Certain platforms (mainly BSD derivatives) have an additional length
field in `sockaddr_in6` and `sockaddr_in`.
`ast_sockaddr_from_pj_sockaddr()` does not take this field into account
when copying over values from the `pj_sockaddr` into the `ast_sockaddr`.
The resulting `ast_sockaddr` will have an uninitialized value for
`sin6_len`/`sin_len` while the other `ast_sockaddr` (not converted from
a `pj_sockaddr`) to check against in `ast_sockaddr_pj_sockaddr_cmp()`
has the correct length value set.
This has the effect that `ast_sockaddr_cmp()` will always indicate
an address mismatch, because it does a bitwise comparison, and all DTLS
packets are dropped even if addresses and ports match.
`ast_sockaddr_from_pj_sockaddr()` now checks whether the length fields
are available on the current platform and sets the values accordingly.
Resolves: #505
* Refactored pjproject code to support the new algorithms and
added a patch file to third-party/pjproject/patches
* Added new parameters to the pjsip auth object:
* password_digest = <algorithm>:<digest>
* supported_algorithms_uac = List of algorithms to support
when acting as a UAC.
* supported_algorithms_uas = List of algorithms to support
when acting as a UAS.
See the auth object in pjsip.conf.sample for detailed info.
* Updated both res_pjsip_authenticator_digest.c (for UAS) and
res_pjsip_outbound_authentocator_digest.c (UAC) to suport the
new algorithms.
The new algorithms are only available with the bundled version
of pjproject, or an external version > 2.14.1. OpenSSL version
1.1.1 or greater is required to support SHA-512-256.
Resolves: #948
UserNote: The SHA-256 and SHA-512-256 algorithms are now available
for authentication as both a UAS and a UAC.
* The autoconf-archive package contains macros useful for detecting C++
standard and testing other C++ capabilities but that package was never
included in the install_prereq script so many existing build environments
won't have it. Even if it is installed, older versions won't newer C++
standards and will actually cause an error if you try to test for that
version. To make it available for those environments, the
ax_cxx_compile_stdcxx.m4 macro has copied from the latest release of
autoconf-archive into the autoconf directory.
* A convenience wrapper(ast_cxx_check_std) around ax_cxx_compile_stdcxx was
also added so checking the standard version and setting the
asterisk-specific PBX_ variables becomes a one-liner:
`AST_CXX_CHECK_STD([std], [force_latest_std])`.
Calling that with a version of `17` for instance, will set PBX_CXX17
to 0 or 1 depending on whether the current c++ compiler supports stdc++17.
HAVE_CXX17 will also be 'defined" or not depending on the result.
* C++ compilers hardly ever default to the latest standard they support. g++
version 14 for instance supports up to C++23 but only uses C++17 by default.
If you want to use C++23, you have to add `-std=gnu++=23` to the g++
command line. If you set the second argument of AST_CXX_CHECK_STD to "yes",
the macro will automatically keep the highest `-std=gnu++` value that
worked and pass that to the Makefiles.
* The autoconf-archive package was added to install_prereq for future use.
* Updated configure.ac to use AST_CXX_CHECK_STD() to check for C++
versions 11, 14, 17, 20 and 23.
* Updated configure.ac to accept the `--enable-latest-cxx-std` option which
will set the second option to AST_CXX_CHECK_STD() to "yes". The default
is "no".
* ast_copy_string() in strings.h declares the 'sz' variable as volatile and
does an `sz--` on it later. C++20 no longer allows the `++` and `--`
increment and decrement operators to be used on variables declared as
volatile however so that was changed to `sz -= 1`.
source is a bash concept, so when /bin/sh points to another shell the
existing construct won't work.
Reference: https://bugs.gentoo.org/927055
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Fedora 37 started shipping ilbc 3.0.4 which we don't yet support.
configure.ac now checks the system for "libilbc < 3" instead of
just "libilbc". If true, the system version of ilbc will be used.
If not, the version included at codecs/ilbc will be used.
