Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 668000 - dev-lang/php-{5.6.36,7.0.30}[intl]: dev-libs/icu dependency is causing downgrades
Summary: dev-lang/php-{5.6.36,7.0.30}[intl]: dev-libs/icu dependency is causing downgr...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: PHP Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-07 20:44 UTC by Darko Luketic
Modified: 2018-12-07 01:10 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
PHP-7.0.32 ICU>=61.1 Patch (intl.patch,1.89 KB, patch)
2018-11-08 18:49 UTC, Aaron Nixon
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Darko Luketic 2018-10-07 20:44:34 UTC
php <5.6.38 is vulnerable
https://bugs.gentoo.org/666256

# emerge --info
Portage 2.3.50 (python 3.6.6-final-0, default/linux/amd64/17.0/systemd, gcc-7.3.0, glibc-2.27-r6, 4.18.8-gentoo x86_64)
=================================================================
System uname: Linux-4.18.8-gentoo-x86_64-Intel-R-_Xeon-R-_CPU_E3-1245_V2_@_3.40GHz-with-gentoo-2.6
KiB Mem:    32791656 total,  21923668 free
KiB Swap:   31457276 total,  31457276 free
Timestamp of repository gentoo: Sun, 07 Oct 2018 19:45:01 +0000
Head commit of repository gentoo: 68d838966e51132cce3f9fc08caf139730c54386
sh bash 4.4_p23
ld GNU ld (Gentoo 2.28 p1.2) 2.28
app-shells/bash:          4.4_p23::gentoo
dev-java/java-config:     2.2.0-r4::gentoo
dev-lang/perl:            5.26.2::gentoo
dev-lang/python:          2.7.15::gentoo, 3.4.8-r1::gentoo, 3.6.6::gentoo
dev-util/cmake:           3.12.2::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.6-r1::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.13::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.13.4-r1::gentoo, 1.14.1-r1::gentoo, 1.15.1-r2::gentoo, 1.16.1-r1::gentoo
sys-devel/binutils:       2.25.1-r1::gentoo, 2.26.1::gentoo, 2.27::gentoo, 2.28-r2::gentoo, 2.28.1::gentoo, 2.29::gentoo, 2.29.1-r1::gentoo, 2.30-r3::gentoo, 2.31.1-r1::gentoo
sys-devel/gcc:            7.3.0-r3::gentoo, 8.2.0-r2::gentoo
sys-devel/gcc-config:     2.0::gentoo
sys-devel/libtool:        2.4.6-r5::gentoo
sys-devel/make:           4.2.1-r4::gentoo
sys-kernel/linux-headers: 4.17::gentoo (virtual/os-headers)
sys-libs/glibc:           2.27-r6::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.de.gentoo.org/gentoo-portage/
    priority: -1000
    sync-rsync-verify-max-age: 24
    sync-rsync-extra-opts: --exclude-from=/etc/portage/rsync_excludes
    sync-rsync-verify-jobs: 1
    sync-rsync-verify-metamanifest: no

dalu
    location: /usr/local/portage
    masters: gentoo
    priority: 0

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=native"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.3/conf /var/bind"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.6/ext-active/ /etc/php/apache2-php7.1/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cli-php7.1/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=native"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--quiet-build=y --jobs=3 --buildpkg-exclude 'virtual/* sys-kernel/*-sources'"
ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirror.hetzner.de/gentoo/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j8 -l8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X509 acl aes amd64 audit avx berkdb bzip2 caps cli crypt cxx dri fortran gdbm http2 iconv icu ipv6 libtirpc mdadm mmx mmxext modern-top modules multilib ncurses nls nptl openmp pam pcre popcnt readline seccomp sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 systemd tcpd threads udev unicode xattr zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog cgroups conntrack cpu cpufreq cpusleep curl curl_json curl_xml disk email ethstat filecount fscache hddtemp iptables logfile match_regex md mysql nginx notify_email ntpd postgresql processes protocols rrdcached sensors smart snmp tcpconns thermal unixsock uptime users uuid virt vmem write_graphite write_http write_kafka write_log write_redis" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="af be bg br ca cs cy da de de-1901 el en eo es et fi fo fr ga gl he hr hu hy ia id is it km ku la lt lv mi mk ms nb nl nn no pl pt pt-BR ro ru sk sl sq sr sv sw tn uk vi zu" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif geo gzip map proxy referer rewrite userid addition auth_pam auth_request cache_purge echo geoip gunzip gzip_static headers_more metrics push_stream realip secure_link slowfs_cache spdy sticky stub_status sub upload_progress upstream_check fastcgi dav dav_ext degradation fancyindex flv image_filter limit_conn limit_req memc mp4 slice split_clients ssi upstream_hash upstream_ip_hash upstream_keepalive upstream_least_conn upstream_zone xslt" NGINX_MODULES_MAIL="imap pop3 smtp" NGINX_MODULES_STREAM="access geo geoip limit_conn map realip return split_clients ssl_preread upstream_hash upstream_least_conn upstream_zone" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-1 php5-6" POSTGRES_TARGETS="postgres10" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6" QEMU_SOFTMMU_TARGETS="x86_64 arm i386 mips mips64 mips64el mipsel ppc ppc64 ppcemb sh4 sh4eb sparc sparc64" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS


!!! existing preserved libs:
>>> package: dev-libs/icu-62.1
 *  - /usr/lib64/libicudata.so.60
 *  - /usr/lib64/libicudata.so.60.2
 *  - /usr/lib64/libicui18n.so.60
 *  - /usr/lib64/libicui18n.so.60.2
 *      used by /usr/lib64/php5.6/bin/php (dev-lang/php-5.6.38)
 *      used by /usr/lib64/php5.6/bin/php-fpm (dev-lang/php-5.6.38)
 *  - /usr/lib64/libicuio.so.60
 *  - /usr/lib64/libicuio.so.60.2
 *      used by /usr/lib64/php5.6/bin/php (dev-lang/php-5.6.38)
 *      used by /usr/lib64/php5.6/bin/php-fpm (dev-lang/php-5.6.38)
 *  - /usr/lib64/libicuuc.so.60
 *  - /usr/lib64/libicuuc.so.60.2
 *      used by /usr/lib64/php5.6/bin/php (dev-lang/php-5.6.38)
 *      used by /usr/lib64/php5.6/bin/php-fpm (dev-lang/php-5.6.38)
>>> package: dev-libs/libffi-3.3_rc0
 *  - /usr/lib64/libffi.so.6
 *  - /usr/lib64/libffi.so.6.0.4
 *      used by /usr/bin/g-ir-compiler (dev-libs/gobject-introspection-1.56.1)
 *      used by /usr/lib/llvm/4/lib64/libLLVMInterpreter.so.4.0.0 (sys-devel/llvm-4.0.0-r2)
 *      used by /usr/lib/llvm/6/lib64/libLLVMInterpreter.so.6.0.0 (sys-devel/llvm-6.0.0)
 *      used by 12 other files
>>> package: sys-libs/binutils-libs-2.31.1-r1
 *  - /usr/lib64/libbfd-2.31.1.so
 *      used by /usr/lib64/cairo/libcairo-trace.so.0.0.0 (x11-libs/cairo-1.14.12)


also somewhere in `emerge -avuD @world`

[ebuild     UD ] dev-lang/php-5.6.36:5.6::gentoo [5.6.38:5.6::gentoo] USE="acl bcmath berkdb bzip2 calendar cli crypt ctype curl enchant exif fileinfo filter flatfile fpm ftp gd gdbm gmp hash iconv imap inifile intl ipv6 json kerberos ldap ldap-sasl mhash mysql mysqli nls odbc opcache pcntl pdo phar posix postgres readline session simplexml snmp soap sockets sqlite ssl systemd sysvipc threads tokenizer truetype unicode wddx xml xmlreader xmlrpc xmlwriter xpm xslt zip zlib -apache2 -cdb -cgi -cjk -coverage -debug -embed -firebird -iodbc -libedit -libmysqlclient -libressl -mssql -oci8-instant-client -qdbm -recode (-selinux) -sharedmem -spell -sybase-ct -tidy -vpx" 0 KiB

I have PHP5 and PHP7 because of an old project that runs with php5 and can't be upgraded to 7.
Comment 1 Tomáš Mózes 2018-10-07 22:36:33 UTC
What happens when you try to $(emerge -av1 =dev-lang/php-5.6.38)?
Comment 2 Tomáš Mózes 2018-10-07 22:40:16 UTC
Oh now it's obvious. 

Php 5.6.36:
intl? ( dev-libs/icu:= )

Php 5.6.38:
intl? ( <dev-libs/icu-61.1:= )

But, icu 61.1 isn't stable yet. Please add =dev-libs/icu-61.1 to your package.accept_keywords and you'll be able to install php 5.6.38.
Comment 3 Michael Orlitzky gentoo-dev 2018-10-07 23:04:52 UTC
> intl? ( <dev-libs/icu-61.1:= )

That's a strictly-less-than constraint =)

It should match dev-libs/icu-60.2. We need to know this:

> What happens when you try to $(emerge -av1 =dev-lang/php-5.6.38)?
Comment 4 Arfrever Frehtes Taifersar Arahesis 2018-10-07 23:45:00 UTC
Comment #0 already shows that reporter of this bug has dev-libs/icu-62.1 installed.

