Commit Graph

34456 Commits

Author SHA1 Message Date
George Joseph e6659d458f chan_websocket: Use leftover data if no frames are available when the timer fires.
When the 20ms channel timer fires but there are no frames available in
the queue, we now check for leftover data in the buffer and if there is
any, we create a frame with it and send it to the core. This resolves an
issue with the leftover data being delayed if a STOP_MEDIA_BUFFERING
command is delayed. Some existing comments were also clarified to
account for the new behavior.

Resolves: #2006
2026-07-02 18:06:22 +00:00
Mehrdad Seifzadeh 00dc2630aa res_pjsip_session: Bound delayed BYE behind UAC INVITE
When a confirmed session is being terminated while an outgoing in-dialog
INVITE transaction is still outstanding, the BYE is delayed until the
outstanding transaction terminates.

If that INVITE has already received a provisional response and the final
response is malformed and rejected before transaction processing, the
transaction can remain outstanding and the delayed BYE can keep the
session, media state, RTP instance, and PJPROJECT pools referenced after
the channels are gone.

When a BYE is delayed behind an outstanding UAC INVITE, set a PJPROJECT
transaction timeout on that INVITE so the delayed cleanup path has a
bounded wait. If PJPROJECT terminates the dialog as a result of the
timeout, discard the delayed BYE instead of sending a duplicate BYE.

Fixes: #1965
2026-07-01 18:53:17 +00:00
Sean Bright 744a7bdaf3 extensions.ael.sample: Restore removed macros
Commit e8f548c1 removed AEL `macro` definition and calls from the
sample configuration file, but those do not use the deprecated/removed
`Macro` app - they use `Gosub` under the hood.
2026-06-26 15:07:10 +00:00
Alexandre Fournier fb565f3f54 format_cap: guard against NULL src in *_from_cap helpers
ast_format_cap_append_from_cap() and ast_format_cap_replace_from_cap()
dereference 'src' (src->preference_order) without checking it for NULL.

A dummy channel allocated with ast_dummy_channel_alloc() never sets a
native-format capability, so ast_channel_nativeformats() returns NULL on
such channels. When CHANNEL(audionativeformat) / CHANNEL(videonativeformat)
is evaluated against a dummy channel (e.g. via ARI channelvars during a
Stasis VarSet event raised while app_voicemail builds the notification
email on a dummy channel), func_channel_read() passes that NULL straight
into ast_format_cap_append_from_cap(), causing a NULL dereference at
offset 0x28 and a SIGSEGV.

Guard both helpers against a NULL source. A NULL source simply means
"no formats to copy", so appending/replacing nothing is the correct
no-op behaviour. This also protects all other callers.

Fixes https://github.com/asterisk/asterisk/issues/1992

AI disclosure: this was generated using Claude Opus 4.8, tested to fix the issue. Not sure if it is the *right* way to do it.
2026-06-25 23:39:38 +00:00
ThatTotallyRealMyth b2cdfb40d0 ast_loggrabber: Install the ast_tsconvert.py script to a secure temp directory.
The ast_tsconvert.py script called by ast_loggrabber is now installed in a
temporary directory that isn't world readable or writable.

Resolves: #GHSA-xgj6-2gc5-5x9c
2026-06-25 08:22:46 -06:00
George Joseph cb71395d59 chan_unistim.c: Prevent overrun of phone_number field.
Add a check to key_dial_page() to ensure that dialed digits won't overrun
the phone_number field.

Resolves: #GHSA-3g56-cgrh-95p5
2026-06-25 08:22:46 -06:00
Mike Bradeen 5a8ac4eed5 ooh323c: not checking for IE minimum length
When decoding q.931 encoded calling/called number
now checking for length being less than minimum required.

Resolves: #GHSA-h5hv-jmgj-92q2
2026-06-25 08:22:46 -06:00
George Joseph 356e4d82d2 res_ari: Ensure read-only users are properly authorized via REST Over WebSocket.
The REST over WebSocket path now properly prevents non-GET methods from
being executed on inbound WebSockets.

