PHP 5.3.2 is available too!

March 8th, 2010 | by Guillaume Plessis |

A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

(…)

It is now available on Dotdeb (still on a separate repository) with the following changes :

  • id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
  • the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
  • php5-fpm is now an alternative dependency og the php5 meta-package

As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.

[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.

Tags: , ,

  1. 37 Responses to “PHP 5.3.2 is available too!”

  2. By Hans van Eijsden on Mar 8, 2010 | Reply

    Super, thanks!

  3. By James on Mar 8, 2010 | Reply

    Here’s a guide on how to install on ubuntu karmic koala

    http://blog.jmoz.co.uk/post/435401471/install-php-5-3-from-packages-on-ubuntu-karmic-koala

  4. By Daniel Hahler on Mar 9, 2010 | Reply

    Attention: with a dbhost without any port, it will now result in a connection refused error:
    Connection refused (trying to connect via tcp://10.122.42.42:0)

    I have “mysql.default_port = ” in the ini file, which is the default (I assume), and it defaulted to 3306 then previously (5.3.1 from dotdeb), but not anymore.

  5. By Daniel Hahler on Mar 9, 2010 | Reply

    Reported at: http://bugs.php.net/bug.php?id=51242

  6. By JC on Mar 9, 2010 | Reply

    Hi there,

    I just upgrade from your 5.3.1 to 5.3.2, but I can not use the mysql extension, it’s loaded, but if I use it, it fails to connect, with mysqli it works…

    mysql_connect failed with a “Connection refused” error… going back to 5.3.1 and it works!

    I’ve a forum that doesn’t support mysqli… snif

    thanks

  7. By JC on Mar 9, 2010 | Reply

    hi again,

    it seem that forcing host to ‘host:port’ resolved the problem… PHP seems to not use correctly the default port (which is not setted too!)

    thanks again for your work!

  8. By Daniel Hahler on Mar 9, 2010 | Reply

    This appears to be related to the dotdeb packages, but not upstream (according to TML on ##php).
    Maybe the suhosin patch causes this?

  9. By Carlos André Ferrari on Mar 9, 2010 | Reply

    The problem of the mysql I solved changing the host from ’127.0.0.1′ to ‘localhost’.. ;)

  10. By Daniel Hahler on Mar 9, 2010 | Reply

    Carlos: yes, it’ll use UNIX sockets then, but it’s not possible to workaround like this when MySQL is on another host. But explicitly adding the port number fixes it.

  11. By Daniel Hahler on Mar 9, 2010 | Reply

    re: php5-xcache: I’m getting “xcache_set(): xcache.var_size is either 0 or too small to enable var data caching” warnings, although it’s set to “16M” and governed by this check: “ini_get(‘xcache.var_size’) > 0″
    The same with xcache_get().

  12. By Chris on Mar 9, 2010 | Reply

    Well, I’d like to have the GeoIP extension back, since I’m using it with several installations, and new installs are broken:

    # apt-get install php5-geoip
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    php5-geoip: Depends: phpapi-20060613+lfs
    E: Broken packages

  13. By Guillaume Plessis on Mar 9, 2010 | Reply

    @all : I’m building now updated PHP 5.3.2 packages that fix the MySQL connection issue ( http://bugs.php.net/51242 ). This is a MySQL native driver (not Dotdeb-specific) issue. That’s just a shame that it has not been spotted before (are only Dotdeb users using mysqlnd?).
    BTW, thanks for your feedbacks.

    @Chris : geoip will be back soon

  14. By Guillaume Plessis on Mar 9, 2010 | Reply

    @Daniel Hahler : just set xcache.var_size to an appropriate value in /etc/php5/conf.d/xcache.ini

  15. By Daniel Hahler on Mar 9, 2010 | Reply

    @Guillaume: yes, really odd that nobody else has noticed the bug before. Patch is at: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c?r1=295982&r2=295981&pathrev=295982

    re: php5-xcache: I’ve said already that xcache.var_size had been set to “16M” (which should be enough). Oddly, after a restart this error appears to have gone – although it showed up as 16M in the phpinfo output already.

  16. By Guillaume Plessis on Mar 9, 2010 | Reply

    PHP 5.3.2 packages have been updated to fix the MySQL connection issue. php5-geoip is back online.

  17. By Chris on Mar 9, 2010 | Reply

    Great, GeoIP is installable again with the newest package, thanks!

  18. By Mike on Mar 9, 2010 | Reply

    Maybe this is not the right place to ask but currently I use the packages from debian php5.2.6

    If I upgrade using dotdeb what will happen to all my own compiled extensions?