Portage chooses to downgrade dev-lang/php (from 5.6.38 to 5.6.36), but, most likely, rebuild of dev-lang/php-5.6.36 with dev-libs/icu-62.1 would fail.

In order for Portage to make better suggestions, dependencies in older versions of dev-lang/php 5.6.* and 7.0.* should be synchronized with newer versions of dev-lang/php 5.6.* and 7.0.*:

$ grep dev-libs/icu php-*.ebuild
php-5.6.36.ebuild:      intl? ( dev-libs/icu:= )
php-5.6.38.ebuild:      intl? ( <dev-libs/icu-61.1:= )
php-7.0.30.ebuild:      intl? ( dev-libs/icu:= )
php-7.0.32.ebuild:      intl? ( <dev-libs/icu-61.1:= )
php-7.1.18.ebuild:      intl? ( dev-libs/icu:= )
php-7.1.22.ebuild:      intl? ( dev-libs/icu:= )
php-7.2.10.ebuild:      intl? ( dev-libs/icu:= )
php-7.3.0_rc2.ebuild:   intl? ( dev-libs/icu:= )
Comment 5 Michael Orlitzky gentoo-dev 2018-10-08 00:53:01 UTC
(In reply to Arfrever Frehtes Taifersar Arahesis from comment #4)
> Comment #0 already shows that reporter of this bug has dev-libs/icu-62.1
> installed.
> 
> Portage chooses to downgrade dev-lang/php (from 5.6.38 to 5.6.36), but, most
> likely, rebuild of dev-lang/php-5.6.36 with dev-libs/icu-62.1 would fail.

Thanks, I see the problem.


> In order for Portage to make better suggestions, dependencies in older
> versions of dev-lang/php 5.6.* and 7.0.* should be synchronized with newer
> versions of dev-lang/php 5.6.* and 7.0.*:

But we can't add an upper bound on the dependency in the older stable ebuilds without a revision bump... That could probably still go straight-to-stable, but in any case, I'd rather just delete the old versions. It looks like we're only waiting on alpha stabilizations for 5.6.38 and 7.0.32. Afterwards the older ebuilds without the version bound can be removed.

@alpha team, please help =)

There are already stabilization bugs open for php-5.6.38 and php-7.0.32 for security reasons.
Comment 6 Tomáš Mózes 2018-10-08 09:07:22 UTC
(In reply to Michael Orlitzky from comment #3)
> > intl? ( <dev-libs/icu-61.1:= )
> 
> That's a strictly-less-than constraint =)

Sorry, totally missed the less-than part :( Blind me.
Comment 7 Darko Luketic 2018-10-08 09:10:46 UTC
Hi, sorry for late reply. I'm sick and I went to bed after I posted this bug.

