unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH] Update gd and php
@ 2017-01-19 21:19 Julien Lepiller
  2017-01-20  5:53 ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Julien Lepiller @ 2017-01-19 21:19 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 219 bytes --]

A new version of gd and php were released today. Here are patches to
update them. I could get rid of gd-for-php and use the system one
instead. Two new tests had to be removed, they are related to already
failing tests.

[-- Attachment #2: 0001-gnu-gd-Update-to-2.2.4.patch --]
[-- Type: text/x-patch, Size: 5438 bytes --]

From 502fa6202e8dabed3abdd584f720eb6128fdc127 Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Thu, 19 Jan 2017 22:09:35 +0100
Subject: [PATCH 1/2] gnu: gd: Update to 2.2.4.

* gnu/packages/gd.scm (gd): Update to 2.2.4.
---
 gnu/local.mk                                |  2 --
 gnu/packages/gd.scm                         |  8 ++----
 gnu/packages/patches/gd-CVE-2016-7568.patch | 44 -----------------------------
 gnu/packages/patches/gd-CVE-2016-8670.patch | 38 -------------------------
 4 files changed, 3 insertions(+), 89 deletions(-)
 delete mode 100644 gnu/packages/patches/gd-CVE-2016-7568.patch
 delete mode 100644 gnu/packages/patches/gd-CVE-2016-8670.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 2da8b82db..616e476a1 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -568,8 +568,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch	\
   %D%/packages/patches/gcc-6-cross-environment-variables.patch	\
   %D%/packages/patches/gcj-arm-mode.patch			\
-  %D%/packages/patches/gd-CVE-2016-7568.patch			\
-  %D%/packages/patches/gd-CVE-2016-8670.patch			\
   %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch	\
   %D%/packages/patches/gd-fix-gd2-read-test.patch		\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 0241a81db..d564955d4 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -40,7 +40,7 @@
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
     ;; missing.
-    (version "2.2.3")
+    (version "2.2.4")
 
     (source (origin
              (method url-fetch)
@@ -49,10 +49,8 @@
                    version "/libgd-" version ".tar.xz"))
              (sha256
               (base32
-               "0g3xz8jpz1pl2zzmssglrpa9nxiaa7rmcmvgpbrjz8k9cyynqsvl"))
-             (patches (search-patches "gd-CVE-2016-7568.patch"
-                                      "gd-CVE-2016-8670.patch"
-                                      "gd-fix-gd2-read-test.patch"
+               "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))
+             (patches (search-patches "gd-fix-gd2-read-test.patch"
                                       "gd-fix-tests-on-i686.patch"))))
     (build-system gnu-build-system)
     (native-inputs
diff --git a/gnu/packages/patches/gd-CVE-2016-7568.patch b/gnu/packages/patches/gd-CVE-2016-7568.patch
deleted file mode 100644
index 6a1a63296..000000000
--- a/gnu/packages/patches/gd-CVE-2016-7568.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-Fix CVE-2016-7568 (integer overflow in gdImageWebpCtx()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7568
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
-
-From 2806adfdc27a94d333199345394d7c302952b95f Mon Sep 17 00:00:00 2001
-From: trylab <trylab@users.noreply.github.com>
-Date: Tue, 6 Sep 2016 18:35:32 +0800
-Subject: [PATCH] Fix integer overflow in gdImageWebpCtx
-
-Integer overflow can be happened in expression gdImageSX(im) * 4 *
-gdImageSY(im). It could lead to heap buffer overflow in the following
-code. This issue has been reported to the PHP Bug Tracking System. The
-proof-of-concept file will be supplied some days later. This issue was
-discovered by Ke Liu of Tencent's Xuanwu LAB.
----
- src/gd_webp.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/src/gd_webp.c b/src/gd_webp.c
-index 8eb4dee..9886399 100644
---- a/src/gd_webp.c
-+++ b/src/gd_webp.c
-@@ -199,6 +199,14 @@ BGD_DECLARE(void) gdImageWebpCtx (gdImagePtr im, gdIOCtx * outfile, int quality)
- 		quality = 80;
- 	}
- 
-+	if (overflow2(gdImageSX(im), 4)) {
-+		return;
-+	}
-+
-+	if (overflow2(gdImageSX(im) * 4, gdImageSY(im))) {
-+		return;
-+	}
-+
- 	argb = (uint8_t *)gdMalloc(gdImageSX(im) * 4 * gdImageSY(im));
- 	if (!argb) {
- 		return;
--- 
-2.10.0
-
diff --git a/gnu/packages/patches/gd-CVE-2016-8670.patch b/gnu/packages/patches/gd-CVE-2016-8670.patch
deleted file mode 100644
index 39ee99ac3..000000000
--- a/gnu/packages/patches/gd-CVE-2016-8670.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Fix CVE-2016-8670 (buffer overflow in dynamicGetbuf()):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8670
-http://seclists.org/oss-sec/2016/q4/138
-
-Patch copied from upstream source repository:
-
-https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
-
-From 53110871935244816bbb9d131da0bccff734bfe9 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Wed, 12 Oct 2016 11:15:32 +0200
-Subject: [PATCH] Avoid potentially dangerous signed to unsigned conversion
-
-We make sure to never pass a negative `rlen` as size to memcpy(). See
-also <https://bugs.php.net/bug.php?id=73280>.
-
-Patch provided by Emmanuel Law.
----
- src/gd_io_dp.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/gd_io_dp.c b/src/gd_io_dp.c
-index 135eda3..228bfa5 100644
---- a/src/gd_io_dp.c
-+++ b/src/gd_io_dp.c
-@@ -276,7 +276,7 @@ static int dynamicGetbuf(gdIOCtxPtr ctx, void *buf, int len)
- 	if(remain >= len) {
- 		rlen = len;
- 	} else {
--		if(remain == 0) {
-+		if(remain <= 0) {
- 			/* 2.0.34: EOF is incorrect. We use 0 for
- 			 * errors and EOF, just like fileGetbuf,
- 			 * which is a simple fread() wrapper.
--- 
-2.10.1
-
-- 
2.11.0


