Posted by & filed under PHP.

A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)


It is now available on Dotdeb (still on a separate repository) with the following changes :

  • id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
  • the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
  • php5-fpm is now an alternative dependency og the php5 meta-package

As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.

[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.

38 Responses to “PHP 5.3.2 is available too!”

  1. Daniel Hahler

    Attention: with a dbhost without any port, it will now result in a connection refused error:
    Connection refused (trying to connect via tcp://

    I have “mysql.default_port = ” in the ini file, which is the default (I assume), and it defaulted to 3306 then previously (5.3.1 from dotdeb), but not anymore.

  2. JC

    Hi there,

    I just upgrade from your 5.3.1 to 5.3.2, but I can not use the mysql extension, it’s loaded, but if I use it, it fails to connect, with mysqli it works…

    mysql_connect failed with a “Connection refused” error… going back to 5.3.1 and it works!

    I’ve a forum that doesn’t support mysqli… snif


  3. JC

    hi again,

    it seem that forcing host to ‘host:port’ resolved the problem… PHP seems to not use correctly the default port (which is not setted too!)

    thanks again for your work!

  4. Daniel Hahler

    This appears to be related to the dotdeb packages, but not upstream (according to TML on ##php).
    Maybe the suhosin patch causes this?

  5. Daniel Hahler

    Carlos: yes, it’ll use UNIX sockets then, but it’s not possible to workaround like this when MySQL is on another host. But explicitly adding the port number fixes it.

  6. Daniel Hahler

    re: php5-xcache: I’m getting “xcache_set(): xcache.var_size is either 0 or too small to enable var data caching” warnings, although it’s set to “16M” and governed by this check: “ini_get(‘xcache.var_size’) > 0”
    The same with xcache_get().

  7. Chris

    Well, I’d like to have the GeoIP extension back, since I’m using it with several installations, and new installs are broken:

    # apt-get install php5-geoip
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    php5-geoip: Depends: phpapi-20060613+lfs
    E: Broken packages

  8. Guillaume Plessis

    @all : I’m building now updated PHP 5.3.2 packages that fix the MySQL connection issue ( ). This is a MySQL native driver (not Dotdeb-specific) issue. That’s just a shame that it has not been spotted before (are only Dotdeb users using mysqlnd?).
    BTW, thanks for your feedbacks.

    @Chris : geoip will be back soon

  9. Chris

    Great, GeoIP is installable again with the newest package, thanks!

  10. Mike

    Maybe this is not the right place to ask but currently I use the packages from debian php5.2.6

    If I upgrade using dotdeb what will happen to all my own compiled extensions?

    Do I need to compile/add these again to php.ini?
    Sorry if I am asking about the obvious but I am quite new at this and got everything to work with trial and error.

  11. Guillaume Plessis

    @Mike : the Zend API changed between PHP 5.2 and PHP 5.3, then you’ll have to recompile your extensions :

    apt-get install php5-dev build-essential
    make install

  12. WebGoddess

    Thank you for posting this, daylight savings was completely busted in 5.3.1 so PHP was an hour off for me until I updated to 5.3.2.

  13. Daniel Hahler

    I think pcntl makes sense in general: you can fork off child processes and even trigger daemon mode (see e.g. That’s what I was trying: let the script do processing after the page has been sent to the user (and the connection is closed already).
    Sure, there are other means to implement something like this, but this appears to be the most straightforward one.
    Apart from that, forking alone is useful enough.
    Please consider adding it to the other flavours, too.

  14. izmanromli


    i’m using jaunty and can’t install libapache2-mod-php5

    it always reported as fetch error ..

    any workaround?


  15. Steuf

    I a found the solution for bug width function imagettfbbox on 5.3.2, after 1 week for search the problem it’s caused by the GCC compiler.

    With GCC Version 4.3.2 the bug appear, I have recompile GD extention width GCC 4.1.2 and it have fixed the problem.

  16. Sébastien B.

    One (some?) php-pear components I’m using with php-5.2.13 doesn’t works with php-5.3.2, Structures_DataGrid. Any idea ?

  17. Leif

    Hi. Is there any way to install PHP 5.3 and PHP 5.2 at the same time (CGI only)?

  18. Nabeel

    I’m having issues too, with php-fpm. Going back to 5.2.10 from the Ubuntu Karmic repo. Don’t have time to work on recompiling php-fpm, but there’s some weird bug in there which keeps timing it out.

  19. Dave

    You can add pcntl afterwords like this

    mkdir /home/user/php
    cd /home/user/php
    apt-get source php5
    cd php5-5.3.11/ext/pcntl/
    cp modules/ /usr/lib/php5/20090626/
    echo “” > /etc/php5/conf.d/pcntl.ini
    /etc/init.d/php5-fpm restart


  1.  alex95: @semprom пусни си apt-get upgrade и пос.. -