To answer your question:

```
# emerge -av1 =dev-lang/php-5.6.38

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild     UD ] dev-libs/icu-60.2:0/60.2::gentoo [62.1:0/62.1::gentoo] USE="-debug -doc -examples -static-libs" ABI_X86="(64) -32 (-x32)" 0 KiB
[ebuild   R    ] dev-lang/php-5.6.38:5.6::gentoo  USE="acl bcmath berkdb bzip2 calendar cli crypt ctype curl enchant exif fileinfo filter flatfile fpm ftp gd gdbm gmp hash iconv imap inifile intl ipv6 json kerberos ldap ldap-sasl mhash mysql mysqli nls odbc opcache pcntl pdo phar posix postgres readline session simplexml snmp soap sockets sqlite ssl systemd sysvipc threads tokenizer truetype unicode wddx xml xmlreader xmlrpc xmlwriter xpm xslt zip zlib -apache2 -cdb -cgi -cjk -coverage -debug -embed -firebird -iodbc -libedit -libmysqlclient -libressl -mssql -oci8-instant-client -qdbm -recode (-selinux) -sharedmem -spell -sybase-ct -tidy -vpx" 0 KiB

Total: 2 packages (1 downgrade, 1 reinstall), Size of downloads: 0 KiB

!!! Multiple package instances within a single package slot have been pulled
!!! into the dependency graph, resulting in a slot conflict:

dev-libs/icu:0

  (dev-libs/icu-60.2:0/60.2::gentoo, ebuild scheduled for merge) pulled in by
    <dev-libs/icu-61.1:= required by (dev-lang/php-5.6.38:5.6/5.6::gentoo, ebuild scheduled for merge)
    ^             ^^^^ ^                                                                                                                                                        

  (dev-libs/icu-62.1:0/62.1::gentoo, installed) pulled in by
    >=dev-libs/icu-61.1:0/62.1= required by (net-libs/nodejs-9.11.2:0/0::gentoo, installed)
    ^^             ^^^^^^^^^^^^                                                                                                                                      
    >=dev-libs/icu-51.2-r1:0/62.1=[abi_x86_64(-)] required by (media-libs/harfbuzz-1.9.0:0/0.9.18::gentoo, installed)
                          ^^^^^^^^                                                                                                                       
    (and 10 more with the same problems)

NOTE: Use the '--verbose-conflicts' option to display parents omitted above

It may be possible to solve this problem by using package.mask to
prevent one of those packages from being selected. However, it is also
possible that conflicting dependencies exist such that they are
impossible to satisfy simultaneously.  If such a conflict exists in
the dependencies of two different packages, then those packages can
not be installed simultaneously. You may want to try a larger value of
the --backtrack option, such as --backtrack=30, in order to see if
that will solve this conflict automatically.

For more information, see MASKED PACKAGES section in the emerge man
page or refer to the Gentoo Handbook.


!!! The following installed packages are masked:
- app-eselect/eselect-mesa-0.0.10-r1::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Matt Turner <mattst88@gentoo.org> (29 Sep 2018)
# Removal in 30 days, bug #576334

- media-libs/celt-0.11.3::gentoo (masked by: package.mask)
/usr/portage/profiles/package.mask:
# Andreas Sturmlechner <asturm@gentoo.org> (16 Sep 2018)
# was merged into the IETF Opus codec and is now obsolete
# Removal in 30 days, bug #664154

For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook.

```
Comment 8 Arfrever Frehtes Taifersar Arahesis 2018-10-09 09:08:39 UTC
dev-lang/php maintainers: Could you backport the following fix to dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?:
https://git.php.net/?p=php-src.git;a=commit;h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b

It would be better than forcing users to use older, potentially vulnerable versions of dev-libs/icu.
Comment 9 Brian Evans Gentoo Infrastructure gentoo-dev 2018-10-09 14:52:28 UTC
(In reply to Arfrever Frehtes Taifersar Arahesis from comment #8)
> dev-lang/php maintainers: Could you backport the following fix to
> dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?:
> https://git.php.net/?p=php-src.git;a=commit;
> h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b
> 
> It would be better than forcing users to use older, potentially vulnerable
> versions of dev-libs/icu.

PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively, with removal procedures starting shortly after.

This is fixed in 7.1.17 and greater which users should start migrating to the new versions.

While the fix is likely to be trivial with that commit, I will consider it if PHP releases a new version before expiration.
Comment 10 Larry the Git Cow gentoo-dev 2018-10-11 14:41:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9b41d63fc172ef8fa87fb99b6a283926f82cf80

commit c9b41d63fc172ef8fa87fb99b6a283926f82cf80
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2018-10-11 14:38:47 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2018-10-11 14:41:39 +0000

    dev-lang/php: Drop security vulnerable versions
    
    Bug: https://bugs.gentoo.org/666256
    Bug: https://bugs.gentoo.org/668000
    Signed-off-by: Brian Evans <grknight@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 dev-lang/php/Manifest          |   3 -
 dev-lang/php/php-5.6.36.ebuild | 777 -----------------------------------------
 dev-lang/php/php-7.0.30.ebuild | 751 ---------------------------------------
 dev-lang/php/php-7.1.18.ebuild | 731 --------------------------------------
 4 files changed, 2262 deletions(-)
Comment 11 Darko Luketic 2018-10-12 11:53:20 UTC
(In reply to Brian Evans from comment #9)
> (In reply to Arfrever Frehtes Taifersar Arahesis from comment #8)
> > dev-lang/php maintainers: Could you backport the following fix to
> > dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?:
> > https://git.php.net/?p=php-src.git;a=commit;
> > h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b
> > 
> > It would be better than forcing users to use older, potentially vulnerable
> > versions of dev-libs/icu.
> 
> PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively,
> with removal procedures starting shortly after.
> 
> This is fixed in 7.1.17 and greater which users should start migrating to
> the new versions.
> 
> While the fix is likely to be trivial with that commit, I will consider it
> if PHP releases a new version before expiration.

