PHP 5.3.2 is available too!

A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)


It is now available on Dotdeb (still on a separate repository) with the following changes :

  • id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
  • the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
  • php5-fpm is now an alternative dependency og the php5 meta-package

As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.

[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.

39 replies on “PHP 5.3.2 is available too!”

Attention: with a dbhost without any port, it will now result in a connection refused error:
Connection refused (trying to connect via tcp://

I have “mysql.default_port = ” in the ini file, which is the default (I assume), and it defaulted to 3306 then previously (5.3.1 from dotdeb), but not anymore.

Hi there,

I just upgrade from your 5.3.1 to 5.3.2, but I can not use the mysql extension, it’s loaded, but if I use it, it fails to connect, with mysqli it works…

mysql_connect failed with a “Connection refused” error… going back to 5.3.1 and it works!

I’ve a forum that doesn’t support mysqli… snif


hi again,

it seem that forcing host to ‘host:port’ resolved the problem… PHP seems to not use correctly the default port (which is not setted too!)

thanks again for your work!

Carlos: yes, it’ll use UNIX sockets then, but it’s not possible to workaround like this when MySQL is on another host. But explicitly adding the port number fixes it.

re: php5-xcache: I’m getting “xcache_set(): xcache.var_size is either 0 or too small to enable var data caching” warnings, although it’s set to “16M” and governed by this check: “ini_get(‘xcache.var_size’) > 0”
The same with xcache_get().

Well, I’d like to have the GeoIP extension back, since I’m using it with several installations, and new installs are broken:

# apt-get install php5-geoip
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
php5-geoip: Depends: phpapi-20060613+lfs
E: Broken packages

@all : I’m building now updated PHP 5.3.2 packages that fix the MySQL connection issue ( ). This is a MySQL native driver (not Dotdeb-specific) issue. That’s just a shame that it has not been spotted before (are only Dotdeb users using mysqlnd?).
BTW, thanks for your feedbacks.

@Chris : geoip will be back soon

Maybe this is not the right place to ask but currently I use the packages from debian php5.2.6

If I upgrade using dotdeb what will happen to all my own compiled extensions?

Do I need to compile/add these again to php.ini?
Sorry if I am asking about the obvious but I am quite new at this and got everything to work with trial and error.

@Mike : the Zend API changed between PHP 5.2 and PHP 5.3, then you’ll have to recompile your extensions :

apt-get install php5-dev build-essential
make install

Thank you for posting this, daylight savings was completely busted in 5.3.1 so PHP was an hour off for me until I updated to 5.3.2.

I think pcntl makes sense in general: you can fork off child processes and even trigger daemon mode (see e.g. That’s what I was trying: let the script do processing after the page has been sent to the user (and the connection is closed already).
Sure, there are other means to implement something like this, but this appears to be the most straightforward one.
Apart from that, forking alone is useful enough.
Please consider adding it to the other flavours, too.


i’m using jaunty and can’t install libapache2-mod-php5

it always reported as fetch error ..

any workaround?


I a found the solution for bug width function imagettfbbox on 5.3.2, after 1 week for search the problem it’s caused by the GCC compiler.

With GCC Version 4.3.2 the bug appear, I have recompile GD extention width GCC 4.1.2 and it have fixed the problem.

One (some?) php-pear components I’m using with php-5.2.13 doesn’t works with php-5.3.2, Structures_DataGrid. Any idea ?

I’m having issues too, with php-fpm. Going back to 5.2.10 from the Ubuntu Karmic repo. Don’t have time to work on recompiling php-fpm, but there’s some weird bug in there which keeps timing it out.

You can add pcntl afterwords like this

mkdir /home/user/php
cd /home/user/php
apt-get source php5
cd php5-5.3.11/ext/pcntl/
cp modules/ /usr/lib/php5/20090626/
echo “” > /etc/php5/conf.d/pcntl.ini
/etc/init.d/php5-fpm restart

Comments are closed.