[-- Attachment #3: 0002-gnu-php-Update-to-7.1.1.patch --]
[-- Type: text/x-patch, Size: 10131 bytes --]

From edf980daea884e8d23b8f034ad8b7e8ad4ba8bbb Mon Sep 17 00:00:00 2001
From: Julien Lepiller <julien@lepiller.eu>
Date: Thu, 19 Jan 2017 22:10:22 +0100
Subject: [PATCH 2/2] gnu: php: Update to 7.1.1.

* gnu/packages/php.scm (php): Update to 7.1.1.
---
 gnu/local.mk                                       |   2 -
 .../patches/gd-fix-chunk-size-on-boundaries.patch  | 102 ---------------------
 .../gd-fix-truecolor-format-correction.patch       |  95 -------------------
 gnu/packages/php.scm                               |  19 +---
 4 files changed, 5 insertions(+), 213 deletions(-)
 delete mode 100644 gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
 delete mode 100644 gnu/packages/patches/gd-fix-truecolor-format-correction.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 616e476a1..5e4a59f49 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -568,10 +568,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcc-6-arm-none-eabi-multilib.patch	\
   %D%/packages/patches/gcc-6-cross-environment-variables.patch	\
   %D%/packages/patches/gcj-arm-mode.patch			\
-  %D%/packages/patches/gd-fix-chunk-size-on-boundaries.patch	\
   %D%/packages/patches/gd-fix-gd2-read-test.patch		\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
-  %D%/packages/patches/gd-fix-truecolor-format-correction.patch	\
   %D%/packages/patches/gegl-CVE-2012-4433.patch			\
   %D%/packages/patches/geoclue-config.patch			\
   %D%/packages/patches/ghostscript-CVE-2013-5653.patch		\
diff --git a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch b/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
deleted file mode 100644
index e395c66d8..000000000
--- a/gnu/packages/patches/gd-fix-chunk-size-on-boundaries.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-This fixes PHP bug #73155: https://bugs.php.net/bug.php?id=73155
-
-Patch adapted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/8067a8ac336dfe0acbe96ec2eb24572209a7f279
-
-(.gitignore change removed)
-
-From 8067a8ac336dfe0acbe96ec2eb24572209a7f279 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Fri, 23 Sep 2016 18:29:52 +0200
-Subject: [PATCH] Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries
-
-(cherry picked from commit bb1998a16e30d542ab22eba5501911a9aa066edb)
----
- src/gd_gd2.c             |  4 ++--
- tests/gd2/CMakeLists.txt |  1 +
- tests/gd2/Makemodule.am  |  1 +
- tests/gd2/bug00309.c     | 37 +++++++++++++++++++++++++++++++++++++
- 4 files changed, 41 insertions(+), 2 deletions(-)
- create mode 100644 tests/gd2/bug00309.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 75e5e1f..b9b2f93 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -938,8 +938,8 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- 	};
- 
- 	/* Work out number of chunks. */
--	ncx = im->sx / cs + 1;
--	ncy = im->sy / cs + 1;
-+	ncx = (im->sx + cs - 1) / cs;
-+	ncy = (im->sy + cs - 1) / cs;
- 
- 	/* Write the standard header. */
- 	_gd2PutHeader (im, out, cs, fmt, ncx, ncy);
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 3b650ad..247b466 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,5 +1,6 @@
- SET(TESTS_FILES
- 	bug_289
-+	bug00309
- 	gd2_empty_file
- 	gd2_im2im
- 	gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index b8ee946..d69aee0 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,5 +1,6 @@
- libgd_test_programs += \
- 	gd2/bug_289 \
-+	gd2/bug00309 \
- 	gd2/gd2_empty_file \
- 	gd2/php_bug_72339 \
- 	gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug00309.c b/tests/gd2/bug00309.c
-new file mode 100644
-index 0000000..b649cdc
---- /dev/null
-+++ b/tests/gd2/bug00309.c
-@@ -0,0 +1,37 @@
-+/**
-+ * Regression test for <https://github.com/libgd/libgd/issues/309>.
-+ *
-+ * We test that an image with 64x64 pixels reports only a single chunk in the
-+ * GD2 image header when the chunk size is 64.
-+ */
-+
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+int main()
-+{
-+    gdImagePtr im;
-+    unsigned char *buf;
-+    int size, word;
-+
-+    im = gdImageCreate(64, 64);