Well upgrading the php5 only symfony app isn't an option.

php5.6 needs to remain up to date eol or no eol, since it's the last php5 version there is.
Comment 12 Brian Evans Gentoo Infrastructure gentoo-dev 2018-10-12 13:13:02 UTC
(In reply to Darko Luketic from comment #11)
> (In reply to Brian Evans from comment #9)
> > (In reply to Arfrever Frehtes Taifersar Arahesis from comment #8)
> > > dev-lang/php maintainers: Could you backport the following fix to
> > > dev-lang/php-{5.6.36,7.0.30} and re-allow newer versions of dev-libs/icu?:
> > > https://git.php.net/?p=php-src.git;a=commit;
> > > h=710284cbc4a54cac0a9ec4ea29a7486e0d99a33b
> > > 
> > > It would be better than forcing users to use older, potentially vulnerable
> > > versions of dev-libs/icu.
> > 
> > PHP slots 5.6 and 7.0 will go end-of-life in 84 and 56 days, respectively,
> > with removal procedures starting shortly after.
> > 
> > This is fixed in 7.1.17 and greater which users should start migrating to
> > the new versions.
> > 
> > While the fix is likely to be trivial with that commit, I will consider it
> > if PHP releases a new version before expiration.
> 
> Well upgrading the php5 only symfony app isn't an option.
> 
> php5.6 needs to remain up to date eol or no eol, since it's the last php5
> version there is.

This is not going to happen for very long.

If there is enough interest, we are willing to take a snapshot overlay of everything non-script related (pecl packages and php itself) albeit masked with warnings.

There has been more than enough time to get PHP 7 compliant.
Comment 13 Darko Luketic 2018-10-19 10:05:13 UTC
And that is exactly the reason why Gentoo is not an option for a professional OS.
Armchair professionals without a clue for real life demands.
Fix the damned package!
Comment 14 Darko Luketic 2018-10-19 10:18:09 UTC
Also it has NOTHING to do with code but it's all in the fucking dependencies. Do your fucking job or GTFO
Comment 15 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-10-19 11:57:54 UTC
Just disabled the account above on my own, for pretty clear reason
Comment 16 Aaron Nixon 2018-11-08 18:49:41 UTC
Created attachment 554570 [details, diff]
PHP-7.0.32 ICU>=61.1 Patch

I've been using this patch locally to build PHP 7.0.32 on my system.

Not sure if this is the acceptable way to propose a patch or anything, this isn't usually something I do.

I edit the ebuild and remove the version restriction for icu and run ebuild manifest after edit.
Comment 17 Larry the Git Cow gentoo-dev 2018-12-06 23:20:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84aad4ad45480f8e32471abb446c72f72e5b50fe

commit 84aad4ad45480f8e32471abb446c72f72e5b50fe
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-12-06 23:19:44 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-12-06 23:19:59 +0000

    dev-lang/php: bump to v5.6.39
    
    - EAPI bump to EAPI=7
    
    - Add compatibility with ICU >= 61
    
    Bug: https://bugs.gentoo.org/668000
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-lang/php/Manifest                              |   1 +
 .../php-5.6-intl-detect-icu-via-pkg-config.patch   | 154 ++++
 .../files/php-5.6-intl-icu-memory-corruption.patch |  88 +++
 .../php/files/php-5.6-intl-use-icu-namespace.patch | 365 ++++++++++
 dev-lang/php/php-5.6.39.ebuild                     | 785 +++++++++++++++++++++
 5 files changed, 1393 insertions(+)
Comment 18 Larry the Git Cow gentoo-dev 2018-12-07 00:01:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44841df440d27a047fb34a5ebd1db9862a5bf6a4

commit 44841df440d27a047fb34a5ebd1db9862a5bf6a4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-12-07 00:01:09 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-12-07 00:01:33 +0000

    dev-lang/php: bump to v7.0.33
    
    - EAPI bump to EAPI=7
    
    - Add compatibility with ICU >= 61
    
    Bug: https://bugs.gentoo.org/668000
    Package-Manager: Portage-2.3.52, Repoman-2.3.12
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-lang/php/Manifest                              |   1 +
 ...php-7.0.33-intl-detect-icu-via-pkg-config.patch | 159 +++++
 .../php-7.0.33-intl-icu-memory-corruption.patch    |  91 +++
 .../files/php-7.0.33-intl-use-icu-namespace.patch  | 369 ++++++++++
 dev-lang/php/php-7.0.33.ebuild                     | 754 +++++++++++++++++++++
 5 files changed, 1374 insertions(+)