We don't have a compatability function to fill in a missing htobe64; but
we already have one for the identical htonll.

Change-Id: Ic0a95db1c5b0041e14e6b127432fb533b97e4cac

A change recently went in which enabled perfect forward secrecy for
DTLS in res_rtp_asterisk. This was accomplished two different ways
depending on the availability of a feature in OpenSSL. The fallback
method created a temporary instance of a key but did not free it.
This change fixes that.

ASTERISK-25265

Change-Id: Iadc031b67a91410bbefb17ffb4218d615d051396

This will add ECDH support to Asterisk. It will
detect auto ECDH support in OpenSSL
(1.0.2b and above) during ./configure. If this is
available, it will use it,
otherwise it will fall back to prime256v1 (this
behavior is consistent with
other projects such as Apache and nginx).

This fixes WebRTC being broken in Firefox 38+ due
to Firefox now only supporting
ciphers with perfect forward secrecy.

ASTERISK-25265 #close

Change-Id: I8c13b33a2a79c0bde2e69e4ba6afa5ab9351465b

A test agent was continuously failing all ARI tests when run against
Asterisk 13. As it turns out, the reason for this is that on those test
runs, for some reason we decided to use the super extended 64 bit
payload length for websocket text frames instead of the extended 16 bit
payload length. For 64-bit payloads, the expected byte order over the
network is

7, 6, 5, 4, 3, 2, 1, 0

However, we were sending the payload as

3, 2, 1, 0, 7, 6, 5, 4

This meant that we were saying to expect an absolutely MASSIVE payload
to arrive. Since we did not follow through on this expected payload
size, the client would sit patiently waiting for the rest of the payload
to arrive until the test would time out.

With this change, we use the htobe64() function instead of htonl() so
that a 64-bit byte-swap is performed instead of a 32 bit byte-swap.

Change-Id: Ibcd8552392845fbcdd017a8c8c1043b7fe35964a

Change-Id: Ifdfbd0b97cf31478d29923ec30aabce28d01740b

This change fixes a bug where the DTLS timeout timer would be
initialized to 0 if DTLS was not used for an RTP session.

ASTERISK-25103

Change-Id: If8d26bb054f1d300838850da5b8db9044c2fe2ac

This change moves logic for setting up the DTLS SSL contexts to
when the SDP is done being processed instead of when ICE negotiation
completes. It also stops handshakes from being initiated when we
are acting as a server.

Manipulating the SSL context when ICE negotiation has completed
is problematic as the SSL context is not protected and if acting
as a client the remote side may have started DTLS negotiation
already.

The retransmission timeout timer code has also been split up
and simplified some. Both RTP and RTCP now have their own timers
and the points at which the timer is stopped and started is now
more specific. When a packet is sent the timer is started. When
a response is received but before it is processed the timer is
stopped. This provides a guarantee that the timeout is not
occurring while the response is processed.

ASTERISK-22805 #close
ASTERISK-24550 #close
ASTERISK-24651 #close
ASTERISK-24832 #close
ASTERISK-25103 #close
ASTERISK-25127 #close

Change-Id: Ib75ea2546f29d6efc3d2d37c58df6986c7bd9b91

This fixes so a failure to get a timer file descriptor does not cascade
to closing FD 0.

On error, both res_timing_kqueue and res_timing_timerfd would call the
destructor before setting the file handle. The file handle had been
initialized to 0, causing FD 0 to be closed. This in turn, resulted in
floods of "CLI>" messages and an unusable terminal.

ASTERISK-19277 #close
Reported by: Barry Chern

Change-Id: I147d7e33726c6e5a2751928d56561494f5800350

This patch updates a variety of Makefiles in Asterisk's build system to
remove .gcda and .gcno files when 'make clean' is executed. These files
are generated when '--enable-coverage' is passed to the Asterisk
configure script.

Change-Id: Ib70b41eea2ee2908885bff02e80faf9f40c84602

First byte of DTLS packet shall be in range 20-63, not 20-64. Refer to RFC
https://tools.ietf.org/html/rfc5764#section-5.1.2 for correct values.

Change-Id: Iae6fa0d72b37c36a27fe40686e0ae6fba3afec31

While trying to get WebRTC working with chan_pjsip, I was running
into the following error:

    Attempted to set an invalid DTLS-SRTP configuration on RTP
    instance...

Josh helpfully pointed out that res_srtp.so might not be loaded, and
sure enough, it wasn't. This patch adds a ERROR indiciating as much
to hopefully help others having a similar problem.

Change-Id: I13aa477b47b299876728a21b130998a0ea6cd19f

Apply the negative connection cache setting to all connections,
even those that are not pooled. This ensures that the connection
will not be re-established before the negative connection cache
time is met.

ASTERISK-22708 #close

Change-Id: I431cc2e8584ab0b6908b3523d0a0e18c9a527271

A previous set of patches (see: ASTERISK-22790 & ASTERISK-23231) made it so
a v.27 modem was not allowed to have a minimum transmission rate of 2400 bits
per second. This reverts all or some of those patches since according to the
v.27ter standard a rate of 2400 bits per second is also supported.

One of the original patches also added 9600 bits per second support for v.27.
This patch also removes that since v.27ter only supports 2400/4800 bits per
second.

Also, since Asterisk specifically supports v.27ter the enum was renamed to
better reflect this.

ASTERISK-24955 #close
Reported by: Matt Jordan

Change-Id: I4b9dfb6bf7eff08463ab47ee1a74224f27cae733

ao2 ref leak in res_rtp_asterisk.c when a DTLS policy is created.
The resources are linked into a table, but the original alloc refs
are never released. ast_strdup leak in rtp_engine.c. If
ast_rtp_dtls_cfg_copy() is called twice on the same destination struct,
a pointer to an alloc'd string is overwritten before the string is free'd.

ASTERISK-25022
Reported by: one47

Change-Id: I62a8ceb8679709f6c3769136dc6aa9a68202ff9b

clang can warn about a so called tautological-compare, when it finds
comparisons which are logically always true, and are therefore deemed
unnecessary.

Example:
unsigned int x = 4;
if (x > 0) // x is always going to be bigger than 0

Enum Case:
Each enumeration is its own type. Enums are an integer type but they do not
have to be *signed*. C leaves it up to the compiler as an implementation
option what to consider the integer type of a particular enumeration is.
Gcc treats an enum without negative values as an int while clang treats this
enum as an unsigned int.

rmudgett & mmichelson:
cast the enum to (unsigned int) in assert. The cast does have an effect.
For gcc, which seems to treat all enums as int, the cast to unsigned int
will eliminate the possibility of negative values being allowed. For
clang, which seems to treat enums without any negative members as
unsigned int, the cast will have no effect. If for some reason in the
future a negative value is ever added to the enum the assert will still
catch the negative value.

ASTERISK-24917

Change-Id: Ief23ef68916192b9b72dabe702b543ecfeca0b62

Added bootstrap products
Added channels/h323/Makefile
Added res/pjproject

Change-Id: I6b3bc56bf7bdaee0554f36fc2ce3a77e9eaf8aa3

Add the .gitignore and .gitreview files to the asterisk repo.

NB:  You can add local ignores to the .git/info/exclude file
without having to do a commit.

Common ignore patterns are in the top-level .gitignore file.
Subdirectory-specific ignore patterns are in their own .gitignore
files.

Change-Id: I2b7513fc9acf5d432cf9587c25faa9786af14abf
Tested-by: George Joseph

This patch fixes several warnings caught by clang - in this case, usage of the
abs function on non-integer values. This patch uses labs and fabs, as
appropriate, in the various affected files.

Review: https://reviewboard.asterisk.org/r/4525

ASTERISK-24917
Reported by: dkdegroot
patches:
  rb4525.patch submitted by dkdegroot (License 6600)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433749 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Clang will treat ((a == b)) as a warning, as it reasonably expects that the
developer may have intended to write (a == b) or ((a = b)). This patch cleans
up all instances where equality, not assignment, was intended between two
parantheses.

Review: https://reviewboard.asterisk.org/r/4531/

ASTERISK-24917
Repoted by: dkdegroot
patches:
  rb4531.patch submitted by dkdegroot (License 6600)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433687 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Due to a quirk in the configuration handling of res_xmpp, the 'autoregister'
setting was never actually processed. This was due to not properly copying
over the global settings to the client settings when applying the
configuration to the run-time object.

ASTERISK-14233
ASTERISK-24780 #close
Reported by: Simon Arlott
patches:
  asterisk-13.1.0-24780 uploaded by Simon Arlott (License 5756)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@433395 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When escaping backslashes with MySQL, the proper way to escape the characters
in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the
MySQL manual:

"Because MySQL uses C escape syntax in strings (for example, “\n” to represent
a newline character), you must double any “\” that you use in LIKE strings.
For example, to search for “\n”, specify it as “\\n”. To search for “\”,
specify it as “\\\\”; this is because the backslashes are stripped once by the
parser and again when the pattern match is made, leaving a single backslash to
be matched against."

