Categories
PHP

PHP 5.4.30, for Wheezy and Squeeze

On June 26th 2014, the PHP group has released PHP 5.4.30. Over 20 bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.6
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.4
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.14 for Debian Wheezy

On June 27th 2014, the PHP group has released PHP 5.5.14.

This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension.

All PHP users are encouraged to upgrade to this new version.

Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.5.13 release. Still, the fix in PHP 5.5.14 may break some very rare situations. As this tiny compatibility break involves security, and as security is our primary concern, we had to fix it. This concerns bug 67072. For more information about this bug and its actual resolution, please visit our upgrading guide. We apologize for any inconvenience you may have experienced with this behavior.

PHP 5.5.14 packages are now available on Dotdeb for Debian 7.5 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

  • apcu 4.0.6
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.4
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4

php5-mysqlnd can now seamlessly replace php5-mysql for other packages having outdated dependencies. You can now avoid an annoying libmysqlclient warning when using MySQL servers different from 5.5.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
Zabbix

Zabbix 2.2.4

Zabbix 2.2.4 has been released on June 23rd 2014, coming with faster Zabbix GUI, improved usability along with a number of bug fixes. Please read the release notes for more info.

As usual, the packages are now available :

  • for Debian 7.0 “Wheezy and 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

And don’t forget, if you find Dotdeb useful, feel free to show your support.

Categories
Nginx

Nginx 1.6.0 has been updated for Wheezy and Squeeze

Packages of Nginx 1.6.0 for Debian Wheezy and Squeeze have just been updated to fix a vulnerability in the ngx_pagespeed-embeded OpenSSL library.

The nginx-auth-ldap, nginx-cache-purge, nginx-lua and nginx-upload-progress modules have also been updated.

Categories
Redis

Redis 2.8.12

Redis 2.8.12 has been released on June 23th 2014, bringing the following changes :

  • [FIX / BREAKS BACKWARD COMPATIBILITY] Using SELECT inside Lua scripts no longer makes the selected DB to be set in the calling client. So Lua can still use SELECT, but the client calling the script will remain set to the original DB. Thix fixes an issue with Redis replication of Lua scripts that called SELECT without reverting the selected DB to the original one. (Salvatore Sanfilippo)
  • [FIX] Sentinel failover was instalbe if the master was detected as available during the failover (especially during manual failovers) because of an implementation error (lack of checking of SRI_PROMOTED flag). (Salvatore Sanfilippo)
  • [FIX] Cancel SHUTDOWN if initial AOF is being written. (Matt Stancliff)
  • [FIX] Sentinel: bind source address for outcoming connections. (Matt Stancliff).
  • [FIX] Less timing sensitive Sentinel tests. (Salvatore Sanfilippo).
  • [NEW] redis-cli --intrinsic-latency stopped with SIGINT still reports stats (Matt Stancliff)
  • [NEW] Sentinels broadcast an HELLO message ASAP after a failover in order to reach a consistent state faster (before it relied for periodic HELLO messages). (Salvatore Sanfilippo).
  • [NEW] Jemalloc updated to 3.6.0. (Salvatore Sanfilippo)
  • [NEW] CLIENT LIST speedup. (Salvatore Sanfilippo)
  • [NEW] CLIENT LIST new unique incremental ID to every client. (Salvatore Sanfilippo)
  • [NEW] ROLE command added. (Salvatore Sanfilippo)
  • [NEW] CLIENT KILL new form to kill by client type and ID (see doc at redis.io for more info). (Salvatore Sanfilippo)
  • [NEW] Sentinel now disconnects clients when instances are reconfigured (see http://redis.io/topics/sentinel-clients). (Salvatore Sanfilippo)
  • [NEW] Hiredis update to latest version. (Matt Stancliff)

The upgrade urgency is high for Redis, critical for Sentinel.

Please note that this release contains a non backward compatible semantical change to Lua script that should affect an almost zero number of users.

The packages are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” on both amd64 and i386 architectures.

Categories
Redis

Redis 2.8.11

Redis 2.8.11 has been released on June 11th 2014, bringing the following changes :

  • [FIX] A previous fix for Lua -> Redis numerical precision enhancement introduced a new problem. In Redis 2.8.10 commands called from Lua passing a string that “looks like” a very large number, may actually use as argument the string converted as a float. This bug is now fixed.
  • [FIX] Now commands other than PUSH adding elements to a list will be able to awake clients blocked in a blocking POP operation.
  • [FIX] Cygwin compilation fixes.

The upgrade urgency is high if you use Lua scripting, LOW otherwise.

The packages are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” on both amd64 and i386 architectures.

Categories
PHP

PHP 5.4.29, for Wheezy and Squeeze

On May 29th 2014, the PHP group has released PHP 5.4.29. 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.4
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.3
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

Please also note that the default permissions on the FPM Unix socket have been fixed, in a secure way.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
MySQL

MySQL 5.6.19, for Debian Wheezy

MySQL 5.6.19 has been released on May 30th, 2014, fixing various bugs.

Please read the full Changelog fore more details.

The corresponding packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures.

Categories
MySQL

Percona toolkit 2.2.8

Percona toolkit 2.2.8 is now available on Dotdeb for both Debian 7 “Wheezy” and Debian 6 “Squeeze”. This release fixes bugs and also brings new things :

  • pt-agent has been replaced by percona-agent. More information on percona-agent can be found in the Introducing the 3-Minute MySQL Monitor blog post.
  • pt-slave-restart now supports MySQL 5.6 global transaction IDs.
  • pt-table-checksum now has new –plugin option which is similar to pt-online-schema-change –plugin

As usual, before upgrading, please read the list of changes for Percona toolkit 2.2.8 and the announcement by Hrvoje Matijakovic.

Categories
Redis

Redis 2.8.10

Redis 2.8.10 has been released on June 5th 2014, bringing the following changes :

  • [FIX] IMPORTANT! A min-slaves-to-write option active in a slave totally prevented the slave from acception the master stream of commands. This release includes testes for min-slaves-to-write, and a fix for this issue.
  • [FIX] Sometimes DEL returned 1 for already expired keys. Fixed.
  • [FIX] Fix test false positive because new osx ‘leaks’ output.
  • [FIX] PFCOUNT HLL cache invalidation fixed: no wrong value was reported but the cache was not used at all, leading to lower performances.
  • [FIX] Accept(2) multiple clients per readable-event invocation, and better processing of I/O while loading or busy running a timedout script. Basically now the LOADING / BUSY errors are reported at a decent speed.
  • [FIX] A software watchdog crash fixed.
  • [FIX] Fixed a Lua -> Redis numerical precision loss.
  • [NEW] Lua scripting engine speed improved.
  • [NEW] Sentinel generates one new event for humans to understand better what is happening during a failover: +config-update-from. Also the time at which a failover will be re-attempted is logged.

The upgrade urgency is high only if you use min-slaves-to-write option.

The packages are now available for both Debian 7 “Wheezy” and Debian 6 “Squeeze” on both amd64 and i386 architectures.