Posted by & filed under PHP.

On November 10th 2016, the PHP group published PHP 7.0.13.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.13 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

Posted by & filed under Nginx.

Packages of Nginx 1.10.2 for Jessie and Wheezy – amd64 and i386 – have been updated to fix CVE 2016-1247.

Secure log file handling (owner & permissions) against privilege escalation attacks. /var/log/nginx is now owned by root:adm. Thanks Dawid Golunski for the report. Changing /var/log/nginx permissions effectively reopens #701112, since log files can be world-readable. This is a trade-off until a better log opening solution is implemented upstream (trac:376).

This update can also bring full HTTP2 support to Jessie with a new additional repository. As a reminder, Chrome as a browser was not supported on stock Jessie, because it requires a more recent OpenSSL 1.0.2 for its ALPN protocol. Now that jessie-backports includes such an OpenSSL version, Dotdeb provides Nginx packages with full HTTP2 support for Chrome. Here is how to install them :

  1. Activate the jessie-backports repository because you will now rely on its OpenSSL 1.0.2+ backport
  2. Add the following additional repo to your sources.list :
    deb http://packages.dotdeb.org jessie-nginx-http2 all
  3. Upgrade your Nginx packages as usual

Please note that this change will not be available on Wheezy.

Posted by & filed under Nginx.

Nginx 1.10.2 has been released on October 18th 2016, to fix issues with HTTP/2 and bugs with the sub_filter, aio threads and sendfile directives.

As a consequence, packages of Nginx 1.10.2 are now available :

  • for Debian 8 “Jessie” and Debian 7 “Wheezy”
  • On both amd64 and i386 architectures.

For more details about which modules are included in the different Nginx flavors (light, full and extras), just take a look at the configuration options of their respective sections in the Jessie and Wheezy Makefiles.

Posted by & filed under PHP.

On October 13th 2016, the PHP group published PHP 7.0.12.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.12 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

Posted by & filed under PHP.

On September 15th 2016, the PHP group published PHP 7.0.11.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.11 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).

Posted by & filed under PHP.

On September 16th 2016, the PHP group released PHP 5.6.26.

This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.26 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.

Posted by & filed under PHP.

On August 18th 2016, the PHP group published PHP 7.0.10.

This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

Packages of PHP 7.0.10 are now available for Debian 8 “Jessie” on amd64 and i386 architectures, along with the following PECL extensions : APCu, APCu_bc, geoip, igbinary, imagick, memcached, mongodb, msgpack, redis, ssh2 and xdebug (Careful, PHP 7 support from some of them is still very young!).