ASTERISK-24808 #close
Reported by: Javier Acosta
patches:
  res_config_odbc.diff uploaded by Javier Acosta (License 6690)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432720 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Some WebSocket applications, like [chan_respoke][], require a larger
frame size than the default 8k; this patch bumps the default to 16k.
This patch also fixes some problems exacerbated by large frames.

The sanity counter was decremented on every fread attempt in
ws_safe_read(), regardless of whether data was read from the socket or
not. For large frames, this could result in loss of sanity prior to
reading the entire frame. (16k frame / 1448 bytes per segment = 12
segments).

This patch changes the sanity counter so that it only decrements when
fread() doesn't read any bytes. This more closely matches the original
intention of ws_safe_read(), given that the error message is
"Websocket seems unresponsive".

This patch also properly logs EOF conditions, so disconnects are no
longer confused with unresponsive connections.

 [chan_respoke]: https://github.com/respoke/chan_respoke

Review: https://reviewboard.asterisk.org/r/4431/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432236 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When writing to a websocket if a timeout occurred the underlying socket did not
get closed/disconnected. This patch makes sure the websocket gets disconnected
on a write timeout.

ASTERISK-24701 #close
Reported by: Matt Jordan
Review: https://reviewboard.asterisk.org/r/4412/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431669 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This patch modifies the ast_odbc_find_table function such that it only performs
a lookup of the requested table if the table is not already known. Prior to
this patch, a queries would be executed against the database even if the table
was already known and cached.

Review: https://reviewboard.asterisk.org/r/4405/

ASTERISK-24742 #close
Reported by: ibercom
patches:
  patch.diff uploaded by ibercom (License 6599)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431617 65c4cc65-6c06-0410-ace0-fbb531ad65f3

A recent security fix for OpenSSL broke DTLS negotiation for many
applications. This was caused by read ahead not being enabled when it
should be. While a commit has gone into OpenSSL to force read ahead
on for DTLS it may take some time for a release to be made and the
change to be present in distributions (if at all). As enabling read
ahead is a simple one line change this commit does that and fixes
the issue.

ASTERISK-24711 #close
Reported by: Jared Biel


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@431384 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@430996 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This change makes the T.38 negotiation timeout configurable via
't38timeout' in res_fax.conf or FAXOPT(t38timeout). It was previously
hard coded to be 5000 milliseconds.

This change also handles T.38 switch failures by aborting the fax since
in the case where this can happen, both sides have agreed to switch to
T.38 and Asterisk is unable to do so.

Review: https://reviewboard.asterisk.org/r/4320/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@430415 65c4cc65-6c06-0410-ace0-fbb531ad65f3

This won't fix the reported issue but it is an incorrect use of sizeof.

ASTERISK-24566
Reported by:  Badalian Vyacheslav


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429867 65c4cc65-6c06-0410-ace0-fbb531ad65f3

ASTERISK-24337 #close
Reported by: Rusty Newton


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429804 65c4cc65-6c06-0410-ace0-fbb531ad65f3

In r413586 (1.8) various casts were added to silence gcc 4.10 warnings.
Those fixes included things like:

    -out += sprintf(out, "%%%02X", (unsigned char) *ptr);
    +out += sprintf(out, "%%%02X", (unsigned) *ptr);

That works for low ascii characters, but for the high range that yields
e.g. FFFFFFC3 when C3 is expected.

This changeset:
- fixes those casts to use the 'hh' unsigned char modifier instead
- consistently uses %02x instead of %2.2x (or other non-standard usage)
- adds a few 'h' modifiers in various places
- fixes a 'replcaes' typo
- dev/urandon typo (in 13+ patch)

Review: https://reviewboard.asterisk.org/r/4263/

ASTERISK-24619 #close
Reported by: Stefan27 (on IRC)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429673 65c4cc65-6c06-0410-ace0-fbb531ad65f3

The Verbose message displayed when a file is played back via 'stream file'
was formatted differently than other playbacks:
* It didn't include the channel name
* It didn't include the channel language
It does, however, include the playback offset as well as any escape digits.
That information was kept; however, this patch updates the formatting to more
closely match the Verbose messages displayed when a file is played back by
'control stream file', Playback, ControlPlayback, or any other file playback
operation.


