From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marius Bakke Subject: Re: [PATCH] Add php Date: Fri, 18 Nov 2016 19:09:54 +0100 Message-ID: <87polsbqx9.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> References: <20161030130828.3797d37d@polymos.lepiller.eu> <20161030175105.1f6eeff2@polymos.lepiller.eu> <87ins9s9y1.fsf@duckhunt.i-did-not-set--mail-host-address--so-tickle-me> <20161102224052.7ec98d2d@lepiller.eu> <87eg2k8xp2.fsf@gnu.org> <20161111173123.51375f43@polymos.lepiller.eu> <87eg2etms7.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <87bmxitmdi.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <87y40m8ben.fsf@gnu.org> <8760nqtbg6.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <87lgwm6rwx.fsf@gnu.org> <87h977c6ux.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <89e7b7e761086ed5ace17abc9a7bf435@lepiller.eu> <87a8cyc6fb.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20161117203428.3344dc06@lepiller.eu> <8760nldeh0.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me> <20161118182504.201e90f5@lepiller.eu> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56149) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c7nbt-0005wd-B7 for guix-devel@gnu.org; Fri, 18 Nov 2016 13:10:02 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c7nbp-0002jT-2Q for guix-devel@gnu.org; Fri, 18 Nov 2016 13:10:01 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:39659) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1c7nbo-0002jK-Sl for guix-devel@gnu.org; Fri, 18 Nov 2016 13:09:57 -0500 In-Reply-To: <20161118182504.201e90f5@lepiller.eu> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Julien Lepiller , guix-devel@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Julien Lepiller writes: > On Thu, 17 Nov 2016 21:43:39 +0100 > Marius Bakke wrote: > >> Julien Lepiller writes: >>=20 >> >> >> Unfortunately that only fixed a handful of tests, the remaining >> >> >> 50-something had to be disabled for a variety of reasons. >> >> >>=20 >> >> >> I've added a commentary to each disabled test. If you recognize >> >> >> any of these errors/think you know what's going on, please >> >> >> update the patch. It would be nice to know if the iconv and gd >> >> >> stuff is expected, and if the two sqlite tests can really be >> >> >> ignored. The curl one is strange too.=20=20 >> >> > >> >> > Just as I wanted to send a similar patch ;) >> >> > >> >> > I've been looking at some of them. The failing sqlite test is a >> >> > bug in sqlite that has been fixed last august=20 >> >> > (https://sqlite.org/src/info/ef360601). We currently have >> >> > version 3.14.1, when the latest upstream version is 3.15.1. >> >> > Updating should fix the problem. >> >> > >> >> > 73159 has been fixed in gd: >> >> > https://github.com/libgd/libgd/issues/289 (more recent than >> >> > latest gd release unfortunately) >> >> > >> >> > 73155 has also been fixed in gd:=20 >> >> > https://github.com/libgd/libgd/issues/309 (even more recent) >> >> > >> >> > 72482 is fixed here:=20 >> >> > https://gist.github.com/anonymous/873314feb4f89bd8336711333299f748 >> >> > (a patch to the bundled libgd) >> >> > >> >> > 73213 is fixed here:=20 >> >> > https://git.php.net/?p=3Dphp-src.git;a=3Dblobdiff;f=3Dext/gd/libgd/= gd.c;h=3D033d4fa5f0e9740e8b8c397a9038a115c617c419;hp=3D0b4b42fa27558fa32cc5= 4e14dc297d9d0ba10832;hb=3D9acfb1a3a5268febb123b7e5fbd4eaf072c83537;hpb=3Dc0= 219b323e0048440acbdd9ad74624c4bc33c335=20 >> >> > (a patch to the bundled libgd) >> >> > >> >> > 72339 has a CVE id: 2016-5766, but it should be fixed in libgd >> >> > 2.2.3 that we have according to the CVE description, and the >> >> > failure is different from what the report says. >> >> > >> >> > 39780 has the unexpected output described in the bug report, so >> >> > it really fails. I don't think we can fix our libgd though, >> >> > because the bundled one has some php_* functions that are used >> >> > to get a warning instead of an error. >> >> > >> >> > we could include patches to our libgd to fix two (maybe four) >> >> > issues. We should also upgrade our sqlite version, but many >> >> > packages will then have to be rebuilt, or we could create a >> >> > separate package for the newer version. What do you suggest?=20=20 >> >>=20 >> >> Wow, thanks for this list! Including the two upstream gd fixes in a >> >> "gd-for-php" package should be fine, until a new release of gd is >> >> out. I'm more vary about including the PHP-specific ones though. >> >>=20 >> >> If there are serious problems with using an external (vanilla) gd, >> >> I think we either need to maintain a "gd-for-php" package >> >> indefinitely, or bite the bullet and use the bundled one. >> >>=20 >> >> Do you think it's safe to use our gd? And if not, would you be >> >> willing to keep up with PHP development and maintain the >> >> externalized gd component with it? >> > >> > Failures in tests caused by external gd are not too serious to >> > require us to switch to the bundled one I think. We may not even >> > need to patch our libgd with php specific patches, since the >> > failures are only slight deviation from the spec on corner cases. >> > If you prefer that we apply these patches too, then we could, and I >> > would still try to keep that up to date. >>=20 >> OK. Let's use external gd for now barring any serious issues. >>=20 >> > >> > What I am more worried about are the iconv crashes. That may be due >> > to lacking locales though. >>=20 >> You could try commenting them out and adding "glibc-locales" to >> native-inputs. Not sure if they will get picked up by that however. >>=20 >> A better test may be to try out that particular functionality using >> the installed version of php. If that works, we can be reasonably >> sure that dropping the tests is fine. >>=20 >> Attached is the final product, after adding a "gd-for-php" variable >> with the two upstream patches, as well as sqlite-3.15.1 (separate >> patch). >>=20 >> I'll push this tomorrow if there are no further comments. Thanks for >> your perseverance :) > Just one question: why defining gd-for-php with define, and not > define-public? It's to prevent it from showing up when people are searching for 'gd', and also to prevent it from being included by other files. It's only a temporary measure until the next version is released, so I saw no reason to export it. I'm on my way out, but will commit this tomorrow most likely :-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJYL0PyAAoJEKKgbfKjOlT608QIALHTy8xf6uirSRQ+QK/54y5R 8fOZvev2CIPfXCwDHOMBpq/5I7x8FJ/LcDDHWp5jNDlLj5o4VJ+3Ow5UmrDc4X4r mC41gwDZtUOy06xs/h5yT5BAJSIFjEPGx0ITLeGewZkmFuC/4S2ZzXK4QfSFIi7J GACRBG8bIGK+7EHfB3dC6GetHWXHjVwJBSU4tsKW/tjxQBja1yev5qGFiSMj5Sbg iEeX0i32hmZHvr9c/E4shje9m5rkijaXt07noONTdRGf0B/UDwXv+yGVAkorAnE+ gR55pTXraRFUp5Ftt5W6v8fTYyiZaZk32bInv/HVB5P491xHGzIVvq5QH74D/10= =vcVP -----END PGP SIGNATURE----- --=-=-=--