Age | Commit message (Collapse) | Author |
|
Responding to authentication challenges leaks PJSIP memory pools.
The leak was introduced with a pjproject 2.5.5 API change.
https://trac.pjsip.org/repos/ticket/1929 changed the API usage of
pjsip_auth_clt_init() to require the new API pjsip_auth_clt_deinit() to
clean up cached authentication allocations that get allocated with
pjsip_auth_clt_reinit_req().
ASTERISK-26516 #close
Change-Id: I4473141b8c3961d0dc91c382beb3876b3efb45c8
|
|
The PJ_ICE_MAX_CHECKS constant is used by pjproject to determine how
many pairs of local/remote candidates will be made. If for some reason
we reach this upper bound, ICE will generally fail and no media will
flow between the browser and Asterisk.
This patch makes PJ_ICE_MAX_CHECKS set to the total possible number of
pairs of candidates we'd theoretically allow, which is
PJ_ICE_MAX_CAND^2. Prior to this patch, we simply multiplied
PJ_ICE_MAX_CAND by two; on systems with multiple interfaces (I blame
Docker), this is far too low to allow WebRTC calls to succeed.
Setting this to be PJ_ICE_MAX_CAND^2 allowed WebRTC calls to succeed
even when the system Asterisk was running on had quite a few virtual
interfaces.
Change-Id: Icd4f17de0ac9d3a83dddfc8bf1cb7616bc107d55
|
|
libresample is only needed by pjproject if we're building pjsua, which
we only do if TEST_FRAMEWORK is selected. It's required by pjsua to
process audio which is needed by some testsuite tests. Unfortunately,
pjproject relies on a newer version of libresample than the version
that ships by most distros so we need to compile the version that's
bundled with pjproject. Since we only need it for pjsua, we DON'T want
it's symbols exposed when we actually build asterisk.
There was a problem however... TEST_FRAMEWORK is only known AFTER we've
already run ./configure on both asterisk and pjproject but pjproject's
./configure needs to test it to know whether to set up to build
libresample or not. The previous way of figuring this out was to
always tell ./configure "yes" but not actually build the library. This
caused an issue where building libasteriskpj was being told to include
libresample but it wasn't actually there.
The solution is to still do a default pjproject configure during an
asterisk ./configure but if makeopts or menuselect.makeopts changes
subsequently, we now reconfigure pjproject, taking into account the
current state of TEST_FRAMEWORK. Previously, if makeopts or
menuselect.makeopts changed, only a recompile of pjproject was done.
Change-Id: I9b5d84c61384a3ae07fe30e85c49698378cc4685
|
|
|
|
|
|
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patch below fixes a write to freed memory under cartain DNS lookup
conditions.
0006-r5477-svn-backport-Fix-DNS-write-on-freed-memory.patch
ASTERISK-26516
Reported by: Richard Mudgett
Change-Id: Ifdfae9ecf1e41b53080f33aab44ce1a220f349c5
|
|
The res_pjsip_sdp_rtp module did not restrict the number of
formats added to a media stream in the SDP to the defined
limit. If allow=all was used with additional loaded codecs this
could result in the next media stream being overwritten some.
This change restricts the module to limit it to the defined
maximum and also increases the maximum in our bundled pjproject.
ASTERISK-26541 #close
Change-Id: I0dc5f59d3891246cafa2f3df5ec406f088559ee8
|
|
In order for pjsua and its python binding to actually negotiate
audio for the testsuite tests, it needs g711 and resample. The
pj* libraries themselves do not. Unfortunately, pjproject relies
on a brand new libresample that most distros don't ship so we need
to use the libresample already bundled with pjproject. Only the pjsua
executable and the _pjsua.so python library are linked with it so it
shouldn't interfere with asterisk itself.
Also it was pointed out that apply_patches couldn't handle multiple
patches that depended on each other during the dry-run, so the
dry-run was removed.
Change-Id: I24f397462b486dcdde0dcafe40e6c55a6593f098
|
|
PJPROJECT 2.5.5 introduced a race condition with the -r5349 IPv6 DNS
patch.
