Package: asterisk / 1:13.14.1~dfsg-2+deb9u4

Metadata

Package Version Patches format
asterisk 1:13.14.1~dfsg-2+deb9u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
hack multiple app voicemail | (download)

Makefile.moddir_rules | 2 1 + 1 - 0 !
apps/Makefile | 21 21 + 0 - 0 !
2 files changed, 22 insertions(+), 1 deletion(-)

 build multiple versions of app_voicemail.so
 This is a very ugly hack on upstream's Makefiles to allow building
 multiple variants of app_voicemail. Three variants are created:
  * app_voicemail.so: plain old filesystem storage that doesn't break
    existing setups
  * app_voicemail_imapstorage.so: IMAP storage
  * app_voicemail_odbcstorage.so: ODBC storage
 All these conflict with each other and Asterisk will refuse to load
 them concurrently. They are thus included in three separate and
 complicting packages.
 .
 Patch suggested to upstream but rejected for being "hackish". Though
 upstream RPM packages include packages that are only somewhat cleaner.
astgenkey security | (download)

contrib/scripts/astgenkey | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 astgenkey should generate a private key that is not world-readable
 Upstream has not accepted this patch and chose intead to document this
 as a known minor issue.
sound_files | (download)

sounds/sounds.xml | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

 avoid downloading extra sound files
 Asterisk configures several sound files to be installed that are not
 included in the distribution tarball. Those files are downloaded by the
 'install' target.
 .
 The exact files to be downloaded is configurable. Here we change the
 default to avoid downloading any. We believe those should be part of a
 separate source package (as they rarely change, and have their own
 versioning).
mpglib | (download)

addons/mp3/MPGLIB_README | 39 39 + 0 - 0 !
addons/mp3/MPGLIB_TODO | 2 2 + 0 - 0 !
addons/mp3/Makefile | 24 24 + 0 - 0 !
addons/mp3/README | 1 1 + 0 - 0 !
addons/mp3/common.c | 267 267 + 0 - 0 !
addons/mp3/dct64_i386.c | 335 335 + 0 - 0 !
addons/mp3/decode_i386.c | 153 153 + 0 - 0 !
addons/mp3/decode_ntom.c | 219 219 + 0 - 0 !
addons/mp3/huffman.h | 332 332 + 0 - 0 !
addons/mp3/interface.c | 323 323 + 0 - 0 !
addons/mp3/layer3.c | 2029 2029 + 0 - 0 !
addons/mp3/mpg123.h | 132 132 + 0 - 0 !
addons/mp3/mpglib.h | 75 75 + 0 - 0 !
addons/mp3/tabinit.c | 81 81 + 0 - 0 !
14 files changed, 4012 insertions(+)

 mpglib code originally in asterisk-addons
 The package asterisk-addons originally included mpglib. After the merge
 with asterisk, that code is no longer included and needs to be fetched
 (contrib/scripts/get_mpg_source.sh). This patch includes that fetched
 source (rev. 180).
 .
 TODO: get rid of this code and use libmpg123 or whatever.
enable_addons | (download)

addons/app_mysql.c | 1 0 + 1 - 0 !
addons/cdr_mysql.c | 1 0 + 1 - 0 !
addons/chan_mobile.c | 1 0 + 1 - 0 !
addons/chan_ooh323.c | 1 0 + 1 - 0 !
addons/format_mp3.c | 1 0 + 1 - 0 !
addons/res_config_mysql.c | 1 0 + 1 - 0 !
6 files changed, 6 deletions(-)

 enable modules formly from asterisk-addons
 The modules under addons/ are originally from the separate
 asterisk-addons package. As of asterisk 1.8 they are included in the
 main Asterisk distribution but not enabled by default. this patch
 enables them, as it seems valid in Debian.
 .
 format_mp3.c is not enabled, yet, though: the complete source is not
 included. See contrib/scripts/get_mp3_source.sh in the source tree.
no_uname | (download)

bootstrap.sh | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 remove the special case for bsd in the bootstrap script.
 This is a simple brute-force patch until I figure out why that specific
 version of autoconf is needed on BSD.
ilbc_disable | (download)

