extra debugging, a table of websocket close codes was added
to http_websocket.h with an accompanying "to string" function added to
res_http_websocket.c
Resolves: #1683
Versions of libedit that support Unicode expect that the
EL_GETCFN (the function that does character I/O) will fill in a
`wchar_t` with a character, which may be multi-byte. The built-in
function that libedit provides, but does not expose with a public API,
does properly handle multi-byte sequences.
Due to the design of Asterisk's console processing loop, Asterisk
provides its own implementation which does not handle multi-byte
characters. Changing Asterisk to use libedit's built-in function would
be ideal, but would also require changing some fundamental things
about console processing which could be fairly disruptive.
Instead, we bring in libedit's `read_char` implementation and modify
it to suit our specific needs.
Resolves: #60
Always take an explicit reference on the format used for bridge playback
and recording channels, regardless of where it was sourced, and release
it after prepare_bridge_media_channel. This aligns the code paths and
avoids mixing borrowed and owned references while preserving behavior.
Fixes: #1648
* 3d positions were being rendered without an enclosing `<gml:pos>`
element resulting in invalid XML.
* There was no way to set the `id` attribute on the enclosing `tuple`, `device`
and `person` elements.
* There was no way to set the value of the `deviceID` element.
* Parsing of degree and radian UOMs was broken resulting in them appearing
outside an XML element.
* The UOM schemas for degrees and radians were reversed.
* The Ellipsoid shape was missing and the Ellipse shape was defined multiple
times.
* The `crs` location_info parameter, although documented, didn't work.
* The `pos3d` location_info parameter appears in some documentation but
wasn't being parsed correctly.
* The retransmission-allowed and retention-expiry sub-elements of usage-rules
were using the `gp` namespace instead of the `gbp` namespace.
In addition to fixing the above, several other code refactorings were
performed and the unit test enhanced to include a round trip
XML -> eprofile -> XML validation.
Resolves: #1667
UserNote: Geolocation: Two new optional profile parameters have been added.
* `pidf_element_id` which sets the value of the `id` attribute on the top-level
PIDF-LO `device`, `person` or `tuple` elements.
* `device_id` which sets the content of the `<deviceID>` element.
Both parameters can include channel variables.
UpgradeNote: Geolocation: In order to correct bugs in both code and
documentation, the following changes to the parameters for GML geolocation
locations are now in effect:
* The documented but unimplemented `crs` (coordinate reference system) element
has been added to the location_info parameter that indicates whether the `2d`
or `3d` reference system is to be used. If the crs isn't valid for the shape
specified, an error will be generated. The default depends on the shape
specified.
* The Circle, Ellipse and ArcBand shapes MUST use a `2d` crs. If crs isn't
specified, it will default to `2d` for these shapes.
The Sphere, Ellipsoid and Prism shapes MUST use a `3d` crs. If crs isn't
specified, it will default to `3d` for these shapes.
The Point and Polygon shapes may use either crs. The default crs is `2d`
however so if `3d` positions are used, the crs must be explicitly set to `3d`.
* The `geoloc show gml_shape_defs` CLI command has been updated to show which
coordinate reference systems are valid for each shape.
* The `pos3d` element has been removed in favor of allowing the `pos` element
to include altitude if the crs is `3d`. The number of values in the `pos`
element MUST be 2 if the crs is `2d` and 3 if the crs is `3d`. An error
will be generated for any other combination.
* The angle unit-of-measure for shapes that use angles should now be included
in the respective parameter. The default is `degrees`. There were some
inconsistent references to `orientation_uom` in some documentation but that
parameter never worked and is now removed. See examples below.
Examples...
```
location_info = shape="Sphere", pos="39.0 -105.0 1620", radius="20"
location_info = shape="Point", crs="3d", pos="39.0 -105.0 1620"
location_info = shape="Point", pos="39.0 -105.0"
location_info = shape=Ellipsoid, pos="39.0 -105.0 1620", semiMajorAxis="20"
semiMinorAxis="10", verticalAxis="0", orientation="25 degrees"
pidf_element_id = ${CHANNEL(name)}-${EXTEN}
device_id = mac:001122334455
Set(GEOLOC_PROFILE(pidf_element_id)=${CHANNEL(name)}/${EXTEN})
```
`nm` might, especially in cross-compilation scenarios, be available but prefixed with the target triple. So: use `AC_PATH_TOOL` rather than `AC_PATH_PROG` to find it. (See https://www.gnu.org/software/autoconf/manual/autoconf-2.68/html_node/Generic-Programs.html .)
Found and proposed fix tested by cross-compiling Asterisk using Nixpkgs on x86_64 targeting aarch64. :)
Delay acquisition of the ast_sip_endpoint reference in mwi_get_notify_data()
to avoid an ao2 ref leak on early-return error paths.
Move ast_sip_subscription_get_endpoint() to just before first use so all
acquired references are properly cleaned up.
Fixes: #1675
This commit integrates the redirect module into res_pjsip_messaging
to enable following 3xx redirect responses for outgoing SIP MESSAGEs.
When follow_redirect_methods contains 'message' on an endpoint, Asterisk
will now follow 3xx redirect responses for MESSAGEs, similar to how
it behaves for INVITE responses.
Resolves: #1576
UserNote: A new pjsip endpoint option follow_redirect_methods was added.
This option is a comma-delimited, case-insensitive list of SIP methods
for which SIP 3XX redirect responses are followed. An alembic upgrade
script has been added for adding this new option to the Asterisk
database.
This commit introduces a new redirect handling module that provides
infrastructure for following SIP 3xx redirect responses. The redirect
functionality respects the endpoint's redirect_method setting and only
follows redirects when set to 'uri_pjsip'. This infrastructure can be
used by any PJSIP module that needs to handle 3xx redirect responses.
callgroup and pickupgroup may only be specified for FXO-signaled channels;
however, the chan_dahdi sample config had these options uncommented in
the [channels] section, thus applying these settings to all channels,
resulting in warnings. Comment these out so there are no warnings with
an unmodified sample config.
Resolves: #1552
