The PHP development team have released PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release. The security enhancements and fixes in PHP 5.2.12 are:

• Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
• Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
• Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
• Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check, identified by Stefan Esser. (CVE-2009-4143, Stas)
• Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)

For instructions on how to upgrade PHP please read: Upgrading PHP.

This is a small write-up of the installation I was asked to do for a client on his mini with OS X Server (Leopard). It took me a while to get this working because of the various issiues that I encountered and while googling for a sollution found that there are many people looking for an answer, hence the write-up. Please note that these instructions are not part of the normal documentation set, these instructions only work on OS X Server Leopard and not on the regular OS X Workstation.

First make a copy of the original php module for safekeeping:

sudo cp /usr/libexec/apache2/libphp5.so /usr/libexec/apache2/libphp5.so.apple

Then we need to make some preparations. First of them is get the MySQL include source files and the client libraries as documented in this knowledge base article. Remeber this is only tested on 10.5.x of OS X Server.

Please download http://www.opensource.apple.com/darwinsource/other/MySQL-49.binaries.tar.gz

Unpack and copy the following directories using the following commands:

tar -zxvf MySQL-49.binaries.tar.gz
cd usr/include/
sudo cp -R usr/include/mysql /usr/include/
sudo cp -R usr/lib/mysql /usr/lib/

Next we need to get the iconv library and compile it to get it properly working with PHP. The default iconv library on OS X gives linking errors. You can download it from: http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.13.1.tar.gz and unpack it.

Use the following commands to compile and install it:

export MACOSX_DEPLOYMENT_TARGET=10.6 \
CFLAGS=”-arch x86_64″ \
CXXFLAGS=”-arch x86_64″
./configure –prefix=/usr/local
 
make
 
sudo make install

Next download the source code for the JPEG library from the Freshmeat libjpeg project. I’ve used the source file jpegsrc.v7.tar.gz.

First unpack the source code and then go into the folder “jpeg-7″ for the source and execute the following commands:

cp /usr/share/libtool/config.sub .
cp /usr/share/libtool/config.guess .

Which will copy these files to the current directory. They are required for the configuration fase of this installation.

export MACOSX_DEPLOYMENT_TARGET=10.6
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
LDFLAGS="-arch x86_64" \
./configure --enable-shared
 
make
 
sudo make install

Next download PHP version 5.2.11 (this is the version installed on OS X Server 10.5.x) unpack it and use the following commands to configure, compile and install it:

export MACOSX_DEPLOYMENT_TARGET=10.6 \
CFLAGS=”-arch x86_64″ \
CXXFLAGS=”-arch x86_64″
./configure –prefix=/usr \
  --mandir=/usr/share/man \
  --infodir=/usr/share/info \
  --disable-dependency-tracking \
  --with-apxs2=/usr/sbin/apxs \
  --with-ldap=/usr \
  --with-kerberos=/usr \
  --enable-cli \
  --with-zlib-dir=/usr \
  --enable-trans-sid \
  --with-xml \
  --enable-exif \
  --enable-ftp \
  --enable-mbstring \
  --enable-mbregex \
  --enable-dbx \
  --enable-sockets \
  --with-iodbc=/usr \
  --with-curl=/usr \
  --with-config-file-path=/etc \
  --sysconfdir=/private/etc \
  --with-openssl \
  --with-xmlrpc \
  --with-xsl=/usr \
  --with-mysql-sock=/var/mysql \
  --with-mysqli=/usr/bin/mysql_config \
  --with-mysql=/usr \
  --with-gd \
  --with-jpeg-dir=/usr/local/lib \
  --with-png-dir=/usr/X11R6 \
  --with-freetype-dir=/usr/X11R6 \
  --with-xpm-dir=/usr/X11R6 \
  --with-iconv=/usr/local \
  --without-pear

Next do not start compiling but we need to edit the Makefile.

Find the line that starts with:

GDLIB_CFLAGS =

and add at the end of the line:

-arch x86_64

The nfind the line that starts with:

EXTRA_LIBS =

and add at the end of this multiline:

-lresolv

Next replace the line:

$(CC) $(MH_BUNDLE_FLAGS) $(CFLAGS_CLEAN) $(EXTRA_CFLAGS) $(LDFLAGS) $(EXTRA_LDFLAGS) $(PHP_GLOBAL_OBJS:.lo=.o) $(PHP_SAPI_OBJS:.lo=.o) $(PHP_FRAMEWORKS) $(EXTRA_LIBS) $(ZEND_EXTRA_LIBS) -o $@ && cp $@ libs/libphp$(PHP_MAJOR_VERSION).so

with:

$(CC) $(CFLAGS_CLEAN) $(EXTRA_CFLAGS) $(LDFLAGS) $(EXTRA_LDFLAGS) $(PHP_GLOBAL_OBJS:.lo=.o) $(PHP_SAPI_OBJS:.lo=.o) $(PHP_FRAMEWORKS) $(EXTRA_LIBS) $(ZEND_EXTRA_LIBS) $(MH_BUNDLE_FLAGS) -o $@ && cp $@ libs/libphp$(PHP_MAJOR_VERSION).so

Save the file and when your done you can start compiling and installing with:

make
 
sudo make install

This means it’s ready.

