The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize().


All users of PHP are strongly encouraged to upgrade to this release.


Aside from the above mentioned issues this release includes the following important fixes:


* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object reference.
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.


The PHP Development Team would like to thank all the people who have identified the security faults in PHP and helped us address them.

thanks

Is DA making updates for us?

I'm sure the will pretty soon, at least for the 4.x line, however you can upgrade without waiting by simply downloading the new source, modifying customapache and rebuilding. There is more information on this process scatered around this forum.

http://www.zend.com/store/products/zend-optimizer.php

Would it be compatible? We're gonna know in few minutes. Building PHP 4.3.11 now with the new CURL 7.13.1...

Oki, works perfect :)


$ cd /usr/local/directadmin/customapache/
$ ./build clean
$ ./build update
$ wget http://nl3.php.net/get/php-4.3.11.tar.gz/from/nl2.php.net/mirror
$ wget http://curl.haxx.se/download/curl-7.13.1.tar.gz
$ pico build

[--
#PHP_VER=4.3.10
PHP_VER=4.3.11
#CURL_VER=7.13.0
CURL_VER=7.13.1
--]

$ pico configure.php
Add if not there: --with-imap-ssl \
on 1 line above the last.

$ ./build all
$ /etc/init.d/httpd restart


And thats it :)

Goodluck with it ;)

Hmmm...doesn't work on my FreeBSD 5 box. Problem with zlib and zip.
DA needs to provide updated libraries.

php 4.3.11 compiles fine on freebsd 5 here.

This is really strange...I've recompiled 4.3.10 with the updated curl and it worked. Now if I try again with the official 4.3.11 from DA I get this:

With ./build all I'm not offered to rebuild libZ and a couple of other files.

checking if the location of ZLIB install directory is defined... /usr/local/lib
checking for gzgets in -lz... no
configure: error: ZLIB extension requires zlib >= 1.0.9

*** There was an error while trying to configure php. Check the configure.php file

Same result with ./build php and the compilation of extra libs.

Same here, works fine on my freebsd 5 box.

Thank you! :)

Works for 100% at my FC1 box.

FreeBSD 5 people, did you build clean before doing build php? If you don't some answers to tests are cached.

I'm really puzzled as to why 4.3.11 fails on my box. Maybe a packaging conflict between php and some other DA libraries?

Originally posted by interfasys
I'm really puzzled as to why 4.3.11 fails on my box. Maybe a packaging conflict between php and some other DA libraries?
curl-7.13.1 caused apache to segfault on FreeBSD 5.3. Not sure why yet. PHp 4.3.11 built ok with curl-7.13.0

I've tried with all the latest cURL and none improved the situation =(.
BTW the latest is .2

Can you build with the previous version of Curl?

not with any 7-13

checking for gzgets in -lz... no
configure: error: ZLIB extension requires zlib >= 1.0.9

If you install jpeg from the ports, it will install/upgrade zlib. Have you run cvsup lately?

This failed before I did upgrade some ports, but since the build scripts overwrites libraries, it shouldn't be a problem, no?

http://files.directadmin.com/services/customapache/zlib-1.2.2.tar.gz

Using FreeBSD5.3

APACHE_VER=1.3.33
MODSSL_VER=2.8.22
APACHE2_VER=2.0.52
PHP_VER=4.3.11
GD_VER=2.0.33
CURL_VER=7.13.1
ZLIB_VER=1.2.1
PNG_VER=1.2.8
FRONTPAGE_VER=1.6.1
MCRYPT_VER=2.5.7
MODPERL_FILE=mod_perl-1.0-current.tar.gz
MODPERL2_FILE=mod_perl-2.0-current.tar.gz
MODPERL_DIR=mod_perl-1.29
MODPERL2_DIR=modperl-2.0
MHASH_VER=0.9.1
ZZIP_VER=0.10.82
ZEND_VER=2.5.7

contents of my configure.php

./configure \
--with-apxs \
--with-curl \
--with-curl-dir=/usr/local/lib \
--with-gd=/usr/local \
--with-freetype-dir=/usr/local \
--enable-gd-native-ttf \
--with-iconv-dir=/usr/local \
--with-gettext \
--with-jpeg-dir=/usr/local/lib \
--with-kerberos \
--with-mcrypt \
--with-mhash \
--with-mysql=/usr/local \
--with-pear \
--with-png-dir=/usr/local/lib \
--with-xml \
--with-zlib \
--with-zlib-dir=/usr/local/lib \
--with-zip \
--with-openssl \
--enable-bcmath \
--enable-calendar \
--enable-ftp \
--enable-magic-quotes \
--enable-sockets \
--enable-track-vars

ok between each attempt rm -rf php-4.3.11 dir or you will fail compile. I didnt build clean or build update I just manually edited my build file with the new versions and grabbed the tarballs, been doing it this way for a while now, GD I compile from FreeBSD ports as it supports freetype, when I upgraded php I didnt recompile any compenents such as zlib and curl, hope this helps.

interestingly is there a reason why directadmin isnt using latest mhash 0.9.2 (i think i remember a problem with this one) and latest zziplib-0.13.38?

