Rightly the use of wildcards in certificates is disallowed in accordance
with RFC5922. However, RFC2818 does make some allowances with regards to
their use when using subject alt names with DNS name types.

As such this patch creates a new setting for TLS transports called
'allow_wildcard_certs', which when it and 'verify_server' are both enabled
allows DNS name types, as well as the common name that start with '*.'
to match as a wildcard.

For instance: *.example.com
will match for: foo.example.com

Partial matching is not allowed, e.g. f*.example.com, foo.*.com, etc...
And the starting wildcard only matches for a single level.

For instance: *.example.com
will NOT match for: foo.bar.example.com

The new setting is disabled by default.

ASTERISK-30072 #close

Change-Id: If0be3fdab2e09c2a66bb54824fca406ebaac3da4

Finding an application and executing it if found is
a common task throughout Asterisk. This adds a helper
function around pbx_exec to do this, to eliminate
redundant code and make it easier for modules to
substitute variables and execute applications by name.

ASTERISK-30061 #close

Change-Id: Ifee4d2825df7545fb515d763d393065675140c84

More information:
https://github.com/pjsip/pjproject/releases/tag/2.12.1

Pull request to third-party
https://github.com/asterisk/third-party/pull/11

ASTERISK-30050

Change-Id: Icb4e86d4b85ef9b975355c91f3ed56a50b51c6bd

A previous review fixing ASTERISK_22246 and ASTERISK_26582
got a couple of the options mixed up as to whether or not
they are compatible with the remote console. This fixes
those to the best of my knowledge.

ASTERISK-30097 #close

Change-Id: Id54166991aa79f04fb02699cc499bedda854253b

The 'transport_binary' test sporadically fails, but on a theory that the
problem is caused by a previously executed test, transport_connect_fail,
part of that test has been disabled until a solution is found.

ASTERISK_30099

Change-Id: I48ed74d696aa9b6159f59661f3d535cac4c909e1

Three-way calling for analog lines is currently broken.
If party A is on a call with party B and initiates a
three-way call to party C, the behavior differs depending
on whether the call is conferenced prior to party C
answering. The post-answer case is correct. However,
if A flashes before C answers, then the next flash
disconnects B rather than C, which is incorrect.

This error occurs because the subs are not swapped
in the misbehaving case. This is because the flash
handler only swaps the subs if C has answered already,
which is wrong. To fix this, we swap the subs regardless
of whether C has answered or not when the call is
conferenced. This ensures that C is disconnected
on the next hook flash, rather than B as can happen
currently.

ASTERISK-30043 #close

Change-Id: I96c5bf6c9b7eb2636136b716c677c82c079b6f06

Adds an option to VoiceMailMain that prevents the user
from deleting messages during that application invocation.
This can be useful for public or shared mailboxes, where
some users should be able to listen to messages but not
delete them.

ASTERISK-30063 #close

Change-Id: Icdfb8423ae8d1fce65a056b603eb84a672e80a26

An m option to Park and ParkAndAnnounce now allows
specifying a music on hold class override.

ASTERISK-30087

Change-Id: I03de8d97b100e451b2611b5a621d48750f5d6a9e

Use example tags instead of regular para tags
where possible.

ASTERISK-30090

Change-Id: Iada8bbfda08f30b118cedf2d040bbb21e4966ec5

Currently, PJSIP will randomly wait up to 10 seconds for each
outbound registration's initial attempt. The reason for this
is to avoid having all outbound registrations attempt to register
simultaneously.

This can create limitations with the test suite where we need to
be able to receive inbound calls potentially within 10 seconds of
starting up. For instance, we might register to another server
and then try to receive a call through the registration, but if
the registration hasn't happened yet, this will fail, and hence
this inconsistent behavior can cause tests to fail. Ultimately,
this requires a smaller random value because there may be no good
reason to wait for up to 10 seconds in these circumstances.

To address this, a new config option is introduced which makes this
maximum delay configurable. This allows, for instance, this to be
set to a very small value in test systems to ensure that registrations
happen immediately without an unnecessary delay, and can be used more
generally to control how "tight" the initial outbound registrations
are.

ASTERISK-29965 #close

Change-Id: Iab989a8e94323e645f3a21cbb6082287c7b2f3fd

When a pjsip endpoint is defined with timers=always, this has been a
functional noop.  This patch correctly sets the feature bitmap to both
enable support for session timers and to enable them even when the
endpoint itself does not request or support timers.

ASTERISK-29603
Reported-By: Ray Crumrine

Change-Id: I8b5eeaa9ec7f50cc6d96dd34c2b4aa9c53fb5440

If there is scheduled notification, we must delete it
to avoid using destroyed subscriptions.

ASTERISK-29906

Change-Id: I1c644e5e15a8fe43eed8e4f9112f113cbf87a40f

ASTERISK-29891

Change-Id: Ic8c9697e616446e06e6302653eae902aa23372ad

In function ast_say_date_with_format_de(), take special
care when the hour is one o'clock. In this case, the
German number "eins" must be inflected to its neutrum form,
"ein". This is achieved by playing "digits/1N" instead of
"digits/1". Fixes both 12- and 24-hour formats.

ASTERISK-30092

Change-Id: Ica9b80125c0b317e378d89c1ea786816e2635510

If a switch is invoked using chan_iax2, deadlock can result
because the PBX core is autoservicing the channel while chan_iax2
also then attempts to service it while waiting for the result
of the switch. This removes servicing of the channel to prevent
any conflicts.

ASTERISK-30064 #close

Change-Id: Ie92f206d32f9a36924af734ddde652b21106af22

If tab completion using ast_module_helper is attempted
during startup, deadlock will ensue because the CLI
will attempt to lock the module list while it is already
locked by the loader. This causes deadlock because when
the loader tries to acquire the CLI lock, they are blocked
on each other.

Waiting for startup to complete is not feasible because
the CLI lock is acquired while waiting, so deadlock will
ensure regardless of whether or not a lock on the module
list is attempted.

To prevent deadlock, we immediately abort if tab completion
is attempted on the module list before Asterisk is fully
booted.

ASTERISK-30039 #close

Change-Id: Idd468906c512bb196631e366a8f597a0e2e9271d

res_calendar will trigger an assertion currently
if the ending time is calculated to be in the past.
Unlike the reminder and start times, however, there
is currently no check to catch non-positive times
and set them to 1. As a result, if we get a negative
value by happenstance, this can cause a crash.

To prevent the assertion from begin triggered, we now
use the same logic as the reminder and start events
to catch this issue before it can cause a problem.

ASTERISK-29981 #close

Change-Id: Idfb3204d195f350d2575fb4bc72a54a597d6e93c

Emits a warning if the user has requested a parking spot that
is out of bounds for the requested parking lot.

ASTERISK-30086

Change-Id: I1080371e4f63e94724455003753014fbd3f95fbf

When a PJSIP channel is set on hold or off hold, all streams were set
on/off hold. This is not the desired behaviour and caused issues
when there were multiple streams in the topology.

Now, only the default audio stream is set on/off hold when a hold is
indicated.

ASTERISK-30051

Change-Id: I04f1110565fd05fea565f5539b534b54549d4f71

The change "Add LOCAL/REMOTE tags in dialog-info+xml" set both "local"
Identity Element URI and Target Element URI to the same value -
the channel Caller Number.
For Identity Element it's ok to set as Caller ID.
But Local Target URI should be set as local URI.

In this case the Local Target URI can be used for Directed Call Pickup
by Polycom ip-phones (parameter useLocalTargetUriforLegacyPickup).

Also XML sanitized Display names.

ASTERISK-24601

Change-Id: If130a2f2f3b2339b14dca0ec0ebeea3a87b34343

Agi commnad exec can now evaluate dialplan functions and
variables if variable AGIEXECFULL is set to yes. this can
be useful when executing Playback or Read from agi.

ASTERISK-30058 #close

Change-Id: I669991f540496e7bddd096fec82b52c083036832

Make sure that we have a working sed before trying to use it.

ASTERISK-30059 #close

Change-Id: I9abad67a5df11b665d480feec304ab9d6f55cc76

This change exposes the channel driver's unique id (i.e. the Call-ID
for chan_sip/chan_pjsip based channels) to ARI channel resources
as `protocol_id`.

ASTERISK-30027
Reported by: Moritz Fain
Tested by: Moritz Fain

Change-Id: I7cc6e7a9d29efe74bc27811d788dac20fe559b87

ASTERISK-30060 #close

Change-Id: I88d47a1488be2f39017b8d562f993f081844fcb8

As part of PJSIP 2.11 a behavior change was done to require
a matching remote hostname on an established transport for
secure transports. Since the Websocket transport is considered
a secure transport this caused the existing connection to not
be found and used.

We now set the remote hostname and the transport can be found.

ASTERISK-30065

Change-Id: Ia1cdef33e1411f927985b4b852c95e163c080e94

This is needed to be able to restore it in REGISTER responses,
otherwise the client won't be able to find the contact it created.

ASTERISK-30042

Change-Id: I0c5823918199acf09246b3b206fbde66773688f6

Adjusts the pjsip show registration(s) commands to show
the amount of seconds remaining until a registration
expires.

ASTERISK-29845 #close

Change-Id: Ic4fea15a1a1056c424416def49d1ca8e776c0483

Adds the CONFBRIDGE_CHANNELS function which can be used
to retrieve a comma-separated list of channels, filtered
by a particular type of participant category. This output
can then be used with functions like UNSHIFT, SHIFT, POP,
etc.

ASTERISK-30036 #close

Change-Id: I1950aff932437476dc1abab6f47fb4ac90520b83

Currently, the operator services mode in DAHDI is broken and unusable.
The actual operator recall functionality works properly; however,
when the operator hangs up (which is the only way that such a call
is allowed to end), both lines are permanently taken out of service
until "dahdi restart" is run. This prevents this feature from being
used.

Operator mode is one of the few factors that can cause the general
analog event handling in sig_analog not to be used. Several years
back, much of the analog handling was moved from chan_dahdi to
sig_analog. However, this was not done fully or consistently at
the time, and when operator mode is active, sig_analog does not
get used. Generally this is correct, but in the case of hangup
it should be using sig_analog regardless of the operator mode;
otherwise, the lines do not properly clear and they become unusable.

This bug is fixed so the operator can now hang up and properly
release the call. It is treated just like any other hangup. The
operator mode functionality continues to work as it did before.

ASTERISK-29993 #close

Change-Id: Ib2e3ddb40d9c71e8801e0b4bb0a12e2b52f51d24

Most issues were in stringfields and had to do with comparing
a pointer to an constant/interned string with NULL.  Since the
string was a constant, a pointer to it could never be NULL so
the comparison was always "true".  gcc now complains about that.

There were also a few issues where determining if there was
enough space for a memcpy or s(n)printf which were fixed
by defining some of the involved variables as "volatile".

There were also a few other miscellaneous fixes.

ASTERISK-30044

Change-Id: Ia081ca1bcfb329df6487c4660aaf1944309eb570

GCC 12 caught an issue in state_id_by_topic where we were
checking a pointer for NULL instead of the contents of
the pointer for '\0'.

ASTERISK-30044

Change-Id: Ia0b04d4fff45c92acb7f07132a33622fa341148e

When a new unreal (local) channel is created, a second (;2) channel is
created as a counterpart which clones the topology of the first
channel. This creates issues when an outgoing stream is sendonly or
recvonly as the stream state of the inbound channel will be the same
as the stream state of the outbound channel.

Now the stream state is flipped for the streams of the 2nd channel in
ast_unreal_new_channels if the outgoing stream topology is recvonly or
sendonly.

ASTERISK-29655
Reported by: Michael Auracher

ASTERISK-29638
Reported by: Michael Auracher

Change-Id: I0cea29635bb20b7bf7fd0fb95498cd44dab98fbf

Documents the Dial syntax for DAHDI, namely the channel group,
distinctive ring, answer confirmation, and digital call options
that are specified in the resource itself.

ASTERISK-24827 #close

Change-Id: Ib95e78497fb00dc5cbfde1c93a69f034bfd08c30

For lines that have mailboxes configured on them, with
FSK MWI, DAHDI will periodically try to dispatch FSK
to update MWI. However, this is never supposed to be
done when a channel is not idle.

There is currently an edge case where MWI FSK can
extraneously get spooled for the channel if a caller
hook flashes and hangs up, which triggers a recall ring.
After one ring, the on hook time threshold in this if
condition has been satisfied and an MWI update is spooled.
This means that when the phone is picked up again, the
answerer gets an FSK spill before being reconnected to
the party on hold.

