Bug#757342: wheezy-pu: package php5/5.4.31-0+deb7u1
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Dear release team,
as discussed on #debian-release about possibility of having minor PHP5
updates instead of hoarding various upstream patches, I am submitting
a w-p-u bug to discuss that and to summarize my findings (and my
positive attitude :).
++++++++
UPSTREAM
++++++++
Upstream is doing (very) good job in not breaking the BC in the stable
branches (e.g. 5.4.x, 5.5.x, 5.6.x) and only had one major regression
in last couple of years that was quickly fixed (5.4.18->5.4.19 &&
5.5.2->5.5.3). There's also one edge case that was forced by security
requirements (the serialization of internals objects[*]) introduced in
5.4.29 and fixed in 5.4.30.
The release process is documented in `PHP-RFC`_ and is followed by the
PHP release team/manager:
* x.y.z to x.y.z+1
* Bugfixes only (with a room for exceptions on a case by case basis
and only for small self contained features additions).
* Extensions support can't be removed (like move them to pecl)
* Backward compatibility must be kept (internals and userland)
* ABI/API compatibility must be kept (internals)
.. _PHP-RFC: https://wiki.php.net/rfc/releaseprocess
Upstream tests in 32-bit and 64-bit x86 (intel/amd64) and they do not
currently have the infrastructure to test on more archs. They test
major PHP software before each release (symfony, drupal, wp, joomla,
phpunit and a couple of other under windows and partially under
linux.)
I am also subscribed to PHP security list, so I closely watch the
upcoming security updates and my general feeling is ok.
+++++++++++++++++
PACKAGING REMARKS
+++++++++++++++++
I have synced the 5.4.31-0+deb7u1 with 5.4.4-14+deb7u13 so the
5.4.31-0+deb7u1 package contains only minimal changes:
* drop the suhosin remarks from debian/* (it's not used anyway)
* bump the d/source/format to 3.0 (quilt) and remove the quilt hacks
from d/rules
* removed merged upstream patches from d/patches/
++++++++++++
TEST RESULTS
++++++++++++
The php5-common package contains compressed upstream test results in
/usr/share/doc/php5/test-results.txt.gz
There are already couple of failed tests in 5.4.4-14+deb7u13, so I'll
just focus on the differences.
The comparison between FAILED tests in 5.4.4-14+deb7u13 and
5.4.31-0+deb7u1:
Bugs fixed in the new release
- -----------------------------
- -Bug #62653: unset($array[$float]) causes a crash [Zend/tests/bug62653.phpt]
- -Bug #65579 (Using traits with get_class_methods causes segfault) [Zend/tests/bug65579.phpt]
- -Bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi persistent connections) [ext/mysqli/tests/bug55283.phpt]
- -PDO SQLite Feature Request #42589 (getColumnMeta() should also return table name) [ext/pdo_sqlite/tests/bug_42589.phpt]
- -Multicast support: IPv6 receive options [ext/sockets/tests/mcast_ipv6_recv.phpt]
- -Test uniqid() function : basic functionality [ext/standard/tests/general_functions/uniqid_basic.phpt]
- -Bug #48562 (Reference recursion causes segfault when used in wddx_serialize_vars()) [ext/wddx/tests/bug48562.phpt]
Improved test description
- -------------------------
- -Bug #43073 (TrueType bounding box is wrong for angle<>0) [ext/gd/tests/bug43073.phpt]
+Bug #43073 (TrueType bounding box is wrong for angle<>0) freetype < 2.4.10 [ext/gd/tests/bug43073.phpt]
- -Bug #48801 (Problem with imagettfbbox) [ext/gd/tests/bug48801.phpt]
+Bug #48801 (Problem with imagettfbbox) freetype < 2.4.10 [ext/gd/tests/bug48801.phpt]
- -Test function gzgetc() by calling it with its expected arguments [ext/zlib/tests/gzgetc_basic.phpt]
+Test function gzgetc() by calling it with its expected arguments zlib 1.2.5 [ext/zlib/tests/gzgetc_basic.phpt]
New tests that fail
- -------------------
There's a couple of failing MySQL tests already with:
> Warning: mysqli::mysqli(): (HY000/2003): Can't connect to MySQL
> server on '127.0.0.1' (111) in
> <<builddir>>/ext/mysqli/tests/bug66043.php on line 3
It needs to be fixed anyway, and these two bugs are just added on top
of the pile of failed tests:
+Bug #62046 mysqli@mysqlnd can't iterate over stored sets after call to mysqli_stmt_reset() [ext/mysqli/tests/bug62046.phpt]
+Bug #66762 mysqli@libmysql segfault in mysqli_stmt::bind_result() when link closed [ext/mysqli/tests/bug66762.phpt]
We patch PHP to use system timezone database and it doesn't know the
test timezone (ASIA/Chongqing):
+Bug #60723 (error_log error time has changed to UTC ignoring default timezo) [ext/standard/tests/general_functions/bug60723.phpt]
Discovered regressions
- ----------------------
All these tests are online tests and they failed on "Host lookup
failed" or similar. They all work when run by hand in the chrooted
wheezy. We should probably disable the online tests anyway, since
they will fail anyway on firewalled build host.