-+    gdImageColorAllocate(im, 0, 0, 0);
-+
-+    buf = gdImageGd2Ptr(im, 64, 1, &size);
-+
-+    gdImageDestroy(im);
-+
-+    word = buf[10] << 8 | buf[11];
-+    gdTestAssertMsg(word == 64, "chunk size is %d, but expected 64\n", word);
-+    word = buf[14] << 8 | buf[15];
-+    gdTestAssertMsg(word == 1, "x chunk count is %d, but expected 1\n", word);
-+    word = buf[16] << 8 | buf[17];
-+    gdTestAssertMsg(word == 1, "y chunk count is %d, but expected 1\n", word);
-+    gdTestAssertMsg(size == 5145, "file size is %d, but expected 5145\n", size);
-+
-+    gdFree(buf);
-+
-+    return gdNumFailures();
-+}
diff --git a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch b/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
deleted file mode 100644
index be3eff932..000000000
--- a/gnu/packages/patches/gd-fix-truecolor-format-correction.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-This fixes PHP bug #73159: https://bugs.php.net/bug.php?id=73159
-
-Patch lifted from upstream source repository:
-
-https://github.com/libgd/libgd/commit/e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5
-
-From e1f61a4141d2e0937a13b8bfb1992b9f29eb05f5 Mon Sep 17 00:00:00 2001
-From: "Christoph M. Becker" <cmbecker69@gmx.de>
-Date: Mon, 15 Aug 2016 17:49:40 +0200
-Subject: [PATCH] Fix #289: Passing unrecognized formats to gdImageGd2 results
- in corrupted files
-
-We must not apply the format correction twice for truecolor images.
-
-(cherry picked from commit 09090c125658e23a4ae2a2e002646bb7278bd89e)
----
- src/gd_gd2.c             |  2 +-
- tests/gd2/CMakeLists.txt |  1 +
- tests/gd2/Makemodule.am  |  1 +
- tests/gd2/bug_289.c      | 33 +++++++++++++++++++++++++++++++++
- 4 files changed, 36 insertions(+), 1 deletion(-)
- create mode 100644 tests/gd2/bug_289.c
-
-diff --git a/src/gd_gd2.c b/src/gd_gd2.c
-index 86c881e..75e5e1f 100644
---- a/src/gd_gd2.c
-+++ b/src/gd_gd2.c
-@@ -918,7 +918,7 @@ _gdImageGd2 (gdImagePtr im, gdIOCtx * out, int cs, int fmt)
- 	/* Force fmt to a valid value since we don't return anything. */
- 	/* */
- 	if ((fmt != GD2_FMT_RAW) && (fmt != GD2_FMT_COMPRESSED)) {
--		fmt = im->trueColor ? GD2_FMT_TRUECOLOR_COMPRESSED : GD2_FMT_COMPRESSED;
-+		fmt = GD2_FMT_COMPRESSED;
- 	};
- 	if (im->trueColor) {
- 		fmt += 2;
-diff --git a/tests/gd2/CMakeLists.txt b/tests/gd2/CMakeLists.txt
-index 8aecacc..3b650ad 100644
---- a/tests/gd2/CMakeLists.txt
-+++ b/tests/gd2/CMakeLists.txt
-@@ -1,4 +1,5 @@
- SET(TESTS_FILES
-+	bug_289
- 	gd2_empty_file
- 	gd2_im2im
- 	gd2_null
-diff --git a/tests/gd2/Makemodule.am b/tests/gd2/Makemodule.am
-index 754a284..b8ee946 100644
---- a/tests/gd2/Makemodule.am
-+++ b/tests/gd2/Makemodule.am
-@@ -1,4 +1,5 @@
- libgd_test_programs += \
-+	gd2/bug_289 \
- 	gd2/gd2_empty_file \
- 	gd2/php_bug_72339 \
- 	gd2/gd2_read_corrupt
-diff --git a/tests/gd2/bug_289.c b/tests/gd2/bug_289.c
-new file mode 100644
-index 0000000..ad311e9
---- /dev/null
-+++ b/tests/gd2/bug_289.c
-@@ -0,0 +1,33 @@
-+/**
-+ * Passing an unrecognized format to gdImageGd2() should result in
-+ * GD2_FMT_TRUECOLOR_COMPRESSED for truecolor images.
-+ *
-+ * See <https://github.com/libgd/libgd/issues/289>.
-+ */
-+
-+#include "gd.h"
-+#include "gdtest.h"
-+
-+
-+#define GD2_FMT_UNRECOGNIZED 0
-+#define GD2_FMT_TRUECOLOR_COMPRESSED 4
-+
-+#define MSG "expected %s byte to be %d, but got %d\n"
-+
-+
-+int main()
-+{
-+    gdImagePtr im;
-+    char *buffer;
-+    int size;
-+
-+    im = gdImageCreateTrueColor(10, 10);
-+    gdTestAssert(im != NULL);
-+    buffer = (char *) gdImageGd2Ptr(im, 128, GD2_FMT_UNRECOGNIZED, &size);
-+    gdTestAssert(buffer != NULL);
-+    gdImageDestroy(im);
-+    gdTestAssertMsg(buffer[12] == 0, MSG, "1st", 0, buffer[12]);
-+    gdTestAssertMsg(buffer[13] == GD2_FMT_TRUECOLOR_COMPRESSED, MSG, "2nd", GD2_FMT_TRUECOLOR_COMPRESSED, buffer[13]);
-+
-+    return gdNumFailures();
-+}
diff --git a/gnu/packages/php.scm b/gnu/packages/php.scm
index a84ff43d7..94ea8436a 100644
--- a/gnu/packages/php.scm
+++ b/gnu/packages/php.scm
@@ -50,21 +50,10 @@
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:))
 
