Ubuntu
php7.4 package

Merge ~bryce/ubuntu/+source/php7.4:fix-lp1890263-focal into ubuntu/+source/php7.4:ubuntu/focal-devel

  1. Git
  2. lp:~bryce/ubuntu/+source/php7.4
  3. fix-lp1890263-focal
  4. Merge into ubuntu/focal-devel
Proposed by Bryce Harrington
Status: Merged
Merge reported by: Bryce Harrington
Merged at revision: 9798ca83186d9e86e01199c31dbe8bbed87c4ac6
Proposed branch: ~bryce/ubuntu/+source/php7.4:fix-lp1890263-focal
Merge into: ubuntu/+source/php7.4:ubuntu/focal-devel
Diff against target: 108 lines (+60/-4)
3 files modified
debian/changelog (+8/-0)
debian/control (+26/-2)
debian/control.in (+26/-2)
Reviewer Review Type Date Requested Status
Athos Ribeiro (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server MOTU reviewers Pending
Canonical Server Core Reviewers Pending
Review via email: mp+421553@code.launchpad.net

Description of the change

This SRU includes a fix for bionic->focal upgrades. It's the same fix essentially as the one already deployed for focal->bionic and impish->bionic which seems to be working ok, at least no bug reports filed about it.

The PPA is at:

  https://launchpad.net/~bryce/+archive/ubuntu/modphp-upgrade-lp1890263/

It hasn't published the binaries yet, so I've not yet verified it, but the detailed testcase is in the SRU text on the bug report, LP: #1890263, which should be straightforward to follow.

The version specifications, "(<< 7.2.24-0~)", etc. I am guessing based on my understanding of the Debian policies but I've not done these before so not 100% sure I have the right numbers, so any advice/tips on those is welcomed.

To post a comment you must log in.
Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

I am reviewing this one

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

This LGTM. It does follow the same rationale of
https://code.launchpad.net/~bryce/ubuntu/+source/php8.1/+git/php8.1/+merge/419245

I do have a few questions regarding the transitional package method being applied and the versions referred by the MP:

In the libapache2-mod-php7.4 package, why does the new
Replaces version is not pointing to the exact version being shipped here?
i.e., why ">> 7.4.3-4~" instead of ">> 7.4.3-4ubuntu2.11~"?

The same question applies for the transitional packages:
why aren't the Replaces/Breaks versions saying that this replaces/breaks anything that is lower than "this version"? i.e., "<< 7.4.3-4ubuntu2.11~" instead of "<< 7.2.24-0~" and "<< 7.3.8-1~"

Finally, I am wondering why this design differs of the one proposed in
https://wiki.debian.org/RenamingPackages#Transition_package_method,
where the transitional packages would only depend on the new package and the new package would replace/break the old ones.

review: Needs Information
Revision history for this message
Bryce Harrington (bryce) wrote :

> In the libapache2-mod-php7.4 package, why does the new
> Replaces version is not pointing to the exact version being shipped here?
> i.e., why ">> 7.4.3-4~" instead of ">> 7.4.3-4ubuntu2.11~"?

Yeah, this was a point I was really uncertain of so glad you brought it up. I followed the debian documentation, and looked at some similar packages on our side, but the precise Ubuntu policy wasn't clear. I wanted to make sure it doesn't fail if, e.g. someone had only -security and not -updates, or even if they had neither enabled. This seemed to work. Do you have more certainty that it should be ">> 7.4.3-4ubuntu2.11~"?

> Finally, I am wondering why this design differs from the one proposed in
> https://wiki.debian.org/RenamingPackages#Transition_package_method,
> where the transitional packages would only depend on the new package
> and the new package would replace/break the old ones.

Originally my hope had been to force dependence on the libapache2-mod-php package instead of the versioned package, but I could not get that to behave as I wished. The solution possibly could be simplified by omitting mention of libapache2-mod-php, which I believe would result in essentially what you describe? Including libapache2-mod-php seems to cause no harm, but it appears to get removed when the user does apt-get autoremove. Anyway, most definitely open to alternative suggestions.

Thanks for reviewing.

Revision history for this message
Athos Ribeiro (athos-ribeiro) wrote :

Thanks for the replies here, Bryce.

Using replaces for ">> 7.4.3-4~" should be enough then.

We may keep the current approach since it does work and since this is what we have been doing for the other upgrade paths.

Thanks!

