Package: release.debian.org Severity: normal Tags: wheezy User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear release team, as discussed on #debian-release about possibility of having minor PHP5 updates instead of hoarding various upstream patches, I am submitting a w-p-u bug to discuss that and to summarize my findings (and my positive attitude :). ++++++++ UPSTREAM ++++++++ Upstream is doing (very) good job in not breaking the BC in the stable branches (e.g. 5.4.x, 5.5.x, 5.6.x) and only had one major regression in last couple of years that was quickly fixed (5.4.18->5.4.19 && 5.5.2->5.5.3). There's also one edge case that was forced by security requirements (the serialization of internals objects[*]) introduced in 5.4.29 and fixed in 5.4.30. The release process is documented in `PHP-RFC`_ and is followed by the PHP release team/manager: * x.y.z to x.y.z+1 * Bugfixes only (with a room for exceptions on a case by case basis and only for small self contained features additions). * Extensions support can't be removed (like move them to pecl) * Backward compatibility must be kept (internals and userland) * ABI/API compatibility must be kept (internals) .. _PHP-RFC: https://wiki.php.net/rfc/releaseprocess Upstream tests in 32-bit and 64-bit x86 (intel/amd64) and they do not currently have the infrastructure to test on more archs. They test major PHP software before each release (symfony, drupal, wp, joomla, phpunit and a couple of other under windows and partially under linux.) I am also subscribed to PHP security list, so I closely watch the upcoming security updates and my general feeling is ok. +++++++++++++++++ PACKAGING REMARKS +++++++++++++++++ I have synced the 5.4.31-0+deb7u1 with 5.4.4-14+deb7u13 so the 5.4.31-0+deb7u1 package contains only minimal changes: * drop the suhosin remarks from debian/* (it's not used anyway) * bump the d/source/format to 3.0 (quilt) and remove the quilt hacks from d/rules * removed merged upstream patches from d/patches/ ++++++++++++ TEST RESULTS ++++++++++++ The php5-common package contains compressed upstream test results in /usr/share/doc/php5/test-results.txt.gz There are already couple of failed tests in 5.4.4-14+deb7u13, so I'll just focus on the differences. The comparison between FAILED tests in 5.4.4-14+deb7u13 and 5.4.31-0+deb7u1: Bugs fixed in the new release - ----------------------------- - -Bug #62653: unset($array[$float]) causes a crash [Zend/tests/bug62653.phpt] - -Bug #65579 (Using traits with get_class_methods causes segfault) [Zend/tests/bug65579.phpt] - -Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) [ext/mysqli/tests/bug55283.phpt] - -PDO SQLite Feature Request #42589 (getColumnMeta() should also return table name) [ext/pdo_sqlite/tests/bug_42589.phpt] - -Multicast support: IPv6 receive options [ext/sockets/tests/mcast_ipv6_recv.phpt] - -Test uniqid() function : basic functionality [ext/standard/tests/general_functions/uniqid_basic.phpt] - -Bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()) [ext/wddx/tests/bug48562.phpt] Improved test description - ------------------------- - -Bug #43073 (TrueType bounding box is wrong for angle<>0) [ext/gd/tests/bug43073.phpt] +Bug #43073 (TrueType bounding box is wrong for angle<>0) freetype < 2.4.10 [ext/gd/tests/bug43073.phpt] - -Bug #48801 (Problem with imagettfbbox) [ext/gd/tests/bug48801.phpt] +Bug #48801 (Problem with imagettfbbox) freetype < 2.4.10 [ext/gd/tests/bug48801.phpt] - -Test function gzgetc() by calling it with its expected arguments [ext/zlib/tests/gzgetc_basic.phpt] +Test function gzgetc() by calling it with its expected arguments zlib 1.2.5 [ext/zlib/tests/gzgetc_basic.phpt] New tests that fail - ------------------- There's a couple of failing MySQL tests already with: > Warning: mysqli::mysqli(): (HY000/2003): Can't connect to MySQL > server on '127.0.0.1' (111) in > <<builddir>>/ext/mysqli/tests/bug66043.php on line 3 It needs to be fixed anyway, and these two bugs are just added on top of the pile of failed tests: +Bug #62046 mysqli@mysqlnd can't iterate over stored sets after call to mysqli_stmt_reset() [ext/mysqli/tests/bug62046.phpt] +Bug #66762 mysqli@libmysql segfault in mysqli_stmt::bind_result() when link closed [ext/mysqli/tests/bug66762.phpt] We patch PHP to use system timezone database and it doesn't know the test timezone (ASIA/Chongqing): +Bug #60723 (error_log error time has changed to UTC ignoring default timezo) [ext/standard/tests/general_functions/bug60723.phpt] Discovered regressions - ---------------------- All these tests are online tests and they failed on "Host lookup failed" or similar. They all work when run by hand in the chrooted wheezy. We should probably disable the online tests anyway, since they will fail anyway on firewalled build host. +ext/sockets - socket_bind - basic test [ext/sockets/tests/socket_bind.phpt] +gethostbyname() function - basic return valid ip address test [ext/standard/tests/network/gethostbyname_error004.phpt] +getmxrr() test [ext/standard/tests/network/getmxrr.phpt +http-stream test [ext/standard/tests/network/http-stream.phpt] Build host related failures - --------------------------- These three tests fails now with 5.4.4-14+deb7u13 as well. I have switched my build host to lxc container, so it's probably related to missing multicast capabilities. +Multicast support: IPv4 receive options [ext/sockets/tests/mcast_ipv4_recv.phpt] +Multicast support: IPv4 send options [ext/sockets/tests/mcast_ipv4_send.phpt] +Bug #63000: Multicast on OSX [ext/sockets/tests/bug63000.phpt] # NEW TEST +++++++++++++ Other remarks +++++++++++++ I run PHP 5.4 PPA for Ubuntu (ppa:ondrej/php5-oldstable) that is probably most used PPA for updating PHP5 in Ubuntu (according to number of questions on stackoverflow sites and the google results for "how to update php5 in ubuntu"). I have never received a single complaint about broken compatibility in x.y.z+1 update so far. +++++++++ ToDo list +++++++++ * Doublecheck the patch list from 5.4.4-14+deb7u13 for any still relevant patches #MANDATORY * Extract FAILED TEST SUMMARY from test-results, compare them with last known state and fail if they differ (this should be arch specific) #MANDATORY * Reduce the number of FAILED TESTS either by fixing them, moving them to XFAIL or SKIPing them #WISHIHADMORETIME Ondrej - -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJT40jWAAoJEAyZtw70/LsHafwQAI73Ady32AZpdMFF6xhCbjwf uk7vl5C5O5Tgh7NiYdeEF2QpEBn6slDQsnjFiEntes8+XPl+9T/BFMOCWftAIZPV wZjDmNF2Z6dsyRYo6QWqK3RRjVSbcr40QnW2E87Zzv1cdP9E0jjAGgH0eOxa3Cgv qRiTWZDsUaYcsOcaJPCqJQFrf7da5CfjsLHgS84j4Sw2b595kuubIu/h4BwjAXFs u3AO/k91j9B0aEs+vnHTedmqqq3Q1es69XxOp9Yg+Q1Om4UGtHbJ9uoZmEgvonLn 6JwXvOWawQe2N9nmXOS4SEpETdkSKUvlEIK7dqM4be4ztXt/FFvrjCnCdg8Tu+XA beXGOMzpTudIHtBsuIvw6Ac5Zqv67XEf2VtpGScZSATPwoRRiPpk1xVdFT1RFS5Y e+VlpcqhL2psWmGMdmWFOOgPWpcRkAd7HJa/jblyChNpxZmqNrNGTS5J+Y80ImG0 /I6e3ac8KhSeDwg2kT6k9eJEVDrXeKdwFDFkBuSYdjVSHnVGNHkw7Wy1Pbh+DILi poT/IszwQ7pxIjB/FK0hAHRay/j8fT9UFvdictvUsgdAzn3DmCL1+ZEPYc2oryfA /tW9R4F9tJYdkmZJEJh/iqYzjqSGSDYNF765yQfSmxNRwLnEkFaajPREoGCzDp5Y 6DmuIImsd0qC0ggjGzFN =C2Nd -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140807093730.7216.6132.report...@lettie.nic.cz