Packages of PHP 5.3.10 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.
Those for Debian 5.0 “Lenny” (certainly the last ones before the end of its security support on Feb 6th) are coming in a few hours.

Percona toolkit 2.0.2 is now available on Dotdeb for :

• both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”
• both amd64 and i386 architectures

• [BUGFIX] Fixed issue #141 part 1: Possible protocol desyncs when clients send wrong protocol is now fixed. (See issue 141 for more details)
• [BUGFIX] Fixed issue #141 part 2: Connection of multiple slaves used to result from time to time into corrupted protocol send to slaves connected after the first one. (See issue 141 for more details)
• [BUGFIX] Do not propagate DEBUG LOADAOF.
• New INFO contains information such as ip/port/state for every conneced slave.
• Show GCC version in INFO output.

Security Enhancements and Fixes in PHP 5.3.9:

• Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
• Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Key enhancements in PHP 5.3.9 include:

• Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of).
• Fixed bug #55609 (mysqlnd cannot be built shared)
• Many changes to the FPM SAPI module

PHP 5.3.9 is now available on Dotdeb for :

• both Debian 6.0 “Squeeze” and Debian 5.0 “Lenny”
• both amd64 and i386 architectures

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

[edit] the packages have been updated to fix some Suhosin- and strtotime()-related issues. You really should upgrade at least :

• to 5.3.9-0~dotdeb.3 if you’re running Squeeze
• to 5.3.9-0~dotdeb.2 if you’re running Lenny

• [BUGFIX] Fixed a ZUNIONSTORE/ZINTERSTORE bug that can cause a NaN to be inserted as a sorted set element score. This happens when one of the elements has +inf/-inf score and the weight used is 0.
• [BUGFIX] Fixed memory leak in CLIENT INFO.
• [BUGFIX] Fixed a non critical SORT bug (Issue 224).
• [BUGFIX] Fixed a replication bug: now the timeout configuration is respected during the connection with the master.
• –quiet option implemented in the Redis test.

• the mysql-common package, in its 5.5.19+ version, “breaks”  mysql-server-5.1 and mysql-client-5.1 (as APT means it – it won’t actually break your server into pieces). Freezing it will prevent any issue (the introduction of unknown configuration variables in their /etc/mysql/my.cnf, for example)
• the MySQL client now uses the system’s readline library instead of the bundled editline wrapper
• missing header files and libraries are now included in the appropriate packages

As usual, please read the full Changelog carefully before upgrading.

• for both Debian 6.0 “Squeeze” and 5.0 “Lenny”
• for both amd64 and i386 architectures

Here are the changes on the Dotdeb side :

• nginx-extras now includes the Push stream module, instead of the bogus HTTP Push. Please review your configuration.
• nginx-extras now uses Passenger 3.0.11

• [BUGFIX] jemalloc upgraded to version 2.2.5, previous versions had a potentially serious issue when allocating big memory areas, something that Redis actually does. However we never received bug reports that appear to be caused by jemalloc.
• [BUGFIX] DISCARD now clears DIRTY_CAS flag in the client. Now the next transaction will not fail if the previous transaction used WATCH and the key was touched.
• CLIENT LIST output modified to include the last command executed by clients.
• Better bug report on crash.
• Protocol errors are now logged for loglevel >= verbose.
• Two new INFO fields related to AOF, that can be useful when investigating Redis issues.

• redis-cli now supports ‘single quotes’ style strings.
• It is possible to disable password auth with CONFIG SET.
• Some section of redis.conf better documented.
• Default timeout for client connections now is 0 (no timeout).
• I/O buffer length modified for better performances with big payloads.
• Fixed crash on SPARC due to improper alighment due to bad assumptions about data types size.
• CLIENT LIST output improved, code refactored.
• [BUGFIX] Max log message length set to 4k to avoid truncation in INFO output written in the log file after a crash.
• [BUGFIX] Close client connection when the query buffer reaches 1GB and log informaiton about the offending client, instead of crashing the instance when the query buffer reaches 2GB (for sds.c string overflow). This is related to issue #141 (github issues) and should fix the effect of this rare bug related to replication, but the cause is still not perfectly clear.

As usual, please read the full Changelog carefully before upgrading.

Please also note that Oracle now provides .deb packages on their download page. That’s a great thing, but they’ll have to be improved :

• no repository is available to ease the future updates
• they’re monolythic and do not separate libraries from headers or binaries, configuration from server or client.
• they do not take care of the official Debian naming convention