Categories
Nginx

Security : Nginx 1.0.14

Nginx 1.0.14 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix a potential memory disclosure :

  • Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley.

Upgrading is strongly recommended.

Categories
PHP

Packages of PHP 5.4.0 have been updated

Now that PHP 5.4.0 packages have been published as preview, issues have to be fixed. That’s why these packages have been updated with the following changes :

  • gzopen64() has been wrongly introduced on the i386 architecture, instead of the regular gzopen(). It is now fixed.
  • PCRE functions did not support Unicode. That’s ok now.
  • APC has been packaged as php5-apc against its svn/trunk version. It should now work well. Still waiting for an official release.
  • Xdebug should appear very soon is now available in 2.2.0RC1 version.
Thanks for your useful reports.
Categories
MySQL

Percona toolkit 2.0.4

Percona toolkit 2.0.4 is now available on Dotdeb for Debian 6.0 “Squeeze”. You’ll find its Changelog here and an announce by Baron Schwartz here.

Categories
MySQL

Security update : MySQL 5.1.61

MySQL 5.1.61 packages are now available for Debian 6.0 “Squeeze” on amd64 and i386 architectures.

This is a very important security update that fixes unspecified vulnerabilities identified by Oracle in all versions of MySQL 5.1 earlier than 5.1.61. If you did not upgrade to MySQL 5.5, please consider upgrading your MySQL server (at least) to 5.1.61.

FYI, CVE list is as follows :

The corresponding Pinba storage engine has also been rebuilt.

And, as usual, please read the Changelog before upgrading.

Categories
Nginx

Nginx 1.0.13

Nginx 1.0.13 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Here are the changes on the Dotdeb side :

  • nginx-upload-module has been added to nginx-extras
  • nginx-auth-pam has been added to nginx-extras and nginx-full. Closes #5.
  • http_secure_link_module has been added to nginx-full. Closes #3.
  • file-aio is now supported by all nginx flavors
  • ngxensite/ngxdissite scripts are available to enable/disable sites. Closes #4.

Please take a look at Nginx’ Changelog before upgrading.

Categories
PHP

PHP 5.4.0 preview packages

After many months of active development, PHP 5.4.0 is now generally available :

The PHP development team is proud to announce the immediate release of PHP 5.4.0. This release is a major improvement in the 5.x series, which includes a large number of new features and bug fixes.
Some of the key new features include: traitsa shortened array syntaxa built-in webserver for testing purposes and more. PHP 5.4.0 significantly improves performance, memory footprint and fixes over 100 bugs.
For users upgrading from PHP 5.3 there is a migration guide available here, detailing the changes between those releases and PHP 5.4.0.
Further details about the PHP 5.4.0 release can be found in the release announcement, and the full list of changes are available in the ChangeLog.

On the Dotdeb side (thanks to Debian developers’ preliminary work), I’m proud to announce that preview packages of PHP 5.4.0 are now available for Debian 6.0 “Squeeze” on amd64 and i386 architectures. You are invited to test them on development servers, but please don’t install them on production servers yet : the Suhosin patch has not been applied, some extensions are not fully compatible and the following ones are missing…

  • php5-ffmpeg
  • php5-pinba
  • php5-suhosin
  • php5-xcache
  • php5-xdebug
  • php5-xhprof

Don’t worry, production-ready PHP 5.4 packages will be available in some few weeks, after the Suhosin patch and the missing extensions are published.

To avoid your servers to be accidentally upgraded from PHP 5.3 to PHP 5.4 without compatibility validation, the PHP 5.4 packages are available on a separate path. To install them, you’ll have to add this line to your /etc/apt/sources.list first (you can also use any Dotdeb mirror once they’re synchronized) :

deb http://packages.dotdeb.org/ squeeze-php54 all

The main changes in the packages :

  • if you need MySQL-related functions, you can now choose between the (libmysqlclient-linked) php5-mysql package and the (MySQL native – and better – driver-linked) php5-mysqlnd one
  • PHP extensions config files are now migrated to /etc/php5/mods-available/. Files in /etc/php5/conf.d/ are now just symlinks to them. Therefore, you can activate PHP extensions by using php5enmod/php5dismod.

I hope you’ll enjoy this new packages. Any feedback or donation is highly appreciated.

Categories
Redis

Redis 2.4.8

Redis 2.4.8 has been released with these changes :

  • [BUGFIX] Make install now uses cp -f to avoid ‘text file busy’ errors.
  • [BUGFIX] redis-check-aof is now large files safe also on 32 bit systems.
  • [BUGFIX] Issue #327 fixed: maxmemory and replication now work much better.
  • [BUGFIX] Now HINCRBY can detect overflows too. Fix for issue #330.
  • [BUGFIX] Fixed compilation with latest clang.
  • [BUGFIX] Fixed handling of empty sorted sets produced in RDB by very old Redis versions (1.2.x).

The upgrade urgency is moderate if you don’t experience any of the fixed problems.

The packages of Redis 2.4.8 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Categories
MySQL

Percona toolkit 2.0.3

A quick note to announce that Percona toolkit 2.0.3 is now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. You’ll find its Changelog here.

Categories
MySQL

MySQL 5.5.20

The packages of MySQL 5.5.20 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures, with the following changes :

  • the mysql-common package should now work with MySQL 5.1 packages without any problem (unknown configuration variables in /etc/mysql/my.cnf have been commented out)
  • mysql-server-5.5 now supports Linux native asynchronous IO

As usual, please read the full Changelog carefully before upgrading.

Categories
Nginx

Nginx 1.0.12

Nginx 1.0.12 packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

Here are the changes on the Dotdeb side :

  • Add the Cache purge module in nginx-full and nginx-extras
  • Use “default_server” instead of “default” in sites-available/default

Please take a look at Nginx’ Changelog before upgrading.