Messinet Secure Services

We’ve completed our upgrades from Fedora 23 to Fedora 24 throughout Messinet Secure Services. In general, Fedora 24 has brought us a number of systemd improvements, though there are several SELinux issues when using systemd’s native tools such as systemd-networkd, systemd-resolved, systemd-timesyncd, etc. Many issues: 1317927, 1341829, 1351378, 1355593 generate

SELinux AVC avc: denied { mounton } ...

Even so, the upgrades are complete and I’ll be removing Fedora 23 from the Fedora Linux RPM Repository.

Comcast’s Business Class internet service static IPv6 trial ended as of yesterday. Comcast anticipates the nationwide launch of static IPv6 to begin in early July 2016.

With the unfortunate gap in reliable IPv6 business class service from Comcast, Messinet Secure Services is preparing alternate IPv6 service arrangements. There will likely be intermittent service and network interruptions along the way as DNS and routing changes propagate throughout the internet.

When Comcast does finally roll out static IPv6, we hope that they have addressed the significant hardware issues detailed in this summary of Comcast’s support of IPv6 on their CPE for their copper cable network.

Wow, it’s been quite a while!

I have a new job that takes up much more of my time and as Messinet Secure Services has moved to Fedora 23, I’ve had to drop packaging support for Enterprise Linux. I don’t operate Enterprise Linux systems here so as the packaging differences between Fedora and Enterprise Linux became more complex, it became harder for me to produce and properly test packages.

So I’m sorry to say that I’m no longer building Enterprise Linux packages. Perhaps someone with more time can take up the task. The spec files, patches and tools are always available in the now renamed Fedora Linux RPM Repository.

Fedora 22 is set to be released on 2015-05-26 and Messinet Secure Services has been preparing our own RPMs for the upgrade. Most of the work is complete and available in our Fedora & Enterprise Linux RPM Repository.

In order to work toward the Fedora 22 release, I have had to drop support for Fedora 20 and Enterprise Linux 6 RPMs. After Messinet Secure Services completes the migration to Fedora 22, support for Fedora 21 will also be dropped.

Today was a big day for Telephony & VoIP related RPM builds!

Fedora 20 & 21 RPMs for Asterisk 13.0.0-beta1 as well as Fedora 20, 21, & EL 7 RPMs for Kamailio 4.2.0-dev are availabile in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository.

In preparation for building Asterisk for Fedora 21 & EL 7, there are also PJSIP 2.2 (pjproject) RPMs in the mss-testing channel.

Fedora 20, 21 & EL 6, 7 RPMs for DAHDI-Linux & DAHDI-Tools 2.10.0 are also available in the main mss channel.

Moving forward, I hope to be able to provide near-development RPMs for the following:

• Fedora 20
  • Asterisk
  • DAHDI-Linux & DAHDI-Tools
  • Kamailio
  • PJSIP
• Fedora 21
  • Asterisk
  • DAHDI-Linux & DAHDI-Tools
  • Kamailio
  • PJSIP
• Enterprise Linux 6
  • DAHDI-Linux & DAHDI-Tools
• Enterprise Linux 7
  • Asterisk (coming soon)
  • DAHDI-Linux & DAHDI-Tools
  • Kamailio
  • PJSIP

I have started building Kamailio RPMs for Fedora 20 & 21 and Enterprise Linux 7. Currently, the RPMs are based on the 4.1.4 release, with updates applied to keep it in line with upstream’s development branch.

You can browse the spec file and patches here. Feel free to contact me if you see any issues with the packaging.

Right now, the RPMs are available in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository, though I plan to move them out of mss-testing and into the default mss channel in the future.

I have also begun integrating Kamailio with Asterisk at Messinet Secure Services to enhance the capabilities of the communications services we provide. I’d love to hear from you if you have any pointers!

Asterisk 12.3.2 RPMs for Fedora 20 are available in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository.

Asterisk 12.3.2 RPMs for Fedora 20 are available in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository.

As you probably know by now, Heartbleed is the name for a bug in the OpenSSL cryptography software that, in short, could enable an attacker to steal the private key that was meant to encrypt TLS secured connections. With access to the private key, the attacker could access user names, passwords, and other sensitive data that internet users thought was being transmitted securely.

Messinet Secure Services was one in the estimated 66% of all internet sites using a compromised version of OpenSSL on our public website and email servers. Fortunately, we upgraded our OpenSSL libraries immediately on 2014-04-07 when the announcement was made and the updated packages were available. In order to protect future SSL/TLS internet transmissions, we also revoked the potentially compromised StartSSL certificates, re-keyed, and implemented new certificates on 2014-04-10.

The real problem is that an attacker could access sensitive information from past connections which may have been captured.

While Messinet Secure Services is now properly re-secured, it is critical that users with accounts and passwords at Messinet Secure Services change their passwords. This is the difficult, but final step in the process to overcome the breach created by Heartbleed. If you are one of the affected users, you will receive an email with instructions on how to change your password.

Asterisk 12.2.0-rc1 RPMs for Fedora 20 are available in the mss-testing channel of the Fedora & Enterprise Linux RPM Repository.