-;; This fixes PHP bugs 73155 and 73159. Remove when gd
-;; is updated to > 2.2.3.
-(define gd-for-php
-  (package (inherit gd)
-           (source
-            (origin
-              (inherit (package-source gd))
-              (patches (search-patches
-                        "gd-fix-truecolor-format-correction.patch"
-                        "gd-fix-chunk-size-on-boundaries.patch"))))))
-
 (define-public php
   (package
     (name "php")
-    (version "7.0.14")
+    (version "7.1.1")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -72,7 +61,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "12ccgbrfchgvmcfb88rcknq7xmrf19c5ysdr4v8jxk51j9izy78g"))
+                "0w7ybwm2q34hin4qc4l8zymnfwzcy66n08a842x4w1j12h65nmmk"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -258,8 +247,10 @@
                          "ext/gd/tests/bug43073.phpt"
                          ;; imagettftext() returns wrong coordinates.
                          "ext/gd/tests/bug48732.phpt"
+                         "ext/gd/tests/bug48732-mb.phpt"
                          ;; Similarly for imageftbbox().
                          "ext/gd/tests/bug48801.phpt"
+                         "ext/gd/tests/bug48801-mb.phpt"
                          ;; Different expected output from imagecolorallocate().
                          "ext/gd/tests/bug53504.phpt"
                          ;; Wrong image size after scaling an image.
@@ -291,7 +282,7 @@
        ("curl" ,curl)
        ("cyrus-sasl" ,cyrus-sasl)
        ("freetype" ,freetype)
-       ("gd" ,gd-for-php)
+       ("gd" ,gd)
        ("gdbm" ,gdbm)
        ("glibc" ,glibc)
        ("gmp" ,gmp)
-- 
2.11.0


