Change-Id: Ib8db4e14187f5c11ecbff532df17d30c5d36fa3e

When networks experience disruptions, there can be large gaps of time
between receiving packets. When strictrtp is enabled, this created
issues where a flood of packets could come in and be seen as an attack.
Another option - seqno - has been added to the strictrtp option that
ignores the time interval and goes strictly by sequence number for
validity.

Change-Id: I8a42b8d193673899c8fc22fe7f98ea87df89be71

The documentation already specified EVENT_FLAG_DIALPLAN for this
event, but the implementation was using EVENT_FLAG_CALL.

Using EVENT_FLAG_DIALPLAN allows AMI clients to opt out of receiving
this highly verbose event.

ASTERISK-28033

Change-Id: I45b3119f30e4dbc17b49831f2b1a4f2c1beadafe

Change includes move to netsock2 library.

ASTERISK-27164
Reported-by: Adam Secombe

Change-Id: Ia9e8dc3d153de7a291dbda4bd87fc827dd2bb846

This patch adds regular expression support to make the identify section's
match_header option more useful when attempting to match complex headers
like the 'To' or 'From' headers.  The 'From' header has variable
components such as the tag parameter that you cannot predict.  To specify
a regular expression put slashes around the regular expression in place of
the header value.

[identify-alice]
type=identify
endpoint=alice
match_header=From: /<sip:alice@127\\.0\\.0\\.1>/

* Added regex support to match_header so you could match a 'To' header
among other complex headers.

Fixed reported crashes when trying to match special headers like 'Contact'.
The identify section's match_header method used code that assumed you were
matching a generic header.  Any other type of header could cause a crash
if the header structure variant did not match the generic header enough.

* Made use code that will work for any header type instead of code
specific to generic headers.

Other fixes while in the area:

* Made check all headers of the requested name.
* Added some more sanity checks to the configured identify matching
options when applying the configuration.

ASTERISK-27548

Change-Id: I27dfd4ff5e2259b906640e3c330681b76b4ed1f1

Change-Id: Ib3111b151d37cbda40768cf2a8a9c6cf6c5c7cbd

I have removed the STATIC_BUILD option immediately as it has not
been maintained in many years and is non-functional.

ASTERISK-27965

Change-Id: I64783d017b86dba9ee3c7bcfb97e59889a3f76d7

A new option 'suppress_q850_reason_headers' has been added to the
endpoint object. Some devices can't accept multiple Reason headers and
get confused when both 'SIP' and 'Q.850' Reason headers are received.
This option allows the 'Q.850' Reason header to be suppressed.
The default value is 'no'.

ASTERISK-27949
Reported-by: Ross Beer

Change-Id: I54cf37a827d77de2079256bb3de7e90fa5e1deb1

pjproject by default currently will follow media forked during an INVITE
on outbound calls if the To tag is different on a subsequent response as
that on an earlier response.  We handle this correctly.  There have
been reported cases where the To tag is the same but we still need to
follow the media.  The pjproject patch in this commit adds the
capability to sip_inv and also adds the capability to control it at
runtime.  The original "different tag" behavior was always controllable
at runtime but we never did anything with it and left it to default to
TRUE.

So, along with the pjproject patch, this commit adds options to both the
system and endpoint objects to control the two behaviors, and a small
logic change to session_inv_on_media_update in res_pjsip_session to
control the behavior at the endpoint level.

The default behavior for "different tags" remains the same at TRUE and
the default for "same tag" is FALSE.

Change-Id: I64d071942b79adb2f0a4e13137389b19404fe3d6
ASTERISK-27936
Reported-by: Ross Beer

Add predial handler support to app_queue.  app_dial (ASTERISK_19548) and
app_originate (ASTERISK_26587) have the ability to execute predial
handlers on caller and callee channels.  This patch adds predial handlers
to app_queue and uses the same options as Dial and Originate (b and B).
The caller routine gets executed when the caller first enters the queue.
The callee routine gets executed for each queue member when they are about
to be called.

ASTERISK-27912

Change-Id: I5acf5c32587ee008658d12e8a8049eb8fa4d0f24

ConfBridge can now send events to participants via in-dialog MESSAGEs.
All current Confbridge events are supported, such as ConfbridgeJoin,
ConfbridgeLeave, etc.  In addition to those events, a new event
ConfbridgeWelcome has been added that will send a list of all
current participants to a new participant.

