Categories
PHP

PHP 5.4.28, for Wheezy and Squeeze

On May 1st 2014, the PHP group has released PHP 5.4.28. 9 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.12 for Debian Wheezy

On April 30th 2014, the PHP group has released PHP 5.5.12 :

This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version.

As a consequence, PHP 5.5.12 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
Redis

Redis 2.8.9

Redis 2.8.9 has been released on April 22nd 2014, bringing the HyperLogLog data structure…

You can read more about it in this blog post.
Beside this great announcement, the “Sorted Set” data type has now support for lexicographic range queries, check the new commands ZRANGEBYLEX, ZLEXCOUNT and ZREMRANGEBYLEX, which are documented at http://redis.io.

The upgrade urgency is low because only new features were introduced, no bugs were fixed.

The packages are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Categories
Zabbix

Zabbix 2.2.3

Zabbix 2.2.3 has been released on April 7th 2014. It introduces more efficient SNMP polling (and much faster Oracle back-end). Please read the release notes for more info.

As usual, the packages are now available :

  • for Debian 7.0 “Wheezy and 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

And don’t forget, if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.4.27, for Wheezy and Squeeze

On April 3rd 2014, the PHP group has released PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.11 for Debian Wheezy

On April 2nd 2014, the PHP group has released PHP 5.5.11 :

Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345. We recommand all PHP 5.5 users to upgrade to this version.

As a consequence, PHP 5.5.11 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
MySQL PHP

About the “mysql_connect(): Headers and client library minor version mismatch” warning

After having MySQL 5.6.17 published, some users complained about a warning thrown by their PHP applications :

PHP Warning: mysql_connect(): Headers and client library minor version mismatch. Headers:50535 Library:50617

In fact, this could happen with any application linked to libmysqlclient18 in a certain version (php5-mysql from Dotdeb is linked to the 5.5.35 version from the stock Debian distribution) when connecting to a MySQL server in another version (5.6.17 in our case). The warning is thrown by libmysqlclient18 itself. And this is just a warning, there is no reason why any bad behavior would happen in that case.

Of course, I could build php5-mysql against the latest libmysqlclient18 (5.6.17), but it would lead to very bad issues, such as duplicate symbols or segfaults when PHP is loaded with other MySQL-linked modules from the stock Debian distribution (those are linked to libmysqlclient18 5.5.35). For example : mod_php5 + Apache + mod_auth_mysql would crash.

If this this warning really annoys you, feel free to install php5-mysqlnd instead of php5-mysql :

  • it’s a drop-in replacement
  • it’s not linked against any libmysqlclient library
  • it won’t throw any irrelevant warning about version mismatch
  • it has a lot of benefits. See http://www.php.net/mysqlnd for more info

I hope this helps.

Categories
MySQL

MySQL 5.6.17 for Wheezy

After months of work in (slow) progress, I’m glad to announce that packages of MySQL 5.6.17 are now available for Debian 7.4 “Wheezy” on both amd64 and i386 architectures.

This is our first major release of the MySQL 5.6 branch, so be very careful when upgrading your boxes : backup your data first, keep a spare/delayed MySQL slave… And be sure to know in details what’s new in MySQL 5.6 :

  • A better Optimizer
  • InnoDB great new features : online DDL, split kernel mutex, multi-threaded purge, separate flush thread
  • New NoSQL-style memcached APIs
  • Partitioning improvements for querying and managing huge tables
  • Replication now supports multi-threaded slaves, GTID and checksums
  • More data is available through the PERFORMANCE_SCHEMA.

Of course, feedbacks are welcome, as usual.

By the way, sorry for that delay. Among other reasons, I had to deal with the Oracle/MariaDB/Percona – and now WebscaleSQL – dilemma. It’s still not concluded, since MariaDB is now well integrated in Debian Sid and that its 10.x has been declared as GA a few days ago. Stay tuned, some more announcement might be made in the next few weeks on the Dotdeb side.

Enjoy! And if you want to show your support, follow this link… 🙂

Categories
Redis

Redis 2.8.8

Redis 2.8.8 has been released on March 25th 2014, bringing a lot of fixes… Take a look at the Changelog for more details.

The upgrade urgency is high for Redis, low for Sentinel. There is a potentially critical bug fix causing data loss in Redis but it requires a combination of disk full and the use of the SHUTDOWN command.

The packages are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Categories
Miscellaneous Nginx

Security : Nginx 1.4.7, for Wheezy and Squeeze

Nginx 1.4.7 has been released on March 18th 2014, fixing a potential heap memory buffer overflow when using SPDY, and also the fastcgi_next_upstream directive. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.7 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.