Status
Not open for further replies.

tristanperry

Member
Nov 20, 2008
11
0
51
Have re-opened my ticket asking for an update - it's been 48 hours since the initial "in 24 hour's time" estimate.

I'm happy enough with compiling PHP myself from source, it's just that I'd prefer to keep things done via EasyApache if possible; it's a bit easier down the line when it comes to updates.
 

DReade83

Well-Known Member
Oct 20, 2006
196
0
166
Cheshire, UK
Me too - cPanel Support told me 24 hours, 24 hours ago, and still no show! And with absolute minimal/no updates from cPanel - this makes it a whole lot more frustrating!
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
The holdup at this point is that PHP 5.2.10 breaks PEAR on many systems and we haven't yet isolated which change in the 1/4 million lines of differences between 5.2.9 and 5.2.10 caused the problem. Outside of that one major issue, there's a trivial problem with the Ioncube installer to fix and everything else is ready to go.
 

tristanperry

Member
Nov 20, 2008
11
0
51
The holdup at this point is that PHP 5.2.10 breaks PEAR on many systems and we haven't yet isolated which change in the 1/4 million lines of differences between 5.2.9 and 5.2.10 caused the problem. Outside of that one major issue, there's a trivial problem with the Ioncube installer to fix and everything else is ready to go.
Thanks for the update :) Good luck with hunting down that PEAR error.
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
For anyone that is getting PCI compliance failures because of the exif_read_data() segfault issue that was fixed in PHP 5.2.10 (PHP Bug 48378), EasyApache 3 build 4744 includes a backport of the patch for PHP 5.2.9.
 

tristanperry

Member
Nov 20, 2008
11
0
51
For anyone that is getting PCI compliance failures because of the exif_read_data() segfault issue that was fixed in PHP 5.2.10 (PHP Bug 48378), EasyApache 3 build 4744 includes a backport of the patch for PHP 5.2.9.
The problem is that the PCI scans just check the tag for what PHP version is installed and judge based on that.

However I've applied the backport patch, failed the scan (solely due to the PHP version), and have contact my PCI scanner to see what they say. Fingers crossed they are able to verify that my build is secure. :)
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
The problem is that the PCI scans just check the tag for what PHP version is installed and judge based on that.

However I've applied the backport patch, failed the scan (solely due to the PHP version), and have contact my PCI scanner to see what they say. Fingers crossed they are able to verify that my build is secure. :)
While I'm not a PCI Compliance expert, auditor, etc, it was my impression from reading the PCI documentation that back-ported fixes were sufficient as long as you provided some kind of proof to the auditor. Is that understanding incorrect?
 

tristanperry

Member
Nov 20, 2008
11
0
51
While I'm not a PCI Compliance expert, auditor, etc, it was my impression from reading the PCI documentation that back-ported fixes were sufficient as long as you provided some kind of proof to the auditor. Is that understanding incorrect?
That is correct, yes. However the PCI auditor is under no firm obligation to accept your explanation.

For example I've provided a couple of different false positives (where particular services have been patched up however the version number stays the same, like with the PHP 5.2.9 backport) and sometimes they do get rejected.
 

tristanperry

Member
Nov 20, 2008
11
0
51
Any luck resolving/finding that bug?
I e-mailed them today and had the following reply:

I apologize, it seems that the test branch that PHP 5.2.10 has been published to has itself not yet been published for general use. However, given the amount of activity on completing this project, I would anticipate the release of PHP 5.2.10 support to be in the near-term. I have no exact ETA at this time.
:)
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
See my previous post regarding PHP 5.2.10 earlier in this thread and this
post is an additional continuation to that ...

Some PHP releases that make major revisions generally involved a change
of the first or second digit in the version number often require more
extensive testing and fixes to resolve compatability issues but that is
not the case between PHP v5.2.9 and PHP v5.2.10 which is very minor!

I have been using PHP v5.2.10 in full production on all of our Cpanel servers
since it's release data a couple of weeks ago without even the slightest
of problems and continues to run perfectly including also those with the
newest release SuHosin patch for PHP released shortly after PHP v5.2.10.

For PHP v5.2.10 in a working test environment, See: phpinfo() test server

(The above is one of our testing / development servers running Cpanel and
gnerally has all major PHP modules and features loaded in SuPHP mode
along with SuHosin security patches, GD libraries, and more, etc)


Bottom line though is PHP v5.2.10 is good to go and confirmed working
well in every environment we've tested it in and have it in full production
already on all our servers without any noted issues or problems.

Cpanel hopefully gets the EasyApache update rolled out soon for those
who aren't comfortable with upgrading PHP themselves. For the rest of you
and those who would like to get upgraded now, updating PHP manually
is actually ridiculously easy and only takes a few moments.

As a side note, I'll help anyone upgrade PHP who asks me. ;)
 

tristanperry

Member
Nov 20, 2008
11
0
51
See my previous post regarding PHP 5.2.10 earlier in this thread and this
post is an additional continuation to that ...
It's odd - I'm confident with upgrading myself, however it simply didn't want to work for me.

It'd be fine up until "make test", whereby it got up to the 4,000th (ish) test and my SSH window closed. I then noticed that my server loads were at 2.5+ (when they were <0.5 before).

As a test, I tried ignoring "make test" and going straight for "make install" next time and it simply corrupted my PHP install (pages with PHP on them would keep saying they were loading, then hit the apache timeout and stop).

So I'm pretty confused about the cause, but either way I'm just waiting for the EasyApache roll-out now.
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
In the EasyApache 3 testing branch we have the 5.2.10 specific problems worked out at this point.