^ permalink raw reply related	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-19 21:19 [PATCH] Update gd and php Julien Lepiller
@ 2017-01-20  5:53 ` Leo Famulari
  2017-01-20 15:33   ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2017-01-20  5:53 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 1819 bytes --]

On Thu, Jan 19, 2017 at 10:19:19PM +0100, Julien Lepiller wrote:
> A new version of gd and php were released today. Here are patches to
> update them. I could get rid of gd-for-php and use the system one
> instead. Two new tests had to be removed, they are related to already
> failing tests.

> From 502fa6202e8dabed3abdd584f720eb6128fdc127 Mon Sep 17 00:00:00 2001
> From: Julien Lepiller <julien@lepiller.eu>
> Date: Thu, 19 Jan 2017 22:09:35 +0100
> Subject: [PATCH 1/2] gnu: gd: Update to 2.2.4.
> 
> * gnu/packages/gd.scm (gd): Update to 2.2.4.
> ---
>  gnu/local.mk                                |  2 --
>  gnu/packages/gd.scm                         |  8 ++----
>  gnu/packages/patches/gd-CVE-2016-7568.patch | 44 -----------------------------
>  gnu/packages/patches/gd-CVE-2016-8670.patch | 38 -------------------------
>  4 files changed, 3 insertions(+), 89 deletions(-)
>  delete mode 100644 gnu/packages/patches/gd-CVE-2016-7568.patch
>  delete mode 100644 gnu/packages/patches/gd-CVE-2016-8670.patch

Thank you for this! Usually I prefer to give feedback and ask the
submitter to revise their patch, but there were so many complicating
factors that I just wrote my own:

http://lists.gnu.org/archive/html/guix-devel/2017-01/msg01641.html

Since the new release fixes security issues in a package that
causes many rebuilds when changed, we need to use a graft. [0]

I also noticed a gd-2.2.4 build failure on i686-linux.

And I think that PHP's use of libgd should be updated in the same
commit. Otherwise, after patch 1/2, PHP would require a gd-for-php with
patches that would fail to apply, leaving PHP broken for that commit.

[0] In case you haven't seen it, this is the "rebuilding" strategy:
http://lists.gnu.org/archive/html/guix-devel/2016-10/msg00933.html

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-20  5:53 ` Leo Famulari
@ 2017-01-20 15:33   ` Leo Famulari
  2017-01-20 16:12     ` julien lepiller
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2017-01-20 15:33 UTC (permalink / raw)
  To: Julien Lepiller; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 452 bytes --]

On Fri, Jan 20, 2017 at 12:53:19AM -0500, Leo Famulari wrote:
> And I think that PHP's use of libgd should be updated in the same
> commit. Otherwise, after patch 1/2, PHP would require a gd-for-php with
> patches that would fail to apply, leaving PHP broken for that commit.

I made a "thinko" here. My suggested patch wouldn't update the gd that
PHP is built with, but would only graft the output. So I've pushed the
graft without the change to PHP.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-20 15:33   ` Leo Famulari
@ 2017-01-20 16:12     ` julien lepiller
  2017-01-20 17:30       ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: julien lepiller @ 2017-01-20 16:12 UTC (permalink / raw)
  To: guix-devel

Le 2017-01-20 16:33, Leo Famulari a écrit :
> On Fri, Jan 20, 2017 at 12:53:19AM -0500, Leo Famulari wrote:
>> And I think that PHP's use of libgd should be updated in the same
>> commit. Otherwise, after patch 1/2, PHP would require a gd-for-php 
>> with
>> patches that would fail to apply, leaving PHP broken for that commit.
> 
> I made a "thinko" here. My suggested patch wouldn't update the gd that
> PHP is built with, but would only graft the output. So I've pushed the
> graft without the change to PHP.

How do you make php use gd-2.2.4, then? It needs to be updated too 
because the security issues with gd are still present in our current php 
package.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-20 16:12     ` julien lepiller
@ 2017-01-20 17:30       ` Leo Famulari
  2017-01-20 21:25         ` Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2017-01-20 17:30 UTC (permalink / raw)
  To: julien lepiller; +Cc: guix-devel

On Fri, Jan 20, 2017 at 05:12:46PM +0100, julien lepiller wrote:
> How do you make php use gd-2.2.4, then? It needs to be updated too because
> the security issues with gd are still present in our current php package.

It seems that gd-for-php gets replaced by gd-2.2.4 now:

$ ./pre-inst-env guix build -e '(@@ (gnu packages php) gd-for-php)'
/gnu/store/xg2r8hk5axfq7xk1aj9ql5ncgkpnh0vk-gd-2.2.4

But, building PHP with --dry-run implies that gd@2.2.3 will be used.

I think that we need to set (replacement #f) in gd-for-php, so that PHP
is built with gd@2.2.3, which will then be grafted to refer to gd-2.2.4
in the built output of PHP.

I'm a little unsure. Does anyone have advice?

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-20 17:30       ` Leo Famulari
@ 2017-01-20 21:25         ` Ludovic Courtès
  2017-01-21  1:22           ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2017-01-20 21:25 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel

Leo Famulari <leo@famulari.name> skribis:

> On Fri, Jan 20, 2017 at 05:12:46PM +0100, julien lepiller wrote:
>> How do you make php use gd-2.2.4, then? It needs to be updated too because
>> the security issues with gd are still present in our current php package.
>
> It seems that gd-for-php gets replaced by gd-2.2.4 now:
>
> $ ./pre-inst-env guix build -e '(@@ (gnu packages php) gd-for-php)'
> /gnu/store/xg2r8hk5axfq7xk1aj9ql5ncgkpnh0vk-gd-2.2.4
>
> But, building PHP with --dry-run implies that gd@2.2.3 will be used.
>
> I think that we need to set (replacement #f) in gd-for-php, so that PHP
> is built with gd@2.2.3, which will then be grafted to refer to gd-2.2.4
> in the built output of PHP.
>
> I'm a little unsure. Does anyone have advice?

If gd-for-php has #f as its replacement, then nothing will be grafted to
replace it.

Or am I missing something?

Ludo’.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-20 21:25         ` Ludovic Courtès
@ 2017-01-21  1:22           ` Leo Famulari
  2017-01-26 10:15             ` Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2017-01-21  1:22 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 3540 bytes --]

On Fri, Jan 20, 2017 at 10:25:40PM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> If gd-for-php has #f as its replacement, then nothing will be grafted to
> replace it.
> 
> Or am I missing something?

No, I am the one missing something. I built PHP (sans tests) and it does
refer to gd-2.2.4. I'm sorry for the confusion; I'm under the weather
these past few days.

However, PHP fails its test suite on my machine. The summary is below.
Please let me know which log files you might like me to share from the
build tree.

=====================================================================
FAILED TEST SUMMARY
---------------------------------------------------------------------
Test disk_free_space and its alias diskfreespace() functions : basic functionality [ext/standard/tests/file/disk_free_space_basic.phpt]
Test lstat() and stat() functions: usage variations - creating file/subdir [ext/standard/tests/file/lstat_stat_variation8.phpt]
Test lstat() and stat() functions: usage variations - deleting file/subdir [ext/standard/tests/file/lstat_stat_variation9.phpt]
=====================================================================

=====================================================================
WARNED TEST SUMMARY
---------------------------------------------------------------------
Temporary leak on exception [Zend/tests/temporary_cleaning_001.phpt] (warn: XFAIL section but test passes)
Fundamental memory leak test on temporaries [Zend/tests/temporary_cleaning_003.phpt] (warn: XFAIL section but test passes)
Temporary leak with switch [Zend/tests/temporary_cleaning_004.phpt] (warn: XFAIL section but test passes)
Temporary leak with foreach [Zend/tests/temporary_cleaning_005.phpt] (warn: XFAIL section but test passes)
Exception after separation during indirect write to fcall result [Zend/tests/temporary_cleaning_006.phpt] (warn: XFAIL section but test passes)
Bug #72663: Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization [ext/standard/tests/strings/bug72663_3.phpt] (warn: XFAIL section but test passes)
FPM: Test status page [sapi/fpm/tests/010.phpt] (warn: XFAIL section but test passes)
=====================================================================

You may have found a problem in PHP.
This report can be automatically sent to the PHP QA team at
http://qa.php.net/reports and http://news.php.net/php.qa.reports
This gives us a better understanding of PHP's behavior.
If you don't want to send the report immediately you can choose
option "s" to save it.	You can then email it to qa-reports@lists.php.net later.
Do you want to send this report now? [Yns]: 
Please enter your email address.
(Your address will be mangled so that it will not go out on any
mailinglist in plain text): sh: autoconf: command not found

Warning: fsockopen(): php_network_getaddresses: getaddrinfo failed: Name or service not known in /tmp/guix-build-php-7.0.14.drv-0/php-7.0.14/run-tests.php on line 1035

Warning: fsockopen(): unable to connect to qa.php.net:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known) in /tmp/guix-build-php-7.0.14.drv-0/php-7.0.14/run-tests.php on line 1035

The test script was unable to automatically send the report to PHP's QA Team
Please send /tmp/guix-build-php-7.0.14.drv-0/php-7.0.14/php_test_results_20170121_0053.txt to qa-reports@lists.php.net manually, thank you.
make: *** [Makefile:236: test] Error 1
phase `check' failed after 1234.5 seconds

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-21  1:22           ` Leo Famulari
@ 2017-01-26 10:15             ` Ludovic Courtès
  2017-01-27 19:43               ` Leo Famulari
  0 siblings, 1 reply; 10+ messages in thread
From: Ludovic Courtès @ 2017-01-26 10:15 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel

Hi!

Leo Famulari <leo@famulari.name> skribis:

> On Fri, Jan 20, 2017 at 10:25:40PM +0100, Ludovic Courtès wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>> If gd-for-php has #f as its replacement, then nothing will be grafted to
>> replace it.
>> 
>> Or am I missing something?
>
> No, I am the one missing something. I built PHP (sans tests) and it does
> refer to gd-2.2.4. I'm sorry for the confusion; I'm under the weather
> these past few days.
>
> However, PHP fails its test suite on my machine. The summary is below.
> Please let me know which log files you might like me to share from the
> build tree.
>
> =====================================================================
> FAILED TEST SUMMARY
> ---------------------------------------------------------------------
> Test disk_free_space and its alias diskfreespace() functions : basic functionality [ext/standard/tests/file/disk_free_space_basic.phpt]
> Test lstat() and stat() functions: usage variations - creating file/subdir [ext/standard/tests/file/lstat_stat_variation8.phpt]
> Test lstat() and stat() functions: usage variations - deleting file/subdir [ext/standard/tests/file/lstat_stat_variation9.phpt]
> =====================================================================

This doesn’t seem to have any connection to the gd change.

