Ticket #218 (closed maintenance: fixed)
Debian upgrades and updates
Reported by: | chris | Owned by: | chris |
---|---|---|---|
Priority: | major | Milestone: | Maintenance |
Component: | Live server | Keywords: | |
Cc: | ed | Estimated Number of Hours: | 1.0 |
Add Hours to Ticket: | 0 | Billable?: | yes |
Total Hours: | 27.1 |
Description (last modified by chris) (diff)
This is a ticket to track debian upgrades to the wiki:PuffinServer, wiki:PenguinServer and wiki:ParrotServer the time they take.
See:
These updates are generally done using the wiki:AptitudeUpdateScript and this records all the changes in the /root/Changelog and then the contents of the Changelog are pasted into the ticket to document the upgrade.
This ticket was was originally used for the wiki:DevelopmentServer and the wiki:NewLiveServer.
Change History
comment:1 Changed 6 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 0.0 to 0.2
- Type changed from defect to task
comment:2 Changed 6 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.2 to 0.3
Mysql updates, see http://www.mail-archive.com/debian-changes@lists.debian.org/msg15762.html
These were first tested on the dev server and then the live server was updated.
The following packages will be upgraded: libc6 libc6-dev libmysqlclient15off locales mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 8 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 49.3MB of archives. After unpacking 487kB will be freed. Do you want to continue? [Y/n/?] y Writing extended state information... Done Get:1 http://security.debian.org lenny/updates/main mysql-common 5.0.51a-24+lenny5 [61.7kB] Get:2 http://security.debian.org lenny/updates/main mysql-server 5.0.51a-24+lenny5 [56.1kB] Get:3 http://security.debian.org lenny/updates/main libc6-dev 2.7-18lenny7 [2491kB] Get:4 http://security.debian.org lenny/updates/main libc6 2.7-18lenny7 [4812kB] Get:5 http://security.debian.org lenny/updates/main libmysqlclient15off 5.0.51a-24+lenny5 [1906kB] Get:6 http://security.debian.org lenny/updates/main mysql-client-5.0 5.0.51a-24+lenny5 [8207kB] Get:7 http://security.debian.org lenny/updates/main mysql-server-5.0 5.0.51a-24+lenny5 [27.3MB] Get:8 http://security.debian.org lenny/updates/main locales 2.7-18lenny7 [4432kB]
comment:3 Changed 6 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.3 to 0.4
Debian Security Advisory DSA-2167-1
http://lists.debian.org/debian-security-announce/2011/msg00033.html
Package : phpmyadmin Vulnerability : sql injection Problem type : remote Debian-specific: no CVE ID : CVE-2011-0987
Both server have been updated.
comment:5 Changed 6 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.4 to 0.5
Subversion vulnerability which applies to us, from http://lists.debian.org/debian-security-announce/2011/msg00048.html
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2181-1 security@debian.org http://www.debian.org/security/ Florian Weimer March 04, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : subversion Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-0715 Philip Martin discovered that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access.
This was done on kiwi:
sudo -i aptitude update aptitude safe-upgrade
And now the server is running the latest version: https://tech.transitionnetwork.org/svn/
comment:7 Changed 6 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.5 to 0.6
Live and dev servers have had PHP upgraded because of this:
- ------------------------------------------------------------------------- Debian Security Advisory DSA-2195-1 security@debian.org http://www.debian.org/security/ Raphael Geissert March 19, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 Vulnerability : several Problem type : local/remote Debian-specific: yes/no CVE ID : CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870 CVE-2010-4150 Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system (CVE-2011-0441). When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.
comment:9 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Status changed from new to accepted
- Total Hours changed from 0.6 to 0.7
- Milestone changed from Phase 3 to Phase 4
I have just updated all these packages on the live server:
bind9-host dhcp3-client dhcp3-common dnsutils libapr1 libbind9-50 libdns58 libisc50 libisccc50 libisccfg50
liblwres50 libperl5.10 libsvn1 libtiff4 libxml2 linux-libc-dev linux-modules-2.6.26-2-xen-amd64 perl perl-base
perl-modules subversion
The key one being libtiff4 as this was a security update.
comment:10 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.7 to 0.8
Security updates applied to dev and live:
libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql
comment:11 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.8 to 0.9
More security updates:
libapache2-mod-php5 libperl5.10 perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev
php5-gd php5-mcrypt php5-mysql
comment:12 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 0.9 to 1.0
Some security and other updates on both servers:
The following packages will be upgraded: apache2 apache2-mpm-prefork apache2-utils apache2.2-common dhcp3-client dhcp3-common libfreetype6 libpng12-0 libxfont1 phpmyadmin
comment:13 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 1.0 to 1.1
Apache security updates on both servers:
{{{The following packages will be upgraded:
apache2 apache2-mpm-prefork apache2-utils apache2.2-common }}}
comment:14 Changed 5 years ago by ed
merge with #30?
move to phase 5? or is this to be billed separately by WA as per Adam's quote (will it take 5 hours to upgrade to debian squeeze?)
comment:15 Changed 5 years ago by chris
- Milestone changed from Phase 4 to Phase 5
This ticket is being used to keep track of time spent on debian security upgrades and it is onging...
Ticket #301 is for upgrading between debian versions which is different from updating a packages due to security issues.
comment:16 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.6
- Total Hours changed from 1.1 to 1.7
vsftp upgraded on both servers due to security update http://www.debian.org/security/2011/dsa-2305
comment:17 Changed 5 years ago by jim
Is there an issue with the SSL certs?
Last login: Tue Sep 20 19:57:51 2011 from host86-186-150-227.range86-186.btcentralplus.com jim@kiwi:~$ cd /web/dev.transitionnetwork.org.webarch.net/www jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ sudo svn up svn: OPTIONS of 'https://tech.transitionnetwork.org/svn/www/trunk': Could not resolve hostname `tech.transitionnetwork.org': Host not found (https://tech.transitionnetwork.org) jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ ping tech.transitionnetwork.org PING tech.transitionnetwork.org (81.95.52.78) 56(84) bytes of data. 64 bytes from kiwi.transitionnetwork.org (81.95.52.78): icmp_req=1 ttl=64 time=0.000 ms 64 bytes from kiwi.transitionnetwork.org (81.95.52.78): icmp_req=2 ttl=64 time=0.000 ms ^C --- tech.transitionnetwork.org ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 0.000/0.000/0.000/0.000 ms jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ sudo svn up Error validating server certificate for 'https://tech.transitionnetwork.org:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! - The certificate has an unknown error. Certificate information: - Hostname: *.transitionnetwork.org - Valid: from Fri, 07 Jan 2011 00:00:00 GMT until Fri, 10 Feb 2012 23:59:59 GMT - Issuer: GANDI SAS, FR - Fingerprint: 8e:8c:e7:a1:42:89:75:77:1d:be:4b:e8:9e:1f:9d:89:8a:e6:81:9f
comment:18 Changed 5 years ago by jim
Actually, DEV is down: https://dev.transitionnetwork.org/
The mysql error was: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2).
comment:19 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0 to 0.1
Sorry, was half way though the upgrade from lenny to squeeze when I had to collect the kids, see ticket:301 and wiki:LennyToSqueeze.
I had assumed since Trac was working that Mysql / apache / PHP were all OK... Sorry.
Mysql has been restarted, more testing needed...
comment:20 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 1.7 to 1.8
Debian upgrades applied to the dev server:
libapache2-mod-php5 libgssapi-krb5-2 libjasper1 libk5crypto3 libkrb5-3 libkrb5support0 libssl-dev libssl0.9.8 libt1-5 linux-libc-dev nginx nginx-common nginx-light openssl php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin x11-common
And these to the live server:
libgssapi-krb5-2 libjasper1 libk5crypto3 libkrb5-3 libkrb5support0 libssl-dev libssl0.9.8 linux-libc-dev openssl x11-common
comment:22 Changed 5 years ago by chris
- Cc jim added
- Add Hours to Ticket changed from 0.0 to 0.4
- Total Hours changed from 1.8 to 2.2
phpmyadmin security update http://lists.debian.org/debian-security-announce/2012/msg00014.html
Dev and live server have been updated, phpmyadmin is also protected by htauth so this wasn't a serious security issue for us.
When testing the live server I also checked the documentation for Suhosin tweaks that are needed and applied these to both servers, one thing I noticed is the the dev server has the following in /etc/php5/conf.d/suhosin.ini:
suhosin.executor.include.whitelist="phar"
Jim I guess you added this? Is it also needed on the live server?
comment:23 Changed 5 years ago by jim
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 2.2 to 2.3
According to http://www.php.net/manual/en/intro.phar.php, Phar is the PHP version of the Java Jar file - a repo of code and data.
