On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :
Security Enhancements and Fixes in PHP 5.4.1:
- Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
- Add open_basedir checks to readline_write_history and readline_read_history.
Key enhancements in PHP 5.4.1 include:
- Added debug info handler to DOM objects.
- Fixed bug #61172 (Add Apache 2.4 support).
Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :
- php5-xcache is now available in its 2.0 version,
- the Suhosin patch is still absent from this build.
As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.
33 replies on “PHP 5.4.1”
Is it package with APC for php 5.4?
@LukasAMD : yep, for a while
I have warning when switching from 5.3 to php5.4 :
PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib/php5/20100525/suhosin.so’ – /usr/lib/php5/20100525/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0
@Zandar : php5-suhosin does not exist for PHP 5.4. Please uninstall the package and remove any “extension=suhosin.so” from your config files.
Just wanted to say thank-you for keeping us up-to-date!
thx for your work 😉
i menaged to update php 5.3 to 5.4
but now i have problem after uninstalled php5-mysql and installed mysqlnd
when i want to install phpmyadmin it wants me to remove php5-mysqlnd and install php5-mysql
how i can fix that 😛
Thank you, Guillaume, great site and cool update! )
When do you think we’ll be able to get PHP 5.4 using “deb http://packages.dotdeb.org squeeze all” instead of a separate source “squeeze-php54 all”?
PHP 5.4.1 seems to be stable enough now to move it to the main branch.
@Jason : merging PHP 5.4 into the main repo won’t happen before PHP 5.3 end of life, you can consider squeeze-php54 as a reference. The fact is that many applications are not PHP 5.4 ready. Considering it as default version would break a lot of things.
une future version avec suhosin bientôt disponible ?
@bobie : pas d’avancée au niveau de Suhosin. Je commence à songer à l’abandon de ce patch pour la version 5.4.
@Guillaume: I thought Debian has already abandoned Suhosin
I don’t think Suhosin has been completely abandoned. If you check the project on github, you can see the author had started to add PHP 5.4 compatibility:
@Alex : I know, but still no patch for PHP 5.4. I keep watching.
How long to 5.4.2? Fixes a sec issue where one could get the source code of any PHP file if the server works with PHP as CGI.
@john : The new PHP versions as well as the official php patch contain a bug which makes the fix trivial to bypass. I’m waiting for a definitive fix.
Source : http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
Thanks for letting me know.
When I try to install php-apc it finds unmet dependencies and suggest me to downgrade to PHP 5.3 :
#aptitude install php-apc
The following NEW packages will be installed:
0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
The following packages have unmet dependencies:
php-apc: Depends: phpapi-20090626+lfs which is a virtual package.
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) php-apc [Not Installed]
@Schpuns : install php5-apc instead
thank you Guillaume! 🙂
I there anyway to install apache 2.4 ?
I have latest Debian Squeeze, and when trying:
#aptitude -t experimental install apache2
apache2-data: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
apache2: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
apache2-bin: Depends: libaprutil1 (>= 1.4.0) but 1.3.9+dfsg-5 is installed.
Depends: libpcre3 (>= 8.10) but 8.02-1.1 is installed.
Depends: libssl1.0.0 (>= 1.0.1) which is a virtual package.
(I had to install apache 2.2 at the moment to setup my new server)
I can’t install php5-memcached since libmemcached9 seems to be gone from the repo
@Rodriguo : yep, I thought I could release PHP 5.4.4 packages along with the PHP 5.3.14 packages, with updated libmemcached dependencies. I’ll fix it in a few minutes. Sorry for the mess.
wow, this is fast, thanks
Did you ever get a response on this? I am having the same issue.
@jlwestr : which issue?
If you’re talking about Apache 2.4 install, no, still couldn’t install it 🙁
I looked back through the responses and I was referencing to the issue with phpMyAdmin not installing correctly because of the missing addons php5-mysql and php5-mysqli. I download the latest from them and am currently working on getting it setup to see if it works or not. If it doesn’t then I am going roll back my environment to php53.
@jlwester : did you install the php5-mysql or the php5-mysqlnd package from Dotdeb and did you check that the appropriate “extension=….so” lines are present in the /etc/php5/conf.d/*.ini files?
I get the following:
sudo apt-get install php5-mysql
Reading package lists… Done
Building dependency tree
Reading state information… Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
php5-mysql : Depends: libmysqlclient16 (>= 5.1.21-1) but it is not installable
E: Unable to correct problems, you have held broken packages.
@jlwestr : are you sure you have the right sources.list and that you ran “apt-get update”? None of the packages from Dotdeb depends on libmysqlclient16 (>= 5.1.21-1)
I’m having the same issue with php5-mysql
In the Packages file on dotdeb php54, I can see
Maintainer: Guillaume Plessis
Pre-Depends: dpkg (>= 220.127.116.11~)
Depends: libc6 (>= 2.4), libmysqlclient16 (>= 5.1.21-1), phpapi-20100525, php5-common (= 5.4.5-1~dotdeb.0), ucf
but I cannot find libmysqlclient16
@Raphaël : if libmysqlclient16 is missing from your distribution, it means that you’re not using Debian stable, aka Squeeze. Dotdeb is only built for it. It should work on others distress, but with no additional support.
I suggest you to install php5-mysqlnd instead of php5-mysql
Indeed, it’s Ubuntu 12.04.1
I wanted to install phpmyadmin that requires php5-mysql that conflicts with php5-mysqlnd, so, I will install phpmyadmin manually and use php5-mysqlnd 🙂