An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1

This prevents orphaned CBAnn channels from getting stuck in the bridge.

ASTERISK-26994 #close
Reported by: James Terhune

Change-Id: I5e43e832a9507ec3f2c59752cd900b41dab80457

mkstemp() returns a unique filename, but appending an extension to that
filename does not guarantee uniqueness. Instead, use mkdtemp() and we
can put whatever extension we want on the files that we create inside
the directory.

In the case of app_minivm, we also now properly clean up any temporary
files that we create.

ASTERISK-20858 #close
Reported by: Walter Doekes

Change-Id: I30ad04f0e115f0b11693ff678ba5184d8b938e43

If the Record() application is called with a relative filename that
includes directories, we were not properly creating the intermediate
directories and Record() would fail.

Secondarily, updated the documentation for RECORDED_FILE to mention
that it does not include a filename extension.

Finally, rewrote the '%d' functionality to be a bit more straight
forward and less noisy.

ASTERISK-16777 #close
Reported by: klaus3000

Change-Id: Ibc2640cba3a8c7f17d97b02f76b7608b1e7ffde2

ASTERISK-19103 #close
Reported by: Jim Van Meggelen

Change-Id: I4bd32a9d1fcebb8ac56bff0e084d4f53e31b692b

ASTERISK-21241 #close
Reported by: Eelco Brolman
Patches:
	Patch uploaded by Eelco Brolman (License 6442)

Change-Id: Icbe39b5c82a49b46cf1d168dc17766f3d84f54fe

Change-Id: I26e17df2c93f3933b23f78070603adbcc84ba204

Change-Id: I16133166a85fdb557c66ffcbfe8128d0b4725b0e

Fixed to use correct initial value and fixed to use the
correct queue info to check the first value.

ASTERISK-27204

Change-Id: Ia9e36c828e566e1cc25c66f73307566e4acb8e73

Use -Wno-format-truncation only if supported by compiler.

ASTERISK-27171 #close

Change-Id: Iac0aed7a5bcaa16c21b7d62c4e4678d244c4ccb6

Change-Id: I56ed530633a642633b18383821069e806c92ae82

GCC 7 has added capability to produce warnings, this fixes most of those
warnings.  The specific warnings are disabled in a few places:

* app_voicemail.c: truncation of paths more than 4096 chars in many places.
* chan_mgcp.c: callid truncated to 80 chars.
* cdr.c: two userfields are combined to cdr copy, fix would break ABI.
* tcptls.c: ignore use of deprecated method SSLv3_client_method().

ASTERISK-27156 #close

Change-Id: I65f280e7d3cfad279d16f41823a4d6fddcbc4c88

Setting this option will cause the Queue application to only announce
the caller's position if it has improved since the last time that we
announced it.

Change-Id: I173a124121422209485b043e2bf784f54242fce6

The following testsuite voicemail tests were failing to re-enter the
mailbox after the first login attempt.

tests/apps/voicemail/authenticate_invalid_mailbox
tests/apps/voicemail/authenticate_invalid_password

The tests were noting the start of the vm-incorrect-mailbox prompt and
immediately sending the mailbox for the next login attempt.  Since the
invalid message playback had to complete before the digits were
recognized, the test passed for the wrong reason and added approximately
20 seconds to the test times.

* Allow the vm-incorrect-mailbox prompt to get interrupted by the mailbox
digits like the initial vm-login prompt so the tests are able to enter the
intended mailbox.

Change-Id: I1dc53fe917bfe03a4587b2c4cd24c94696a69df8

This change does a few things to improve packet loss and renegotiation:

1. On outgoing RTP streams we will now properly reflect out of order
packets and packet loss in the sequence number. This allows the
remote jitterbuffer to better reorder things.

2. Video updates can now be discarded for a period of time
after one has been sent to prevent flooding of clients.

3. For declined and removed streams we will now release any
media session resources associated with them. This was not
previously done and caused an issue where old state was being
used for a new stream.

4. RTP bundling was not actually removing bundled RTP instances
from the parent. This has been resolved by removing based on
the RTP instance itself and not the SSRC.

5. The code did not properly handle explicitly unbundling an
RTP instance from its parent. This now works as expected.

ASTERISK-27143

Change-Id: Ibd91362f0e4990b6129638e712bc8adf0899fd45

This commit fixes two possible scenarios:

* When recording name and if during recording you hangup, file is never
removed. This is due to the fact file location is nulled.
* When recording name and if you hangup during thank-you prompt, file
is never removed.

ASTERISK-27123 #close

Change-Id: I39b7271408b4b54ce880c5111a886aa8f28c2625

In say_date_generic the timezonename parameter is passed but never
used. Fix it by passing it to the ast_localtime function.

ASTERISK-27124

Change-Id: I63106b8db10426d417d7275f22554a616e92fae4

When performing the "Queues" action via AMI, it outputs the same
text that the Asterisk CLI outputs when running a "queue show"
command, which does not conform with the AMI spec. "QueueStatus"
already does what the "Queues" action should do, so instead of
correcting the output, the "Queues" action will be removed and
"QueueStatus" should be used instead.

ASTERISK-27073 #close
Reported by: Brian

Change-Id: Id11743859758255b69cc3a557750d7a56c6d16f8

This API was not actively maintained, was not added to new modules
(such as res_pjsip), and there exist better alternatives to acquire the
same information, such as the ARI.

Change-Id: I4b2185a83aeb74798b4ad43ff8f89f971096aa83

This patch include a feature to change the priority a caller in a
queue by CLI and AMI.

Change-Id: I55d520d71cc1cefe9a9b81fefaefc14679e96133

The primary focus of this patch is adding a missing call to
ast_odbc_release_obj(), but is also a general cleanup of the ODBC
related code in app_voicemail.

ASTERISK-27093 #close

Change-Id: I8e285142eaeb3146b4287a928276b70db76c902b

Fixed the following bugs:

* calls to stream_echo_write had the last two parameters swapped
* ast_read should have been ast_read_stream
* added a null check on the frame's subclass format

This also resets the update_sent flag upon receiving SRRCHANGE control frame.
This will then force a video update.

ASTERISK-26997

Change-Id: I6ad7c8253559b800800433c52339e7f5aa583566

Add priority to callers in AMI QueueStatus response

ASTERISK-27092 #close

Change-Id: I8d1f737a72c7c38f4cfe1a4ee3ecc0a4f85bd199

The fix for ASTERISK-25665 introduced a regression.
The return value of queue_exec used to be 0 in case of leavewhenempty
but it was changed to -1 (returned from wait_our_turn and passed
transparently by queue_exec), thus leading to hangup instead of returning
back to dialplan.

This commit resets the value back to 0 in this case, restoring
original behavior.

ASTERISK-27065 #close
Reported by: Marek Cervenka

Change-Id: Id9c83b75aeda463250155e88c5004be52bbca5ac

A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.

ASTERISK-27068 #close

Closing IMAP connection after loading mailbox from voicemail.conf

ASTERISK-24052 #close

Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a

Closing IMAP connection on module reload or unload.

ASTERISK-24052 #close

Change-Id: I2a40182aa9ef249fa6865d33570430e9ada68525

Change-Id: I2703f15b4099b4210c68eccf293105d1975c1fc1

Closing IMAP connection on MWI unsubscribe.

ASTERISK-24052 #close

Change-Id: I4ff964026002b2817b48c20fb4239f0a880228fd

ASTERISK-27025

Change-Id: Id736b0aa4ec6b6b0f04663d64fa8d151f81fdbed

A previous commit added plumbing to bridge_softmix to allow for an SFU
experience with Asterisk. This commit adds an option to app_confbridge
that allows for a confbridge to actually make use of the SFU video mode.

SFU mode is implemented in a "set it and forget it" kind of way. That
is, when the bridge is created, if SFU mode is enabled, then the video
mode gets set to SFU and cannot be changed. Future improvements may
allow for a hybrid experience (e.g. forward multiple video streams,
specifically those of the most recent talkers), but for this addition,
no such capability is present.

