Ticket #218 (closed maintenance: fixed)

Opened 6 years ago

Last modified 3 years ago

Debian upgrades and updates

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Live server Keywords:
Cc: ed Estimated Number of Hours: 1.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 27.1

Description (last modified by chris) (diff)

This is a ticket to track debian upgrades to the wiki:PuffinServer, wiki:PenguinServer and wiki:ParrotServer the time they take.

See:

These updates are generally done using the wiki:AptitudeUpdateScript and this records all the changes in the /root/Changelog and then the contents of the Changelog are pasted into the ticket to document the upgrade.

This ticket was was originally used for the wiki:DevelopmentServer and the wiki:NewLiveServer.

Change History

comment:1 Changed 6 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 0.0 to 0.2
  • Type changed from defect to task

DSA-2139-1 phpmyadmin -- several vulnerabilities there are also new apache and openssl packages, the update was applied and phpmyadmin was tested on the dev server first.

aptitude safe-upgrade

The following packages will be upgraded:
  apache2 apache2-mpm-prefork apache2-utils apache2.2-common libssl-dev libssl0.9.8 openssl phpmyadmin

comment:2 Changed 6 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.2 to 0.3

Mysql updates, see http://www.mail-archive.com/debian-changes@lists.debian.org/msg15762.html

These were first tested on the dev server and then the live server was updated.

The following packages will be upgraded:
  libc6 libc6-dev libmysqlclient15off locales mysql-client-5.0 mysql-common mysql-server mysql-server-5.0 
8 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 49.3MB of archives. After unpacking 487kB will be freed.
Do you want to continue? [Y/n/?] y
Writing extended state information... Done
Get:1 http://security.debian.org lenny/updates/main mysql-common 5.0.51a-24+lenny5 [61.7kB]
Get:2 http://security.debian.org lenny/updates/main mysql-server 5.0.51a-24+lenny5 [56.1kB]
Get:3 http://security.debian.org lenny/updates/main libc6-dev 2.7-18lenny7 [2491kB]
Get:4 http://security.debian.org lenny/updates/main libc6 2.7-18lenny7 [4812kB]
Get:5 http://security.debian.org lenny/updates/main libmysqlclient15off 5.0.51a-24+lenny5 [1906kB]
Get:6 http://security.debian.org lenny/updates/main mysql-client-5.0 5.0.51a-24+lenny5 [8207kB]
Get:7 http://security.debian.org lenny/updates/main mysql-server-5.0 5.0.51a-24+lenny5 [27.3MB]
Get:8 http://security.debian.org lenny/updates/main locales 2.7-18lenny7 [4432kB]                       

comment:3 Changed 6 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.3 to 0.4

Debian Security Advisory DSA-2167-1
http://lists.debian.org/debian-security-announce/2011/msg00033.html

Package        : phpmyadmin
Vulnerability  : sql injection
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0987

Both server have been updated.

comment:4 Changed 6 years ago by chris

  • Type changed from task to maintenance

comment:5 Changed 6 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.4 to 0.5

Subversion vulnerability which applies to us, from http://lists.debian.org/debian-security-announce/2011/msg00048.html

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2181-1                   security@debian.org
http://www.debian.org/security/                            Florian Weimer
March 04, 2011                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : subversion
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2011-0715

Philip Martin discovered that HTTP-based Subversion servers crash when
processing lock requests on repositories which support unauthenticated
read access.

This was done on kiwi:

sudo -i
aptitude update
aptitude safe-upgrade

And now the server is running the latest version: https://tech.transitionnetwork.org/svn/

comment:6 Changed 6 years ago by chris

  • Cc chris added

comment:7 Changed 6 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.5 to 0.6

Live and dev servers have had PHP upgraded because of this:

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2195-1                   security@debian.org
http://www.debian.org/security/                          Raphael Geissert
March 19, 2011                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem type   : local/remote
Debian-specific: yes/no
CVE ID         : CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870
                 CVE-2010-4150

Stephane Chazelas discovered that the cronjob of the PHP 5 package in
Debian suffers from a race condition which might be used to remove
arbitrary files from a system (CVE-2011-0441).

When upgrading your php5-common package take special care to _accept_
the changes to the /etc/cron.d/php5 file. Ignoring them would leave the
system vulnerable.

comment:8 Changed 5 years ago by ed

Does this need to be changed from phase 3 to phase 4?

comment:9 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Status changed from new to accepted
  • Total Hours changed from 0.6 to 0.7
  • Milestone changed from Phase 3 to Phase 4

I have just updated all these packages on the live server:

bind9-host dhcp3-client dhcp3-common dnsutils libapr1 libbind9-50 libdns58 libisc50 libisccc50 libisccfg50
liblwres50 libperl5.10 libsvn1 libtiff4 libxml2 linux-libc-dev linux-modules-2.6.26-2-xen-amd64 perl perl-base
perl-modules subversion

The key one being libtiff4 as this was a security update.

comment:10 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.7 to 0.8

Security updates applied to dev and live:

libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql

comment:11 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.8 to 0.9

More security updates:

libapache2-mod-php5 libperl5.10 perl perl-base perl-modules php-pear php5 php5-cli php5-common php5-curl php5-dev

php5-gd php5-mcrypt php5-mysql

comment:12 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 0.9 to 1.0

Some security and other updates on both servers:

The following packages will be upgraded:
  apache2 apache2-mpm-prefork apache2-utils apache2.2-common dhcp3-client 
  dhcp3-common libfreetype6 libpng12-0 libxfont1 phpmyadmin 

comment:13 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 1.0 to 1.1

Apache security updates on both servers:

{{{The following packages will be upgraded:

apache2 apache2-mpm-prefork apache2-utils apache2.2-common }}}

comment:14 Changed 5 years ago by ed

merge with #30?

move to phase 5? or is this to be billed separately by WA as per Adam's quote (will it take 5 hours to upgrade to debian squeeze?)

comment:15 Changed 5 years ago by chris

  • Milestone changed from Phase 4 to Phase 5

This ticket is being used to keep track of time spent on debian security upgrades and it is onging...

Ticket #301 is for upgrading between debian versions which is different from updating a packages due to security issues.

comment:16 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.6
  • Total Hours changed from 1.1 to 1.7

vsftp upgraded on both servers due to security update http://www.debian.org/security/2011/dsa-2305

comment:17 Changed 5 years ago by jim

Is there an issue with the SSL certs?

Last login: Tue Sep 20 19:57:51 2011 from host86-186-150-227.range86-186.btcentralplus.com
jim@kiwi:~$ cd /web/dev.transitionnetwork.org.webarch.net/www 
jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ sudo svn up
svn: OPTIONS of 'https://tech.transitionnetwork.org/svn/www/trunk': Could not resolve hostname `tech.transitionnetwork.org': Host not found (https://tech.transitionnetwork.org)
jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ ping tech.transitionnetwork.org
PING tech.transitionnetwork.org (81.95.52.78) 56(84) bytes of data.
64 bytes from kiwi.transitionnetwork.org (81.95.52.78): icmp_req=1 ttl=64 time=0.000 ms
64 bytes from kiwi.transitionnetwork.org (81.95.52.78): icmp_req=2 ttl=64 time=0.000 ms
^C
--- tech.transitionnetwork.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 0.000/0.000/0.000/0.000 ms
jim@kiwi:/web/dev.transitionnetwork.org.webarch.net/www$ sudo svn up
Error validating server certificate for 'https://tech.transitionnetwork.org:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
 - The certificate has an unknown error.
Certificate information:
 - Hostname: *.transitionnetwork.org
 - Valid: from Fri, 07 Jan 2011 00:00:00 GMT until Fri, 10 Feb 2012 23:59:59 GMT
 - Issuer: GANDI SAS, FR
 - Fingerprint: 8e:8c:e7:a1:42:89:75:77:1d:be:4b:e8:9e:1f:9d:89:8a:e6:81:9f

comment:18 Changed 5 years ago by jim

Actually, DEV is down: https://dev.transitionnetwork.org/

The mysql error was: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2).

comment:19 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0 to 0.1

Sorry, was half way though the upgrade from lenny to squeeze when I had to collect the kids, see ticket:301 and wiki:LennyToSqueeze.

I had assumed since Trac was working that Mysql / apache / PHP were all OK... Sorry.

Mysql has been restarted, more testing needed...

comment:20 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 1.7 to 1.8

Debian upgrades applied to the dev server:

  libapache2-mod-php5 libgssapi-krb5-2 libjasper1 libk5crypto3 libkrb5-3 libkrb5support0 
  libssl-dev libssl0.9.8 libt1-5 linux-libc-dev nginx nginx-common nginx-light openssl 
  php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt 
  php5-memcache php5-mysql php5-suhosin x11-common 

And these to the live server:

  libgssapi-krb5-2 libjasper1 libk5crypto3 libkrb5-3 libkrb5support0 libssl-dev libssl0.9.8 
  linux-libc-dev openssl x11-common 

comment:21 Changed 5 years ago by chris

  • Cc laura added; ed removed

comment:22 Changed 5 years ago by chris

  • Cc jim added
  • Add Hours to Ticket changed from 0.0 to 0.4
  • Total Hours changed from 1.8 to 2.2

phpmyadmin security update http://lists.debian.org/debian-security-announce/2012/msg00014.html

Dev and live server have been updated, phpmyadmin is also protected by htauth so this wasn't a serious security issue for us.

When testing the live server I also checked the documentation for Suhosin tweaks that are needed and applied these to both servers, one thing I noticed is the the dev server has the following in /etc/php5/conf.d/suhosin.ini:

suhosin.executor.include.whitelist="phar"

Jim I guess you added this? Is it also needed on the live server?

comment:23 Changed 5 years ago by jim

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 2.2 to 2.3

According to http://www.php.net/manual/en/intro.phar.php, Phar is the PHP version of the Java Jar file - a repo of code and data.