Are you using a file system other than ext[234]?

Does php in current master passes its tests on the same machine?

HTH!

Ludo’.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-26 10:15             ` Ludovic Courtès
@ 2017-01-27 19:43               ` Leo Famulari
  2017-01-27 23:04                 ` Ludovic Courtès
  0 siblings, 1 reply; 10+ messages in thread
From: Leo Famulari @ 2017-01-27 19:43 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: guix-devel

On Thu, Jan 26, 2017 at 11:15:43AM +0100, Ludovic Courtès wrote:
> Leo Famulari <leo@famulari.name> skribis:
> > =====================================================================
> > FAILED TEST SUMMARY
> > ---------------------------------------------------------------------
> > Test disk_free_space and its alias diskfreespace() functions : basic functionality [ext/standard/tests/file/disk_free_space_basic.phpt]
> > Test lstat() and stat() functions: usage variations - creating file/subdir [ext/standard/tests/file/lstat_stat_variation8.phpt]
> > Test lstat() and stat() functions: usage variations - deleting file/subdir [ext/standard/tests/file/lstat_stat_variation9.phpt]
> > =====================================================================
> 
> This doesn’t seem to have any connection to the gd change.
> 
> Are you using a file system other than ext[234]?
> 
> Does php in current master passes its tests on the same machine?

Good hunch. It builds fine for me on ext4 but not on btrfs.

I'll prepare a bug report for PHP.

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] Update gd and php
  2017-01-27 19:43               ` Leo Famulari
@ 2017-01-27 23:04                 ` Ludovic Courtès
  0 siblings, 0 replies; 10+ messages in thread
From: Ludovic Courtès @ 2017-01-27 23:04 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel

Leo Famulari <leo@famulari.name> skribis:

> On Thu, Jan 26, 2017 at 11:15:43AM +0100, Ludovic Courtès wrote:
>> Leo Famulari <leo@famulari.name> skribis:
>> > =====================================================================
>> > FAILED TEST SUMMARY
>> > ---------------------------------------------------------------------
>> > Test disk_free_space and its alias diskfreespace() functions : basic functionality [ext/standard/tests/file/disk_free_space_basic.phpt]
>> > Test lstat() and stat() functions: usage variations - creating file/subdir [ext/standard/tests/file/lstat_stat_variation8.phpt]
>> > Test lstat() and stat() functions: usage variations - deleting file/subdir [ext/standard/tests/file/lstat_stat_variation9.phpt]
>> > =====================================================================
>> 
>> This doesn’t seem to have any connection to the gd change.
>> 
>> Are you using a file system other than ext[234]?
>> 
>> Does php in current master passes its tests on the same machine?
>
> Good hunch. It builds fine for me on ext4 but not on btrfs.
>
> I'll prepare a bug report for PHP.

Thanks.  It’s interesting that file system details show up at this
level.  I’d be curious to see what feature/behavior is causing the
failure.

Ludo’.

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2017-01-27 23:04 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-19 21:19 [PATCH] Update gd and php Julien Lepiller
2017-01-20  5:53 ` Leo Famulari
2017-01-20 15:33   ` Leo Famulari
2017-01-20 16:12     ` julien lepiller
2017-01-20 17:30       ` Leo Famulari
2017-01-20 21:25         ` Ludovic Courtès
2017-01-21  1:22           ` Leo Famulari
2017-01-26 10:15             ` Ludovic Courtès
2017-01-27 19:43               ` Leo Famulari
2017-01-27 23:04                 ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).