You have a strange mix in your configure.php.

Old zlib
Newer, but not latest cURL
Both don't change anything though

And yes the latest mhash and zzlib from DA cannot be installed on FreeBSD.

I'm pretty certain that this release of PHP is hosed since 4.3.10 compiles just fine.

Only a ./build clean will let you know.

Error on FC2

/usr/local/directadmin/customapache/configure.php: line 27: --with-imap-ssl: command not found

*******

Trying without the --with-imap-ssl and returned and make error

/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
make: *** [libphp4.la] Error 1


any help is welcome

I have updated both curl and zlib since my post.

Originally posted by jodasi
Error on FC2

/usr/local/directadmin/customapache/configure.php: line 27: --with-imap-ssl: command not found

*******

Trying without the --with-imap-ssl and returned and make error

/usr/bin/ld: cannot find -lltdl
collect2: ld returned 1 exit status
make: *** [libphp4.la] Error 1


any help is welcome

try downloading a clean configure.php and try again

Curl 7.13.2 released , also avaible by the same way ofcourse. See http://www.directadmin.com/forum/showthread.php?s=&threadid=7664 for more details about the changes in the new release.

Originally posted by plugin
try downloading a clean configure.php and try again

Strange, when with php ver 4.3.10 works

Let the newest curl and php in your folder, and then do the tutorial again with a clean BUILD, maybe does it work then?

# cd /usr/local/directadmin/customapache/; rm -f build
# wget http://files.directadmin.com/services/customapache/build

*edit the things i told*

# ./build clean
# ./build curl
# ./build php

On Redhat 9, with this configure script:

#!/bin/sh
./configure \
--with-apxs \
--with-curl \
--with-curl-dir=/usr/local/lib \
--with-gd \
--with-gd-dir=/usr/local/lib \
--with-gettext \
--with-jpeg-dir=/usr/local/lib \
--with-kerberos \
--with-mcrypt \
--with-mhash \
--with-mysql=/usr \
--with-pear \
--with-png-dir=/usr/local/lib \
--with-xml \
--with-zlib \
--with-zlib-dir=/usr/local/lib \
--with-zip \
--with-openssl \
--enable-bcmath \
--enable-calendar \
--enable-ftp \
--enable-magic-quotes \
--enable-sockets \
--enable-track-vars \
--enable-mbstring \
--with-pfpro

I am getting this install error:

Make Complete
Installing php...
Installing PHP SAPI module: apache
[activating module `php4' in /etc/httpd/conf/httpd.conf]
cp libs/libphp4.so /usr/lib/apache/libphp4.so
chmod 755 /usr/lib/apache/libphp4.so
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
cp /etc/httpd/conf/httpd.conf.new /etc/httpd/conf/httpd.conf
rm /etc/httpd/conf/httpd.conf.new
Installing PHP CLI binary: /usr/local/bin/
Installing PHP CLI man page: /usr/local/man/man1/
Installing PEAR environment: /usr/local/lib/php/
[PEAR] Archive_Tar - already installed: 1.1
[PEAR] Console_Getopt - already installed: 1.2
make[1]: *** [install-pear-installer] Segmentation fault
make: *** [install-pear] Error 2

*** The install has failed, do you want to try to install it again? (y,n):
n

The cofigure goes fine, but the make is borked. Any ideas?

You have installed PHP4 as module in your Apache. Now you are updating to the new PHP4 as standalone, this cant work correct, just as the error tells you :)

Check your httpd.conf and comment with a # the lines as the error tells you, and then compile it as standalone.

An official statement from PHP people:
[15 Apr 2:02pm CEST] sniper@php.net

There aren't any configure options in PHP configure which would expect
/usr/local/lib as parameter (drop the /lib part from it)


Maybe DA should think about it?


(And for those wondering if there was something broken with the new release, maybe yes, maybe no. The new configure script can detect wrong settings, but you can make it work.)