Resolves: #84
The current STIR/SHAKEN implementation is not currently usable due
to encryption issues. Rather than trying to futz with OpenSSL and
the the current code, we can take advantage of the existing
capabilities of libjwt but we first need to add it to the
third-party infrastructure already in place for jansson and
pjproject.
A few tweaks were also made to the third-party infrastructure as
a whole. The jansson "dest" install directory was renamed "dist"
to better match convention, and the third-party Makefile was updated
to clean all product directories not just the ones currently in
use.
Resolves: #349
Fixes#221
UserNote: res_pjsip now allows TLS v1.3 to be enabled if supported by
the underlying PJSIP library. The bundled version of PJSIP supports
TLS v1.3.
This accomplishes the same thing as a `find ... | sort` but with the
added benefit of clarity and avoiding a call to a subshell.
Additionally drop the -s option from call to patch as it is not POSIX.
The apply_patches script wasn't sorting the list of patches in
the "patches" directory before applying them. This left the list
in an indeterminate order. In most cases, the list is actually
sorted but rarely, they can be out of order and cause dependent
patches to fail to apply.
We now sort the list but the "sort" program wasn't in the
configure scripts so we needed to add that and regenerate
the scripts as well.
Resolves: #193
These were uncovered when trying to run `bootstrap.sh` with Autoconf
2.71:
* AC_CONFIG_HEADER() is deprecated in favor of AC_CONFIG_HEADERS().
* AC_HEADER_TIME is obsolete.
* $as_echo is deprecated in favor of AS_ECHO() which requires an update
to ax_pthread.m4.
Note that the generated artifacts in this commit are from Autoconf 2.69.
Resolves#139
This enables the test to work with CC=clang.
Without this the test for 6 args would fail with:
utils.c:99:12: error: static declaration of 'gethostbyname_r' follows non-static declaration
static int gethostbyname_r (const char *name, struct hostent *ret, char *buf,
^
/usr/include/netdb.h:177:12: note: previous declaration is here
extern int gethostbyname_r (const char *__restrict __name,
^
Fixing the expected return type to int sorts this out.
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
* Remove .gitreview and switch to pulling the main asterisk branch
version from configure.ac instead.
* Replace references to JIRA with GitHub.
* Other minor cleanup found along the way.
Resolves: #39
Removed multiple patches.
Code chages in res_pjsip_pubsub due to changes in evsub.
Pjsip now calls on_evsub_state() before on_rx_refresh(),
so the sub tree deletion that used to take place in
on_evsub_state() now must take place in on_rx_refresh().
Additionally, pjsip now requires that you send the NOTIFY
from within on_rx_refresh(), otherwise it will assert
when going to send the 200 OK. The idea is that it will
look for this NOTIFY and cache it until after sending the
response in order to deal with the self-imposed message
mis-order. Asterisk previously dealt with this by pushing
the NOTIFY in on_rx_refresh(), but pjsip now forces us
to use it's method.
Changes were required to configure in order to detect
which way pjsip handles this as the two are not
compatible for the reasons mentioned above.
A corresponding change in testsuite is required in order
to deal with the small interal timing changes caused by
moving the NOTIFY send.
ASTERISK-30325
Change-Id: I50b00cac89d950d3511d7b250a1c641965d9fe7f
This change adds support using the pjsip_tls_transport_restart
function for reloading the TLS certificate and key, if the filenames
remain unchanged. This is useful for Let's Encrypt and other
situations. Note that no restart of the transport will occur if
the certificate and key remain unchanged.
ASTERISK-30186
Change-Id: I9bc95a6bf791830a9491ad9fa43c17d4010028d0
Use pkg-config to detect libxml2, falling back to xml2-config if the
former is not available.
This patch ensures Asterisk continues to build on systems without
xml2-config installed.
The patch also updates the associated 'configure' files.
ASTERISK-29970 #close
Change-Id: I3c90dfe0b0590486cbb8e6d426a7c5c4199410c0
Added functions to open, close, and apply XML Stylesheets
to XML documents. Although the presence of libxslt was already
being checked by configure, it was only happening if xmldoc was
enabled. Now it's checked regardless.
Added ability to parse a string consisting of comma separated
name/value pairs into an ast_variable list. The reverse of
ast_variable_list_join().
Change-Id: I1e1d149be22165a1fb8e88e2903a36bba1a6cf2e
Fix the configure script not to detect the presence of gethostbyname_r()
on NetBSD incorrectly. NetBSD includes it as an internal libc symbol
that is not exposed in system headers and that is incompatible with
other implementations. In order to avoid misdetecting it, perform
the symbol check only if the declaration is found in the public header
first.
ASTERISK-29817
Change-Id: Iafa359b09908251bcd299ff54be003ea129b9eda
There are times when you need to troubleshoot issues with bundled
pjproject or add new features that need to be pushed upstream
but...
* The source directory created by extracting the pjproject tarball
is not scanned for code changes so you have to keep forcing
rebuilds.
* The source directory isn't a git repo so you can't easily create
patches, do git bisects, etc.
* Accidentally doing a make distclean will ruin your day by wiping
out the source directory, and your changes.
* etc.
This commit makes that easier.
See third-party/pjproject/README-hacking.md for the details.
ASTERISK-29824
Change-Id: Idb1251040affdab31d27cd272dda68676da9b268
Furthermore, consistently use not 'No' but ':' for non-existent file
paths. Finally, use the same pattern for checking file paths:
a) = ":"
b) != "x:"
Change-Id: I0c80c76d2cc98b0e5c859131290f4e3141a1a544
OpenSSL is one of those packages that often have alternatives
with later versions. For instance, CentOS/EL 7 has an
openssl package at version 1.0.2 but there's an openssl11
package from the epel repository that has 1.1.1. This gets
installed to /usr/include/openssl11 and /usr/lib64/openssl11.
Unfortunately, the existing --with-ssl and --with-crypto
./configure options expect to point to a source tree and
don't work in this situation. Also unfortunately, the
checks in ./configure don't use pkg-config.
In order to make this work with the existing situation, you'd
have to run...
./configure --with-ssl=/usr/lib64/openssl11 \
--with-crypto=/usr/lib64/openssl11 \
CFLAGS=-I/usr/include/openssl11
BUT... those options don't get passed down to bundled pjproject
so when you run make, you have to include the CFLAGS again
which is a big pain.
Oh... To make matters worse, although you can specify
PJPROJECT_CONFIGURE_OPTS on the ./configure command line,
they don't get saved so if you do a make clean, which will
force a re-configure of bundled pjproject, those options
don't get used.
So...
* In configure.ac... Since pkg-config is installed by install_prereq
anyway, we now use it to check for the system openssl >= 1.1.0.
If that works, great. If not, we check for the openssl11
package. If that works, great. If not, we fall back to just
checking for any openssl. If pkg-config isn't installed for some
reason, or --with-ssl=<dir> or --with-crypto=<dir> were specified
on the ./configure command line, we fall back to the existing
logic that uses AST_EXT_LIB_CHECK().
* The whole OpenSSL check process has been moved up before
THIRD_PARTY_CONFIGURE(), which does the initial pjproject
bundled configure, is run. This way the results of the above
checks, which may result in new include or library directories,
is included.
* Although not strictly needed for openssl, We now save the value of
PJPROJECT_CONFIGURE_OPTS in the makeopts file so it can be used
again if a re-configure is triggered.
ASTERISK-29693
Change-Id: I341ab7603e6b156aa15a66f43675ac5029d5fbde
Discovered while looking at ASTERISK~29684. Usage was removed in change
I3c77c7b00b2ffa2e935632097fa057b9fdf480c0.
Change-Id: Iaf2f7a16ea5a7eee6375319347e4b40b8e7b10e3
IPv6 nameserver addresses are stored in different part of the
__res_state structure, so look there if we appear to have support for
it.