I've not used it to my knowledge and LIVE doesn't need it as far as I know.
comment:24 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.58
- Total Hours changed from 2.3 to 2.88
Debian updated applied to the dev server:
base-files bzip2 curl dpkg dpkg-dev libbz2-1.0 libbz2-dev libc-bin libc-dev-bin libc6 libc6-dev libcurl3 libcurl3-gnutls libdpkg-perl libgnutls26 libssl-dev libssl0.9.8 libxml2 linux-libc-dev locales module-init-tools mutt openssl perl perl-base perl-modules php5-suhosin tzdata
On the live server the following packages were updated:
base-files bzip2 curl dpkg dpkg-dev libapache2-mod-php5 libbz2-1.0 libbz2-dev libc-bin libc-dev-bin libc6 libc6-dev libcurl3 libcurl3-gnutls libdpkg-perl libgnutls26 libperl5.10 libsmbclient libssl-dev libssl0.9.8 libwbclient0 libxml2 linux-libc-dev locales module-init-tools mutt openssl perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql python-debian tzdata
New versions of /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini were installed and the previously documented changes to these files were applied and updated, see wiki:NewLiveServer#php
comment:25 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 2.88 to 3.08
New versions of php, again, see http://lists.debian.org/debian-security-announce/2012/msg00028.html
Perhaps the segfault problem was related, see ticket:390
Dev and live servers updated.
comment:26 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.11
- Total Hours changed from 3.08 to 3.19
Apache security update: http://lists.debian.org/debian-security-announce/2012/msg00031.html
The following packages will be upgraded: apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common
Dev and live servers have been upgraded.
comment:27 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 3.19 to 3.39
Debian security update for php5 http://lists.debian.org/debian-security-announce/2012/msg00035.html
On quince:
The following packages will be upgraded: libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql
Also these updates kiwi (kiwi is running dotdeb version of php5 and this hasn't been updated yet):
The following packages will be upgraded: mysql-common nginx nginx-common nginx-light
comment:28 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 3.39 to 3.49
Security updates:
libpng12-0 libxml2
Applied to both servers.
comment:29 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 3.49 to 3.59
Kiwi updates:
open: 8; closed: 4; defer: 2; conflict: 2 .The following packages will be upgraded: file imagemagick libfreetype6 libmagic-dev libmagic1 libmagickcore3 libmagickcore3-extra libmagickwand3 libmysqlclient16 mysql-client-5.1 nginx nginx-common nginx-light Configuration file `/etc/nginx/sites-available/default' ==> Modified (by you or by a script) since installation. ==> Package distributor has shipped an updated version. The default action is to keep your current version. *** default (Y/I/N/O/D/Z) [default=N] ? N
Quince:
The following packages will be upgraded: libmysqlclient16 mysql-client mysql-client-5.1 mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1
comment:30 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 3.59 to 3.69
Kiwi updates:
libmysqlclient16 mysql-client-5.1
Quince updates:
imagemagick libfreetype6 libmagic1 libmagickcore3 libmagickcore3-extra libmagickwand3
comment:31 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 3.69 to 3.79
kiwi security upgrade, http://www.dotdeb.org/2012/03/15/security-nginx-1-0-14/
nginx nginx-common nginx-light
comment:32 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 3.79 to 3.89
libpng security update (a user uploading a specially crafted png could run code on the server), http://www.debian.org/security/2012/dsa-2439
Kiwi and quince:
libpng12-0
comment:33 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 3.89 to 4.09
Kiwi upgrades:
libgnutls26 libtasn1-3 linux-libc-dev mysql-common
Quince:
libgnutls26 libtasn1-3 linux-libc-dev
comment:34 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 4.09 to 4.19
Kiwi:
curl libcurl3 libcurl3-gnutls libpng12-0 libtiff4 nginx nginx-common nginx-light
Quince:
curl libcurl3 libcurl3-gnutls libpng12-0 libtiff4
comment:35 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 4.19 to 4.29
Kiwi updates:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common mysql-common nginx nginx-common nginx-light
Quince updates:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libsmbclient libwbclient0
comment:36 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 4.29 to 4.39
Security updates, kiwi:
libssl-dev libssl0.9.8 openssl
Quince:
libssl-dev libssl0.9.8 openssl
comment:37 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.5
- Total Hours changed from 4.39 to 4.89
Kiwi updates:
imagemagick libapache2-mod-php5 libmagickcore3 libmagickcore3-extra libmagickwand3 libmysqlclient16 libssl-dev libssl0.9.8 mysql-client-5.1 nginx nginx-common nginx-light openssl php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin
The dotdeb version of these files were installed and then the local modifications redone, /etc/php5/apache2/php.ini
;expose_php = On ; chris expose_php = Off ;memory_limit = 128M ; chris memory_limit = 256M ;post_max_size = 8M ; chris post_max_size = 128M ;default_charset = "iso-8859-1" ; chris default_charset = "utf-8" ;upload_max_filesize = 2M ; chris upload_max_filesize = 100M ;max_file_uploads = 20 ; chris max_file_uploads = 50 ;default_socket_timeout = 60 ; chris default_socket_timeout = 120 ; chris extension=uploadprogress.so ;session.cookie_secure = ; chris session.cookie_secure = 1 ;mbstring.http_input = auto ; chris ; https://github.com/pressflow/6/blob/master/.htaccess mbstring.http_input = pass ;mbstring.http_output = SJIS ; chris ; https://github.com/pressflow/6/blob/master/.htaccess mbstring.http_output = pass
And in /etc/php5/cli/php.ini:
;memory_limit = -1 ; chris memory_limit = 768M
And in /etc/php5/fpm/pool.d/www.conf:
;listen = 127.0.0.1:9000 ; chris listen = /var/run/php5-fpm/phpfpm.sock ;listen.allowed_clients = 127.0.0.1 ; chris listen.allowed_clients = 127.0.0.1,81.95.52.78,kiwi.transitionnetwork.org,kiwi.webarch.net ;pm.max_children = 5 ; chris pm.max_children = 10 ;access.log = log/$pool.access.log ; chris access.log = /var/log/php-fpm/$pool.access.log ; error log ; chris error_log = /var/log/php-fpm/error_log
And /etc/php5/fpm/php.ini
;expose_php = On ; chris expose_php = Off ;max_execution_time = 30 ; chris ; increased to 60 seconds rather than 30 max_execution_time = 60 ;memory_limit = 128M ; chris memory_limit = 256M ;error_reporting = E_ALL & ~E_DEPRECATED ; chris error_reporting = E_ALL | E_STRICT ;track_errors = Off ;chris track_errors = On ;error_log = syslog ; chris error_log = syslog ;cgi.fix_pathinfo=1 ; chris cgi.fix_pathinfo=0
Quince updates:
imagemagick libmagickcore3 libmagickcore3-extra libmagickwand3 libsmbclient libssl-dev libssl0.9.8 libwbclient0 openssl
comment:38 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 4.89 to 4.99
Kiwi updates:
file libapache2-mod-php5 libmagic-dev libmagic1 linux-libc-dev mysql-common php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin
Quince updates:
file libapache2-mod-php5 libmagic1 linux-libc-dev php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql
comment:39 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 1.0
- Total Hours changed from 4.99 to 5.99
Following the php update done here ticket:218#comment:38 php-fpm won't restart, I don't know why, I can't work out why. I'll have to continue working on this tomorrow.
As a result everything that uses php on the dev server isn't running, the only execption to this being trac as it's running via apache still (phew!).
The announcement for the new php version is here:
http://www.dotdeb.org/2012/05/09/security-php-5-4-3-and-php-5-3-13/
As I recall I had to switch the dev server to use the dotdeb repo rather than the standard one that the live server uses was done in order that trac could be upgraded, this was required in order that the trac git plugins could be installed, this does mean however that the php version on the dev server isn't the same as the live server -- I wonder if we should consider switching back so they have the same versions at some point since we are not using the trac git plugins? Or perhaps we should switch the live server over to use the dotdeb repowhen we switch to nginx as it has a newer version:
http://www.dotdeb.org/2012/04/29/nginx-1-2-0-with-naxsi-0-45-and-passenger-3-0-12/
Also a reboot of both servers will perhaps be needed next week due to this update:
http://lists.debian.org/debian-security-announce/2012/msg00105.html
comment:40 Changed 5 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 5.99 to 6.19
php-fpm is running again, it was a error with the log file configuraion, tracked down via starting it directly rather than using the script in /etc/init.d.
Sorry for the downtime.
comment:41 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 6.19 to 6.39
Kiwi updates:
base-files initscripts libapr1 libc-bin libc-dev-bin libc6 libc6-dev libssl-dev libssl0.9.8 libxi6 libxml2 linux-libc-dev locales openssh-client openssh-server openssl procps ssh sudo sysv-rc sysvinit sysvinit-utils tzdata
Quince updates:
base-files initscripts libapr1 libc-bin libc-dev-bin libc6 libc6-dev libpolkit-agent-1-0 libpolkit-backend-1-0 libpolkit-gobject-1-0 libssl-dev libssl0.9.8 libxi6 libxml2 linux-libc-dev locales openssh-client openssh-server openssl php5-memcache policykit-1 procps python python-minimal ssh sudo sysv-rc sysvinit sysvinit-utils tzdata
comment:42 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.16
- Total Hours changed from 6.39 to 6.55
Kiwi updates:
{{{bind9-host dnsutils libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60
libmysqlclient16 mysql-client-5.1 mysql-common nginx nginx-common nginx-light}}}
Quince:
{{{bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62
libisccc60 libisccfg62 liblwres60 libmysqlclient16 mysql-client-5.1
mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1 php-pear
php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt
php5-mysql}}}
comment:43 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.4
- Total Hours changed from 6.55 to 6.95
Kiwi updates:
libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin
The upgrade wanted to also upgrade these files:
/etc/apache2/php.ini /etc/cli/php.ini /etc/fpm/php.ini
So they were all manually checked.
