Categories
PHP

PHP 5.2.10 packages for Lenny/Etch are now available!

A few days ago, the PHP development team announced the availability of PHP 5.2.10 with many improvements and 100+ bug fixes. Here is the Changelog.

Now that the corresponding Suhosin patch is alive, the PHP 5.2.10 packages are available on Dotdeb :

  • for Debian Lenny and Etch
  • for the amd64 and i386 architectures

Upgrading your servers is highly recommanded.

Update : The PHP 5.2.10 packages seem to be buggy under (un)certain conditions : (f)CGI + Suhosin.
Then I decided to rollback to 5.2.9 to avoid a flood a users’ requests and to give me time to investigate. If your PHP 5.2.10 does not encounter problems, keep it, you’re lucky :)

96 replies on “PHP 5.2.10 packages for Lenny/Etch are now available!”

Hi

I’ve just upgraded to your latest PHP packages and now I’m experiencing problems with APC.
With APC enabled it seems that it cannot find any class declarated (for example in a require() ). It’s throwing out fatal errors all the time. The same codebase with your PHP 5.2.9 works without a glitch.

more info: downgraded to

php5-common_5.2.9-0.dotdeb.1_amd64.deb
libapache2-mod-php5_5.2.9-0.dotdeb.1_amd64.deb

(oly these 2 packages, all the rest is still newer 5.2.10) and now it works again. So definetely there’s a problem with APC 3.0.19 and (your?) PHP 5.2.10

After updating from PHP 5.2.9 on Debian 4 (Etch), I got a lot of error messages in my log files like this “child pid 24814 exit signal Segmentation fault (11)” and site visits on e.g. my wordpress installations or roundcube webmail randomly only show blank pages. I could not find the reason why this was happening, so for the moment I reinstalled PHP 5.2.9.

Hi,

I would like to build my own version.
Under lenny 32bit if I apt-get source php5 && cd php5-5.2.10 && dpkg-buildpackage with no source modificiation the suhosin.patch won’t to be applied :

Hunk #6 succeeded at 1824 (offset 1 line).
Hunk #7 succeeded at 1877 (offset 1 line).
Hunk #8 succeeded at 1938 (offset 1 line).
patching file main/php.h
can’t find file to patch at input line 1780
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.10/main/php_config.h.in suhosin-patch-5.2.10-0.9.7/main/php_config.h.in
|— php-5.2.10/main/php_config.h.in 2009-06-17 14:35:32.000000000 +0200
|+++ suhosin-patch-5.2.10-0.9.7/main/php_config.h.in 2009-06-23 22:36:11.000000000 +0200
————————–
No file to patch. Skipping patch.
1 out of 1 hunk ignored
patching file main/php_logos.c

Le patch 011-suhosin.patch ne s’applique pas proprement (forcez l’application avec -f)
make: *** [debian/stamp-patched] Erreur 1
dpkg-buildpackage: échec: debian/rules build a produit une erreur de sortie de type 2

fatal errror

any idea ?

I am running APC 3.1.2 beta that I installed using pecl. Anyone use that and also have a problem with 5.2.10 packages? Let me know.

Nice, thank you for that.

Can you create the packages for Squeeze or Sid?

Thank you again

@JPK : I have the same problem :

[Fri Jun 26 10:47:50 2009] [notice] child pid 11164 exit signal Segmentation fault (11)
[Fri Jun 26 10:47:55 2009] [notice] child pid 11165 exit signal Segmentation fault (11)
[Fri Jun 26 10:47:57 2009] [notice] child pid 11166 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:09 2009] [notice] child pid 11167 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:09 2009] [notice] child pid 11168 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:14 2009] [notice] child pid 11169 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:16 2009] [notice] child pid 11170 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:26 2009] [notice] child pid 11171 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:26 2009] [notice] child pid 11172 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:26 2009] [notice] child pid 11173 exit signal Segmentation fault (11)
[Fri Jun 26 10:48:29 2009] [notice] child pid 11208 exit signal Segmentation fault (11)

Do you have a solution ?

Sorry, not yet at the moment. Maybe only to reinstall PHP 5.2.9. But I am still searching for an solution.

@Patrice: you cannot since Guillame always delete the previous DEBs and leave only the newest one. But probably in /var/cache/apt/archives you still have older debs as I do and so you can reinstall them with

# dpkg -i php*5.2.9-*.deb libapache2-mod-php5_5.2.9*.deb

@Patrice Mayet:
That is right, I used the same command in folder “/var/cache/apt/archives/”:

dpkg -i *5.2.9-0.dotdeb.1*.deb

The former packages are available on http://archives.dotdeb.org/

To help us to debug your segfaults and your others issues, you should gather some precious informations about your system :
– your distribution (pure Debian, external sources? Etch? Lenny?)
– amd64 or i386?
– the installed packages, the PHP extensions, the Apache modules
– a way to reproduce the bug (activate more logging to isolate the problematic request/pid)

FYI, I didn’t have any issue on a shared hosting environment with 5000+ websites. I hope you’ll provide useful information for me to fix the packages asap.
The more the better. Thank you.

Ok I am having problems with this version as well.

php5-cgi is breaking all php scripts and returns with “No input file specified” which a very bad thing for webhosting.

I narrowed down one of the main issues. GLOBALS are not being passed under cgi or fcgi.

I had to down grade and because of this major issue I have turned off my mirror for your dotdeb packages until this has been resolved.

This is a major issue as this will break every website that uses this version.

@Scott Grayban
we have all webservers running under cgi and this version made no problems.

Thar isn’t the case for me on more then 1 server or site.

We had a total of 13 servers and 112 websites affected by this bug/update and downgrading fixed the problem.

That many servers and sites can’t be wrong.

Which extensions are you using? Perhaps we’ll spot one that affect the overall behaviour of PHP.
No problem on my servers (Etch/Lenny, amd64/i386) with mod_php5.

Anyway, sorry for this messy release. I hope we’ll fix this quickly.

Guillaume Plessiz,

And for Squeeze (testing)?

I installed here on my Debian Squeeze (using Lenny packages) but I installed libicu38 provided by Lenny.

I tryed to compile the PHP with libicu40 without success…

Suggestions?

@Gabriel : sorry, I won’t build packages for Squeeze. Dotdeb is a personnal project that provides me & my company up-to-date packages for productions servers, that are based on stable. Use the official packages instead. Sorry.

@Guillaume No problem… I’m searching for a solution with libicu40… Thank you =)

Hi Guillaume,
thanks a lot for your effort.
I’m on lenny 64 – with kernel 2.6.27, I have i minor issue with 5.2.10 version.When I’m trying to install php-xml-serializer_0.18.0-4_all.deb it seems that there is a conflict between php-pear_5.2.10-0.dotdeb.1_all.deb and php-xml-util_1.1.4-2_all.deb on file /usr/share/php/XML/Util.php.
I hope that will help.
Regards,

thanks Guillaume,
the problem was on php-pear from Dotdeb.
I removed php-xml-serializer_0.18.0-4_all.deb and php-xml-util_1.1.4-2_all.deb (apt-get remove) then I tried to install via “pear install” however I run into another issue,
“pear.php.net is using a unsupported protocal – This should never happen.
install failed ”
I found a workaround solution on http://www.pear-forum.org/post-5065.html I just changed /usr/share/php/.channels/pear.php.net.reg with the one from 5.2.9 (available on http://www.pear-forum.org/post-5065.html).

Same Problem here php5-cgi with fastcgi breaks the Server. Not all processes dies with:

[Mon Jun 29 00:31:28 2009] [warn] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Mon Jun 29 00:31:28 2009] [error] [client 77.135.156.166] Premature end of script headers: referer:

We are using a lot of extensions, would be hard to tackle it down to a single extension (if it is one). A single removal of one by one and reactivating afterwards brings no help.

@Guillaume I have the same problem as @Scott Grayban when using php5-cgi as service, for instance via nginx.

Only solution – coming back to 5.2.9

btw. thank you for your contribute to community 🙂

Guillaume everyone I know that is using the php5-cgi is having a issue.

When I help them downgrade it works so something has broken in this version somehow.

To all that use the dotdeb US mirror. I have temporary disabled the mirror due to bugs we our ownselves have run into. I mirror dotdeb not just for my company but for all US/Mexico/Canada users and if my company is having problems then the rest are and I can’t see offering a working mirror when there are problems.

As soon as Guillaume can fix these problems the mirror will be backup again.

I have the same problem with the segmentation faults and blank pages, but i have build php5.2.10 with suhosin (in ext/suhosin) myself. If i disable suhosin, problem is gone.

Hello everybody, I am back from weekend and got a solution for “my” problems:

OK, my first reaction, after getting problems with PHP 5.2.10 was to downgrade to 5.2.9. Now after I had some time for testing, here is the reason why the 5.2.10 version did not work on my server(s).

1. “… site visits on e.g. my wordpress installations or roundcube webmail randomly only show blank pages …” -> I removed the following debian (non dotdeb) php packages:

– php5-idn (1.2-1+b1)
– php5-json (1.2.1-3.2+etch1)
– php5-ps (1.3.4-4)

It seams, that one of those old debian components, is not compatible with PHP 5.2.10.

2. “… I got a lot of error messages in my log files like this “child pid 24814 exit signal Segmentation fault (11)” …” -> I deactivated the module “php5-suhosin” from dotdeb and even those error messages where gone. By the way, installed/activated “php5-suhosin 5.2.10” even breaks my phpinfo(); output.

I hope these informations can help to build and publish a new version, without those bugs. At the moment, I downgraded to 5.2.9 again, because I need the “suhosin” package.

Thank you for your patience and great work.

A Fan 😉

P.S. Sorry for my last, really big post, but what email address do I have to use, for sending complex information like phpinfo output?

btw. if it will help, i can send you more informations, simple ask for which data you need 🙂

@JPK & @Sadrak : Thanks for these precious feedbacks. Great work.

@Scott : I received your email, I’ll answer today. I didn’t rollback to 5.2.9 because I thought I’ll find some quick fix, but I didn’t. I’ll rollback today, keep your mirror up. And Bonus question : do you use php5-suhosin. BTW, thanks a lot for your help and your proactive actions.

@Guillaume

Yes we use php5-suhosin extensively and we can’t afford to disable it.

When I see you have rolled back to 5.2.9 I’ll re-enable our mirror.

i compile php5 and suhosin myself, dont use your packages, but have the same problem :-/

@JavaCup : the PHP 5.2.10 packages seem to be buggy under (un)certain conditions : (f)CGI + Suhosin.
Then I decided to rollback to 5.2.9 to avoid a flood a users’ requests and to give me time to investigate. If your PHP 5.2.10 does not encounter problems, keep it, you’re lucky 🙂

@Sadrak : not yet. Scott should give me a privileged access to a buggy (but production) machine for me to debug PHP 5.2.10, but we don’t live in the same timezone.
Do you have a buggy test instance or a VM image available?

@Matt : thanks for the news. Missing it would mean being offline for 2 days 🙂
I”m working on the 5.3.0 packages, including some deeps changes :
* Mysqlnd has primary driver
* Enchant support
* Transition from mime_magic to fileinfo begins
* Transition from mhash to hash begins
* No longer Ming support (moved to PECL)
* No longer Ncurses support (moved to PECL)
* Fixes strtotime memory leak : http://bugs.php.net/bug.php?id=47285

But the Suhosin patch is still missing and I had some MySQL issues. I think I’ll have to fix the 5.2.10 issues before releasing 5.3.0. More to come on php53.dotdeb.org and then on the main repository…

I left you a message on another thread thanking you for all of the packages and asking if you needed anything, as I work at a data center. I run ESX on my personal server if you need a VM to play on or a mirror or something. We are located in Tampa, Florida and have lots of bandwidth. 🙂 Let me know if you need something, I am more than happy to create you a VM.

@Matt : If you had issues with PHP 5.2.10 on one of your VM, then YES, I want it to debug it. I’m working for a hosting company and made many Lenny/Etch amd64/i386 vservers but I didn’t succeed in reproducing the segfaults.

I have a few servers here with PHP 5.2.9 AND APC 3.1.2(beta) and I am scared to upgrade to 5.2.10 since all of these other people are having problems. So I’m not having an issue at all… Yet. And I can’t have an issue since the servers are managed by our company for a pretty large client. I was just going to wait until 5.3.0 came out and test on that.

I always install updates on a test server first, which is just an old P3 running Etch, and that’s getting the seg. faults, but they’re random. I can refresh the same page 10 times, it will get the seg. fault 3 or 4 times

How does one downgrade your dotdeb packages? I’m having issues with php5 5.2.10 and can not get it downgraded to 5.2.9. What lines do I need to pout into my sources.list file and then what apt-get command to I run?

