Posted by & filed under PHP.

A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :

The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.

Security Enhancements and Fixes in PHP 5.2.13:

  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)

(…)

On the Dotdeb side

As usual, please read the release announcement and the full Changelog before upgrading.

26 Responses to “PHP 5.2.13 is available”

  1. Arnaud Launay

    Hello Guillaume,

    Actually, we do use the ffmpeg AND spplus extensions on our prod servers… Those don’t have any support for compiling, thus the presence of your extensions in your repository was very pleasant 🙂

    Best regards,
    Arnaud.

  2. proforg

    php5-5.2.13 does not build from source:

    root@DIB097 /usr/local/src/php5-5.2.13>dpkg-buildpackage
    dpkg-buildpackage: set CFLAGS to default value: -g -O2
    dpkg-buildpackage: set CPPFLAGS to default value:
    dpkg-buildpackage: set LDFLAGS to default value:
    dpkg-buildpackage: set FFLAGS to default value: -g -O2
    dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
    dpkg-buildpackage: source package php5
    dpkg-buildpackage: source version 5.2.13-0.dotdeb.0
    dpkg-buildpackage: source changed by Guillaume Plessis
    dpkg-buildpackage: host architecture amd64
    debian/rules clean
    dh_testdir
    sed -i -e ‘s/EXTRA_VERSION=”-0.dotdeb.0″/EXTRA_VERSION=””/’ configure.in
    rm -f configure aclocal.m4 config.sub config.guess ltmain.sh
    rm -f build/libtool.m4 main/php_config.h.in
    rm -f prepared-stamp
    QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null pop -a -R || test $? = 2
    No patch removed
    rm -rf .pc debian/stamp-patched
    dh_testdir
    dh_testroot
    rm -f configure-apache2-stamp build-apache2-stamp
    rm -f configure-apache2filter-stamp build-apache2filter-stamp
    rm -f configure-cgi-stamp build-cgi-stamp
    rm -f configure-cli-stamp build-cli-stamp
    rm -f build-pear-stamp
    rm -f install-stamp
    rm -rf apache2-build
    rm -rf apache2filter-build
    rm -rf cgi-build
    rm -rf cli-build
    rm -rf pear-build pear-build-download
    rm -f debian/copyright
    rm -f test-results.txt
    dh_clean
    # clean up autogenerated cruft
    cat debian/modulelist | while read package extname dsoname; do \
    rm -f debian/php5-$package.postinst; \
    done
    for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \
    for cruft in postrm links; do \
    rm -f debian/${sapi}.${cruft}; \
    done; \
    done
    dpkg-source -b php5-5.2.13
    dpkg-source: info: using source format `1.0′
    dpkg-source: info: building php5 using existing php5_5.2.13.orig.tar.gz
    dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.diff.gz
    dpkg-source: warning: ignoring deletion of file aclocal.m4
    dpkg-source: warning: ignoring deletion of file ltmain.sh
    dpkg-source: warning: ignoring deletion of file configure
    dpkg-source: warning: ignoring deletion of file config.guess
    dpkg-source: warning: ignoring deletion of file config.sub
    dpkg-source: warning: ignoring deletion of file ext/pdo/pdo_sql_parser.c.orig
    dpkg-source: warning: ignoring deletion of file ext/date/lib/parse_date.c.orig
    dpkg-source: warning: ignoring deletion of file ext/standard/url_scanner_ex.c.orig
    dpkg-source: warning: ignoring deletion of file ext/standard/var_unserializer.c.orig
    dpkg-source: warning: ignoring deletion of file main/php_config.h.in
    dpkg-source: warning: ignoring deletion of file build/libtool.m4
    dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.dsc
    debian/rules build
    QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null push -a || test $? = 2
    Applying patch 006-debian_quirks.patch
    patching file configure.in
    Hunk #1 succeeded at 985 (offset 51 lines).
    Hunk #2 succeeded at 1019 (offset 51 lines).
    Hunk #3 succeeded at 1074 with fuzz 2 (offset 51 lines).
    Hunk #4 succeeded at 1145 (offset 51 lines).
    patching file ext/ext_skel
    patching file ext/session/session.c
    Hunk #1 succeeded at 683 (offset 502 lines).
    patching file php.ini-dist
    Hunk #1 succeeded at 471 (offset 5 lines).
    Hunk #2 succeeded at 488 (offset 5 lines).
    Hunk #3 succeeded at 604 (offset 8 lines).
    Hunk #4 succeeded at 940 (offset 4 lines).
    Hunk #5 succeeded at 978 (offset 4 lines).
    patching file php.ini-recommended
    Hunk #1 succeeded at 522 (offset 6 lines).
    Hunk #2 succeeded at 539 (offset 6 lines).
    Hunk #3 succeeded at 655 (offset 9 lines).
    Hunk #4 succeeded at 991 (offset 5 lines).
    Hunk #5 succeeded at 1029 (offset 5 lines).
    patching file sapi/caudium/config.m4
    patching file sapi/cli/php.1.in
    Hunk #1 succeeded at 308 with fuzz 1 (offset 2 lines).
    patching file scripts/Makefile.frag
    patching file scripts/php-config.in
    patching file scripts/phpize.in

