Categories
PHP

PHP 5.4.8 and PHP 5.3.18

On october 18th 2012, the PHP group has released PHP 5.4.8 and PHP 5.3.18, that bring ~20 bug fixes. The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.4.7 and PHP 5.3.17

On september 13th 2012, the PHP group has released PHP 5.4.7 and PHP 5.3.17, that bring ~20 bug fixes.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with the following changes :

  • php5-suhosin is not a recommendation from php5-common anymore.
  • php5-xcache now includes the admin web interface files (closes #10).
  • php5-apc includes APC 3.1.13 for PHP 5.4, and has been rollbacked to APC 3.1.9 for PHP 5.3 for more stability.

About the PHP-FPM and APC issues, the packages include all that has been committed/released about the many bug reports on these subjects. I’m still watching any activity that would allow me to provide better packages.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

How to post useful bug reports

With the latest two PHP updates, some users reported problems with FPM, with APC, etc… It was about segfaults, problematic init scripts, and so on… But all those comments couldn’t really help me to diagnose the problems in an efficient manner.

Here are the pieces of information that you have to provide to help me fixing your problem :

  • What is your distribution? (disclaimer : only Debian stable is supported)
  • What is your architecture? amd64 or i386?
  • Which exact PHP version are you using? 5.4.x or 5.3.x?
  • Which SAPI are you using? mod_php? CGI? FPM? Embed?
  • What’s the full content of your /etc/apt/sources.list and /etc/apt/sources.list.d files?
  • What is the result of dpkg -l 'php*' | grep '^.i' ?
  • Please provide a textual description of the bug (don’t hesitate to provide some code, the expected result…).
  • Please provide any modified configuration directive.
  • Please provide a backtrace, after installing php5-dbg.

Now, some tips to have a stable PHP stack :

  • Only use PHP packages from Dotdeb when possible.
  • Be sure to upgrade them to the latest version.
  • Uninstall php5-suhosin if you don’t use it explicitly. The development of this extension has kinda been “stalled”.
  • If you have problems with extensions, deactivate and reactivate them one by one to find the guilty one.

Because blog comments are not the best place to report issues, Dotdeb uses the Github bugtracker for now. Be sure to follow the above instructions, to read the official PHP bug tracker and also the existing Dotdeb bug reports before submitting any new issue.

Improving the overall stability of the Dotdeb packages requires efforts from us all. Thanks in advance for your help.

Categories
PHP

PHP 5.4.6

On august 16th 2012, the PHP group has released PHP 5.4.6, that brings 20 minor bug fixes.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.3.16

On august 16th 2012, the PHP group has released PHP 5.3.16, that brings 20 minor bug fixes.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.4.5 and PHP 5.3.15

On july 19th 2012, the PHP group has released PHP 5.4.5 and PHP 5.3.15, that bring over 30 bug fixes, including a fix for a security related overflow issue in the stream implementation.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures (see the installation instructions). Please also note that the php5-xhprof package is now available for PHP 5.4.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.3.14

On june 14th 2012, the PHP group has released PHP 5.3.14, that brings over 30 bug fixes, some of which are security related : A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. Please also note that the use of php://fd streams is now restricted to the CLI SAPI (php5-cli).

Packages of PHP 5.3.14 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

Security : PHP 5.4.3 and PHP 5.3.13

PHP 5.4.3 and PHP 5.3.13 have been released by the PHP development team to fix some critical security issues :

  • Source code disclosure with a trivial request (CVE-2012-1823 and CVE-2012-2311) –  PHP 5.4 and 5.3 are vulnerable
  • buffer overflow in apache_request_headers() (CVE-2012-2329) – only PHP 5.4 is vulnerable.

If you’re using the CGI flavor of PHP, upgrading is highly recommended. You can see more info on PHP’s website and on this useful blog post.

Packages of PHP 5.4.3 and PHP 5.3.13 are available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please also note that they fix the error logging features of PHP-FPM.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.4.1

On april 26th 2012, the PHP group has released PHP 5.4.1 too, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.4.1:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.

Key enhancements in PHP 5.4.1 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.4.1 and of all its related extensions are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. Please note that :

  • php5-xcache is now available in its 2.0 version,
  • the Suhosin patch is still absent from this build.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.3.11

On april 26th 2012, the PHP group has released PHP 5.3.11, that brings over 60 bug fixes, some of which are security related :

Security Enhancements and Fixes in PHP 5.3.11:

  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
  • Add open_basedir checks to readline_write_history and readline_read_history.
  • Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Key enhancements in PHP 5.3.11 include:

  • Added debug info handler to DOM objects.
  • Fixed bug #61172 (Add Apache 2.4 support).

Packages of PHP 5.3.11 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.