1) With 5.2.10 curlwrappers breaks all file:// streams when safe_mode or open_basedir restrictions are in effect. This causes all installs of PHP 5.2.10 with both PEAR and curlwrappers enabled to fail at the "make install" stage. If curlwrappers was enabled and PEAR was disabled, you'd end up with a PHP install that fails on stream functions like fopen("/local/file") whenever safe_mode or open_basedir are turned on. In the EA3 test branch the curlwrappers option has been patched so that it does not register libcurl to handle file:// streams.

2) The PEAR phar archive included with 5.2.10 apparently includes a broken channel list. This results in a broken PEAR install on new servers where the channel list does not already exist. In the EA3 test branch this has been fixed by swapping the 5.2.10 PEAR phar archive with the one from 5.2.9.

3) There was a flaw in the cPanel code that installed the Ioncube loader module which prevented it from functioning with 5.2.10. This has been fixed in the EA3 test branch.

4) There is a flaw in the way rebuild_phpconf detects the PHP version number that prevents configuration of PHP 5.2.10 in the WHM interface. This has been fixed in EDGE already and will be rolled out to the other releases over the next few days.


Once the fix for #4 reaches all cPanel releases we will move PHP 5.2.10 into the EasyApache 3 trunk.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
It's odd - I'm confident with upgrading myself, however it simply didn't want to work for me.

It'd be fine up until "make test", whereby it got up to the 4,000th (ish) test and my SSH window closed. I then noticed that my server loads were at 2.5+ (when they were <0.5 before).

As a test, I tried ignoring "make test" and going straight for "make install" next time and it simply corrupted my PHP install (pages with PHP on them would keep saying they were loading, then hit the apache timeout and stop).

So I'm pretty confused about the cause, but either way I'm just waiting for the EasyApache roll-out now.
TristanPerry, are you running a VPS server by chance?

(Other than that, how much memory is installed on your server?)

Your loads are going to go up while compiling and testing and that is
perfectly normal and should not effect server operations unless your
server is seriously overloaded already or has really limited resources.
 

Spiral

BANNED
Jun 24, 2005
2,018
8
193
1) With 5.2.10 curlwrappers breaks all file:// streams when safe_mode or open_basedir restrictions are in effect. This causes all installs of PHP 5.2.10 with both PEAR and curlwrappers enabled to fail at the "make install" stage. If curlwrappers was enabled and PEAR was disabled, you'd end up with a PHP install that fails on stream functions like fopen("/local/file") whenever safe_mode or open_basedir are turned on. In the EA3 test branch the curlwrappers option has been patched so that it does not register libcurl to handle file:// streams.
Speak for yourself. We haven't observed any problems with curlwrappers,
PEAR, or anything related to any streams with PHP 5.2.10 and we heavily
use some of these components on some servers too.

Maybe your compile directive order? It sometimes makes a difference
what order your configure directives are passed during build time so you
want to be careful what comes first and what comes last in that list too.

2) The PEAR phar archive included with 5.2.10 apparently includes a broken channel list. This results in a broken PEAR install on new servers where the channel list does not already exist. In the EA3 test branch this has been fixed by swapping the 5.2.10 PEAR phar archive with the one from 5.2.9.
Can't duplicate this as seems to work fine forcing the original archive.

3) There was a flaw in the cPanel code that installed the Ioncube loader module which prevented it from functioning with 5.2.10. This has been fixed in the EA3 test branch.
Ioncube works fine under 5.2.10 as either a PHP.INI loaded module or
as a dynamically loaded module. Not sure how Cpanel could go about
breaking this as those are the two main ways to install it and not really
two many ways to deviate from that and both work fine under 5.2.10 too.


4) There is a flaw in the way rebuild_phpconf detects the PHP version number that prevents configuration of PHP 5.2.10 in the WHM interface. This has been fixed in EDGE already and will be rolled out to the other releases over the next few days.


Once the fix for #4 reaches all cPanel releases we will move PHP 5.2.10 into the EasyApache 3 trunk.
Ah, ok I'll give you that one as we use EDGE mainstream on all our servers.

(In the event of bug or other issue, I'm capable of tracking down the problem in a few seconds and fixing
most any issue myself so for us we don't have any issues or worries running EDGE in full production and
have done so for a number of years now for ourselves but recommend CURRENT tree to most of our clients)
 
Last edited:

tristanperry

Member
Nov 20, 2008
11
0
51
TristanPerry, are you running a VPS server by chance?

(Other than that, how much memory is installed on your server?)

Your loads are going to go up while compiling and testing and that is
perfectly normal and should not effect server operations unless your
server is seriously overloaded already or has really limited resources.
Hehe, yes I am :) However I've re-compiled Apache and PHP before without any issues.

I think that some of the bugs that jdlightsey described were effecting me. I wasn't too clear earlier - my loads were absolutely fine, then they went up to 2+ only after the test/install went bad, which was odd.
 

DReade83

Well-Known Member
Oct 20, 2006
196
0
166
Cheshire, UK
I'm curious if PHP 5.3 will build without problems since it was released a few minutes ago? If it builds without an issue compared to 5.2.10, wouldn't it be better to release that instead?

I'm assuming the fixes included in 5.2.10 are in 5.3 as well, but at the same time I'm aware the first major release isn't always stable - though it's had tons of beta testing, so there's no reason why it wouldn't work.

What do you think?
 

DjiXas

Well-Known Member
Feb 10, 2007
294
0
166
I'm curious if PHP 5.3 will build without problems since it was released a few minutes ago? If it builds without an issue compared to 5.2.10, wouldn't it be better to release that instead?

I'm assuming the fixes included in 5.2.10 are in 5.3 as well, but at the same time I'm aware the first major release isn't always stable - though it's had tons of beta testing, so there's no reason why it wouldn't work.

What do you think?
PHP Bugs: Search

NO
 
Status
Not open for further replies.