For all but the ConfbridgeWelcome event, the JSON message contains
information about the bridge, such as its id and name, and information
about the channel that triggered the event such as channel name,
callerid info, mute status, and the MSID labels for their audio and
video tracks. You can use the labels to correlate callerid and mute
status to specific video elements in a webrtc client.

To control this behavior, the following options have been added to
confbridge.conf:

bridge_profile/enable_events:  This must be enabled on any bridge where
events are desired.

user_profile/send_events:  This must be set for a user profile to send
events.  Different user profiles connected to the same bridge can have
different settings.  This allows admins to get events but not normal
users for instance.

user_profile/echo_events:  In some cases, you might not want the user
triggering the event to get the event sent back to them.  To prevent it,
set this to false.

A change was also made to res_pjsip_sdp_rtp to save the generated msid
to the stream so it can be re-used.  This allows participant A's video
stream to appear as the same label to all other participants.

Change-Id: I26420aa9f101f0b2387dc9e2fd10733197f1318e

When an AMI client connects, it cannot determine if a user was talking
prior to a transition in the user speaking state (which would generate
a ConfbridgeTalking event). This patch causes app_confbridge to track the
talking state and make this state available via ConfBridgeList.

ASTERISK-27877 #close

Change-Id: I19b5284f34966c3fda94f5b99a7e40e6b89767c6

Analog phones dial overlap dialing and it is chan_dahdi's job to read the
numbers.  It has three timeout constants that this commit converts to
channel-level configuration options:

* firstdigit_timeout: Default time (ms) to detect first digit

* interdigit_timeout: Default time (ms) to detect following digits

* matchdigit_timeout: Default time (ms) to wait in case of ambiguous
match.  This happens when the dialed digits match a number in the current
context but are also the prefix of another number.

Change-Id: Ib728fa900a4f6ae56d1ed810aba61b6593fb7213

SendText now accepts new channel variables that can be used
to override the To and From display names and set the Content-Type
of a message.  Since you can now set Content-Type, other text/*
content types are now valid.

Change-Id: I648b4574478119f95de09d9f08e9595831b02830

Core bridging and, more specifically, bridge_softmix have been
enhanced to relay received frames of type TEXT or TEXT_DATA to all
participants in a softmix bridge.  res_pjsip_messaging and
chan_pjsip have been enhanced to take advantage of this so when
res_pjsip_messaging receives an in-dialog MESSAGE message from a
user in a conference call, it's relayed to all other participants
in the call.

res_pjsip_messaging already queues TEXT frames to the channel when
it receives an in-dialog MESSAGE from an endpoint and chan_pjsip
will send an MESSAGE when it gets a TEXT frame.  On a normal
point-to-point call, the frames are forwarded between the two
correctly.  bridge_softmix was not though so messages weren't
getting forwarded to conference bridge participants.  Even if they
were, the bridging code had no way to tell the participants who
sent the message so it would look like it came from the bridge
itself.

* The TEXT frame type doesn't allow storage of any meta data, such
as sender, on the frame so a new TEXT_DATA frame type was added that
uses the new ast_msg_data structure as its payload.  A channel
driver can queue a frame of that type when it receives a message
from outside.  A channel driver can use it for sending messages
by implementing the new send_text_data channel tech callback and
setting the new AST_CHAN_TP_SEND_TEXT_DATA flag in its tech
properties.  If set, the bridging/channel core will use it instead
of the original send_text callback and it will get the ast_msg_data
structure. Channel drivers aren't required to implement this.  Even
if a TEXT_DATA enabled driver uses it for incoming messages, an
outgoing channel driver that doesn't will still have it's send_text
callback called with only the message text just as before.

* res_pjsip_messaging now creates a TEXT_DATA frame for incoming
in-dialog messages and sets the "from" to the display name in the
"From" header, or if that's empty, the caller id name from the
channel.  This allows the chat client user to set a friendly name
for the chat.

* bridge_softmix now forwards TEXT and TEXT_DATA frames to all
participants (except the sender).

* A new function "ast_sendtext_data" was added to channel which
takes an ast_msg_data structure and calls a channel's
send_text_data callback, or if that's not defined, the original
send_text callback.

* bridge_channel now calls ast_sendtext_data for TEXT_DATA frame
types and ast_sendtext for TEXT frame types.

* chan_pjsip now uses the "from" name in the ast_msg_data structure
(if it exists) to set the "From" header display name on outgoing text
messages.

