PHP 5.2.10 in Security Update 2009-005 / PPC breaks date handling

4 days of total silence ...
Still waiting for a solution 😟

I know, I meant 4 days since my last post ...

this morning I noticed a bunch of updates coming in ...
But no luck on a php update yet 😟
It is almost 2 weeks since Apple screwed php on 10.5.8 PPC machines :')

I know many people will vent their frustration at Apple here, but think about the folks at PHP. Can you even imagine that they released 5.2.10 with this bug? I mean seriously. Was there no regression test in place to test if fricken' date() works on the various platforms?!? If anyone has egg on their face over this one, it is them. Horribly unprofessional and they didn't even seem to care based on the 3 month lag until 5.2.11. Sure they found it pretty fast (thanks to peoples websites breaking world wide) but expected everyone to patch, recompile and re-link their own systems.

We could all blame Apple too, for not performing their own tests but why would they? They don't actually USE PHP in any of their own products as far as I can tell. Anyway, the logical extension of "blaming" is that we must all blame ourselves for not testing our websites on another system first, before updating our production servers.

I just hope that Apple is prepping another release very soon. PHP have released 5.2.11 more than a month ago now!

I could happily roll my own PHP, but, to be honest, this is exactly why I switched to Mac OS X (vs. Linux) as my web server years ago -- so I wouldn't have to deal with the never-ending update cycle anymore. I pay for Apple kit and Apple OS so that I can get the security updates automagically, but I didn't expect this. (Yeah, I know I can get this on Linux too, but it is always still a headache as something always needs recompiling, and I have better things to do with my time.)

I agree with you, Apple should have tested this but it seems that did not expose this bug.
At least Apple should react fast on the signals we gave on this one which is at least 2 weeks ago now.
Same here, I switched from linux to OSX for the same reason (not having to do everything myself) and I hoped OSX would give me some rest ...

Don't rely on Apple's distribution of PHP. It's just not a priority for them. Maintain your own using MacPorts.

www.macports.org

You can find a couple of great GUI clients if you're not comfortable at the command line, but here's a brief tutorial once you've installed MacPorts.

To update your installed version:

port selfupdate

To check for outdated ports that you've installed:

port outdated

To install a port:

port install (name of port here)

To update an installed port:

port upgrade (name of port here)

It's really easy to use once you get the hang of it.

Note - the above commands assume you're logged in as root user. If not, precede each command with "sudo".

thanks for the suggestion on using ports ...

But, this is the exact reason why I stopped using linux and switched to OSX.
To NOT have to compile and maintain stuff myself ...

Eddie

Hi guys,

same problem here. While I didn't want to wait for Apple to build a new security update nor to compile my own PHP - I just went back to 5.2.6 from an old backup.

In order to switch to an older "build-in" php just copy the file /usr/libexec/apache2/libphp5.so from an backup and replace the current one:
+sudo cp / pathtoyourbackup/usr/libexec/apache2/libphp5.so /usr/libexec/apache2/libphp5.so+

Make sure the file has the proper permissions set:
+sudo chown root:wheel /usr/libexec/apache2/libphp5.so+
+sudo chmod ugo=rx /usr/libexec/apache2/libphp5.so+

Then restart Apache and hope it worked 😉
+sudo apachectl restart+

Maybe this helps for someone, at least temporarily

Still the same here ... And even I did some working around ...

I installed entropy ( http://www.entropy.ch/software/macosx/php/) ...
took the 5.3.0.3 package ...
READ carefull
STOP your webservices
disable the php5 module !!!!
Install the entropy package
this installs everything in /usr/local/php5/* so no conflict with any other software !!!
It puts a file +entropy-php.conf in your /etc/apache2/sites/ directory to enable the new php !!!
edit the /usr/local/php5/lib/php.ini to change "short opentag = On" if you have php files with <? in stead of <?php ...
(entropy has it default Off )
start your server and all should be working
check with php_info() and you should be running the new php ...

Works for me for now

The security update from last night brought us php 5.2.11 and fixed this bug at last ...

I get really angry seeing the build date for this one ...

"Build Date Sep 28 2009 16:45:40"

took 6 weeks to test it and let us wait 😟

I'm pleased that this glitch is fixed but a little dazed by some of the comments in the thread.

This was a bug in PHP, not code produced by Apple. It only affected PPC processors and there were workarounds (like date('y') instead of date('Y') or using another build).

Then on the one hand Apple are criticised for taking so long to release the patch but also criticised for not testing. There are more than 700 functions in PHP some of which will accept multiple input parameters. How long do you think it'll take Apple to test that lot? And that's before they test anything else.