ASTERISK-28004 #close
Change-Id: I67067077d8a406ee996664518d9c8fbf11f6977d
From https://www.mail-archive.com/bug-autoconf@gnu.org/msg04408.html
> ... the long-obsolete AC_HEADER_STDC, previously used internally by
> AC_INCLUDES_DEFAULT, used AC_EGREP_HEADER. The AC_HEADER_STDC macro
> is now a no-op (and is not used at all within Autoconf anymore), so
> that change is likely what made the first use of AC_EGREP_HEADER the
> one inside the if condition, causing the observed results.
The implication is that the test does nothing anyway, and due to it
being a no-op from 2.70 onwards, results in the required not being set
to yes, resulting in ./configure to fail.
Change-Id: Ic1ff38d87f791fbf1f2a80512f81bb7110392460
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
On Gentoo it's possible to have multiple lua versions installed, all
with a path of /usr, so it's not possible to use the current --with-lua
option to determisticly pin to a specific version as is required by the
Gentoo PMS standards.
This environment variable allows to lock to specific versions,
unversioned check will be skipped if this variable is supplied.
Change-Id: I8c403eda05df25ee0193960262ce849c7d2fd088
Signed-off-by: Jaco Kroon <jaco@uls.co.za>
As described in the issue, /tmp is not a suitable location for a
large amount of cached media files, since most distributions make
/tmp a RAM-based tmpfs mount with limited capacity.
I opted for a location that can be configured separately, as opposed
to using a subdirectory of spooldir, given the different storage
profile (transient files vs files that might stay there indefinitely).
This commit just makes the cache directory configurable, and changes
the default location from /tmp to /var/cache/asterisk.
ASTERISK-29143
Change-Id: Ic54e95199405abacd9e509cef5f08fa14c510b5d
Note to maintainers: Lua 5.4, Lua 5.3, and Lua 5.2 have not been tested
at runtime with pbx_lua. Until then, use the lowest available version
of Lua, if you enabled the module pbx_lua at all.
Change-Id: Ie5270448b11fcb4e2a53d899e4fe7fea793ce7e0
The Python/C API is used only if the Test Framework was enabled in Asterisk
'make menuselect'. The Test Framework is available only if the Developer Mode
was enabled in Asterisk './configure --enable-dev-mode'. And that Python/C API
is used only if the PJProject was found and not disabled in Asterisk; the user
did not go for './configure --without-pjproject'.
Furthermore, because version 2 of that Python/C API is required (currently) and
because some platforms do not offer a generic version 2, the script searches
for 2.7 explicitly as well.
To avoid version mismatch between the Python/C API and the Python environment,
the script searches for the latter in the same versions, in the same the order
as well. Because this Python/C API is just for (some) Asterisk contributors,
the script also goes for the Python 3 environment as a last resort for all
other Asterisk users. This allows 'make full' even on minimal installations of
Ubuntu 18.04 LTS and newer.
Because the Python/C API is Asterisk contributor specific, the Python packages
are removed from the script './contrib/scripts/install_prereq' as this script
is intended for Asterisk users. Asterisk contributors have to install much more
packages in any case, like:
sudo apt install autoconf automake git git-review python2.7-dev
ASTERISK-28824
ASTERISK-27717
Change-Id: Id46d357e18869f64dcc217b8fdba821b63eeb876
We (Gentoo distribution) reckon that in the case of multiple versions of
gmime installed we should prefer the newest one.
Change-Id: Idf7be613230232eb1d573d93c4a5a8297f4ecd2d
When building check_expr2 with ASLR PIE hardening enabled the linker
fails. This is resolved by adding the regular compiler flags when
building the object files from ast_expr2f.c and ast_expr2.c.
Note: The STANDALONE define is removed because it is already defined in
_ASTCFLAGS. YY_NO_INPUT is defined so that the compile survives
'--enable-dev-mode'.
Also, a Makefile variable "CROSS_COMPILING" is added so that the
build system doesn't try to run check_expr2 when cross-compiling,
because that will fail the build as will.
ASTERISK-28685 #close
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Change-Id: If435b7db9f9ad8266245bda51c81c220f9658915