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429517 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Frames with a payload length of 0 were incorrectly handled in res_http_websocket.
Provided a frame with a payload had been received prior it was possible for a double
free to occur. The realloc operation would succeed (thus freeing the payload) but be
treated as an error. When the session was then torn down the payload would be
freed again causing a crash. The read function now takes this into account.

This change also fixes assumptions made by users of res_http_websocket. There is no
guarantee that a frame received from it will be NULL terminated.

ASTERISK-24472 #close
Reported by: Badalian Vyacheslav

Review: https://reviewboard.asterisk.org/r/4220/
Review: https://reviewboard.asterisk.org/r/4219/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429270 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When repeatedly starting/stopping a Monitor on a channel, the accumulated
in/out sample counts are never reset to 0. This can cause inadvertent jumps
in the recordings, as the code in the channel core will determine incorrectly
that a jump in the recorded file position should occur. Setting the sample
counts to 0 simply reflects the initial state a Monitor should be in when it
is started, as this is the initial count that would be on the channels at that
time.

ASTERISK-24573 #close
Reported by: Nuno Borges
patches:
  24573.patch uploaded by Nuno Borges (License 6116)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@429031 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Accessing members of struct ast_str outside of the string manipulation API
routines is invalid since struct ast_str is supposed to be treated as
opaque.

Review: https://reviewboard.asterisk.org/r/4194/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428244 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When frames are translated by a fax gateway they need to be freed.  The
existing call to ast_frfree was unreachable.  This change reorganizes
fax_gateway_framehook to ensure that ast_frfree is called when needed.

ASTERISK-24457 #close
Reported by: Corey Farrell
Review: https://reviewboard.asterisk.org/r/4115/


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426527 65c4cc65-6c06-0410-ace0-fbb531ad65f3

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426359 65c4cc65-6c06-0410-ace0-fbb531ad65f3

When Moises committed the fixes for WSS (which was a great patch), wdoekes had
a few style nits that were on the review that got missed. This patch resolves
what I *think* were all of the ones that were still on the review.

Thanks to both moy for the patch, and wdoekes for the reviews.

Review: https://reviewboard.asterisk.org/r/3248/



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426209 65c4cc65-6c06-0410-ace0-fbb531ad65f3

In libsrtp 1.5.0, crypto_get_random is no longer resolved simply by including
srtp.h. Now, one must include crypto_kernel.h as well. As it turns out, this
header file has been provided by the library since 2006, so this is a
relatively benign change.

ASTERISK-24436 #close
Reported by: Patrick Laimbock
........

Merged revisions 426140 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@426141 65c4cc65-6c06-0410-ace0-fbb531ad65f3

There are two aspects to the vulnerability:
(1) res_jabber/res_xmpp use SSLv3 only. This patch updates the module to use
    TLSv1+. At this time, it does not refactor res_jabber/res_xmpp to use the
    TCP/TLS core, which should be done as an improvement at a latter date.
(2) The TCP/TLS core, when tlsclientmethod/sslclientmethod is left unspecified,
    will default to the OpenSSL SSLv23_method. This method allows for all
    encryption methods, including SSLv2/SSLv3. A MITM can exploit this by
    forcing a fallback to SSLv3, which leaves the server vulnerable to POODLE.
    This patch adds WARNINGS if a user uses SSLv2/SSLv3 in their configuration,
    and explicitly disables SSLv2/SSLv3 if using SSLv23_method.

For TLS clients, Asterisk will default to TLSv1+ and WARN if SSLv2 or SSLv3 is
explicitly chosen. For TLS servers, Asterisk will no longer support SSLv2 or
SSLv3.

Much thanks to abelbeck for reporting the vulnerability and providing a patch
for the res_jabber/res_xmpp modules.

Review: https://reviewboard.asterisk.org/r/4096/

ASTERISK-24425 #close
Reported by: abelbeck
Tested by: abelbeck, opsmonitor, gtjoseph
patches:
  asterisk-1.8-jabber-tls.patch uploaded by abelbeck (License 5903)
  asterisk-11-jabber-xmpp-tls.patch uploaded by abelbeck (License 5903)
  AST-2014-011-1.8.diff uploaded by mjordan (License 6283)
  AST-2014-011-11.diff uploaded by mjordan (License 6283)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425986 65c4cc65-6c06-0410-ace0-fbb531ad65f3

In the case where the ICE negotiation had not yet started current state would
get wiped when it shouldn't.

This also removes channel binding as in practice this does not work well with
other implementations.


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@425644 65c4cc65-6c06-0410-ace0-fbb531ad65f3