Change-Id: Idacf5900bfd5f22ab8cd235aa56dfad090d18489

This patch adds support to send in-dialog SIP NOTIFY commands on
chan_pjsip channels, similar to the functionality recently added
for chan_sip (ASTERISK_27461).

This extends res_pjsip_notify to allow for in-dialog messages.

ASTERISK-27697

Change-Id: If7f3151a6d633e414d5dc319d5efc1443c43dd29

Add an option to make app_originate not wait for the created channel
to answer.

Change-Id: I7fc2facd77079abc6321f44e8bcd4e39298de2ae
Requested-by: Frederic Steinfels <fst@highdefinition.ch>
Signed-off-by: Russell Bryant <russell@russellbryant.net>

If the two formats on a channel are equal, we don't transcode and since
the generic plc needs slin to work, it doesn't get invoked.

* A new configuration option "genericplc_on_equal_codecs" was added
  to the "plc" section of codecs.conf to allow generic packet loss
  concealment even if no transcoding was originally needed.
  Transcoding via SLIN is forced in this case.

ASTERISK-27743

Change-Id: I0577026a179dea34232e63123254b4e0508378f4

This allows asterisk to be compiled with MALLOC_DEBUG to load modules
built without MALLOC_DEBUG.  Now pre-compiled third-party modules will
still work regardless of MALLOC_DEBUG being enabled or not.

Change-Id: Ic07ad80b2c2df894db984cf27b16a69383ce0e10

The pool cache gets in the way of finding use after free errors of memory
pool contents.  Tools like valgrind and MALLOC_DEBUG don't know when a
pool is released because it gets put into the cache instead of being
freed.

* Added the "cache_pools" option to pjproject.conf.  Disabling the option
helps track down pool content mismanagement when using valgrind or
MALLOC_DEBUG.  The cache gets in the way of determining if the pool
contents are used after free and who freed it.

To disable the pool caching simply disable the cache_pools option in
pjproject.conf and restart Asterisk.

Sample pjproject.conf setting:
[startup]
cache_pools=no

* Made current users of the caching pool factory initialization and
destruction calls call common routines to create and destroy cached pools.

ASTERISK-27704

Change-Id: I64d5befbaeed2532f93aa027a51eb52347d2b828

Change-Id: Id52f719078a65c4b2eee7ab99d761eba6b6aed94

Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed.  This way the features will always
be available if res_pjsip is loaded.

ASTERISK-27618
Reported By: Sandro Gauci

Change-Id: I21a2d33d9dda001452ea040d350d7a075f9acf0d

* app_fax (replaced by res_fax).
* res_config_sqlite (replaced by res_config_sqlite3).
* res_monitor (replaced by app_mixmonitor).

This is related to ASTERISK~23657 but does not resolve that ticket.
Resolving that ticket would require complete removal of res_monitor.

ASTERISK-27671 #close

Change-Id: I16a3edd61fc1abd4a7b2e9357693ed663f62dd49

This removes the embedded copy of editline from the Asterisk source
tree, making a system copy of libedit mandatory in Asterisk 16+.

ASTERISK-27634 #close

Change-Id: Iedb64ad92acb78419f3caefedaa2bb7cd2a1a33f

* Made the AMI ConfbridgeList action's ConfbridgeList events output all
the standard channel snapshot headers instead of a few hand-coded channel
snapshot headers.  The benefit is that the CallerIDName gets disruptive
characters like CR, LF, Tab, and a few others escaped.  However, an empty
CallerIDName is now output as "<unknown>" instead of "<no name>".

ASTERISK-27651

Change-Id: Iaf7d54a9d40194c2db060bc9b4979fab6720d977

ASTERISK-27651

Change-Id: Idef2ca54d242d1b894efd3fc7b360bc6fd5bdc34

Verified nothing in the testsuite lists this module as a dependency.

Change-Id: I90c7d52c7e15e85fde3389d5eaccb05b97848813

In an earlier release, inbound registrations on a reliable transport
were pruned on Asterisk restart since the TCP connection would have
been torn down and become unusable when Asterisk stopped.  This same
process is now also applied to inbound subscriptions.

Also fixed issues in res_pjsip_registrar where it wasn't handling the
monitoring correctly when multiple registrations came in over the same
transport.

To accomplish this, the pjsip_transport_event feature needed to
be refactored to allow multiple monitors (multiple subcriptions or
registrations from the same endpoint) to exist on the same transport.
Since this changed the API, any external modules that may have used the
transport monitor feature (highly unlikey) will need to be changed.

