The PHP Group released PHP 5.2.8 this morning to fix the magic_quotes_gpc issue.
If you previously installed PHP 5.2.7-0.dotdeb.1 from Dotdeb and do not care about the version number displayed in your phpinfo(), save your bandwidth, your server is already secure ๐ Otherwise, just apt-get upgrade your LAMPย stack…
[update] The packages have been upgraded toย 5.2.8-0.dotdeb.1ย to fix an issue about pcre & utf8.
phpBuddy
You are really fast, very good, thank you!
Christopher
big thx for this next great release
badlllama
It seems unicode support is turned off in the pcre build. I use Zend Lucene and am getting an Utf8Num analyzer needs PCRE unicode support to be enabled.
Is there any easy way to correct this?
acid
Same preg_replace + utf8 problem here ๐
Guillaume Plessis
@badlllama @acid : Did it happen with previous packages from Dotdeb? Which version did work for you?
acid
Guillaume Plessis, everything worked fine till this release
badlllama
@Guillaume It worked up until this upgrade.
AgentM
Also have the same issue with preg_* and utf8. Worked fine until the latest release. Same problem as: http://bugs.php.net/bug.php?id=46800
I verified that preg_*/utf8 works fine in dotdeb PHP 5.2.6-0, and does not work in 5.2.8-0.
Testing using:
$test = preg_match(‘/[\pL]+/ui’, ‘abc’);
var_dump($test);
code46
Hello,
it shows that pcre unicode support is turned off, it was working fine before build 5.2.7,
any thoughts how to solve this?
thanks
Guillaume Plessis
I’m working on it, I just have some problem to reproduce the bug. I will provide updated packages this week-end.
acid
@Guillaume, thanks a lot!
Guillaume Plessis
the new 5.2.8-0.dotdeb.1 packages should fix the issue. Please upgrade!
AgentM
Thanks a bunch! I upgraded and everything works fine now. I know I speak for everyone when I say we really appreciate it.
code46
great job, works perfectly, we really appreciate it. Thanks a lot!
Marco
Since the upgrade (and the upgrade to the upgrade) I get segfaults with xcache enabled. It might be me behind the wheel that’s the problem, but it worked before the upgrades…. I need some handholding to debug further.
Guillaume Plessis
Are you using PHP extensions that does not come from Dotdeb, such as Zend Optimizer?
Which extensions did you install?
Could you please provide a phpinfo() or some more debugging info (strace…)
Marco
phpinfo here: http://kioskkiosk.com/di.php
although note that right now I set xcache sizes to 0 to disable xcache (and it doesn’t segfault when disabled)….
The installed extensions:
dpkg-query -l php*|grep ii
ii php5-cgi 5.2.8-0.dotdeb.1 server-side, HTML-embedded scripting languag
ii php5-cli 5.2.8-0.dotdeb.1 command-line interpreter for the php5 script
ii php5-common 5.2.8-0.dotdeb.1 Common files for packages built from the php
ii php5-curl 5.2.8-0.dotdeb.1 CURL module for php5
ii php5-dev 5.2.8-0.dotdeb.1 Files for PHP5 module development
ii php5-gd 5.2.8-0.dotdeb.1 GD module for php5
ii php5-imap 5.2.8-0.dotdeb.1 IMAP module for php5
ii php5-mcrypt 5.2.8-0.dotdeb.1 MCrypt module for php5
ii php5-mhash 5.2.8-0.dotdeb.1 MHASH module for php5
ii php5-mysql 5.2.8-0.dotdeb.1 MySQL module for php5
ii php5-pear 5.1.4-1.dotdeb.3 PEAR – PHP Extension and Application Reposit
ii php5-xcache 5.2.8-0.dotdeb.1 xcache module for php5
Mathijs
I Have a problem setting the mbstring.func_overload value.
It doesn’t work by setting it within the apache virtualhost config anymore. Is this a problem of dotdeb’s version?
Thx
Alex
I just updated and realised that the mail() function adds the X-PHP-Script header to emails.
As discussed in http://www.hardened-php.net/advisory_142006.139.html it’s a security vunerability.
Will this be fixed sometime?
Guillaume Plessis
@Alex : This security issue has been fixed in november 2006, more than two years ago. The feature is still present, but is secure.
Anyway, if you prefer to avoid the X-PHP-Script header added with the mail() function, set mail_extra_headers to Off in your php.ini.
Pierre
Hello,
nice job, but can you make a package for phar extension of php.
Thx
Alex
@Guillaume Thanks!
Viktor
Hello,
I can not start eAccelerator 0.9.5.3.
I have rebuild it but this is not work.
Kind regards
Viktor
Guillaume Plessis
@Pierre : Phar will be available by default in my PHP >=5.3.0 packages. Waiting this, you can package phar using this tutorial : http://www.dotdeb.org/2008/09/25/how-to-package-php-extensions-by-yourself/
@Viktor : please ensure that eAccelerator os full compatible with PHP 5.2.8 and package it with this method : http://www.dotdeb.org/2008/09/25/how-to-package-php-extensions-by-yourself/
All should work fine.
George
PHP5.2.8.0 is broken for Debian Etch 4.0:
The following packages have unmet dependencies.
php5: Depends: libapache2-mod-php5 (>= 5.2.8-0.dotdeb.2) but it is not going to be installed or
libapache2-mod-php5filter (>= 5.2.8-0.dotdeb.2) but it is not going to be installed or
php5-cgi (>= 5.2.8-0.dotdeb.2) but it is not going to be installed
Depends: php5-common (>= 5.2.8-0.dotdeb.2) but it is not going to be installed
E: Broken packages
Guillaume Plessis
@George : as Lenny is now stable and Etch oldstable, please update your sources.list :
deb http://packages.dotdeb.org oldstable all
Guillaume Plessis
@George : Sorry, there is another problem with the Lenny PECL packages. I’ll fix it in a few minutes by uploading new packages. Sorry for this mess.
Carsten
I added your sources to my sources.list file (have currently etch with php-5.2.0-8″) and performed apt-get update and apt-get upgrade, but php was not updated, but have been kept back:
host:~# apt-get upgrade
Reading package lists… Done
Building dependency tree… Done
The following packages have been kept back:
libapache2-mod-php5 mysql-server php5 php5-cli php5-common php5-curl php5-gd php5-imap php5-mcrypt php5-mysql
php5-sqlite php5-xsl
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
Does anybody have an idea how to solve this issue? If I type “apt-get install php5”, he says that dependencies could not be met:
The following packages have unmet dependencies:
php5: Depends: libapache2-mod-php5 (>= 5.2.8-0.dotdeb.2) but 5.2.0-8+etch13 is to be installed or
libapache2-mod-php5filter (>= 5.2.8-0.dotdeb.2) but it is not going to be installed or
php5-cgi (>= 5.2.8-0.dotdeb.2) but it is not going to be installed
Depends: php5-common (>= 5.2.8-0.dotdeb.2) but 5.2.0-8+etch13 is to be installed
E: Broken packages
Guillaume Plessis
@Carsten :
Etch = oldstable , Lenny = stable
Please take care about the Dotdeb sources.list entry. If you’re using Etch, it should be :
deb http://packages.dotdeb.org oldstable all
I’ll post a note about the Etch/Lenny switch very soon.
Carsten
Forget my last post. Of course, I have to add the sources with “etch” and not stable after Feb, 14th ๐
Now everything worked perfectly. Thanks!
Alessandro
What about php 5.2.9, with all the security fixes? ๐
Guillaume Plessis
@Allessandro : PHP 5.2.9 will be packaged as soon as the suhosin patch is available : http://www.hardened-php.net/suhosin/download.html
dd
you should add also apache2-mpm-itk to the dependences as alternative for apache2-mpm-prefork.
Mario
Hi Guillaume,
unfortunately, the PHP 5.2.8-2 PHP-Pear Package does not work on ubuntu 8.0.4 – server. The pear command just downloads the tgz file, but does not initialize the installation process. Same thing for pecl.
Can somebody double-check this? The original ubuntu 8.0.4 PHP 5.2.4 packs are working fine.
Regards!
Mario
schpinn
Suhosin patch for PHP 5.2.9 is available :)..
Thomas R. Bailey
Upgrade php5-dev to 5.2.8
then make clean, ./configure make install
๐
Guillaume Plessis
@dd : apache2-mpm-itk is an alternative dependency to apache2-mpm-prefork in the PHP5 Dotdeb packages. No problem.
Guillaume Plessis
@Mario : Dotdeb is built for Debian Etch or Lenny. Ubuntu is not officially supported. Sorry.
Guillaume Plessis
@schpinn : I was skiing for the last few days, sorry for the delay ๐ PHP 5.2.9 will be available on Dotdeb in the next few hours…
schpinn
@Guillaume: Excellent, thanks, no problem for the delay.. Hope you had a nice time skiing :)..
askmetoo
Help me pliase to resolve…
Thanks …
apt-get -f install
dpkg –configure -a
apt-get update
apt-get install
apt-get upgrade
apt-get dist-upgrade
apt-get -f install
apt-get autoclean
apt-get clean
apt-get upgrade
Reading package lists… Done
Building dependency tree… Done
The following packages have been kept back:
libapache2-mod-php5 libmysqlclient16 mysql-client-5.1 mysql-server-5.1
php-pear php5 php5-cgi php5-cli php5-common php5-curl php5-gd php5-mysql
0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
Guillaume Plessis
@askmetoo : as written in my post about Lenny, take care of the Dotdeb entries in your sources.list :
It should refer to stable or lenny if you want to make the switch and take benefits from the brand new Debian distribution :
deb http://your.mirror/ stable all
deb-src http://your.mirror/ stable all
It should refer to oldstable or etch if you want to stick to the good old Etch and to take your time to upgrade.
deb http://your.mirror/ oldstable all
deb-src http://your.mirror/ oldstable all
askmetoo
I am use Debian 4 (not lenny)
Thanks, Now all fine!
Cesco
I have PHP 5.2.4-2ubuntu5.7 with Suhosin-Patch 0.9.6.2 (cli) on Ubuntu 8.04.2, is it possible to add dotdeb repo and upgrade PHP5 ?
I need to install x-php-script mail patch …
Can i try other solution ?
Thank you!
Tixik.com
PHP 5.2.8 with xcache 1.2.1 does not work – after 2 or 3 days it ends up with segmentation fault and serve reboot is needed. What a shame – speed improvement is really huge on high load machines…
Guillaume Plessis
@Tixik.com : please consider upgrading to PHP 5.2.14 or PHP 5.3.3. 5.2.8 suffers from some bugs and security issues.