Posted by & filed under MySQL.

MySQL 5.1.47 is now available on Dotdeb for your Lenny servers, in amd64 and i386 flavours.

This is a security-oriented release that fixes some serious flaws… Please read full changelog for more information.

Please also note that the InnoDB plugin has been upgraded to version 1.0.8 and is now considered of General Availability quality. Feel free to use it for a performance boost.

Posted by & filed under MySQL.

MySQL 5.1.46 is now available on Dotdeb for your Lenny servers, in amd64 and i386 flavours. It fixes a lot of annoying bugs and upgrades the InnoDB plugin to version 1.0.7 for more performances.

Be careful : the MySQL server is now split in two separate packages :

  • mysql-server-core-5.1 that contains only the mysqld binary and some system files,
  • mysql-server-5.1 that depends on mysql-server-core-5.1 and that contains the init scripts and utilities to run the MySQL server in a Debian environment.

The migration to this new packaging schema is transparent and will not break any dependencies.

As usual, please read the changes in MySQL 5.1.46 and what’s new in the InnoDB plugin 1.0.7 before upgrading.

Posted by & filed under PHP.

According to Stefan Esser, author of the Suhosin patch, May 2010 will be the “Month of PHP Security” :

This initiative continues the effort of Hardened-PHP’s Month of PHP Bugs in 2007 to improve the security of PHP and the PHP ecosystem by disclosing vulnerabilities in PHP and PHP applications on the one hand and on the other hand by publishing articles and tools that help PHP application developers to develop more secure PHP applications.

You’ll find more information on the MoPS website and you can follow its twitter account to discover each vulnerability as soon as it’s reported.

Posted by & filed under PHP.

A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

(…)

It is now available on Dotdeb (still on a separate repository) with the following changes :

  • id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
  • the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
  • php5-fpm is now an alternative dependency og the php5 meta-package

As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.

[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.

Posted by & filed under PHP.

A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)

(…)

On the Dotdeb side

As usual, please read the release announcement and the full Changelog before upgrading.

Posted by & filed under MySQL.

MySQL 5.1.43 is now available on Dotdeb for Debian 5.0 “Lenny” / Debian 4.0 “Etch” in amd64/i386 flavours.

Please note that it’s the last update for Etch, because the security supports ends for this branch (time to upgrade!).

This maintenance release comes with many improvements and bugfixes, especially the InnoDB plugin 1.0.6 (please read the Changelog for more details).

Posted by & filed under Miscellaneous.

The Debian security team announced that Debian 4.0 “Etch” security support  will be ended on February 15th, 2010 :

Security Support for Debian GNU/Linux 4.0 to be discontinued on
February 15th

One year after the release of Debian GNU/Linux 5.0 alias 'lenny' and
nearly three years after the release of Debian GNU/Linux 4.0 alias
'etch' the security support for the old distribution (4.0 alias
'etch') is coming to an end next month.  The Debian project is proud
to be able to support its old distribution for such a long time and
even for one year after a new version has been released.

The Debian project has released Debian GNU/Linux 5.0 alias 'lenny' on
the 14th of February 2009.  Users and Distributors have been given a
one-year timeframe to upgrade their old installations to the current
stable release.  Hence, the security support for the old release of
4.0 is going to end in February 2010 as previously announced.

Previously announced security updates for the old release will continue
to be available on security.debian.org.

Then, Dotdeb will follow the Debian project and all the Etch packages will be moved to http://archives.dotdeb.org/ on Feb. 15th.

It is now time for you to upgrade your last servers from Etch to Lenny…

What’s next?

I’ll have to prepare the Squeeze release (planned on August 2010). The (early) plans ?

  • Focus on high quality PHP 5.3 and MySQL 5.1+ packages
  • More useful tools for your LAMP platforms : Gearman, Maatkit… MariaDB? Drizzle? Wait & see
  • No more mail-realated packages (Qmail, Vpopmail, Courier, Dovecot, Vqadmin)