Change-Id: I31eee8be30c6b0fc3dadb31111dd47742da8892d

ASTERISK-27225 #close
Reported by: Richard Kenner

Change-Id: I097b81734ef730f8603c0b972909d212a3a5cf89

ASTERISK-27177 #close
Reported by: Tzafrir Cohen

Change-Id: I40311c404edb2302a7543ad5ca7a06b2a38f2d97

sanitize_tdata was assuming all URIs were SIP URIs so when a non
SIP uri was in the From, To or Contact headers, the unconditional
cast of a non-pjsip_sip_uri structure to pjsip_sip_uri caused
a segfault when trying to access uri->other_param.

* Added PJSIP_URI_SCHEME_IS_SIP(uri) || PJSIP_URI_SCHEME_IS_SIPS(uri)
  checks before attempting to cast or use the returned uri.

ASTERISK-27152
Reported-by: Ross Beer

Change-Id: Id380df790e6622c8058a96035f8b8f4aa0b8551f

An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1

This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.

The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.

Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.

ASTERISK-27013

Change-Id: I56a96e993700906355e79bc880ad9d4ad3ab129c

When SDP renegotiation occurs it is possible for an RTP
instance to be reused for a new stream, resulting in the remote
SSRC changing if it is part of a bundle group. This change
allows this and updates its mapping in the current bundle
group.

ASTERISK-27231

Change-Id: I6e3703974f236bc024c5dbe9bd43adae0c6fb490

Create local_tag and remote_tag in CHANNEL info to get tag from From and
To headers of a SIP dialog.

ASTERISK-27220

Change-Id: I59b16c4b928896fcbde02ad88f0e98922b15d524

* Fix framehook to test frame type for control frame.
* Made framehook exit early if frame type is not a control frame.
* Eliminated RAII_VAR in framehook.
* Use switch instead of else-if ladder for control frame handling.

Change-Id: Ia555fc3600bd85470e3c0141147dbe3ad07c1d18

This prevents orphaned CBAnn channels from getting stuck in the bridge.

ASTERISK-26994 #close
Reported by: James Terhune

Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457

A video update frame is used to indicate that a channel
with video negotiated should provide a full frame so the
decoder decoding the stream is able to do so. In situations
where a queue is used to store frames it makes no sense
for the queue to contain multiple video update frames. One
is sufficient to have a full frame be sent.

ASTERISK-27222

Change-Id: Id3f40a6f51b740ae4704003a1800185c0c658ee7

mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.

In the case of app_minivm, we also now properly clean up any temporary
files that we create.

ASTERISK-20858 #close
Reported by: Walter Doekes

Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43

If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.

Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.

Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.

ASTERISK-16777 #close
Reported by: klaus3000

Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2

The ps_endpoints table was missing the dtls_fingerprint column
introduced with commit adba2a8d.

ASTERISK-27168 #close

Change-Id: I9cb5006f7f50718b5239919562773adabb334cfd

If an SDP answer hasn't been sent yet, it's legal to change it.
This is required for PJSIP_DTMF_MODE to work correctly, and can
also have use in the future for updating codecs too.

ASTERISK-27209 #close

Change-Id: Idbbfb7cb3f72fbd96c94d10d93540f69bd51e7a1

ASTERISK-19103 #close
Reported by: Jim Van Meggelen

Change-Id: I4bd32a9d1fcebb8ac56bff0e084d4f53e31b692b

ASTERISK-21241 #close
Reported by: Eelco Brolman
Patches:
	Patch uploaded by Eelco Brolman (License 6442)

Change-Id: Icbe39b5c82a49b46cf1d168dc17766f3d84f54fe

Change-Id: I1e33290929e1aa7c5b9cb513f8254f2884974de8

* changes:
  bridge_channel.c: Fix FRACK when mapping frames to the bridge.
  bridge: Fix softmix bridge deadlock.