This allows the STUN server to change its IP address without having to
reload the res_rtp_asterisk module.

The refresh of the name resolution occurs first when the module is
loaded, then recurringly, slightly after the previous DNS answer TTL
expires.

ASTERISK-29508 #close

Change-Id: I7955a046293f913ba121bbd82153b04439e3465f

This changeset is intended to address compatibility issues encountered
when interfacing Asterisk to electromechanical telephone switches that
implement ANI-B, ANI-C, or ANI-D.

In particular the behaviours that this impacts include:

 - FGC-CAMA did not work at all when using MF signaling. Modified the
   switch case block to send calls to the correct part of the
   signaling-handling state machine.

 - For FGC-CAMA operation, the delay between called number ST and
   second wink for ANI spill has been made configurable; previously
   all calls were made to wait for one full second.

 - After the ANI spill, previous behavior was to require a 'ST' tone
   to advance the call.  This has been changed to allow 'STP' 'ST2P'
   or 'ST3P' as well, for compatibility with ANI-D.

 - Store ANI2 (ANI INFO) digits in the CALLERID(ANI2) channel variable.

 - For calls with an ANI failure, No. 1 Crossbar switches will send
   forward a single-digit failure code, with no calling number digits
   and no ST pulse to terminate the spill.  I've made the ANI timeout
   configurable so to reduce dead air time on calls with ANI fail.

 - ANI info digits configurable.  Modern digital switches will send 2
   digits, but ANI-B sends only a single info digit.  This caused the
   ANI reported by Asterisk to be misaligned.

 - Changed a confusing log message to be more informative.

ASTERISK-29518

Change-Id: Ib7e27d987aee4ed9bc3663c57ef413e21b404256

Allow mapping pjproject log messages to the Asterisk TRACE
log level.  The defaults were also changes to log pjproject
levels 3,4 to DEBUG and 5,6 to TRACE.  Previously 3,4,5,6
all went to DEBUG.

ASTERISK-29582

Change-Id: I859a37a8dec263ed68099709cfbd3e665324c72d

ASTERISK-29598

Change-Id: I8ef17023f55bf01f2e309b06f4778a8ca7252c91

ASTERISK-29597

Change-Id: I19bb39eed0257ddfef453eb2df5646d073d50fe1

ASTERISK-29596

Change-Id: Ibae9490c1b35cadbf7028d24610f745277c8535e

ASTERISK-29594

Change-Id: I79a9961cb5062fadbccb0ea93f087bdd32685316

ASTERISK-29593

Change-Id: Ib53a42ad974c63871344b95078c61c188e43da99

ASTERISK-29592

Change-Id: Ic8eb6a2100ad5bc3b48338a6d0a6cfa70ecbc50f

ASTERISK-29584

Change-Id: I4bd3695d089121f810d692a82361d39d2f97ae39

Meter types are not well supported,
lacking support in telegraf, datadog and the official statsd servers.
We deprecate meters and provide a compliant fallback for any existing usages.

A flag has been introduced to allow meters to fallback to counters.


ASTERISK-29513

Change-Id: I5fcb385983a1b88f03696ff30a26b55c546a1dd7

A new user option, answer_channel, adds the capability to
prevent answering the channel if it hasn't already been
answered yet.

ASTERISK-29440

Change-Id: I26642729d0345f178c7b8045506605c8402de54b

By default Asterisk reports the PJSIP version in a SOFTWARE attribute
of every STUN packet it sends. This may not be desired in a production
environment, and RFC5389 recommends making the use of the SOFTWARE
attribute a configurable option:

https://datatracker.ietf.org/doc/html/rfc5389#section-16.1.2

This patch adds a `stun_software_attribute` yes/no option to make it
possible to omit the SOFTWARE attribute from STUN packets.

ASTERISK-29434

Change-Id: Id3f2b1dd9584536ebb3a1d7e8395fd8b3e46860b

RFC7616 and RFC8760 allow more than one WWW-Authenticate or
Proxy-Authenticate header per realm, each with different digest
algorithms (including new ones like SHA-256 and SHA-512-256).
Thankfully however a UAS can NOT send back multiple Authenticate
headers for the same realm with the same digest algorithm.  The
UAS is also supposed to send the headers in order of preference
with the first one being the most preferred.  We're supposed to
send an Authorization header for the first one we encounter for a
realm that we can support.

The UAS can also send multiple realms, especially when it's a
proxy that has forked the request in which case the proxy will
aggregate all of the Authenticate headers and then send them all
back to the UAC.

It doesn't stop there though... Each realm can require a
different username from the others.  There's also nothing
preventing each digest algorithm from having a unique password
although I'm not sure if that adds any benefit.