The live server doesn't have any upgrades -- it's not running a http://dotdeb.org/ LAMP stack.
comment:44 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 6.95 to 7.05
Kiwi updates:
bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client isc-dhcp-common libapache2-mod-php5 libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 mysql-common nginx nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin
Quince uodates:
bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client isc-dhcp-common libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60
comment:45 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 7.05 to 7.3
Kiwi updates:
bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client isc-dhcp-common libapache2-mod-php5 libbind9-60 libdns69 libexpat1 libisc62 libisccc60 libisccfg62 liblwres60 libvarnishapi1 libxml2 mysql-common nginx nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin varnish
Quince updates:
bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60 libvarnishapi1 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql varnish
comment:46 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 7.3 to 7.5
Kiwi updates:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common automake automake1.9 base-files debian-archive-keyring dhcp3-client dhcp3-common dpkg dpkg-dev isc-dhcp-client isc-dhcp-common libapache2-mod-php5 libc-bin libc-dev-bin libc6 libc6-dev libconfig-inifiles-perl libdpkg-perl libtiff4 libxslt1.1 linux-libc-dev locales lockfile-progs mysql-common nginx nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin xsltproc
Quince updates:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common automake automake1.9 base-files debian-archive-keyring dhcp3-client dhcp3-common dpkg dpkg-dev isc-dhcp-client isc-dhcp-common libc-bin libc-dev-bin libc6 libc6-dev libconfig-inifiles-perl libdpkg-perl libtiff4 linux-libc-dev locales lockfile-progs
comment:47 Changed 4 years ago by chris
- Estimated Number of Hours changed from 0.0 to 1.0
We need to update PHP on kiwi for a Mediawiki upgrade to 1.20, see ticket:455 this could either be done by switching to PHP 5.4.8 from dotdeb, http://www.dotdeb.org/2012/10/19/php-5-4-8-and-php-5-3-18/ or via switching back to the debian stable version, PHP 5.3.3-7+squeeze14.
comment:48 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 7.5 to 7.7
Kwik updates:
bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60 libtiff4 libxslt1.1 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin xsltproc python-debian
There is an issue with a !MySQL upgrade which has been kept back which needs sorting out:
The following packages have been kept back: mysql-server mysql-server-5.1 mysql-server-core-5.1
Quince updates:
bind9-host dnsutils exim4-base exim4-config exim4-daemon-light libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60 libtiff4 libkrb53 libpq5 libvorbis0a libvorbisfile3
I also installed cron-apt and to check on updated package availability, wiki:NewLiveServer#cron-apt
comment:49 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 7.7 to 7.9
The MySQL issue is cause by this, sorry I should have picked up on this sooner, MySQL 5.1 discontinued on Dotdeb however upgrading to the dotdeb MySQL 5.5.28 could cause other problems, it's been reported here that "phpmyadmin depends on php5-mysql".
I'm also not sure that we want the MySQL version on the dev machine to be out of sync with the live server? I'll think about this some before doing anything about it, due to ticket:218#comment:47 I wonder if we shouldn't switch back to the debian stable versions of nginx, php, mysql -- we switched to the dotdeb versions for PHP-FPM, however if the dev drupal sites are going to be migrated to a new new live server then there is there a need for PHP-FPM on kiwi?
comment:50 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 7.9 to 8.1
kiwi upgrades:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libtiff4 nginx nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin
quince:
apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libtiff4
comment:51 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 8.1 to 8.2
I have disabled the munin apt and apt_all plugins on kiwi as they were resulting in me getting a email every 5 mins saying these package need updating:
mysql-server mysql-server-5.1 mysql-server-core-5.1
However they can't be easilly upgraded due to conflicts -- I don't think we should worry about this as we need to get everything migrated to the new server ASAP.
comment:52 Changed 4 years ago by chris
puffin:
libxml2 libxml2-dev libxml2-utils
kiwi:
libxml2
quince:
libxml2
comment:53 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 8.2 to 8.4
kiwi:
libmysqlclient16 mysql-client-5.1
quince:
libmysqlclient16 mysql-client-5.1 mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1
comment:54 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 8.4 to 8.5
Quince upgrades:
libperl5.10 perl perl-base perl-modules
Kiwi still needs the mysql situation sorting out, these packages have been updated:
perl perl-base perl-modules
comment:55 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 8.5 to 8.75
Security update, quince:
libtiff4
Kiwi:
libtiff4 nginx nginx-common nginx-light
comment:56 Changed 4 years ago by chris
and puffin:
libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze
comment:57 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 8.75 to 9.0
Updates to quince done over the Xmas holiday, recorded in /root/Changelog:
2013-01-06 chris * gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze libcups2/squeeze libcupsimage2/squeeze : updated 2012-12-30 chris * ghostscript/squeeze gs-common/squeeze libgs8/squeeze : updated
comment:58 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.2
- Total Hours changed from 9.0 to 9.2
penguin updates recorded in /root/Changelog:
2013-01-08 chris * gnupg-curl libcurl3-gnutls{a} : installed * gnupg/squeeze gpgv/squeeze nginx/squeeze-backports nginx-common/squeeze-backports nginx-full/squeeze-backports php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-mysql/squeeze : updated
comment:59 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.2 to 9.45
Security updates, penguin:
2013-02-13 chris * geoip-database/squeeze-backports libssl0.9.8/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze openssl/squeeze : updated
puffin:
2013-02-13 chris * libssl-dev/squeeze libssl0.9.8/squeeze openssl/squeeze : updated
quince:
2013-02-13 chris * libssl-dev/squeeze libssl0.9.8/squeeze openssl/squeeze : updated
comment:60 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.45 to 9.7
Lots of updates on puffin:
2013-02-23 chris * apt-show-versions/squeeze base-files/squeeze bind9-host/squeeze dbus/squeeze dbus-x11/squeeze dnsutils/squeeze firmware-linux-free/squeeze gzip/squeeze libbind9-60/squeeze libcups2/squeeze libcupsimage2/squeeze libdbus-1-3/squeeze libdbus-glib-1-2/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze libldap-2.4-2/squeeze libldap2-dev/squeeze liblwres60/squeeze libperl5.10/squeeze libpoppler5/squeeze libxenstore3.0/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze poppler-utils/squeeze ssh/squeeze : updated 2013-02-21 chris * libpq5/squeeze : updated
penguin:
2013-02-23 chris * apt-show-versions/squeeze base-files/squeeze dbus/squeeze firmware-linux-free/squeeze gzip/squeeze libcgi-fast-perl/squeeze libdbus-1-3/squeeze libldap-2.4-2/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze tzdata/squeeze : updated
quince:
2013-02-23 chris * apt-show-versions/squeeze base-files/squeeze bind9-host/squeeze dbus/squeeze dbus-x11/squeeze dnsutils/squeeze gzip/squeeze libbind9-60/squeeze libcups2/squeeze libcupsimage2/squeeze libdbus-1-3/squeeze libdbus-glib-1-2/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze libldap-2.4-2/squeeze liblwres60/squeeze libnautilus-extension1/squeeze libperl5.10/squeeze linux-libc-dev/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze ssh/squeeze tzdata/squeeze : updated 2013-02-20 chris * libpq5/squeeze : updated
comment:61 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 9.7 to 9.95
Debian upgrades, puffin:
2013-02-26 chris * firmware-linux-free/squeeze libopenjpeg2/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated
Penguin:
2013-02-26 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze : updated
Quince:
2013-02-26 chris * linux-libc-dev/squeeze : updated
comment:62 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 9.95 to 10.05
Penguin debian security update:
2013-03-02 chris * libxenstore3.0/squeeze : updated
comment:63 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 10.05 to 10.3
- Description modified (diff)
Puffin updates:
2013-03-04 chris * libxenstore3.0/squeeze php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated
Penguin:
2013-03-04 chris * php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-mysql/squeeze : updated
I also installed the apt and apt_all munin plugins on both servers:
2013-03-04 chris * /etc/munin/plugins : ln -s /usr/share/munin/plugins/apt_all * /etc/munin/plugins : ln -s /usr/share/munin/plugins/apt
comment:64 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 10.3 to 10.55
Puffin:
2013-03-09 chris * sudo/squeeze : updated
Penguin:
2013-03-09 chris * sudo/squeeze : updated
comment:65 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 10.55 to 10.8
Puffin:
2013-03-09 root * libperl5.10/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze : updated
Penguin:
2013-03-09 chris * libcgi-fast-perl/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze : updated
comment:66 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 10.8 to 11.05
New version of !MariaDB on puffin:
2013-03-12 chris * libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated
comment:67 Changed 4 years ago by jim
- Cc laura, jim removed
I don't need to know about these, nor does Laura I assume...
comment:68 Changed 4 years ago by chris
- Cc ed added; chris removed
Thanks for checking the cc field, I have added Ed, I hadn't realised he wasn't getting these, he can remove himself if he wants.
