2

We run an Ubuntu 12.04 server where php 5.3.10 is installed by default. I thought Ubuntu did only apply bugfixes in their updates, so micros like 5.3.x should pass through.

Apparently, our version isn't updated, but we are stuck with a critical bug in php which is solved in 5.3.15. Should I wait longer for this release to bubble up? Or are there safe repositories to use for Ubuntu to continuously update php and php related packages?

Jurian Sluiman
  • 291
  • 1
  • 6
  • 17
  • apt-get upgrade will update all the software package in your system – ZVIK Aug 16 '12 at 10:26
  • @ZVIK I know how to use apt. The problem is Ubuntu 12.04 is stuck on 5.3.10 (http://packages.ubuntu.com/precise/php5-fpm) and I want to install 5.3.15. But I want to do it a) with apt b) use stable releases (no nightlies) and c) a trustworthy repository which supports Ubuntu. – Jurian Sluiman Aug 16 '12 at 10:31

5 Answers5

1

The ubuntu version of php you have installed does not necessarily have the same version number as the upstream bugfix release, even though the ubuntu release have backported the bugfix into its package.

apt-get dist-upgrade should bring you up to date with the latest security patches from the ubuntu repositories. Check out the link below for ubuntu's changelog on bugfixes in this particular package.

http://changelogs.ubuntu.com/changelogs/pool/main/p/php5/php5_5.3.10-1ubuntu3.2/changelog

pkhamre
  • 6,120
  • 3
  • 17
  • 27
  • Thanks @pkhamre, but the bugfix is applied in 5.3.15 (from 19 July 2012) and the 1ubuntu3.2 from 5.3.10 is not updated since 12 June 2012 unfortunately. So Ubuntu hasn't cherry picked the change yet. Is there an option I can notify the maintainer of this fix and in the future a 1ubuntu3.3 will contain the fix for the bug #61045? – Jurian Sluiman Aug 16 '12 at 10:36
  • I do not know these routines, but check out the following link for some resources like bugreports, mailing lists etc. Maybe you can get some answers there? http://packages.ubuntu.com/precise/php5 – pkhamre Aug 16 '12 at 10:39
  • Related question http://serverfault.com/questions/410977/ubuntu-lts-repository-package-update-policy – pkhamre Aug 16 '12 at 10:41
1

You can use apt-pinning to install packages distributed with newer versions of Ubuntu. This Guide is pretty good and should explain all questions: https://help.ubuntu.com/community/PinningHowto

Comprehensive Debian Guide: http://jaqque.sbih.org/kplug/apt-pinning.html

hub
  • 342
  • 1
  • 4
  • 15
  • This suggestion seems like the cleanest one, IMO. But I'm not sure how the approach based on debian repositories will apply to Ubuntu. – Jim Herrick Feb 21 '13 at 17:21
  • Here you go with a Version especially for Ubuntu but its not that comprehensive: https://help.ubuntu.com/community/PinningHowto This Guide is really good with a lot of examples but its written in german: http://wiki.ubuntuusers.de/Apt-Pinning – hub Mar 26 '13 at 08:43
0

There's a patch on the bug report - you could try applying this to the src package and rebuilding it - but wouldn't it just be simpler to use the 'error_log' config to record the errors elsewhere?

symcbean
  • 21,009
  • 1
  • 31
  • 52
  • This is what we're heading for now, but our wish is to consolidate the nginx errors and php errors into one error file on a server block (Apache-like vhost) base. So we keep track of all server errors per domain we listen to. For now we are using the `error_log` directive, but what I describe here seems to us a more appropriate solution. – Jurian Sluiman Aug 16 '12 at 11:31
0

There is some work going on at http://packages.tooptee.org/ - but since I use neither nginx nor these experimental versions I can't say anything about the stability or usability of that archive.

Since a workaround is suggested (the error_log directive, which you are using) I'd rather invest in log-mangling scripts to put all your errors in one file than modify existing stable packages. If you feel adventurous you could try Quantal Quetzal (Ubuntu 12.10) which is to go beta next week, the PHP version there is 5.4.6 which includes the fix you want.

flinkflonk
  • 664
  • 4
  • 5
0

There are often backports available from more recent Ubuntu releases for the latest server release. For example, this repository seems to have some. Although they don't seen to be updated very recently.

https://launchpad.net/~webstack/+archive/php?field.series_filter=precise

You can of course also just grab the .deb for Quantal and install it on Precise using dpkg -i somepackage.deb, but that is usually not recommended, due to potential changes in dependencies. Although I think in this case you'll be fine.

Jeroen Ooms
  • 2,239
  • 8
  • 34
  • 51