Categories
PHP

PHP 5.2.13 is available

A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)

(…)

On the Dotdeb side

As usual, please read the release announcement and the full Changelog before upgrading.

27 replies on “PHP 5.2.13 is available”

Hello Guillaume,

Actually, we do use the ffmpeg AND spplus extensions on our prod servers… Those don’t have any support for compiling, thus the presence of your extensions in your repository was very pleasant 🙂

Best regards,
Arnaud.

php5-5.2.13 does not build from source:

root@DIB097 /usr/local/src/php5-5.2.13>dpkg-buildpackage
dpkg-buildpackage: set CFLAGS to default value: -g -O2
dpkg-buildpackage: set CPPFLAGS to default value:
dpkg-buildpackage: set LDFLAGS to default value:
dpkg-buildpackage: set FFLAGS to default value: -g -O2
dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: source package php5
dpkg-buildpackage: source version 5.2.13-0.dotdeb.0
dpkg-buildpackage: source changed by Guillaume Plessis
dpkg-buildpackage: host architecture amd64
debian/rules clean
dh_testdir
sed -i -e ‘s/EXTRA_VERSION=”-0.dotdeb.0″/EXTRA_VERSION=””/’ configure.in
rm -f configure aclocal.m4 config.sub config.guess ltmain.sh
rm -f build/libtool.m4 main/php_config.h.in
rm -f prepared-stamp
QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null pop -a -R || test $? = 2
No patch removed
rm -rf .pc debian/stamp-patched
dh_testdir
dh_testroot
rm -f configure-apache2-stamp build-apache2-stamp
rm -f configure-apache2filter-stamp build-apache2filter-stamp
rm -f configure-cgi-stamp build-cgi-stamp
rm -f configure-cli-stamp build-cli-stamp
rm -f build-pear-stamp
rm -f install-stamp
rm -rf apache2-build
rm -rf apache2filter-build
rm -rf cgi-build
rm -rf cli-build
rm -rf pear-build pear-build-download
rm -f debian/copyright
rm -f test-results.txt
dh_clean
# clean up autogenerated cruft
cat debian/modulelist | while read package extname dsoname; do \
rm -f debian/php5-$package.postinst; \
done
for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \
for cruft in postrm links; do \
rm -f debian/${sapi}.${cruft}; \
done; \
done
dpkg-source -b php5-5.2.13
dpkg-source: info: using source format `1.0′
dpkg-source: info: building php5 using existing php5_5.2.13.orig.tar.gz
dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.diff.gz
dpkg-source: warning: ignoring deletion of file aclocal.m4
dpkg-source: warning: ignoring deletion of file ltmain.sh
dpkg-source: warning: ignoring deletion of file configure
dpkg-source: warning: ignoring deletion of file config.guess
dpkg-source: warning: ignoring deletion of file config.sub
dpkg-source: warning: ignoring deletion of file ext/pdo/pdo_sql_parser.c.orig
dpkg-source: warning: ignoring deletion of file ext/date/lib/parse_date.c.orig
dpkg-source: warning: ignoring deletion of file ext/standard/url_scanner_ex.c.orig
dpkg-source: warning: ignoring deletion of file ext/standard/var_unserializer.c.orig
dpkg-source: warning: ignoring deletion of file main/php_config.h.in
dpkg-source: warning: ignoring deletion of file build/libtool.m4
dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.dsc
debian/rules build
QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null push -a || test $? = 2
Applying patch 006-debian_quirks.patch
patching file configure.in
Hunk #1 succeeded at 985 (offset 51 lines).
Hunk #2 succeeded at 1019 (offset 51 lines).
Hunk #3 succeeded at 1074 with fuzz 2 (offset 51 lines).
Hunk #4 succeeded at 1145 (offset 51 lines).
patching file ext/ext_skel
patching file ext/session/session.c
Hunk #1 succeeded at 683 (offset 502 lines).
patching file php.ini-dist
Hunk #1 succeeded at 471 (offset 5 lines).
Hunk #2 succeeded at 488 (offset 5 lines).
Hunk #3 succeeded at 604 (offset 8 lines).
Hunk #4 succeeded at 940 (offset 4 lines).
Hunk #5 succeeded at 978 (offset 4 lines).
patching file php.ini-recommended
Hunk #1 succeeded at 522 (offset 6 lines).
Hunk #2 succeeded at 539 (offset 6 lines).
Hunk #3 succeeded at 655 (offset 9 lines).
Hunk #4 succeeded at 991 (offset 5 lines).
Hunk #5 succeeded at 1029 (offset 5 lines).
patching file sapi/caudium/config.m4
patching file sapi/cli/php.1.in
Hunk #1 succeeded at 308 with fuzz 1 (offset 2 lines).
patching file scripts/Makefile.frag
patching file scripts/php-config.in
patching file scripts/phpize.in

Applying patch 010-mail-header.patch
patching file ext/standard/mail.c
Hunk #1 succeeded at 210 with fuzz 2 (offset 28 lines).
Hunk #2 succeeded at 317 (offset 42 lines).
patching file main/main.c
Hunk #1 succeeded at 461 with fuzz 1 (offset 135 lines).
patching file main/php_globals.h
Hunk #1 succeeded at 162 (offset 10 lines).

Applying patch 011-suhosin.patch
patching file TSRM/TSRM.h
patching file TSRM/tsrm_virtual_cwd.c
patching file TSRM/tsrm_virtual_cwd.h
patching file Zend/Makefile.am
patching file Zend/Zend.dsp
patching file Zend/ZendTS.dsp
patching file Zend/zend.c
patching file Zend/zend.h
patching file Zend/zend_alloc.c
patching file Zend/zend_alloc.h
patching file Zend/zend_canary.c
patching file Zend/zend_compile.c
patching file Zend/zend_compile.h
patching file Zend/zend_constants.c
patching file Zend/zend_errors.h
patching file Zend/zend_hash.c
patching file Zend/zend_llist.c
can’t find file to patch at input line 1413
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/configure suhosin-patch-5.2.13-0.9.7/configure
|— php-5.2.13/configure 2010-02-24 13:27:27.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/configure 2010-03-02 21:51:30.000000000 +0100
————————–
No file to patch. Skipping patch.
3 out of 3 hunks ignored
patching file configure.in
patching file ext/standard/basic_functions.c
patching file ext/standard/dl.c
patching file ext/standard/file.c
patching file ext/standard/file.h
patching file ext/standard/info.c
patching file ext/standard/syslog.c
patching file main/fopen_wrappers.c
patching file main/main.c
Hunk #2 succeeded at 1390 (offset 1 line).
Hunk #3 succeeded at 1431 (offset 1 line).
Hunk #4 succeeded at 1528 (offset 1 line).
Hunk #5 succeeded at 1690 (offset 1 line).
Hunk #6 succeeded at 1834 (offset 1 line).
Hunk #7 succeeded at 1887 (offset 1 line).
Hunk #8 succeeded at 1948 (offset 1 line).
patching file main/php.h
can’t find file to patch at input line 1780
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/main/php_config.h.in suhosin-patch-5.2.13-0.9.7/main/php_config.h.in
|— php-5.2.13/main/php_config.h.in 2010-02-24 13:27:31.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/main/php_config.h.in 2010-03-02 21:51:30.000000000 +0100
————————–
No file to patch. Skipping patch.
1 out of 1 hunk ignored
patching file main/php_logos.c
patching file main/snprintf.c
patching file main/spprintf.c
patching file main/suhosin_globals.h
patching file main/suhosin_logo.h
patching file main/suhosin_patch.c
patching file main/suhosin_patch.h
patching file main/suhosin_patch.m4
patching file sapi/apache/mod_php5.c
patching file sapi/apache2filter/sapi_apache2.c
patching file sapi/apache2handler/sapi_apache2.c
patching file sapi/cgi/cgi_main.c
patching file sapi/cli/php_cli.c
patching file win32/build/config.w32
Patch 011-suhosin.patch does not apply (enforce with -f)
make: *** [debian/stamp-patched] Error 1
dpkg-buildpackage: error: debian/rules build gave error exit status 2

How about a version of 5.2.13 with php-fpm support?

I looked and this was not part of it.

@ Guillaume Plessis:
Je viens d’installer un serveur Apache2 avec PHP5.2/MySQL5.1 et quand je jette un coup d’oeil dans phpmyadmin (3.3.1) j’ai ce message d’erreur :
La version de votre bibliothèque MySQL (5.0.51a) diffère de la version de votre serveur MySQL (5.1.45). Ceci peut occasionner un comportement imprévisible.

@Myst : 5.0.51a est juste la version des librairies MySQL par rapport auxquelles PHP a Ă©tĂ© compilĂ©. Cela n’affecte en rien les interactions entre PHP et MySQL 5.0 u 5.1, bien au contraire…
Si PHP avait été compilé par rapport à MySQL 5.1, cela aurait provoqué une duplication des symboles dès lors que Apache ou PHP auraient chargé un module ou une extension liée elle aussi à MySQL, mais dans une version différente.

Vous pouvez ignorer cet avertissement de PHPMyAdmin.

Hi,

just wondering,
I guess the answer will be no 🙂
but is there any change to get the 5.2.13 on Etch too ?
Or any reason it won’t happen ?

Thanks.

@helm tilkmit : I wish I can fix this in a new release in the next few days. Please be patient.

@r4dius : Etch is not supported anymore. If you can’t upgrade your machines to Lenny, you can try to backport PHP 5.2.13 on a Lenny box :

apt-get build-dep php5
apt-get source php5
cd php5-5.2.13
./debian/rules binary

Hi. 1st of all thanks for your hard work!

I need to test something with PHP 5.2.11 but how can I install it using apt-get?

I know it’s in archives.dotdeb.org but I don’t know how to make apt-get get the packages from there.

Hi Guillaume,

Here’s probably a similar issue. Can you please take a look:-

# md5sum suhosin-patch-5.2.13-0.9.7.patch
4cf3f0efa1ca61819cfc04d7f8c6865e suhosin-patch-5.2.13-0.9.7.patch

# patch -p 1 -i include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
can’t find file to patch at input line 4
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
|— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
————————–
File to patch:

dc5ffgcwa02test:/usr/PHP/5.2.13/include/php/ext/suhosin# patch -i /usr/PHP/5.2.13/include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
can’t find file to patch at input line 4
Perhaps you should have used the -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
|— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
————————–

Not sure what exactly the problem is. Can you help me to fix this?

Thanks,
Shirish.

Comments are closed.