comment:69 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.05 to 11.15
Puffin update:
2013-03-15 chris * libvirt0/squeeze : updated
comment:70 Changed 4 years ago by chris
Puffin:
2013-03-17 chris * libvirt0/squeeze : updated
comment:71 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.15 to 11.25
Penguin:
2013-03-26 chris * libxml2/squeeze : updated
Puffin:
2013-03-26 chris * libxml2/squeeze libxml2-dev/squeeze libxml2-utils/squeeze : updated
comment:72 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 11.25 to 11.4
Penguin updates:
2013-03-26 chris * php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated
Puffin updates:
2013-03-26 chris * php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated
The restart of php-fpm that these updates required caused some 502 errors, see ticket:483#comment:52
comment:73 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.4 to 11.5
Puffin security updates:
2013-03-30 chris * bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated
comment:74 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 11.5 to 11.75
Puffin updates:
2013-04-03 chris * libxslt1-dbg/squeeze libxslt1-dev/squeeze libxslt1.1/squeeze : updated
Penguin updates:
2013-04-03 chris * libxslt1.1/squeeze : updated
comment:75 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.75 to 11.85
Puffin update:
2013-04-04 chris * libpq5/squeeze : updated
comment:76 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 11.85 to 11.95
Puffin update:
2013-04-18 chris * libxenstore3.0/squeeze : updated
comment:77 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 11.95 to 12.2
Penguin updates, applied manually, see the note here for the reason wiki:PenguinServer#Updates
2013-04-20 chris * libossp-uuid16{a} : installed * munin/squeeze-backports munin-common/squeeze-backports munin-doc/squeeze-backports munin-node/squeeze-backports munin-plugins-core/squeeze-backports munin-plugins-extra/squeeze-backports nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated
comment:78 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 12.2 to 12.45
curl security update, http://lists.debian.org/debian-security-announce/2013/msg00070.html updates applied to penguin:
2013-04-20 chris * libcurl3-gnutls/squeeze : updated
And to puffin:
2013-04-20 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openssl-dev/squeeze : updated
comment:79 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 12.45 to 12.7
New version of PHP 5.3.24, see:
Puffin updates:
2013-04-22 chris * php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated
And Penguin:
2013-04-22 chris * php-pear php5 php5-apc php5-cli php5-common php5-fpm php5-gd php5-mysql : updated
comment:80 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.5
- Total Hours changed from 12.7 to 13.2
New version of Nginx:
Nginx 1.4.1 has been released on May 7th 2013, with the fix for the stack-based buffer overflow security problem in nginx 1.3.9 – 1.4.0, discovered by Greg MacManus, of iSIGHT Partners Labs (CVE-2013-2028).
This is a serious bug "potentially resulting in arbitrary code execution" http://seclists.org/oss-sec/2013/q2/290
Penguin (upgrade didn't work for reasons I don't quite understand, so I had to install the packaged over the top of the existing ones):
aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze
Puffin:
aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze
After this there were a series of Nginx config errors and multiple lines, mostly related to serving mp4 and flv files and uploadprogress had to be commented out before Nginx would start, this resulted in a few mins of downtime:
nginx: [emerg] unknown directive "upload_progress" in /etc/nginx/conf.d/aegir.conf:105 nginx: [emerg] unknown directive "upload_progress" in /etc/nginx/conf.d/aegir.conf:105 nginx: [emerg] unknown directive "upload_progress_java_output" in /data/disk/tn/config/includes/nginx_octopus_include.conf:154 nginx: [emerg] unknown directive "report_uploads" in /data/disk/tn/config/includes/nginx_octopus_include.conf:155 nginx: [emerg] unknown directive "flv" in /data/disk/tn/config/includes/nginx_octopus_include.conf:514 nginx: [emerg] unknown directive "mp4" in /data/disk/tn/config/includes/nginx_octopus_include.conf:526 nginx: [emerg] unknown directive "mp4_buffer_size" in /data/disk/tn/config/includes/nginx_octopus_include.conf:528 nginx: [emerg] unknown directive "mp4_max_buffer_size" in /data/disk/tn/config/includes/nginx_octopus_include.conf:529 nginx: [emerg] unknown directive "track_uploads" in /data/disk/tn/config/includes/nginx_octopus_include.conf:773 nginx: [emerg] unknown directive "upload_progress_json_output" in /data/disk/tn/config/includes/nginx_modern_include.conf:154 nginx: [emerg] unknown directive "report_uploads" in /data/disk/tn/config/includes/nginx_modern_include.conf:155 nginx: [emerg] unknown directive "flv" in /data/disk/tn/config/includes/nginx_modern_include.conf:514 nginx: [emerg] unknown directive "mp4" in /data/disk/tn/config/includes/nginx_modern_include.conf:526 nginx: [emerg] unknown directive "mp4_buffer_size" in /data/disk/tn/config/includes/nginx_modern_include.conf:528 nginx: [emerg] unknown directive "mp4_max_buffer_size" in /data/disk/tn/config/includes/nginx_modern_include.conf:529 nginx: [emerg] unknown directive "track_uploads" in /data/disk/tn/config/includes/nginx_modern_include.conf:773 nginx: [emerg] unknown directive "flv" in /var/aegir/config/includes/nginx_compact_include.conf:67 nginx: [emerg] unknown directive "mp4" in /var/aegir/config/includes/nginx_compact_include.conf:79 nginx: [emerg] unknown directive "mp4_buffer_size" in /var/aegir/config/includes/nginx_compact_include.conf:81 nginx: [emerg] unknown directive "mp4_max_buffer_size" in /var/aegir/config/includes/nginx_compact_include.conf:82 nginx: [emerg] unknown directive "upload_progress_json_output" in /var/aegir/config/includes/nginx_modern_include.conf:154 nginx: [emerg] unknown directive "report_uploads" in /var/aegir/config/includes/nginx_modern_include.conf:155 nginx: [emerg] unknown directive "flv" in /var/aegir/config/includes/nginx_modern_include.conf:514 nginx: [emerg] unknown directive "mp4" in /var/aegir/config/includes/nginx_modern_include.conf:526 nginx: [emerg] unknown directive "mp4_buffer_size" in /var/aegir/config/includes/nginx_modern_include.conf:528 nginx: [emerg] unknown directive "mp4_max_buffer_size" in /var/aegir/config/includes/nginx_modern_include.conf:529 nginx: [emerg] unknown directive "track_uploads" in /var/aegir/config/includes/nginx_modern_include.conf:773
All the lines that cause errors above were commented out, when we work out what went wrong and fix the problem they will need uncommenting.
There was also this error:
nginx: [emerg] could not build the variables_hash, you should increase either variables_hash_max_size: 512 or variables_hash_bucket_size: 64
This was fixed by adding the following to the http section of /etc/nginx/nginx.conf:
variables_hash_max_size 1024; variables_hash_bucket_size 128;
After these config changed Nginx started OK.
comment:81 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 13.2 to 13.45
It looks like we need to have the nginx-extras package installed rather than nginx-full, the results of aptitude show nginx-full:
Description: nginx web/proxy server (standard version)
Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to
reduce the load on back-end HTTP or mail servers.
This package provides a version of nginx with the complete set of standard modules included (but omitting some of those included in nginx-extras).
STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Charset, Empty GIF, FastCGI, Geo, Gzip, Headers, Index, Limit Requests, Limit Zone, Log, Map,
Memcached, Proxy, Referer, Rewrite, SCGI, Split Clients, SSI, Upstream, User ID, UWSGI.
OPTIONAL HTTP MODULES: Addition, Debug, GeoIP, Gzip Precompression, HTTP Sub, Image Filter, IPv6, Real IP, SSL, Stub Status, Substitution, WebDAV, XSLT.
MAIL MODULES: Mail Core, IMAP, POP3, SMTP, SSL.
THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, Upstream Fair Queue.
MODULES ADDED BY DOTDEB : File AIO, Secure link, Syslog, Cache purge, Pinba, HTTP substitution filter, X-rid header
Homepage: http://nginx.net
And aptitude show nginx-extras:
Description: nginx web/proxy server (extended version)
Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to
reduce the load on back-end HTTP or mail servers.
This package provides a version of nginx with the standard modules, plus extra features and modules such as the Perl module, which allows the addition of Perl in
configuration files.
STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Charset, Empty GIF, FastCGI, Geo, Gzip, Headers, Index, Limit Requests, Limit Zone, Log, Map,
Memcached, Proxy, Referer, Rewrite, SCGI, Split Clients, SSI, Upstream, User ID, UWSGI.
OPTIONAL HTTP MODULES: Addition, Debug, Embedded Perl, FLV, GeoIP, Gzip Precompression, Image Filter, IPv6, MP4, Random Index, Real IP, Secure Link, SSL, Stub
Status, Substitution, WebDAV, XSLT.
MAIL MODULES: Mail Core, IMAP, POP3, SMTP, SSL.
THIRD PARTY MODULES: Auth PAM, Cache purge, DAV Ext, Echo, Embedded Lua, HttpHeadersMore?, http push, Nginx Development Kit, Upload Progress, Upstream Fair Queue.
MODULES ADDED BY DOTDEB : File AIO, Syslog, Pinba, HTTP Gunzip , HTTP substitution filter, X-rid header
Homepage: http://nginx.net
So:
aptitude install nginx-extras The following packages have unmet dependencies: nginx-full: Conflicts: nginx-extras but 1.4.1-1~dotdeb.0 is to be installed. nginx-extras: Conflicts: nginx-full but 1.4.1-1~dotdeb.0 is installed. Internal error: found 2 (choice -> promotion) mappings for a single choice. The following actions will resolve these dependencies: Remove the following packages: 1) nginx 2) nginx-full Accept this solution? [Y/n/q/?] Y The following NEW packages will be installed: nginx-extras The following packages will be REMOVED: nginx{a} nginx-full{a} 0 packages upgraded, 1 newly installed, 2 to remove and 0 not upgraded. Need to get 666 kB of archives. After unpacking 381 kB will be used. Do you want to continue? [Y/n/?] Y
After that all the lines that were commented out in ticket:218#comment:80 were uncommented and nginx was restarted.
comment:82 follow-up: ↓ 83 Changed 4 years ago by jim
Chris, any reason why you're not using the proper installer? You risk borking BOA if you do these piecemeal updates. From http://drupalcode.org/project/barracuda.git/blob/HEAD:/docs/UPGRADE.txt
### NOTE: You can append "system" as a last argument to the barracuda command, and it will upgrade only the system, without running Aegir Master Instance upgrade, plus it will write the output to the file instead of to the console: /var/backups/reports/up/barracuda/* Example: barracuda up-stable system
FYI note this commit: http://drupalcode.org/project/barracuda.git/blobdiff/97cbf82a1e30d4e040b0ddbf514c2a83da10fccc..043fb3e1a9d9e2f32fd8d6f9bab428ea03319b13:/BARRACUDA.sh.txt
The change to BARRACUDA.sh.txt that sets the NGINX version is there, so if you ran the meta installer, then edited the script, you could have set _NGINX_VERSION to whatever you wanted.
I'd expect the new 1.4.1 version will be reflected in the BOA scripts pretty soon.
These errors are almost certainly of an issue caused by this non-standard (for BOA) update process you followed.
comment:83 in reply to: ↑ 82 Changed 4 years ago by chris
Replying to jim:
Chris, any reason why you're not using the proper installer?
I didn't realise I wasn't supposed to be doing security update using aptitude / apt-get. I do remember asking a question about this some time ago on one of the Trac tickets but I guess it got missed.
My concern about running the whole installer each time there is a new debian package out is that it takes the site down for around 20 / 30 mins while the installer runs -- is this really what we should be doing for every debian update?
comment:84 Changed 4 years ago by jim
Yes, you absolutely need to use the proper scripts! This bit me in the ass long ago, it's absolutely worth sticking to.
And as quoted above, the barracuda up-stable system just does a managed apt-get update for system only.. give that a whirl next time.
comment:85 Changed 4 years ago by jim
As expected, the BOA team are already looking at/fixing the NGINX update: Nginx 1.5.0 - security upgrade for CVE-2013-2028.
Again, worth letting the updates settle for a few days and either running 'barracuda up-head' soon, or waiting for 2.0.9 to go for a stable version.
comment:87 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 13.45 to 13.7
PHP was updated on penguin earlier today:
2013-05-12 chris * php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated
Info on the new version, "These releases fix about 10 bugs as well as upgrading the bundled libmagic library.": http://www.dotdeb.org/2013/05/12/php-5-4-15-php-5-3-25-for-wheezy-squeeze/
comment:88 follow-up: ↓ 89 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 13.7 to 13.95
New debian kernel, I haven't seen an announcement for the reason for it, Parrot updates:
2013-05-14 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated
Penguin updates:
2013-05-14 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze : updated
Puffin:
2013-05-14 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated
I didn't run the BOA script to update Puffin as I didn't see the point in making the site unavailable for 30 mins.
I haven't done a reboot yet so the servers will still be using the old kernel, I'll do the reboot later in the night when the site has less traffic.
comment:89 in reply to: ↑ 88 Changed 4 years ago by jim
Replying to chris:
I didn't run the BOA script to update Puffin as I didn't see the point in making the site unavailable for 30 mins.
I already mentioned earlier:
- barracuda up-stable = (re)install Barracuda, PHP, MySQL, Redis etc etc.
- barracuda up-stable system = Just manages apt-get/aptitude updates so as not to override/upset BOA.
Have you tried the latter? It should be much less than 30 minutes as it's not installing/updating the whole stack. Try it!
comment:90 Changed 4 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 13.95 to 14.2
Parrot updates:
2013-05-23 chris * libxcb-render0/squeeze libxcb1/squeeze libxcursor1/squeeze libxext6/squeeze libxfixes3/squeeze libxi6/squeeze libxinerama1/squeeze libxrandr2/squeeze libxrender1/squeeze : updated
Penguin updates:
2013-05-23 chris * libxcb-render0/squeeze libxcb-shm0/squeeze libxcb1/squeeze libxext6/squeeze libxrender1/squeeze : updated
These are the outstanding updates on puffin, a mixture of debian X11 updates and a new version of mariadb:
libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze libxcb-render0/squeeze libxcb-render0-dev/squeeze libxcb1/squeeze libxcb1-dev/squeeze libxcursor-dev/squeeze libxcursor1/squeeze libxext-dev/squeeze libxext6/squeeze libxfixes-dev/squeeze libxfixes3/squeeze libxi-dev/squeeze libxi6/squeeze libxinerama-dev/squeeze libxinerama1/squeeze libxp6/squeeze libxrandr-dev/squeeze libxrandr2/squeeze libxrender-dev/squeeze libxrender1/squeeze libxres1/squeeze libxt-dev/squeeze libxt6/squeeze libxtst6/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze
I've very reluctant to update the server the way Jim wishes in ticket:218#comment:89 as I expect this would take the site off line for 30 mins and also potentially overwrite the fix Jim applied on ticket:548#comment:21 to solve the problems caused with the last BOA update, ticket:547#comment:4
barracuda up-stable system Please update installers on your system using BOA Meta Installer and try again. $ wget -q -U iCab http://files.aegir.cc/BOA.sh.txt $ bash BOA.sh.txt
So, Jim -- is it OK to use the normal debian tools or is it essential to do a BOA update?
comment:91 follow-up: ↓ 92 Changed 3 years ago by jim
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 14.2 to 14.3
barracuda up-stable system takes ~7 mins on my system, and certainly only a fraction of that is downtime.
And YES, you do need to use barracuda to update the system because it's not just about the packages in Debian/apt -- the whole stack works together and pulls from sources outside the usual package sources. If you run an apt update and it changes a BOA stack component, there's chance it'll downgrade packages, break dependencies, overwrite config, stop services, disconnect things and generally bugger it up. Or you might be lucky, but it's not a risk we should be taking. It's a tuned stack after all.
FYI I think as of 2.0.9 you can schedule auto-updates for the system -- you might want to check the documentation and have a think.
Also barracuda up-stable system is pretty much automated -- it waits a bit (for crons I imagine) then does it all and emails you. Downtime should be minimal, so run it from screen and see what you think.
comment:92 in reply to: ↑ 91 Changed 3 years ago by chris
comment:93 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 14.3 to 14.55
Puffin upgrade:
barracuda up-stable system Please update installers on your system using BOA Meta Installer and try again. $ wget -q -U iCab http://files.aegir.cc/BOA.sh.txt $ bash BOA.sh.txt wget -q -U iCab http://files.aegir.cc/BOA.sh.txt BOA Meta Installer setup completed Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs for how-to Bye barracuda up-stable system waiting 142 sec REPORT: Successful Barracuda upgrade on puffin.webarch.net sent to chris@webarchitects.co.uk BARRACUDA upgrade completed Bye
OK, that wasn't as bad as I was expecting, it took 9 mins and although it doesn't tell you what it is doing if you tail -f /var/log/syslog you can see what is going on.
