Changes To The Community Service Maintenance Notifications

Jose P. Espinal May 22, 2013 Asterisk Announces No Comments

You may have noticed (or maybe not) that there have been several maintenance notifications for the asterisk.org community services this month. We are working hard to keep up the services running smoothly, and those notices are sent whenever we think our maintenance may interfere with the operation of any of the services.

So far, it’s been our policy that we send out a maintenance notification whenever we do anything other than the most minor maintenance on the services. You can usually read “may have intermittent availability” as “it should be available unless things go horribly wrong”.

We now realize that most of these notifications are just spam for most of the community. It is also cumbersome for us to send out the notifications every time we touch the services. Especially considering that the services are typically unavailable for at most a few minutes, if at all.

In an effort to reduce spam and make service availability more predictable, we’re changing the policy about when we send notifications about community service availability.

Starting on Monday, May 27th, we will have a regular maintenance window every Monday for one hour starting at 9:00 PM Central Time (that’s 02:00 UTC during daylight saving time in the summer, and 03:00 UTC during standard time). We will try to restrict the service impacting maintenance to that weekly window.

For the times where there might be a service interruption outside of that window (either when it needs to be coordinated with our colo provider, or if the maintenance will take longer than one hour), we will send notice of the impending service interruption to just the asterisk-announce mailing list[1].

This will help us in planning service upgrades and maintenance, and reduce the amount of unnecessary email for the community.

[1]: http://lists.digium.com/mailman/listinfo/asterisk-announce

— Digium’s Asterisk Development Team

CodeIgniter and Twig Integration in Two Easy Steps

Jose P. Espinal May 18, 2013 programming No Comments

Tags: codeigniter and twig integration, codeigniter template engine, template engine, twig engine, twig template, using Twig with CodeIgniter

While I was working on a personal project I saw convenient to use a template engine that could be easily integrated with CodeIgniter. I heard about Twig some time ago and, as far as I saw while reading about it, it is a very robust and efficient solution, so I decided to give it a shot. This is how I integrated it with CodeIgniter in two easy steps that works for me:

I created a “component” directory where I placed Twig installation files.

Please note that this is not required, I just did it that way so if in a future I need to integrate something else, that directory will be a good place to place it.

Creating “components” directory

(more…)

New Security Releases Announced By The Asterisk Development Team

Jose P. Espinal March 27, 2013 Asterisk Announces Comments Off

Tags: asterisk security, denial of service, Remote Unauthenticated Sessions, security releases, SIP channel driver, Unauthorized data disclosure, Username disclosure, Username disclosure in SIP channel driver

The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones, and 11.2.2.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of these versions resolve the following issues:

A possible buffer overflow during H.264 format negotiation. The format attribute resource for H.264 video performs an unsafe read against a media attribute when parsing the SDP. This vulnerability only affected Asterisk 11. * A denial o f service exists in Asterisk’s HTTP server. AST-2012-014, fixed in January of this year, contained a fix for Asterisk’s HTTP server for a r remotely-triggered crash. While the fix prevented the crash from being triggered, a denial of service vector still exists with that solution if an attacker sends one or more HTTP POST requests with very large Content-Length values.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
A potential username disclosure exists in the SIP channel driver. When authenticating a SIP request with alwaysauthreject enabled, allowguest disabled , and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2-digiumphones
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

Thank you for your continued support of Asterisk!

Installing CentOS For Asterisk

Jose P. Espinal March 05, 2013 Asterisk Tutorial, Preparing a System for Asterisk Comments Off

Tags: asterisk, asterisk on centos, asterisk on virtualbox, centos, Connect Automatically, how to install CentOS, interface connected automatically

This article will discuss how to install CentOS step by step in order to set up an Asterisk box. What things you might want to change in order not to have problems while installing or running Asterisk, and finally some tips that you might find useful.

While Installing CentOS is a very straightforward and easy task (and surely there is a plethora of tutorials out there) I decided to make my own guide in order to use it as course material when helping friends (special thanks to my friend Floriana, for encouraging me to this and other tutorials that I’ll be creating) or the community in general in their process to learn Asterisk. I’ll be using VirtualBox in order to install CentOS as a virtual machine and will be assuming an installation from the DVD media (or .iso file)

Inserting DVD media or ISO File

First, start the virtual machine and insert the DVD media or choose the .iso file as installation source. Afterwards you will be asked to chose an option from a menu. Choose the first option: “Install or Upgrade an Existing System”

Install or Upgrade an Existing Image

(more…)

Single Place For Creating Asterisk Community Accounts

Jose P. Espinal February 28, 2013 Asterisk Announces Comments Off

We felt that it would be good to let you know about some minor changes happening with our community services.

For quite some time, we’ve had a consolidated authentication server for most of our community services. This means that you use the same username and password for issues.asterisk.org, wiki.asterisk.org and code.asterisk.org. ReviewBoard (reviewboard.asterisk.org) still uses its own internal authentecation, but we plan to migrate it some day.

To make this more obvious, and to streamline account creation, we now have a single place for creating asterisk.org community accounts:

signup.asterisk.org.

Existing accounts will be unaffected; we’ve only changed how you sign up for a new account. If you have any issues with the new signup service, please contact us at asteriskteam@digium.com.

Thank you for your support!

– Digium’s Asterisk Development Team