To prevent this, we now explicitly check to ensure that
subchannel 0 has no owner. There is no owner when DAHDI
channels are idle, but if the channel is "in use" in some
way (such as in the aforementioned scenario), then there
is an owner, and we shouldn't process MWI at this time.

ASTERISK-28518 #close

Change-Id: Ia3904434fd81688d71742f7e84358b7e1c38e92a

Added the hear_own_join_sound option to the confbridge user profile to
control who hears the sound_join audio file. When set to 'yes' the user
entering the conference and the participants already in the conference
will hear the sound_join audio file. When set to 'no' the user entering
the conference will not hear the sound_join audio file, but the
participants already in the conference will hear the sound_join audio
file.

ASTERISK-29931
Added by Michael Cargile

Change-Id: I856bd66dc0dfa057323860a6418c1371d249abd2

Currently, if any custom ring cadences are specified, they are
appended to the array of cadences from wherever we left off
last time. This works properly the first time, but on subsequent
dahdi restarts, it means that the existing cadences are left
alone and (most likely) the same cadences are then re-added
afterwards. In short order, the cadence array gets maxed out
and the user begins seeing warnings that the array is full
and no more cadences may be added.

This buggy behavior persists until Asterisk is completely
restarted; however, if and when dahdi restart is run again,
then the same problem is reintroduced.

This fixes this behavior so that cadence parsing is more
idempotent, that is so running dahdi restart multiple times
starts adding cadences from the beginning, rather than from
wherever the last cadence was added.

As before, it is still not possible to revert to the default
cadences by simply removing all cadences in this manner, nor
is it possible to delete existing cadences. However, this
does make it possible to update existing cadences, which
was not possible before, and also ensures that the cadences
remain unchanged if the config remains unchanged.

ASTERISK-29990 #close

Change-Id: Ie32ea3e8a243b766756b1afce684d4a31ee7421d

Currently, if attempting to place a call to a peer that only allows
RSA authentication, if we fail to provide an outkey when placing
the call, Asterisk will crash.

This exposes the broader issue that IAX2 is prone to causing a crash
if encryption or decryption is attempted but we never initialized
the encryption and decryption keys. In other words, if the logic
to use encryption in chan_iax2 is not perfectly aligned with the
decision to build keys in the first place, then a crash is not
only possible but probable. This was demonstrated by ASTERISK_29264,
for instance.

This permanently prevents such events from causing a crash by explicitly
checking that keys are initialized properly before setting the flags
to use encryption for the call. Instead of crashing, the call will
now abort.

ASTERISK-30007 #close

Change-Id: If925c3d86099ceac7f621804f2532baac5050c9a

A bug in menuselect can cause modules that are disabled
by default to be recompiled every time a recompilation
occurs. This occurs for module categories that are NOT
positive output, as for these categories, the modules
contained in the makeopts file indicate modules which
should NOT be selected. The existing procedure of iterating
through these modules to mark modules as present is thus
insufficient. This has led to modules with a default_enabled
tag of "no" to get deleted and recompiled every time, even
when they haven't changed.

To fix this, we now modify the mark as present behavior
for module categories that are not positive output. For
these, we start by iterating through the module tree
and marking all modules as present, then go back and
mark anything contained in the makeopts file as not
present. This ensures that makeopt selections are actually
used properly, regardless of whether a module category
uses positive output or not.

ASTERISK-29728 #close

Change-Id: Idf2974c4ed8d0ba3738a92f08a6082b234277b95

The admin_exec function in app_meetme is used by the SLA
applications for internal bridging. However, in these cases,
chan is NULL. Currently, this function will set some status
variables that are intended for a channel, but since channel
is NULL, this is erroneously creating meaningless global
variables, which shouldn't be happening. This sets these
variables only if chan is not NULL.

ASTERISK-30002 #close

Change-Id: I817df6c26f5bda131678e56791b0b61ba64fc6f7

Some command line options to Asterisk only apply when Asterisk
is started and cannot be used with remote console mode. If a
user tries to use any of these, they are currently simply
silently ignored.

This prints out a warning if incompatible options are used,
informing users that an option used cannot be used with remote
console mode. Additionally, some clarifications are added to
the help text and man page.

ASTERISK-22246
ASTERISK-26582

Change-Id: I980a5380ef2c19e8ea348596396d5382893c4337