* The query parameters from the original incoming GET request that caused the
upgrade to WebSocket are now passed to all REST requests that come from the
client. This ensures that if the client authenticated with a read-only
userid using the "api_key" query_string parameter, REST requests coming
in over the WebSocket will only be able to execute GETs on resources.
The HTTP headers were already passed to the REST requests so if the
client had authenticated via an "Authorization" it was properly handled.

* New tests have been added to test_ari.c to check that read-only users
are properly denied access to resources using non-GET methods.  Several
memory leaks were also squashed.

Resolves: #GHSA-wcvv-g26m-wx5c
2026-06-25 08:22:46 -06:00
George Joseph 724606ab45 pjsip_message_filter: Use pj_strdup instead of pj_strassign to save local address.
The filter_on_tx_message() function was using pj_strassign() to save the pointer
of the pjproject transport local address to a local pj_str_t variable.  That
variable was ultimately used to set the Contact header's uri->host and the SDP
connection attribute's address again using pj_strassign.  pj_strassign() doesn't
copy the actual value of the pj_str_t however, it just copies the pointer so
if a connection-oriented transport is disconnected before the 200 OK with the
SDP is sent, those pointers will be invalid which can cause use-after-free
issues. To prevent this, filter_on_tx_message() now uses pj_strdup with the
tdata->pool as the backing store to save the local IP address to the local
variable.  pj_strassign() can then be used safely later on since the tdata
will be available for the life of the transaction.

Resolves: #GHSA-g8q2-p36q-94f6
2026-06-25 08:22:46 -06:00
George Joseph e514f1fe4f ooh323c/ooq931.c: Ensure ooQ931Decode doesn't run out-of-bounds.
Several bounds checks have been edded to ooQ931Decode to prevent it from
running past the end of the data buffer when parsing information elements.

Resolves: #GHSA-746q-794h-cc7f
2026-06-25 08:22:46 -06:00
George Joseph 57a540d3d7 ARI: Make ARI applications respect live_dangerously.
DeveloperNote: ARI applications can no longer call "dangerous" dialplan
functions like DB(), FILE(), SHELL(), CURL(), STAT(), etc. without
enabling "live_dangerously" in asterisk.conf.

Resolves: #GHSA-vrfp-mg3q-3959
2026-06-25 08:22:46 -06:00
George Joseph 0749d2a43e res_rtp_asterisk.c: Address 2 potential T.140 RED buffer overruns.
* Add check to red_t140_to_red() to ensure that the new primary payload
can't cause the rtp_red->len array items to wrap or cause an overrun of
the rtp_red->t140red_data buffer.

* Add check to rtp_red_buffer() to ensure that a T.140 frame to be sent
can't cause rtp_red->len array items to wrap or cause an overrun of
the rtp_red->buf_data buffer.

Resolves: #GHSA-vfhr-r9x9-c687
Resolves: #GHSA-j2mm-57pq-jh94
2026-06-25 08:22:46 -06:00
Roberto Paleari 8e42fa57de res/res_pjsip_pubsub.c: Fix buffer over-read in MWI body parser
Add constraint checks to prevent unauthenticated users from crashing Asterisk
instance by sending a crafted inbound SIP NOTIFY request with "Content-Type:
application/simple-message-summary".

Resolves: #GHSA-8jw3-ccr9-xrmf
2026-06-25 08:22:46 -06:00
Mike Bradeen ada8b084d3 manager: Use remote address in user error logging
To avoid a potential null dereference use the remote address
in error logging when there is no user or the user acl fails.

Resolves: #GHSA-3rhj-hhw7-m6fw
2026-06-25 08:22:46 -06:00
Mike Bradeen 241d515e89 ooh323: Prevent potential buffer overflow in trace logging
Replace a call to vsprintf with a call to ast_vasprintf to
prevent a possible buffer overflow.

Resolves: #GHSA-x348-j6c9-77f3
2026-06-25 08:22:46 -06:00
Pengpeng Hou d1f6359f38 app_sms: Bound protocol 1 SMS unpacking to fixed-size buffers
The protocol 1 unpack helpers trusted externally controlled lengths and wrote
 them directly into fixed-size buffers in sms_t. Clamp the address, header,
 and body copies to the destination array sizes so malformed messages cannot
 overwrite adjacent state.

Resolves: #GHSA-q9fr-m7g8-6ph5
2026-06-25 08:22:46 -06:00
Milan Kyselica aa8c560915 res_xmpp: Fix stack buffer overflow in namespace prefix handling
The snprintf size parameter in xmpp_action_hook() is computed from
the attacker-controlled namespace prefix length and is not bounded
by the 256-byte stack buffer size. When a remote XMPP peer sends a
stanza with a child element whose namespace prefix exceeds 249
characters, snprintf writes past the buffer boundary.

Use sizeof(attr) as the snprintf size limit and %.*s precision to
extract only the prefix portion of the element name, preserving
the original truncation behavior for valid inputs.

Resolves: #GHSA-mxgm-8c6f-5p8f
2026-06-25 08:22:46 -06:00
Milan Kyselica 0363eca2a3 res_pjsip_pubsub: Add width limit to sscanf in MWI NOTIFY parser
The parse_simple_message_summary() function uses sscanf with an
unbounded %s format specifier to parse the Message-Account field
from incoming SIP NOTIFY bodies into a fixed-size 512-byte stack
buffer (PJSIP_MAX_URL_SIZE). A single unauthenticated SIP NOTIFY
with a Message-Account value exceeding 512 bytes overflows the
buffer, corrupting adjacent stack data and permanently disabling
the PJSIP transport layer without crashing the process.

Add a width specifier (%511s) to limit the sscanf write to
PJSIP_MAX_URL_SIZE - 1 bytes plus the NUL terminator, matching
the destination buffer size.

Resolves: #GHSA-589g-qgf8-m6mx
2026-06-25 08:22:46 -06:00
Milan Kyselica fbf2e0dc98 res_config_ldap: Escape LDAP filter values per RFC 4515
The LDAP realtime driver constructs search filters by directly
concatenating user-supplied values without RFC 4515 escaping.
When LDAP is used as a realtime backend for endpoint
identification, characters with special meaning in LDAP filters
(*, (, ), \) can be injected via the SIP From header username.

Add ldap_filter_escape_value() that escapes RFC 4515 special
characters to their \HH hex representation, and apply it to
non-LIKE query values. The LIKE query path preserves the existing
wildcard conversion behavior with a note for maintainers.

Resolves: #GHSA-r6c2-hwc2-j4mp
2026-06-25 08:22:46 -06:00
Milan Kyselica 7372e6fd48 cel_pgsql, cel_tds: Escape eventtype field to prevent SQL injection
The eventtype column handler in cel_pgsql.c inserts
record.user_defined_name directly into the SQL query without
calling PQescapeStringConn(), while all other string fields in
the same function are properly escaped. Similarly, cel_tds.c
passes the raw user_defined_name into the SQL INSERT without
routing it through anti_injection(), while all other fields are
processed through that function.

For cel_pgsql.c, escape the eventtype value using
PQescapeStringConn(), matching the existing pattern used for all
other string fields at lines 308-331 of the same function.

For cel_tds.c, route the eventtype value through
anti_injection() consistent with how all other fields are handled
in the same function.

Resolves: #GHSA-ph27-3m5q-mj5m
2026-06-25 08:22:46 -06:00
Milan Kyselica 43a249f2b2 http: Escape error page text to prevent reflected XSS
The text parameter in ast_http_create_response() is inserted into
the HTML body without escaping, while the server name on the same
page is properly escaped via ast_xml_escape(). When res_phoneprov
passes the decoded request URI as the text of a 404 response, HTML
metacharacters in the URI are rendered by the browser.