    Applying patch 010-mail-header.patch
    patching file ext/standard/mail.c
    Hunk #1 succeeded at 210 with fuzz 2 (offset 28 lines).
    Hunk #2 succeeded at 317 (offset 42 lines).
    patching file main/main.c
    Hunk #1 succeeded at 461 with fuzz 1 (offset 135 lines).
    patching file main/php_globals.h
    Hunk #1 succeeded at 162 (offset 10 lines).

    Applying patch 011-suhosin.patch
    patching file TSRM/TSRM.h
    patching file TSRM/tsrm_virtual_cwd.c
    patching file TSRM/tsrm_virtual_cwd.h
    patching file Zend/Makefile.am
    patching file Zend/Zend.dsp
    patching file Zend/ZendTS.dsp
    patching file Zend/zend.c
    patching file Zend/zend.h
    patching file Zend/zend_alloc.c
    patching file Zend/zend_alloc.h
    patching file Zend/zend_canary.c
    patching file Zend/zend_compile.c
    patching file Zend/zend_compile.h
    patching file Zend/zend_constants.c
    patching file Zend/zend_errors.h
    patching file Zend/zend_hash.c
    patching file Zend/zend_llist.c
    can’t find file to patch at input line 1413
    Perhaps you used the wrong -p or –strip option?
    The text leading up to this was:
    ————————–
    |diff -Nura php-5.2.13/configure suhosin-patch-5.2.13-0.9.7/configure
    |— php-5.2.13/configure 2010-02-24 13:27:27.000000000 +0100
    |+++ suhosin-patch-5.2.13-0.9.7/configure 2010-03-02 21:51:30.000000000 +0100
    ————————–
    No file to patch. Skipping patch.
    3 out of 3 hunks ignored
    patching file configure.in
    patching file ext/standard/basic_functions.c
    patching file ext/standard/dl.c
    patching file ext/standard/file.c
    patching file ext/standard/file.h
    patching file ext/standard/info.c
    patching file ext/standard/syslog.c
    patching file main/fopen_wrappers.c
    patching file main/main.c
    Hunk #2 succeeded at 1390 (offset 1 line).
    Hunk #3 succeeded at 1431 (offset 1 line).
    Hunk #4 succeeded at 1528 (offset 1 line).
    Hunk #5 succeeded at 1690 (offset 1 line).
    Hunk #6 succeeded at 1834 (offset 1 line).
    Hunk #7 succeeded at 1887 (offset 1 line).
    Hunk #8 succeeded at 1948 (offset 1 line).
    patching file main/php.h
    can’t find file to patch at input line 1780
    Perhaps you used the wrong -p or –strip option?
    The text leading up to this was:
    ————————–
    |diff -Nura php-5.2.13/main/php_config.h.in suhosin-patch-5.2.13-0.9.7/main/php_config.h.in
    |— php-5.2.13/main/php_config.h.in 2010-02-24 13:27:31.000000000 +0100
    |+++ suhosin-patch-5.2.13-0.9.7/main/php_config.h.in 2010-03-02 21:51:30.000000000 +0100
    ————————–
    No file to patch. Skipping patch.
    1 out of 1 hunk ignored
    patching file main/php_logos.c
    patching file main/snprintf.c
    patching file main/spprintf.c
    patching file main/suhosin_globals.h
    patching file main/suhosin_logo.h
    patching file main/suhosin_patch.c
    patching file main/suhosin_patch.h
    patching file main/suhosin_patch.m4
    patching file sapi/apache/mod_php5.c
    patching file sapi/apache2filter/sapi_apache2.c
    patching file sapi/apache2handler/sapi_apache2.c
    patching file sapi/cgi/cgi_main.c
    patching file sapi/cli/php_cli.c
    patching file win32/build/config.w32
    Patch 011-suhosin.patch does not apply (enforce with -f)
    make: *** [debian/stamp-patched] Error 1
    dpkg-buildpackage: error: debian/rules build gave error exit status 2

