Categories
PHP

Minor update of the PHP 5.2.9 packages

The PHP 5.2.9 packages for Etch/Lenny amd64/i386 have been updated :

  • some obsolete ./configure options have been deleted
  • the sigchild support has been dropped
  • a memory leak has been fixed
Categories
PHP

PHP 5.3.0 RC1 packages for Lenny

A few days ago, the first release candidate of PHP 5.3.0 has been published by the PHP Group, providing many improvements :

I just built the packages for Debian GNU/Linux 5.0 “Lenny” on amd64 and i386 and I will maintain them during the whole release cycle (RC2 and so on…).

Please note that they should NOT be installed on production servers : Suhosin and some important patches are not applied, PECL extensions are not available (yet)… They’re here for testing purpose only.

To fetch them, just add these temporary entries in your /etc/apt/sources.list and upgrade your instances :

deb http://php53.dotdeb.org stable all
deb-src http://php53.dotdeb.org stable all

But please DO read the full announcement before any further move.

Categories
PHP

PHP 5.2.9 is packaged (at last)

Sorry for the delay, but I had to come back from winter sports to have a decent Internet connection…

After being published by the PHP Group, PHP 5.2.9 anf its corresponding PECL extensions is now packaged for Lenny/Etch, amd64/i386. It fixes some annoying crashes and one security issue. The next release should be PHP 5.3.0 with some new interesting features (MySQL native driver, Phar, namespaces…).

Take a look at the official Changelog for more details before doing this recommanded upgrade.

Categories
PHP

PHP 5.2.8 available [update]

The PHP Group released PHP 5.2.8 this morning to fix the magic_quotes_gpc issue.

If you previously installed PHP 5.2.7-0.dotdeb.1 from Dotdeb and do not care about the version number displayed in your phpinfo(), save your bandwidth, your server is already secure 🙂 Otherwise, just apt-get upgrade your LAMP stack…

[update] The packages have been upgraded to 5.2.8-0.dotdeb.1 to fix an issue about pcre & utf8.

Categories
PHP

PHP 5.2.7 updated because magic_quotes_gpc is broken

Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :

(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.

I just fixed this issue in the Dotdeb packages, just upgrade your servers.

Categories
PHP

PHP 5.2.7 available

From PHP.net :

The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.
(…)
Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5.

PHP 5.2.7 is now available on Dotdeb for Etch (amd64/i386) and there’s a great news : libapache2-mod-php5 is now compatible with apache2-mpm-itk.

Categories
Documentation PHP

How to package PHP extensions by yourself

I often receive emails telling me that Dotdeb is a great tool, but that some useful packages are missing, such as some PECL extensions. I wish I could maintain many and many packages, but I don’t think it’s a good idea for the Dotdeb’s overall quality and for my free time 😉 Sorry for that.

Then, this article will show you how to build packages from your favorite PECL extensions in a strict Debian way, using the dh-make-php package.

Categories
Documentation PHP

Storing your PHP sessions using memcached

Using PHP sessions can be a problem when your PHP applications are load-balanced on many web servers. You can store them on a NFS export or recode the session_set_save_handler using a SQL backend for example. But there is no solution more efficient, more scalable, more performant and easier to deploy than using memcached…

Memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load…

Many well-known huge architecture (Facebook, Livejournal, Youtube…) are using it as memory caching to reduce the load on their servers. It can also be used to share PHP sessions among several servers. Let’s see how…

Installation

The first thing is to install the memcached server on your Debian server :

apt-get install memcached

Then, since the memcache PECL extension now provides its own session handler, it’s easy to plug PHP and memcached servers. Just install the appropriate extension (from Dotdeb) :

apt-get install php5-memcache

and change some of your PHP settings :

session.save_handler = files
; session.save_path = "N;/path"

to :

session.save_handler = memcache
; change server:port to fit your needs...
session.save_path="tcp://server:port?persistent=1&weight=1&timeout=1&retry_interval=15"

That’s all! After relaunching your Apache2 server, your PHP sessions will be stored on the memcached server.

Categories
Documentation PHP

How to use PHP5 and PHP4 on the same Apache2 server

Since PHP4 is officially dead, it is now urgent to migrate your applications to PHP5, but it’s not that easy and you’ll have to test them before replacing PHP4 by PHP5 on your server. This article will help you to install both PHP4 and PHP5 on your box and swicth easily between them…

The problem

It is not possible to enable both PHP4 and PHP5 Apache2 modules on the same webserver, it causes shared objects collision. Then, the idea is to enable PHP5 as Apache2 module on one side and PHP4 as CGI on the other side.

Please note that this solution is not a good idea anywhere else but on developpement servers and should be temporary because of the performance and security issues of PHP as CGI.

Installation

First, we have to install the appropriate PHP packages and their dependencies (from Dotdeb, of course) :

apt-get install libapache2-mod-php5 php4-cgi

Apache2 is now configured by default to parse .php files with the mod_php5 module.

But, using mod_actions, we can tell Apache2 to parse .php files with the php4 CGI. First, enable mod_actions :

a2enmod actions
/etc/init.d/apache2 force-reload

Now, by adding the following two lines in a Virtualhost or Directory (…) context or directly in the main Apache2 configuration file, we’ll switch from PHP5 to PHP4 :

AddHandler php-script .php
Action php-script /cgi-bin/php4

(It could be necessary to reload your apache configuration :

/etc/init.d/apache2 force-reload

)

The result
To check that all works fine, create a file, called phpinfo.php, containing the following code :

Depending on the presence (or not) of the two above magical lines, a HTTP request on the script will show a PHP4 (or PHP5)-typical output.

Categories
PHP

PHP 4.4.9 available

On August 7th, the PHP Group has published the last version of PHP4, numbered 4.4.9 :

It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.

On August 22nd, Stefan Esser released the appropriate Suhosin patch, allowing me to package PHP 4.4.9 for Debian Etch amd64/i386 (Sarge support is now discontinued).

Take a look at the PHP4 Changelog before upgrading.