Categories
PHP

PHP 5.2.9 is packaged (at last)

Sorry for the delay, but I had to come back from winter sports to have a decent Internet connection…

After being published by the PHP Group, PHP 5.2.9 anf its corresponding PECL extensions is now packaged for Lenny/Etch, amd64/i386. It fixes some annoying crashes and one security issue. The next release should be PHP 5.3.0 with some new interesting features (MySQL native driver, Phar, namespaces…).

Take a look at the official Changelog for more details before doing this recommanded upgrade.

Categories
Miscellaneous

Dotdeb : Debian 5.0 “Lenny” support in progress…

Debian GNU/Linux 5.0 “Lenny” has been published on last Valentine’s day. Although most of the Dotdeb packages for the previous release, “Etch”, are compatible with Lenny, it is now time for Dotdeb to have dedicated packages for this new distribution.

Lenny banner

I’m actually kind of busy at work, but I managed to build and upload the most important packages : PHP5, PHP5 PECL extensions and MySQL 5.1. Additional pieces of software (Google Perftools, for example) will appear in the next few days. Please be patient and don’t hesit to make suggestions.

What (about LAMP) has changed in Lenny?

  • Apache 1.3 has been removed, in favour of Apache 2.2. You have to migrate before any other change.
  • In addition, libapache-mod-php5 is still present, but it’s a non-sense and a cause of mistake : it depends on the missing apache-common package! You have been warned.
  • MySQL 5.0 comes in a satisfying recent release (5.0.51a) and will take profit of official Debian security releases.

What will change in the Lenny branch of Dotdeb?

  • PHP5 (5.2, 5.3, …) has now the focus and will be updated frequently, so PHP4 is not maintained anymore. PHP6 will be uploaded when it’s ready.
  • Up-to-date MySQL 5.1 packages will be provided as often as needed
  • MySQL 5.0 effort has been discontinued in favour the official Debian packages.
  • I’m wondering if I will keep maintaining the mail-related packages (Qmail, Vpopmail, Ezmlm, Qmailadmin…). If you really need them, let me know in the comments.

Should I switch to Lenny or should I stick to Etch?

It’s up to you. I will continue maintaining up-to-date packages for Etch in the next few months, so you’ll have time to upgrade your servers. Whatever you choose, you just have to take care of the Dotdeb entries in your sources.list :

  • It should refer to stable or lenny if you want to make the switch and take benefits from the brand new Debian distribution :
deb http://your.mirror/ stable all
deb-src http://your.mirror/ stable all
  • It should refer to oldstable or etch if you want to stick to the good old Etch and to take your time to upgrade.
deb http://your.mirror/ oldstable all
deb-src http://your.mirror/ oldstable all

(Please chose a mirror near your location on this page)

Conclusion

Thanks for using Dotdeb! This personnal project still aims (and will continue) to provide an efficient and up-to-date LAMP stack to your servers.

Categories
PHP

PHP 5.2.8 available [update]

The PHP Group released PHP 5.2.8 this morning to fix the magic_quotes_gpc issue.

If you previously installed PHP 5.2.7-0.dotdeb.1 from Dotdeb and do not care about the version number displayed in your phpinfo(), save your bandwidth, your server is already secure 🙂 Otherwise, just apt-get upgrade your LAMP stack…

[update] The packages have been upgraded to 5.2.8-0.dotdeb.1 to fix an issue about pcre & utf8.

Categories
PHP

PHP 5.2.7 updated because magic_quotes_gpc is broken

Stefan Esser has posted a warning about upgrading PHP to the 5.2.7 release :

(…)a change in the ext/filter extension that by default processes all incoming data, broke the magic_quotes_gpc feature. While magic_quotes_gpc itself is deprecated and it is recommended to not rely on it as protection against SQL injection, it is still used in many legacy applications that become very insecure once it is turned off. And exactly that happens with the upgrade to PHP 5.2.7. The fix for this was already commited to the PHP CVS and PHP 5.2.8 will be released next week.

I just fixed this issue in the Dotdeb packages, just upgrade your servers.

Categories
PHP

PHP 5.2.7 available

From PHP.net :

The PHP development team would like to announce the immediateavailability of PHP 5.2.7. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related.All users of PHP are encouraged to upgrade to this release.
(…)
Further details about the PHP 5.2.7 release can be found in the release announcement for 5.2.7, the full list of changes is available in the ChangeLog for PHP 5.

PHP 5.2.7 is now available on Dotdeb for Etch (amd64/i386) and there’s a great news : libapache2-mod-php5 is now compatible with apache2-mpm-itk.

Categories
Documentation PHP

How to package PHP extensions by yourself

I often receive emails telling me that Dotdeb is a great tool, but that some useful packages are missing, such as some PECL extensions. I wish I could maintain many and many packages, but I don’t think it’s a good idea for the Dotdeb’s overall quality and for my free time 😉 Sorry for that.

Then, this article will show you how to build packages from your favorite PECL extensions in a strict Debian way, using the dh-make-php package.

Categories
Documentation PHP

How to use PHP5 and PHP4 on the same Apache2 server

Since PHP4 is officially dead, it is now urgent to migrate your applications to PHP5, but it’s not that easy and you’ll have to test them before replacing PHP4 by PHP5 on your server. This article will help you to install both PHP4 and PHP5 on your box and swicth easily between them…

The problem

It is not possible to enable both PHP4 and PHP5 Apache2 modules on the same webserver, it causes shared objects collision. Then, the idea is to enable PHP5 as Apache2 module on one side and PHP4 as CGI on the other side.

Please note that this solution is not a good idea anywhere else but on developpement servers and should be temporary because of the performance and security issues of PHP as CGI.

Installation

First, we have to install the appropriate PHP packages and their dependencies (from Dotdeb, of course) :

apt-get install libapache2-mod-php5 php4-cgi

Apache2 is now configured by default to parse .php files with the mod_php5 module.

But, using mod_actions, we can tell Apache2 to parse .php files with the php4 CGI. First, enable mod_actions :

a2enmod actions
/etc/init.d/apache2 force-reload

Now, by adding the following two lines in a Virtualhost or Directory (…) context or directly in the main Apache2 configuration file, we’ll switch from PHP5 to PHP4 :

AddHandler php-script .php
Action php-script /cgi-bin/php4

(It could be necessary to reload your apache configuration :

/etc/init.d/apache2 force-reload

)

The result
To check that all works fine, create a file, called phpinfo.php, containing the following code :

Depending on the presence (or not) of the two above magical lines, a HTTP request on the script will show a PHP4 (or PHP5)-typical output.

Categories
PHP

PHP 4.4.9 available

On August 7th, the PHP Group has published the last version of PHP4, numbered 4.4.9 :

It continues to improve the security and the stability of the 4.4 branch and all users are strongly encouraged to upgrade to it as soon as possible. This release wraps up all the outstanding patches for the PHP 4.4 series, and is therefore the last PHP 4.4 release.

On August 22nd, Stefan Esser released the appropriate Suhosin patch, allowing me to package PHP 4.4.9 for Debian Etch amd64/i386 (Sarge support is now discontinued).

Take a look at the PHP4 Changelog before upgrading.