I've not used it to my knowledge and LIVE doesn't need it as far as I know.

comment:24 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.58
  • Total Hours changed from 2.3 to 2.88

Debian updated applied to the dev server:

  base-files bzip2 curl dpkg dpkg-dev libbz2-1.0 libbz2-dev libc-bin libc-dev-bin libc6 libc6-dev libcurl3 
  libcurl3-gnutls libdpkg-perl libgnutls26 libssl-dev libssl0.9.8 libxml2 linux-libc-dev locales 
  module-init-tools mutt openssl perl perl-base perl-modules php5-suhosin tzdata 

On the live server the following packages were updated:

  base-files bzip2 curl dpkg dpkg-dev libapache2-mod-php5 libbz2-1.0 libbz2-dev libc-bin libc-dev-bin libc6 
  libc6-dev libcurl3 libcurl3-gnutls libdpkg-perl libgnutls26 libperl5.10 libsmbclient libssl-dev libssl0.9.8 
  libwbclient0 libxml2 linux-libc-dev locales module-init-tools mutt openssl perl perl-base perl-modules php-pear 
  php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql python-debian tzdata 

New versions of /etc/php5/apache2/php.ini and /etc/php5/cli/php.ini were installed and the previously documented changes to these files were applied and updated, see wiki:NewLiveServer#php

comment:25 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 2.88 to 3.08

New versions of php, again, see http://lists.debian.org/debian-security-announce/2012/msg00028.html

Perhaps the segfault problem was related, see ticket:390

Dev and live servers updated.

comment:26 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.11
  • Total Hours changed from 3.08 to 3.19

Apache security update: http://lists.debian.org/debian-security-announce/2012/msg00031.html

The following packages will be upgraded:
  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common 

Dev and live servers have been upgraded.

comment:27 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 3.19 to 3.39

Debian security update for php5 http://lists.debian.org/debian-security-announce/2012/msg00035.html

On quince:

The following packages will be upgraded:
  libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql

Also these updates kiwi (kiwi is running dotdeb version of php5 and this hasn't been updated yet):

The following packages will be upgraded:
  mysql-common nginx nginx-common nginx-light

comment:28 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 3.39 to 3.49

Security updates:

libpng12-0 libxml2

Applied to both servers.

comment:29 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 3.49 to 3.59

Kiwi updates:

open: 8; closed: 4; defer: 2; conflict: 2                                              .The following packages will be upgraded:
  file imagemagick libfreetype6 libmagic-dev libmagic1 libmagickcore3 
  libmagickcore3-extra libmagickwand3 libmysqlclient16 mysql-client-5.1 nginx 
  nginx-common nginx-light 

Configuration file `/etc/nginx/sites-available/default'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.

 The default action is to keep your current version.
*** default (Y/I/N/O/D/Z) [default=N] ? N

Quince:

The following packages will be upgraded: 
  libmysqlclient16 mysql-client mysql-client-5.1 mysql-common mysql-server 
  mysql-server-5.1 mysql-server-core-5.1 

comment:30 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 3.59 to 3.69

Kiwi updates:

libmysqlclient16 mysql-client-5.1

Quince updates:

imagemagick libfreetype6 libmagic1 libmagickcore3 libmagickcore3-extra libmagickwand3

comment:31 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 3.69 to 3.79

kiwi security upgrade, http://www.dotdeb.org/2012/03/15/security-nginx-1-0-14/

nginx nginx-common nginx-light 

comment:32 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 3.79 to 3.89

libpng security update (a user uploading a specially crafted png could run code on the server), http://www.debian.org/security/2012/dsa-2439

Kiwi and quince:

libpng12-0

comment:33 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 3.89 to 4.09

Kiwi upgrades:

libgnutls26 libtasn1-3 linux-libc-dev mysql-common 

Quince:

libgnutls26 libtasn1-3 linux-libc-dev 

comment:34 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 4.09 to 4.19

Kiwi:

  curl libcurl3 libcurl3-gnutls libpng12-0 libtiff4 nginx nginx-common 
  nginx-light 

Quince:

  curl libcurl3 libcurl3-gnutls libpng12-0 libtiff4 

comment:35 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 4.19 to 4.29

Kiwi updates:

apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common mysql-common nginx nginx-common nginx-light

Quince updates:

apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libsmbclient libwbclient0 

comment:36 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 4.29 to 4.39

Security updates, kiwi:

libssl-dev libssl0.9.8 openssl

Quince:

libssl-dev libssl0.9.8 openssl

comment:37 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.5
  • Total Hours changed from 4.39 to 4.89

Kiwi updates:

  imagemagick libapache2-mod-php5 libmagickcore3 libmagickcore3-extra 
  libmagickwand3 libmysqlclient16 libssl-dev libssl0.9.8 mysql-client-5.1 
  nginx nginx-common nginx-light openssl php-pear php5 php5-cli php5-common 
  php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt 
  php5-memcache php5-mysql php5-suhosin 

The dotdeb version of these files were installed and then the local modifications redone, /etc/php5/apache2/php.ini

;expose_php = On
; chris
expose_php = Off

;memory_limit = 128M
; chris
memory_limit = 256M

;post_max_size = 8M
; chris
post_max_size = 128M

;default_charset = "iso-8859-1"
; chris
default_charset = "utf-8"

;upload_max_filesize = 2M
; chris
upload_max_filesize = 100M

;max_file_uploads = 20
; chris
max_file_uploads = 50

;default_socket_timeout = 60
; chris
default_socket_timeout = 120

; chris
extension=uploadprogress.so

;session.cookie_secure =
; chris
session.cookie_secure = 1

;mbstring.http_input = auto
; chris
; https://github.com/pressflow/6/blob/master/.htaccess
mbstring.http_input = pass

;mbstring.http_output = SJIS
; chris
; https://github.com/pressflow/6/blob/master/.htaccess
mbstring.http_output = pass

And in /etc/php5/cli/php.ini:

;memory_limit = -1
; chris
memory_limit = 768M

And in /etc/php5/fpm/pool.d/www.conf:

;listen = 127.0.0.1:9000
; chris
listen = /var/run/php5-fpm/phpfpm.sock

;listen.allowed_clients = 127.0.0.1
; chris
listen.allowed_clients = 127.0.0.1,81.95.52.78,kiwi.transitionnetwork.org,kiwi.webarch.net

;pm.max_children = 5
; chris
pm.max_children = 10

;access.log = log/$pool.access.log
; chris
access.log = /var/log/php-fpm/$pool.access.log

; error log
; chris
error_log = /var/log/php-fpm/error_log

And /etc/php5/fpm/php.ini

;expose_php = On
; chris
expose_php = Off

;max_execution_time = 30
; chris
; increased to 60 seconds rather than 30
max_execution_time = 60

;memory_limit = 128M
; chris
memory_limit = 256M

;error_reporting = E_ALL & ~E_DEPRECATED
; chris
error_reporting = E_ALL | E_STRICT

;track_errors = Off
;chris
track_errors = On

;error_log = syslog
; chris
error_log = syslog

;cgi.fix_pathinfo=1
; chris
cgi.fix_pathinfo=0

Quince updates:

  imagemagick libmagickcore3 libmagickcore3-extra libmagickwand3 libsmbclient libssl-dev libssl0.9.8 
  libwbclient0 openssl 

comment:38 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 4.89 to 4.99

Kiwi updates:

  file libapache2-mod-php5 libmagic-dev libmagic1 linux-libc-dev mysql-common php-pear php5 php5-cli 
  php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql 
  php5-suhosin 

Quince updates:

  file libapache2-mod-php5 libmagic1 linux-libc-dev php-pear php5 php5-cli php5-common php5-curl php5-dev php5-gd 
  php5-mcrypt php5-mysql

comment:39 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 1.0
  • Total Hours changed from 4.99 to 5.99

Following the php update done here ticket:218#comment:38 php-fpm won't restart, I don't know why, I can't work out why. I'll have to continue working on this tomorrow.

As a result everything that uses php on the dev server isn't running, the only execption to this being trac as it's running via apache still (phew!).

The announcement for the new php version is here:

http://www.dotdeb.org/2012/05/09/security-php-5-4-3-and-php-5-3-13/

As I recall I had to switch the dev server to use the dotdeb repo rather than the standard one that the live server uses was done in order that trac could be upgraded, this was required in order that the trac git plugins could be installed, this does mean however that the php version on the dev server isn't the same as the live server -- I wonder if we should consider switching back so they have the same versions at some point since we are not using the trac git plugins? Or perhaps we should switch the live server over to use the dotdeb repowhen we switch to nginx as it has a newer version:

http://www.dotdeb.org/2012/04/29/nginx-1-2-0-with-naxsi-0-45-and-passenger-3-0-12/

Also a reboot of both servers will perhaps be needed next week due to this update:

http://lists.debian.org/debian-security-announce/2012/msg00105.html

comment:40 Changed 5 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 5.99 to 6.19

php-fpm is running again, it was a error with the log file configuraion, tracked down via starting it directly rather than using the script in /etc/init.d.

Sorry for the downtime.

comment:41 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 6.19 to 6.39

Kiwi updates:

  base-files initscripts libapr1 libc-bin libc-dev-bin libc6 libc6-dev libssl-dev libssl0.9.8 
  libxi6 libxml2 linux-libc-dev locales openssh-client openssh-server openssl procps ssh sudo 
  sysv-rc sysvinit sysvinit-utils tzdata 

Quince updates:

  base-files initscripts libapr1 libc-bin libc-dev-bin libc6 libc6-dev libpolkit-agent-1-0 
  libpolkit-backend-1-0 libpolkit-gobject-1-0 libssl-dev libssl0.9.8 libxi6 libxml2 linux-libc-dev 
  locales openssh-client openssh-server openssl php5-memcache policykit-1 procps python python-minimal 
  ssh sudo sysv-rc sysvinit sysvinit-utils tzdata 

comment:42 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.16
  • Total Hours changed from 6.39 to 6.55

Kiwi updates:

{{{bind9-host dnsutils libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60
libmysqlclient16 mysql-client-5.1 mysql-common nginx nginx-common nginx-light}}}

Quince:

{{{bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62
libisccc60 libisccfg62 liblwres60 libmysqlclient16 mysql-client-5.1
mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1 php-pear
php5 php5-cli php5-common php5-curl php5-dev php5-gd php5-mcrypt
php5-mysql}}}

comment:43 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.4
  • Total Hours changed from 6.55 to 6.95

Kiwi updates:

  libapache2-mod-php5 php-pear php5 php5-cli php5-common php5-curl php5-dev 
  php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql 
  php5-suhosin 

The upgrade wanted to also upgrade these files:

/etc/apache2/php.ini
/etc/cli/php.ini
/etc/fpm/php.ini

So they were all manually checked.

The live server doesn't have any upgrades -- it's not running a http://dotdeb.org/ LAMP stack.

comment:44 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 6.95 to 7.05

Kiwi updates:

bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client isc-dhcp-common libapache2-mod-php5 libbind9-60 libdns69 
  libgssapi-krb5-2 libisc62 libisccc60 libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 mysql-common nginx nginx-common 
  nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql 
  php5-suhosin 

Quince uodates:

  bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client 
  isc-dhcp-common libbind9-60 libdns69 libgssapi-krb5-2 libisc62 libisccc60 
  libisccfg62 libk5crypto3 libkrb5-3 libkrb5support0 liblwres60 

comment:45 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 7.05 to 7.3

Kiwi updates:

  bind9-host dhcp3-client dhcp3-common dnsutils isc-dhcp-client 
  isc-dhcp-common libapache2-mod-php5 libbind9-60 libdns69 libexpat1 
  libisc62 libisccc60 libisccfg62 liblwres60 libvarnishapi1 libxml2 
  mysql-common nginx nginx-common nginx-light php-pear php5 php5-cli 
  php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt 
  php5-memcache php5-mysql php5-suhosin varnish 

Quince updates:

  bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62 
  libisccc60 libisccfg62 liblwres60 libvarnishapi1 php-pear php5 php5-cli 
  php5-common php5-curl php5-dev php5-gd php5-mcrypt php5-mysql varnish 

comment:46 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 7.3 to 7.5

Kiwi updates:

  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common automake automake1.9 base-files debian-archive-keyring dhcp3-client dhcp3-common dpkg dpkg-dev 
  isc-dhcp-client isc-dhcp-common libapache2-mod-php5 libc-bin libc-dev-bin libc6 libc6-dev libconfig-inifiles-perl libdpkg-perl libtiff4 libxslt1.1 linux-libc-dev locales 
  lockfile-progs mysql-common nginx nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache 
  php5-mysql php5-suhosin xsltproc 

Quince updates:

  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common 
  automake automake1.9 base-files debian-archive-keyring dhcp3-client 
  dhcp3-common dpkg dpkg-dev isc-dhcp-client isc-dhcp-common libc-bin 
  libc-dev-bin libc6 libc6-dev libconfig-inifiles-perl libdpkg-perl 
  libtiff4 linux-libc-dev locales lockfile-progs 
Last edited 4 years ago by chris (previous) (diff)

comment:47 Changed 4 years ago by chris

  • Estimated Number of Hours changed from 0.0 to 1.0

We need to update PHP on kiwi for a Mediawiki upgrade to 1.20, see ticket:455 this could either be done by switching to PHP 5.4.8 from dotdeb, http://www.dotdeb.org/2012/10/19/php-5-4-8-and-php-5-3-18/ or via switching back to the debian stable version, PHP 5.3.3-7+squeeze14.

comment:48 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 7.5 to 7.7

Kwik updates:

  bind9-host dnsutils libapache2-mod-php5 libbind9-60 libdns69 libisc62 libisccc60 libisccfg62 liblwres60 libtiff4 libxslt1.1 php-pear php5 
  php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin xsltproc 
  python-debian

There is an issue with a !MySQL upgrade which has been kept back which needs sorting out:

The following packages have been kept back:
  mysql-server mysql-server-5.1 mysql-server-core-5.1

Quince updates:

  bind9-host dnsutils exim4-base exim4-config exim4-daemon-light libbind9-60 libdns69 libisc62 libisccc60 
  libisccfg62 liblwres60 libtiff4 
  libkrb53 libpq5 libvorbis0a libvorbisfile3

I also installed cron-apt and to check on updated package availability, wiki:NewLiveServer#cron-apt

comment:49 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 7.7 to 7.9

The MySQL issue is cause by this, sorry I should have picked up on this sooner, MySQL 5.1 discontinued on Dotdeb however upgrading to the dotdeb MySQL 5.5.28 could cause other problems, it's been reported here that "phpmyadmin depends on php5-mysql".

I'm also not sure that we want the MySQL version on the dev machine to be out of sync with the live server? I'll think about this some before doing anything about it, due to ticket:218#comment:47 I wonder if we shouldn't switch back to the debian stable versions of nginx, php, mysql -- we switched to the dotdeb versions for PHP-FPM, however if the dev drupal sites are going to be migrated to a new new live server then there is there a need for PHP-FPM on kiwi?

comment:50 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 7.9 to 8.1

kiwi upgrades:

apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libtiff4 nginx 
nginx-common nginx-light php-pear php5 php5-cli php5-common php5-curl php5-dev php5-fpm php5-gd 
php5-imagick php5-mcrypt php5-memcache php5-mysql php5-suhosin 

quince:

  apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common 
  libtiff4 
Last edited 4 years ago by chris (previous) (diff)

comment:51 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 8.1 to 8.2

I have disabled the munin apt and apt_all plugins on kiwi as they were resulting in me getting a email every 5 mins saying these package need updating:

mysql-server mysql-server-5.1 mysql-server-core-5.1

However they can't be easilly upgraded due to conflicts -- I don't think we should worry about this as we need to get everything migrated to the new server ASAP.

Last edited 4 years ago by chris (previous) (diff)

comment:52 Changed 4 years ago by chris

puffin:

libxml2 libxml2-dev libxml2-utils

kiwi:

libxml2

quince:

libxml2

comment:53 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 8.2 to 8.4

kiwi:

libmysqlclient16 mysql-client-5.1

quince:

libmysqlclient16 mysql-client-5.1 mysql-common mysql-server mysql-server-5.1 mysql-server-core-5.1 

comment:54 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 8.4 to 8.5

Quince upgrades:

libperl5.10 perl perl-base perl-modules

Kiwi still needs the mysql situation sorting out, these packages have been updated:

perl perl-base perl-modules

comment:55 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 8.5 to 8.75

Security update, quince:

libtiff4

Kiwi:

libtiff4 nginx nginx-common nginx-light

comment:56 Changed 4 years ago by chris

and puffin:

 libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze

comment:57 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 8.75 to 9.0

Updates to quince done over the Xmas holiday, recorded in /root/Changelog:

2013-01-06      chris
        *       gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze libcups2/squeeze libcupsimage2/squeeze : updated

2012-12-30      chris
        *       ghostscript/squeeze gs-common/squeeze libgs8/squeeze : updated

comment:58 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.2
  • Total Hours changed from 9.0 to 9.2

penguin updates recorded in /root/Changelog:

2013-01-08      chris
        *       gnupg-curl libcurl3-gnutls{a} : installed
        *       gnupg/squeeze gpgv/squeeze nginx/squeeze-backports nginx-common/squeeze-backports nginx-full/squeeze-backports php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-mysql/squeeze : updated

comment:59 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 9.2 to 9.45

Security updates, penguin:

2013-02-13      chris
        *       geoip-database/squeeze-backports libssl0.9.8/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze openssl/squeeze : updated

puffin:

2013-02-13      chris
        *       libssl-dev/squeeze libssl0.9.8/squeeze openssl/squeeze : updated

quince:

2013-02-13      chris
        *       libssl-dev/squeeze libssl0.9.8/squeeze openssl/squeeze : updated

comment:60 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 9.45 to 9.7

Lots of updates on puffin:

2013-02-23      chris
        *       apt-show-versions/squeeze base-files/squeeze bind9-host/squeeze dbus/squeeze dbus-x11/squeeze dnsutils/squeeze firmware-linux-free/squeeze gzip/squeeze libbind9-60/squeeze libcups2/squeeze libcupsimage2/squeeze libdbus-1-3/squeeze libdbus-glib-1-2/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze libldap-2.4-2/squeeze libldap2-dev/squeeze liblwres60/squeeze libperl5.10/squeeze libpoppler5/squeeze libxenstore3.0/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze poppler-utils/squeeze ssh/squeeze : updated

2013-02-21      chris
        *       libpq5/squeeze : updated

penguin:

2013-02-23      chris
        *       apt-show-versions/squeeze base-files/squeeze dbus/squeeze firmware-linux-free/squeeze gzip/squeeze libcgi-fast-perl/squeeze libdbus-1-3/squeeze libldap-2.4-2/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze tzdata/squeeze : updated

quince:

2013-02-23      chris
        *       apt-show-versions/squeeze base-files/squeeze bind9-host/squeeze dbus/squeeze dbus-x11/squeeze dnsutils/squeeze gzip/squeeze libbind9-60/squeeze libcups2/squeeze libcupsimage2/squeeze libdbus-1-3/squeeze libdbus-glib-1-2/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze libldap-2.4-2/squeeze liblwres60/squeeze libnautilus-extension1/squeeze libperl5.10/squeeze linux-libc-dev/squeeze openssh-client/squeeze openssh-server/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze ssh/squeeze tzdata/squeeze : updated

2013-02-20      chris
        *       libpq5/squeeze : updated

comment:61 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 9.7 to 9.95

Debian upgrades, puffin:

2013-02-26      chris
        *       firmware-linux-free/squeeze libopenjpeg2/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated

Penguin:

2013-02-26      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze : updated

Quince:

2013-02-26      chris
        *       linux-libc-dev/squeeze : updated

comment:62 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 9.95 to 10.05

Puffin debian security update:

2013-03-02      chris
        *       libxenstore3.0/squeeze : updated
Last edited 4 years ago by chris (previous) (diff)

comment:63 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 10.05 to 10.3
  • Description modified (diff)

Puffin updates:

2013-03-04      chris
        *       libxenstore3.0/squeeze php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated

Penguin:

2013-03-04      chris
        *       php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-mysql/squeeze : updated

I also installed the apt and apt_all munin plugins on both servers:

2013-03-04      chris
        *       /etc/munin/plugins : ln -s /usr/share/munin/plugins/apt_all
        *       /etc/munin/plugins : ln -s /usr/share/munin/plugins/apt

comment:64 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 10.3 to 10.55

Puffin:

2013-03-09      chris
        *       sudo/squeeze : updated

Penguin:

2013-03-09      chris
        *       sudo/squeeze : updated

comment:65 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 10.55 to 10.8

Puffin:

2013-03-09      root
        *       libperl5.10/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze : updated

Penguin:

2013-03-09      chris
        *       libcgi-fast-perl/squeeze perl/squeeze perl-base/squeeze perl-modules/squeeze : updated

comment:66 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 10.8 to 11.05

New version of !MariaDB on puffin:

2013-03-12      chris
        *       libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated

comment:67 Changed 4 years ago by jim

  • Cc laura, jim removed

I don't need to know about these, nor does Laura I assume...

comment:68 Changed 4 years ago by chris

  • Cc ed added; chris removed

Thanks for checking the cc field, I have added Ed, I hadn't realised he wasn't getting these, he can remove himself if he wants.

comment:69 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 11.05 to 11.15

Puffin update:

2013-03-15      chris
        *       libvirt0/squeeze : updated

comment:70 Changed 4 years ago by chris

Puffin:

2013-03-17      chris
        *       libvirt0/squeeze : updated

comment:71 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 11.15 to 11.25

Penguin:

2013-03-26      chris
        *       libxml2/squeeze : updated

Puffin:

2013-03-26      chris
        *       libxml2/squeeze libxml2-dev/squeeze libxml2-utils/squeeze : updated

comment:72 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.15
  • Total Hours changed from 11.25 to 11.4

Penguin updates:

2013-03-26      chris
        *       php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated

Puffin updates:

2013-03-26      chris
        *       php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated

The restart of php-fpm that these updates required caused some 502 errors, see ticket:483#comment:52

comment:73 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 11.4 to 11.5

Puffin security updates:

2013-03-30      chris
        *       bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated

comment:74 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 11.5 to 11.75

Puffin updates:

2013-04-03      chris
        *       libxslt1-dbg/squeeze libxslt1-dev/squeeze libxslt1.1/squeeze : updated

Penguin updates:

2013-04-03      chris
        *       libxslt1.1/squeeze : updated

comment:75 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 11.75 to 11.85

Puffin update:

2013-04-04      chris
        *       libpq5/squeeze : updated

comment:76 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 11.85 to 11.95

Puffin update:

2013-04-18      chris
        *       libxenstore3.0/squeeze : updated

comment:77 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 11.95 to 12.2

Penguin updates, applied manually, see the note here for the reason wiki:PenguinServer#Updates

2013-04-20      chris
        *       libossp-uuid16{a} : installed
        *       munin/squeeze-backports munin-common/squeeze-backports munin-doc/squeeze-backports munin-node/squeeze-backports munin-plugins-core/squeeze-backports munin-plugins-extra/squeeze-backports nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated

comment:78 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 12.2 to 12.45

curl security update, http://lists.debian.org/debian-security-announce/2013/msg00070.html updates applied to penguin:

2013-04-20      chris
        *       libcurl3-gnutls/squeeze : updated

And to puffin:

2013-04-20      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openssl-dev/squeeze : updated

comment:79 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 12.45 to 12.7

New version of PHP 5.3.24, see:

Puffin updates:

2013-04-22      chris
        *       php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated

And Penguin:

2013-04-22      chris
        *       php-pear php5 php5-apc php5-cli php5-common php5-fpm php5-gd php5-mysql : updated

comment:80 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.5
  • Total Hours changed from 12.7 to 13.2

New version of Nginx:

Nginx 1.4.1 has been released on May 7th 2013, with the fix for the stack-based buffer overflow security problem in nginx 1.3.9 – 1.4.0, discovered by Greg MacManus, of iSIGHT Partners Labs (CVE-2013-2028).

http://www.dotdeb.org/2013/05/07/security-nginx-1-4-1/

This is a serious bug "potentially resulting in arbitrary code execution" http://seclists.org/oss-sec/2013/q2/290

Penguin (upgrade didn't work for reasons I don't quite understand, so I had to install the packaged over the top of the existing ones):

aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze

Puffin:

aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze

After this there were a series of Nginx config errors and multiple lines, mostly related to serving mp4 and flv files and uploadprogress had to be commented out before Nginx would start, this resulted in a few mins of downtime:

nginx: [emerg] unknown directive "upload_progress" in /etc/nginx/conf.d/aegir.conf:105

nginx: [emerg] unknown directive "upload_progress" in /etc/nginx/conf.d/aegir.conf:105

nginx: [emerg] unknown directive "upload_progress_java_output" in /data/disk/tn/config/includes/nginx_octopus_include.conf:154

nginx: [emerg] unknown directive "report_uploads" in /data/disk/tn/config/includes/nginx_octopus_include.conf:155

nginx: [emerg] unknown directive "flv" in /data/disk/tn/config/includes/nginx_octopus_include.conf:514

nginx: [emerg] unknown directive "mp4" in /data/disk/tn/config/includes/nginx_octopus_include.conf:526

nginx: [emerg] unknown directive "mp4_buffer_size" in /data/disk/tn/config/includes/nginx_octopus_include.conf:528

nginx: [emerg] unknown directive "mp4_max_buffer_size" in /data/disk/tn/config/includes/nginx_octopus_include.conf:529

nginx: [emerg] unknown directive "track_uploads" in /data/disk/tn/config/includes/nginx_octopus_include.conf:773

nginx: [emerg] unknown directive "upload_progress_json_output" in /data/disk/tn/config/includes/nginx_modern_include.conf:154

nginx: [emerg] unknown directive "report_uploads" in /data/disk/tn/config/includes/nginx_modern_include.conf:155

nginx: [emerg] unknown directive "flv" in /data/disk/tn/config/includes/nginx_modern_include.conf:514

nginx: [emerg] unknown directive "mp4" in /data/disk/tn/config/includes/nginx_modern_include.conf:526

nginx: [emerg] unknown directive "mp4_buffer_size" in /data/disk/tn/config/includes/nginx_modern_include.conf:528

nginx: [emerg] unknown directive "mp4_max_buffer_size" in /data/disk/tn/config/includes/nginx_modern_include.conf:529

nginx: [emerg] unknown directive "track_uploads" in /data/disk/tn/config/includes/nginx_modern_include.conf:773

nginx: [emerg] unknown directive "flv" in /var/aegir/config/includes/nginx_compact_include.conf:67

nginx: [emerg] unknown directive "mp4" in /var/aegir/config/includes/nginx_compact_include.conf:79

nginx: [emerg] unknown directive "mp4_buffer_size" in /var/aegir/config/includes/nginx_compact_include.conf:81

nginx: [emerg] unknown directive "mp4_max_buffer_size" in /var/aegir/config/includes/nginx_compact_include.conf:82

nginx: [emerg] unknown directive "upload_progress_json_output" in /var/aegir/config/includes/nginx_modern_include.conf:154

nginx: [emerg] unknown directive "report_uploads" in /var/aegir/config/includes/nginx_modern_include.conf:155

nginx: [emerg] unknown directive "flv" in /var/aegir/config/includes/nginx_modern_include.conf:514

nginx: [emerg] unknown directive "mp4" in /var/aegir/config/includes/nginx_modern_include.conf:526

nginx: [emerg] unknown directive "mp4_buffer_size" in /var/aegir/config/includes/nginx_modern_include.conf:528

nginx: [emerg] unknown directive "mp4_max_buffer_size" in /var/aegir/config/includes/nginx_modern_include.conf:529

nginx: [emerg] unknown directive "track_uploads" in /var/aegir/config/includes/nginx_modern_include.conf:773

All the lines that cause errors above were commented out, when we work out what went wrong and fix the problem they will need uncommenting.

There was also this error:

nginx: [emerg] could not build the variables_hash, you should increase either variables_hash_max_size: 512 or variables_hash_bucket_size: 64

This was fixed by adding the following to the http section of /etc/nginx/nginx.conf:

  variables_hash_max_size 1024;
  variables_hash_bucket_size 128;

After these config changed Nginx started OK.

comment:81 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 13.2 to 13.45

It looks like we need to have the nginx-extras package installed rather than nginx-full, the results of aptitude show nginx-full:

Description: nginx web/proxy server (standard version)

Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to
reduce the load on back-end HTTP or mail servers.


This package provides a version of nginx with the complete set of standard modules included (but omitting some of those included in nginx-extras).


STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Charset, Empty GIF, FastCGI, Geo, Gzip, Headers, Index, Limit Requests, Limit Zone, Log, Map,
Memcached, Proxy, Referer, Rewrite, SCGI, Split Clients, SSI, Upstream, User ID, UWSGI.


OPTIONAL HTTP MODULES: Addition, Debug, GeoIP, Gzip Precompression, HTTP Sub, Image Filter, IPv6, Real IP, SSL, Stub Status, Substitution, WebDAV, XSLT.


MAIL MODULES: Mail Core, IMAP, POP3, SMTP, SSL.


THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, Upstream Fair Queue.


MODULES ADDED BY DOTDEB : File AIO, Secure link, Syslog, Cache purge, Pinba, HTTP substitution filter, X-rid header

Homepage: http://nginx.net

And aptitude show nginx-extras:

Description: nginx web/proxy server (extended version)

Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to
reduce the load on back-end HTTP or mail servers.


This package provides a version of nginx with the standard modules, plus extra features and modules such as the Perl module, which allows the addition of Perl in
configuration files.


STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Charset, Empty GIF, FastCGI, Geo, Gzip, Headers, Index, Limit Requests, Limit Zone, Log, Map,
Memcached, Proxy, Referer, Rewrite, SCGI, Split Clients, SSI, Upstream, User ID, UWSGI.


OPTIONAL HTTP MODULES: Addition, Debug, Embedded Perl, FLV, GeoIP, Gzip Precompression, Image Filter, IPv6, MP4, Random Index, Real IP, Secure Link, SSL, Stub
Status, Substitution, WebDAV, XSLT.


MAIL MODULES: Mail Core, IMAP, POP3, SMTP, SSL.


THIRD PARTY MODULES: Auth PAM, Cache purge, DAV Ext, Echo, Embedded Lua, HttpHeadersMore?, http push, Nginx Development Kit, Upload Progress, Upstream Fair Queue.


MODULES ADDED BY DOTDEB : File AIO, Syslog, Pinba, HTTP Gunzip , HTTP substitution filter, X-rid header

Homepage: http://nginx.net

So:

aptitude install nginx-extras

The following packages have unmet dependencies:
  nginx-full: Conflicts: nginx-extras but 1.4.1-1~dotdeb.0 is to be installed.
  nginx-extras: Conflicts: nginx-full but 1.4.1-1~dotdeb.0 is installed.
Internal error: found 2 (choice -> promotion) mappings for a single choice.
The following actions will resolve these dependencies:

     Remove the following packages:
1)     nginx                       
2)     nginx-full                  



Accept this solution? [Y/n/q/?] Y

The following NEW packages will be installed:
  nginx-extras 
The following packages will be REMOVED:
  nginx{a} nginx-full{a} 
0 packages upgraded, 1 newly installed, 2 to remove and 0 not upgraded.
Need to get 666 kB of archives. After unpacking 381 kB will be used.
Do you want to continue? [Y/n/?] Y

After that all the lines that were commented out in ticket:218#comment:80 were uncommented and nginx was restarted.

comment:82 follow-up: ↓ 83 Changed 4 years ago by jim

Chris, any reason why you're not using the proper installer? You risk borking BOA if you do these piecemeal updates. From http://drupalcode.org/project/barracuda.git/blob/HEAD:/docs/UPGRADE.txt

### NOTE: You can append "system" as a last argument to the barracuda
command, and it will upgrade only the system, without running
Aegir Master Instance upgrade, plus it will write the output
to the file instead of to the console:

/var/backups/reports/up/barracuda/*

Example:
  barracuda up-stable system

FYI note this commit: http://drupalcode.org/project/barracuda.git/blobdiff/97cbf82a1e30d4e040b0ddbf514c2a83da10fccc..043fb3e1a9d9e2f32fd8d6f9bab428ea03319b13:/BARRACUDA.sh.txt

The change to BARRACUDA.sh.txt that sets the NGINX version is there, so if you ran the meta installer, then edited the script, you could have set _NGINX_VERSION to whatever you wanted.

I'd expect the new 1.4.1 version will be reflected in the BOA scripts pretty soon.

These errors are almost certainly of an issue caused by this non-standard (for BOA) update process you followed.

comment:83 in reply to: ↑ 82 Changed 4 years ago by chris

Replying to jim:

Chris, any reason why you're not using the proper installer?

I didn't realise I wasn't supposed to be doing security update using aptitude / apt-get. I do remember asking a question about this some time ago on one of the Trac tickets but I guess it got missed.

My concern about running the whole installer each time there is a new debian package out is that it takes the site down for around 20 / 30 mins while the installer runs -- is this really what we should be doing for every debian update?

comment:84 Changed 4 years ago by jim

Yes, you absolutely need to use the proper scripts! This bit me in the ass long ago, it's absolutely worth sticking to.

And as quoted above, the barracuda up-stable system just does a managed apt-get update for system only.. give that a whirl next time.

comment:85 Changed 4 years ago by jim

As expected, the BOA team are already looking at/fixing the NGINX update: Nginx 1.5.0 - security upgrade for CVE-2013-2028.

Again, worth letting the updates settle for a few days and either running 'barracuda up-head' soon, or waiting for 2.0.9 to go for a stable version.

comment:86 Changed 4 years ago by ed

  • Milestone changed from Phase 5 to Maintenance

comment:87 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 13.45 to 13.7

PHP was updated on penguin earlier today:

2013-05-12      chris
        *       php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated

Info on the new version, "These releases fix about 10 bugs as well as upgrading the bundled libmagic library.": http://www.dotdeb.org/2013/05/12/php-5-4-15-php-5-3-25-for-wheezy-squeeze/

comment:88 follow-up: ↓ 89 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 13.7 to 13.95

New debian kernel, I haven't seen an announcement for the reason for it, Parrot updates:

2013-05-14      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated

Penguin updates:

2013-05-14      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze : updated

Puffin:

2013-05-14      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated

I didn't run the BOA script to update Puffin as I didn't see the point in making the site unavailable for 30 mins.

I haven't done a reboot yet so the servers will still be using the old kernel, I'll do the reboot later in the night when the site has less traffic.

comment:89 in reply to: ↑ 88 Changed 4 years ago by jim

Replying to chris:

I didn't run the BOA script to update Puffin as I didn't see the point in making the site unavailable for 30 mins.

I already mentioned earlier:

  • barracuda up-stable = (re)install Barracuda, PHP, MySQL, Redis etc etc.
  • barracuda up-stable system = Just manages apt-get/aptitude updates so as not to override/upset BOA.

Have you tried the latter? It should be much less than 30 minutes as it's not installing/updating the whole stack. Try it!

comment:90 Changed 4 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 13.95 to 14.2

Parrot updates:

2013-05-23      chris
        *       libxcb-render0/squeeze libxcb1/squeeze libxcursor1/squeeze libxext6/squeeze libxfixes3/squeeze libxi6/squeeze libxinerama1/squeeze libxrandr2/squeeze libxrender1/squeeze : updated

Penguin updates:

2013-05-23      chris
        *       libxcb-render0/squeeze libxcb-shm0/squeeze libxcb1/squeeze libxext6/squeeze libxrender1/squeeze : updated

These are the outstanding updates on puffin, a mixture of debian X11 updates and a new version of mariadb:

libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze libxcb-render0/squeeze libxcb-render0-dev/squeeze libxcb1/squeeze libxcb1-dev/squeeze libxcursor-dev/squeeze libxcursor1/squeeze libxext-dev/squeeze libxext6/squeeze libxfixes-dev/squeeze libxfixes3/squeeze libxi-dev/squeeze libxi6/squeeze libxinerama-dev/squeeze libxinerama1/squeeze libxp6/squeeze libxrandr-dev/squeeze libxrandr2/squeeze libxrender-dev/squeeze libxrender1/squeeze libxres1/squeeze libxt-dev/squeeze libxt6/squeeze libxtst6/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze

I've very reluctant to update the server the way Jim wishes in ticket:218#comment:89 as I expect this would take the site off line for 30 mins and also potentially overwrite the fix Jim applied on ticket:548#comment:21 to solve the problems caused with the last BOA update, ticket:547#comment:4

barracuda up-stable system

  Please update installers on your system
  using BOA Meta Installer and try again.

  $ wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
  $ bash BOA.sh.txt

So, Jim -- is it OK to use the normal debian tools or is it essential to do a BOA update?

comment:91 follow-up: ↓ 92 Changed 3 years ago by jim

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 14.2 to 14.3

barracuda up-stable system takes ~7 mins on my system, and certainly only a fraction of that is downtime.

And YES, you do need to use barracuda to update the system because it's not just about the packages in Debian/apt -- the whole stack works together and pulls from sources outside the usual package sources. If you run an apt update and it changes a BOA stack component, there's chance it'll downgrade packages, break dependencies, overwrite config, stop services, disconnect things and generally bugger it up. Or you might be lucky, but it's not a risk we should be taking. It's a tuned stack after all.

FYI I think as of 2.0.9 you can schedule auto-updates for the system -- you might want to check the documentation and have a think.

Also barracuda up-stable system is pretty much automated -- it waits a bit (for crons I imagine) then does it all and emails you. Downtime should be minimal, so run it from screen and see what you think.

comment:92 in reply to: ↑ 91 Changed 3 years ago by chris

Replying to jim:

you do need to use barracuda to update the system

OK, I'm going to run it now.

comment:93 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 14.3 to 14.55

Puffin upgrade:

barracuda up-stable system

  Please update installers on your system
  using BOA Meta Installer and try again.

  $ wget -q -U iCab http://files.aegir.cc/BOA.sh.txt
  $ bash BOA.sh.txt

wget -q -U iCab http://files.aegir.cc/BOA.sh.txt

  BOA Meta Installer setup completed
  Please check INSTALL.txt and UPGRADE.txt at http://bit.ly/boa-docs for how-to
  Bye

barracuda up-stable system
  waiting 142 sec

  REPORT: Successful Barracuda upgrade on puffin.webarch.net sent to chris@webarchitects.co.uk

  BARRACUDA upgrade completed
  Bye

OK, that wasn't as bad as I was expecting, it took 9 mins and although it doesn't tell you what it is doing if you tail -f /var/log/syslog you can see what is going on.

This is the content of the email it sent out:

To: chris@webarchitects.co.uk
Subject: REPORT: Successful Barracuda upgrade on puffin.webarch.net at 130524-1036


Barracuda [Fri May 24 10:38:35 BST 2013] ==> BOA Skynet welcomes you aboard!

Barracuda [Fri May 24 10:38:40 BST 2013] ==> INFO: UPGRADE
Barracuda [Fri May 24 10:38:40 BST 2013] ==> INFO: Reading your /root/.barracuda.cnf config file
Barracuda [Fri May 24 10:38:41 BST 2013] ==> NOTE! Please review all config options displayed below
Barracuda [Fri May 24 10:38:41 BST 2013] ==> NOTE! It will *override* all settings in the Barracuda script

###
### Configuration created on 121215-1545
### with Barracuda version BOA-2.0.4
###
### NOTE: the group of settings displayed bellow will *not* be overriden
### on upgrade by the Barracuda script nor by this configuration file.
### They can be defined only on initial Barracuda install.
###
_HTTP_WILDCARD=YES
_MY_OWNIP="81.95.52.103"
#_MY_OWNIP=""
_MY_HOSTN="puffin.webarch.net"
#_MY_HOSTN=""
_MY_FRONT="master.puffin.webarch.net"
_THIS_DB_HOST=localhost
#_THIS_DB_HOST=FQDN
_SMTP_RELAY_TEST=YES
_SMTP_RELAY_HOST=""
_LOCAL_NETWORK_IP=""
_LOCAL_NETWORK_HN=""
###
### NOTE: the group of settings displayed bellow
### will *override* all listed settings in the Barracuda script,
### both on initial install and upgrade.
###
_MY_EMAIL="chris@webarchitects.co.uk"
_XTRAS_LIST="PDS CSF CHV"
_AUTOPILOT=YES
_DEBUG_MODE=NO
_DB_SERVER=MariaDB
_SSH_PORT=22
_LOCAL_DEBIAN_MIRROR="ftp.debian.org"
_LOCAL_UBUNTU_MIRROR="archive.ubuntu.com"
_FORCE_GIT_MIRROR=""
_DNS_SETUP_TEST=YES
_NGINX_EXTRA_CONF=""
_NGINX_WORKERS=AUTO
_PHP_FPM_WORKERS=AUTO
_BUILD_FROM_SRC=NO
_PHP_MODERN_ONLY=YES
_PHP_FPM_VERSION=5.3
_PHP_CLI_VERSION=5.3
_LOAD_LIMIT_ONE=1444
_LOAD_LIMIT_TWO=888
_CUSTOM_CONFIG_CSF=NO
_CUSTOM_CONFIG_SQL=NO
_CUSTOM_CONFIG_REDIS=NO
_CUSTOM_CONFIG_PHP_5_2=NO
_CUSTOM_CONFIG_PHP_5_3=NO
_SPEED_VALID_MAX=3600
_NGINX_DOS_LIMIT=300
_SYSTEM_UPGRADE_ONLY=YES
_USE_MEMCACHED=NO
_NEWRELIC_KEY=
_USE_STOCK=NO
###
### Configuration created on 121215-1545
### with Barracuda version BOA-2.0.4
###
### JK reinstall PHP
_EXTRA_PACKAGES=
_PHP_EXTRA_CONF=""
_STRONG_PASSWORDS=NO
_DB_BINARY_LOG=NO
_DB_ENGINE=InnoDB
_NGINX_LDAP=NO
_PHP_GEOS=NO
_PHP_MONGODB=NO
_AEGIR_UPGRADE_ONLY=NO

Barracuda [Fri May 24 10:38:43 BST 2013] ==> INFO: Testing GitHub, Drupal and Gitorious servers availability, please wait...
Barracuda [Fri May 24 10:38:44 BST 2013] ==> INFO: GitHub mirror repository will be used for this install
Barracuda [Fri May 24 10:38:44 BST 2013] ==> INFO: Downloading little helpers, please wait...
Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Checking BARRACUDA version...
Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Version test result: OK
Barracuda [Fri May 24 10:38:45 BST 2013] ==> INFO: Checking your Debian or Ubuntu version...

