PHP 5.3.3

Any wishes or suggestions for MAMP?
Post here what functions you are still missing for MAMP.

Moderator: severin

cayennecode
Posts: 36
Joined: Tue 24. Oct 2006, 23:52

PHP 5.3.3

Post by cayennecode » Sat 24. Jul 2010, 00:11

Would love to see a release with the latest PHP compiled :D

http://php.net/index.php

As always, thanks for MAMP!

slimandslam
Posts: 6
Joined: Tue 12. Jan 2010, 00:29

Re: PHP 5.3.3

Post by slimandslam » Wed 22. Sep 2010, 04:16

MAMP 1.9.2 was just released! Huzzah!

But the release notes http://mamp.info/en/documentation/releases.html say
that it still has PHP 5.3.2 even though PHP 5.3.3 was released on July 22nd. Is that true (haven't installed it yet)?

:!: :?: :!: :?:


J

Dirk Einecke
Site Admin
Posts: 278
Joined: Thu 4. Nov 2004, 11:11
Location: Karlsruhe (Germany)
Contact:

Re: PHP 5.3.3

Post by Dirk Einecke » Wed 22. Sep 2010, 06:55

Hi,

MAMP / MAMP PRO 1.9.2 includes PHP 5.2.13 and PHP 5.3.2.

Dirk
Best Regards / Mit freundlichen Grüßen
Dirk Einecke (MAMP & MAMP PRO Team)

NEW: MAMP & MAMP PRO 3 released | MAMP & MAMP PRO 3 veröffentlicht

All about MAMP & MAMP PRO: Website | Bugbase | Blog (german) | Blog (english) | Online documentation (Wiki)

slimandslam
Posts: 6
Joined: Tue 12. Jan 2010, 00:29

Re: PHP 5.3.3

Post by slimandslam » Wed 22. Sep 2010, 09:02

Is there some reason the MAMP team chose not to upgrade to PHP 5.3.3 ?

Dirk Einecke
Site Admin
Posts: 278
Joined: Thu 4. Nov 2004, 11:11
Location: Karlsruhe (Germany)
Contact:

Re: PHP 5.3.3

Post by Dirk Einecke » Wed 22. Sep 2010, 09:08

Hi,

no, there is no reason why not. But there is also no important reason why we should upgrade the included PHP version every time. Upgrades of components are very time-consuming.

Dirk
Best Regards / Mit freundlichen Grüßen
Dirk Einecke (MAMP & MAMP PRO Team)

NEW: MAMP & MAMP PRO 3 released | MAMP & MAMP PRO 3 veröffentlicht

All about MAMP & MAMP PRO: Website | Bugbase | Blog (german) | Blog (english) | Online documentation (Wiki)

diggtester
Posts: 3
Joined: Tue 21. Dec 2010, 15:02

Re: PHP 5.3.3

Post by diggtester » Tue 21. Dec 2010, 15:07

I think it would be very beneficiary to upgrade MAMP PHP to 5.3.3 or even 5.3.4 (current) since this version include the internationalization extension which is a big upgrade.

If you are not planning on upgrading, maybe you can give a quick instructions on how to install this extension with the current 5.3.2.

Thanks.

Paddy
Posts: 1
Joined: Wed 5. Jan 2011, 15:24

Re: PHP 5.3.3

Post by Paddy » Wed 5. Jan 2011, 15:31

I am also needing PHP 5.3.3 or 5.3.4 with the intl extension enabled, as this is needed by Symfony2 when using forms. I am using MAMP and don't have time to learn how to compile PHP on Mac.

cxbrooks
Posts: 1
Joined: Fri 7. Jan 2011, 19:32

Re: PHP 5.3.3

Post by cxbrooks » Fri 7. Jan 2011, 19:43

Nessus reports that MAMP 1.9.4 has a number if critical security holes because
of PhP 5.2.13
--start---

Nessus Scan Report
This report gives details on hosts that were tested and issues that
were found. Please follow the recommended steps and procedures to
eradicate these threats...

Vulnerability ddi-tcp-1 (8888/tcp)
Synopsis :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.14. Such versions may be affected by
several security issues :

- An error exists when processing invalid XML-RPC
requests that can lead to a NULL pointer
dereference. (bug #51288) (CVE-2010-0397)

- An error exists in the function 'fnmatch' that can lead
to stack exhaustion.

- An error exists in the sqlite extension that could
allow arbitrary memory access.

- A memory corruption error exists in the function
'substr_replace'.

