Hi Remi!

On Sun, Sep 07, 2008 at 10:13:20AM +0200, Remi Collet wrote:

I'm working to understand how PHP provides GD functions.

php.spec use : --with-gd=shared

So it provides the bundled version of GD library

If we switch to --with-gd=shared,%{_prefix}

it will use the system one, but we'll loose 8 gd functions.

So, keeping, the bundled one is probably a better solution (even if it's subject to a security issue : https://bugzilla.redhat.com/459529)

Yes, we should stick with the bundled one; in general, use of the bundled GD is better because it has been patched to use the custom PHP allocation functions, safe_emalloc et al. This has historically meant that some GD security issues have *not* affected the bundled GD in PHP.

This should probably be documented in the spec file.

So, if we keep bundled GD we should switch from BuildRequires: gd-devel, freetype-devel To : BuildRequires: libXpm-devel, libjpeg-devel, libpng-devel, freetype-devel

Yes, definitely!

I also notice that libXpm is not detected on configure, we should add : --with-xpm-dir=%{_prefix} \

This add the XPM support in GD and the imagecreatefromxpm function but will pull an new dependency on libX11 (is it a problem on a server without X installed ?).

The list of deps that libX11 pulls in doesn't look *too* bad. I'd say, let's try it and see whether there's much complaint? Anybody object?

Regards, Joe