This is the content of the email it sent out:
To: chris@webarchitects.co.uk Subject: REPORT: Successful Barracuda upgrade on puffin.webarch.net at 130524-1036 Barracuda [Fri May 24 10:38:35 BST 2013] ==> BOA Skynet welcomes you aboard! Barracuda [Fri May 24 10:38:40 BST 2013] ==> INFO: UPGRADE Barracuda [Fri May 24 10:38:40 BST 2013] ==> INFO: Reading your /root/.barracuda.cnf config file Barracuda [Fri May 24 10:38:41 BST 2013] ==> NOTE! Please review all config options displayed below Barracuda [Fri May 24 10:38:41 BST 2013] ==> NOTE! It will *override* all settings in the Barracuda script ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### NOTE: the group of settings displayed bellow will *not* be overriden ### on upgrade by the Barracuda script nor by this configuration file. ### They can be defined only on initial Barracuda install. ### _HTTP_WILDCARD=YES _MY_OWNIP="81.95.52.103" #_MY_OWNIP="" _MY_HOSTN="puffin.webarch.net" #_MY_HOSTN="" _MY_FRONT="master.puffin.webarch.net" _THIS_DB_HOST=localhost #_THIS_DB_HOST=FQDN _SMTP_RELAY_TEST=YES _SMTP_RELAY_HOST="" _LOCAL_NETWORK_IP="" _LOCAL_NETWORK_HN="" ### ### NOTE: the group of settings displayed bellow ### will *override* all listed settings in the Barracuda script, ### both on initial install and upgrade. ### _MY_EMAIL="chris@webarchitects.co.uk" _XTRAS_LIST="PDS CSF CHV" _AUTOPILOT=YES _DEBUG_MODE=NO _DB_SERVER=MariaDB _SSH_PORT=22 _LOCAL_DEBIAN_MIRROR="ftp.debian.org" _LOCAL_UBUNTU_MIRROR="archive.ubuntu.com" _FORCE_GIT_MIRROR="" _DNS_SETUP_TEST=YES _NGINX_EXTRA_CONF="" _NGINX_WORKERS=AUTO _PHP_FPM_WORKERS=AUTO _BUILD_FROM_SRC=NO _PHP_MODERN_ONLY=YES _PHP_FPM_VERSION=5.3 _PHP_CLI_VERSION=5.3 _LOAD_LIMIT_ONE=1444 _LOAD_LIMIT_TWO=888 _CUSTOM_CONFIG_CSF=NO _CUSTOM_CONFIG_SQL=NO _CUSTOM_CONFIG_REDIS=NO _CUSTOM_CONFIG_PHP_5_2=NO _CUSTOM_CONFIG_PHP_5_3=NO _SPEED_VALID_MAX=3600 _NGINX_DOS_LIMIT=300 _SYSTEM_UPGRADE_ONLY=YES _USE_MEMCACHED=NO _NEWRELIC_KEY= _USE_STOCK=NO ### ### Configuration created on 121215-1545 ### with Barracuda version BOA-2.0.4 ### ### JK reinstall PHP _EXTRA_PACKAGES= _PHP_EXTRA_CONF="" _STRONG_PASSWORDS=NO _DB_BINARY_LOG=NO _DB_ENGINE=InnoDB _NGINX_LDAP=NO _PHP_GEOS=NO _PHP_MONGODB=NO _AEGIR_UPGRADE_ONLY=NO Barracuda [Fri May 24 10:38:43 BST 2013] ==> INFO: Testing GitHub, Drupal and Gitorious servers availability, please wait... Barracuda [Fri May 24 10:38:44 BST 2013] ==> INFO: GitHub mirror repository will be used for this install Barracuda [Fri May 24 10:38:44 BST 2013] ==> INFO: Downloading little helpers, please wait... Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Checking BARRACUDA version... Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Version test result: OK Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Checking your Debian or Ubuntu version... Barracuda [Fri May 24 10:38:48 BST 2013] ==> Aegir with Nginx on Debian/squeeze - Skynet Agent v.BOA-2.0.9 Barracuda [Fri May 24 10:38:52 BST 2013] ==> UPGRADE START -> checkpoint: * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct? * Your server hostname is puffin.webarch.net. * Your Aegir control panel is/will be available at https://master.puffin.webarch.net. Barracuda [Fri May 24 10:38:52 BST 2013] ==> INFO: Cleaning up temp files in /var/opt/ Barracuda [Fri May 24 10:38:54 BST 2013] ==> INFO: Updating apt sources Barracuda [Fri May 24 10:38:56 BST 2013] ==> INFO: We will use Debian mirror ftp.debian.org Barracuda [Fri May 24 10:39:00 BST 2013] ==> INFO: Running aptitude update, please wait... Barracuda [Fri May 24 10:39:10 BST 2013] ==> INFO: Upgrading required libraries and tools Barracuda [Fri May 24 10:39:10 BST 2013] ==> NOTE! This step may take a few minutes, please wait... Barracuda [Fri May 24 10:39:44 BST 2013] ==> INFO: Testing Nginx version... Barracuda [Fri May 24 10:39:46 BST 2013] ==> INFO: Installed Nginx version nginx/1.5.0, no upgrade required Barracuda [Fri May 24 10:39:48 BST 2013] ==> INFO: Checking for Linux/Cdorked.A malware, please wait... Barracuda [Fri May 24 10:39:52 BST 2013] ==> INFO: No Linux/Cdorked.A malware traces found - system clean Barracuda [Fri May 24 10:39:52 BST 2013] ==> INFO: Running aptitude full-upgrade again, please wait... Barracuda [Fri May 24 10:42:30 BST 2013] ==> INFO: Testing Nginx version... Barracuda [Fri May 24 10:42:32 BST 2013] ==> INFO: Installed Nginx version nginx/1.5.0, no upgrade required Barracuda [Fri May 24 10:42:35 BST 2013] ==> INFO: Checking for Linux/Cdorked.A malware, please wait... Barracuda [Fri May 24 10:42:37 BST 2013] ==> INFO: No Linux/Cdorked.A malware traces found - system clean Barracuda [Fri May 24 10:42:37 BST 2013] ==> INFO: Checking SMTP connections, please wait... Barracuda [Fri May 24 10:42:39 BST 2013] ==> INFO: Upgrading a few more tools, please wait... Barracuda [Fri May 24 10:42:43 BST 2013] ==> INFO: Checking if PHP upgrade is available Barracuda [Fri May 24 10:42:45 BST 2013] ==> INFO: Installed PHP version 5.3.25-1~dotdeb.0, no upgrade required Barracuda [Fri May 24 10:42:51 BST 2013] ==> INFO: Installed Redis version 2.6.13, no upgrade/rebuild required Barracuda [Fri May 24 10:42:53 BST 2013] ==> INFO: OS and services upgrade completed Barracuda [Fri May 24 10:42:55 BST 2013] ==> INFO: Aegir Master Instance upgrade skipped Barracuda [Fri May 24 10:42:56 BST 2013] ==> INFO: Installing extra Drush versions Barracuda [Fri May 24 10:42:59 BST 2013] ==> INFO: Drush 4 installation complete Barracuda [Fri May 24 10:43:00 BST 2013] ==> INFO: Drush 5 installation complete Barracuda [Fri May 24 10:43:02 BST 2013] ==> INFO: Drush 6 installation complete Barracuda [Fri May 24 10:43:08 BST 2013] ==> INFO: Generating random password for Redis server Barracuda [Fri May 24 10:43:09 BST 2013] ==> INFO: Restarting Redis and PHP-FPM, reloading Nginx Barracuda [Fri May 24 10:43:17 BST 2013] ==> INFO: Restarting MariaDB server Barracuda [Fri May 24 10:43:31 BST 2013] ==> INFO: New random password for MariaDB generated and stored in /root/.my.pass.txt Barracuda [Fri May 24 10:43:33 BST 2013] ==> INFO: New entry added to /var/log/barracuda_log.txt Barracuda [Fri May 24 10:43:36 BST 2013] ==> CARD: Now charging your credit card for this automated upgrade service... Barracuda [Fri May 24 10:43:42 BST 2013] ==> JOKE: Just kidding! Enjoy your Aegir Hosting System :) Barracuda [Fri May 24 10:43:46 BST 2013] ==> Final post-upgrade cleaning, please wait a moment... Barracuda [Fri May 24 10:43:57 BST 2013] ==> BYE!
comment:94 Changed 3 years ago by jim
Good stuff!
And the wait time before it gets going is really annoying, raised this: https://drupal.org/node/2002678. Minor but important for sanity!
comment:95 follow-up: ↓ 96 Changed 3 years ago by ed
Since this happened I am locked out of admin functions again as per #548
comment:96 in reply to: ↑ 95 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.05
- Total Hours changed from 14.55 to 14.6
Replying to ed:
Since this happened I am locked out of admin functions again as per #548
very sorry, this has been fixed, see: ticket:548#comment:34
comment:97 Changed 3 years ago by ed
working; tested; thanks for quick response
comment:98 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 14.6 to 14.85
Parrot updates:
2013-05-25 chris * libx11-6/squeeze libx11-data/squeeze : updated
Penguin updates:
2013-05-25 chris * libx11-6/squeeze libx11-data/squeeze : updated
Puffin updates:
2013-05-25 chris * libx11-6/squeeze libx11-data/squeeze libx11-dev/squeeze : updated
comment:99 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 14.85 to 15.0
The debian system updates done on ticket:218#comment:93 using "barracuda up-stable system" resulted in some munin stats being broken, this was fixed by editing these lines in /opt/local/etc/php53-fpm.conf
pm.status_path = /status ping.path = /ping
and then reloading /etc/init.d/php53-fpm. The documentation here has been updated: wiki:PuffinServer#SystemUpdates
comment:100 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 15.0 to 15.25
Debian updates on parrot:
2013-06-02 chris * libgssapi-krb5-2/squeeze libk5crypto3/squeeze libkrb5-3/squeeze libkrb5support0/squeeze : updated
And penguin:
2013-06-02 chris * libgssapi-krb5-2/squeeze libk5crypto3/squeeze libkrb5-3/squeeze libkrb5support0/squeeze : updated
And puffin:
2013-06-02 chris * krb5-multidev/squeeze libgssapi-krb5-2/squeeze libgssrpc4/squeeze libk5crypto3/squeeze libkadm5clnt-mit7/squeeze libkadm5srv-mit7/squeeze libkdb5-4/squeeze libkrb5-3/squeeze libkrb5-dev/squeeze libkrb5support0/squeeze : updated
These were all done late last night.
comment:101 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 15.25 to 15.5
Parrot upgrades:
2013-06-09 chris * libsvn1/squeeze subversion/squeeze : updated
Penguin upgrades:
2013-06-09 chris * libsvn1/squeeze php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze python-subversion/squeeze subversion/squeeze : updated
Puffin upgrades:
2013-06-09 chris * libsvn1/squeeze php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze subversion/squeeze : updated
comment:102 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 15.5 to 15.75
Parrot updates:
2013-06-18 chris * libtiff4/squeeze : updated
Puffin updates:
2013-06-18 chris * libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze : updated
comment:103 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 15.75 to 16.0
Puffin updates:
2013-06-24 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openssl-dev/squeeze : updated
Penguin:
2013-06-24 chris * libcurl3-gnutls/squeeze : updated
Parrot:
2013-06-24 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated
comment:104 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 16.0 to 16.25
Puffin update, see http://lists.debian.org/debian-security-announce/2013/msg00131.html
2013-07-11 chris * libpoppler5/squeeze poppler-utils/squeeze : updated
comment:105 Changed 3 years ago by chris
Parrot update:
2013-07-17 chris * libapache2-mod-php5/squeeze php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-gd/squeeze php5-intl/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-xmlrpc/squeeze : updated
comment:106 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 16.25 to 16.5
Oops, forgot to record time against the update on ticket:218#comment:105 it's also worth nothing that the details:
It was discovered that PHP could perform an invalid free request when
processing crafted XML documents, corrupting the heap and potentially
leading to arbitrary code execution. Depending on the PHP
application, this vulnerability could be exploited remotely.