The patches below fix the DNS lookup race condition crash caused by
attempting to send the same message twice for the single DNS lookup.
0006-r5471-svn-backport-Various-fixes-for-DNS-IPv6.patch
0006-r5473-svn-backport-Fix-pending-query.patch
The patch below removes a cached DNS response from the hash table when
another thread is referencing the old entry. The table still contained
the entry when it was destroyed which can result in inexplicable crashes.
0006-r5475-svn-backport-Remove-DNS-cache-entry.patch
ASTERISK-26344 #close
Reported by: Ian Gilmour
ASTERISK-26387 #close
Reported by: Harley Peters
Change-Id: I17fde80359e66f65a91341ceca58d914d0f61cc4
|
|
Older versions of tar don't support the --strip-components option so
instead of doing 'tar --strip-components=1 -C source', we now just
untar to the tarball's root directory (pjproject-<version>) and
rename that directory to 'source'.
Also fixed an issue where the pjproject source directory is a hard
coded absolute pathname.
ASTERISK-26510 #close
ASTERISK-22480 #close
Change-Id: I9ec92952507a91ff4e4d01e0149e09fd8e8f32b0
|
|
* CFLAGS is now properly set when using older gcc.
* All third-party pjproject targets have been removed. This fixes
an issue with older libsrtp in some distros.
* Manually removing the source directory now causes a rebuild.
* EXTERNALS_CACHE_DIR is now properly checked.
* Whitespace fixes.
Change-Id: I98fec6847efc5602a9f41cb95096fd660a49fa60
|
|
Addresses crashes when an attempt is made to operate on an SSL socket
after the socket has been closed.
ASTERISK-26477 #close
Change-Id: I421305b357558b4f9e690210dc0f4831ef4b3002
|
|
Previously when testing I had a preexisting makeopts in ASTTOPDIR. The
ordering of configure.ac causes --with-externals-cache to be processed
after third-party configure. In cases where the Asterisk clone is
cleaned it would cause pjproject to be downloaded to /tmp. This
moves processing of the externals cache and sounds cache to happen
before third-party configure.
This also addresses a possible issue with the third-party Makefile. If
TMPDIR is set by the environment it would override the path given to
--with-externals-cache.
ASTERISK-26416
Change-Id: Ifab7f35bfcd5a31a31a3a4353cc26a68c8c6592d
|
|
Added tests for bzip2, tar, patch, sed and nm to configure.ac.
Set DOWNLOAD_TO_STDOUT to a working command line regardless of
whether the download program is wget, curl or fetch.
Added a 'configure.m4' file to the third-party directory which takes
care of calling any third-party project setup. Had to move some
pjproject_bundled stuff up in configure.ac so it was called before
the third-party configure macro.
The pjproject tarball is now downloaded to the externals_cache_dir if
it was specified on the ./configure command line
Removed regeneration of the pjproject aconfigure file. It was only
needed for an old patch that no longer applies.
Converted the tests for symbols to explicit tests since we know that
they're now available in the bundled version. Saves a little time
during configure.
ASTERISK-26416 #close
Reported-by: Corey Farrell
Change-Id: Id1d94251c0155f8dd41b7de7067f35cfbaafbb9b
(cherry picked from commit e6b0053d7561032b7adbf6f3afaecf30f5046605)
(cherry picked from commit a0d02f38322c2c4d7743504003fd376d32a133db)
|
|
pjproject_bundled will now use the asterisk memory debugging APIs
if MALLOC_DEBUG is turned on in menuselect.
Because this required stubs for the executable programs and the python
bindings, some Makefile reorganization was needed to properly handle
the dependencies. As a result, the makefile now individually makes
each of the pjproject libraries separately instead of making them all
in 1 shot. The only visible change is that there are separate status
lines printed for each library instead oif 1 for all libs. Also, the
making of the pjproject dependency files was eliminated. They're not
needed for building unless you're actively modifying pjproject source
files and it makes the build process faster. Finally, any issues with
parallel builds should be resolved again making the build faster.