Change-Id: I87bbcb63dec6dbbb42488f894871b86f112b2020

This sets up the "plumbing" in bridge_softmix to
be able to accommodate Asterisk asking as an SFU
(selective forwarding unit) for conferences.

The way this works is that whenever a channel enters or leaves a
conference, all participants in the bridge get sent a stream topology
change request. The topologies consist of the channels' original
topology, along with video destination streams corresponding to each
participants' source video streams. So for instance, if Alice, Bob, and
Carol are in the conference, and each supplies one video stream, then
the topologies for each would look like so:

Alice:
Audio,
Source video(Alice),
Destination Video(Bob),
Destination video (Carol)

Bob:
Audio,
Source video(Bob)
Destination Video(Alice),
Destination video (Carol)

Carol:
Audio,
Source video(Carol)
Destination Video(Alice),
Destination video (Bob)

This way, video that arrives from a source video stream can then be
copied out to the destination video streams on the other participants'
channels.

Once the bridge gets told that a topology on a channel has changed, the
bridge constructs a map in order to get the video frames routed to the
proper destination streams. This is done using the bridge channel's
stream_map.

This change is bare-bones with regards to SFU support. Some key features
are missing at this point:

* Stream limits. This commit makes no effort to limit the number of
  streams on a specific channel. This means that if there were 50 video
  callers in a conference, bridge_softmix will happily send out topology
  change requests to every channel in the bridge, requesting 50+
  streams.

* Configuration. The plumbing has been added to bridge_softmix, but
  there has been nothing added as of yet to app_confbridge to enable SFU
  video mode.

* Testing. Some functions included here have unit tests.
  However, the functionality as a whole has only been verified by
  hand-tracing the code.

* Selectivenss. For a "selective" forwarding unit, this does not
  currently have any means of being selective.

* Features. Presumably, someone might wish to only receive video from
  specific sources. There are no external-facing functions at the moment
  that allow for users to select who they receive video from.

* Efficiency. The current scheme treats all video streams as being
  unidirectional. We could be re-using a source video stream as a
  desetnation, too. But to simplify things on this first round, I did it
  this way.

Change-Id: I7c44a829cc63acf8b596a337b2dc3c13898a6c4d

A change was done which added an 'in_call' flag to queue
members that was set to true while talking to an agent.
Unfortunately in practice this does not accurately reflect
whether they are talking to an agent or not. If a Local
channel is involved and a transfer is performed then the
app_queue application would incorrectly think the agent
was still in a call with the caller. This was done to
fix a race condition between an agent becoming available
by device state and the checking of the last call information
for the wrapup time. There was a small window where the
last call information would be the previous value instead
of the new one.

This change goes about fixing the original issue in a
different way by considering the call completed if device
state is received which would make the agent available
and if they are currently in a call. If this occurs the
last call information is updated before the agent becomes
available ensuring that old information is not present
when checking if the member should be called. This also
improves the transfer situation by actually updating
and enforcing the wrapup time.

ASTERISK-26399
ASTERISK-26400
ASTERISK-26715
ASTERISK-26975

Change-Id: Ife1cb686e3173b3a6d368601adef9aff69d4beea

When user leaves a conference, its channel calls async_play_sound_file()
in order to play the name announcement and then unlinks the sound file.
The async_play_sound_file() function adds a task to conference playback queue,
which then runs playback_common() function in a different thread.

It leads to a race condition when, in some cases, channel thread may unlink
the sound file before playback_common() had a chance to open it.

This patch creates a file deletion task, that is queued after playback.

ASTERISK-27012 #close

Change-Id: I412f7922d412004b80917d4e892546c15bd70dd3

Additional variable to work alongside QUEUE_MAX_PENALTY and QUEUE_MIN_PENALTY,
including an extra parameter in queuerules.conf. This value causes lower
Agent penalty values to "raise up" so that they can join higher penalty agents
and be treated equally after a period of time.

