Categories
PHP

PHP 5.4.1

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.4.1:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.

Key enhancements in PHP 5.4.1 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :

  • php5-xcache is now available in its 2.0 version,
  • the Suhosin patch is still absent from this build.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

33 replies on “PHP 5.4.1”

I have warning when switching from 5.3 to php5.4 :

PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib/php5/20100525/suhosin.so’ – /usr/lib/php5/20100525/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0

thx for your work 😉
i menaged to update php 5.3 to 5.4

but now i have problem after uninstalled php5-mysql and installed mysqlnd

when i want to install phpmyadmin it wants me to remove php5-mysqlnd and install php5-mysql
how i can fix that 😛

@Guillaume

When do you think we’ll be able to get PHP 5.4 using “deb http://packages.dotdeb.org squeeze all” instead of a separate source “squeeze-php54 all”?

PHP 5.4.1 seems to be stable enough now to move it to the main branch.

@Jason : merging PHP 5.4 into the main repo won’t happen before PHP 5.3 end of life, you can consider squeeze-php54 as a reference. The fact is that many applications are not PHP 5.4 ready. Considering it as default version would break a lot of things.

By Post Author

How long to 5.4.2? Fixes a sec issue where one could get the source code of any PHP file if the server works with PHP as CGI.

When I try to install php-apc it finds unmet dependencies and suggest me to downgrade to PHP 5.3 :

#aptitude install php-apc
The following NEW packages will be installed:
php-apc{b}
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
The following packages have unmet dependencies:
php-apc: Depends: phpapi-20090626+lfs which is a virtual package.
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) php-apc [Not Installed]

thank you Guillaume! 🙂

I there anyway to install apache 2.4 ?
I have latest Debian Squeeze, and when trying:
#aptitude -t experimental install apache2
apache2-data: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
apache2: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
apache2-bin: Depends: libaprutil1 (>= 1.4.0) but 1.3.9+dfsg-5 is installed.
Depends: libpcre3 (>= 8.10) but 8.02-1.1 is installed.
Depends: libssl1.0.0 (>= 1.0.1) which is a virtual package.

(I had to install apache 2.2 at the moment to setup my new server)

@Rodriguo : yep, I thought I could release PHP 5.4.4 packages along with the PHP 5.3.14 packages, with updated libmemcached dependencies. I’ll fix it in a few minutes. Sorry for the mess.

By Post Author

I looked back through the responses and I was referencing to the issue with phpMyAdmin not installing correctly because of the missing addons php5-mysql and php5-mysqli. I download the latest from them and am currently working on getting it setup to see if it works or not. If it doesn’t then I am going roll back my environment to php53.

@jlwester : did you install the php5-mysql or the php5-mysqlnd package from Dotdeb and did you check that the appropriate “extension=….so” lines are present in the /etc/php5/conf.d/*.ini files?

By Post Author

I get the following:

sudo apt-get install php5-mysql
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
php5-mysql : Depends: libmysqlclient16 (>= 5.1.21-1) but it is not installable
E: Unable to correct problems, you have held broken packages.

@jlwestr : are you sure you have the right sources.list and that you ran “apt-get update”? None of the packages from Dotdeb depends on libmysqlclient16 (>= 5.1.21-1)

By Post Author

I’m having the same issue with php5-mysql
In the Packages file on dotdeb php54, I can see

Package: php5-mysql
Source: php5
Version: 5.4.5-1~dotdeb.0
Architecture: amd64
Maintainer: Guillaume Plessis
Installed-Size: 260
Pre-Depends: dpkg (>= 1.15.7.2~)
Depends: libc6 (>= 2.4), libmysqlclient16 (>= 5.1.21-1), phpapi-20100525, php5-common (= 5.4.5-1~dotdeb.0), ucf

but I cannot find libmysqlclient16

Any idea?

Thx!

@Raphaël : if libmysqlclient16 is missing from your distribution, it means that you’re not using Debian stable, aka Squeeze. Dotdeb is only built for it. It should work on others distress, but with no additional support.

I suggest you to install php5-mysqlnd instead of php5-mysql

By Post Author

Indeed, it’s Ubuntu 12.04.1
I wanted to install phpmyadmin that requires php5-mysql that conflicts with php5-mysqlnd, so, I will install phpmyadmin manually and use php5-mysqlnd 🙂

Thx.

Comments are closed.