Apply ast_xml_escape() to the text parameter before inserting it
into the HTML template, using the same function already used for
the server name.

Resolves: #GHSA-4pgv-j3mr-3rcp
2026-06-25 08:22:46 -06:00
Milan Kyselica ab4b9c6b51 codec_codec2: Only process complete Codec2 frames in decoder
The codec2_samples() function uses floor division (160 * datalen/6)
to compute expected output samples, but the decode loop condition
(x < datalen) iterates with ceiling behavior when datalen is not a
multiple of CODEC2_FRAME_LEN. This mismatch causes the loop to
decode one extra frame beyond what the framework bounds check
budgeted for, leading to an out-of-bounds write on the output buffer.

Change the loop condition to only process complete frames, matching
the floor-division behavior of codec2_samples(). This also prevents
an out-of-bounds read on the input side when fewer than
CODEC2_FRAME_LEN bytes remain.

Resolves: #GHSA-qf8j-jp7h-c5hx
2026-06-25 08:22:46 -06:00
Milan Kyselica 862a9248a0 format_ogg_speex: Add bounds check to prevent heap buffer overflow
The ogg_speex_read() function copies OGG packet data via memcpy()
without validating the packet size against the destination buffer
(BUF_SIZE = 200 bytes). A crafted .spx file with an oversized OGG
audio packet causes a heap buffer overflow that corrupts the
adjacent speex_desc structure containing libogg heap pointers,
leading to a crash (SIGSEGV) on playback.

Add a bounds check for both negative and oversized values before
the memcpy, consistent with how format_ogg_vorbis bounds its reads
via ov_read().

Resolves: #GHSA-8jhw-m2hg-vp3h
2026-06-25 08:22:46 -06:00
Sean Bright 716e4c08af configs: Comment out values setting to avoid parse error
Fixes the following after a `make samples`:

```
config.c:2281 process_text_line: parse error: No category context for line 64 of ...
```
2026-06-24 14:49:46 +00:00
Mike Bradeen ceb1d7579f app_mixmonitor: Fix duplex recording for non 8K codecs
The native sampling of duplex recording is set to match the raw 8K
output format. If one or more of the streams being recorded is above
8K, the frame size coming into the mixmonitor is too large and needs
to be translated to 8K before being mixed into the stereo frame to
avoid garbled and mistimed audio

Fixes: #1779
2026-06-16 14:19:00 +00:00
George Joseph 8c702ec8e6 res_http_websocket: Add timeout to client handshakes.
The websocket client proxy and server handshakes use ast_iostream_gets which
are blocking calls.  If the outgoing connection succeeds at the TCP or TLS
layer but the proxy (if configured) or the websocket server fails to respond
to the CONNECT or GET requests, the process can hang indefinitely and escalate
to a deadlock.  To address this, the handshakes are now guarded with calls to
ast_iostream_set_timeout_sequence() with the timeout set to the client's
(connection_timeout * 2) milliseconds.

In order to use ast_iostream_set_timeout_sequence(), the iostream has to be
set to non-blocking with ast_iostream_nonblock() but there was no way to
reset the stream back to blocking mode so a new API ast_iostream_blocking()
was added for it.

Tracing was also enabled in the websocket_client_handshake function for
future troubleshooting.

Resolves: #1979
2026-06-16 14:17:42 +00:00
Joshua C. Colp a07f6aa51a extension_state: Add new extension state API.
Extension state to this point has been an API implemented
inside the PBX core resulting in its state being intermingled
with that of the dialplan. This increased the complexity of
the PBX core and made it difficult to enact improvements.

This change adds a new separate extension state API
which receives updates from the PBX core as configuration
changes but maintains its own separate state. The API is
also written to fully take advantage of modern APIs in a
more selective manner by subscribing each extension state to
only the devices it is interested in, ultimately reducing
resource consumption during updates. Presence state updates
being infrequently done use a single shared subscription that
goes through the extension states to find and update ones
that the update is applicable to.

Legacy API support is provided by reimplementing the API
as wrappers over the new extension state API. This improves
the legacy API by making it multithreaded, with each callback
being individually subscribed.

Autohints support is maintained but has been separated out
into a self contained new implementation.

Synchronous subscription support has also been added to
Stasis to remove the overhead of asynchronous publishing when
the handling of published messages is small and fast.
2026-06-11 18:30:54 +00:00
Alexis Chenard 5b3b14562b res_pjsip: Add external_signaling_hostname transport option
Adds a new transport option 'external_signaling_hostname' which allows
a hostname or FQDN to be used in SIP Contact and Via headers instead of
the automatically determined IP address. This is useful when a remote
SIP endpoint requires a fully qualified domain name in these headers.

The option is mutually exclusive with 'external_signaling_address' and
an error is raised at transport load time if both are set simultaneously.

Resolves: #1749

UserNote: A new pjsip.conf transport option 'external_signaling_hostname'
has been added. When set, this value will be used in SIP Contact and Via
headers instead of the automatically determined IP address. This option
is mutually exclusive with 'external_signaling_address'.
2026-06-09 14:57:18 +00:00
George Joseph c9c592781d WebSocket Enhancements: Proxies and Keepalives for ARI and Media Outbound Websockets.
See the notes below for high-level descriptions of the new features.

* Proxies

Outbound/forward HTTP proxies are now supported and configurable in
websocket_client.conf. You can specify a host:port plus optional proxy_username
and proxy_password. Because WebSockets aren't consistently supported among
proxies (specifically passing through UPGRADEs), the CONNECT method is always
used to establish a TCP tunnel through the proxy. This is required if a TLS
session is to be established with the WebSocket server anyway.  It's important
to understand that that negotiation with the proxy is ALWAYS unsecured. Once
the proxy establishes the tunnel, the TLS session will be negotiated directly
with the remote WebSocket server via the tunnel.

* Keepalives

Both TCP-level and WebSocket PING/PONG keepalives can be configured and are
available with either the curl or tcptls client implementations. The TCP
keepalives are handled entirely by the operating system and require no
resources from Asterisk but by their very nature, they can't traverse proxies.
WebSocket PING/PONGs are implemented in the Asterisk websocket code and require
a scheduler thread to keep track of them so they're a bit more complicated but
they do traverse proxies.  Which one is used is completely up to the admin.
You could use both.

* Other Changes

A few changes were needed to res/ari/ari_websockets and
res/res_aeap/transport_websocket to add explicit calls to ast_websocket_close.
They had been assuming that the websocket session destructor would close the
websocket when it unreffed it but the keepalive process now holds a reference
so the destructor wouldn't actually run without the call to ast_websocket_close
to stop the keepalives.

A few new methods were added to tcptls.c to allow switching an existing
connection from unsecured to TLS.  These were required because the initial
connection and handshake with a proxy is always unsecured but then needs
to be switched to TLS if required for the remote WebSocket server.

There was a bug in sorcery.h where the ast_sorcery_register_uint macro
was referencing _stringify (which doesn't exist) instead of _sorcery_stringify.

Resolves: #1881
Resolves: #1933

UserNote: Forward/outbound proxies can now be specified for outbound websockets.
See the websocket_client.conf.sample file for configuration information.

UserNote: TCP-level or WebSocket PING/PONG keepalives can now be enabled on
outbound websockets.  They can help detect network failures even when a
persistent connection is idle. See the websocket_client.conf.sample
file for configuration information.

DeveloperNote: The addition of the proxy and keepalive configuration parameters
pushed the websocket client parameter count over 32. This necessitated changing
the size of the ast_ws_client_fields enum from a 32 bit bitfield to a 64-bit
bitfield with a corresponding change to the ast_websocket_client structure.
2026-06-09 14:22:57 +00:00
Naveen Albert 2bbf89c98b chan_local: Update chan_local references for Local channels.
chan_local no longer exists since Local channels are built into the
core (core_local), but there are still comments which reference it,
including in the configs. Update these to avoid confusion.

Resolves: #1849
2026-06-05 14:37:18 +00:00
George Joseph b0dbd12880 res_ari: Add res_ari_model as an optional_module.
Under certain timing/load conditions, res_ari_model may not load until after
res_ari on startup or it might unload before res_ari on shutdown. This can
cause a segfault when DEVMODE is enabled and there are persistent outbound
websocket connections because DEVMODE forces validation of outgoing events
against the models.  To prevent this, res_ari_model has been added as an
"optional_module" to res_ari's NODULE_INFO.  This will enforce load/unload
order but not make res_ari dependent on res_ari_model.  However, if
Asterisk is configured with --enable-dev-mode, res_ari will fail to
load if res_ari_model isn't available.

Resolves: #1970
2026-06-04 12:32:56 +00:00
Mike Bradeen 41d396b29d res ari: Add attachable states to Channels and Bridges
Adds the ability to attach multiple states to both Channels and Bridges in the form
of variables that are included in all events on the associated object.

First, this adds an optional boolean field to channel variables 'report_events'
that causes the variable to automatically be included in all events on that channel.

To allow this, variables can now be either name value pairs (the current format):
`<variable_name>: '<value_string>'`
 - or -
`<variable_name>: {value: '<value_string>', report_events: [true|false]}`

If the old format is used or 'report_events' is not included, it will default to
false and retain current behavior.

Second, this extends both reported and unreported variables to Bridges so they too
may have stateful information.

Resolves: #1910

UserNote: Bridge variables now can be set and retrieved via the following paths:
`/bridges/{bridgeId}/variable`
`/bridges/{bridgeId}/variables`
Both Bridge and Channel variables can now be set with an optional 'report_events'
boolean flag that will cause those variables to be included on all events on that
object. The 'report_events' flag will default to False if not set to maintain
backwards capability.
To allow this, variables can now be either name value pairs (the current format):
`<variable_name>: '<value_string>'`
 - or -
`<variable_name>: {value: '<value_string>', report_events: [true|false]}`
2026-06-03 22:54:41 +00:00
Ben Ford 7be6839eed ARI: Added paths to get and set multiple channel variables.
Two new paths exist for ARI to get and set multiple channel variables at
the same time. This is done via GET and POST like the single get and set
variable equivalents. Leading and trailing whitespace will be stripped
from the variable names for both paths. When setting variables, the
values will be read as-is, whitespace included. GET takes in a single
string with comma-separated values, while POST takes in a dictionary of
key value pairs. The code follows the same paths as when setting
multiple variables when originating a channel via ARI.

UserNote: Added new ARI paths for getting and setting multiple channel
variables at a time. For GET, this takes in a single string of
comma-separated variable names, while POST takes in a dictionary of key
value pairs. The behavior is the same as passing in variables when
originating a channel.
2026-06-03 22:54:40 +00:00
Bernd Kuhls 354e50e770 res_stir_shaken: avoid direct ASN1_STRING accesses
https://github.com/openssl/openssl/issues/29117

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Resolves: #1952
2026-06-02 16:15:30 +00:00
Bernd Kuhls ffd9f49645 tcptls.c: fix build with OpenSSL 4
tcptls.c: In function '__ssl_setup':
tcptls.c:417:52: error: implicit declaration of function 'SSLv3_client_method';
 did you mean 'SSLv23_client_method'? [-Wimplicit-function-declaration]
  417 |                         cfg->ssl_ctx = SSL_CTX_new(SSLv3_client_method());

SSLv3_client_method was removed from OpenSSL 4.0.0:
https://github.com/openssl/openssl/blob/openssl-4.0.0/doc/man7/ossl-removed-api.pod?plain=1#L440

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

Resolves: #1952
2026-06-02 16:15:30 +00:00
mikhail_grishak 94fce3997f res_calendar: Fix build with libical 4.X
libical 4.0 removed the icaltime_add() function in favor of icaltime_adjust(). Additionally, the callback signature for icalcomponent_foreach_recurrence() was updated to use a const pointer for the icaltime_span argument.