ASTERISK-27612
Reported by: Ross Beer

Change-Id: Iee87cf4eb9b7b2b93d5739a72af52d6ca8fbbe36

ASTERISK-27581

Change-Id: If6af275764741a11030f0a4fd324fa29b376d74e

Each time the dial plan is reloaded, a lot of logs like these are generated:
"Added extension 'XXXXX' priority 1 to YYYYYYYYYYY"
This patch changes the log level for those logs.

ASTERISK-27084

Change-Id: I5662902161c50890997ddc56835d4cafb456c529

This patch adds the ability to configure a prompt which will be read
to the "winner" who pressed 1 (or the configured value) and received
the call.

ASTERISK-24372 #close

Change-Id: I6ec1c6c883347f7d1e1f597189544993c8d65272

The type=identify endpoint identification method can match by IP address
and by SIP header.  However, the SIP header matching has limited
usefulness because you cannot specify the SIP header matching priority
relative to the IP address matching.  All the matching happens at the same
priority and the order of evaluating the identify sections is
indeterminate.  e.g., If you had two type=identify sections where one
matches by IP address for endpoint alice and the other matches by SIP
header for endpoint bob then you couldn't predict which endpoint is
matched when a request comes in that matches both.

* Extract the SIP header matching criteria into its own "header" endpoint
identification method so the user can specify the relative priority of the
SIP header and the IP address matching criteria in the global
endpoint_identifier_order option.  The "ip" endpoint identification method
now only matches by IP address.

ASTERISK-27491

Change-Id: I9df142a575b7e1e3471b7cda5d3ea156cef08095

There has been an open issue against cdr_syslog (ASTERISK~14441) about
a race condition for 7.5 years that has never been addressed. Because
this module is effectively unmaintained and currently broken, there is
no sense in keeping it around.

If logging CDRs to syslog is a desirable feature, it would probably be
better to write the logs directly to the syslog server via socket
instead of using the facilities provided by openlog/syslog/closelog.
Doing so would address the race condition referenced in the associated
issue.

Change-Id: Ic77b94cd97f355a9cf5b1d3f3444964a6e0ba5dc

Add an AMI action which provides information on all
configured Auths.

ASTERISK-27547

Change-Id: I1a88a75b38a2b1dd9d1de6c0307b20a3f584c817

Add an AMI action which provides information on all
configured AORs.

ASTERISK-27537

Change-Id: If8b990a00909e5b6c0f04a3b8dccd9903dc445eb

This patch adds the ability to set the wrapuptime on the queue member
config.

When the option is set the wrapuptime on the queue member is used instead
of the queue's wrapuptime.

ASTERISK-27483 #close

Change-Id: I11c85809537f974eb44dc5bbf82bcedd8a458902

Log a message to security events when an INVITE is received to an
invalid extension.

ASTERISK-25869 #close

Change-Id: I0da40cd7c2206c825c2f0d4e172275df331fcc8f

A couple of places were setting the status to "UNKNOWN" when qualifies were
being disabled. Instead this should be set to the "CREATED" status that
represents when a contact is given (uri available), but the qualify frequency
is set to zero so we don't know the status.

This patch updates the relevant places with "CREATED". It also updates the
"CREATED" status description (value shown in CLI/AMI/ARI output) to a value
of "NonQualified"/"NonQual" as this description is hopefully less confusing.

ASTERISK-27467

Change-Id: Id67509d25df92a72eb3683720ad2a95a27b50c89

The media frame cache gets in the way of finding use after free errors of
media frames.  Tools like valgrind and MALLOC_DEBUG don't know when a
frame is released because it gets put into the cache instead of being
freed.

* Added the "cache_media_frames" option to asterisk.conf.  Disabling the
option helps track down media frame mismanagement when using valgrind or
MALLOC_DEBUG.  The cache gets in the way of determining if the frame is
used after free and who freed it.  NOTE: This option has no effect when
Asterisk is compiled with the LOW_MEMORY compile time option enabled
because the cache code does not exist.

To disable the media frame cache simply disable the cache_media_frames
option in asterisk.conf and restart Asterisk.

Sample asterisk.conf setting:
[options]
cache_media_frames=no

ASTERISK-27413

Change-Id: I0ab2ce0f4547cccf2eb214901835c2d951b78c00

This mimics the behavior of Chrome and Firefox and creates an ephemeral
X.509 certificate for each DTLS session.

Currently, the only supported key type is ECDSA because of its faster
generation time, but other key types can be added in the future as
necessary.

ASTERISK-27395

Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4