Barracuda [Fri May 24 10:38:48 BST 2013] ==> Aegir with Nginx on Debian/squeeze - Skynet Agent v.BOA-2.0.9

Barracuda [Fri May 24 10:38:52 BST 2013] ==> UPGRADE START -> checkpoint:                                                                                                     
                                                                                                                                                                              
  * Your e-mail address appears to be chris@webarchitects.co.uk - is that correct?                                                                                            
  * Your server hostname is puffin.webarch.net.
  * Your Aegir control panel is/will be available at https://master.puffin.webarch.net.


Barracuda [Fri May 24 10:38:52 BST 2013] ==> INFO: Cleaning up temp files in /var/opt/
Barracuda [Fri May 24 10:38:54 BST 2013] ==> INFO: Updating apt sources
Barracuda [Fri May 24 10:38:56 BST 2013] ==> INFO: We will use Debian mirror ftp.debian.org
Barracuda [Fri May 24 10:39:00 BST 2013] ==> INFO: Running aptitude update, please wait...
Barracuda [Fri May 24 10:39:10 BST 2013] ==> INFO: Upgrading required libraries and tools
Barracuda [Fri May 24 10:39:10 BST 2013] ==> NOTE! This step may take a few minutes, please wait...
Barracuda [Fri May 24 10:39:44 BST 2013] ==> INFO: Testing Nginx version...
Barracuda [Fri May 24 10:39:46 BST 2013] ==> INFO: Installed Nginx version nginx/1.5.0, no upgrade required
Barracuda [Fri May 24 10:39:48 BST 2013] ==> INFO: Checking for Linux/Cdorked.A malware, please wait...
Barracuda [Fri May 24 10:39:52 BST 2013] ==> INFO: No Linux/Cdorked.A malware traces found - system clean
Barracuda [Fri May 24 10:39:52 BST 2013] ==> INFO: Running aptitude full-upgrade again, please wait...
Barracuda [Fri May 24 10:42:30 BST 2013] ==> INFO: Testing Nginx version...
Barracuda [Fri May 24 10:42:32 BST 2013] ==> INFO: Installed Nginx version nginx/1.5.0, no upgrade required
Barracuda [Fri May 24 10:42:35 BST 2013] ==> INFO: Checking for Linux/Cdorked.A malware, please wait...
Barracuda [Fri May 24 10:42:37 BST 2013] ==> INFO: No Linux/Cdorked.A malware traces found - system clean
Barracuda [Fri May 24 10:42:37 BST 2013] ==> INFO: Checking SMTP connections, please wait...
Barracuda [Fri May 24 10:42:39 BST 2013] ==> INFO: Upgrading a few more tools, please wait...
Barracuda [Fri May 24 10:42:43 BST 2013] ==> INFO: Checking if PHP upgrade is available
Barracuda [Fri May 24 10:42:45 BST 2013] ==> INFO: Installed PHP version 5.3.25-1~dotdeb.0, no upgrade required
Barracuda [Fri May 24 10:42:51 BST 2013] ==> INFO: Installed Redis version 2.6.13, no upgrade/rebuild required
Barracuda [Fri May 24 10:42:53 BST 2013] ==> INFO: OS and services upgrade completed

Barracuda [Fri May 24 10:42:55 BST 2013] ==> INFO: Aegir Master Instance upgrade skipped

Barracuda [Fri May 24 10:42:56 BST 2013] ==> INFO: Installing extra Drush versions
Barracuda [Fri May 24 10:42:59 BST 2013] ==> INFO: Drush 4 installation complete
Barracuda [Fri May 24 10:43:00 BST 2013] ==> INFO: Drush 5 installation complete
Barracuda [Fri May 24 10:43:02 BST 2013] ==> INFO: Drush 6 installation complete
Barracuda [Fri May 24 10:43:08 BST 2013] ==> INFO: Generating random password for Redis server
Barracuda [Fri May 24 10:43:09 BST 2013] ==> INFO: Restarting Redis and PHP-FPM, reloading Nginx
Barracuda [Fri May 24 10:43:17 BST 2013] ==> INFO: Restarting MariaDB server

Barracuda [Fri May 24 10:43:31 BST 2013] ==> INFO: New random password for MariaDB generated and stored in /root/.my.pass.txt
Barracuda [Fri May 24 10:43:33 BST 2013] ==> INFO: New entry added to /var/log/barracuda_log.txt

Barracuda [Fri May 24 10:43:36 BST 2013] ==> CARD: Now charging your credit card for this automated upgrade service...
Barracuda [Fri May 24 10:43:42 BST 2013] ==> JOKE: Just kidding! Enjoy your Aegir Hosting System :)

Barracuda [Fri May 24 10:43:46 BST 2013] ==> Final post-upgrade cleaning, please wait a moment...
Barracuda [Fri May 24 10:43:57 BST 2013] ==> BYE!

comment:94 Changed 3 years ago by jim

Good stuff!

And the wait time before it gets going is really annoying, raised this: https://drupal.org/node/2002678. Minor but important for sanity!

comment:95 follow-up: ↓ 96 Changed 3 years ago by ed

Since this happened I am locked out of admin functions again as per #548

comment:96 in reply to: ↑ 95 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.05
  • Total Hours changed from 14.55 to 14.6

Replying to ed:

Since this happened I am locked out of admin functions again as per #548

very sorry, this has been fixed, see: ticket:548#comment:34

comment:97 Changed 3 years ago by ed

working; tested; thanks for quick response

comment:98 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 14.6 to 14.85

Parrot updates:

2013-05-25      chris
        *       libx11-6/squeeze libx11-data/squeeze : updated

Penguin updates:

2013-05-25      chris
        *       libx11-6/squeeze libx11-data/squeeze : updated

Puffin updates:

2013-05-25      chris
        *       libx11-6/squeeze libx11-data/squeeze libx11-dev/squeeze : updated

comment:99 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.15
  • Total Hours changed from 14.85 to 15.0

The debian system updates done on ticket:218#comment:93 using "barracuda up-stable system" resulted in some munin stats being broken, this was fixed by editing these lines in /opt/local/etc/php53-fpm.conf

pm.status_path = /status
ping.path = /ping

and then reloading /etc/init.d/php53-fpm. The documentation here has been updated: wiki:PuffinServer#SystemUpdates

comment:100 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 15.0 to 15.25

Debian updates on parrot:

2013-06-02      chris
        *       libgssapi-krb5-2/squeeze libk5crypto3/squeeze libkrb5-3/squeeze libkrb5support0/squeeze : updated

And penguin:

2013-06-02      chris
        *       libgssapi-krb5-2/squeeze libk5crypto3/squeeze libkrb5-3/squeeze libkrb5support0/squeeze : updated

And puffin:

2013-06-02      chris
        *       krb5-multidev/squeeze libgssapi-krb5-2/squeeze libgssrpc4/squeeze libk5crypto3/squeeze libkadm5clnt-mit7/squeeze libkadm5srv-mit7/squeeze libkdb5-4/squeeze libkrb5-3/squeeze libkrb5-dev/squeeze libkrb5support0/squeeze : updated

These were all done late last night.

comment:101 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 15.25 to 15.5

Parrot upgrades:

2013-06-09      chris
        *       libsvn1/squeeze subversion/squeeze : updated

Penguin upgrades:

2013-06-09      chris
        *       libsvn1/squeeze php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze python-subversion/squeeze subversion/squeeze : updated

Puffin upgrades:

2013-06-09      chris
        *       libsvn1/squeeze php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze subversion/squeeze : updated

comment:102 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 15.5 to 15.75

Parrot updates:

2013-06-18      chris
        *       libtiff4/squeeze : updated

Puffin updates:

2013-06-18      chris
        *       libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze : updated

comment:103 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 15.75 to 16.0

Puffin updates:

2013-06-24      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openssl-dev/squeeze : updated

Penguin:

2013-06-24      chris
        *       libcurl3-gnutls/squeeze : updated

Parrot:

2013-06-24      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated

comment:104 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 16.0 to 16.25

Puffin update, see http://lists.debian.org/debian-security-announce/2013/msg00131.html

2013-07-11      chris
        *       libpoppler5/squeeze poppler-utils/squeeze : updated

comment:105 Changed 3 years ago by chris

Parrot update:

2013-07-17      chris
        *       libapache2-mod-php5/squeeze php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-gd/squeeze php5-intl/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-xmlrpc/squeeze : updated

comment:106 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 16.25 to 16.5

Oops, forgot to record time against the update on ticket:218#comment:105 it's also worth nothing that the details:

It was discovered that PHP could perform an invalid free request when
processing crafted XML documents, corrupting the heap and potentially
leading to arbitrary code execution. Depending on the PHP
application, this vulnerability could be exploited remotely.

http://lists.debian.org/debian-security-announce/2013/msg00133.html

Puffin and Penguin are both running PHP 5.3.26-1~dotdeb.0 from http://www.dotdeb.org/

I'm not exactly sure why these servers haven't updated to the latest version: http://www.dotdeb.org/2013/07/06/php-5-4-17-for-wheezy-and-squeeze/

comment:107 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 16.5 to 16.75

Penguin upgrades:

2013-07-23      chris
        *       munin/squeeze-backports munin-common/squeeze-backports munin-doc/squeeze-backports munin-node/squeeze-backports munin-plugins-core/squeeze-backports munin-plugins-extra/squeeze-backports : updated

comment:108 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 16.75 to 17.0

Puffin openjdk-6 security update, http://lists.debian.org/debian-security-announce/2013/msg00137.html

2013-07-25      chris
        *       openjdk-6-jdk/squeeze openjdk-6-jre/squeeze openjdk-6-jre-headless/squeeze openjdk-6-jre-lib/squeeze : updated

comment:109 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 17.0 to 17.25

New http://dotdeb.org/ PHP 5.3.27 for Debian Squeeze, http://www.dotdeb.org/2013/07/25/php-5-3-27-for-squeeze/

Penguin updates:

2013-07-25      chris
        *       php-pear/squeeze php5/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-fpm/squeeze php5-gd/squeeze php5-mysql/squeeze : updated

Puffin updates:

2013-07-25      chris
        *       php-pear/squeeze php5-apc/squeeze php5-cli/squeeze php5-common/squeeze php5-curl/squeeze php5-dev/squeeze php5-fpm/squeeze php5-gd/squeeze php5-geoip/squeeze php5-gmp/squeeze php5-imagick/squeeze php5-imap/squeeze php5-ldap/squeeze php5-mcrypt/squeeze php5-mysql/squeeze php5-sqlite/squeeze php5-xmlrpc/squeeze php5-xsl/squeeze : updated

comment:110 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 17.25 to 17.5

Bind update, http://lists.debian.org/debian-security-announce/2013/msg00138.html

Parrot:

2013-07-27      chris
        *       bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated

Puffin:

2013-07-27      chris
        *       bind9-host/squeeze dnsutils/squeeze libbind9-60/squeeze libdns69/squeeze libisc62/squeeze libisccc60/squeeze libisccfg62/squeeze liblwres60/squeeze : updated

comment:111 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 17.5 to 17.75

Parrot updates:

2013-07-29      chris
        *       gnupg/squeeze gpgv/squeeze libgcrypt11/squeeze : updated

Penguin updates:

2013-07-29      chris
        *       gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze libgcrypt11/squeeze : updated

Puffin updates:

2013-07-29      chris
        *       gnupg/squeeze gpgv/squeeze libgcrypt11/squeeze : updated

comment:112 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 17.75 to 18.0

Parrot updates:

013-08-27      chris
        *       libapache2-mod-php5/squeeze php-pear/squeeze php5/squeeze php5-cli/squeeze php5-common/squee
ze php5-curl/squeeze php5-dev/squeeze php5-gd/squeeze php5-intl/squeeze php5-mcrypt/squeeze php5-mysql/squee
ze php5-xmlrpc/squeeze : updated

comment:113 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 18.0 to 18.25

Puffin update:

2013-08-27      chris
        *       libtiff4/squeeze libtiff4-dev/squeeze libtiffxx0c2/squeeze : updated

Parrot:

2013-08-27      chris
        *       libtiff4/squeeze : updated

comment:114 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 18.25 to 18.5

Puffin !MySQL update, https://mariadb.com/kb/en/mariadb-5533-release-notes/

2013-09-18      chris
        *       libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated

comment:115 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 18.5 to 18.75

New version of !MariaDB https://mariadb.com/kb/en/mariadb-5533a-release-notes/

2013-09-23      chris
        *       libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-dev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated

comment:116 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 18.75 to 19.0
  • Summary changed from debian ugrades to debian upgrades and updates

wiki:PuffinServer updates:

2013-09-28      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze linux-tools-2.6.32/squeeze : updated

wiki:ParrotServer updates:

2013-09-28      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze linux-libc-dev/squeeze : updated

wiki:PenguinServer updates:

2013-09-28      chris
        *       firmware-linux-free/squeeze linux-base/squeeze linux-image-2.6.32-5-xen-amd64/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated

comment:117 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 19.0 to 19.25

New version of GPG, wiki:PenguinServer:

2013-10-10      chris
        *       gnupg/squeeze gnupg-curl/squeeze gpgv/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated

wiki:ParrotServer:

2013-10-10      chris
        *       gnupg/squeeze gpgv/squeeze : updated

wiki:PuffinServer:

2013-10-10      chris
        *       gnupg/squeeze gpgv/squeeze : updated

comment:118 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 19.25 to 19.5

Penguin Nginx updated, as per the note here, wiki:PenguinServer#Updates

a-up
 About to upgrade nginx/squeeze nginx-common/squeeze nginx-full/squeeze
 No packages will be installed, upgraded, or removed.
 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
 Need to get 0 B of archives. After unpacking 0 B will be used.
aptitude install nginx/squeeze nginx-common/squeeze nginx-full/squeeze
 The following packages will be upgraded: 
   nginx nginx-common nginx-full 
 3 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

comment:119 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 19.5 to 19.75

Security updates, wiki:PuffinServer:

2013-10-19      chris
        *       base-files/squeeze fancontrol/squeeze grep/squeeze libcdt4/squeeze li
bcgraph5/squeeze libgraph4/squeeze libgraphviz-dev/squeeze libgvc5/squeeze libgvpr1/s
queeze libmysqlclient16/squeeze libpathplan4/squeeze libsensors4/squeeze libsnmp-base
/squeeze libsnmp15/squeeze libxdot4/squeeze lm-sensors/squeeze openssh-client/squeeze
 openssh-server/squeeze ssh/squeeze tzdata/squeeze tzdata-java/squeeze : updated

wiki:PenguinServer:

2013-10-19      chris
        *       base-files/squeeze grep/squeeze libcdt4/squeeze libcgraph5/squeeze li
bgraph4/squeeze libgraphviz-dev/squeeze libgvc5/squeeze libgvpr1/squeeze libmysqlclie
nt-dev/squeeze libmysqlclient16/squeeze libpathplan4/squeeze libxdot4/squeeze mysql-c
lient-5.1/squeeze mysql-common/squeeze mysql-server-5.1/squeeze mysql-server-core-5.1
/squeeze openssh-client/squeeze openssh-server/squeeze tzdata/squeeze : updated

wiki:ParrotServer:

2013-10-19      chris
        *       base-files/squeeze grep/squeeze libmysqlclient16/squeeze mysql-client
-5.1/squeeze mysql-common/squeeze mysql-server/squeeze mysql-server-5.1/squeeze mysql
-server-core-5.1/squeeze openssh-client/squeeze openssh-server/squeeze tzdata/squeeze
 : updated

comment:120 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 19.75 to 20.0

wiki:PenguinServer updates:

2013-11-17      chris
        *       libcurl3-gnutls/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated

wiki:PuffinServer updates:

2013-11-17      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze libcurl4-openss
l-dev/squeeze : updated

wiki:ParrotServer update:

2013-11-17      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated

comment:121 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 20.0 to 20.25

wiki:PuffinServer updates:

2013-11-21      chris
        *       curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated

wiki:PenguinServer updates:

2013-11-21      chris
        *       libcurl3-gnutls/squeeze nginx/squeeze nginx-common/squeeze nginx-full/squeeze : updated

wiki:ParrotServer updates:

2013-11-21      chris
        *       curl/squeeze libcurl3/squeeze libcurl3-gnutls/squeeze : updated

comment:122 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 20.25 to 20.5

wiki:PuffinServer updates:

2013-11-21      chris
        *       libmariadbclient-dev/squeeze libmariadbclient18/squeeze libmariadbd-d
ev/squeeze libmysqlclient18/squeeze mariadb-client-5.5/squeeze mariadb-client-core-5.
5/squeeze mariadb-common/squeeze mariadb-server-5.5/squeeze mariadb-server-core-5.5/squeeze mysql-common/squeeze : updated

comment:123 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 20.5 to 20.75

wiki:PuffinServer:

2013-11-25      chris
        *       libnss3/wheezy libnss3-1d/wheezy : updated

comment:124 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 20.75 to 21.0

wiki:PuffinServer:

2013-12-03      chris
        *       libopenjpeg2/wheezy : updated

comment:125 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 21.0 to 21.25

wiki:PenguinServer updates:

2013-12-04      chris
        *       libruby1.8/squeeze libruby1.9.1/squeeze ruby1.8/squeeze ruby1.8-dev/squeeze ruby1.9.1/squeeze ruby1.9.1-dev/squeeze : updated

I also restarted the Webrick server for http://patterns.transitionresearchnetwork.org/

comment:126 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.15
  • Total Hours changed from 21.25 to 21.4

wiki:PuffinServer updates:

2013-12-09      chris
        *       libsmbclient/wheezy libwbclient0/wheezy samba-common/wheezy samba-common-bin/wheezy smbclient/wheezy : updated

comment:127 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 21.4 to 21.65

wiki:ParrotServer updates:

2013-12-09      chris
        *       munin-common/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated

wiki:PuffinServer updates:

2013-12-09      chris
        *       libvarnishapi1/wheezy : updated

2013-12-09      chris
        *       munin-common/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated

wiki:PenguinServer:

2013-12-09      chris
        *       munin/wheezy munin-common/wheezy munin-doc/wheezy munin-node/wheezy munin-plugins-core/wheezy munin-plugins-extra/wheezy : updated

Also these lines needed editing in /usr/share/munin/plugins/apt_all on all three servers:

#my @releases = ("stable", "testing","unstable");
my @releases = ("stable");

comment:128 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 21.65 to 21.9
  • Description modified (diff)
  • Summary changed from debian upgrades and updates to Debian upgrades and updates

PHP security updates, see http://lists.debian.org/debian-security-announce/2013/msg00230.html note thst wiki:PuffinServer doesn't have php from debs anymore, see ticket:629#comment:9.

wiki:ParrotServer:

2013-12-12      chris
        *       libapache2-mod-php5/wheezy php-pear/wheezy php5/wheezy php5-cli/wheezy php5-common/wheezy php5-curl/wheezy php5-dev/wheezy php5-gd/wheezy php5-intl/wheezy php5-mcrypt/wheezy php5-mysql/wheezy php5-xmlrpc/wheezy : updated

wiki:PenguinServer:

2013-12-12      chris
        *       php-pear/wheezy php5/wheezy php5-cli/wheezy php5-common/wheezy php5-fpm/wheezy php5-gd/wheezy php5-mysql/wheezy : updated

comment:129 Changed 3 years ago by chris

wiki:PenguinServer updates:

2013-12-14      chris
        *       apt/wheezy apt-utils/wheezy base-files/wheezy libapt-inst1.5/wheezy libapt-pkg4.12/wheezy libexpat1/wheezy libexpat1-dev/wheezy libnet-server-perl/wheezy librsvg2-2/wheezy librsvg2-common/wheezy tzdata/wheezy : updated

wiki:ParrotServer updates:

2013-12-14      chris
        *       apt/wheezy apt-utils/wheezy base-files/wheezy iftop/wheezy libapt-inst1.5/wheezy libapt-pkg4.12/wheezy libexpat1/wheezy libnet-server-perl/wheezy librsvg2-2/wheezy librsvg2-common/wheezy tzdata/wheezy : updated

The wiki:PuffinServer updates are being done on ticket:629#comment:12 and the time for this is being recorded there.

comment:130 Changed 3 years ago by chris

  • Description modified (diff)

comment:131 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 21.9 to 22.15

wiki:PenguinServer MySQL update:

013-12-16      chris
        *       libmysqlclient-dev/wheezy libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated

wiki:ParrotServer updates:

2013-12-16      chris
        *       libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated

comment:132 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 22.15 to 22.25

wiki:PuffinServer updates:

2013-12-17      chris
        *       libnspr4/wheezy libnspr4-0d/wheezy : updated

comment:133 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 22.25 to 22.5

GPG updates, see http://lists.debian.org/debian-security-announce/2013/msg00235.html

wiki:PuffinServer upgrades:

2013-12-18      chris
        *       gnupg-curl : installed
        *       gnupg/wheezy gpgv/wheezy : updated

wiki:PenguinServer upgrades:

