Please upgrade php5 to new upstream version 5.2.9

Looks reasonable to me according to the changelog.

chuck

Received Blog notification of potential bug:
http://www.macvicar.net/blog/2008/12/critical-bug-in-php-527.html

Here's the text:
Critical Bug in PHP 5.2.7

PHP 5.2.7 was released on Thursday but unfortunately a critical bug was introduced during the release candidate process that essentially full disables magic_quotes_gpc even when it’s marked as enabled. The end result being that if you relied on magic_quotes_gpc being enabled it’s now not, potentially a security issue.

The other problem is that even if you don’t rely on it being enabled but have an application which attempts to undo the work of magic_quotes_gpc you may end up with some data loss. Such code is present within most applications that want to work with it disabled

This has been fixed in CVS so you can grab a snapshot if you've already upgraded to PHP 5.2.7, if not then hold out for PHP 5.2.8 which should appear early next week.

If magic_quotes_gpc doesn’t matter to you and you normally run with it disabled then this doesn’t really matter.

It's been officially removed from php.net, here's the announcement:

PHP 5.2.7 has been removed from distribution
[07-Dec-2008]

Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magic_quotes_gpc is enabled, because it remains off even when set to on. In the meantime, use PHP 5.2.6 until PHP 5.2.8 is later released.

Not sure what to do with this request.

Thanks.

We can just wait until 5.2.8 is released

PHP 5.2.8 Released!
[08-Dec-2008]

The PHP development team would like to announce the immediate availability of PHP 5.2.8. This release addresses a regression introduced by 5.2.7 inregard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing "filter.default_flags=0" in php.ini.

I using PPA for PHP 5.2.8. If anybody want to update to 5.2.8 please put it into sources.list:

deb http://ppa.launchpad.net/tarkus/ubuntu intrepid main
deb-src http://ppa.launchpad.net/tarkus/ubuntu intrepid main

PPA: https://launchpad.net/~tarkus/+archive

My apologies if this is not the appropriate place to ask, but how can I upgrade to php 5.2.8 with apt-get if I have 5.2.6 installed? I am new to the deb package system and am being impacted by a bug in 5.2.6. I have added Ari's two URL's to my sources.list, but I have been unsuccessful figuring out the upgrade procedure. Any help would be appreciated. Thanks!

If you have correctly added ~tarkus'es repos, type it in console:

sudo apt-get update
sudo apt-get upgrade

If php isn't updated, type it:

sudo apt-get dist-upgrade

Does php 5.2.8 will be added into jaunty?

On Tue, Mar 3, 2009 at 11:42 AM, Ari <email address hidden> wrote:
> Does php 5.2.8 will be added into jaunty?

Sorry, no. We are past Feature Freeze for Jaunty, so it will have
php5_5.2.6 + patches.

--
:-Dustin

Of course, it will be upgraded for Karmic...

:-Dustin

This should be closed if 5.2.9 makes it into debian unstable.

PHP 5.2.8 release was 8th December 2008
Jaunty feature freeze was February 19th 2009

Yet Jaunty ships with 5.2.6, bit of a let down for people running server edition and wanting useful updates...

Hmm, interestingly, it seems that the appendage of ".dfsg.1-3ubuntu2"
onto Ubuntu's php5 versioning seems to break the merge analysis and
the grab-merge.sh script.

It seems that php5 slipped through the cracks for Jaunty.

Unfortunately, that means it's probably too late at this point. Sorry.

:-Dustin

Sorry, disregard my last comment.

The trouble is that Debian is still on php 5.2.6.dfsg.1-3, and we draw
from Debian for this package.

See:
 * http://packages.qa.debian.org/p/php5.html

:-Dustin

I have problem with this bug:

http://bugs.php.net/bug.php?id=42862

Will this be fixed in Ubuntu Server 8.10?

5.2.9 has recently been merged into Debian testing from Debian unstable:
http://packages.qa.debian.org/p/php5/news/20090512T163920Z.html

Can we please have 5.2.9 in Karmic?

The php 5.2.9 has some security fixes. Can we have it in Jaunty too?
http://www.php.net/ChangeLog-5.php#5.2.9