PHP 5.3.8 is available

On August 18th, the PHP Group released PHP 5.3.7 with many security enhancements and many bugfixes. Sadly, it suffered from an issue with the crypt() function , forcing the PHP Group to publish PHP 5.3.8 (that fixes a mysqlnd issue with SSL connections too).

I’m glad too announce that PHP 5.3.8 packages are now available on Dotdeb for both amd64 and i386 architectures :

  • for Debian 6.0 Squeeze : on the main Dotdeb repository
  • for Debian 5.0 “Lenny” : on

Ugrading to PHP 5.3.8 is strongly recommended, but please read the Changelog before.

43 replies on “PHP 5.3.8 is available”

I don’t known about the other files, but a few upgrades in a row, my suhosin.ini got overwritten by the new package and I wasn’t asked whether I want to keep my current version or replace it with a newer one. I think suhosin.ini isn’t added to the list of configuration files in the DEB package. Thinking about it, I think this also happens to apc.ini. Could you please check if those config files are on the list? And for other packages too.

I’ve seen this issue on lenny in the past afair, but currently im seeing it on squeeze. using dh-make-pecl manually to make a pecl package also shows the problem, so I guess they need some manual package tweaks.

dh-make-pecl created debian/rules has some scripting to copy the apc.ini rather than handling it via conffiles or similar.

sorry correction. it just copies it into debian/package for installing so it might just be enough to add a conffiles entry for apc.ini / suhosin.ini

just to add: i just tried building apc using dh-make-pecl and the resulting package asked me if i wanted to overwrite apc.ini when installing. it also generated a debian/php5-apc/DEBIAN/conffiles for the package

just upgrade to php5.3.8 using source.
the performance is very bad.
I test with this script, before and after install php5.3.8
It seems the same code will take 10 times time in php5.3.8

Test php script:
//test float
function test_float() {
$t = pi();
$timeStart = gettimeofday();

for($i = 0; $i

Test result:
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.369s
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.095s
php version:5.3.3-7+squeeze3
call sqrt() 3,000,000 times will cost 1.072s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.644s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.567s
php version:5.3.8-1~dotdeb.2
call sqrt() 3,000,000 times will cost 10.343s

How can I go back to php5.3.7?

@hileon : sorry to hear that.
You mean go back to 5.3.3 from Squeeze? You just have to specify the wanted version in your apt-get command. For example :

apt-get install php5=5.3.3-7+squeeze3

PHP 5.3.8 breaks PEAR::isError(), which in turn breaks a lot of stuff. User beware.

Best solution is to remove PEAR from your stack ; )

php-fpm comes with a cron.d script for deleting sessions files in /var/lib/php5/.

But default path configuration for sessions is /tmp… is that so /tmp won’t be clean?

My suggestion is to update either php conf or cron.d, but you’re the boss! (third option is I mistaken! ;).

Which OS did you build this package on?
I failed to use srouce is your repository to build the package on Ubuntu because I do not need many features built in PHP. First, the build depends on the locales-all package but not exists in Ubuntu repository. Secondly, it needs autoconf 2.59 or lower

OK, thx. I installed the deb package you provide on Unbuntu is OK. I will try to rebuild a deb package on Squeeze

Hello, I use 5.3.8-1~dotdeb.2 version on testing and in interactive cli mode (php -a) when I write for example

php > echo array_key_exists(“”, array());

nothing is displayed, but:
php > echo !array_key_exists(“”, array());
(in most cases, when true value, it works)

It is standard behaviour or it is bug? But still, better than compiled without readline 😀

short_open_tag in cli/php.ini is set to ‘Off’. This is not the default expected value for this setting (we just had a problem related to that). Maybe you can just keep the default to none or ‘On’ for the next release.
Thank you.

I seem to have a problem upgrading my php version. I followed all the nessescary steps but after the apt-get dist-upgrade command my php version still states php 5.2.12 ?

I googled like crazy for an answer but still didn’t find one…

@dusk : be sure to have to right lines in your sources.list :

# If you're using lenny
deb lenny all
# If you're using Squeeze
deb squeeze all

Then, run “apt-get update” and “apt-get dist-upgrade”. PHP should be upgraded to 5.3.

Version 5.3.9 is available. Any chances we might see it on dotdeb soon?

If not I can compile it myself, just asking if it is worth it taking the burden …

Ever since I upgraded to PHP 5.3.9 a few hours ago, my workers have been constantly crashing. PHP is completely unusable. Error:
“*** glibc detected *** php-fpm: pool volt: double free or corruption (fasttop): 0x0000000001f8d240 ***”

How do I revert back to previous version? Urgent!

Jan 12 16:06:53 akula kernel: php5-fpm[4204]: segfault at 0 ip 00007fd354071cf2 sp 00007fff81be86c8 error 4 in[7fd353ff6000+159000]

@Matic : can you please ensure that you use use the latest PHP 5.3.9 packages (run apt-get update to refresh your repositories). If not, please upgrade them and tell me if it fixes your issues.

If the problem still occurs, please tell me more about your config : which distribution (Debian? Ubuntu? its version? stock or with custom repos? PHP extensions that do not come from Dotdeb?).

FYI, PHP-FPM 5.3.9 run well on dot, no segfault.

If you still want to downgrade to 5.3.8, the packages are here :

I’m using the latest PHP packages from the Dotdeb repository. I’m running Debian 6.0 64-bit. The only 3rd party repo I have is Dotdeb. All PHP extensions are from Dotdeb. Kernel is 3.1.6-grsec but also happens on 3.1.1-vanilla.

After more investigation it seems the problem is isolated to one particular PHP application as other applications do not cause segfaults. The application in question is “EDK (EVE killboard)”. Maybe 5.3.9 brakes something in that application.

For some reason I didn’t get them last time I tried. But thanks for your info. They are available to me now as well on squeeze.

Comments are closed.