Categories
PHP

PHP 5.3.5, now for Squeeze

I just released PHP 5.3.5 packages for Debian 6.0 (a.k.a “Squeeze”), with some changes against the Lenny’s ones :

  • the packaging process has been improved : dependencies were cleaned up, PHP tests are now displayed, libtool 2.2 is now supported (thanks to the Debian team for their precious work)
  • 3 new useful extensions have been packaged : gearman, phpredis and xhprof (without its interface files)

With these new packages, Dotdeb’s support for Squeeze is still experimental, but almost complete. Some more packages could be added in a near future :

  • MySQL (or Percona) Server 5.5 will replace MySQL Server 5.1. More info here and here.
  • a Nginx backport

The installation instructions did not change : just add Dotdeb’s GnuPG key to your keyring, pick a mirror near you and add squeeze-related lines to your sources.list. For example :

deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

And, of course, feel free to donate if you find Dotdeb useful.

Categories
PHP

You really should upgrade to PHP 5.3.5 or 5.2.17

A few days after releasing PHP 5.3.4 and PHP 5.2.16, the PHP group announced an important security update with PHP 5.3.5 and PHP 5.2.17 :

This release resolves a critical issue, reported as PHP bug #53632 and CVE-2010-4645, where conversions from string to double might cause the PHP interpreter to hang on systems using x87 FPU registers.

The problem is known to only affect x86 32-bit PHP processes, regardless of whether the system hosting PHP is 32-bit or 64-bit. You can test whether your system is affected by running this script from the command line.

All users of PHP are strongly advised to update to these versions immediately.

The Dotdeb packages for Debian “Lenny” 5.0 are now available. You really should upgrade.

Categories
PHP

PHP 5.3.4 is available

After PHP 5.3.4 has been released by the PHP Group and after the corresponding Suhosin patch has been published by Stefan Esser, the PHP 5.3.4 packages for Debian “Lenny” 5.0 are now available on Dotdeb. Thanks for your patience.

Follow these instructions if you’re installing them for the first time. And as usual, please read the full announcement and the Changelog before upgrading.

Happy new year!

Categories
PHP

PHP 5.2 last update : 5.2.16

PHP 5.2.16 has been released by the PHP Group a few days after PHP 5.2.15 (fixing an open_basedir issue). It is now available on Dotdeb for your Debian “Lenny” servers.

This maintainance release marks the end of support for PHP 5.2. You are strongly encouraged to upgrade to PHP 5.3 (read this migration guide).

Please read PHP 5.2.15 and 5.2.16 release announcements and the full Changelog before upgrading.

Categories
PHP

PHP 5.3.3 packages get a minor update

The PHP 5.3.3 packages for Debian 5.0 “Lenny” (amd64/i386) have been updated. Here are the changes :

  • php5-fpm should now work out-of-the-box. Some unset parameters prevented its launch. Thanks to Daniel Hahler for the patch.
  • PECL/APC has been upgraded to 3.1.4
  • PECL/memcache has been upgraded to 3.0.5
Categories
PHP

PHP 5.2.14 is available too

On july, 22nd, the PHP Group released PHP 5.2.14 :

The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.

This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

The packages for Debian “Lenny” are now available on Dotdeb.

Of course, you’re advised to read the full announcement and the Changelog before upgrading.

Thanks (again) to Stefan Esser and the Month of PHP security for improving PHP.

Categories
PHP

PHP 5.3.3 packages are available

On july, 22nd, the PHP Group released PHP 5.3.3 :

The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.

The packages for Debian “Lenny” are now available on Dotdeb on the usual repository.

Of course, you should read the full announcement, the PHP 5.3 migration guide and consult the Changelog.

Caution : (to PHP-FPM users) with the inclusion of PHP-FPM in the PHP 5.3 core, the syntax of the configuration file (/etc/php5/fpm/php5-fpm.conf) has changed. It switched from a XML syntax to an INI one. Please prepare your new configuration file before upgrading, by reading carefully the PHP documentation and this page.

And thanks to Stefan Esser and the Month of PHP security for improving PHP.

Categories
PHP

May is the month of PHP security

According to Stefan Esser, author of the Suhosin patch, May 2010 will be the “Month of PHP Security” :

This initiative continues the effort of Hardened-PHP’s Month of PHP Bugs in 2007 to improve the security of PHP and the PHP ecosystem by disclosing vulnerabilities in PHP and PHP applications on the one hand and on the other hand by publishing articles and tools that help PHP application developers to develop more secure PHP applications.

You’ll find more information on the MoPS website and you can follow its twitter account to discover each vulnerability as soon as it’s reported.

Categories
PHP

PHP 5.3.2 and PHP 5.2.13 get an update

New packages of PHP 5.3.1 and PHP 5.2.13 has been uploaded to fix some annoying bugs :

In addition, PHP 5.3.2 now restarts softly, without any problem (thanks to Daniel Hahler).

Categories
PHP

PHP 5.3.2 is available too!

A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :

The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.

Security Enhancements and Fixes in PHP 5.3.2:

  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)

(…)

It is now available on Dotdeb (still on a separate repository) with the following changes :

  • id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
  • the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy
  • php5-fpm is now an alternative dependency og the php5 meta-package

As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.

[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.