+ext/sockets - socket_bind - basic test [ext/sockets/tests/socket_bind.phpt]
+gethostbyname() function - basic return valid ip address test [ext/standard/tests/network/gethostbyname_error004.phpt]
+getmxrr() test [ext/standard/tests/network/getmxrr.phpt
+http-stream test [ext/standard/tests/network/http-stream.phpt]
Build host related failures
- ---------------------------
These three tests fails now with 5.4.4-14+deb7u13 as well. I have
switched my build host to lxc container, so it's probably related to
missing multicast capabilities.
+Multicast support: IPv4 receive options [ext/sockets/tests/mcast_ipv4_recv.phpt]
+Multicast support: IPv4 send options [ext/sockets/tests/mcast_ipv4_send.phpt]
+Bug #63000: Multicast on OSX [ext/sockets/tests/bug63000.phpt] # NEW TEST
+++++++++++++
Other remarks
+++++++++++++
I run PHP 5.4 PPA for Ubuntu (ppa:ondrej/php5-oldstable) that is
probably most used PPA for updating PHP5 in Ubuntu (according to
number of questions on stackoverflow sites and the google results for
"how to update php5 in ubuntu"). I have never received a single
complaint about broken compatibility in x.y.z+1 update so far.
+++++++++
ToDo list
+++++++++
* Doublecheck the patch list from 5.4.4-14+deb7u13 for any still
relevant patches #MANDATORY
* Extract FAILED TEST SUMMARY from test-results, compare them with
last known state and fail if they differ (this should be arch
specific) #MANDATORY
* Reduce the number of FAILED TESTS either by fixing them, moving them
to XFAIL or SKIPing them #WISHIHADMORETIME
Ondrej
- -- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJT40jWAAoJEAyZtw70/LsHafwQAI73Ady32AZpdMFF6xhCbjwf
uk7vl5C5O5Tgh7NiYdeEF2QpEBn6slDQsnjFiEntes8+XPl+9T/BFMOCWftAIZPV
wZjDmNF2Z6dsyRYo6QWqK3RRjVSbcr40QnW2E87Zzv1cdP9E0jjAGgH0eOxa3Cgv
qRiTWZDsUaYcsOcaJPCqJQFrf7da5CfjsLHgS84j4Sw2b595kuubIu/h4BwjAXFs
u3AO/k91j9B0aEs+vnHTedmqqq3Q1es69XxOp9Yg+Q1Om4UGtHbJ9uoZmEgvonLn
6JwXvOWawQe2N9nmXOS4SEpETdkSKUvlEIK7dqM4be4ztXt/FFvrjCnCdg8Tu+XA
beXGOMzpTudIHtBsuIvw6Ac5Zqv67XEf2VtpGScZSATPwoRRiPpk1xVdFT1RFS5Y
e+VlpcqhL2psWmGMdmWFOOgPWpcRkAd7HJa/jblyChNpxZmqNrNGTS5J+Y80ImG0
/I6e3ac8KhSeDwg2kT6k9eJEVDrXeKdwFDFkBuSYdjVSHnVGNHkw7Wy1Pbh+DILi
poT/IszwQ7pxIjB/FK0hAHRay/j8fT9UFvdictvUsgdAzn3DmCL1+ZEPYc2oryfA
/tW9R4F9tJYdkmZJEJh/iqYzjqSGSDYNF765yQfSmxNRwLnEkFaajPREoGCzDp5Y
6DmuIImsd0qC0ggjGzFN
=C2Nd
-----END PGP SIGNATURE-----
Reply to: