Posts tagged ‘backport’

Ruby Security Vulnerabilities 25 Jun 08

Some of you will have noticed the kerfuffle regarding the recent Ruby security vulnerabilities.  Fixed version of Ruby were released over the weekend but they are causing crashes in applications.  Until working fixes are available we’re all a bit stuck.

Details of the bugs have been kept officially secret but people are figuring it out for themselves (thanks to Zed in particular).  This secrecy has just contributed to the fear, uncertainty and doubt surrounding the issues and hasn’t helped the situation at all.

We currently recommend sitting tight until proper fixes are available.  When this happens, distros will release new packages in the usual manner.  Brightboxes are based on the Ubuntu distro and their security team are aware of the problem and are working on it (see the bug status here).

For those of you using the standard Ruby from Dapper (most of you) you should be able to just upgrade  using aptitude as soon as Ubuntu release new packages.  For those of you using the backported Ruby 1.8.6 packages, you’ll need to wait for us to backport the fixes once they’re released.  We’ll obviously be doing this asap.

We’ll update the blog as we know more.

UPDATE: Ubuntu have fixed ruby1.8 packages available now. They have already appeared in the Ubuntu security repository and are available for install.  Preliminary testing of the Dapper packages has been successful (gems with native libraries too).  We’re re-backporting the Hardy 1.8.6 packages right now and they’ll be available soon.

UPDATE: We have the fixed Hardy packages (1.8.6-p111) backported to Dapper available on the Brightbox testing apt repository.  They’ve passed a lot of preliminary tests but have not been tested extensively in production yet.  Please report any problems  with them (segfaults etc.) to support@brightbox.co.uk.

Posted 25 June 2008 by John Leach ::: add comment

NGINX 0.6 for Ubuntu Dapper 11 Apr 08

We’ve backported NGINX 0.6.29 packages from Debian experimental to Ubuntu Dapper and included the fair proxy balancer module.

It’s in our testing repository at the moment so give it a whirl (it will of course install on any Ubuntu Dapper box, not just Brightboxes).  We have a page on the Brightbox wiki on how to configure NGINX for your Brightbox apps too (which can easily be adjusted to any NGINX install really).

If you’re playing with any of this beta stuff (like these packages or the Brightbox gem) and have feedback or need help, feel free to discuss it on the Brightbox-beta Google group that i just set up.

Posted 11 April 2008 by John Leach ::: add comment

Ruby 1.8.6 and ImageMagick 6.3 for Ubuntu 6.06 Dapper 20 Mar 08

We’ve backported some packages useful for Ruby on Rails deployment to the long term support Ubuntu Dapper distro.  They’ve been available for a while but it only just ocurred to us this might be useful to others!

Dapper has Ruby 1.8.4 (though labelled as 1.8.2 in the package list) and ImageMagick 6.2.  Ruby 1.8.4 has some known problems that are fixed in 1.8.6 and the rmagick gem recently updated to version 2, reportedly fixing the memory leaks, but it requires ImageMagick 6.3.

We backported Ruby 1.8.6 p111 and ImageMagick 6.3 from the latest development version of Ubuntu (Hardy Heron) to Dapper.  They’ve been in use on a few boxes and no problems so far.  Feel free to make use of them.  We’ll be backporting any security updates as they come.

General details of the repository are here, with specific information about Ruby 1.8.6 and ImageMagick 6.3 on their own pages.

Ubuntu Hardy Heron is due out in the next few month, which brings a lot of this stuff with it.  Some of you might have the luxury of being able to upgrade to it, but some may need to stick with Dapper for a while - hopefully these packages will help you out.

Posted 20 March 2008 by John Leach ::: add comment