Posted by & filed under PHP.

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.4.1:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.

Key enhancements in PHP 5.4.1 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :

  • php5-xcache is now available in its 2.0 version,
  • the Suhosin patch is still absent from this build.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

33 Responses to “PHP 5.4.1”

  1. Zandar

    I have warning when switching from 5.3 to php5.4 :

    PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib/php5/20100525/suhosin.so’ – /usr/lib/php5/20100525/suhosin.so: cannot open shared object file: No such file or directory in Unknown on line 0

  2. Guillaume Plessis

    @Zandar : php5-suhosin does not exist for PHP 5.4. Please uninstall the package and remove any “extension=suhosin.so” from your config files.

  3. Andy

    Just wanted to say thank-you for keeping us up-to-date!

  4. hanti

    thx for your work 😉
    i menaged to update php 5.3 to 5.4

    but now i have problem after uninstalled php5-mysql and installed mysqlnd

    when i want to install phpmyadmin it wants me to remove php5-mysqlnd and install php5-mysql
    how i can fix that 😛

  5. Raynor

    Thank you, Guillaume, great site and cool update! )

  6. Jason

    @Guillaume

    When do you think we’ll be able to get PHP 5.4 using “deb http://packages.dotdeb.org squeeze all” instead of a separate source “squeeze-php54 all”?

    PHP 5.4.1 seems to be stable enough now to move it to the main branch.

  7. Guillaume Plessis

    @Jason : merging PHP 5.4 into the main repo won’t happen before PHP 5.3 end of life, you can consider squeeze-php54 as a reference. The fact is that many applications are not PHP 5.4 ready. Considering it as default version would break a lot of things.

  8. bobie

    une future version avec suhosin bientôt disponible ?

  9. Jason

    @Guillaume: I thought Debian has already abandoned Suhosin

  10. john

    How long to 5.4.2? Fixes a sec issue where one could get the source code of any PHP file if the server works with PHP as CGI.

  11. Schpuns

    When I try to install php-apc it finds unmet dependencies and suggest me to downgrade to PHP 5.3 :

    #aptitude install php-apc
    The following NEW packages will be installed:
    php-apc{b}
    0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
    The following packages have unmet dependencies:
    php-apc: Depends: phpapi-20090626+lfs which is a virtual package.
    The following actions will resolve these dependencies:
    Keep the following packages at their current version:
    1) php-apc [Not Installed]

  12. Schpuns

    thank you Guillaume! 🙂

    I there anyway to install apache 2.4 ?
    I have latest Debian Squeeze, and when trying:
    #aptitude -t experimental install apache2
    apache2-data: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
    apache2: Conflicts: apache2.2-common but 2.2.16-6+squeeze7 is installed.
    apache2-bin: Depends: libaprutil1 (>= 1.4.0) but 1.3.9+dfsg-5 is installed.
    Depends: libpcre3 (>= 8.10) but 8.02-1.1 is installed.
    Depends: libssl1.0.0 (>= 1.0.1) which is a virtual package.

    (I had to install apache 2.2 at the moment to setup my new server)

  13. Guillaume Plessis

    @Rodriguo : yep, I thought I could release PHP 5.4.4 packages along with the PHP 5.3.14 packages, with updated libmemcached dependencies. I’ll fix it in a few minutes. Sorry for the mess.

  14. Schpuns

    If you’re talking about Apache 2.4 install, no, still couldn’t install it 🙁

  15. jlwestsr

    I looked back through the responses and I was referencing to the issue with phpMyAdmin not installing correctly because of the missing addons php5-mysql and php5-mysqli. I download the latest from them and am currently working on getting it setup to see if it works or not. If it doesn’t then I am going roll back my environment to php53.

  16. Guillaume Plessis

    @jlwester : did you install the php5-mysql or the php5-mysqlnd package from Dotdeb and did you check that the appropriate “extension=….so” lines are present in the /etc/php5/conf.d/*.ini files?

  17. jlwestsr

    I get the following:

    sudo apt-get install php5-mysql
    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    php5-mysql : Depends: libmysqlclient16 (>= 5.1.21-1) but it is not installable
    E: Unable to correct problems, you have held broken packages.

  18. Guillaume Plessis

    @jlwestr : are you sure you have the right sources.list and that you ran “apt-get update”? None of the packages from Dotdeb depends on libmysqlclient16 (>= 5.1.21-1)

  19. Raphaël Dehousse

    I’m having the same issue with php5-mysql
    In the Packages file on dotdeb php54, I can see

    Package: php5-mysql
    Source: php5
    Version: 5.4.5-1~dotdeb.0
    Architecture: amd64
    Maintainer: Guillaume Plessis
    Installed-Size: 260
    Pre-Depends: dpkg (>= 1.15.7.2~)
    Depends: libc6 (>= 2.4), libmysqlclient16 (>= 5.1.21-1), phpapi-20100525, php5-common (= 5.4.5-1~dotdeb.0), ucf

    but I cannot find libmysqlclient16

    Any idea?

    Thx!

  20. Guillaume Plessis

    @Raphaël : if libmysqlclient16 is missing from your distribution, it means that you’re not using Debian stable, aka Squeeze. Dotdeb is only built for it. It should work on others distress, but with no additional support.

    I suggest you to install php5-mysqlnd instead of php5-mysql

  21. Raphaël Dehousse

    Indeed, it’s Ubuntu 12.04.1
    I wanted to install phpmyadmin that requires php5-mysql that conflicts with php5-mysqlnd, so, I will install phpmyadmin manually and use php5-mysqlnd 🙂

    Thx.