Change-Id: Icc5e3d658fbfb00e0a46b44c66dcc2522d5171b0
|
|
A name server that returns "Server Failure" is indicating only that
the server couldn't process that particular request. We should NOT
assume that the name server is incapable of serving other requests.
Here's the scenario we've been encountering...
* 2 local name servers configured in resolv.conf.
* An OPTIONS request causes a request for A and AAAA records to go out
to both nameservers.
* The A responses both come back successfully resolved.
* Because of an issue at some upstream nameserver, the AAAA responses
for that particular query come back as "SERVFAIL" from both local
name servers.
* Both local servers are marked as bad and no further queries can be
sent until the 60 second ttl expires. Only previously cached results
can be used.
* In this case, 60 seconds is just enough time for another OPTIONS
request to go out to the same host so the cycle repeats.
We could set the bad ttl really low but that also affects REFUSED and
NOTAUTH which probably DO signal a real server issue. Besides, even
a really low bad ttl would be an issue on a pbx.
Although we use our own resolver in 14 and master and don't have this
issue there, Teluu has merged this patch upstream so it's appropriate
to cherry-pick to 14 and master to keep pjproject consistent.
Change-Id: Ie03ba902288e274aff23f9b9bb2786e1e8be09e0
|
|
On heavy loaded system the TCP/TLS incoming calls could be
disconnected by pjproject while these calls are being
processed by asterisk which could use the session's memory pools.
If the session in the disconnected state then the session memory
pools were already freed, so we get segfault.
This patch adds a lifetime control on an INVITE session to pjproject.
The lifetime of the session is manipulated by calling
pjsip_inv_add_ref/pjsip_inv_dec_ref.
This patch uses these functions to inform pjproject that the
session is in use.
This patch adds check if the session state is not disconnected
and also checks if the memory pool is not NULL.
This patch also places tasks 'session_end' and 'session_end_completion'
into session's serializer to avoid race condition.
ASTERISK-26291 #close
Change-Id: I4d28b1fb3b91f0492a911d110049d670fdc3c8d7
|
|
The reason for the disable is that while Asterisk works fine with older
libsrtp versions, newer versions of pjproject won't compile with them.
Debian 6 for instance, has libsrtp 1.4.4 which is older than what
pjproject is expecting.
We don't use most of pjmedia but we DO use it for SDP negotiation.
Luckily disabling srtp in pjmedia doesn't interfere with it's ability
to negitiate a secure channel. The proper crypto attributes are
negotiated in both directions.
ASTERISK-26279 #close
Change-Id: Id25a92cdf3df97a26c53cffae65b6b82de33c8e2
|
|
PJProject supports a lot of platforms even Windows, some with different defaults
when it comes to IPv6. In many Linux platforms like Ubuntu 16.04 LTS,
"/proc/sys/net/ipv6/bindv6only" is set to 0 (false). Different than in Windows.
Because of this, if configured with just an IPv6 address/transport, PJProject
listens to both IPv4 and IPv6. However, this is not supported by the PJProject
team. As consequence, you end-up with IPv4-mapped IPv6 addresses in SDP,
incompatible with IPv4-only clients. Technically, you end-up with an IPv6-only
server which accepts incoming connections on IPv4.
If you try to configure two transports, one with IPv4 and one with IPv6 on the
same interface, as expected by the PJProject team, the IPv4 transport is not
able to bind because the IPv6 transport listens to both already.
One solution would be to change "/proc/sys/net/ipv6/bindv6only" system-wide.
Then, you are able to configure two transports, one for each IP version on the
same interface. That way, you get a server which works with IPv4 clients and
IPv6 clients at the same time over the same interface.
Here, this change sets this parameter directly within PJProject to match the
expectations of the PJProject team in any case. This allows IPv4/IPv6 Dual Stack
servers out of the box like in chan_sip. This change was accepted by the
PJProject team as <http://trac.pjsip.org/repos/changeset/5403> and is expected
to arrive in the next version, PJProject 2.6.0. Until then, this change is
incorporated in the bundled PJProject of Asterisk.
