With Asterisk 12 (commit 866d9681), the default of "icesupport" changed to
- "yes" in the module "res_rtp_asterisk" and
- "no" in the module "chan_sip".
The latter was reflected in the sample configuration file for "sip.conf". The
former did not make it into "rtp.conf.sample".

ASTERISK-20643

Change-Id: I2a2e0a900455d0767a99ea576e30adc6d7608a36

Change-Id: Id2899331fe05d1909a862ea879742879d086bc64

Beanstalkd is a simple to use job queue. It provides a means to
create multiple job queues called "tubes". Each tube can store
multiple jobs, with varying priorities with the queue. Queue
processing is available via a simple TCP socket or via well defined
libraries, avaialble at
https://github.com/kr/beanstalkd/wiki/client-libraries

This module is based upon the beanstalk-client library, available
for download at: https://github.com/deepfryed/beanstalk-client

This module currently doesn't support user defined events.

Change-Id: Ic3a087faeeac045d69a2a018e60e29831ddb95ab

The OUTPUTDIR environment variable can now be set either in the
environment itself or in ast_debug_tools.conf.  If set, it's used
for all work products instead of /tmp.

Also added the --tarball-config option that includes the contents
of /etc/asterisk when either --tarball-coredumps or --tarball-results
are used.

Change-Id: I66b2553319df61caea5b313d084f51978f730b4c

The media frame cache gets in the way of finding use after free errors of
media frames.  Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.

* Added the "cache_media_frames" option to asterisk.conf.  Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG.  The cache gets in the way of determining if the frame is
used after free and who freed it.  NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.

To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.

Sample asterisk.conf setting:
[options]
cache_media_frames=no

ASTERISK-27413

Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00

This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.

Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.

ASTERISK-27395

Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4

When the identify_by option on an endpoint is set to ip it will
only be identified using the res_pjsip_endpoint_identifier_ip module.
This ensures that it is not mistakenly matched using the username of
the From header. To ensure behavior has not changed the default has
been changed to "username,ip" for the identify_by option.

ASTERISK-27206

Change-Id: I2170b86a7f7e221b4f00bf14aa1ef1ac5b050bbd

Beanstalkd is a simple to use job queue. It provides a means to
create multiple job queues called "tubes". Each tube can store
multiple jobs, with varying priorities with the queue. Queue
processing is available via a simple TCP socket or via well defined
libraries, avaialble at
https://github.com/kr/beanstalkd/wiki/client-libraries

This module is based upon the beanstalk-client library, available
for download at: https://github.com/deepfryed/beanstalk-client

Change-Id: I5fe4089a34ab3b39230786d9bbfddafa56715f48

When "rewrite_contact" is enabled, the "max_contacts" count option can
block re-registrations because the source port from the endpoint can be
random.  When the re-registration is blocked, the endpoint may give up
re-registering and require manual intervention.

* The "remove_existing" option now allows a registration to succeed by
displacing any existing contacts that now exceed the "max_contacts" count.
Any removed contacts are the next to expire.  The behaviour change is
beneficial when "rewrite_contact" is enabled and "max_contacts" is greater
than one.  The removed contact is likely the old contact created by
"rewrite_contact" that the device is refreshing.

ASTERISK-27192

Change-Id: I64c107a10b70db1697d17136051ae6bf22b5314b

Change-Id: I65a5190b2732b2246d67472db70dd37db64ddad4

Incoming requests with non sip(s) URIs in the Request, To, From
or Contact URIs are now rejected with
PJSIP_SC_UNSUPPORTED_URI_SCHEME (416).  This is performed in
pjsip_message_filter (formerly pjsip_message_ip_updater) and is
done at pjproject's "TRANSPORT" layer before a request can even
reach the distributor.

URIs read by res_pjsip_outbound_publish from pjsip.conf are now
also checked for both length and sip(s) scheme.  Those URIs read
by outbound registration and aor were already being checked for
scheme but their error messages needed to be updated to include
scheme failure as well as length failure.