ASTERISK-26995 #close

Change-Id: If1c6421a983667a5ac4c359f6dac25b212b4c459

If the channel does not have multi-stream support then this application acts
just like app_echo. If it does have multi-stream support then each stream is
echoed back to itself (one-to-one).

If a "num" is specified, then a new topology is made that contains clones (from
the channel's topology) of all media types that are not equal to the given
"type". If the media type differs then the first stream matching the "type" is
cloned into the new topology and then up to "num" - 1 of the same stream are
also cloned into it. Any additional streams from the original topology matching
the "type" are subsequently ignored (i.e. not added to the new topology).

For this same case when a frame is read from a stream that frame is still
echoed back like before, but now that frame is also echoed out to the
additional streams that matched on the specified "type".

ASTERISK-26997 #close

Change-Id: I254144486734178e196c7f590a26ffc13543ff2c

When manipulating flags on a channel the channel has to be
locked to guarantee that nothing else is also manipulating
the flags. This change introduces locking where necessary to
guarantee this. It also adds helper functions that manipulate
channel flags and lock to reduce repeated code.

ASTERISK-26789

Change-Id: I489280662dba0f4c50981bfc5b5a7073fef2db10

There are 2 places in app_queue.c that log EXITEMPTY event: one in
wait_our_turn, and another one in queue_exec in the loop trying to
call an agent after wait_our_turn.

In most cases it leads to logging EXITEMPTY twice.

ABANDON is also logged on two places, and in the rare case when an agent
and caller hang up simultaneously it's also possible to get duplicates
in queue_log.

This commit changes wait_our_turn to return -1 ("the caller should exit
the queue") instead of 0 ("the caller's turn has arrived") in case of
leaving when empty, so queue_exec skips the agent calling loop.

Also, leave_queue is now executed only once in this case, because 2nd
time is just a noop when the queue entry has already been removed.

Also, it sets qe->handled to -1 to indicate that the call was not
answered by an agent, but the necessary handling has already been done
in order to avoid logging an extra ABANDON entry.

ASTERISK-25665 #close
Reported by: Ove Aursand

Change-Id: I4578dd383bf2ac41589cf167865e8aaebcd4c11e

menu_template_handler wasn't properly accounting for the fact that
it might be called both during a load/reload (which isn't really
valid but not prevented) and by a dialplan function.  In both cases
it was attempting to use the "pending" config which wasn't valid in
the latter case.  aco_process_config is also partly to blame because
it wasn't properly cleaning "pending" up when a reload was done and
no changes were made.  Both of these contributed to a crash if
CONFBRIDGE(menu,template) was called in a dialplan after a reload.

* aco_process_config now sets info->internal->pending to NULL
  after it unrefs it although this isn't strictly necessary in the
  context of this fix.
* menu_template_handler now uses the "current" config and silently
  ignores any attempt to be called as a result of someone uses the
  "template" parameter in the conf file.

Luckily there's no other place in the codebase where
aco_pending_config is used outside of aco_process_config.

ASTERISK-25506 #close
Reported-by: Frederic LE FOLL

Change-Id: Ib349a17d3d088f092480b19addd7122fcaac21a7

This change extends the ast_request functionality by adding another
function and callback to create an outgoing channel with a requested
stream topology. Fallback is provided by either converting the
requested stream topology into a format capabilities structure if
the channel driver does not support streams or by converting the
requested format capabilities into a stream topology if the channel
driver does support streams.

The Dial application has also been updated to request an outgoing
channel with the stream topology of the calling channel.

ASTERISK-26959

Change-Id: Ifa9037a672ac21d42dd7125aa09816dc879a70e6

Cleaned up some of the incorrect uses of fread() and fwrite(), mostly in
the format modules. Neither of these functions will ever return a value
less than 0, which we were checking for in some cases.

I've introduced a fair amount of duplication in the format modules, but
I plan to change how format modules work internally in a subsequent
patch set, so this is simply a stop-gap.

Change-Id: I8ca1cd47c20b2c0b72088bd13b9046f6977aa872