Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
On 19.06.2016 [21:30:48 +0200], Mathieu Parent wrote: > )Control: clone -1 -2 > Control: reassign -1 php-horde-mapi 1.0.8-2 > Control: tag -1 + patch > Control: tag -2 + patch wontfix > > 2016-06-19 9:46 GMT+02:00 Nish Aravamudan: > > On 18.06.2016 [16:50:23 -0400], David Prévot wrote: > [...] > >> I disagree, and stand to what I’ve written in the last changelog entry: > >> > >> Actually fixing the constructors requires to also fix all their calls, > >> both internally and externally. This backward-incompatible change has > >> been achieved in version 2 of phpseclib, packaged in Debian as > >> php-phpseclib to ensure co-installability. (Closes: #819420) > > Okay. I agree with you David. > > > Right, my original patch in this e-mail was just to quieten the > > deprecated call from this testcase, as it's not really a failure (any > > output on stderr is treated as a failure). > > > >> From http://phpseclib.sourceforge.net/: > >> > >> The 2.0 branch has pretty much the exact same API as the 1.0 branch, > >> save for that it is namespaced, uses PHP5-style constructors (thereby > >> avoiding E_DEPRECATED errors) and requires the use of an autoloader. > [...] > > Agreed, and perhaps something like the attached (which passes > > autopkgtests for me) can be applied to Debian's package (and we can sync > > in Ubuntu) and massaged to be sent upstream? I apologize if this is way > > off-base, I'm not all a PHP developer :) > > Thanks Nish. You patch looks good. > > Some notes: > - In d/control, use php-phpseclib (>= 2~) as < and > operators are > obsolete (see man:dpkg(1)) > - "use phpseclib\Math;" is probably not needed as you use fully > qualified names after (see > http://php.net/manual/en/language.namespaces.importing.php) > - Can you send this upstream (using github.com/horde/horde or bugs.horde.org)? I'm working on this latter part today. Also, I just got a ping in a different upstream bug that maybe is relevant here, about this idea: http://cweiske.de/tagebuch/php4-constructors-php7.htm. Not sure why I didn't think of that myself, but it would avoid the issue that led to the regression in phpseclib, afaict, as the externally visible API would stay the same.
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
2016-06-21 3:36 GMT+02:00 Mathieu Parent: > 2016-06-20 23:33 GMT+02:00 Nish Aravamudan : > [...] >> Another question I had about this, since I was thinking about it. The >> current pkg-php-tools-overrides file for php-horde-mapi has: >> >> pear.php.net Math_BigInteger none >> >> Would it make sense to have php-seclib/php-phpseclib (appropriately >> versioned) provide this in the overrides file? Then the control file >> wouldn't need a manual modification, AIUI. Just trying to understand if >> that is the more maintainable approach. > > It is not possible to specify version in the override file, and seclib > (>= 2) is not available thru PEAR. > > So, no. My answer was cryptic. Let's recap: As seclib >=2 is not available thru PEAR, this dep should be removed from package.xml. When the package is available thru composer instead, upstream ships it under a bundle directory. Upstream will guide you once you've sent the minimal pull-request (i.e with stripped package.xml + patches php files). If Ubuntu is interrested to improve Horde in Debian (and transitively in Ubuntu), I need help on #825256 Regards -- Mathieu
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