Now restart apache and check your site. Now you have a new PHP version with GD on your server.

The PHP development team released a new version of the 5.3.x release. Before you upgrade to a 5.3.x release on a production machine, please check if all PHP based apps are supporting 5.3.x as there are some compatibility problems and you might get some strange results. This release focuses on improving the stability of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. I’ve tested it on a test server with Snow Leopard without any problems.

Security Enhancements and Fixes in PHP 5.3.1:

• Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
• Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia)
• Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
• Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
• Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se)
• Fixed bug #44683 (popen crashes when an invalid mode is passed). (CVE-2009-3294, Pierre)

Key Enhancements in PHP 5.3.1 include:

• Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
• Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
• Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
• Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support). (Greg)
• Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe)
• Around 100 other bug fixes

For instructions on how to upgrade PHP please read: Upgrading PHP.

PHP have released an update to the 5.2.x version. Many people still have problems with the backwards compatibility of 5.3 and are still using 5.2.10. In this release which is a security bug-fix and if you are running 5.2.10 I would urge you to upgrade.

Security Enhancements and Fixes in PHP 5.2.11:

• Fixed certificate validation inside php_openssl_apply_verification_policy.
• Fixed sanity check for the color index in imagecolortransparent().
• Added missing sanity checks around exif processing.
• Fixed bug #44683 (popen crashes when an invalid mode is passed).

Key enhancements in PHP 5.2.11 include:

• Fixed regression in cURL extension that prevented flush of data to output defined as a file handle.
• A number of fixes for the FILTER_VALIDATE_EMAIL validation rule
• Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries).
• Fixed bug #48696 (ldap_read() segfaults with invalid parameters)
• Fixed bug #48645 (mb_convert_encoding() doesn’t understand hexadecimal html-entities).
• Fixed bug #48619 (imap_search ALL segfaults).
• Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag).
• Fixed bug #47351 (Memory leak in DateTime).
• Over 60 bug fixes.

For instructions on how to upgrade PHP please read: Upgrading PHP.

Here is a quick update on getting Apache, PHP and MySQL installations working again after the Snow Leopard upgrade.

For Apache I did a recompile and install because the config was completely lost (and I had no backup!) and this was the quickest way for me. The normal 64 bit Leopard instructions did the job for now, will look later at possible enhancements.

MySQL I could just startup with the System Preferences MySQL panel. Will do a recompile later today and will update this post with the findings. This as MySQL is updated to 5.1.38

PHP gave the most issues, but a comment from Nico helped out. This problem is valid for 5.2.9 and 5.3.0 but it should be solved in 5.3.1 as the bug was listed as solved in 5.3.1.dev

To solve the problem, follow the normal instructions on this site but after the configure statement you need to edit the Makefile which is created by ./configure

You need to add ‘-lresolv‘ at the end of the line which starts with ‘EXTRA_LIBS‘ like:

EXTRA_LIBS = -lmysqlclient -lssl -lcrypto -lz -lssl -lcrypto -lm -lxml2 -lz -licucore -lm -lxml2 -lz -licucore -lm -lmysqlclient -lz -lm -lmysqlclient -lz -lm -lxml2 -lz -licucore -lm -lxml2 -lz -licucore -lm -lxml2 -lz -licucore -lm -lxml2 -lz -licucore -lm -lresolv

As noted earlier, I will keep updating this blogpost till most issues are resolved or properly documented elsewhere on the site.

Update 1: MySQL compiled without a problem using the 64 bits Leopard instructions.

Update 2: Finished some of the PHP documentation on Snow Leopard:

• Compiling PHP in 64 bits mode on Snow Leopard
• Adding the GD module to PHP on Snow Leopard
• Adding the mcrypt module to PHP on Snow Leopard

Update 3: Added Apache install instructions:

• Compiling Apache in 64 bits mode on Snow Leopard

Update 4: Made a new page with all related Snow Leopard instructions. MAMP stack documented, mailserver will follow!

Last update: Mailserver instructions.

Recently I got some remarks from a user who asked why he was not able to compile 64 bits on the PowerPC platform. My notes and instructions did not mention this and I must confess that I had forgotten this as I could not see a PowerMac or iMac G5 as your basic mailserver.

But I’m wrong, as my basic goal was to provide you with a complete mailserver solution, I have to acknowledge that the most polular pages are on installing Apache, PHP and third MySQL. The popularity of the mailserver instructions comes way lower then these three subjects.

So therefore I’ve updated all the 64 bit instructions with how to compile on a 64 bit PowerPC platform. You have to forgive me for not being able to test this (no G5 at my place!) I’m using the input of someone else who told me this. It was a very simple change as you only need to change the ‘x86_64‘ bit into ‘ppc64‘ and that’s it.

If someone else could verify that this works it would be grand!

The people from PHP have released a new version. I’ve downloaded it right away and installed and tested it on all my test machines and haven’t found any problem yet. This release is a major improvement in the 5.X series, which includes a large number of new features and bug fixes.

• Support for namespaces
• Late static binding
• Lambda Functions and Closures
• Syntax additions: NOWDOC, ternary short cut “?:” and jump label (limited goto), __callStatic()
• Under the hood performance improvements
• Optional garbage collection for cyclic references
• Optional mysqlnd PHP native replacement for libmysql
• Improved Windows support including VC9 and experimental X64 binaries as well as portability to other supported platforms
• More consistent float rounding
• Deprecation notices are now handled via E_DEPRECATED (part of E_ALL) instead of the E_STRICT error level
• Several enhancements to enable more flexiblity in php.ini (and ini parsing in general)
• New bundled extensions: ext/phar, ext/intl, ext/fileinfo, ext/sqlite3, ext/enchant
• Over 140 bug fixes and improvements to PHP, in particular to: ext/openssl, ext/spl and ext/date

This release also drops several extensions and unifies the usage of internal APIs. Users should be aware of the following known backwards compatibility breaks:

• Parameter parsing API unification will cause some functions to behave more or less strict when it comes to type juggling
• Removed the following extensions: ext/mhash (see ext/hash), ext/msql, ext/pspell (see ext/enchant), ext/sybase (see ext/sybase_ct)
• Moved the following extensions to PECL: ext/ming, ext/fbsql, ext/ncurses, ext/fdf
• Removed zend.ze1_compatibility_mode

For users upgrading from PHP 5.2 there is a migration guide available here, detailing the changes between those releases and PHP 5.3.0.

For a full list of changes in PHP 5.3.0, see the ChangeLog.

For instructions on how to upgrade PHP please read: Upgrading PHP.

PHP have released an update yesterday and I’ve tested it and it works without any problems. It even has less errors in the test suite than the previous version. It has a security update included so it would be wise to upgrade if you can.

Security Enhancements and Fixes in PHP 5.2.10:

• Fixed bug #48378 (exif_read_data() segfaults on certain
  corrupted .jpeg files).

Key enhancements in PHP 5.2.10 include:

• Added “ignore_errors” option to http fopen wrapper.
• Fixed memory corruptions while reading properties of zip files.
• Fixed memory leak in ob_get_clean/ob_get_flush.
• Fixed segfault on invalid session.save_path.
• Fixed leaks in imap when a mail_criteria is used.
• Changed default value of array_unique()’s optional sorting type
  parameter back to SORT_STRING to fix backwards compatibility breakage
  introduced in PHP 5.2.9.
• Fixed bug #47940 (memory leaks in imap_body).
• Fixed bug #47903 (“@” operator does not work with string offsets).
• Fixed bug #47644 (Valid integers are truncated with json_decode()).
• Fixed bug #47564 (unpacking unsigned long 32bit big endian returns wrong result).
• Fixed bug #47365 (ip2long() may allow some invalid values on certain
  64bit systems).
• Over 100 more bug fixes.

For instructions on how to upgrade PHP please read: Upgrading PHP.

I’ve received many requests to add several modules to my documentation set of installing PHP. I’ve untill now avoided it because it is a lot of work to do this for all seperate versions. Not even mentioning solving issues and supporting all your questions.

I’ve now documented how to add GD (which was one of the most requested modules) and mcrypt (required for a safe use of phpmyadmin).

I’ve documented each module as a seperate installation and it will tell you which parameters to add to the normal PHP installation to make it work. In this manner everyone can select the modules he or she wants without the modules that aren’t needed.

Read more about it on their respective pages:

• Adding the mcrypt module to PHP on Leopard
• Adding the GD module to PHP on Leopard

I hope you like this method of documention this.

The people at PHP have solved the issue with 5.2.7 and released it as 5.2.8. I’ve installed and tested on my test server without a problem and will upgrade my production machines over the weekend.

This release addresses a regression introduced by 5.2.7 in regard to the magic_quotes functionality, that was broken by an incorrect fix to the filter extension. All users who have upgraded to 5.2.7 are encouraged to upgrade to this release, alternatively you can apply a work-around for the bug by changing “filter.default_flags=0″ in php.ini.

I hope this one stays a little longer active than the previous version.