I will proceed to file a new MP merging this change with the one in https://code.launchpad.net/~athos-ribeiro/ubuntu/+source/php7.4/+git/php7.4/+merge/421559 so we can upload them together.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e85e83c..d2e096b 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+php7.4 (7.4.3-4ubuntu2.11) focal; urgency=medium
7+
8+ * d/control, d/control.in: Add transitional packages and
9+ Breaks/Replaces to force upgrade from earlier mod-php's to v7.4.
10+ (LP: #1890263)
11+
12+ -- Bryce Harrington <bryce@canonical.com> Thu, 05 May 2022 00:01:04 +0000
13+
14 php7.4 (7.4.3-4ubuntu2.10) focal-security; urgency=medium
15
16 * SECURITY UPDATE: DoS in zend_string_extend function
17diff --git a/debian/control b/debian/control
18index 8eb38a4..06d420a 100644
19--- a/debian/control
20+++ b/debian/control
21@@ -96,8 +96,8 @@ Depends: libmagic1,
22 ${shlibs:Depends}
23 Provides: libapache2-mod-php,
24 ${php:Provides}
25-Conflicts: libapache2-mod-php7.3,
26- libapache2-mod-php7.2
27+Replaces: libapache2-mod-php7.3 (>> 7.4.3-4~),
28+ libapache2-mod-php7.2 (>> 7.4.3-4~)
29 Recommends: apache2
30 Suggests: php-pear
31 Description: server-side, HTML-embedded scripting language (Apache 2 module)
32@@ -111,6 +111,30 @@ Description: server-side, HTML-embedded scripting language (Apache 2 module)
33 open source general-purpose scripting language that is especially suited
34 for web development and can be embedded into HTML.
35
36+Package: libapache2-mod-php7.2
37+Section: httpd
38+Architecture: any
39+Replaces: libapache2-mod-php7.2 (<< 7.2.24-0~)
40+Breaks: libapache2-mod-php7.2 (<< 7.2.24-0~)
41+Depends: libapache2-mod-php,
42+ ${misc:Depends},
43+ ${shlibs:Depends}
44+Description: Transitional package
45+ This is a transitional dummy package to libapache2-mod-php7.4. It can
46+ be safely removed and libapache2-mod-php installed instead.
47+
48+Package: libapache2-mod-php7.3
49+Section: httpd
50+Architecture: any
51+Replaces: libapache2-mod-php7.3 (<< 7.3.8-1~)
52+Breaks: libapache2-mod-php7.3 (<< 7.3.8-1~)
53+Depends: libapache2-mod-php,
54+ ${misc:Depends},
55+ ${shlibs:Depends}
56+Description: Transitional package
57+ This is a transitional dummy package to libapache2-mod-php7.4. It can
58+ be safely removed and libapache2-mod-php installed instead.
59+
60 Package: libphp7.4-embed
61 Architecture: any
62 Depends: libmagic1,
63diff --git a/debian/control.in b/debian/control.in
64index 360e31d..5b551a5 100644
65--- a/debian/control.in
66+++ b/debian/control.in
67@@ -96,8 +96,8 @@ Depends: libmagic1,
68 ${shlibs:Depends}
69 Provides: libapache2-mod-php,
70 ${php:Provides}
71-Conflicts: libapache2-mod-php7.3,
72- libapache2-mod-php7.2
73+Replaces: libapache2-mod-php7.3 (>> 7.4.3-4~),
74+ libapache2-mod-php7.2 (>> 7.4.3-4~)
75 Recommends: apache2
76 Suggests: php-pear
77 Description: server-side, HTML-embedded scripting language (Apache 2 module)
78@@ -111,6 +111,30 @@ Description: server-side, HTML-embedded scripting language (Apache 2 module)
79 open source general-purpose scripting language that is especially suited
80 for web development and can be embedded into HTML.
81
82+Package: libapache2-mod-php7.2
83+Section: httpd
84+Architecture: any
85+Replaces: libapache2-mod-php7.2 (<< 7.2.24-0~)
86+Breaks: libapache2-mod-php7.2 (<< 7.2.24-0~)
87+Depends: libapache2-mod-php,
88+ ${misc:Depends},
89+ ${shlibs:Depends}
90+Description: Transitional package
91+ This is a transitional dummy package to libapache2-mod-php7.4. It can
92+ be safely removed and libapache2-mod-php installed instead.
93+
94+Package: libapache2-mod-php7.3
95+Section: httpd
96+Architecture: any
97+Replaces: libapache2-mod-php7.3 (<< 7.3.8-1~)
98+Breaks: libapache2-mod-php7.3 (<< 7.3.8-1~)
99+Depends: libapache2-mod-php,
100+ ${misc:Depends},
101+ ${shlibs:Depends}
102+Description: Transitional package
103+ This is a transitional dummy package to libapache2-mod-php7.4. It can
104+ be safely removed and libapache2-mod-php installed instead.
105+
106 Package: libphp@PHP_VERSION@-embed
107 Architecture: any
108 Depends: libmagic1,

Subscribers

People subscribed via source and target branches