Posted by & filed under PHP.

On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too).

I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both amd64 and i386 architectures :

  • for Debian 6.0 Squeeze : on the main Dotdeb repository
  • for Debian 5.0 “Lenny” : on

Ugrading to PHP 5.3.8 is strongly recommended, but please read the Changelog before.

42 Responses to “PHP 5.3.8 is available”

  1. Matrix

    I don’t known about the other files, but a few upgrades in a row, my suhosin.ini got overwritten by the new package and I wasn’t asked whether I want to keep my current version or replace it with a newer one. I think suhosin.ini isn’t added to the list of configuration files in the DEB package. Thinking about it, I think this also happens to apc.ini. Could you please check if those config files are on the list? And for other packages too.

  2. Ben

    I’m experiencing the same thing with apc.ini, though I remembered to back it up last time just in case.

  3. Jools

    I can confirm the issue with apc.ini and suhosin.ini being overwritten during upgrade.

  4. Jools

    I’ve seen this issue on lenny in the past afair, but currently im seeing it on squeeze. using dh-make-pecl manually to make a pecl package also shows the problem, so I guess they need some manual package tweaks.

  5. Jools

    dh-make-pecl created debian/rules has some scripting to copy the apc.ini rather than handling it via conffiles or similar.

  6. Jools

    sorry correction. it just copies it into debian/package for installing so it might just be enough to add a conffiles entry for apc.ini / suhosin.ini

  7. Ben

    @Guillaume I have only seen it happen with Squeeze, though I didn’t have apc set up when I used Lenny.

  8. Jools

    just to add: i just tried building apc using dh-make-pecl and the resulting package asked me if i wanted to overwrite apc.ini when installing. it also generated a debian/php5-apc/DEBIAN/conffiles for the package

  9. radar

    I’m experiencing overwriting too with apc.ini and memcached.ini. Dist: squeeze

  10. hileon

    just upgrade to php5.3.8 using source.
    the performance is very bad.
    I test with this script, before and after install php5.3.8
    It seems the same code will take 10 times time in php5.3.8

    Test php script:
    //test float
    function test_float() {
    $t = pi();
    $timeStart = gettimeofday();

    for($i = 0; $i

    Test result:
    php version:5.3.3-7+squeeze3
    call sqrt() 3,000,000 times will cost 1.369s
    php version:5.3.3-7+squeeze3
    call sqrt() 3,000,000 times will cost 1.095s
    php version:5.3.3-7+squeeze3
    call sqrt() 3,000,000 times will cost 1.072s
    php version:5.3.8-1~dotdeb.2
    call sqrt() 3,000,000 times will cost 10.644s
    php version:5.3.8-1~dotdeb.2
    call sqrt() 3,000,000 times will cost 10.567s
    php version:5.3.8-1~dotdeb.2
    call sqrt() 3,000,000 times will cost 10.343s

    How can I go back to php5.3.7?

  11. Guillaume Plessis

    @hileon : sorry to hear that.
    You mean go back to 5.3.3 from Squeeze? You just have to specify the wanted version in your apt-get command. For example :

    apt-get install php5=5.3.3-7+squeeze3

  12. hileon

    Thanks Guillaume.
    I upgraded using apt-get upgrade, is there other php package I should degrade to 5.3.3-7?

  13. Sam Bauers

    PHP 5.3.8 breaks PEAR::isError(), which in turn breaks a lot of stuff. User beware.

    Best solution is to remove PEAR from your stack ; )

  14. spirit

    php-fpm comes with a cron.d script for deleting sessions files in /var/lib/php5/.

    But default path configuration for sessions is /tmp… is that so /tmp won’t be clean?

    My suggestion is to update either php conf or cron.d, but you’re the boss! (third option is I mistaken! ;).

  15. chester

    Which OS did you build this package on?
    I failed to use srouce is your repository to build the package on Ubuntu because I do not need many features built in PHP. First, the build depends on the locales-all package but not exists in Ubuntu repository. Secondly, it needs autoconf 2.59 or lower

  16. chester

    OK, thx. I installed the deb package you provide on Unbuntu is OK. I will try to rebuild a deb package on Squeeze

  17. spirit

    And what are you going to choose ? Keep /tmp for session and update cron? or ?

  18. fibre

    Hello, I use 5.3.8-1~dotdeb.2 version on testing and in interactive cli mode (php -a) when I write for example

    php > echo array_key_exists(“”, array());

    nothing is displayed, but:
    php > echo !array_key_exists(“”, array());
    (in most cases, when true value, it works)

    It is standard behaviour or it is bug? But still, better than compiled without readline 😀

  19. Natrio

    Bug in the php5-fpm init script: attempt to reload causes master process killing.
    php-fpm understands the signals:
    SIGQUIT – graceful stop
    SIGINT, SIGTERM – immediate termination
    SIGUSR2 – graceful reload of all workers + reload of fpm conf/binary

    but script sends SIGHUP on reload (it kills master process instead!), and SIGTERM on stop (immediately, not graceful).

  20. Joe

    @Natrio – thanks – this explains some weird behaviour I’ve been seeing!!!

  21. Leo

    short_open_tag in cli/php.ini is set to ‘Off’. This is not the default expected value for this setting (we just had a problem related to that). Maybe you can just keep the default to none or ‘On’ for the next release.
    Thank you.

  22. dusk

    I seem to have a problem upgrading my php version. I followed all the nessescary steps but after the apt-get dist-upgrade command my php version still states php 5.2.12 ?

    I googled like crazy for an answer but still didn’t find one…

  23. Guillaume Plessis

    @dusk : be sure to have to right lines in your sources.list :

    # If you're using lenny
    deb lenny all
    # If you're using Squeeze
    deb squeeze all

    Then, run “apt-get update” and “apt-get dist-upgrade”. PHP should be upgraded to 5.3.

  24. noamik

    Version 5.3.9 is available. Any chances we might see it on dotdeb soon?

    If not I can compile it myself, just asking if it is worth it taking the burden …

  25. Matic

    Ever since I upgraded to PHP 5.3.9 a few hours ago, my workers have been constantly crashing. PHP is completely unusable. Error:
    “*** glibc detected *** php-fpm: pool volt: double free or corruption (fasttop): 0x0000000001f8d240 ***”

    How do I revert back to previous version? Urgent!

  26. Matic

    Jan 12 16:06:53 akula kernel: php5-fpm[4204]: segfault at 0 ip 00007fd354071cf2 sp 00007fff81be86c8 error 4 in[7fd353ff6000+159000]

  27. Guillaume Plessis

    @Matic : can you please ensure that you use use the latest PHP 5.3.9 packages (run apt-get update to refresh your repositories). If not, please upgrade them and tell me if it fixes your issues.

    If the problem still occurs, please tell me more about your config : which distribution (Debian? Ubuntu? its version? stock or with custom repos? PHP extensions that do not come from Dotdeb?).

    FYI, PHP-FPM 5.3.9 run well on dot, no segfault.

    If you still want to downgrade to 5.3.8, the packages are here :

  28. Matic

    I’m using the latest PHP packages from the Dotdeb repository. I’m running Debian 6.0 64-bit. The only 3rd party repo I have is Dotdeb. All PHP extensions are from Dotdeb. Kernel is 3.1.6-grsec but also happens on 3.1.1-vanilla.

    After more investigation it seems the problem is isolated to one particular PHP application as other applications do not cause segfaults. The application in question is “EDK (EVE killboard)”. Maybe 5.3.9 brakes something in that application.

  29. noamik

    For some reason I didn’t get them last time I tried. But thanks for your info. They are available to me now as well on squeeze.


  1.  installing php/apache from source - Admins Goodies