Posted by & filed under PHP.

On November 13th 2014, the PHP group released PHP 5.4.35.

4 security-related bugs were fixed in this release, including the fix for CVE-2014-3710. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.7
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.8
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.2.0
  • xdebug 2.2.6
  • xhprof 0.9.4
  • zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Posted by & filed under PHP.

On November 13th 2014, the PHP group released PHP 5.5.19.

This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.19 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures. They include a fix for regressions in the FPM SAPI (See 1, 2 and 3) that is present in the upstream version of PHP 5.5.19.

The following modules have been packaged too :

  • apcu 4.0.7
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.8
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.2.0
  • xdebug 2.2.6
  • xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Posted by & filed under PHP.

On November 13th 2014, the PHP group released PHP 5.6.3.

This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.3 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures. They include a fix for regressions in the FPM SAPI (See 1, 2 and 3) that is present in the upstream version of PHP 5.6.3.

Please also note these points :

  • Regression : php5-memcached lacks JSON support
  • Missing packages : Xcachen Xdebug and Xhprof are missing for now
  • End of support : Spplus won’t be supported anymore. Pinba’s fates hasn’t been decided yet.

As a consequence :

To install PHP 5.6 or to upgrade from previous version just follow the instructions.

Posted by & filed under MySQL.

MySQL 5.6.21 has been released on September 23rd, 2014, fixing 24 security issues and various bugs affecting previous versions.

Please read the full Changelog fore more details.

The corresponding packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures.

Note : Some people reported having difficulties upgrading from 5.6.19 to 5.6.21. If this is your case, prefer using apt-get dist-upgrade (or equivalent) instead of apt-get upgrade.

Posted by & filed under PHP.

On October 16th 2014, the PHP group released PHP 5.4.34.

6 security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. Also, a fix for OpenSSL which produced regressions was reverted. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.7
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.7
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.2.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Posted by & filed under PHP.

On October 16th 2014, the PHP group released PHP 5.5.18.

Several bugs were fixed in this release. A regression in OpenSSL introduced in PHP 5.5.17 has also been addressed in this release. PHP 5.5.18 also fixes 4 CVEs in different components. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.18 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

  • apcu 4.0.7
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.7
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.2.0
  • xdebug 2.2.5
  • xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Posted by & filed under PHP.

On October 16th 2014, the PHP group released PHP 5.6.2.

Four security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.2 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures.

Please also note these points :

  • Regression : php5-memcached lacks JSON support
  • Missing packages : Xcachen Xdebug and Xhprof are missing for now
  • End of support : Spplus won’t be supported anymore. Pinba’s fates hasn’t been decided yet.

As a consequence :

To install PHP 5.6 or to upgrade from previous version just follow the instructions.

Posted by & filed under Miscellaneous, PHP.

On October 2nd 2014, the PHP group released PHP 5.6.1.

Several bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.1 packages are now available on Dotdeb for Debian 7.6 “Wheezy”, on both amd64 and i386 architectures.

Please also note these points :

  • Regression : php5-memcached lacks JSON support
  • Missing packages : Xdebug and Xhprof are missing for now
  • End of support : Spplus won’t be supported anymore. Xcache’s and Pinba’s fates haven’t been decided yet

As a consequence :

To install PHP 5.6 or to upgrade from previous version just follow the instructions.

Posted by & filed under PHP.

On August 28th, the PHP group released the first stable version of the new major branch, PHP 5.6.0 :

The PHP Development Team announces the immediate availability of PHP 5.6.0. This new version comes with new features, some backward incompatible changes and many improvements.

The main features of PHP 5.6.0 include:

For a full list of new features, you may read the new features chapter of the migration guide.

PHP 5.6.0 also introduces changes that affect compatibility:

  • Array keys won’t be overwritten when defining an array as a property of a class via an array literal.
  • json_decode() is more strict in JSON syntax parsing.
  • Stream wrappers now verify peer certificates and host names by default when using SSL/TLS.
  • GMP resources are now objects.
  • Mcrypt functions now require valid keys and IVs.

On the Dotdeb side now, I wanted to make things right, so I spent my last 3 week-ends changing what happens under the hood :

  • First, syncing the packaging method to Sid’s one. Thanks to the Debian maintainers for their awesome work!
  • The main PHP 5.6 packages are now built using git-buildpackage.
  • The PECL extensions are now built using pkg-php-tools and a modified version of debpear. More info here… (Meaning that you could soon be able to easily package your own extensions).

Therefore, I’m now proud to announce that :

  • Packages of PHP 5.6.0 are now available for Debian 7 “Wheezy” on amd64 and i386 architectures
  • PECL extensions now have their own version numbers to reflect what really happens on pecl.php.net. The upgrade from previous versions of PHP should be seamless.
  • The brand new PHP debugger, phpdbg is available through its dedicated package : php5-phpdbg
  • msgpack support is now available by installing php5-msgpack
  • Pthreads support is now available by installing php5-pthreads
  • php5-http from previous versions of PHP has been updated and renamed php5-pecl-http, according to Debian’s guidelines

Of course, there are still points to be worked on :

  • Regression : php5-memcached lacks JSON support
  • Improvement : igbinary to be supported in PHP 5.6 (php5-igbinary), in php5-memcached and in php5-redis. As well as msgpack in php5-memcached
  • Missing packages : Xdebug and Xhprof are missing for now
  • End of support : Spplus won’t be supported anymore. Xcache’s and Pinba’s fates haven’t been decided yet

Considering this, these first packages should be seen as a preview :

  • Don’t upgrade critical/production environments yet, or at your own risk!
  • For users upgrading from PHP 5.5, a full migration guide is available, detailing the changes between 5.5 and 5.6.0
  • The full list of changes is available in the ChangeLog
  • Make sure that you understand the above PHP/Debian/Dotdeb changes and that you don’t need any of the missing features
  • Your feedbacks are always welcome. Just make sure they are useful.

To install PHP 5.6 or to upgrade from previous version just follow the instructions.

I hope you’ll enjoy this new major version of PHP. And as usual, feel free to show your support :)

Posted by & filed under Nginx.

Nginx 1.6.2 has been released on September 16th 2014, with the following changes :

  • Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple “server” blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud.
  • Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8.
  • Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request.

As a consequence, packages of Nginx 1.6.2 are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” (amd64/i386).

Please note that the nginx-rtmp-module has been added to nginx-extras and that the other modules have been updated to their latest version.

For more details about which modules are included in the different Nginx flavors, just have to look at this document.