2013-12-18      chris
        *       gnupg/wheezy gnupg-curl/wheezy gpgv/wheezy : updated

wiki:ParrotServer updates:

2013-12-18      chris
        *       gnupg-curl : installed
        *       gnupg/wheezy gpgv/wheezy : updated
Last edited 3 years ago by chris (previous) (diff)

comment:134 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.1
  • Total Hours changed from 22.5 to 22.6

Pixman security updates, see http://lists.debian.org/debian-security-announce/2013/msg00237.html

wiki:PuffinServer upgrades:

2013-12-18      chris
        *       libpixman-1-0/wheezy libpixman-1-dev/wheezy : updated

wiki:PenguinServer upgrades:

2013-12-18      chris
        *       libpixman-1-0/wheezy libpixman-1-dev/wheezy : updated

wiki:ParrotServer updates:

2013-12-18      chris
        *       libpixman-1-0/wheezy : updated

comment:135 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 22.6 to 22.85

[SECURITY] [DSA 2824-1] curl security update http://lists.debian.org/debian-security-announce/2013/msg00238.html

wiki:ParrotServer updates:

2013-12-19      chris
        *       curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy : updated

wiki:PuffinServer:

2013-12-19      chris
        *       curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated

wiki:PenguinServer:

2013-12-19      chris
        *       libcurl3-gnutls/wheezy : updated

comment:136 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 22.85 to 23.1

DenyHosts security update, http://lists.debian.org/debian-security-announce/2013/msg00240.html

wiki:ParrotServer:

2013-12-22      chris
        *       denyhosts/wheezy : updated

wiki:PenguinServer:

2013-12-22      chris
        *       denyhosts/wheezy : updated

comment:137 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 23.1 to 23.35

OpenSSL security update:

Multiple security issues have been fixed in OpenSSL: The TLS 1.2 support
was susceptible to denial of service and retransmission of DTLS messages
was fixed. In addition this updates disables the insecure Dual_EC_DRBG
algorithm (which was unused anyway, see
http://marc.info/?l=openssl-announce&m=138747119822324&w=2 for further
information) and no longer uses the RdRand? feature available on some
Intel CPUs as a sole source of entropy unless explicitly requested.

https://lists.debian.org/debian-security-announce/2014/msg00001.html

wiki:PuffinServer:

2014-01-01      chris
        *       libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated

wiki:PenguinServer:

2014-01-01      chris
        *       libssl1.0.0/wheezy openssl/wheezy : updated

wiki:ParrotServer:

2014-01-01      chris
        *       libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated
Version 0, edited 3 years ago by chris (next)

comment:138 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 23.35 to 23.6

wiki:PuffinServer devscripts security update https://lists.debian.org/debian-security-announce/2014/msg00004.html

014-01-05      chris
        *       devscripts/wheezy : updated

comment:139 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 23.6 to 23.85

OpenSSL security update, https://lists.debian.org/debian-security-announce/2014/msg00005.html

wiki:PuffinServer updates:

2014-01-07      chris                                                                        
*       libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated

wiki:PenguinServer updates:

2014-01-07      chris
        *       libssl1.0.0/wheezy openssl/wheezy : updated

wiki:ParrotServer updates:

2014-01-07      chris                                                                        *       libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy openssl/wheezy : updated

comment:140 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 23.85 to 24.1

Debian libxfont security update, https://lists.debian.org/debian-security-announce/2014/msg00006.html

wiki:PuffinServer:

2014-01-07      chris
        *       libxfont1/wheezy : updated

wiki:PenguinServer:

2014-01-07      chris
        *       libxfont1/wheezy : updated

comment:141 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 24.1 to 24.35

Graphviz security update https://lists.debian.org/debian-security-announce/2014/msg00011.html

wiki:PuffinServer:

2014-01-14      chris
        *       libcdt4/wheezy libcgraph5/wheezy libgraph4/wheezy libgraphviz-dev/wheezy libgvc5/wheezy libgvpr1/wheezy libpathplan4/wheezy libxdot4/wheezy : updated

wiki:PenguinServer:

2014-01-14      chris
        *       libcdt4/wheezy libgraph4/wheezy libgvc5/wheezy libpathplan4/wheezy libxdot4/wheezy : updated

comment:142 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 24.35 to 24.6

MySQL 5.5 security update:

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.35. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:

For the stable distribution (wheezy), these problems have been fixed in
version 5.5.35+dfsg-0+wheezy1.

For the unstable distribution (sid), these problems have been fixed in
version 5.5.35+dfsg-1.

We recommend that you upgrade your mysql-5.5 packages.

wiki:ParrotServer updates:

2014-01-23      chris
        *       libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated

wiki:PenguinServer updates:

2014-01-23      chris
        *       libmysqlclient-dev/wheezy libmysqlclient18/wheezy mysql-client-5.5/wheezy mysql-common/wheezy mysql-server-5.5/wheezy mysql-server-core-5.5/wheezy : updated

comment:143 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 24.6 to 24.85

denyhosts regression update:

A regression has been found on the denyhosts packages fixing
CVE-2013-6890. This regression could cause an attempted breakin attempt
to be missed by denyhosts, which would then fail to enforce a ban.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.6-7+deb6u3.

For the stable distribution (wheezy), this problem has been fixed in
version 2.6-10+deb7u3.

For the testing (jessie) and unstable (sid) distribution, the package denyhosts
has been removed, and its users are encouraged to switch to an alternative like
fail2ban.

We recommend that you upgrade your denyhosts packages.

wiki:PenguinServer:

2014-01-23      chris
        *       denyhosts/wheezy : updated

wiki:ParrotServer:

2014-01-23      chris
        *       denyhosts/wheezy : updated

comment:144 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 24.85 to 25.1
  • Description modified (diff)

New MariaDB for wiki:PuffinServer:

2014-01-29      chris
        *       libmariadbclient-dev/wheezy libmariadbclient18/wheezy libmariadbd-dev/wheezy libmysqlclient18/wheezy mariadb-client-5.5/wheezy mariadb-client-core-5.5/wheezy mariadb-common/wheezy mariadb-server-5.5/wheezy mariadb-server-core-5.5/wheezy mysql-common/wheezy : updated

No announcement on the list yet regarding the reason for this update, see:

comment:145 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 25.1 to 25.35

Debian curl security update:

wiki:PuffinServer update:

2014-01-31      chris
        *       curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy libcurl4-openssl-dev/wheezy : updated

wiki:PenguinServer update:

2014-01-31      chris
        *       libcurl3-gnutls/wheezy : updated

wiki:ParrotServer:

2014-01-31      chris
        *       curl/wheezy libcurl3/wheezy libcurl3-gnutls/wheezy : updated

comment:146 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 25.35 to 25.6

Debian libyaml security update.

wiki:PenguinServer:

14-02-01      chris
       *       libyaml-0-2/wheezy : updated
Last edited 3 years ago by chris (previous) (diff)

comment:147 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 25.6 to 25.85

No announcement on the list for these updates yet

wiki:ParrotServer updates:

2014-02-08      chris
        *       apache2-mpm-itk/wheezy apache2-utils/wheezy apache2.2-bin/wheezy apache2.2-common/wheezy base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dev/wheezy libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy wget/wheezy : updated

wikiPenguinServer updates:

2014-02-08      chris
        *       base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dev/wheezy libssl1.0.0/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy wget/wheezy : updated

wiki:PuffinServer:

2014-02-08      chris
        *       base-files/wheezy libc-bin/wheezy libc-dev-bin/wheezy libc6/wheezy libc6-dbg/wheezy libc6-dev/wheezy libssl-dev/wheezy libssl-doc/wheezy libssl1.0.0/wheezy libupsclient1/wheezy linux-libc-dev/wheezy locales/wheezy multiarch-support/wheezy openssl/wheezy tzdata/wheezy tzdata-java/wheezy wget/wheezy whois/wheezy : updated

comment:148 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 25.85 to 26.1

wiki:PuffinServer sent me this email:

/usr/sbin/metche: line 196: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory                        

So I ran:

aptitude install locales-all

And I edited /etc/locale.gen and uncommented these lines:

en_GB.UTF-8 UTF-8
en_US.UTF-8 UTF-8

And ran:

locale-gen

And I edited /etc/default/locale to:

LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=en_US.UTF-8

Hopefully this will have solved this issue.

comment:149 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 26.1 to 26.35

Debian security update libyaml regression update, wiki:PenguinServer:

2014-02-12      chris
        *       libyaml-0-2/wheezy : updated

comment:150 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 26.35 to 26.6

Debian file security update wiki:ParrotServer:

2014-02-16      chris
        *       file/wheezy libmagic1/wheezy : updated

wiki:PenguinServer:

2014-02-16      chris
        *       file/wheezy libmagic1/wheezy : updated

wiki:PuffinServer:

2014-02-16      chris
        *       file/wheezy libmagic1/wheezy python-magic/wheezy : updated

comment:151 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 26.6 to 26.85

wiki:PuffinServer update:

2014-02-20      chris
        *       libpq5/wheezy : updated

comment:152 Changed 3 years ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 26.85 to 27.1

gnutls26 security update, wiki:ParrotServer update:

014-02-22      chris
        *       libgnutls26/wheezy : updated

wiki:PuffinServer:

014-02-22      chris
        *       libgnutls-dev/wheezy libgnutls-openssl27/wheezy libgnutls26/wheezy libgnutlsxx27/wheezy : updated

wiki:PenguinServer:

2014-02-22      chris
        *           libgnutls26/wheezy : updated

comment:153 follow-up: ↓ 155 Changed 3 years ago by jim

Hi Chris: do you know a way I can stop being updated about this ticket? I'm not in the CC list, but have replied in the past here so that might be it...

I don't want to be removed from Trac or notifications, just those for this ticket!

comment:154 Changed 3 years ago by chris

  • Status changed from accepted to assigned

comment:155 in reply to: ↑ 153 Changed 3 years ago by chris

Replying to jim:

Hi Chris: do you know a way I can stop being updated about this ticket? I'm not in the CC list, but have replied in the past here so that might be it...

I don't want to be removed from Trac or notifications, just those for this ticket!

According to this http://dev.piwik.org/trac/ticket/3362 there isn't a way, so I'll close this ticket and open a new one for debian updates next time there are some.

comment:156 Changed 3 years ago by jim

Ah, that's a minor bummer...

OK, thanks for the migration! Probably nice to have a new one for 2014 anyway ;-)

comment:157 Changed 3 years ago by chris

  • Status changed from assigned to closed
  • Resolution set to fixed

This ticket was superseded by ticket:692 on 2014-02-25.

Note: See TracTickets for help on using tickets.