NEWS FLASH Latest Security Updates

[wardmundy]

Just an FYI that all of the latest Asterisk security releases now are available in all newly downloaded versions of PBX in a Flash with the exception of PIAF-Red which has been deprecated.

An upgrade script for existing PIAF-Green servers is now available as well. To run it, log into your server as root and issue the following commands:

cd /root
wget http://pbxinaflash.com/upgrade-green-11.8.1.tgz
tar zxvf upgrade-green-11.8.1.tgz
./upgrade-green-11.8.1

 

[kenn10]

Ward, works fine on Green except it does not move or delete the old Asterisk directory and move Asterisk-11.8.1 to Asterisk. When you do a Status, the Running vs. Installed Asterisk versions don't match.

 

[darmock]

I am in the midst of building a generic update-asterisk program that will update asterisk ONLY (all colors EXCEPT red) to whatever is current. NOTE THIS IS DEPENDENT ON DIGIUM ACTUALLY KEEPING THERE WEBSITE UPTODATE.

It will NOT update anything else! Nor will it move you between asterisk family versions (ala 1.8 > 11)


You WILL be able to run it as a cron job however if you choose. (I have never favoured this approach!)


RSN


Will be available to RentPBX patrons FIRST


Tom

 

[wardmundy]

To clarify please, does the green upgrade script only upgrade Asterisk on green systems, or could it work on purple?

You'd need to change the Asterisk version being retrieved. Other than that, the logic is the same.

 

[wardmundy]

Ward, works fine on Green except it does not move or delete the old Asterisk directory and move Asterisk-11.8.1 to Asterisk. When you do a Status, the Running vs. Installed Asterisk versions don't match.

My personal preference is to keep the version numbering in the source directory. Then you can tell from status where you began and where you currently are. It's a plain text script so you can change it to meet your own preference if desired.

 

[darmock]

Well update-piaf/update-asterisk is now in alpha status. It does the following

1. Check to see if there is a major update for your version of asterisk (exclucing piaf-red/asterisk 10) available from digium. NOTE Release candidates are specifically excluded!
2. If an update is available it will download the update directly from Digium (As long and their servers are available to you in the area you live in)
3. Backup the existing asterisk source directory
4. Install certain support files that may be needed each time a new version of asterisk is installed
5. Check to see if an autoconf file is available from PIAF to automatically configure asterisk. If no autoconf file is available you will be shown the make menuconfig
6. Make Asterisk and flite
7. Reload Asterisk and display status to verify that asterisk successfully updated
8. Optional command line that would allow this program to run as a cron job. You could run this weekly to ensure you are always updated to the most current version (NOTE this is inherently experimental! But we support your right to go to hell in your own way)
9. We check the digium site once a day and pull what versions are latest

Forward looking

Since we started tinkering with this we have been thinking it might be a worthy successor to update-source. We are considering adding the ability to update libpri and dahdi. We have also been looking at upgrading kernels and yum as part of this but we can't get over the fact that in the past upgraded packages and the kernel has BROKEN some things which required a rollback to the previous version. We admit it has been a while since we have seen this but this could be due to removing some automatic updates for kernels etc. I suppose we are just not sold on running a program automatically that has so much potential to put you in a world of hurt that and verifiable and reproducible security holes are fairly rare.


Tom

 

[jeff.h]

@Tom. I'm willing to give it a go on a VM. I ran update-programs and update-fixes, but update-piaf and update-asterisk were not options. Are they available for public consumption yet?

 

[darmock]

Nope not out yet still undergoing beta test plus the dev group decided to remove the -q option as this program should be only run manually. We just don't want excessive signal to noise ratio in our forums when it breaks something in automated mode.


We have also added dahdi and libpri automated updates and are looking at adding some other things.

HOWEVER

will be called update-piaf when it is available update-asterisk was prealpha only and was dropped.


Tom