Change-Id: Ibb2f9f1d2dc7549da562af4cbd9156c44ffdd460

A new endpoint parameter "incoming_mwi_mailbox" allows Asterisk to
receive unsolicited MWI NOTIFY requests and make them available to
other modules via the stasis message bus.

res_pjsip_pubsub has a new handler "pubsub_on_rx_mwi_notify_request"
that parses a simple-message-summary body and, if
endpoint->incoming_mwi_account is set, calls ast_publish_mwi_state
with the voice-message counts from the message.

Change-Id: I08bae3d16e77af48fcccc2c936acce8fc0ef0f3c

An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

Change-Id: I7552472247a84cde24e1358aaf64af160107aef1

Change-Id: I26e17df2c93f3933b23f78070603adbcc84ba204

Add ability to use tokens instead of passwords according to Google OAuth 2.0
protocol.

ASTERISK-27169
Reported by: Andrey Egorov
Tested by: Andrey Egorov

Change-Id: I07f7052a502457ab55010a4d3686653b60f4c8db

Setting this option will cause the Queue application to only announce
the caller's position if it has improved since the last time that we
announced it.

Change-Id: I173a124121422209485b043e2bf784f54242fce6

This change does a few things to improve packet loss and renegotiation:

1. On outgoing RTP streams we will now properly reflect out of order
packets and packet loss in the sequence number. This allows the
remote jitterbuffer to better reorder things.

2. Video updates can now be discarded for a period of time
after one has been sent to prevent flooding of clients.

3. For declined and removed streams we will now release any
media session resources associated with them. This was not
previously done and caused an issue where old state was being
used for a new stream.

4. RTP bundling was not actually removing bundled RTP instances
from the parent. This has been resolved by removing based on
the RTP instance itself and not the SSRC.

5. The code did not properly handle explicitly unbundling an
RTP instance from its parent. This now works as expected.

ASTERISK-27143

Change-Id: Ibd91362f0e4990b6129638e712bc8adf0899fd45

This patch creates a new configuration option called "webrtc". When enabled it
defaults and enables the following options that are needed in order for webrtc
to work in Asterisk:

  rtcp-mux, use_avpf, ice_support, and use_received_transport=enabled
  media_encryption=dtls
  dtls_verify=fingerprint
  dtls_setup=actpass

When "webrtc" is enabled, this patch also parses the "msid" media level
attribute from an SDP. It will also appropriately add it onto the outgoing
session when applicable.

Lastly, when "webrtc" is enabled h264 RTCP FIR feedback frames are now sent.

ASTERISK-27119 #close

Change-Id: I5ec02e07c5d5b9ad86a34fdf31bf2f9da9aac6fd

This adds support for parsing timelen values from config files.  This
includes support for all flags which apply to PARSE_INT32.  Support for
this parser is added to ACO via the OPT_TIMELEN_T option type.

Fixes an issue where extra characters provided to ast_app_parse_timelen
were ignored, they now cause an error.

Testing is included.

ASTERISK-27117 #close

Change-Id: I6b333feca7e3f83b4ef5bf2636fc0fd613742554

ASTERISK-27127 #close
Reported by: HZMI8gkCvPpom0tM

Change-Id: I2b0c54570d58156e37166ac536728af3b6c01789

By default, when res_musiconhold reloads or unloads, it sends a HUP
signal to custom applications (and all descendants), waits 100ms,
then sends a TERM signal, waits 100ms, then finally sends a KILL
signal.  An application which is interacting with an external
device and/or spawns children of its own may not be able to exit
cleanly in the default times, expecially if sent a KILL signal, or
if it's children are getting signals directly from
res_musiconhoild.

* To allow extra time, the 'kill_escalation_delay'
  class option can be used to set the number of milliseconds
  res_musiconhold waits before escalating kill signals, with the
  default being the current 100ms.

