A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :
The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.2:
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
It is now available on Dotdeb (still on a separate repository) with the following changes :
- id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
- the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
- php5-fpm is now an alternative dependency og the php5 meta-package
As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.
[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.
39 replies on “PHP 5.3.2 is available too!”
Here’s a guide on how to install on ubuntu karmic koala
Attention: with a dbhost without any port, it will now result in a connection refused error:
Connection refused (trying to connect via tcp://10.122.42.42:0)
I have “mysql.default_port = ” in the ini file, which is the default (I assume), and it defaulted to 3306 then previously (5.3.1 from dotdeb), but not anymore.
Reported at: http://bugs.php.net/bug.php?id=51242
I just upgrade from your 5.3.1 to 5.3.2, but I can not use the mysql extension, it’s loaded, but if I use it, it fails to connect, with mysqli it works…
mysql_connect failed with a “Connection refused” error… going back to 5.3.1 and it works!
I’ve a forum that doesn’t support mysqli… snif
it seem that forcing host to ‘host:port’ resolved the problem… PHP seems to not use correctly the default port (which is not setted too!)
thanks again for your work!
This appears to be related to the dotdeb packages, but not upstream (according to TML on ##php).
Maybe the suhosin patch causes this?
The problem of the mysql I solved changing the host from ‘127.0.0.1’ to ‘localhost’.. 😉
Carlos: yes, it’ll use UNIX sockets then, but it’s not possible to workaround like this when MySQL is on another host. But explicitly adding the port number fixes it.
re: php5-xcache: I’m getting “xcache_set(): xcache.var_size is either 0 or too small to enable var data caching” warnings, although it’s set to “16M” and governed by this check: “ini_get(‘xcache.var_size’) > 0”
The same with xcache_get().
Well, I’d like to have the GeoIP extension back, since I’m using it with several installations, and new installs are broken:
# apt-get install php5-geoip
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
php5-geoip: Depends: phpapi-20060613+lfs
E: Broken packages
@all : I’m building now updated PHP 5.3.2 packages that fix the MySQL connection issue ( http://bugs.php.net/51242 ). This is a MySQL native driver (not Dotdeb-specific) issue. That’s just a shame that it has not been spotted before (are only Dotdeb users using mysqlnd?).
BTW, thanks for your feedbacks.
@Chris : geoip will be back soon
@Daniel Hahler : just set xcache.var_size to an appropriate value in /etc/php5/conf.d/xcache.ini
@Guillaume: yes, really odd that nobody else has noticed the bug before. Patch is at: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/mysqlnd/mysqlnd.c?r1=295982&r2=295981&pathrev=295982
re: php5-xcache: I’ve said already that xcache.var_size had been set to “16M” (which should be enough). Oddly, after a restart this error appears to have gone – although it showed up as 16M in the phpinfo output already.
PHP 5.3.2 packages have been updated to fix the MySQL connection issue. php5-geoip is back online.
Great, GeoIP is installable again with the newest package, thanks!
Maybe this is not the right place to ask but currently I use the packages from debian php5.2.6
If I upgrade using dotdeb what will happen to all my own compiled extensions?
Do I need to compile/add these again to php.ini?
Sorry if I am asking about the obvious but I am quite new at this and got everything to work with trial and error.
@Mike : the Zend API changed between PHP 5.2 and PHP 5.3, then you’ll have to recompile your extensions :
apt-get install php5-dev build-essential
Hi Guillaume! We are using the mailparse extension, but I don’t mind building it ourselves. (We are doing that for quite a number of other pecl packages too)
[…] си apt-get upgrade и после php-fpm restart От dotdeb са пуснали 5.3.2 http://localhost:8080/2010/03/08/php-5-3-2-is-available-too/ в Любими преди 34 секунди edno23.com Начало контакти […]
Thank you for posting this, daylight savings was completely busted in 5.3.1 so PHP was an hour off for me until I updated to 5.3.2.
Can you please build the packages using “–enable-pcntl”, so “pcntl_fork” etc is available?
@Daniel Hahler : the php5-cli is built with pcntl. It makes no real sense to build it in the other flavours (apache, cgi…)
I think pcntl makes sense in general: you can fork off child processes and even trigger daemon mode (see e.g. http://php.net/manual/en/function.pcntl-fork.php#94338). That’s what I was trying: let the script do processing after the page has been sent to the user (and the connection is closed already).
Sure, there are other means to implement something like this, but this appears to be the most straightforward one.
Apart from that, forking alone is useful enough.
Please consider adding it to the other flavours, too.
I a found bug width function imagettfbbox :
Reported here : http://bugs.php.net/bug.php?id=51315
Anyone have this issue ?
i’m using jaunty and can’t install libapache2-mod-php5
it always reported as fetch error ..
I a found the solution for bug width function imagettfbbox on 5.3.2, after 1 week for search the problem it’s caused by the GCC compiler.
With GCC Version 4.3.2 the bug appear, I have recompile GD extention width GCC 4.1.2 and it have fixed the problem.
One (some?) php-pear components I’m using with php-5.2.13 doesn’t works with php-5.3.2, Structures_DataGrid. Any idea ?
Hi. Is there any way to install PHP 5.3 and PHP 5.2 at the same time (CGI only)?
@Leif : No. The Debian dependencies prevent to do so.
@Leif – I bookmarked this page a few day ago, it’s about php-farm and fastcgi, http://cweiske.de/tagebuch/Running%20Apache%20with%20a%20dozen%20PHP%20versions.htm
I’m having issues too, with php-fpm. Going back to 5.2.10 from the Ubuntu Karmic repo. Don’t have time to work on recompiling php-fpm, but there’s some weird bug in there which keeps timing it out.
@Nabeel : No problem. Please note that Dotdeb does not support Ubuntu. Make it work on non-pure Debian system might be tricky.
Hi, It is possible to fix this Bug? http://bugs.php.net/bug.php?id=51192
sry. i meant “Is it possible” not “It is”
@Shadow-Dragon: I’ll fix it in my next upload, in the next few days.
You can add pcntl afterwords like this
apt-get source php5
cp modules/pcntl.so /usr/lib/php5/20090626/
echo “extension=pcntl.so” > /etc/php5/conf.d/pcntl.ini
You can download pcntl as RPM:
$alien –to-deb –keep-version php5-pcntl-5.3.14-133.1.x86_64.rpm
$dpkg –install php5-pcntl_5.3.14-133.1_amd64.deb