On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too).
I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both amd64 and i386 architectures :
- for Debian 6.0 Squeeze : on the main Dotdeb repository
- for Debian 5.0 “Lenny” : on php53.dotdeb.org
Ugrading to PHP 5.3.8 is strongly recommended, but please read the Changelog before.
43 replies on “PHP 5.3.8 is available”
I don’t known about the other files, but a few upgrades in a row, my suhosin.ini got overwritten by the new package and I wasn’t asked whether I want to keep my current version or replace it with a newer one. I think suhosin.ini isn’t added to the list of configuration files in the DEB package. Thinking about it, I think this also happens to apc.ini. Could you please check if those config files are on the list? And for other packages too.
I’m experiencing the same thing with apc.ini, though I remembered to back it up last time just in case.
I can confirm the issue with apc.ini and suhosin.ini being overwritten during upgrade.
@Matrix, @Ben, @Jools : which distrib? Squeeze or Lenny?
Squeeze for me.
I’ve seen this issue on lenny in the past afair, but currently im seeing it on squeeze. using dh-make-pecl manually to make a pecl package also shows the problem, so I guess they need some manual package tweaks.
dh-make-pecl created debian/rules has some scripting to copy the apc.ini rather than handling it via conffiles or similar.
sorry correction. it just copies it into debian/package for installing so it might just be enough to add a conffiles entry for apc.ini / suhosin.ini
@Jools : thanks for these details. I may add such a conffile entry to my custom packaging scripts.
@Guillaume I have only seen it happen with Squeeze, though I didn’t have apc set up when I used Lenny.
just to add: i just tried building apc using dh-make-pecl and the resulting package asked me if i wanted to overwrite apc.ini when installing. it also generated a debian/php5-apc/DEBIAN/conffiles for the package
I’m experiencing overwriting too with apc.ini and memcached.ini. Dist: squeeze
just upgrade to php5.3.8 using dotdeb.org source.
the performance is very bad.
I test with this script, before and after install php5.3.8
It seems the same code will take 10 times time in php5.3.8
Test php script:
//test float
function test_float() {
$t = pi();
$timeStart = gettimeofday();
for($i = 0; $i
Test result:
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.369s
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.095s
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.072s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.644s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.567s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.343s
How can I go back to php5.3.7?
@hileon : sorry to hear that.
You mean go back to 5.3.3 from Squeeze? You just have to specify the wanted version in your apt-get command. For example :
apt-get install php5=5.3.3-7+squeeze3
Thanks Guillaume.
I upgraded using apt-get upgrade, is there other php package I should degrade to 5.3.3-7?
@hileon : you can download former Dotdeb packages manually on http://archives.dotdeb.org/
PHP 5.3.8 breaks PEAR::isError(), which in turn breaks a lot of stuff. User beware.
Best solution is to remove PEAR from your stack ; )
php-fpm comes with a cron.d script for deleting sessions files in /var/lib/php5/.
But default path configuration for sessions is /tmp… is that so /tmp won’t be clean?
My suggestion is to update either php conf or cron.d, but you’re the boss! (third option is I mistaken! ;).
Which OS did you build this package on?
I failed to use srouce is your repository to build the package on Ubuntu because I do not need many features built in PHP. First, the build depends on the locales-all package but not exists in Ubuntu repository. Secondly, it needs autoconf 2.59 or lower
@chester : Dotdeb packages are built *on* and *for* Debian distributions. Using them or changing them for Ubuntu may be a bit tricky.
OK, thx. I installed the deb package you provide on Unbuntu is OK. I will try to rebuild a deb package on Squeeze
Any answer for session cleaning?
@spirit : I’ll fix this in the next packages
And what are you going to choose ? Keep /tmp for session and update cron? or ?
@spirit : I’ll choose /var/lib/php5
Hi!
Do you could add the “ondemand” fpm patch to your package?
I’ve already modded your package on my system, and it works.
https://bugs.php.net/bug.php?id=52569
[…] a look at dotdeb […]
Any news on when it will be available for Ubuntu?
@Lepe : are you talking about Dotdeb packages or just official PHP 5.3.8 packages from Ubuntu?
Hello, I use 5.3.8-1~dotdeb.2 version on testing and in interactive cli mode (php -a) when I write for example
php > echo array_key_exists(“”, array());
nothing is displayed, but:
php > echo !array_key_exists(“”, array());
1
(in most cases, when true value, it works)
It is standard behaviour or it is bug? But still, better than compiled without readline 😀
Bug in the php5-fpm init script: attempt to reload causes master process killing.
http://php-fpm.org/wiki/Documentation#Master_process_understands_signals
php-fpm understands the signals:
SIGQUIT – graceful stop
SIGINT, SIGTERM – immediate termination
SIGUSR2 – graceful reload of all workers + reload of fpm conf/binary
but script sends SIGHUP on reload (it kills master process instead!), and SIGTERM on stop (immediately, not graceful).
UPD:
I was posted this bug to debian bugtracker.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645934
@Natrio – thanks – this explains some weird behaviour I’ve been seeing!!!
Hi,
short_open_tag in cli/php.ini is set to ‘Off’. This is not the default expected value for this setting (we just had a problem related to that). Maybe you can just keep the default to none or ‘On’ for the next release.
Thank you.
Leo
I seem to have a problem upgrading my php version. I followed all the nessescary steps but after the apt-get dist-upgrade command my php version still states php 5.2.12 ?
I googled like crazy for an answer but still didn’t find one…
@dusk : be sure to have to right lines in your sources.list :
# If you're using lenny
deb http://php53.dotdeb.org/ lenny all
# If you're using Squeeze
deb http://packages.dotdeb.org squeeze all
Then, run “apt-get update” and “apt-get dist-upgrade”. PHP should be upgraded to 5.3.
Version 5.3.9 is available. Any chances we might see it on dotdeb soon?
If not I can compile it myself, just asking if it is worth it taking the burden …
@noamik : PHP 5.3.9 packages are available for Squeeze, just apt-get update. Lenny’s ones and a blog post are on their way.
Ever since I upgraded to PHP 5.3.9 a few hours ago, my workers have been constantly crashing. PHP is completely unusable. Error:
“*** glibc detected *** php-fpm: pool volt: double free or corruption (fasttop): 0x0000000001f8d240 ***”
How do I revert back to previous version? Urgent!
Also:
Jan 12 16:06:53 akula kernel: php5-fpm[4204]: segfault at 0 ip 00007fd354071cf2 sp 00007fff81be86c8 error 4 in libc-2.11.3.so[7fd353ff6000+159000]
@Matic : can you please ensure that you use use the latest PHP 5.3.9 packages (run apt-get update to refresh your repositories). If not, please upgrade them and tell me if it fixes your issues.
If the problem still occurs, please tell me more about your config : which distribution (Debian? Ubuntu? its version? stock or with custom repos? PHP extensions that do not come from Dotdeb?).
FYI, PHP-FPM 5.3.9 run well on dot deb.org, no segfault.
If you still want to downgrade to 5.3.8, the packages are here : http://archives.dotdeb.org/
I’m using the latest PHP packages from the Dotdeb repository. I’m running Debian 6.0 64-bit. The only 3rd party repo I have is Dotdeb. All PHP extensions are from Dotdeb. Kernel is 3.1.6-grsec but also happens on 3.1.1-vanilla.
After more investigation it seems the problem is isolated to one particular PHP application as other applications do not cause segfaults. The application in question is “EDK (EVE killboard)”. Maybe 5.3.9 brakes something in that application.
For some reason I didn’t get them last time I tried. But thanks for your info. They are available to me now as well on squeeze.