- The following functions are not properly protected
against function interruptions :

addcslashes, chunk_split, html_entity_decode,
iconv_mime_decode, iconv_substr, iconv_mime_encode,
htmlentities, htmlspecialchars, str_getcsv,
http_build_query, strpbrk, strstr, str_pad,
str_word_count, wordwrap, strtok, setcookie,
strip_tags, trim, ltrim, rtrim, parse_str, pack, unpack,
uasort, preg_match, strrchr, strchr, substr, str_repeat
(CVE-2010-1860, CVE-2010-1862, CVE-2010-1864,
CVE-2010-2097, CVE-2010-2100, CVE-2010-2101,
CVE-2010-2190, CVE-2010-2191, CVE-2010-2484)

- The following opcodes are not properly protected
against function interruptions :

ZEND_CONCAT, ZEND_ASSIGN_CONCAT, ZEND_FETCH_RW
(CVE-2010-2191)

- The default session serializer contains an error
that can be exploited when assigning session
variables having user defined names. Arbitrary
serialized values can be injected into sessions by
including the PS_UNDEF_MARKER, '!', character in
variable names.

- A use-after-free error exists in the function
'spl_object_storage_attach'. (CVE-2010-2225)

- An information disclosure vulnerability exists in the
function 'var_export' when handling certain error
conditions. (CVE-2010-2531)

See also :

http://www.php.net/releases/5_2_14.php
http://www.php.net/ChangeLog-5.php#5.2.14

Solution :

Upgrade to PHP version 5.2.14 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin output :

Version source : Server: Apache/2.0.63 (Unix) PHP/5.2.13 DAV/2
Installed version : 5.2.13
Fixed version : 5.2.14

CVE : CVE-2010-0397, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3065
BID : 38708, 40948, 41991
Other references : OSVDB:63078, OSVDB:64322, OSVDB:64544, OSVDB:64546, OSVDB:65755, OSVDB:66087, OSVDB:66093, OSVDB:66094, OSVDB:66095, OSVDB:66096, OSVDB:66097, OSVDB:66098, OSVDB:66099, OSVDB:66100, OSVDB:66101, OSVDB:66102, OSVDB:66103, OSVDB:66104, OSVDB:66105, OSVDB:66106, OSVDB:66798, OSVDB:66804, OSVDB:66805, Secunia:39675, Secunia:40268
Nessus ID : 48244

Vulnerability ddi-tcp-1 (8888/tcp)
Synopsis :

The remote web server uses a version of PHP that is affected by
multiple flaws.

Description :

According to its banner, the version of PHP 5.2 installed on the
remote host is older than 5.2.15. Such versions may be affected by
several security issues :

- A crash in the zip extract method.

- A possible double free exists in the imap extension.
(CVE-2010-4150)

- An unspecified flaw exists in 'open_basedir'.
(CVE-2010-3436)

- A possible crash could occur in 'mssql_fetch_batch()'.

- A NULL pointer dereference exists in
'ZipArchive::getArchiveComment'. (CVE-2010-3709)

- A crash exists if anti-aliasing steps are invalid.
(Bug 53492)

- A crash exists in pdo_firebird getAttribute(). (Bug 53323)

See also :

http://www.php.net/releases/5_2_15.php
http://www.php.net/ChangeLog-5.php#5.2.15

Solution :

Upgrade to PHP version 5.2.15 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin output :

Version source : Server: Apache/2.0.63 (Unix) PHP/5.2.13 DAV/2
Installed version : 5.2.13
Fixed version : 5.2.15

CVE : CVE-2010-3709, CVE-2010-3436, CVE-2010-4150
BID : 44718, 44723, 45335
Other references : OSVDB:68597, OSVDB:69109, OSVDB:69110, OSVDB:69660
Nessus ID : 51139

Vulnerability ddi-tcp-1 (8888/tcp)
Synopsis :

The remote web server may be affected by several issues.