This problem still hasn't gone away:

Configuring extensions
checking for OpenSSL support... yes
checking for Kerberos support... yes
checking for krb5-config... /usr/bin/krb5-config
checking for pkg-config... /usr/local/bin/pkg-config
checking for ZLIB support... yes
checking if the location of ZLIB install directory is defined... /usr/local/lib
checking for gzgets in -lz... no
configure: error: ZLIB extension requires zlib >= 1.0.9

*** There was an error while trying to configure php. Check the configure.php file


Contents of configure.php include the right path:

--with-zlib \
--with-zlib-dir=/usr/local/lib \

Changing it to /usr/local doesn't help.


Contents of /usr/local/lib:

artemis# ll /usr/local/lib/libz*
lrwxr-xr-x 1 root wheel 13 May 5 14:03 /usr/local/lib/libz.so -> libz.so.1.2.2
lrwxr-xr-x 1 root wheel 13 May 5 14:03 /usr/local/lib/libz.so.1 -> libz.so.1.2.2
-rwxr-xr-x 1 root wheel 71019 May 5 14:03 /usr/local/lib/libz.so.1.2.2

It is definately looking right at the 1.2.2 libraries but not recognizing them.

BigWil

remove the kerberos port.

I had a simular error when i was trying to install domxml,
Please reinstall the libxslt >= 1.0.3 distribution
I had to install the libxslt-devel, after that I could compile without errors, maybe you nee to install the zlib devel?

Ok removing the KRB5 port seemed to work there. Does this mean that PHP 4.3.11 can't be compiled with Kerberos?

Big Wil

No, it means it's already part of your OS if you didn't explicitely remove it from your kernel config.
This one took me a long time to figure out and puzzled many admins.

I see so it was built in the src and doesn't need to be installed via the ports collection. During PHP install the Kerberos from the src install will be found and used.

Yah I saw you were working on it for awhile. Many a PHP bug with your name on it. ;-)

Thanks,

BigWil

hi,

after the upgrade as descripted i'm getting this
can someone help me with php. when i load this http://64.69.38.51/index.php it is not
recoginizing php why? i setup a test.php with <? phpinfo(); ?> and went here.
http://64.69.38.51/test.php and it show me a blank page. anyone know what is casuing this??

can someone help me..

thanks

here is my error log

[Fri May 6 14:16:56 2005] [notice] Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7c PHP/4.3.11 mod_perl/1.29
FrontPage/5.0.2.2510 configured -- resuming normal operations
[Fri May 6 14:16:56 2005] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri May 6 14:16:56 2005] [notice] Accept mutex: flock (Default: flock)

is this ok??

Check you httpd.conf file and make sure you have something like this in there:

<IfModule mod_php4.c>
AddType application/x-httpd-php .inc .php .php4 .phtml
AddType application/x-httpd-php-source .phps
</IfModule>

Be sure to restart apache if you make any changes.


Big Wil

yup its in there

<IfModule mod_php4.c>
AddType application/x-httpd-php .inc .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps
</IfModule>

ofcourse i restarted httpd

Interesting. It is definately treating it as a text document. All I can suggest is that you rerun the install and watch carefully for errors. Run each build line separately.

cd /usr/local/directadmin/customapache
./build clean
./build update
./build php y
./build zend

Then restart apache

Big Wil

did all that!!!

evrerything went smooth no error nothing..

how do i completely wipe out apache and resinstall a clean apapche with php??

i build everything brand new
i even rm -r build
rm -r configure.php
and get new one
stilll nothing will do :(

how do i solve this

There is something in your httpd.conf that is effecting this. Are you using the default httpd.conf that came with the DA build?

Was this an upgraded machine or was it a fresh install of your OS?

BigWil

upgrade..

how do i completely wipe out what is in my httpd.conf and make a new one??

Yah it sounded like an upgrade. I don't know of an easy way of installing a new httpd.conf. I would have thought there would be a taskq item for this but I haven't found it yet. Here is one of the manual routes to take. Archaic but effective.

Do you have users that were installed on this machine already using DA?

If so open up your existing httpd.conf and copy the Includes from the bottom to somewhere safe. I usually drop them into a text file on my workstation for safe keeping temporarily.

Then:

cp /usr/local/directadmin/data/templates/httpd.conf \
/etc/httpd/conf/

Open up /etc/httpd/conf/httpd.conf and replace the following
|SERVER_IP| with your machines IP address
|SERVER_NAME| with your machine fqdn

Then if you had users copy the includes back to the bottom of the file. Restart apache.

BigWil