2016-06-20 23:33 GMT+02:00 Nish Aravamudan: [...] > Another question I had about this, since I was thinking about it. The > current pkg-php-tools-overrides file for php-horde-mapi has: > > pear.php.net Math_BigInteger none > > Would it make sense to have php-seclib/php-phpseclib (appropriately > versioned) provide this in the overrides file? Then the control file > wouldn't need a manual modification, AIUI. Just trying to understand if > that is the more maintainable approach. It is not possible to specify version in the override file, and seclib (>= 2) is not available thru PEAR. So, no. Regards -- Mathieu
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
On 19.06.2016 [21:30:48 +0200], Mathieu Parent wrote: > )Control: clone -1 -2 > Control: reassign -1 php-horde-mapi 1.0.8-2 > Control: tag -1 + patch > Control: tag -2 + patch wontfix > > 2016-06-19 9:46 GMT+02:00 Nish Aravamudan: > > On 18.06.2016 [16:50:23 -0400], David Prévot wrote: > [...] > >> I disagree, and stand to what I’ve written in the last changelog entry: > >> > >> Actually fixing the constructors requires to also fix all their calls, > >> both internally and externally. This backward-incompatible change has > >> been achieved in version 2 of phpseclib, packaged in Debian as > >> php-phpseclib to ensure co-installability. (Closes: #819420) > > Okay. I agree with you David. > > > Right, my original patch in this e-mail was just to quieten the > > deprecated call from this testcase, as it's not really a failure (any > > output on stderr is treated as a failure). > > > >> From http://phpseclib.sourceforge.net/: > >> > >> The 2.0 branch has pretty much the exact same API as the 1.0 branch, > >> save for that it is namespaced, uses PHP5-style constructors (thereby > >> avoiding E_DEPRECATED errors) and requires the use of an autoloader. > [...] > > Agreed, and perhaps something like the attached (which passes > > autopkgtests for me) can be applied to Debian's package (and we can sync > > in Ubuntu) and massaged to be sent upstream? I apologize if this is way > > off-base, I'm not all a PHP developer :) > > Thanks Nish. You patch looks good. > > Some notes: > - In d/control, use php-phpseclib (>= 2~) as < and > operators are > obsolete (see man:dpkg(1)) > - "use phpseclib\Math;" is probably not needed as you use fully > qualified names after (see > http://php.net/manual/en/language.namespaces.importing.php) > - Can you send this upstream (using github.com/horde/horde or bugs.horde.org)? > > I'll apply your patch once I have some time to test. Another question I had about this, since I was thinking about it. The current pkg-php-tools-overrides file for php-horde-mapi has: pear.php.net Math_BigInteger none Would it make sense to have php-seclib/php-phpseclib (appropriately versioned) provide this in the overrides file? Then the control file wouldn't need a manual modification, AIUI. Just trying to understand if that is the more maintainable approach. Thanks, Nish
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
On 19.06.2016 [21:30:48 +0200], Mathieu Parent wrote: > )Control: clone -1 -2 > Control: reassign -1 php-horde-mapi 1.0.8-2 > Control: tag -1 + patch > Control: tag -2 + patch wontfix > > 2016-06-19 9:46 GMT+02:00 Nish Aravamudan: > > On 18.06.2016 [16:50:23 -0400], David Prévot wrote: > [...] > >> I disagree, and stand to what I’ve written in the last changelog entry: > >> > >> Actually fixing the constructors requires to also fix all their calls, > >> both internally and externally. This backward-incompatible change has > >> been achieved in version 2 of phpseclib, packaged in Debian as > >> php-phpseclib to ensure co-installability. (Closes: #819420) > > Okay. I agree with you David. > > > Right, my original patch in this e-mail was just to quieten the > > deprecated call from this testcase, as it's not really a failure (any > > output on stderr is treated as a failure). > > > >> From http://phpseclib.sourceforge.net/: > >> > >> The 2.0 branch has pretty much the exact same API as the 1.0 branch, > >> save for that it is namespaced, uses PHP5-style constructors (thereby > >> avoiding E_DEPRECATED errors) and requires the use of an autoloader. > [...] > > Agreed, and perhaps something like the attached (which passes > > autopkgtests for me) can be applied to Debian's package (and we can sync > > in Ubuntu) and massaged to be sent upstream? I apologize if this is way > > off-base, I'm not all a PHP developer :) > > Thanks Nish. You patch looks good. > > Some notes: > - In d/control, use php-phpseclib (>= 2~) as < and > operators are > obsolete (see man:dpkg(1)) Got it, thanks! > - "use phpseclib\Math;" is probably not needed as you use fully > qualified names after (see > http://php.net/manual/en/language.namespaces.importing.php) Good point, I'll test and fix this up. > - Can you send this upstream (using github.com/horde/horde or bugs.horde.org)? Yep, I'll do this first thing Monday! Thanks again for your help! -Nish -- Nishanth Aravamudan Ubuntu Server Canonical Ltd
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
)Control: clone -1 -2 Control: reassign -1 php-horde-mapi 1.0.8-2 Control: tag -1 + patch Control: tag -2 + patch wontfix 2016-06-19 9:46 GMT+02:00 Nish Aravamudan: > On 18.06.2016 [16:50:23 -0400], David Prévot wrote: [...] >> I disagree, and stand to what I’ve written in the last changelog entry: >> >> Actually fixing the constructors requires to also fix all their calls, >> both internally and externally. This backward-incompatible change has >> been achieved in version 2 of phpseclib, packaged in Debian as >> php-phpseclib to ensure co-installability. (Closes: #819420) Okay. I agree with you David. > Right, my original patch in this e-mail was just to quieten the > deprecated call from this testcase, as it's not really a failure (any > output on stderr is treated as a failure). > >> From http://phpseclib.sourceforge.net/: >> >> The 2.0 branch has pretty much the exact same API as the 1.0 branch, >> save for that it is namespaced, uses PHP5-style constructors (thereby >> avoiding E_DEPRECATED errors) and requires the use of an autoloader. [...] > Agreed, and perhaps something like the attached (which passes > autopkgtests for me) can be applied to Debian's package (and we can sync > in Ubuntu) and massaged to be sent upstream? I apologize if this is way > off-base, I'm not all a PHP developer :) Thanks Nish. You patch looks good. Some notes: - In d/control, use php-phpseclib (>= 2~) as < and > operators are obsolete (see man:dpkg(1)) - "use phpseclib\Math;" is probably not needed as you use fully qualified names after (see http://php.net/manual/en/language.namespaces.importing.php) - Can you send this upstream (using github.com/horde/horde or bugs.horde.org)? I'll apply your patch once I have some time to test. Regards -- Mathieu Parent
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
On 18.06.2016 [16:50:23 -0400], David Prévot wrote: > Hi, > > Le 18/06/2016 à 16:32, Mathieu Parent a écrit : > > > Some other things may break, but I'll vote still vote for this patch, > > as only 6 packages depends on it. > > > > David, what do you think? > > I disagree, and stand to what I’ve written in the last changelog entry: > > Actually fixing the constructors requires to also fix all their calls, > both internally and externally. This backward-incompatible change has > been achieved in version 2 of phpseclib, packaged in Debian as > php-phpseclib to ensure co-installability. (Closes: #819420) Right, my original patch in this e-mail was just to quieten the deprecated call from this testcase, as it's not really a failure (any output on stderr is treated as a failure). > From http://phpseclib.sourceforge.net/: > > The 2.0 branch has pretty much the exact same API as the 1.0 branch, > save for that it is namespaced, uses PHP5-style constructors (thereby > avoiding E_DEPRECATED errors) and requires the use of an autoloader. > > A proper fix to the deprecated constructor syntax is maintained > upstream, provided in Debian via php-phpseclib (version 2). If you want > to use it, you should depend on php-phpseclib instead of php-seclib > (helping various upstreams to move away from version 1 to version 2 will > probably be a better use of our collective time than patching the > version 1 ourselves). Agreed, and perhaps something like the attached (which passes autopkgtests for me) can be applied to Debian's package (and we can sync in Ubuntu) and massaged to be sent upstream? I apologize if this is way off-base, I'm not all a PHP developer :) -Nish diff -Nru php-horde-mapi-1.0.8/debian/changelog php-horde-mapi-1.0.8/debian/changelog --- php-horde-mapi-1.0.8/debian/changelog 2016-06-08 00:09:58.0 -0700 +++ php-horde-mapi-1.0.8/debian/changelog 2016-06-19 00:42:35.0 -0700 @@ -1,3 +1,9 @@ +php-horde-mapi (1.0.8-3) unstable; urgency=medium + + * debian/patches/use_phpseclibv2.patch: Move to php-phpseclib v2 API. + + -- Nishanth AravamudanSun, 19 Jun 2016 00:42:07 -0700 + php-horde-mapi (1.0.8-2) unstable; urgency=medium * Update Standards-Version to 3.9.8, no change diff -Nru php-horde-mapi-1.0.8/debian/control php-horde-mapi-1.0.8/debian/control --- php-horde-mapi-1.0.8/debian/control 2016-06-08 00:09:58.0 -0700 +++ php-horde-mapi-1.0.8/debian/control 2016-06-19 00:41:58.0 -0700 @@ -11,7 +11,7 @@ Package: php-horde-mapi Architecture: all -Depends: ${misc:Depends}, ${phppear:Debian-Depends}, php-seclib (<< 2~) +Depends: ${misc:Depends}, ${phppear:Debian-Depends}, php-phpseclib (> 2~) Recommends: ${phppear:Debian-Recommends} Breaks: ${phppear:Debian-Breaks} Description: ${phppear:summary} diff -Nru php-horde-mapi-1.0.8/debian/patches/series php-horde-mapi-1.0.8/debian/patches/series --- php-horde-mapi-1.0.8/debian/patches/series 1969-12-31 16:00:00.0 -0800 +++ php-horde-mapi-1.0.8/debian/patches/series 2016-06-19 00:41:51.0 -0700 @@ -0,0 +1 @@ +use_phpseclibv2.patch diff -Nru php-horde-mapi-1.0.8/debian/patches/use_phpseclibv2.patch php-horde-mapi-1.0.8/debian/patches/use_phpseclibv2.patch --- php-horde-mapi-1.0.8/debian/patches/use_phpseclibv2.patch 1969-12-31 16:00:00.0 -0800 +++ php-horde-mapi-1.0.8/debian/patches/use_phpseclibv2.patch 2016-06-19 00:43:13.0 -0700 @@ -0,0 +1,88 @@ +Description: Move to php-phpseclib v2 API + Use the v2 php-phpseclib library. +Author: Nishanth Aravamudan + +--- a/Horde_Mapi-1.0.8/lib/Horde/Mapi.php b/Horde_Mapi-1.0.8/lib/Horde/Mapi.php +@@ -20,6 +20,9 @@ + * @authorMichael J Rubinsky + * @package Mapi_Utils + */ ++ ++use phpseclib\Math; ++ + class Horde_Mapi + { + /** +@@ -169,13 +172,13 @@ + 'A'=>'10', 'B'=>'11', 'C'=>'12', 'D'=>'13', 'E'=>'14', 'F'=>'15' + ); + +-$bci = new Math_BigInteger('0'); ++$bci = new phpseclib\Math\BigInteger('0'); + $len = strlen($str); + for ($i = 0; $i < $len; ++$i) { +-$bci = $bci->multiply(new Math_BigInteger('16')); ++$bci = $bci->multiply(new phpseclib\Math\BigInteger('16')); + $ch = $str[$i]; + if (isset($hex[$ch])) { +-$bci = $bci->add(new Math_BigInteger($hex[$ch])); ++$bci = $bci->add(new phpseclib\Math\BigInteger($hex[$ch])); + } + } + +@@ -184,14 +187,14 @@ + + /** + * +- * @param Math_BigInteger $bci ++ * @param phpseclib\Math\BigInteger $bci + * @return string + */ + protected static function _win64ToUnix($bci) + { + // Unix epoch as a Windows file date-time value +-$t = $bci->subtract(new Math_BigInteger('116444735995904000'));// Cast to Unix epoch +-list($quotient, $remainder)
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
Hi, Le 18/06/2016 à 16:32, Mathieu Parent a écrit : > Some other things may break, but I'll vote still vote for this patch, > as only 6 packages depends on it. > > David, what do you think? I disagree, and stand to what I’ve written in the last changelog entry: Actually fixing the constructors requires to also fix all their calls, both internally and externally. This backward-incompatible change has been achieved in version 2 of phpseclib, packaged in Debian as php-phpseclib to ensure co-installability. (Closes: #819420) From http://phpseclib.sourceforge.net/: The 2.0 branch has pretty much the exact same API as the 1.0 branch, save for that it is namespaced, uses PHP5-style constructors (thereby avoiding E_DEPRECATED errors) and requires the use of an autoloader. A proper fix to the deprecated constructor syntax is maintained upstream, provided in Debian via php-phpseclib (version 2). If you want to use it, you should depend on php-phpseclib instead of php-seclib (helping various upstreams to move away from version 1 to version 2 will probably be a better use of our collective time than patching the version 1 ourselves). Regards David signature.asc Description: OpenPGP digital signature
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
Hello David, hello Nish 2016-06-17 18:48 GMT+02:00 Nish Aravamudan: [...] >> >> Thanks for the patch. I won't merge it, can you fix php-seclib instead >> (while not re-introducing #819420)? > > I am happy to try! It seems like the attached patch should do it at > least for all the php-seclib code. Thanks for your quick fix. > I'm not sure there's a way to audit > all source files in Debian that might include a PHP file from php-seclib > and then define a class and not use the non-deprecated constructor > syntax? The only references to "::Crypt" are in embedded copies of seclib: https://codesearch.debian.net/results/%3A%3ACrypt_/page_0 Some other things may break, but I'll vote still vote for this patch, as only 6 packages depends on it. David, what do you think? Regards -- Mathieu
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
On 17.06.2016 [14:17:49 +0200], Mathieu Parent wrote: > Control: tag -1 + confirmed + upstream - patch > Control: reassign -1 + php-seclib 1.0.2-1 > Control: affects -1 + php-horde-mapi > > > 2016-06-16 23:09 GMT+02:00 Nishanth Aravamudan >: > > Package: php-horde-mapi > > Version: 1.0.8-2 > > Severity: wishlist > > Tags: patch > > User: ubuntu-de...@lists.ubuntu.com > > Usertags: origin-ubuntu yakkety ubuntu-patch > > > > Dear Maintainer, > > > > autopkgtests in Debian and Ubuntu are failing, due to a deprecation > > warning being emitted on stderr during the test. > > > > In Ubuntu, the attached patch was applied to achieve the following: > > > > * d/tests/control: allow stderr output, as deprecated warnings from > > BigInteger are reported with PHP7.0 (LP: #1593003). > > > > Thanks for considering the patch. > > Hello Nishanth, > > Thanks for the patch. I won't merge it, can you fix php-seclib instead > (while not re-introducing #819420)? I am happy to try! It seems like the attached patch should do it at least for all the php-seclib code. I'm not sure there's a way to audit all source files in Debian that might include a PHP file from php-seclib and then define a class and not use the non-deprecated constructor syntax? Description: Fix "Methods with the same name as their class" deprecation PHP7 emits a deprecation warning for any class using a same-named function as a constructor (it should be __construct). Fix phpseclib to be internally consistent with this requirement. Author: Nishanth Aravamudan Bug-Debian: https://bugs.debian.org/827483 --- phpseclib-1.0.2.orig/phpseclib/Crypt/Base.php +++ phpseclib-1.0.2/phpseclib/Crypt/Base.php @@ -97,7 +97,7 @@ define('CRYPT_MODE_STREAM', 5); /**#@+ * @access private - * @see self::Crypt_Base() + * @see self::__construct() * @internal These constants are for internal use only */ /** @@ -127,7 +127,7 @@ class Crypt_Base /** * The Encryption Mode * - * @see self::Crypt_Base() + * @see self::__construct() * @var int * @access private */ @@ -316,7 +316,7 @@ class Crypt_Base /** * Is the mode one that is paddable? * - * @see self::Crypt_Base() + * @see self::__construct() * @var bool * @access private */ @@ -411,7 +411,7 @@ class Crypt_Base * $aes = new Crypt_AES(CRYPT_AES_MODE_CFB); // $aes will operate in cfb mode * $aes = new Crypt_AES(CRYPT_MODE_CFB); // identical * - * @see self::Crypt_Base() + * @see self::__construct() * @var string * @access private */ @@ -503,7 +503,7 @@ class Crypt_Base * @param int $mode * @access public */ -function Crypt_Base($mode = CRYPT_MODE_CBC) +function __construct($mode = CRYPT_MODE_CBC) { // $mode dependent settings switch ($mode) { @@ -1587,7 +1587,7 @@ class Crypt_Base /** * Test for engine validity * - * @see self::Crypt_Base() + * @see self::__construct() * @param int $engine * @access public * @return bool @@ -1654,7 +1654,7 @@ class Crypt_Base * * If the preferred crypt engine is not available the fastest available one will be used * - * @see self::Crypt_Base() + * @see self::__construct() * @param int $engine * @access public */ @@ -1687,7 +1687,7 @@ class Crypt_Base /** * Sets the engine as appropriate * - * @see self::Crypt_Base() + * @see self::__construct() * @access private */ function _setEngine() --- phpseclib-1.0.2.orig/phpseclib/Crypt/Hash.php +++ phpseclib-1.0.2/phpseclib/Crypt/Hash.php @@ -56,7 +56,7 @@ /**#@+ * @access private - * @see self::Crypt_Hash() + * @see self::__construct() */ /** * Toggles the internal implementation @@ -151,7 +151,7 @@ class Crypt_Hash * @return Crypt_Hash * @access public */ -function Crypt_Hash($hash = 'sha1') +function __construct($hash = 'sha1') { if (!defined('CRYPT_HASH_MODE')) { switch (true) { --- phpseclib-1.0.2.orig/phpseclib/Crypt/RC2.php +++ phpseclib-1.0.2/phpseclib/Crypt/RC2.php @@ -351,13 +351,13 @@ class Crypt_RC2 extends Crypt_Base * * If not explicitly set, CRYPT_RC2_MODE_CBC will be used. * - * @see Crypt_Base::Crypt_Base() + * @see Crypt_Base::__construct() * @param int $mode * @access public */ -function Crypt_RC2($mode = CRYPT_RC2_MODE_CBC) +function __construct($mode = CRYPT_RC2_MODE_CBC) { -parent::Crypt_Base($mode); +parent::__construct($mode); } /** @@ -365,7 +365,7 @@ class Crypt_RC2 extends Crypt_Base * * This is mainly just a wrapper to set things up for Crypt_Base::isValidEngine() * - * @see Crypt_Base::Crypt_Base() + * @see Crypt_Base::__construct() * @param int $engine *
Bug#827483: [pkg-horde] Bug#827483: php-horde-mapi: fix autopkgtest errors
Control: tag -1 + confirmed + upstream - patch Control: reassign -1 + php-seclib 1.0.2-1 Control: affects -1 + php-horde-mapi 2016-06-16 23:09 GMT+02:00 Nishanth Aravamudan: > Package: php-horde-mapi > Version: 1.0.8-2 > Severity: wishlist > Tags: patch > User: ubuntu-de...@lists.ubuntu.com > Usertags: origin-ubuntu yakkety ubuntu-patch > > Dear Maintainer, > > autopkgtests in Debian and Ubuntu are failing, due to a deprecation > warning being emitted on stderr during the test. > > In Ubuntu, the attached patch was applied to achieve the following: > > * d/tests/control: allow stderr output, as deprecated warnings from > BigInteger are reported with PHP7.0 (LP: #1593003). > > Thanks for considering the patch. Hello Nishanth, Thanks for the patch. I won't merge it, can you fix php-seclib instead (while not re-introducing #819420)? Regards -- Mathieu