Description :

According to its banner, the version of Apache 2.0 installed on the
remote host is older than 2.0.64. Such versions may be affected by
several issues, including :

- An unspecified error exists in the handling of requests
without a path segment. (CVE-2010-1452)

- Several modules, including 'mod_deflate', are
vulnerable to a denial of service attack as the
server can be forced to utilize CPU time compressing
a large file after client disconnect. (CVE-2009-1891)

- An unspecified error exists in 'mod_proxy' related to
filtration of authentication credentials.
(CVE-2009-3095)

- A NULL pointer dereference issue exists in
'mod_proxy_ftp' in some error handling paths.
(CVE-2009-3094)

- An error exists in 'mod_ssl' making the server
vulnerable to the TLC renegotiation prefix injection
attack. (CVE-2009-3555)

- An error exists in the handling of subrequests such
that the parent request headers may be corrupted.
(CVE-2010-0434)

- An error exists in 'mod_proxy_http' when handling excessive
interim responses making it vulnerable to a denial of
service attack. (CVE-2008-2364)

- An error exists in 'mod_isapi' which allows the module
unloaded too early which leaves orphaned callback
pointers. (CVE-2010-0425)

- An error exists in 'mod_proxy_ftp' when wildcards are
in an FTP URL which allows for cross-site scripting
attacks. (CVE-2008-2939)

Note that the remote web server may not actually be affected by these
vulnerabilities. Nessus did not try to determine whether the affected
modules are in use or to check for the issues themselves.

See also :

http://www.apache.org/dist/httpd/CHANGES_2.0.64
http://httpd.apache.org/security/vulner ... es_20.html

Solution :

Either ensure that the affected modules are not in use or upgrade to
Apache version 2.0.64 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Plugin output :

Version source : Server: Apache/2.0.63
Installed version : 2.0.63
Fixed version : 2.0.64

CVE : CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555, CVE-2010-0425, CVE-2010-0434, CVE-2010-1452, CVE-2008-2364
BID : 29653, 30560, 38494
Other references : OSVDB:46085, OSVDB:47474, OSVDB:55782, OSVDB:57851, OSVDB:57882, OSVDB:59969, OSVDB:62674, OSVDB:62675, OSVDB:66745, Secunia:30261, Secunia:31384, Secunia:35781, Secunia:36549, Secunia:36675, Secunia:38776, CWE:79
Nessus ID : 50069
--end--

gbateson
Posts: 2
Joined: Sat 8. Jan 2011, 06:46

Re: PHP 5.3.3

Post by gbateson » Sat 8. Jan 2011, 08:04

One more request for intl extension, and also xmlrpc. Pretty please :D

gbateson
Posts: 2
Joined: Sat 8. Jan 2011, 06:46

Re: PHP 5.3.3

Post by gbateson » Sat 8. Jan 2011, 08:22

I would also like to request PHP 5.3.3 (with xmlrpc and intl) because these are the suggested minimum specs for Moodle 2.0
- http://docs.moodle.org/en/Installing_Moodle#Software

pretty please :D
... and thanks !

Mr_g33k
Posts: 1
Joined: Sat 8. Jan 2011, 10:48

Re: PHP 5.3.3

Post by Mr_g33k » Sat 8. Jan 2011, 10:56

I have exclatly the same problem...

bigmamp
Posts: 1
Joined: Sat 29. Jan 2011, 20:45

Re: PHP 5.3.3

Post by bigmamp » Sat 29. Jan 2011, 20:47

Same here. INTL started to be an absolute must for me developing on my win machine.

For OS X I rely on MAMP, seeing it updated soon would be really great news.

slimandslam
Posts: 6
Joined: Tue 12. Jan 2010, 00:29

Re: PHP 5.3.3

Post by slimandslam » Thu 3. Feb 2011, 18:07


rschumacher
Posts: 8
Joined: Fri 18. Dec 2009, 10:06

Re: PHP 5.3.3

Post by rschumacher » Sat 5. Feb 2011, 15:04

Paddy wrote:I am also needing PHP 5.3.3 or 5.3.4 with the intl extension enabled, as this is needed by Symfony2 when using forms. I am using MAMP and don't have time to learn how to compile PHP on Mac.
+1 from my side, I am also doing Symfony2 development which relies on intl extension.

Would be great... cheers RAPHAEL

krause
Posts: 15
Joined: Fri 3. Nov 2006, 20:18

Re: PHP 5.3.3

Post by krause » Thu 24. Feb 2011, 11:24

gbateson wrote:I would also like to request PHP 5.3.3 (with xmlrpc and intl) because these are the suggested minimum specs for Moodle 2.0
- http://docs.moodle.org/en/Installing_Moodle#Software

pretty please :D
... and thanks !

Hi Gordon,

I found your message in the MAMP forum. I installed the extensions xmlrpc and intl for PHP 5.3.2 in Moodle4Mac.
If you want to get the extended MAMP please look at http://download.moodle.org/macosx/ ... it's still beta!

Best regards, Ralf

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest