Summary: | dev-lang/php-{5.6.36,7.0.30}[intl]: dev-libs/icu dependency is causing downgrades | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Darko Luketic <info> |
Component: | Current packages | Assignee: | PHP Bugs <php-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | aarondoom, alpha, bircoph, hydrapolic, proctors |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | PHP-7.0.32 ICU>=61.1 Patch |
Description
Darko Luketic
2018-10-07 20:44:34 UTC
What happens when you try to $(emerge -av1 =dev-lang/php-5.6.38)? Oh now it's obvious. Php 5.6.36: intl? ( dev-libs/icu:= ) Php 5.6.38: intl? ( <dev-libs/icu-61.1:= ) But, icu 61.1 isn't stable yet. Please add =dev-libs/icu-61.1 to your package.accept_keywords and you'll be able to install php 5.6.38. > intl? ( <dev-libs/icu-61.1:= ) That's a strictly-less-than constraint =) It should match dev-libs/icu-60.2. We need to know this: > What happens when you try to $(emerge -av1 =dev-lang/php-5.6.38)? Comment #0 already shows that reporter of this bug has dev-libs/icu-62.1 installed. Portage chooses to downgrade dev-lang/php (from 5.6.38 to 5.6.36), but, most likely, rebuild of dev-lang/php-5.6.36 with dev-libs/icu-62.1 would fail. In order for Portage to make better suggestions, dependencies in older versions of dev-lang/php 5.6.* and 7.0.* should be synchronized with newer versions of dev-lang/php 5.6.* and 7.0.*: $ grep dev-libs/icu php-*.ebuild php-5.6.36.ebuild: intl? ( dev-libs/icu:= ) php-5.6.38.ebuild: intl? ( <dev-libs/icu-61.1:= ) php-7.0.30.ebuild: intl? ( dev-libs/icu:= ) php-7.0.32.ebuild: intl? ( <dev-libs/icu-61.1:= ) php-7.1.18.ebuild: intl? ( dev-libs/icu:= ) php-7.1.22.ebuild: intl? ( dev-libs/icu:= ) php-7.2.10.ebuild: intl? ( dev-libs/icu:= ) php-7.3.0_rc2.ebuild: intl? ( dev-libs/icu:= ) (In reply to Arfrever Frehtes Taifersar Arahesis from comment #4) > Comment #0 already shows that reporter of this bug has dev-libs/icu-62.1 > installed. > > Portage chooses to downgrade dev-lang/php (from 5.6.38 to 5.6.36), but, most > likely, rebuild of dev-lang/php-5.6.36 with dev-libs/icu-62.1 would fail. Thanks, I see the problem. > In order for Portage to make better suggestions, dependencies in older > versions of dev-lang/php 5.6.* and 7.0.* should be synchronized with newer > versions of dev-lang/php 5.6.* and 7.0.*: But we can't add an upper bound on the dependency in the older stable ebuilds without a revision bump... That could probably still go straight-to-stable, but in any case, I'd rather just delete the old versions. It looks like we're only waiting on alpha stabilizations for 5.6.38 and 7.0.32. Afterwards the older ebuilds without the version bound can be removed. @alpha team, please help =) There are already stabilization bugs open for php-5.6.38 and php-7.0.32 for security reasons. (In reply to Michael Orlitzky from comment #3) > > intl? ( <dev-libs/icu-61.1:= ) > > That's a strictly-less-than constraint =) Sorry, totally missed the less-than part :( Blind me. Hi, sorry for late reply. I'm sick and I went to bed after I posted this bug. To answer your question: ``` # emerge -av1 =dev-lang/php-5.6.38 These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild UD ] dev-libs/icu-60.2:0/60.2::gentoo [62.1:0/62.1::gentoo] USE="-debug -doc -examples -static-libs" ABI_X86="(64) -32 (-x32)" 0 KiB [ebuild R ] dev-lang/php-5.6.38:5.6::gentoo USE="acl bcmath berkdb bzip2 calendar cli crypt ctype curl enchant exif fileinfo filter flatfile fpm ftp gd gdbm gmp hash iconv imap inifile intl ipv6 json kerberos ldap ldap-sasl mhash mysql mysqli nls odbc opcache pcntl pdo phar posix postgres readline session simplexml snmp soap sockets sqlite ssl systemd sysvipc threads tokenizer truetype unicode wddx xml xmlreader xmlrpc xmlwriter xpm xslt zip zlib -apache2 -cdb -cgi -cjk -coverage -debug -embed -firebird -iodbc -libedit -libmysqlclient -libressl -mssql -oci8-instant-client -qdbm -recode (-selinux) -sharedmem -spell -sybase-ct -tidy -vpx" 0 KiB Total: 2 packages (1 downgrade, 1 reinstall), Size of downloads: 0 KiB !!! Multiple package instances within a single package slot have been pulled !!! into the dependency graph, resulting in a slot conflict: dev-libs/icu:0 (dev-libs/icu-60.2:0/60.2::gentoo, ebuild scheduled for merge) pulled in by <dev-libs/icu-61.1:= required by (dev-lang/php-5.6.38:5.6/5.6::gentoo, ebuild scheduled for merge) ^ ^^^^ ^ (dev-libs/icu-62.1:0/62.1::gentoo, installed) pulled in by >=dev-libs/icu-61.1:0/62.1= required by (net-libs/nodejs-9.11.2:0/0::gentoo, installed) ^^ ^^^^^^^^^^^^ >=dev-libs/icu-51.2-r1:0/62.1=[abi_x86_64(-)] required by (media-libs/harfbuzz-1.9.0:0/0.9.18::gentoo, installed) ^^^^^^^^ (and 10 more with the same problems) NOTE: Use the '--verbose-conflicts' option to display parents omitted above It may be possible to solve this problem by using package.mask to prevent one of those packages from being selected. However, it is also possible that conflicting dependencies exist such that they are impossible to satisfy simultaneously. If such a conflict exists in the dependencies of two different packages, then those packages can not be installed simultaneously. You may want to try a larger value of the --backtrack option, such as --backtrack=30, in order to see if that will solve this conflict automatically. For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. !!! The following installed packages are masked: - app-eselect/eselect-mesa-0.0.10-r1::gentoo (masked by: package.mask) /usr/portage/profiles/package.mask: # Matt Turner <mattst88@gentoo.org> (29 Sep 2018) # Removal in 30 days, bug #576334 - media-libs/celt-0.11.3::gentoo (masked by: package.mask) /usr/portage/profiles/package.mask: # Andreas Sturmlechner <asturm@gentoo.org> (16 Sep 2018) # was merged into the IETF Opus codec and is now obsolete # Removal in 30 days, bug #664154 For more information, see the MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. ``` dev-lang/php maintainers: Could you backport the following fix to dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?: https://git.php.net/?p=php-src.git;a=commit;h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b It would be better than forcing users to use older, potentially vulnerable versions of dev-libs/icu. (In reply to Arfrever Frehtes Taifersar Arahesis from comment #8) > dev-lang/php maintainers: Could you backport the following fix to > dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?: > https://git.php.net/?p=php-src.git;a=commit; > h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b > > It would be better than forcing users to use older, potentially vulnerable > versions of dev-libs/icu. PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively, with removal procedures starting shortly after. This is fixed in 7.1.17 and greater which users should start migrating to the new versions. While the fix is likely to be trivial with that commit, I will consider it if PHP releases a new version before expiration. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9b41d63fc172ef8fa87fb99b6a283926f82cf80 commit c9b41d63fc172ef8fa87fb99b6a283926f82cf80 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2018-10-11 14:38:47 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2018-10-11 14:41:39 +0000 dev-lang/php: Drop security vulnerable versions Bug: https://bugs.gentoo.org/666256 Bug: https://bugs.gentoo.org/668000 Signed-off-by: Brian Evans <grknight@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 dev-lang/php/Manifest | 3 - dev-lang/php/php-5.6.36.ebuild | 777 ----------------------------------------- dev-lang/php/php-7.0.30.ebuild | 751 --------------------------------------- dev-lang/php/php-7.1.18.ebuild | 731 -------------------------------------- 4 files changed, 2262 deletions(-) (In reply to Brian Evans from comment #9) > (In reply to Arfrever Frehtes Taifersar Arahesis from comment #8) > > dev-lang/php maintainers: Could you backport the following fix to > > dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?: > > https://git.php.net/?p=php-src.git;a=commit; > > h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b > > > > It would be better than forcing users to use older, potentially vulnerable > > versions of dev-libs/icu. > > PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively, > with removal procedures starting shortly after. > > This is fixed in 7.1.17 and greater which users should start migrating to > the new versions. > > While the fix is likely to be trivial with that commit, I will consider it > if PHP releases a new version before expiration. Well upgrading the php5 only symfony app isn't an option. php5.6 needs to remain up to date eol or no eol, since it's the last php5 version there is. (In reply to Darko Luketic from comment #11) > (In reply to Brian Evans from comment #9) > > (In reply to Arfrever Frehtes Taifersar Arahesis from comment #8) > > > dev-lang/php maintainers: Could you backport the following fix to > > > dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?: > > > https://git.php.net/?p=php-src.git;a=commit; > > > h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b > > > > > > It would be better than forcing users to use older, potentially vulnerable > > > versions of dev-libs/icu. > > > > PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively, > > with removal procedures starting shortly after. > > > > This is fixed in 7.1.17 and greater which users should start migrating to > > the new versions. > > > > While the fix is likely to be trivial with that commit, I will consider it > > if PHP releases a new version before expiration. > > Well upgrading the php5 only symfony app isn't an option. > > php5.6 needs to remain up to date eol or no eol, since it's the last php5 > version there is. This is not going to happen for very long. If there is enough interest, we are willing to take a snapshot overlay of everything non-script related (pecl packages and php itself) albeit masked with warnings. There has been more than enough time to get PHP 7 compliant. And that is exactly the reason why Gentoo is not an option for a professional OS. Armchair professionals without a clue for real life demands. Fix the damned package! Also it has NOTHING to do with code but it's all in the fucking dependencies. Do your fucking job or GTFO Just disabled the account above on my own, for pretty clear reason Created attachment 554570 [details, diff]
PHP-7.0.32 ICU>=61.1 Patch
I've been using this patch locally to build PHP 7.0.32 on my system.
Not sure if this is the acceptable way to propose a patch or anything, this isn't usually something I do.
I edit the ebuild and remove the version restriction for icu and run ebuild manifest after edit.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84aad4ad45480f8e32471abb446c72f72e5b50fe commit 84aad4ad45480f8e32471abb446c72f72e5b50fe Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-12-06 23:19:44 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-12-06 23:19:59 +0000 dev-lang/php: bump to v5.6.39 - EAPI bump to EAPI=7 - Add compatibility with ICU >= 61 Bug: https://bugs.gentoo.org/668000 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-lang/php/Manifest | 1 + .../php-5.6-intl-detect-icu-via-pkg-config.patch | 154 ++++ .../files/php-5.6-intl-icu-memory-corruption.patch | 88 +++ .../php/files/php-5.6-intl-use-icu-namespace.patch | 365 ++++++++++ dev-lang/php/php-5.6.39.ebuild | 785 +++++++++++++++++++++ 5 files changed, 1393 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44841df440d27a047fb34a5ebd1db9862a5bf6a4 commit 44841df440d27a047fb34a5ebd1db9862a5bf6a4 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-12-07 00:01:09 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-12-07 00:01:33 +0000 dev-lang/php: bump to v7.0.33 - EAPI bump to EAPI=7 - Add compatibility with ICU >= 61 Bug: https://bugs.gentoo.org/668000 Package-Manager: Portage-2.3.52, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-lang/php/Manifest | 1 + ...php-7.0.33-intl-detect-icu-via-pkg-config.patch | 159 +++++ .../php-7.0.33-intl-icu-memory-corruption.patch | 91 +++ .../files/php-7.0.33-intl-use-icu-namespace.patch | 369 ++++++++++ dev-lang/php/php-7.0.33.ebuild | 754 +++++++++++++++++++++ 5 files changed, 1374 insertions(+) |