On December 17th 2009, the PHP Group released PHP 5.2.12 :
The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
(Please read the full announcement for more details)
Dotdeb packages of PHP 5.2.12 are now (finally) available for Debian “Lenny” and “Etch”, amd64 and i386.
Upgrading your servers is strongly encouraged because of several security issue, especially a multipart/form-data DoS (CVE-2009-4017). Please set the max_file_uploads parameter carefully.
19 replies on “PHP 5.2.12 packages are here!”
I installed your PHP 5.3.1 packages. Unfortunately many scripts don’t work well with 5.3 (Drupal, Gallery2, etc).
How to downgrade to 5.2.12?
@canyonbreeze : First, you have to remove the php53.dotdeb.org entry from your sources.list.
Thenn you can fetch the PHP 5.2.12 manually from http://packages.dotdeb.org/
Hello,
serveur:/var/log# unset LANG ; apt-get install php5-http ; dpkg –list libevent1
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
php5-http: Depends: libevent-1.4-2 (>= 1.4.13-stable) but it is not installable
E: Broken packages
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-================================-================================-================================================================================
ii libevent1 1.3e-3 An asynchronous event notification library
Any chance to get a fix for this issue :
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/359062
Or at least an little explanation so somebody could handle it ? i don’t actually quite get what is going wrong.
Example of what i got :
$pecl install uploadprogress
downloading uploadprogress-1.0.1.tgz …
Starting to download uploadprogress-1.0.1.tgz (8,536 bytes)
…..done: 8,536 bytes
4 source files, building
running: phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
cp: ne peut évaluer `libtool.m4′: Aucun fichier ou dossier de ce type
cp: ne peut évaluer `ltmain.sh’: Aucun fichier ou dossier de ce type
cat: ./build/libtool.m4: Aucun fichier ou dossier de ce type
configure.in:8: warning: LT_AC_PROG_SED is m4_require’d but not m4_defun’d
aclocal.m4:2631: PHP_CONFIG_NICE is expanded from…
configure.in:8: the top level
configure.in:151: error: possibly undefined macro: AC_PROG_LIBTOOL
If this token and others are legitimate, please use m4_pattern_allow.
See the Autoconf documentation.
configure:2291: error: possibly undefined macro: LT_AC_PROG_SED
ERROR: `phpize’ failed
Otherwise everything works fine, just can’t compile any new extensions.
@Laurent Chardin : The problem is that libtool.m4 and ltmain.sh are not in the same location between libtool from Debian Lenny and libtool from Ubuntu :
Debian :
/usr/share/libtool/ltmain.sh
/usr/share/libtool/libtool.m4 or /usr/share/aclocal/libtool.m4
Ubuntu :
/usr/share/libtool/config/ltmain.sh
/usr/share/aclocal/libtool.m4
Perhaps you can solve this issue with symlinks
Thanks Guillaume,
Got it fixed with:
> adding symlinks
> concatenating some more files into libtool.m4
cd /usr/share/aclocal
cat lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4 >> libtool.m4)
(https://bugs.launchpad.net/ubuntu/+bug/262251)
Now it compiles without a glich. thanks
Hi,
Having trouble updating php5-imap on php5.2.12. Getting the following message: –
apt-get install php5=5.2.12-0.dotdeb.1 php5-imap
Reading package lists… Done
Building dependency tree
Reading state information… Done
php5 is already the newest version.
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies.
php5-imap: Depends: libc-client2007b but it is not installable
E: Broken packages
@Chris Gooding : Download and install this package manually
http://packages.debian.org/lenny/libc-client2007b
@Guillaume Plessis
Thanks, all sorted.
Is there somewhere an archive of dotdeb? I need php 5.2.6 for Etch and can’t find it. I have 5.2.0, which is to low and 5.2.12 seems to be to advanced (got a lot of errors in the code). The programmer says I need 5.2.6, any chance to get it here?
thx
Dros
@Mr.Dros : take a look at http://archives.dotdeb.org/
Bonjour 🙂
J’utilise depuis pas mal de temps dotdeb (sur Debian) : le dépot indispensable 🙂
Mais depuis la version 5.2.12, je tombe sur ce cas particulier : http://bugs.php.net/bug.php?id=49521
il existe un patch, mais hélàs il n’est pas sur le dépot…
Est-il possible qu’il y soit, ou du moins qu’elle solution me préconisez vous pour remédier à ce problème, le plus facilement possible
Merci d’avance 🙂
@Neo : Merci d’avoir fait remonter ce souci. Je le corrigerai dans les prochains paquets de PHP 5.2 et 5.3 (pas de date prévisionnelle).
@Guillaume : Merci 😉
Hi, will you release update debs for etch
php 5.2.13 ?
@Robert Schetterer : No, I won’t, it’s time to upgrade to Lenny.
I tried to run pecl install pecl_http and received
phpize libtool.m4 problems on Ubuntu 9.04
cannot stat ‘libtool.m4’ ….
libtool.m4 is a broken link under /usr/lib/php5/build . Therefore, I edited /usr/bin/phpize and made these 2 simple changes:
Change line:
FILES_BUILD=”mkdep.awk scan_makefile_in.awk shtool libtool.m4″
To:
FILES_BUILD=”mkdep.awk scan_makefile_in.awk shtool libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversi
on.m4″
and
Change line:
(cd “$builddir” && cat acinclude.m4 ./build/libtool.m4 > aclocal.m4)
To:
(cd “$builddir” && cat acinclude.m4 ./build/{libtool,lt~obsolete,ltoptions,ltsugar,ltversion}.m4 > aclocal
.m4)
then I ran
pecl install pecl_http
It works! Hallelujah!
Wait, I also changed the shell in /usr/bin/phpize
from
#!/bin/sh
to
#!/bin/bash
Generally I don’t read article on blogs, however I wish to say that
this write-up very pressured me to try and do so!
Your writing taste has been amazed me. Thanks, very nice post.