* To control to whom the signals are sent, the "kill_method" class
  option can be set to "process_group" (the default, existing
  behavior), which sends signals to the application and its
  descendants directly, or "process" which sends signals only to the
  application itself.

Change-Id: Iff70a1a9405685a9021a68416830c0db5158603b

When connected_line_method is "invite", we're supposed to determine
if the client can support UPDATE and if it can, send UPDATE instead
of INVITE to avoid the SDP renegotiation.  Not only was pjproject
not setting the PJSIP_INV_SUPPORT_UPDATE flag, we were testing
that invite_tsx wasn't NULL which isn't always the case.

* Updated chan_pjsip/update_connected_line_information to drop the
  requirement that invite_tsx isn't NULL.
* Submitted patch to pjproject sip_inv.c that sets the
  PJSIP_INV_SUPPORT_UPDATE flag correctly.
* Updated pjsip.conf.sample to clarify what happens when "invite"
  is specified.

ASTERISK-27095

Change-Id: Ic2381b3567b8052c616d96fbe79564c530e81560

The stream topology (list of streams and order) is now stored with the
configured PJSIP endpoints and used during the negotiation process.

Media negotiation state information has been changed to be stored
in a separate object. Two of these objects exist at any one time
on a session. The active media state information is what was previously
negotiated and the pending media state information is what the
media state will become if negotiation succeeds. Streams and other
state information is stored in this object using the index (or
position) of each individual stream for easy lookup.

The ability for a media type handler to specify a callback for
writing has been added as well as the ability to add file
descriptors with a callback which is invoked when data is available
to be read on them. This allows media logic to live outside of
the chan_pjsip module.

Direct media has been changed so that only the first audio and
video stream are directly connected. In the future once the RTP
engine glue API has been updated to know about streams each individual
stream can be directly connected as appropriate.

Media negotiation itself will currently answer all the provided streams
on an offer within configured limits and on an offer will use the
topology created as a result of the disallow/allow codec lines.

If a stream has been removed or declined we will now mark it as such
within the resulting SDP.

Applications can now also request that the stream topology change.
If we are told to do so we will limit any provided formats to the ones
configured on the endpoint and send a re-invite with the new topology.

Two new configuration options have also been added to PJSIP endpoints:

max_audio_streams: determines the maximum number of audio streams to
offer/accept from an endpoint. Defaults to 1.

max_video_streams: determines the maximum number of video streams to
offer/accept from an endpoint. Defaults to 1.

ASTERISK-27076

Change-Id: I8afd8dd2eb538806a39b887af0abd046266e14c7

A new global option "imap_poll_logout" was added to specify whether need to
disconnect from the IMAP server after polling of mailboxes.

ASTERISK-27068 #close

Closing IMAP connection after loading mailbox from voicemail.conf

ASTERISK-24052 #close

Change-Id: Ib7558ba04516240a32b65f42e9be64372a0ae12a

Change-Id: I7a610bef369924523a445c7e849ee88cc45dc5df

This option was added to control whether to notify dialog-info state
'early' or 'confirmed' on Ringing when already INUSE.
The value "yes" is useful for some SIP phones (Cisco SPA)
to be able to indicate and pick up ringing devices.

ASTERISK-26919 #close

Change-Id: Ie050bc30023543c7dfb4365c5be3ce58c738c711

Reported by Sylvain Boily via asterisk-dev mailing list.

Change-Id: Idc7623f335aea3e144dd369ba383b9a757480a9d

Enables runtime configuration of busy_timeout for sqlite databases.
Default timeout remains 1000ms.

ASTERISK-27014 #close

Change-Id: I8921a3aac3c335843be4cb17d2dd0a5c157a36da

Additional variable to work alongside QUEUE_MAX_PENALTY and QUEUE_MIN_PENALTY,
including an extra parameter in queuerules.conf. This value causes lower
Agent penalty values to "raise up" so that they can join higher penalty agents
and be treated equally after a period of time.

ASTERISK-26995 #close

Change-Id: If1c6421a983667a5ac4c359f6dac25b212b4c459

Change-Id: Ie1c2d83af66f27a449da09a68d987e0992627fee

This option was added to turn off notifying the progress details
on Blind Transfer. If this option is not set then the chan_pjsip
will send NOTIFY "200 OK" immediately after "202 Accepted".

Some SIP phones like Mitel/Aastra or Snom keep the line busy until
receive "200 OK".

ASTERISK-26333 #close

Change-Id: Id606fbff2e02e967c02138457badc399144720f2

This change adds the required logic to allow the SIP
Call-ID to be placed into the HEP RTCP traffic if the
chan_sip module is used. In cases where the option is
enabled but the channel is not either SIP or PJSIP then
the code will fallback to the channel name as done
previously.

Based on the change on Nir's branch at:
team/nirs/hep-chan-sip-support

ASTERISK-26427

Change-Id: I09ffa5f6e2fdfd99ee999650ba4e0a7aad6dc40d

All log messages go to a queue serviced by a single thread
which does all the IO.  This setting controls how big that
queue can get (and therefore how much memory is allocated)
before new messages are discarded. The default is 1000.
Should something go bezerk and log tons of messages in a tight
loop, this will prevent memory escalation.

When the limit is reached, a WARNING is logged to that effect
and messages are discarded until the queue is empty again.  At
that time another WARNING will be logged with the count of
discarded messages.  There's no "low water mark" for this queue
because the logger thread empties the entire queue and processes it
in 1 batch before going back and waiting on the queue again.
Implementing a low water mark would mean additional locking as
the thread processes each message and it's not worth it.

A "test" was added to test_logger.c but since the outcome is
non-deterministic, it's really just a cli command, not a unit
test.

Change-Id: Ib4520c95e1ca5325dbf584c7989ce391649836d1

Added the stun_blacklist option to rtp.conf.  Some multihomed servers have
IP interfaces that cannot reach the STUN server specified by stunaddr.
Blacklist those interface subnets from trying to send a STUN packet to
find the external IP address.  Attempting to send the STUN packet
needlessly delays processing incoming and outgoing SIP INVITEs because we
will wait for a response that can never come until we give up on the
response.  Multiple subnets may be listed.

ASTERISK-26890 #close

Change-Id: I3ff4f729e787f00c3e6e670fe6435acce38be342

This include was accidentally removed in changeset
Ia79aea64de89531362e993e34230c2044a70aa93. My bad.

Change-Id: I1d716c7f9590b4e97909fb8bca1f2ed9bd0e4082

This change adds database tables for the PUBLISH support so it
can be configured using realtime. A minor fix to the
res_pjsip_publish_asterisk module was done so that it read the
sorcery configuration from the correct section. Finally the
sample configuration files have been updated.

ASTERISK-26928

Change-Id: I81991ae5c75af98d247f7eacd1c0b0a763675952

This takes care of warnings by ossobv/asterisklint.

Change-Id: Ia79aea64de89531362e993e34230c2044a70aa93

Added:
 * outbound-publish
 * resource_list
 * inbound-publication
 * asterisk-publication

Change-Id: I65043a896c35483f30a92d30b5b118359af7ba5a

Two new parameters have been added to the pjsip config wizard.

 * Setting 'sends_line_with_registrations' to true will cause the wizard
   to skip the creation of an identify object to match incoming request
   to the endpoint and instead add the line and endpoint parameters to
   the outbound registration object.

 * Setting 'outbound_proxy' is a shortcut for adding individual
   endpoint/outbound_proxy, aor/outbound_proxy and
   registration/outbound_proxy parameters.

Change-Id: I678e5f80765734c056620528a6d40d82736ceeb0
(cherry picked from commit a827892f)
(cherry picked from commit 27344675)

ASTERISK-26086 #close
Reported by: Jens Bürger

Change-Id: I6aab666c0bf01fd0c64d7a5bcb22fa7f5d41335e