[SRU] microrelease exception for src:php7.0 (7.0.8)

Bug #1569609 reported by Nish Aravamudan on 2016-04-12
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
php7.0 (Ubuntu)
Wishlist
Unassigned
Xenial
Wishlist
Unassigned

Bug Description

PHP 7.0 has only recent released and a number of critical security and bug-fixes are present in each 7.0.x. Rather than backporting individual patches (e.g., Bug # 1569509), I believe it makes significantly more sense to follow the upstream 7.0.x. Upstream PHP is demonstrating an improved approach of bugfixes only in 7.0.x:

 - 7.0.5: http://php.net/ChangeLog-7.php
 - 7.0.6-RC1: http://git.php.net/?p=php-src.git;a=blob;f=NEWS;h=8746e6877d394d37b9639952b1f00c076e6fd5d1;hb=de3cc93543089a9e131b3845bc3349b4734bc526

The upstream CI is at: https://travis-ci.org/php/php-src and is run regularly.

Our php7.0 source package has autopkgtests for the 4 SAPIs, mod-php, cgi, fpm and cli. We do not currently run the source tests during the build itself, as it significantly lengthens the test time. It also requires external configuration of a MySQL server. We could extend our build to run tests, though, if that is deemed necessary (following, e.g.: https://travis-ci.org/php/php-src/jobs/122646388).

I do not believe there is a firm statement from upstream on API/ABI stability, but the general approach seems to be a BC-break would result in 7.1.0.

The provided debdiff is the result of running uscan and updating d/patches accordingly.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in php7.0 (Ubuntu):
status: New → Confirmed
Changed in php7.0 (Ubuntu):
importance: Undecided → Wishlist
tags: added: patch
Michael Hudson-Doyle (mwhudson) wrote :

I've fiddled the metadata to make this (I hope) an SRU bug, as yakkety already has a newer php7.0 package and this is about getting a newer one into Xenial.

I guess this needs someone in the SRU team to rule if https://wiki.ubuntu.com/StableReleaseUpdates#New_upstream_microreleases applies (I assume you'd want to upload the 7.0.7 package rather than the debdiff attached to this bug?)

Changed in php7.0 (Ubuntu):
status: Confirmed → Fix Released
Changed in php7.0 (Ubuntu Xenial):
importance: Undecided → Wishlist
Nish Aravamudan (nacc) wrote :

Thank you Michael!

My understanding of the SRU microrelease policy, would be that we'd upload a new upstream tarball (well, we'd use the same .orig.tar.gz that Debian is using, actually) obtained via `uscan`/`uupdate`, and update the changelog appropriately for that version. I can remove the debdiff from this bug, if you'd prefer, as now, you're right, we'd want to go up to 7.0.7 at this point.

-Nish

Nish Aravamudan (nacc) wrote :

The corresponding orig.tar.xz file can be obtained with `uscan`/`uupdate` which should pull down 7.0.8 currently.

Nish Aravamudan (nacc) wrote :

I have pushed a test build to: https://launchpad.net/~nacc/+archive/ubuntu/lp1569609, which is identical to the version the recently attached tarball. I will ask the various affected bugs to test that version to confirm the fix(es) continue to work even with the newer upstream (in my testing they do).

Michael Hudson-Doyle (mwhudson) wrote :

I've uploaded this to the xenial unapproved queue now. The only change I made was that I set the version number to 7.0.8-0ubuntu0.16.04.1.

Changed in php7.0 (Ubuntu Xenial):
status: New → In Progress
Michael Hudson-Doyle (mwhudson) wrote :

FWIW, https://launchpad.net/bugs/1596735 is about uploading the same upstream version to Yakkety.

Nish Aravamudan (nacc) on 2016-06-29
Changed in php7.0 (Ubuntu Xenial):
status: In Progress → Fix Committed
Martin Pitt (pitti) wrote :

Unsubscribing sponsors.

Nish Aravamudan (nacc) on 2016-09-27
Changed in php7.0 (Ubuntu Xenial):
status: Fix Committed → Fix Released
Nish Aravamudan (nacc) on 2016-11-28
summary: - [SRU] microrelease exception for src:php7.0
+ [SRU] microrelease exception for src:php7.0 (7.0.8)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers