Change-Id: I54b48c24d7ca88ed80496fdfd142d08772a7ab98

* changes:
  app_confbridge: Add ability to get the muted conference state.
  app_confbridge.c: Update CONFBRIDGE and CONFBRIDGE_INFO documentation.
  app_confbridge: Make non-admin users join a muted conference muted.

The SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 defines did not exist prior
to OpenSSL version 1.0.1. A recent commit attempts to, by default, set
these options, which can cause problems on systems with older OpenSSL
installations.

This commit adds a configure script check for those defines and will not
attempt to make use of those if they do not exist. We will print a
warning urging the user to upgrade their OpenSSL installation if those
defines are not present.

Change-Id: I6a2eb9a43fd0738b404d8f6f2cf4b5c22d9d752d

ps_systems needed disable_tcp_switch
ps_registrations needed line and endpoint

ASTERISK-25737 #close

Change-Id: Iaf9c2d69e62243d9fa53104c28c5339c47d4ac19

Device state subscription lifetimes were governed by when the
subscription was established and unsubscribed from. However, it is
possible that at the time of unsubscription, there could be device state
events still in flight. When those device state events occur, the device
state callback could attempt to dereference a freed pointer. Crash.

This change ensures that the lifetime of the device state subscription
does not end until the underlying stasis subscription has confirmed that
its final message has been sent.

Change-Id: I25a0f1472894c1a562252fb7129671478e25e9b2

During ICE negotiation the IPs of the local interfaces are sent to the remote
peer as host candidates. In many cases Asterisk is behind a static one-to-one
NAT, so these host addresses will be internal IP addresses.

To help in hiding the topology of the internal network, this patch adds the
ability to override the host candidates by matching them against a
user-defined list of replacements.

Change-Id: I1c9541af97b83a4c690c8150d19bf7202c8bff1f

This change exposes the configuration of various aspects of the TLS
support and sets the default to the modern standards.

The TLS cipher is now set to the best values according to the
Mozilla OpSec team, different TLS versions can now be disabled, and
the cipher order can be forced to be that of the server instead of
the client.

ASTERISK-24972 #close

Change-Id: I0a10f2883f7559af5e48dee0901251dbf30d45b8

Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.

ASTERISK-25603 #close
Reported by: Walter Doekes

ASTERISK-25742 #close
Reported by: Torrey Searle

Change-Id: I97df8375041be986f3f266ac1946a538023a5255

Setting the sip.conf timert1 value to a value higher than 1245 can cause
an integer overflow and result in large retransmit timeout times.  These
large timeout times hold system file descriptors hostage and can cause the
system to run out of file descriptors.

NOTE: The default sip.conf timert1 value is 500 which does not expose the
vulnerability.

* The overflow is now detected and the previous timeout time is
calculated.

ASTERISK-25397 #close
Reported by: Alexander Traud

Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290

test_dlinklists doesn't need to NOTICE everyone that every macro worked.

res_phoneprov doesn't need to VERBOSE everyone that a phoneprov extension or
provider was registered.

res_odbc was missing a newline at the end of one message.

Change-Id: I6c06361518ef3711821795e535acd439782a995e

A regression was introduced where searching for realtime PJSIP objects
by regex by starting the regex with a leading "^" would cause no items
to be returned.

This was due to a change which attempted to drop the requirement for a
leading "^" to be present due to how some CLI commands formulate their
regexes. However, the change, rather than simply eliminating the
requirement, caused any regexes that did begin with "^" to end up not
returning the expected results.

This change fixes the problem by inspecting the regex and formulating
the realtime query differently depending on if it begins with "^".

ASTERISK-25702 #close
Reported by Nic Colledge

Patches:
    realtime_retrieve_regex.patch submitted by Alexei Gradinari License #5691

Change-Id: I055df608a6e6a10732044fa737a9fe8dca602693

The module res_xmpp does not accept usernames in the form used in component
mode (XEP-0114). In component mode there is no @something in the name.
In component mode the connection is now not dropped anymore.

If the xmpp server sends out a "stream" tag before handshake is finished,
the connection gets dropped in res_xmpp. Now this tag will be ignored and
the connection will be established.

After connecting there will be an exchange of presence states. This does
not work as expected in component mode. The responsible function
"xmpp_pak_presence" is left before the states get sent out. Sending
presence states in component mode is now moved to the top of the function.

ASTERISK-25735 #close

Change-Id: I70e036f931c3124ebb2ad1e56f93ed35cfdd9d5c

Fix some warnings found with clang.

Change-Id: I5195b6189b148c2ee3ed4a19d015a6d4ef3e77bd

A recent commit set qualify_timeout to Decimal which isn't supported.
This path corrects it to Float.

Change-Id: I038f5274ba8cb60f8518a5845ce448d49306aadf

When I ask asterisk to send a SIP NOTIFY message to a sip peer using either a)
AMI action: SIPnotify or b) cli command: sip notify <cmd> <peer>, I expect
asterisk to include the same value for its own ip in both cases a) and b),
but it seems a) produces a contact header like Contact:
<sip:asterisk@192.168.1.227:8060> whereas b) produces a contact header like
<sip:asterisk@127.0.0.1:8060>. 0.0.0.0:8060 is my udpbindaddr in sip.conf

My guess is that manager_sipnotify should call
ast_sip_ouraddrfor(&p->sa, &p->ourip, p) the same way sip_cli_notify does,
because after applying this patch, both cases a) and b) produce
the contact header that I expect: <sip:asterisk@192.168.1.227:8060>

Reported by: Stefan Engström
Tested by: Stefan Engström

Change-Id: I86af5e209db64aab82c25417de6c768fb645f476

Change-Id: I915ea437936320393afde0e7552cf0a980a6b2e4

Change-Id: Ida5594e9f8d7c1fc18eeb733a11f8fb96326da51

* Added CONFBRIDGE_INFO(muted,) for querying the muted conference state.

* Added Muted header to AMI ConfbridgeListRooms action response list
events to indicate the muted conference state.

* Added Muted column to CLI "confbridge list" output to indicate the muted
conference state and made the locked column a yes/no value instead of a
locked/unlocked value.

ASTERISK-20987
Reported by: hristo

Change-Id: I4076bd8ea1c23a3afd4f5833e9291b49a0c448b1

Change-Id: Ic1f9e22ba1f2ff3b3f5cb017c5ddcd9bd48eccc7

ASTERISK-20987 #close
Reported by: hristo

Change-Id: Ic61a2b524ab3a4cfadf227fc6b3506527bc03f38

Since res_pjsip now depends on res_pjproject, this has been added to
basic-pbx modules.conf.

Change-Id: I42826597d5e10f08e518208860c44c96e52f1b2d

The Makefile only optionally includes makeopts so when goals like uninstall that
dont depend on anything else are run after a distclean, rules like
'rm -f "$(DESTDIR)$(ASTMODDIR)/"*' get run as 'rm -f ""/*' which attempts
to remove everything in the root directory.

Although there's a rule defined for makeopts which prints a message and does
an 'exit 1', since '-include makepopts' was specified (with the -), the exit
was ignored letting the rest of the rules run.

This patch makes makeopts required unless the goal has the string 'clean' in it.

ASTERISK-25730 #close
Reported-by: George Joseph

Change-Id: I1bce59a7ea4f48e7a468e22b2abbb13c63417ac7