codecs/Makefile | 1 0 + 1 - 0 !
codecs/codec_ilbc.c | 1 1 + 0 - 0 !
2 files changed, 1 insertion(+), 1 deletion(-)

 disable building codec_ilbc
 As we have to strip the ilbc code from asterisk, we need to disable
 building codec_ilbc and cleaning the ilbc/ directory.
 .
 Patch needs to be cleaned-up to be uploaded upstream.
 .
 FIXME: module now seems to potentially use libilbc. If it can be
 packaged into Debian, no reason to remove it.
astdatadir | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 place asterisk read-only data files under /usr/share
 On Debian read-only resources belong under /usr. The space taken from
 the writable /var should be minimized.
 .
 Upstream prefers defaults to have those files under /var/lib, though
 supports a separate datadir.
reenable | (download)

channels/chan_mgcp.c | 1 0 + 1 - 0 !
channels/chan_vpb.cc | 1 0 + 1 - 0 !
2 files changed, 2 deletions(-)

 reenable some drivers
no_native_arch.patch | (download)

build_tools/cflags.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable building asterisk with -march=native
Bug-Debian: https://bugs.debian.org/842917
smsq_enable.patch | (download)

utils/utils.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 enable the smsq application.
aelparse_enable.patch | (download)

utils/utils.xml | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 enable the aelparse application.
systemd.patch | (download)

Makefile | 2 2 + 0 - 0 !
contrib/asterisk.service | 49 49 + 0 - 0 !
contrib/scripts/asterisk_cleanup | 18 18 + 0 - 0 !
contrib/scripts/live_ast | 38 38 + 0 - 0 !
4 files changed, 107 insertions(+)

 a systemd service
 Do away with safe_asterisk. But try very hard to let live_ast work with
 it.
amr.patch | (download)

build_tools/menuselect-deps.in | 3 3 + 0 - 0 !
codecs/codec_amr.c | 405 405 + 0 - 0 !
codecs/ex_amr.h | 49 49 + 0 - 0 !
configure.ac | 7 7 + 0 - 0 !
include/asterisk/amr.h | 19 19 + 0 - 0 !
include/asterisk/format_cache.h | 10 10 + 0 - 0 !
main/codec_builtin.c | 50 50 + 0 - 0 !
main/format_cache.c | 16 16 + 0 - 0 !
main/rtp_engine.c | 6 6 + 0 - 0 !
makeopts.in | 7 7 + 0 - 0 !
res/res_format_attr_amr.c | 488 488 + 0 - 0 !
11 files changed, 1060 insertions(+)

 add amr and amr-wb codec modules supporting transcoding
 To add a codec for SIP/SDP (m=, rtmap, and ftmp), you create a format
 module in Asterisk: `codec_amr.patch` (for m= and rtmap) and
 `res/res_format_attr_amr.c` (for fmtp). However, this requires both
 call legs to support AMR (pass-through only). If one leg does not
 support AMR, the call has no audio. Or, if you use the pre-recorded
 voice and music files of Asterisk, these files cannot be heard, because
 they are not in AMR but in slin. Therefore, this repository adds not
 just a format module for the audio-codecs AMR and AMR-WB but a
 transcoding module as well: `codecs/codec_amr.c`.
 .
 This is an implementation of IETF
 [RFC 4867](http://tools.ietf.org/html/rfc4867). Sometimes, AMR is
 called AMR Narrowband (AMR-NB). AMR Wideband (ITU-T Recommendation
 G.722.2) is sometimes abbreviated W-AMR
 ([GSA](http://www.gsacom.com/hdvoice/)). GSMA Mobile
 [HD Voice](https://www.youtube.com/playlist?&list=PLj1MyDu3jckpSciPQ1Max0W6HDSaY8-n4)
 is AMR-WB. Research papers comparing AMR and AMR-WB with other audio
 codecs:
 [InterSpeech 2010](http://research.nokia.com/files/public/%5B12%5D_Interspeech%202010_Voice%20Quality%20Evaluation%20of%20Recent%20Open%20Source%20Codecs.pdf),
 [ICASSP 2010](http://research.nokia.com/files/public/%5B11%5D_ICASSP2010_Voice%20Quality%20Evaluation%20of%20Various%20Codecs.pdf),
 [InterSpeech 2011](http://research.nokia.com/files/public/%5B16%5D_InterSpeech2011_Voice_Quality_Characterization_of_IETF_Opus_Codec.pdf).
 Further
 [examples…](http://www.voiceage.com/Audio-Samples-Listening-Room.html)
ffmpeg detection.patch | (download)

configure.ac | 15 13 + 2 - 0 !
1 file changed, 13 insertions(+), 2 deletions(-)

 modernize autotools ffmpeg linking
 FFmpeg is a _family_ of libraries sharing an optional base subdir. That
 is not properly reflected in the autoconf detection logic, and makes it
 impossible to handle alternate location - e.g. when using Libav.
 .
 This patch queries pkg-config, used with recent FFmpeg, for files
 "libavcodec" and "libswscale", the family members currently used.
ffmpeg includes.patch | (download)

channels/console_video.h | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 include subdirs (not main dir) for ffmpeg paths
 Fix include FFmpeg headers from below /usr/include/ffmpeg/<libname>
 (this change requires -I/usr/include/ffmpeg).
radcli detection.patch | (download)

cdr/cdr_radius.c | 6 1 + 5 - 0 !
cel/cel_radius.c | 6 1 + 5 - 0 !
configure.ac | 10 9 + 1 - 0 !
3 files changed, 11 insertions(+), 11 deletions(-)

 add support for building raduis with radcli

Radcli is yet another RADIUS client library, generally compatible with
freeradius and radiusclient-ng.

This commit adds autoconf option for detecting it as well and changes
cdr_radius and cel_radius to use its header file in that case.

ASTERISK-26540 #close

OpenSSL 1.1.0 support.patch | (download)

main/libasteriskssl.c | 4 2 + 2 - 0 !
main/tcptls.c | 10 5 + 5 - 0 !
2 files changed, 7 insertions(+), 7 deletions(-)

 [patch] openssl 1.1 support: use openssl_version_number

Use OPENSSL_VERSION_NUMBER instead of OPENSSL_API_COMPAT to detect
the openssl 1.1 API.

ASTERISK-26109 #close

OpenSSL 1.1.0 support 2.patch | (download)

main/libasteriskssl.c | 7 5 + 2 - 0 !
main/tcptls.c | 2 1 + 1 - 0 !
2 files changed, 6 insertions(+), 3 deletions(-)

 [patch] libasteriskssl: do nothing with openssl >= 1.1

OpenSSL 1.1 requires no explicit initialization. The hacks in the
library are not needed. They also happen to fail running Asterisk.

ASTERISK-26109 #close

OpenSSL 1.1.0 support 3.patch | (download)

main/tcptls.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch] tcptls: use tls_client_method with openssl 1.1

OpenSSL 1.1 introduced TLS_client_method() and deprecated the previous
version-specific methods (such as TLSv1_client_method(). Other than
being simpler to use and more correct (gain support for TLS newer that
TLS1, in our case), the older ones produce a deprecation warning that
fails the build in dev-mode.

ASTERISK-26109 #close

pjsip_unresolved_symbol.patch | (download)

res/res_pjsip/pjsip_message_ip_updater.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 fix unresolved symbol ast_sip_session_unregister_supplement in pjsip
859911 pjsip set rtp source address.patch | (download)

res/res_pjsip_sdp_rtp.c | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 [patch] res_pjsip_sdp_rtp: rtp instance does not use same ip as
 explicit transport

Currently a wildcard address is used for the local RTP socket, which
will not always result in the same address as used by the SIP socket
(e.g. if explicit transport addresses are configured).
Use the transport's host address when binding new local RTP sockets if
available.

ASTERISK-26851

859911 pjsip set rtp source address part2.patch | (download)

res/res_pjsip_sdp_rtp.c | 23 18 + 5 - 0 !
1 file changed, 18 insertions(+), 5 deletions(-)

 [patch] res_pjsip_sdp_rtp.c: don't alter global addr variable.

* create_rtp(): Fix unexpected alteration of global address_rtp if a
transport is bound to an address.

* create_rtp(): Fix use of uninitialized memory if the endpoint RTP media
address is invalid or the transport has an invalid address.

ASTERISK-26851

875450 chan_sip oneway audio.patch | (download)

channels/chan_sip.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 [patch] chan_sip: change sip_get_codec() to return correct codec list
ASTERISK 26606.patch | (download)

main/tcptls.c | 66 58 + 8 - 0 !
1 file changed, 58 insertions(+), 8 deletions(-)

 [patch] tcptls: improve error messages for tls connections.

This change uses the functions provided by OpenSSL to query
and better construct error messages for situations where
the connection encounters a problem.

ASTERISK-26606

AST 2017 004.patch | (download)

channels/chan_skinny.c | 122 66 + 56 - 0 !
1 file changed, 66 insertions(+), 56 deletions(-)

 [patch] ast-2017-004: chan_skinny:  add eof check in skinny_session

The while(1) loop in skinny_session wasn't checking for EOF so
a packet that was longer than a header but still truncated
would spin the while loop infinitely.  Not only does this
permanently tie up a thread and drive a core to 100% utilization,
the call of ast_log() in such a tight loop eats all available
process memory.

Added poll with timeout to top of read loop

ASTERISK-26940 #close
Reported-by: Sandro Gauci

AST 2017 005 13.13.diff | (download)

res/res_rtp_asterisk.c | 87 50 + 37 - 0 !
1 file changed, 50 insertions(+), 37 deletions(-)

 [patch] res_rtp_asterisk: only learn a new source in learn state.

This change moves the logic which learns a new source address
for RTP so it only occurs in the learning state. The learning
state is entered on initial allocation of RTP or if we are
told that the remote address for the media has changed. While
in the learning state if we continue to receive media from
the original source we restart the learning process. It is
only once we receive a sufficient number of RTP packets from
the new source that we will switch to it. Once this is done
the closed state is entered where all packets that do not
originate from the expected source are dropped.

The learning process has also been improved to take into
account the time between received packets so a flood of them
while in the learning state does not cause media to be switched.

Finally RTCP now drops packets which are not for the learned
SSRC if strict RTP is enabled.

ASTERISK-27013

AST 2017 006 13.diff | (download)

README-SERIOUSLY.bestpractices.txt | 7 7 + 0 - 0 !
apps/app_minivm.c | 36 25 + 11 - 0 !
apps/app_mixmonitor.c | 15 15 + 0 - 0 !
apps/app_system.c | 10 10 + 0 - 0 !
configs/samples/minivm.conf.sample | 2 1 + 1 - 0 !
funcs/func_shell.c | 5 5 + 0 - 0 !
include/asterisk/app.h | 31 28 + 3 - 0 !
main/asterisk.c | 91 78 + 13 - 0 !
res/res_monitor.c | 13 10 + 3 - 0 !
9 files changed, 179 insertions(+), 31 deletions(-)

 [patch] ast-2017-006: fix app_minivm application minivmnotify command injection

An admin can configure app_minivm with an externnotify program to be run
when a voicemail is received.  The app_minivm application MinivmNotify
uses ast_safe_system() for this purpose which is vulnerable to command
injection since the Caller-ID name and number values given to externnotify
can come from an external untrusted source.

* Add ast_safe_execvp() function.  This gives modules the ability to run
external commands with greater safety compared to ast_safe_system().
Specifically when some parameters are filled by untrusted sources the new
function does not allow malicious input to break argument encoding.  This
may be of particular concern where CALLERID(name) or CALLERID(num) may be
used as a parameter to a script run by ast_safe_system() which could
potentially allow arbitrary command execution.

* Changed app_minivm.c:run_externnotify() to use the new ast_safe_execvp()
instead of ast_safe_system() to avoid command injection.

* Document code injection potential from untrusted data sources for other
shell commands that are under user control.

ASTERISK-27103

AST 2017 008 13.13.diff | (download)

res/res_rtp_asterisk.c | 520 416 + 104 - 0 !
1 file changed, 416 insertions(+), 104 deletions(-)

 [patch] ast-2017-008: improve rtp and rtcp packet processing.

Validate RTCP packets before processing them.

* Validate that the received packet is of a minimum length and apply the
RFC3550 RTCP packet validation checks.

* Fixed potentially reading garbage beyond the received RTCP record data.

* Fixed rtp->themssrc only being set once when the remote could change
the SSRC.  We would effectively stop handling the RTCP statistic records.

* Fixed rtp->themssrc to not treat a zero value as special by adding
rtp->themssrc_valid to indicate if rtp->themssrc is available.

ASTERISK-27274

Make strict RTP learning more flexible.

Direct media can cause strict RTP to attempt to learn a remote address
again before it has had a chance to learn the remote address the first
time.  Because of the rapid relearn requests, strict RTP could latch onto
the first remote address and fail to latch onto the direct media remote
address.  As a result, you have one way audio until the call is placed on
and off hold.

The new algorithm learns remote addresses for a set time (1.5 seconds)
before locking the remote address.  In addition, we must see a configured
number of remote packets from the same address in a row before switching.

* Fixed strict RTP learning from always accepting the first new address
packet as the new stream.

* Fixed strict RTP to initialize the expected sequence number with the
last received sequence number instead of the last transmitted sequence
number.

* Fixed the predicted next sequence number calculation in
rtp_learning_rtp_seq_update() to handle overflow.

ASTERISK-27252

AST 2017 010.patch | (download)

main/cdr.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 [patch] ast-2017-010: fix cdr_object_update_party_b_userfield_cb()
 buf overrun

cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long.  The long string could be supplied by
external means using the CDR(userfield) function.

This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.

ASTERISK-27337

AST 2017 011.patch | (download)

res/res_pjsip_session.c | 80 42 + 38 - 0 !
1 file changed, 42 insertions(+), 38 deletions(-)

 [patch] ast-2017-011 - res_pjsip_session: session leak when a call is
 rejected

A previous commit made it so when an invite session transitioned into a
disconnected state destruction of the Asterisk pjsip session object was
postponed until either a transport error occurred or the event timer
expired. However, if a call was rejected (for instance a 488) before the
session was fully established the event timer may not have been initiated,
or it was canceled without triggering either of the session finalizing states
mentioned above.

Really the only time destruction of the session should be delayed is when a
BYE is being transacted. This is because it's possible in some cases for the
session to be disconnected, but the BYE is still transacting.

This patch makes it so the session object always gets released (no more
memory leak) when the pjsip session is in a disconnected state. Except when
the method is a BYE. Then it waits until a transport error occurs or an event
timeout.

ASTERISK-27345 #close

Reported by: Corey Farrell

AST 2017 012.patch | (download)

res/res_rtp_asterisk.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 [patch] ast-2017-012: place single rtcp report block at beginning of
 report.

When the RTCP code was transitioned over to Stasis a code change
was made to keep track of how many reports are present. This count
controlled where report blocks were placed in the RTCP report.

If a compound RTCP packet was received this logic would incorrectly
place a report block in the wrong location resulting in a write
to an invalid location.

This change removes this counting logic and always places the report
block at the first position. If in the future multiple reports are
supported the logic can be extended but for now keeping a count
serves no purpose.

ASTERISK-27382
ASTERISK-27429

AST 2017 013.patch | (download)

channels/chan_skinny.c | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 [patch] ast-2017-013: chan_skinny: call pthread_detach when sess
 threads end

chan_skinny creates a new thread for each new session.  In trying
to be a good cleanup citizen, the threads are joinable and the
unload_module function does a pthread_cancel() and a pthread_join()
on any sessions that are active at that time.  This has an
unintended side effect though. Since you can call pthread_join on a
thread that's already terminated, pthreads keeps the thread's
storage around until you explicitly call pthread_join (or
pthread_detach()).   Since only the module_unload function was
calling pthread_join, and even then only on the ones active at the
tme, the storage for every thread/session ever created sticks
around until asterisk exits.

* A thread can detach itself so the session_destroy() function
  now calls pthread_detach() just before it frees the session
  memory allocation.  The module_unload function still takes care
  of the ones that are still active should the module be unloaded.

ASTERISK-27452
Reported by: Juan Sacco