Hello,
I have just backported the php-redis (php5-redis) 2.2.5-1~bpo70+1 package for Debian Wheezy. Thanks to the ftp-masters for their quick ACCEPT :)
Now you can install and use the redis PHP extension from the offical repositories, see:
Instructions: http://backports.debian.org/Instructions/
Package: https://packages.debian.org/wheezy-backports/php5-redis
Hi,
geoip version 1.6.2-2 and geoip-database version 20141027-1 are now available in Debian unstable/sid, with some news of more free databases available :)
geoip changes:
* Add patch for geoip-csv-to-dat to add support for building GeoIP city DB.
Many thanks to Andrew Moise for contributing!
* Add and install geoip-generator-asn, which is able to build the ASN DB. It
is a modified version from the original geoip-generator. Much thanks for
contributing also to Aaron Gibson!
* Bump Standards-Version to 3.9.6 (no changes required).
geoip-database changes:
* New upstream release.
* Add new databases GeoLite city and GeoLite ASN to the new package
geoip-database-extra. Also bump build depends on geoip to 1.6.2-2.
* Switch to xz compression for the orig tarball.
So much thanks to both contributors!
Hello,
I have decided to create fixed bash packages for Debian Lenny. I have applied the upstream patchsets from from 052 until 057, so some other issues are also addressed in it. :-)
And here they are:
Source .dsc: http://misc.linux-dev.org/bash_shellshock/bash_3.2-4.1.dsc
amd64 package: http://misc.linux-dev.org/bash_shellshock/bash_3.2-4.1_amd64.deb
i386 package: http://misc.linux-dev.org/bash_shellshock/bash_3.2-4.1_i386.deb
Much fun with it!
Hi,
I have created a backport of the otrs package for Wheezy backports and it has been just accepted.
So much fun with otrs2/3.2.11-1~bpo70+1 and have a look here for backport installation instructions!
I have just uploaded the monthly update of geoip-database to Debian unstable and squeeze-backports, unblock request already filled.
I also uploaded otrs2 in the new version 3.2.1+dfsg1-1, which is also “fixing” bug #690306, “fixing” because the upgrade will abort with a list of MySQL tables where the administrator has to fix ether the engine from MyISAM to InnoDB (or the other way, as he want to) and by fxing the default engine of his MySQL database server. Ugly issue, ugly hack, but there is no better solution..
Full changelog of otrs Debian packaging:
* New upstream release.
- Add new dependency libyaml-libyaml-perl.
- Refresh patch 03-postmaster.
- Refresh patch 05-opt.
- Refresh patch 13-dont-chown-links.
- Refresh patch 16-disable-DashboardProductNotify.
- Refresh patch 19-fix-SetPermissions-to-include-some-more-dirs.
- Rewrite patch 25-use-locale-country, since all_country_names() does not
accept arguments.
- Refresh patch 26-font-paths.
- Rewrite patch 04-backup.
- Rewrite patch 15-usable-apache-config.
- Rewrite patch 21-use-debian-libjs-packages.
- Rewrite patch 23-load-debian-libjs.
- Remove old database schemas and add new 3.2 ones.
* Monitor all releases again.
* Drop patch 24-default-myisam and check with the new otrs.CheckDB.pl script,
if the available tables and the used storage engine are equal. If it is not
the case the installation should abort, so that the administrator can fix
his MySQL server or the already created tables.
Closes: #690306
* Remove deprecated packaging notes from README.Debian.
* Remove deprecated NEWS file from packaging.
* Remove deprecated files from otrs2.examples.
* Solve duplicate-changelog-files by not installing the CHANGES file.
* Remove some more deprecated files from otrs2.docs.
* Add lintian override for empty-binary package otrs.
* Remove some old permission fixes from debian/rules.
* Add upstream patch 01-innodb-fk-error to fix some foreign key errors if the
tables are created with InnoDB.
We still have got some more or less webapplications which are not compatible with PHP higher than version 5.2.x, which is the only blocker for the last Lenny servers to upgrade them to Squeeze.. I do not think that I am alone with this ****** topic :)
So the new “masterplan” is to deploy those applications on seperated Wheezy servers, with PHP 5.2.x running as FastCGI, so that most parts of the system are “security supported”.