  3. Foo

    How about a version of 5.2.13 with php-fpm support?

    I looked and this was not part of it.

  4. Myst

    @ Guillaume Plessis:
    Je viens d’installer un serveur Apache2 avec PHP5.2/MySQL5.1 et quand je jette un coup d’oeil dans phpmyadmin (3.3.1) j’ai ce message d’erreur :
    La version de votre bibliothèque MySQL (5.0.51a) diffère de la version de votre serveur MySQL (5.1.45). Ceci peut occasionner un comportement imprévisible.

  5. Guillaume Plessis

    @Myst : 5.0.51a est juste la version des librairies MySQL par rapport auxquelles PHP a Ă©tĂ© compilĂ©. Cela n’affecte en rien les interactions entre PHP et MySQL 5.0 u 5.1, bien au contraire…
    Si PHP avait été compilé par rapport à MySQL 5.1, cela aurait provoqué une duplication des symboles dès lors que Apache ou PHP auraient chargé un module ou une extension liée elle aussi à MySQL, mais dans une version différente.

    Vous pouvez ignorer cet avertissement de PHPMyAdmin.

  6. r4dius

    Hi,

    just wondering,
    I guess the answer will be no 🙂
    but is there any change to get the 5.2.13 on Etch too ?
    Or any reason it won’t happen ?

    Thanks.

  7. Guillaume Plessis

    @helm tilkmit : I wish I can fix this in a new release in the next few days. Please be patient.

    @r4dius : Etch is not supported anymore. If you can’t upgrade your machines to Lenny, you can try to backport PHP 5.2.13 on a Lenny box :

    apt-get build-dep php5
    apt-get source php5
    cd php5-5.2.13
    ./debian/rules binary

  8. The BLION Corp.

    @Guillaume : I don’t want to create my own packages. That’s why I use dotdeb packages. I don’t want to care about dependencies…

  9. sam

    Hi. 1st of all thanks for your hard work!

    I need to test something with PHP 5.2.11 but how can I install it using apt-get?

    I know it’s in archives.dotdeb.org but I don’t know how to make apt-get get the packages from there.

  10. Shirish

    Hi Guillaume,

    Here’s probably a similar issue. Can you please take a look:-

    # md5sum suhosin-patch-5.2.13-0.9.7.patch
    4cf3f0efa1ca61819cfc04d7f8c6865e suhosin-patch-5.2.13-0.9.7.patch

    # patch -p 1 -i include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
    can’t find file to patch at input line 4
    Perhaps you used the wrong -p or –strip option?
    The text leading up to this was:
    ————————–
    |diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
    |— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
    |+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
    ————————–
    File to patch:

    dc5ffgcwa02test:/usr/PHP/5.2.13/include/php/ext/suhosin# patch -i /usr/PHP/5.2.13/include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
    can’t find file to patch at input line 4
    Perhaps you should have used the -p or –strip option?
    The text leading up to this was:
    ————————–
    |diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
    |— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
    |+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
    ————————–

    Not sure what exactly the problem is. Can you help me to fix this?

    Thanks,
    Shirish.

Trackbacks/Pingbacks

  1.  Install Previous Version of PHP Package from Debian Testing Using Apt - Just just easy answers