    Do I need to compile/add these again to php.ini?
    Sorry if I am asking about the obvious but I am quite new at this and got everything to work with trial and error.

  19. By Guillaume Plessis on Mar 9, 2010 | Reply

    @Mike : the Zend API changed between PHP 5.2 and PHP 5.3, then you’ll have to recompile your extensions :

    apt-get install php5-dev build-essential
    phpize
    ./configure
    make
    make install

  20. By Casper Langemeijer (Procurios) on Mar 11, 2010 | Reply

    Hi Guillaume! We are using the mailparse extension, but I don’t mind building it ourselves. (We are doing that for quite a number of other pecl packages too)

  21. By WebGoddess on Mar 15, 2010 | Reply

    Thank you for posting this, daylight savings was completely busted in 5.3.1 so PHP was an hour off for me until I updated to 5.3.2.

  22. By Daniel Hahler on Mar 16, 2010 | Reply

    Can you please build the packages using “–enable-pcntl”, so “pcntl_fork” etc is available?
    Thanks.

  23. By Guillaume Plessis on Mar 16, 2010 | Reply

    @Daniel Hahler : the php5-cli is built with pcntl. It makes no real sense to build it in the other flavours (apache, cgi…)

  24. By Daniel Hahler on Mar 17, 2010 | Reply

    I think pcntl makes sense in general: you can fork off child processes and even trigger daemon mode (see e.g. http://php.net/manual/en/function.pcntl-fork.php#94338). That’s what I was trying: let the script do processing after the page has been sent to the user (and the connection is closed already).
    Sure, there are other means to implement something like this, but this appears to be the most straightforward one.
    Apart from that, forking alone is useful enough.
    Please consider adding it to the other flavours, too.

  25. By Steuf on Mar 17, 2010 | Reply

    I a found bug width function imagettfbbox :

    Reported here : http://bugs.php.net/bug.php?id=51315

    Anyone have this issue ?

  26. By izmanromli on Mar 22, 2010 | Reply

    hi,

    i’m using jaunty and can’t install libapache2-mod-php5

    it always reported as fetch error ..

    any workaround?

    thx

  27. By Steuf on Mar 23, 2010 | Reply

    I a found the solution for bug width function imagettfbbox on 5.3.2, after 1 week for search the problem it’s caused by the GCC compiler.

    With GCC Version 4.3.2 the bug appear, I have recompile GD extention width GCC 4.1.2 and it have fixed the problem.

  28. By Sébastien Ballesté-Antich on Mar 26, 2010 | Reply

    One (some?) php-pear components I’m using with php-5.2.13 doesn’t works with php-5.3.2, Structures_DataGrid. Any idea ?

  29. By Leif on Mar 31, 2010 | Reply

    Hi. Is there any way to install PHP 5.3 and PHP 5.2 at the same time (CGI only)?

  30. By Guillaume Plessis on Mar 31, 2010 | Reply

    @Leif : No. The Debian dependencies prevent to do so.

  31. By Sébastien BAllesté-Antich on Mar 31, 2010 | Reply

    @Leif – I bookmarked this page a few day ago, it’s about php-farm and fastcgi, http://cweiske.de/tagebuch/Running%20Apache%20with%20a%20dozen%20PHP%20versions.htm

  32. By Nabeel on Apr 6, 2010 | Reply

    I’m having issues too, with php-fpm. Going back to 5.2.10 from the Ubuntu Karmic repo. Don’t have time to work on recompiling php-fpm, but there’s some weird bug in there which keeps timing it out.

  33. By Guillaume Plessis on Apr 6, 2010 | Reply

    @Nabeel : No problem. Please note that Dotdeb does not support Ubuntu. Make it work on non-pure Debian system might be tricky.

  34. By Shadow-Dragon on Apr 9, 2010 | Reply

    Hi, It is possible to fix this Bug? http://bugs.php.net/bug.php?id=51192

  35. By Shadow-Dragon on Apr 18, 2010 | Reply

    sry. i meant “Is it possible” not “It is”

  36. By Guillaume Plessis on Apr 18, 2010 | Reply

    @Shadow-Dragon: I’ll fix it in my next upload, in the next few days.

  37. By Shadow-Dragon on Apr 18, 2010 | Reply

    ok. Thx

  1. 1 Trackback(s)

  2. Mar 13, 2010: alex95: @semprom пусни си apt-get upgrade и пос.. - edno23.com

Post a Comment