http://lists.debian.org/debian-security-announce/2013/msg00133.html
Puffin and Penguin are both running PHP 5.3.26-1~dotdeb.0 from http://www.dotdeb.org/
I'm not exactly sure why these servers haven't updated to the latest version: http://www.dotdeb.org/2013/07/06/php-5-4-17-for-wheezy-and-squeeze/
comment:107 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 16.5 to 16.75
Penguin upgrades:
2013-07-23 chris * munin/squeeze-backports munin-common/squeeze-backports munin-doc/squeeze-backports munin-node/squeeze-backports munin-plugins-core/squeeze-backports munin-plugins-extra/squeeze-backports : updated
comment:108 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 16.75 to 17.0
Puffin openjdk-6 security update, http://lists.debian.org/debian-security-announce/2013/msg00137.html
2013-07-25 chris * openjdk-6-jdk/squeeze openjdk-6-jre/squeeze openjdk-6-jre-headless/squeeze openjdk-6-jre-lib/squeeze : updated
comment:109 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 17.0 to 17.25
New http://dotdeb.org/ PHP 5.3.27 for Debian Squeeze, http://www.dotdeb.org/2013/07/25/php-5-3-27-for-squeeze/
Penguin updates:
2013-07-25 chris * php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated
Puffin updates:
2013-07-25 chris * php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated
comment:110 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 17.25 to 17.5
Bind update, http://lists.debian.org/debian-security-announce/2013/msg00138.html
Parrot:
2013-07-27 chris * bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated
Puffin:
2013-07-27 chris * bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated
comment:111 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 17.5 to 17.75
Parrot updates:
2013-07-29 chris * gnupg/squeeze gpgv/squeeze libgcrypt11/squeeze : updated
Penguin updates:
2013-07-29 chris * gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze libgcrypt11/squeeze : updated
Puffin updates:
2013-07-29 chris * gnupg/squeeze gpgv/squeeze libgcrypt11/squeeze : updated
comment:112 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 17.75 to 18.0
Parrot updates:
013-08-27 chris * libapache2-mod-php5/squeeze php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squee ze php5-curl/squeeze php5-dev/squeeze php5-gd/squeeze php5-intl/squeeze php5-mcrypt/squeeze php5-mysql/squee ze php5-xmlrpc/squeeze : updated
comment:113 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 18.0 to 18.25
Puffin update:
2013-08-27 chris * libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze : updated
Parrot:
2013-08-27 chris * libtiff4/squeeze : updated
comment:114 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 18.25 to 18.5
Puffin !MySQL update, https://mariadb.com/kb/en/mariadb-5533-release-notes/
2013-09-18 chris * libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated
comment:115 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 18.5 to 18.75
New version of !MariaDB https://mariadb.com/kb/en/mariadb-5533a-release-notes/
2013-09-23 chris * libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated
comment:116 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 18.75 to 19.0
- Summary changed from debian ugrades to debian upgrades and updates
wiki:PuffinServer updates:
2013-09-28 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze linux-tools-2.6.32/squeeze : updated
wiki:ParrotServer updates:
2013-09-28 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated
wiki:PenguinServer updates:
2013-09-28 chris * firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated
comment:117 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 19.0 to 19.25
New version of GPG, wiki:PenguinServer:
2013-10-10 chris * gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated
2013-10-10 chris * gnupg/squeeze gpgv/squeeze : updated
2013-10-10 chris * gnupg/squeeze gpgv/squeeze : updated
comment:118 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 19.25 to 19.5
Penguin Nginx updated, as per the note here, wiki:PenguinServer#Updates
a-up About to upgrade nginx/squeeze nginx-common/squeeze nginx-full/squeeze No packages will be installed, upgraded, or removed. 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 0 B will be used. aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze The following packages will be upgraded: nginx nginx-common nginx-full 3 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
comment:119 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 19.5 to 19.75
Security updates, wiki:PuffinServer:
2013-10-19 chris * base-files/squeeze fancontrol/squeeze grep/squeeze libcdt4/squeeze li bcgraph5/squeeze libgraph4/squeeze libgraphviz-dev/squeeze libgvc5/squeeze libgvpr1/s queeze libmysqlclient16/squeeze libpathplan4/squeeze libsensors4/squeeze libsnmp-base /squeeze libsnmp15/squeeze libxdot4/squeeze lm-sensors/squeeze openssh-client/squeeze openssh-server/squeeze ssh/squeeze tzdata/squeeze tzdata-java/squeeze : updated
2013-10-19 chris * base-files/squeeze grep/squeeze libcdt4/squeeze libcgraph5/squeeze li bgraph4/squeeze libgraphviz-dev/squeeze libgvc5/squeeze libgvpr1/squeeze libmysqlclie nt-dev/squeeze libmysqlclient16/squeeze libpathplan4/squeeze libxdot4/squeeze mysql-c lient-5.1/squeeze mysql-common/squeeze mysql-server-5.1/squeeze mysql-server-core-5.1 /squeeze openssh-client/squeeze openssh-server/squeeze tzdata/squeeze : updated
2013-10-19 chris * base-files/squeeze grep/squeeze libmysqlclient16/squeeze mysql-client -5.1/squeeze mysql-common/squeeze mysql-server/squeeze mysql-server-5.1/squeeze mysql -server-core-5.1/squeeze openssh-client/squeeze openssh-server/squeeze tzdata/squeeze : updated
comment:120 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 19.75 to 20.0
wiki:PenguinServer updates:
2013-11-17 chris * libcurl3-gnutls/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated
wiki:PuffinServer updates:
2013-11-17 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openss l-dev/squeeze : updated
wiki:ParrotServer update:
2013-11-17 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated
comment:121 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 20.0 to 20.25
wiki:PuffinServer updates:
2013-11-21 chris * curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated
wiki:PenguinServer updates:
2013-11-21 chris * libcurl3-gnutls/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated
wiki:ParrotServer updates:
2013-11-21 chris * curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated
comment:122 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 20.25 to 20.5
wiki:PuffinServer updates:
2013-11-21 chris * libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-d ev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5. 5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated
comment:123 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 20.5 to 20.75
2013-11-25 chris * libnss3/wheezy libnss3-1d/wheezy : updated
comment:124 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 20.75 to 21.0
2013-12-03 chris * libopenjpeg2/wheezy : updated
comment:125 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 21.0 to 21.25
wiki:PenguinServer updates:
2013-12-04 chris * libruby1.8/squeeze libruby1.9.1/squeeze ruby1.8/squeeze ruby1.8-dev/squeeze ruby1.9.1/squeeze ruby1.9.1-dev/squeeze : updated
I also restarted the Webrick server for http://patterns.transitionresearchnetwork.org/
comment:126 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.15
- Total Hours changed from 21.25 to 21.4
wiki:PuffinServer updates:
2013-12-09 chris * libsmbclient/wheezy libwbclient0/wheezy samba-common/wheezy samba-common-bin/wheezy smbclient/wheezy : updated
comment:127 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 21.4 to 21.65
wiki:ParrotServer updates:
2013-12-09 chris * munin-common/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated
wiki:PuffinServer updates:
2013-12-09 chris * libvarnishapi1/wheezy : updated 2013-12-09 chris * munin-common/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated
2013-12-09 chris * munin/wheezy munin-common/wheezy munin-doc/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated
Also these lines needed editing in /usr/share/munin/plugins/apt_all on all three servers:
#my @releases = ("stable", "testing","unstable"); my @releases = ("stable");
comment:128 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 21.65 to 21.9
- Description modified (diff)
- Summary changed from debian upgrades and updates to Debian upgrades and updates
PHP security updates, see http://lists.debian.org/debian-security-announce/2013/msg00230.html note thst wiki:PuffinServer doesn't have php from debs anymore, see ticket:629#comment:9.
2013-12-12 chris * libapache2-mod-php5/wheezy php-pear/wheezy php5/wheezy php5-cli/wheezy php5-common/wheezy php5-curl/wheezy php5-dev/wheezy php5-gd/wheezy php5-intl/wheezy php5-mcrypt/wheezy php5-mysql/wheezy php5-xmlrpc/wheezy : updated
2013-12-12 chris * php-pear/wheezy php5/wheezy php5-cli/wheezy php5-common/wheezy php5-fpm/wheezy php5-gd/wheezy php5-mysql/wheezy : updated
comment:129 Changed 3 years ago by chris
wiki:PenguinServer updates:
2013-12-14 chris * apt/wheezy apt-utils/wheezy base-files/wheezy libapt-inst1.5/wheezy libapt-pkg4.12/wheezy libexpat1/wheezy libexpat1-dev/wheezy libnet-server-perl/wheezy librsvg2-2/wheezy librsvg2-common/wheezy tzdata/wheezy : updated
wiki:ParrotServer updates:
2013-12-14 chris * apt/wheezy apt-utils/wheezy base-files/wheezy iftop/wheezy libapt-inst1.5/wheezy libapt-pkg4.12/wheezy libexpat1/wheezy libnet-server-perl/wheezy librsvg2-2/wheezy librsvg2-common/wheezy tzdata/wheezy : updated
The wiki:PuffinServer updates are being done on ticket:629#comment:12 and the time for this is being recorded there.
