A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :
The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.13:
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
- Improved LCG entropy. (Rasmus, Samy Kamkar)
(…)
On the Dotdeb side
- geoip, id3 and mailparse PECL extensions have been removed from the repository. If some of them were useful to you, please let me know. Don’t forget that there”s an easy way to package PECL extensions by yourself
- the memcache extension has been downgraded to v3.0.3 because of a bug in the session redundancy.
As usual, please read the release announcement and the full Changelog before upgrading.
27 replies on “PHP 5.2.13 is available”
Hello Guillaume,
Actually, we do use the ffmpeg AND spplus extensions on our prod servers… Those don’t have any support for compiling, thus the presence of your extensions in your repository was very pleasant 🙂
Best regards,
Arnaud.
@Arnaud Launay : php5-ffmpeg and php5-spplus are back. Sorry for the delay.
php5-5.2.13 does not build from source:
root@DIB097 /usr/local/src/php5-5.2.13>dpkg-buildpackage
dpkg-buildpackage: set CFLAGS to default value: -g -O2
dpkg-buildpackage: set CPPFLAGS to default value:
dpkg-buildpackage: set LDFLAGS to default value:
dpkg-buildpackage: set FFLAGS to default value: -g -O2
dpkg-buildpackage: set CXXFLAGS to default value: -g -O2
dpkg-buildpackage: source package php5
dpkg-buildpackage: source version 5.2.13-0.dotdeb.0
dpkg-buildpackage: source changed by Guillaume Plessis
dpkg-buildpackage: host architecture amd64
debian/rules clean
dh_testdir
sed -i -e ‘s/EXTRA_VERSION=”-0.dotdeb.0″/EXTRA_VERSION=””/’ configure.in
rm -f configure aclocal.m4 config.sub config.guess ltmain.sh
rm -f build/libtool.m4 main/php_config.h.in
rm -f prepared-stamp
QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null pop -a -R || test $? = 2
No patch removed
rm -rf .pc debian/stamp-patched
dh_testdir
dh_testroot
rm -f configure-apache2-stamp build-apache2-stamp
rm -f configure-apache2filter-stamp build-apache2filter-stamp
rm -f configure-cgi-stamp build-cgi-stamp
rm -f configure-cli-stamp build-cli-stamp
rm -f build-pear-stamp
rm -f install-stamp
rm -rf apache2-build
rm -rf apache2filter-build
rm -rf cgi-build
rm -rf cli-build
rm -rf pear-build pear-build-download
rm -f debian/copyright
rm -f test-results.txt
dh_clean
# clean up autogenerated cruft
cat debian/modulelist | while read package extname dsoname; do \
rm -f debian/php5-$package.postinst; \
done
for sapi in libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli; do \
for cruft in postrm links; do \
rm -f debian/${sapi}.${cruft}; \
done; \
done
dpkg-source -b php5-5.2.13
dpkg-source: info: using source format `1.0′
dpkg-source: info: building php5 using existing php5_5.2.13.orig.tar.gz
dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.diff.gz
dpkg-source: warning: ignoring deletion of file aclocal.m4
dpkg-source: warning: ignoring deletion of file ltmain.sh
dpkg-source: warning: ignoring deletion of file configure
dpkg-source: warning: ignoring deletion of file config.guess
dpkg-source: warning: ignoring deletion of file config.sub
dpkg-source: warning: ignoring deletion of file ext/pdo/pdo_sql_parser.c.orig
dpkg-source: warning: ignoring deletion of file ext/date/lib/parse_date.c.orig
dpkg-source: warning: ignoring deletion of file ext/standard/url_scanner_ex.c.orig
dpkg-source: warning: ignoring deletion of file ext/standard/var_unserializer.c.orig
dpkg-source: warning: ignoring deletion of file main/php_config.h.in
dpkg-source: warning: ignoring deletion of file build/libtool.m4
dpkg-source: info: building php5 in php5_5.2.13-0.dotdeb.0.dsc
debian/rules build
QUILT_PATCHES=debian/patches quilt –quiltrc /dev/null push -a || test $? = 2
Applying patch 006-debian_quirks.patch
patching file configure.in
Hunk #1 succeeded at 985 (offset 51 lines).
Hunk #2 succeeded at 1019 (offset 51 lines).
Hunk #3 succeeded at 1074 with fuzz 2 (offset 51 lines).
Hunk #4 succeeded at 1145 (offset 51 lines).
patching file ext/ext_skel
patching file ext/session/session.c
Hunk #1 succeeded at 683 (offset 502 lines).
patching file php.ini-dist
Hunk #1 succeeded at 471 (offset 5 lines).
Hunk #2 succeeded at 488 (offset 5 lines).
Hunk #3 succeeded at 604 (offset 8 lines).
Hunk #4 succeeded at 940 (offset 4 lines).
Hunk #5 succeeded at 978 (offset 4 lines).
patching file php.ini-recommended
Hunk #1 succeeded at 522 (offset 6 lines).
Hunk #2 succeeded at 539 (offset 6 lines).
Hunk #3 succeeded at 655 (offset 9 lines).
Hunk #4 succeeded at 991 (offset 5 lines).
Hunk #5 succeeded at 1029 (offset 5 lines).
patching file sapi/caudium/config.m4
patching file sapi/cli/php.1.in
Hunk #1 succeeded at 308 with fuzz 1 (offset 2 lines).
patching file scripts/Makefile.frag
patching file scripts/php-config.in
patching file scripts/phpize.in
Applying patch 010-mail-header.patch
patching file ext/standard/mail.c
Hunk #1 succeeded at 210 with fuzz 2 (offset 28 lines).
Hunk #2 succeeded at 317 (offset 42 lines).
patching file main/main.c
Hunk #1 succeeded at 461 with fuzz 1 (offset 135 lines).
patching file main/php_globals.h
Hunk #1 succeeded at 162 (offset 10 lines).
Applying patch 011-suhosin.patch
patching file TSRM/TSRM.h
patching file TSRM/tsrm_virtual_cwd.c
patching file TSRM/tsrm_virtual_cwd.h
patching file Zend/Makefile.am
patching file Zend/Zend.dsp
patching file Zend/ZendTS.dsp
patching file Zend/zend.c
patching file Zend/zend.h
patching file Zend/zend_alloc.c
patching file Zend/zend_alloc.h
patching file Zend/zend_canary.c
patching file Zend/zend_compile.c
patching file Zend/zend_compile.h
patching file Zend/zend_constants.c
patching file Zend/zend_errors.h
patching file Zend/zend_hash.c
patching file Zend/zend_llist.c
can’t find file to patch at input line 1413
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/configure suhosin-patch-5.2.13-0.9.7/configure
|— php-5.2.13/configure 2010-02-24 13:27:27.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/configure 2010-03-02 21:51:30.000000000 +0100
————————–
No file to patch. Skipping patch.
3 out of 3 hunks ignored
patching file configure.in
patching file ext/standard/basic_functions.c
patching file ext/standard/dl.c
patching file ext/standard/file.c
patching file ext/standard/file.h
patching file ext/standard/info.c
patching file ext/standard/syslog.c
patching file main/fopen_wrappers.c
patching file main/main.c
Hunk #2 succeeded at 1390 (offset 1 line).
Hunk #3 succeeded at 1431 (offset 1 line).
Hunk #4 succeeded at 1528 (offset 1 line).
Hunk #5 succeeded at 1690 (offset 1 line).
Hunk #6 succeeded at 1834 (offset 1 line).
Hunk #7 succeeded at 1887 (offset 1 line).
Hunk #8 succeeded at 1948 (offset 1 line).
patching file main/php.h
can’t find file to patch at input line 1780
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/main/php_config.h.in suhosin-patch-5.2.13-0.9.7/main/php_config.h.in
|— php-5.2.13/main/php_config.h.in 2010-02-24 13:27:31.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/main/php_config.h.in 2010-03-02 21:51:30.000000000 +0100
————————–
No file to patch. Skipping patch.
1 out of 1 hunk ignored
patching file main/php_logos.c
patching file main/snprintf.c
patching file main/spprintf.c
patching file main/suhosin_globals.h
patching file main/suhosin_logo.h
patching file main/suhosin_patch.c
patching file main/suhosin_patch.h
patching file main/suhosin_patch.m4
patching file sapi/apache/mod_php5.c
patching file sapi/apache2filter/sapi_apache2.c
patching file sapi/apache2handler/sapi_apache2.c
patching file sapi/cgi/cgi_main.c
patching file sapi/cli/php_cli.c
patching file win32/build/config.w32
Patch 011-suhosin.patch does not apply (enforce with -f)
make: *** [debian/stamp-patched] Error 1
dpkg-buildpackage: error: debian/rules build gave error exit status 2
@proforg : use these commands instead :
apt-get source php5
cd php5-5.3.2
./debian/rules binary
How about a version of 5.2.13 with php-fpm support?
I looked and this was not part of it.
php-fpm is not as powerful as suPHP.
Install latest version of suPHP with backports. It works great with apache and php.
Hello,
I was using geoip and id3…
And so can’t upload all my servers.
@The BLION Corp : Could you please consider packaging these PECL extnsions by yourself using this tutorial?
http://localhost:8080/2008/09/25/how-to-package-php-extensions-by-yourself/
@ Guillaume Plessis:
Je viens d’installer un serveur Apache2 avec PHP5.2/MySQL5.1 et quand je jette un coup d’oeil dans phpmyadmin (3.3.1) j’ai ce message d’erreur :
La version de votre bibliothèque MySQL (5.0.51a) diffère de la version de votre serveur MySQL (5.1.45). Ceci peut occasionner un comportement imprévisible.
@Myst : 5.0.51a est juste la version des librairies MySQL par rapport auxquelles PHP a Ă©tĂ© compilĂ©. Cela n’affecte en rien les interactions entre PHP et MySQL 5.0 u 5.1, bien au contraire…
Si PHP avait été compilé par rapport à MySQL 5.1, cela aurait provoqué une duplication des symboles dès lors que Apache ou PHP auraient chargé un module ou une extension liée elle aussi à MySQL, mais dans une version différente.
Vous pouvez ignorer cet avertissement de PHPMyAdmin.
It seems there is a Bug in php 5.2.13 with the filter_var function and the parameter FILTER_VALIDATE_URL. http://bugs.php.net/bug.php?id=51192.
In Both versions 5.2.14 and 5.3.3 will include this bug fix.
Its, possible to make a nee dotdeb release in a short time?
Thanks
Hi,
just wondering,
I guess the answer will be no 🙂
but is there any change to get the 5.2.13 on Etch too ?
Or any reason it won’t happen ?
Thanks.
@helm tilkmit : I wish I can fix this in a new release in the next few days. Please be patient.
@r4dius : Etch is not supported anymore. If you can’t upgrade your machines to Lenny, you can try to backport PHP 5.2.13 on a Lenny box :
apt-get build-dep php5
apt-get source php5
cd php5-5.2.13
./debian/rules binary
Merci 🙂
Hi Guillaume
Thank you for providing this repository.
I have linked to your site from
http://serverfault.com/questions/131699/install-previous-version-of-php-package-from-debian-testing-using-apt
I have assumed this is okay to do so, but please email me if you want me to remove my post and the link to your site and I will do so.
@Guillaume : Wonderful!
@Guillaume : I don’t want to create my own packages. That’s why I use dotdeb packages. I don’t want to care about dependencies…
@The BLION Corp : ok, geoip will be back with my next PHP packages (in the next few days)
Feel free to take a look at this page : http://localhost:8080/donate/ 🙂
Hi and thanks for your great work.
It seems there are issues with PHP 5.2.13 and GD/Freetype (http://bugs.php.net/bug.php?id=51207&edit=1)
Do you have 5.2.11 still available as a package?
Kind regards,
Walter
@Walter : yes. Just take a look at http://archives.dotdeb.org/
Many thanks, solved my problem! Font-Rendering works fine with 5.2.11!
btw blogged about it here: http://www.metaportaldermedienpolemik.net/blog/Blog/2010-04-17/debian-php-gd-freetype-letterspacing-kerning-issues
Hi Guillaume Plessis..,
This is a nice script. Its a very useful to me.
You done a great job.
Thanks a lot..!
Hi. 1st of all thanks for your hard work!
I need to test something with PHP 5.2.11 but how can I install it using apt-get?
I know it’s in archives.dotdeb.org but I don’t know how to make apt-get get the packages from there.
@sam : fetch the packages manually using wget, curl, your brower… and install them by hand using “dpkg -i *.deb”
Hi Guillaume,
Here’s probably a similar issue. Can you please take a look:-
# md5sum suhosin-patch-5.2.13-0.9.7.patch
4cf3f0efa1ca61819cfc04d7f8c6865e suhosin-patch-5.2.13-0.9.7.patch
# patch -p 1 -i include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
can’t find file to patch at input line 4
Perhaps you used the wrong -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
|— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
————————–
File to patch:
dc5ffgcwa02test:/usr/PHP/5.2.13/include/php/ext/suhosin# patch -i /usr/PHP/5.2.13/include/php/ext/suhosin/suhosin-patch-5.2.13-0.9.7.patch
can’t find file to patch at input line 4
Perhaps you should have used the -p or –strip option?
The text leading up to this was:
————————–
|diff -Nura php-5.2.13/TSRM/TSRM.h suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h
|— php-5.2.13/TSRM/TSRM.h 2008-12-31 12:17:49.000000000 +0100
|+++ suhosin-patch-5.2.13-0.9.7/TSRM/TSRM.h 2010-03-02 21:51:30.000000000 +0100
————————–
Not sure what exactly the problem is. Can you help me to fix this?
Thanks,
Shirish.
[…] cannot find php5.2.13 ( the current latest php 5.2.x ) in any standard repository but dotdeb.org contains php 5.2.13 for […]