ASTERISK-26309
Change-Id: I3335d8718f79f4b2feae91b5b005a3ce684a63ae
|
|
|
|
This patch fixes the issue in pjsip_tx_data_dec_ref()
when tx_data_destroy can be called more than once,
and checks if invalid value (e.g. NULL) is passed to.
This patch updates array limit checks and docs
in pjsip_evsub_register_pkg() and pjsip_endpt_add_capability().
Change-Id: I4c7a132b9664afaecbd6bf5ea4c951e43e273e40
|
|
Add more --disable-* switches to Makefile.rules including
--disable-opus which was causing bundled pjproject to fail with
"undefined reference" errors in libasteriskpj.
Changed PJ_ENABLE_EXTRA_CHECK to 1.
Removed 2 obsolete patches and added a new one.
The new one was merged by Teluu on 6/27/2016.
ASTERISK-26148 #close
Change-Id: Ib8af6c6a9d31f7238ce65b336134c2efdc855063
|
|
When negotiating ICE candidates with WebRTC capable endpoints, many
networks will result in a browser offering ICE candidates that exceeds
the default number of max candidates, 16. This patch bumps the max
candidates to 32, with the max checks at twice the number of candidates.
In practice, this has shown to be sufficient for browser/WebRTC
negotiation.
Change-Id: Ifd8da8b315f5ae14814d4ce20e10d2e6355020e5
|
|
Occasionally under load we'll attempt to send a final NOTIFY on a
subscription that's already been terminated and a SEGV will occur
down in pjproject's evsub_destroy function. This is a result of a
race condition between all the paths that can generate a notify
and/or destroy the underlying pjproject evsub object:
* The client can send a SUBSCRIBE with Expires: 0.
* The client can send a SUBSCRIBE/refresh.
* The subscription timer can expire.
* An extension state can change.
* An MWI event can be generated.
* The pjproject transaction timer (timer_b) can expire.
Normally when our pubsub_on_evsub_state is called with a terminate,
we push a task to the serializer and return at which point the dialog
is unlocked. This is usually not a problem because the task runs
immediately and locks the dialog again. When the system is heavily
loaded though, there may be a delay between the unlock and relock
during which another event may occur such as the subscription timer
or timer_b expiring, an extension state change, etc. These may also
cause a terminate to be processed and if so, we could cause pjproject
to try to destroy the evsub structure twice. There's no way for us to
tell that the evsub was already destroyed and the evsub's group lock
can't tolerate this and SEGVs.
The remedy is twofold.
* A patch has been submitted to Teluu and added to the bundled
pjproject which adds add/decrement operations on evsub's group lock.
* In res_pjsip_pubsub:
* configure.ac and pjproject-bundled's configure.m4 were updated
to check for the new evsub group lock APIs.
* We now add a reference to the evsub group lock when we create
the subscription and remove the reference when we clean up the
subscription. This prevents evsub from being destroyed before
we're done with it.
* A state has been added to the subscription tree structure so
termination progress can be tracked through the asyncronous tasks.
* The pubsub_on_evsub_state callback has been split so it's not doing
double duty. It now only handles the final cleanup of the
subscription tree. pubsub_on_rx_refresh now handles both client
refreshes and client terminates. It was always being called for
both anyway.
* The serialized_on_server_timeout task was removed since
serialized_pubsub_on_rx_refresh was almost identical.
* Missing state checks and ao2_cleanups were added.
* Some debug levels were adjusted to make seeing only off-nominal
things at level 1 and nominal or progress things at level 2+.
ASTERISK-26099 #close
Reported-by: Ross Beer.
Change-Id: I779d11802cf672a51392e62a74a1216596075ba1
|
|
Although all the patches we had against 2.4.5 were applied by Teluu,
a new bug was introduced preventing re-use of tcp and tls transports
This patch removes all the previous patches against 2.4.5, updates
the version to 2.5, and adds a new patch to correct the transport
re-use problem.
Change-Id: I0dc6c438c3910f7887418a5832ca186aea23d068
|
|
The pjsua and pjsystest apps are now built only if TEST_FRAMEWORK is set.