comment:131 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 21.9 to 22.15
wiki:PenguinServer MySQL update:
013-12-16 chris * libmysqlclient-dev/wheezy libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated
wiki:ParrotServer updates:
2013-12-16 chris * libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated
comment:132 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 22.15 to 22.25
wiki:PuffinServer updates:
2013-12-17 chris * libnspr4/wheezy libnspr4-0d/wheezy : updated
comment:133 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 22.25 to 22.5
GPG updates, see http://lists.debian.org/debian-security-announce/2013/msg00235.html
wiki:PuffinServer upgrades:
2013-12-18 chris * gnupg-curl : installed * gnupg/wheezy gpgv/wheezy : updated
wiki:PenguinServer upgrades:
2013-12-18 chris * gnupg/wheezy gnupg-curl/wheezy gpgv/wheezy : updated
wiki:ParrotServer updates:
2013-12-18 chris * gnupg-curl : installed * gnupg/wheezy gpgv/wheezy : updated
comment:134 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.1
- Total Hours changed from 22.5 to 22.6
Pixman security updates, see http://lists.debian.org/debian-security-announce/2013/msg00237.html
wiki:PuffinServer upgrades:
2013-12-18 chris * libpixman-1-0/wheezy libpixman-1-dev/wheezy : updated
wiki:PenguinServer upgrades:
2013-12-18 chris * libpixman-1-0/wheezy libpixman-1-dev/wheezy : updated
wiki:ParrotServer updates:
2013-12-18 chris * libpixman-1-0/wheezy : updated
comment:135 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 22.6 to 22.85
[SECURITY] [DSA 2824-1] curl security update http://lists.debian.org/debian-security-announce/2013/msg00238.html
wiki:ParrotServer updates:
2013-12-19 chris * curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy : updated
2013-12-19 chris * curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated
2013-12-19 chris * libcurl3-gnutls/wheezy : updated
comment:136 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 22.85 to 23.1
DenyHosts security update, http://lists.debian.org/debian-security-announce/2013/msg00240.html
2013-12-22 chris * denyhosts/wheezy : updated
2013-12-22 chris * denyhosts/wheezy : updated
comment:137 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 23.1 to 23.35
OpenSSL security update:
Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support
was susceptible to denial of service and retransmission of DTLS messages
was fixed. In addition this updates disables the insecure Dual_EC_DRBG
algorithm (which was unused anyway, see
http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further
information) and no longer uses the RdRand feature available on some
Intel CPUs as a sole source of entropy unless explicitly requested.
https://lists.debian.org/debian-security-announce/2014/msg00001.html
2014-01-01 chris * libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated
2014-01-01 chris * libssl1.0.0/wheezy openssl/wheezy : updated
2014-01-01 chris * libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated
comment:138 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 23.35 to 23.6
wiki:PuffinServer devscripts security update https://lists.debian.org/debian-security-announce/2014/msg00004.html
014-01-05 chris * devscripts/wheezy : updated
comment:139 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 23.6 to 23.85
OpenSSL security update, https://lists.debian.org/debian-security-announce/2014/msg00005.html
wiki:PuffinServer updates:
2014-01-07 chris * libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated
wiki:PenguinServer updates:
2014-01-07 chris * libssl1.0.0/wheezy openssl/wheezy : updated
wiki:ParrotServer updates:
2014-01-07 chris * libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated
comment:140 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 23.85 to 24.1
Debian libxfont security update, https://lists.debian.org/debian-security-announce/2014/msg00006.html
2014-01-07 chris * libxfont1/wheezy : updated
2014-01-07 chris * libxfont1/wheezy : updated
comment:141 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 24.1 to 24.35
Graphviz security update https://lists.debian.org/debian-security-announce/2014/msg00011.html
2014-01-14 chris * libcdt4/wheezy libcgraph5/wheezy libgraph4/wheezy libgraphviz-dev/wheezy libgvc5/wheezy libgvpr1/wheezy libpathplan4/wheezy libxdot4/wheezy : updated
2014-01-14 chris * libcdt4/wheezy libgraph4/wheezy libgvc5/wheezy libpathplan4/wheezy libxdot4/wheezy : updated
comment:142 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 24.35 to 24.6
Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-34.html
- http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-35.html
- http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
For the stable distribution (wheezy), these problems have been fixed in
version 5.5.35+dfsg-0+wheezy1.
For the unstable distribution (sid), these problems have been fixed in
version 5.5.35+dfsg-1.
We recommend that you upgrade your mysql-5.5 packages.
wiki:ParrotServer updates:
2014-01-23 chris * libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated
wiki:PenguinServer updates:
2014-01-23 chris * libmysqlclient-dev/wheezy libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated
comment:143 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 24.6 to 24.85
A regression has been found on the denyhosts packages fixing
CVE-2013-6890. This regression could cause an attempted breakin attempt
to be missed by denyhosts, which would then fail to enforce a ban.
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6-7+deb6u3.
For the stable distribution (wheezy), this problem has been fixed in
version 2.6-10+deb7u3.
For the testing (jessie) and unstable (sid) distribution, the package denyhosts
has been removed, and its users are encouraged to switch to an alternative like
fail2ban.
We recommend that you upgrade your denyhosts packages.
2014-01-23 chris * denyhosts/wheezy : updated
2014-01-23 chris * denyhosts/wheezy : updated
comment:144 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 24.85 to 25.1
- Description modified (diff)
New MariaDB for wiki:PuffinServer:
2014-01-29 chris * libmariadbclient-dev/wheezy libmariadbclient18/wheezy libmariadbd-dev/wheezy libmysqlclient18/wheezy mariadb-client-5.5/wheezy mariadb-client-core-5.5/wheezy mariadb-common/wheezy mariadb-server-5.5/wheezy mariadb-server-core-5.5/wheezy mysql-common/wheezy : updated
No announcement on the list yet regarding the reason for this update, see:
comment:145 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 25.1 to 25.35
Debian curl security update:
wiki:PuffinServer update:
2014-01-31 chris * curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated
wiki:PenguinServer update:
2014-01-31 chris * libcurl3-gnutls/wheezy : updated
2014-01-31 chris * curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy : updated
comment:146 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 25.35 to 25.6
comment:147 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 25.6 to 25.85
No announcement on the list for these updates yet
wiki:ParrotServer updates:
2014-02-08 chris * apache2-mpm-itk/wheezy apache2-utils/wheezy apache2.2-bin/wheezy apache2.2-common/wheezy base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dev/wheezy libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy wget/wheezy : updated
wikiPenguinServer updates:
2014-02-08 chris * base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dev/wheezy libssl1.0.0/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy wget/wheezy : updated
2014-02-08 chris * base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dbg/wheezy libc6-dev/wheezy libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy libupsclient1/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy tzdata-java/wheezy wget/wheezy whois/wheezy : updated
comment:148 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 25.85 to 26.1
wiki:PuffinServer sent me this email:
/usr/sbin/metche: line 196: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
So I ran:
aptitude install locales-all
And I edited /etc/locale.gen and uncommented these lines:
en_GB.UTF-8 UTF-8 en_US.UTF-8 UTF-8
And ran:
locale-gen
And I edited /etc/default/locale to:
LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
Hopefully this will have solved this issue.
comment:149 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 26.1 to 26.35
Debian security update libyaml regression update, wiki:PenguinServer:
2014-02-12 chris * libyaml-0-2/wheezy : updated
comment:150 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 26.35 to 26.6
Debian file security update wiki:ParrotServer:
2014-02-16 chris * file/wheezy libmagic1/wheezy : updated
2014-02-16 chris * file/wheezy libmagic1/wheezy : updated
2014-02-16 chris * file/wheezy libmagic1/wheezy python-magic/wheezy : updated
comment:151 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 26.6 to 26.85
2014-02-20 chris * libpq5/wheezy : updated
comment:152 Changed 3 years ago by chris
- Add Hours to Ticket changed from 0.0 to 0.25
- Total Hours changed from 26.85 to 27.1
gnutls26 security update, wiki:ParrotServer update:
014-02-22 chris * libgnutls26/wheezy : updated
014-02-22 chris * libgnutls-dev/wheezy libgnutls-openssl27/wheezy libgnutls26/wheezy libgnutlsxx27/wheezy : updated
2014-02-22 chris * libgnutls26/wheezy : updated
comment:153 follow-up: ↓ 155 Changed 3 years ago by jim
Hi Chris: do you know a way I can stop being updated about this ticket? I'm not in the CC list, but have replied in the past here so that might be it...
I don't want to be removed from Trac or notifications, just those for this ticket!
comment:155 in reply to: ↑ 153 Changed 3 years ago by chris
Replying to jim:
Hi Chris: do you know a way I can stop being updated about this ticket? I'm not in the CC list, but have replied in the past here so that might be it...
I don't want to be removed from Trac or notifications, just those for this ticket!
According to this http://dev.piwik.org/trac/ticket/3362 there isn't a way, so I'll close this ticket and open a new one for debian updates next time there are some.
comment:156 Changed 3 years ago by jim
Ah, that's a minor bummer...
OK, thanks for the migration! Probably nice to have a new one for 2014 anyway ;-)
comment:157 Changed 3 years ago by chris
- Status changed from assigned to closed
- Resolution set to fixed
This ticket was superseded by ticket:692 on 2014-02-25.
DSA-2139-1 phpmyadmin -- several vulnerabilities there are also new apache and openssl packages, the update was applied and phpmyadmin was tested on the dev server first.