First; I didn’t documented my steps and I am not 100% done (something like 99%) but I have done the following to have it “as clean as possible”:
PHP 5.2.x is just not able to detect the new multiarch paths, it fails at most “dir” options. Since patching the whole build system would be *too* much work I decided to hack around this (ln -s /usr/lib/x86…./foo.so /usr/lib/), then some adjustions to the build dependencies, disablieng some modules, like SSL and libdb (incompatible versions), disabling merged patches and refresh the suhosin hardening patch; I get an working PHP 5.2.17 package on Wheezy.
But this is too easy!
I want packages which I could co-install with the PHP 5.4 packages from Wheezy, 5.2 should only used withing vHosts where I have enabled them..
So I rewrote the whole packaging (*burg* IMHO at all) to use “php52” instead of “php5” as packaging namespace and also everything is put into “/opt” as prefix. Much painfull work, but yeah it works.. :)
Some packages, like php52-dev or php-pear are broken, but those were not my goal of this action.
If someone is interested in those packages please send me an email.
Since PHP 5.2 is not supported any longer (and that this is at all a big hack) I will not publish the source and binaries at all.
Hi,
I am interested in your opionions! If you would setup today an new server for a (business) project, would you use Debian Squeeze or Wheezy?
Personal – and already in most business cases – we have decided for Wheezy, because the pros are:
The cons:
What is your (business) opionion about it?
Heyho,
I have just uploaded otrs2 version 3.1.12+dfsg1-1 to Debian experimental yesterday! It includes many bugfixes, for a full list have a look at [0].
I also would welcome help for two important tasks:
#690306: Upgrade to Wheezy fails, if InnoDB is used in (some) tables
#695664: Embedded JavaScript code copies. As usual problematic with a package which is as big as otrs..
I also will backport otrs 3.1.x to Wheezy backports, if it is released. After this step, work on the 3.2.x packaging will begin.
[0]: otrs changelog
glusterfs
3.3.1 has been released with a bunch of bugfixes, yeah! 3.3.1-1 is uploaded to experimental.
geoip-database
As usual the monthly database update, already migrated to Wheezy from Sid.
otrs2
Today 3.1.11 has been released with a few bugfixes and one security fix for a XSS vulnerability on viewing special prepared HTML e-mails, which leads to that the browser executes JavaScript code (as described in CVE-2012-4751 and OTRS security announcement OSA-2012-03).
otrs2 3.1.11+dfsg1-1 is just accepted in experimental and I also backported the patch to the Wheezy version with 3.1.7+dfsg1-6.
If you want to add some rules to your Apache based on the clients country, mod_geoip is perfect for it.
Installation
On Squeeze following is enough: # apt-get install libapache2-mod-geoip geoip-database/squeeze-backports
Note that you should use the geoip-database version from squeeze-backports to have got the most up to date database version, I am updating it every month.
Configuration
You can add the rules to your VirtualHost, Directory, Location directives and also to your apache2.conf (“serverwide”). So you are flexible with where to use it.
Blocking countries
On some servers I have got more than 90 percent of spam requests only from three countries, so I blocked them with:
<DirectoryMatch “^/var/www/.*/html”>
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
Deny from env=BlockCountry
</DirectoryMatch>
Allow only specific countries
In the other way you also can allow specific countries to have got access to your website, this also may be a good idea for extranets, where you know from where your customers are:
<Directory “/var/www/my.site.com/html/login”>
SetEnvIf GEOIP_COUNTRY_CODE DE AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CH AllowCountry
Deny from all
Allow from env=AllowCountry
</Directory>
Very easy!
Rewrite Rules
You can also use it for mod_rewrite. Within a project, customers from CN and TW should be redirected to the chinese page:
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CN|TW)$
RewriteRule ^(.*)$ http://some.example.cn/site.php [L]
mod_geoip with proxy frontends
Normaly mod_geoip works behinds load balancers and proxy servers, since it also take care of the HTTP_X_FORWARDED_FOR header.
But with haproxy it looks problematic, since it does not add the HTTP_X_FORWARDED_FOR header to KeepAlive’d requests :( Disabling KeepAlive is a bad idea on this cluster, so we decided to also use php5-geoip in our application, so everything is working nice now..
What mod_geoip is NOT is
mod_geoip helps you to block/allow specific countries, but it does not protect you from them.
Also keep in mind that the database is only ~ 99,8% accurate, so you may have got false positives/negatives. If you only allow german users, a german IP could be listed as russian.
This is much more problematic with mobile/satellite connections and surely you can also not access your page, if you are on vacation in another country. ;)