So now... For each Authenticate header we encounter, we have to
determine if we support the digest algorithm and, if not, just
skip the header.  We then have to find an auth object that
matches the realm AND the digest algorithm or find a wildcard
object that matches the digest algorithm. If we find one, we add
it to the results vector and read the next Authenticate header.
If the next header is for the same realm AND we already added an
auth object for that realm, we skip the header. Otherwise we
repeat the process for the next header.

In the end, we'll have accumulated a list of credentials we can
pass to pjproject that it can use to add Authentication headers
to a request.

NOTE: Neither we nor pjproject can currently handle digest
algorithms other than MD5.  We don't even have a place for it in
the ast_sip_auth object. For this reason, we just skip processing
any Authenticate header that's not MD5.  When we support the
others, we'll move the check into the loop that searches the
objects.

Changes:

 * Added a new API ast_sip_retrieve_auths_vector() that takes in
   a vector of auth ids (usually supplied on a call to
   ast_sip_create_request_with_auth()) and populates another
   vector with the actual objects.

 * Refactored res_pjsip_outbound_authenticator_digest to handle
   multiple Authenticate headers and set the stage for handling
   additional digest algorithms.

 * Added a pjproject patch that allows them to ignore digest
   algorithms they don't support.  This patch has already been
   merged upstream.

 * Updated documentation for auth objects in the XML and
   in pjsip.conf.sample.

 * Although res_pjsip_authenticator_digest isn't affected
   by this change, some debugging and a testsuite AMI event
   was added to facilitate testing.

Discovered during OpenSIPit 2021.

ASTERISK-29397

Change-Id: I3aef5ce4fe1d27e48d61268520f284d15d650281

Although Asterisk can receive and propogate flash events, it currently
provides no mechanism for doing anything with them itself.

This AMI event allows flash events to be processed by Asterisk.
Additionally, AST_CONTROL_FLASH is included in a switch statement
in channel.c to avoid throwing a warning when we shouldn't.

ASTERISK-29380

Change-Id: Ie17ffe65086e0282c88542e38eed6a461ec79e81

STIR/SHAKEN encodes using base64 URL format. Currently, we just use
base64. New functions have been added that convert to and from base64
encoding.

The origid field should also be an UUID. This means there's no reason to
have it as an option in stir_shaken.conf, as we can simply generate one
when creating the Identity header.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Icf094a2a54e87db91d6b12244c9f5ba4fc2e0b8c

During OpenSIPit, we found out that the public certificates must be of
type X.509. When reading in public keys, we use the corresponding X.509
functions now.

We also discovered that we needed a better naming scheme for the
certificates since certificates with the same name would cause issues
(overwriting certs, etc.). Now when we download a public certificate, we
get the serial number from it and use that as the name of the cached
certificate.

The configuration option public_key_url in stir_shaken.conf has also
been renamed to public_cert_url, which better describes what the option
is for.

https://wiki.asterisk.org/wiki/display/AST/OpenSIPit+2021

Change-Id: Ia00b20835f5f976e3603797f2f2fb19672d8114d

ASTERISK-27477 #close

Change-Id: I68f6715bba92a525149e35d142a49377a34a1193

Change-Id: I2f76867ce02ec611964925159be099de83346e38

Added support for a basic AEAP configuration read from aeap.conf.
Also added 2 CLI commands for showing individual configurations as
well as all of them: aeap show server <id> and aeap show servers.

Only one configuration option is required at the moment, and that one is
server_url. It must be a websocket URL. The other option, codecs, is
optional and will be used over the codecs specified on the endpoint if
provided.

https://wiki.asterisk.org/wiki/pages/viewpage.action?pageId=45482453

Change-Id: I567ac5148c92b98d29d2ad83421b416b75ffdaa3

I missed the changes in 18 and master in the previous review.

ASTERISK-24434 #close

Change-Id: Ieb132b2a998ce96daa9c9acf26535a974b895876

Change-Id: Iff0e713f2120d8dce8e1e26924b99ed17f9d9dff

Added .log extension to the sample logs in logger.conf.sample so that
they will be able to be opened in the browser when attached to JIRA
tickets. Because of this, asterisk.logrotate has also been updated to
look for .log extensions instead of no extension for log files such as
full and messages.

Change-Id: I5de743c03f08047d6c6cc80cac5019ae0c4c200f

Also removed the sample documentation, and some oddly-placed
documentation about the timeout argument to the Queue() application
itself. There is a large section on the timeout behavior below.

ASTERISK-26614 #close

Change-Id: I8f84e8304b50305b7c4cba2d9787a5d77c3a6217

ASTERISK-24631 #close

Change-Id: I8bf8776906a72ee02f24de6a85345940b9ff6b6f

ASTERISK-24434 #close

Change-Id: I0144e8d65d878128da59dcf3df12ca8cee47d6db

minargs enables enforcing of minimum count of arguments to pass to
func_odbc, so if you're unconditionally using ARG1 through ARG4 then
this should be set to 4.  func_odbc will generate an error in this case,
so for example

[FOO]
minargs = 4

and ODBC_FOO(a,b,c) in dialplan will now error out instead of using a
potentially leaked ARG4 from Gosub().

ARGC is needed if you're using optional argument, to verify whether or
not an argument has been passed, else it's possible to use a leaked ARGn
from Gosub (app_stack).  So now you can safely do
${IF($[${ARGC}>3]?${ARGV}:default value)} kind of thing.

Change-Id: I6ca0b137d90b03f6aa9c496991f6cbf1518f6c24
Signed-off-by: Jaco Kroon <jaco@uls.co.za>

ASTERISK-29244

Change-Id: I1862d58264c2c8b5d8983272cb29734b184d67c5

Add option "srtpreplayprotection" rtp.conf to enable srtp
replay protection.

ASTERISK-29260
Reported by: Alexander Traud

Change-Id: I5cd346e3c6b6812039d1901aa4b7be688173b458

If there's no secret specified for an iax2 peer and there's no secret
specified in the dial string, Asterisk will crash if the auth method
requested by the peer is MD5 or plaintext.  You also couldn't specify
a default auth method in the [general] section of iax.conf so if you
don't have static peers defined and just use the dial string, Asterisk
will still crash even if you have a secret specified in the dial string.

* Added logic to iax2_call() and authenticate_reply() to print
  a warning and hanhup the call if encryption is requested and
  there's no secret or auth method.  This prevents the crash.

* Added the ability to specify a default "auth" in the [general]
  section of iax.conf.

ASTERISK-29624
Reported by: N A

Change-Id: I5928e16137581f7d383fcc7fa04ad96c919e6254

As described in the issue, /tmp is not a suitable location for a
large amount of cached media files, since most distributions make
/tmp a RAM-based tmpfs mount with limited capacity.

I opted for a location that can be configured separately, as opposed
to using a subdirectory of spooldir, given the different storage
profile (transient files vs files that might stay there indefinitely).

This commit just makes the cache directory configurable, and changes
the default location from /tmp to /var/cache/asterisk.

ASTERISK-29143

Change-Id: Ic54e95199405abacd9e509cef5f08fa14c510b5d

Change-Id: I79cc693cd5a6e5dd7d403b7e91d970ff1ddf8306

Currently any response from res_curl where we get an answer from the
web server, regardless of what the response is (404, 403 etc.) Asterisk
currently treats it as a success. This patch allows you to set which
codes should be considered as a failure by Asterisk. If say we set
failurecodes=404,403 then when using curl in realtime if a server gives
a 404 error Asterisk will try to failover to the next option set in
extconfig.conf

ASTERISK-28825

Reported by: Dovid Bender
Code by: Gobinda Paul

Change-Id: I94443e508343e0a3e535e51ea6e0562767639987

ASTERISK-29136 #close

Change-Id: I3186536d65a50014c8da4780c9224919caa81440

Add missing comment mark from stock configuration.

ASTERISK-29123 #close

Change-Id: I4f94eb4544166bca8af4c17fd11edee3c6980620

This changes the outgoing offer call preference
default option to match the behavior of previous
versions of Asterisk.

The additional advanced codec negotiation options
have also been removed from the sample configuration
and marked as reserved for future functionality in
XML documentation.

The codec preference options have also been fixed to
enforce local codec configuration.

ASTERISK-29109

Change-Id: Iad19347bd5f3d89900c15ecddfebf5e20950a1c2

app_confbridge now has the ability to set the estimated bitrate on an
SFU bridge.  To use it, set a bridge profile's remb_behavior to "force"
and set remb_estimated_bitrate to a rate in bits per second.  The
remb_estimated_bitrate parameter is ignored if remb_behavior is something
other than "force".

Change-Id: Idce6464ff014a37ea3b82944452e56cc4d75ab0a

Change-Id: I41e77a04e4a523f4ed61a7a20b738ffd42be441e

Since ASTERISK_27978 the default is not off but 90 seconds. That change
happened because ASTERISK_27347 disabled the keep-alives in the bundled
PJProject and Asterisk should behave the same as before.

Change-Id: Ie63dc558ade6a5a2b969c30a4bd492d63730dc46

Added a new log formatter called "plain" that always prints
file, function and line number if available (even for verbose
messages) and never prints color control characters.  It also
doesn't apply any special formatting for verbose messages.
Most suitable for file output but can be used for other channels
as well.

You use it in logger.conf like so:
debug => [plain]debug
console => [plain]error,warning,debug,notice,pjsip_history
messages => [plain]warning,error,verbose

Change-Id: I4fdfe4089f66ce2f9cb29f3005522090dbb5243d