This commit adds conditional compilation using ICAL_MAJOR_VERSION to support both libical 3.X and the new 4.X API, ensuring backward compatibility.

Fixes: #1957
2026-06-01 16:41:05 +00:00
UpBeta 13de0495f2 app_record: Fix hangup handling during beep playback
When a hangup occurs while app_record is playing the initial beep,
the application does not detect the hangup and continues running
until the maxduration timeout expires.

Replace the manual ast_streamfile() + ast_waitstream() sequence with
ast_stream_and_wait(), which properly detects hangup and returns
non-zero, allowing the application to exit immediately with
RECORD_STATUS set to HANGUP.

Resolves: #1950
2026-06-01 16:40:25 +00:00
smtcbn def7c70710 odbc: Don't use prepared statements for distinct SQL statements
Avoids unnecessary prepare for simple INSERT statements that cause
issues with ProxySQL (prepared statement counter overflow).

Resolves: #1217
2026-06-01 16:10:26 +00:00
Alexander Bakker 8be216f74e abstract_jb.c: Remove timerfd from channel when disabling jitter buffer
Previously, the lingering timerfd would cause a tight loop if the
channel enters a BridgeWait after the jitter buffer was disabled.

Fixes: #1762
2026-06-01 16:07:52 +00:00
Sean Bright e9f33451de res_pjsip: Don't allow a leading period when wildcard matching
The reference identifier (what the client provides - in this case a
hostname) must start with a domain label, not a `.`.

The current implementation will match `.seanbright.com` against
`*.seanbright.com` which is incorrect.
2026-06-01 15:36:21 +00:00
George Joseph 0aa6b2c0c4 Ensure channel locks aren't held while calling ast_set_variables.
If the channel is locked when calling ast_set_variables and any of the
variables contained dialplan functions, there's a possiblilty of a deadlock.
To prevent this, either the explicit locks were removed or the call to
ast_set_variables moved out of the lock scope.  A warning to not hold
channel locks is also added to the documentation for ast_set_variables.

Resolves: #1936
2026-06-01 15:30:11 +00:00
smtcbn 4d3d5964fd app_queue: fix double increment of member->calls with shared_lastcall
Under high concurrency, update_queue() may be invoked multiple times
for the same call, causing member->calls and queue-level counters to
be incremented more than once.

The existing starttime check is not atomic and allows concurrent
execution paths to pass. Treat member->starttime as a single-use token
and consume it via CAS to ensure the call is counted exactly once.

This also prevents incorrect call distribution when using strategies
such as fewestcalls.

Observed as a regression after upgrading to 20.17.

Resolves: #1736
2026-06-01 15:23:19 +00:00
George Joseph 94baea6d86 chan_dahdi: Fix set but not used in mfcr2_show_links_of().
When openr2 is installed mfcr2_show_links_of() is no longer ifdeffed out
which makes gcc-16 complain with 'variable ‘x’ set but not used'.

Resolves: #1947
2026-06-01 14:48:12 +00:00
Sebastian Jennen dfda95831e tests: add tests/test_codec_translations.c
This tests checks [slin -> codec -> slin] and then compares slin in vs out
regarding signal noise ratio and delay.

Near-lossless codecs (ulaw, alaw) are checked with a maximum per-sample
error bound.  Lossy codecs are checked with a per-codec SNR threshold.
Cross-correlation alignment compensates for algorithmic delay in codecs
like speex and opus.

Covered codecs: ulaw, alaw, adpcm, g726, g726aal2, gsm, speex,
speex16, speex32, ilbc, codec2, lpc10, g722, opus.