The python bindings are now built only if TEST_FRAMEWORK is set and a
python development package is installed.
libresample was also disabled.
ASTERISK-25993 #close
Reported-by: Joshua Colp
Change-Id: If4e91c503a02f113d5b71bc8b972081fa3ff6f03
|
|
For all OSes:
* Disabled third-party codecs in pjproject and added
'--disable-speex-codec --disable-speex-aec --disable-gsm-codec' to the
configure options since we don't use the pjsip codec capability.
FreeBSD:
* Added FreeBSD support to install_prereq.
* Changed pjproject/configure.m4 to use $GNU_MAKE instead of hardcoding "make".
* Added __progname and environ to asterisk.exports.in.
* Reverted the use of ldconfig to create shared library symlinks to ln.
* Only enable epoll in pjproject if `uname -s` is Linux.
* Added a patch to pjproject to take the name of the 'make' command from
an environment variable if supplied. This is needed for the python bindings.
(merged by Teluu into pjproject trunk 5/3/2016)
FreeBSD support isn't complete. Still some general issues regarding
make/gmake having nothing to do with pjproject. With some handholding it DOES
build successfully.
CentOS:
Added 'patch' and 'bzip2' to install_prereq PACKAGES_RH.
CentOS 6/7 32/64 build and run the pjsip testsuite successfully.
Ubuntu:
No changes required.
Ubuntu 15/16 32/64 build and run the pjsip testsuite successfully.
Debian:
No changes required.
Debian 6/7/8 32/64 build and run the pjsip testsuite successfully.
There will utimately be a follow-up patch to create an install_prereq for
the testsuite as I've discovered a few missing requirements.
ASTERISK-25968 #close
Change-Id: I5756a07facfc63798115a5e73a8709382fe9259c
|
|
When pjsip_parse_uri is called with PJSIP_UNESCAPE_IN_PLACE enabled,
the input uri string will become corrupted if it contains escape sequences.
It's not possible to automatically strdup or strdupa the input string because
the output uri pj_str_t's will have pointers to chunks of the input string.
Getting around this would require more memory management code and wouldn't
be worth the savings of doing the unescape in place.
ASTERISK-25970 #close
Reported-by: Dmitriy Serov
Change-Id: I28dc0e599b5108f7959b9c46dc8278371b372f88
|
|
From the patch submitted to Teluu on 4/12/2016
<<<<<<<<<
The wholesale stripping of '[]' from header parameters causes issues if
something (like a port) occurs after the final ']'.
'[2001:a::b]' will correctly parse to '2001:a::b'
'[2001:a::b]:8080' will correctly parse to '2001:a::b' but the scanner is left
with ':8080' and parsing stops with a syntax error.
I can't even find a case where stripping the '[]' is a good thing anyway. Even
if you continued to parse and resulted in a string that looks like this...
'2001:a::b:8080', it's not valid.
This came up in Asterisk because Kamailio sends us a Contact with an alias
URI parameter that has an IPv6 address in it like this:
Contact: <sip:1171@127.0.0.1:5080;alias=[2001:1:2::3]~43691~6>
which should be legal but causes a syntax error because of the characters
after the final ']'. Even if it didn't, the '[]' should still not be stripped.
I've run the Asterisk Test Suite for PJSIP (252 tests) many of which are IPv6
enabled. No issues were caused by removing the code that strips the '[]'.
>>>>>>>>>>>
ASTERISK-25123 #close
Reported-by: Anthony Messina
Change-Id: I5cb33f4ebf07ee1f2b26d07caae715e2ec65595a
|
|
There's a bug in pjproject's sip_parser where the ":" wasn't correctly
interpreted. This is causing IPv6 addresses in the "received" parameter of the
Via header to cause a syntax check failure.
This patch was submitted to Teluu on 4/10/2016.
ASTERISK-25910 #close
Reported-by: Anthony Messina
Change-Id: Ic7e4c4aa14ded61860401ec349f5177568c4d922
|
|
PortAudio should no longer be required
PJSIP_MAX_PKT_LEN is now 6000
Older autoconf issue fixed. (CentOS 6)
Change-Id: I463fa9586cbe7c6b3b603289f535bd8e361611dd
|
|
|
|
Older versions of PJSIP do not have the proto field on the TLS transport
setting structure. This change adds a configure check so even if it is
not present we will still be able to build.
Change-Id: Ibf3f47befb91ed1b8194bf63888baa6fee05aba9
|
|
The pjproject Makefile now uses the Asterisk optimization flags which
are determined by the setting of the DONT_OPTMIZE menuselect flag.
The Makefile was also restructured so a change to the top level
menuselect.makeopts will result in a rebuild of pjproject.
Also, "--disable-resample" was removed from the pjproject configure
options. Without resample, pjsua (which is used by the testsuite)
can't make audio calls. When it can't, it segfaults.
Change-Id: I24b0a4d0872acef00ed89b3c527a713ee4c2ccd4
|
|
Not sure why it was there in the first place as we already specify
--disable-sound.
Change-Id: Ia80a40e8b1e1acc287955ab11ba1fbd0c7d4cff9
|
|
Background here:
http://lists.digium.com/pipermail/asterisk-dev/2016-January/075266.html
From CHANGES:
* To help insure that Asterisk is compiled and run with the same known
version of pjproject, a new option (--with-pjproject-bundled) has been
added to ./configure. When specified, the version of pjproject specified
in third-party/versions.mak will be downloaded and configured. When you
make Asterisk, the build process will also automatically build pjproject
and Asterisk will be statically linked to it. Once a particular version
of pjproject is configured and built, it won't be configured or built
again unless you run a 'make distclean'.
To facilitate testing, when 'make install' is run, the pjsua and pjsystest
utilities and the pjproject python bindings will be installed in
ASTDATADIR/third-party/pjproject.
The default behavior remains building with the shared pjproject
installation, if any.
Building:
All you have to do is include the --with-pjproject-bundled option on
the ./configure command line (and remove any existing --with-pjproject
option if specified). Everything else is automatic.
Behind the scenes:
The top-level Makefile was modified to include 'third-party' in the
list of MOD_SUBDIRS.
The third-party directory was created to contain any third party
packages that may be needed in the future. Its Makefile automatically
iterates over any subdirectories passing on targets.
The third-party/pjproject directory was created to house the pjproject
source distribution. Its Makefile contains targets to download, patch
configure, generate dependencies, compile libs, apps and python bindings,
sanitized build.mak and generate a symbols list.
When bootstrap.sh is run, it automatically includes the configure.m4
file in third-party/pjproject. This file has a macro to download and
conifgure pjproject and get and set PJPROJECT_INCLUDE, PJPROJECT_DIR
and PJPROJECT_BUNDLED. It also tests for the capabilities like
PJ_TRANSACTION_GRP_LOCK by parsing preprocessor output as opposed to
trying to compile. Of course, bootstrap.sh is only run once and the
configure file is incldued in the patch.
When configure is run with the new options, the macro in configure.m4
triggers the download, patch, conifgure and tests. No compilation is
performed at this time. The downloaded tarball is cached in /tmp so
it doesn't get downloaded again on a distclean.
When make is run in the top-level Asterisk source directory, it will
automatically descend all the subdirectories in third_party just as it
does for addons, apps, etc. The top-level Makefile makes sure that
the 'third-party' is built before 'main' so that dependencies from the
other directories are built first.
When main does build, a new shared library (libasteriskpj) is created that
links statically to the pjproject .a files and exports all their symbols.
The asterisk binary links to that, just as it does with libasteriskssl.
When Asterisk is installed, the pjsua and pjsystest apps, and the pjproject
python bindings are installed in ASTDATADIR/third-party/pjproject. This
will facilitate testing, including running the testsuite which will be
updated to check that directory for the pjsua module ahead of the system
python library.
Modules should continue to depend on pjproject if they use pjproject APIs
directly. They should not care about the implementation. No changes to any
res_pjsip modules were made.
Change-Id: Ia7a60c28c2e9ba9537c5570f933c1ebcb20a3103
|