Bug#397179: [php-maint] Bug#397179: Bug#397179: Bug#397179: Please don't add this patch
hey guys, just ftr, On Tuesday 22 May 2007 10:41, Ondřej Surý wrote: so I'm not that enthousiastic. But I'll do some more research and experimenting with this patch and a set of PHP applications, and see whether it's something to worry about or not. I suggest you read the patch :-). i've have actually heard of different breakages caused by the suhosin patch, but it seems that in such cases it's usually a matter of tweaking some variables here and there to increase certain limits, etc. also, there's a master toggle switch which turns errors into warnings. so, we could hypothetically ship with it turned off first to see how it's recieved, and then assuming we're still early enough in the release cycle we could turn it on and ship lenny with an active, suhosin-patched php. sean pgp5ADoOjFJ1u.pgp Description: PGP signature
Bug#397179: [php-maint] Bug#397179: Bug#397179: Bug#397179: Please don't add this patch
Jan Wagner píše v Po 21. 05. 2007 v 21:02 +0200: On Monday 21 May 2007 19:17, Ondřej Surý wrote: See my previous comment. When I read that patch a while ago, I didn't encounter any different behaviour in PHP skripts. My only concern was that it's binary incompatible with ZendOptimizer, which we are incompatible with anyway due LFS support. And to tell you truth - I couldn't care about ZendOptimizer less :-). The problem here is, we have a couple of customers using it with sarge. I don't have any idea to tell them how to work with this issue. Ok, as I said earlier. ZendOptimizer will not work because of LFS support. So you'll have to recompile your own php anyway. It's not that hard to pull sources (apt-get source php5), make some changes (edit debian/rules, debian/patches/...), satisfy build dependency (apt-get builddep php5) and recompile (apt-get install devscripts; debuild) Ondrej. -- Ondřej Surý [EMAIL PROTECTED] *** http://blog.rfc1925.org/ Kulturní občasník *** http://www.obcasnik.cz/
Bug#397179: [php-maint] Bug#397179: Bug#397179: Bug#397179: Please don't add this patch
On Tuesday 22 May 2007 09:27, you wrote: Jan Wagner píše v Po 21. 05. 2007 v 21:02 +0200: On Monday 21 May 2007 19:17, Ondřej Surý wrote: See my previous comment. When I read that patch a while ago, I didn't encounter any different behaviour in PHP skripts. My only concern was that it's binary incompatible with ZendOptimizer, which we are incompatible with anyway due LFS support. And to tell you truth - I couldn't care about ZendOptimizer less :-). The problem here is, we have a couple of customers using it with sarge. I don't have any idea to tell them how to work with this issue. Ok, as I said earlier. ZendOptimizer will not work because of LFS support. So you'll have to recompile your own php anyway. It's not that hard to pull sources (apt-get source php5), make some changes (edit debian/rules, debian/patches/...), satisfy build dependency (apt-get builddep php5) and recompile (apt-get install devscripts; debuild) Hi Ondřej, I'm aware of the procedure, cause maintaining sarge-backport of php5. This teached me also, that providing security support for php5 is a hard job and in my case its only to remove LFS support, adjust depencies, disable mysqli and repackage the whole stuff. I've done this twice last days and it's getting a bit annoying! Are there problems beside LFS (and maybe suhosin in the future) for 3rd party? With kind regards, Jan. -- Never write mail to [EMAIL PROTECTED], you have been warned! -BEGIN GEEK CODE BLOCK- Version: 3.1 GIT d-- s+: a- C+++ UL P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++ --END GEEK CODE BLOCK-- pgpC5svUub9d3.pgp Description: PGP signature
Bug#397179: [php-maint] Bug#397179: Bug#397179: Bug#397179: Please don't add this patch
Jan Wagner píše v Út 22. 05. 2007 v 09:51 +0200: I'm aware of the procedure, cause maintaining sarge-backport of php5. This teached me also, that providing security support for php5 is a hard job and in my case its only to remove LFS support, adjust dependencies, disable mysqli and repackage the whole stuff. You should probably use some VCS and just merge new versions into. Or at least keep those changes you made as patch? I've done this twice last days and it's getting a bit annoying! Are there problems beside LFS (and maybe suhosin in the future) for 3rd party? I am not aware of any. As for 'abi-compatible-flag' - now you just need to adjust CFLAGS. I don't remember any patch which needs to be modified/removed. And when we add suhosin patch ... I suggest you try to fool quilt into thinking it has already applied suhosin patch (before patch target) and vice versa. Ondrej. -- Ondřej Surý [EMAIL PROTECTED] *** http://blog.rfc1925.org/ Kulturní občasník *** http://www.obcasnik.cz/
Bug#397179: [php-maint] Bug#397179: Bug#397179: Bug#397179: Please don't add this patch
On Monday 21 May 2007 19:17, Ondřej Surý wrote: See my previous comment. When I read that patch a while ago, I didn't encounter any different behaviour in PHP skripts. My only concern was that it's binary incompatible with ZendOptimizer, which we are incompatible with anyway due LFS support. And to tell you truth - I couldn't care about ZendOptimizer less :-). The problem here is, we have a couple of customers using it with sarge. I don't have any idea to tell them how to work with this issue. With kind regards, Jan. pgp7QDvmDzw6w.pgp Description: PGP signature