On December 18th 2014, the PHP group released PHP 5.5.20.
This release fixes several bugs and one CVE related to unserialization. All PHP 5.5 users are encouraged to upgrade to this version.
PHP 5.5.20 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures.
The following modules have been packaged too :
- apcu 4.0.7
- gearman 0.8.3
- geoip 1.0.8
- imagick 3.1.2
- memcache 3.0.8
- memcached 2.2.0
- mongo 1.5.8
- pecl_http 1.7.6
- pinba (master)
- redis 2.2.5
- spplus 1.1
- ssh2 0.12
- xcache 3.2.0
- xdebug 2.2.6
- xhprof 0.9.4
Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.
3 replies on “PHP 5.5.20 for Wheezy”
This update rendered my webservers completely useless – after a short while nginx gets only the following error messages:
2014/12/21 16:06:46 [error] 2619#0: *101 recv() failed (104: Connection reset by peer) while reading response header from upstream
I had to reinstall 5.5.19 from archives to get it running again.
Just to add some more information – only PHP-FPM seems to be affected, CLI scripts run fine. No errors are recorded in PHP-FPM log files, nginx serves 1-2 pages as usual, and then the connection to FPM seems to just stop working, although the FPM process continues to run. If opcache is disabled, 1-2 pages more can be loaded, but then the same error occurs.
I cannot find any indication why this error occurs, and disabling mods like opcache, imap etc. does not change anything.
Just loading phpmyadmin with this PHP release leads to the 502 bad gateway nginx errors after the first page load, so I think it should be possible to reproduce this problem.
I opened an issue on the dotdeb-github-page (https://github.com/gplessis/dotdeb-php5/issues/69), and it seems to be a bug in PHP-FPM, probably connected to this bug: https://bugs.php.net/bug.php?id=68751
I would strongly discourage anybody from upgrading if you are using PHP-FPM, the chances of a complete failure of PHP-FPM is quite high. Only if you do not use listen.allowed_clients at all, you may not be affected.