Resolves: #1812
2026-05-22 16:16:44 +00:00
Sean Bright 1511d4d8d3 install_prereq: Add a 'minimal' mode for basic build dependencies 2026-05-21 17:35:59 +00:00
George Joseph 1233b201dd chan_websocket: Handle incoming CONTINUATION frames.
chan_websocket now tells res_http_websocket to accumulate incoming CONTINUATION
frames into 1024 byte TEXT or BINARY frames.

Resolves: #1941
2026-05-21 17:27:40 +00:00
George Joseph 65fdf73732 res_rtp_asterisk: Fix incorrect reference in ast_rtp_get_stat().
```
AST_RTP_STAT_SET(AST_RTP_INSTANCE_STAT_LOCAL_STDEVMES, \
AST_RTP_INSTANCE_STAT_COMBINED_MES, stats->local_stdevmes, \
rtp->rtcp->stdev_rxjitter);
```

Should have been

```
AST_RTP_STAT_SET(AST_RTP_INSTANCE_STAT_LOCAL_STDEVMES, \
AST_RTP_INSTANCE_STAT_COMBINED_MES, stats->local_stdevmes, \
rtp->rtcp->stdev_rxmes);
```

Note the last macro parameter name.

Resolves: #1938
2026-05-20 13:15:16 +00:00
Stanislav Abramenkov ed375a6a0c jansson: Upgrade version to jansson 2.15.0
UpgradeNote: jansson has been upgraded to 2.15.0. For more
information visit jansson Github page: https://github.com/akheron/jansson/releases/tag/v2.15.0

Resolves: #1931
2026-05-20 12:09:29 +00:00
George Joseph 2fedb5d195 channel.c: Move setting RTP stats from ast_softhangup to ast_ari_channels_hangup.
The original trigger for setting the RTP stats in ast_softhangup() came from
an ARI issue where stats weren't being set in time to be reported on STASIS_END
events. The thought was that setting them in a common place like ast_softhangup()
would ensure the stats were set in possibly other scenarios.  Unfortunately,
setting the RTP stats variables in ast_softhangup() broke ABI as it required
that no channel locks be held which was not the case earlier.

Given that the original issue was ARI, we can move setting the stats to
ast_ari_channels_hangup() in resource_channels just before it calls
ast_softhangup().  This might not catch all cases of the stats not being set,
but it won't break ABI or deadlock either.

Resolves: #1928
2026-05-19 21:12:30 +00:00
George Joseph deb8a51a26 res_rtp_asterisk: Add option to control stun host resolution when TTL = 0
If a hostname is specified for stunaddr in rtp.conf, periodic DNS resolution
is enabled based on the TTL returned in the DNS results.  If the TTL returned
is 0, it means that the next time the IP address is needed, it must be
looked up again.  I.E.  Don't cache.  Historically (and incorrectly) however,
res_rtp_asterisk stopped the periodic resolution and never re-resolved the
hostname again.

Besides what's mentioned in the user notes...
* Additional debugging was added in various STUN/DNS functions.
* The `rtp show settings` CLI command shows more detailed STUN info.
* Some debugging was added to dns_core.c and dns_recurring.c.

UserNote: A new `stunaddr_reresolve_ttl_0` parameter has been added to rtp.conf
that allows control over what happens when a STUN server hostname lookup
returns a TTL of 0.  The values can be set as follows:
- 'no': This is the historical (and current default) behavior of not doing
any further lookups and continuing to use the last successful result until
Asterisk is restarted or rtp.conf is reloaded.
- 'yes': Use the last cached result for the current call but trigger
re-resolution in the background for the benefit of future calls.
If the result of the background lookup is a ttl > 0, periodic resolution
will be restarted otherwise the next call will use the new cached value
and will trigger a background lookup again.

UserNote: A new CLI command `rtp resolve stun hostname` has been added
that will force a resolution of the STUN hostname and (re)start periodic
resolution if the result has a TTL > 0.

Resolves: #1858
2026-05-19 21:11:25 +00:00