I’m running debian lenny and have the dotdeb php5 5.2.10 packages installed and went to install php5-ldap and can not becuase I get this error:

The following packages have unmet dependencies:
php5-ldap: Depends: php5-common (= 5.2.9-0.dotdeb.2) but 5.2.10-0.dotdeb.1 is to be installed

@Steve Sheeley : appending “=version” after each package name should do the trick :

apt-get install –reinstall php5=5.2.9-0.dotdeb.2 php5-common=5.2.9-0.dotdeb.2 php5-cli=5.2.9-0.dotdeb.2

With 5.2.10 on a new box, I can’t even get apc compiled from source. There is something fishy going on with 5.2.10 for sure. I couldn’t build anything from pecl at first, had to copy over pear.php.net.reg and pecl.php.net.reg from a 5.2.9 install. Here are the errors from a compile of apc-3.1.2 with a pecl install.

In file included from /tmp/pear/temp/APC/apc.c:38:
/usr/include/php5/ext/pcre/php_pcre.h:29:18: error: pcre.h: No such file or directory
In file included from /tmp/pear/temp/APC/apc.c:38:
/usr/include/php5/ext/pcre/php_pcre.h:45: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token
/usr/include/php5/ext/pcre/php_pcre.h:46: error: expected â=â, â,â, â;â, âasmâ or â__attribute__â before â*â token
/usr/include/php5/ext/pcre/php_pcre.h:52: error: expected specifier-qualifier-list before âpcreâ
/tmp/pear/temp/APC/apc.c:362: error: expected specifier-qualifier-list before âpcreâ
/tmp/pear/temp/APC/apc.c: In function âapc_regex_compile_arrayâ:
/tmp/pear/temp/APC/apc.c:419: error: âapc_regexâ has no member named âpregâ
/tmp/pear/temp/APC/apc.c:419: error: âapc_regexâ has no member named âpregâ
/tmp/pear/temp/APC/apc.c:420: error: âapc_regexâ has no member named ânregâ
/tmp/pear/temp/APC/apc.c:420: error: âapc_regexâ has no member named ânregâ
/tmp/pear/temp/APC/apc.c: In function âapc_regex_match_arrayâ:
/tmp/pear/temp/APC/apc.c:452: error: âapc_regexâ has no member named âpregâ
/tmp/pear/temp/APC/apc.c:452: error: âapc_regexâ has no member named âpregâ
/tmp/pear/temp/APC/apc.c:453: error: âapc_regexâ has no member named ânregâ
/tmp/pear/temp/APC/apc.c:453: error: âapc_regexâ has no member named ânregâ
make: *** [apc.lo] Error 1
ERROR: `make’ failed

And yes, the funky letters were on my screen, they didn’t change when I posted them on here.

Ya I had trouble recompiling it myself. There is certainly something wrong here but I can’t pin-point if its the all code or just specific parts.

5.2.10 just seems to be a very messy release from the php guys.

@Scott Grayban : I’m done with the 5.3.0 packages but :
– the suhosin patch is still unavailable
– the changes are too important to migrate from 5.2 without any problem

Then 5.2.10 has still to be fixed, I’m still working on it, but sticking to 5.2.9 with just the security backports appears to be a better solution.

So going from 5.2 to 5.3 is going to be another problem ? Can you list what is going to break ?

Frankly I would scrap 5.2.10 — there are to many issues with it to debug. Just look at the range of issues here.

Maybe what we need to do here with 5.3 is give the option to upgrade instead. Maybe put 5.3 ina testing branch ?

Had the same problem with 5.2.10 and the suhosin extension after upgrading to 5.2.9 with random PHP crashes. With one script I could make PHP crash at every reload.

If I put the following line in the php.ini file:

suhosin.session.encrypt = Off

The crashes stopped and PHP run stable as did 5.2.9.

Suhosin is two things. There is patch which is applied to the PHP source. That one causes no problems with 5.2.10 (for me). Then there is also the extension (extension=suhosin.so) to provide even more security features and that one was causing the problem for me. With the above line the crashes stopped.

I’ve contacted Stefan Esser (suhosin author). Until that problem is fixed you might try putting the (suhosin.session.encrypt = Off) line in your php.ini and see if it stops the random crashes.

@all : Could you please make this test and report me if this fixes your issue?

Put the following line in /etc/php5/conf.d/suhosin.ini
suhosin.session.encrypt = Off

(stop/start apache if needed) and tell me if all is going fine.

Thank you.

(I’m using the suhosin extension but I always disable the session encryption because it breaks some apps, then the crashes you described didn’t occur on my boxes)

FYI, the suhosin workaround doesn’t solve my problem (related to nested classes declaration). In fact, I do not have suhosin module active at all

I still have to check mine but I wont be able to get to it until late afternoon here.

this is what you should put after apt-get install –reinstall
for i in `dpkg -l|grep php5|awk ‘{ print $2 “=5.2.9-0.dotdeb.2″ ; }’`; do echo -n $i” “;done;echo “”;

Tyrael

I think for our company we are going to stay with 5.2.9 — to many problems with .10

The following plugins we found break with .10

WP-EMail
wp-forecast
wp-notable
wp-numly
WP-Polls
WP-PostRatings
WP-PostViews
WP-Print
WP-reCAPTCHA
WP-RelativeDate
WP-ServerInfo
WP-Stats
WP-Stats Widget
WP-UserOnline

[…] Suhosin bringt mit der Option suhosin.session.encrypt die 5.2.10er Version von PHP bei CGI-Requests ins grübeln. Schaltet man diese ab oder wechselt zurück auf php < = 5.2.9 hat man wieder Ruhe. Auch bei Gentoo […]

Hi, will you release the new APC version? APC 3.1.2 version is out some time now, you are behind 2 releases.

Hi Guillaume, do you provide also security updates for your PHP packages?

BTW: It’s pretty cool that you provide the community with the PHP Packages. I was struggling with building PHP5-5.2.10 from SID on Etch/Lenny by my self. I had no luck. libtool was against me. So, you made my day 🙂

@moellemeister : I’m doing my best to release secure packages. The 5.2 branch is kind of broken due to the 5.2.10 status. But 5.2.11 is coming.

For example, I’ll upload PHP 5.3.0 (+pecl extensions) packages today that fix some security issue and some memory leaks.

php-cgi is still broken and a lot of the mysql calls in php files do not work.

Fast cgi is fine

I think I have found the issue. There is a new php.ini that has php-cgi specific settings and if you don’t use the new version you will have trouble….

The new ini contains…

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP’s
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix it’s paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
cgi.fix_pathinfo=1

Notice that the path has been changed in the translations. Change the 1 to 0 to go back to how the old way worked which is about 100% for all current php scripts work.

Making this change fix every server and website that was having issues.

@Vide:

> FYI, the suhosin workaround doesn’t solve my problem (related to
> nested classes declaration). In fact, I do not have suhosin module
> active at all

I believe that the newly-released PHP 5.3.3 has your fix: http://bugs.php.net/51822

As far as my situation, I’m still experiencing segfaults under both 5.3.2 and 5.3.3 ([Thu Aug 12 06:50:28 2010] [notice] child pid 29488 exit signal Segmentation fault (11)) with virtual() using the default php.ini and also with every conceivable permutation of the following:

1. Adding suhosin.session.encrypt = Off
2. Adding suhosin.apc_bug_workaround = On
3. Force disabling cgi.fix_pathinfo (i.e. Changing “; cgi.fix_pathinfo=1” to “cgi.fix_pathinfo=0”) which was mentioned on another thread

I’ve also tried installing (via Macports) php5-suhosin, rebuilding PHP without the suhosin variant and deactivating php5-suhosin.

Not sure where to go from here so I would be grateful for ideas…

Odd. Even though the php variant with suhosin and php5-suhosin are deactivated (specifically verified by means other than “port installed”), my server is still reporting Suhosin as being included:

$ port installed php5
The following ports are currently installed:
php5 @5.3.3_0+apache2+debug+ipc+pear (active)
php5 @5.3.3_0+apache2+ipc+pear+suhosin

$ port installed php5-suhosin
The following ports are currently installed:
php5-suhosin @0.9.32.1_0

$_SERVER[‘SERVER_SOFTWARE’] reports the following:

Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.0a DAV/2
PHP/5.3.3 with Suhosin-Patch mod_fcgid/2.3.5

And phpinfo includes this:

This server is protected with the Suhosin Patch 0.9.10
Copyright (c) 2006-2007 Hardened-PHP Project Copyright (c) 2007-2009 SektionEins GmbH

I’m not sure that matters given the suhosin.session.encrypt workaround didn’t work for me, but I bring it up in case perhaps someone here may run into the same issue

Comments are closed.