[Fedora-php-devel-list] Re: PHP and GD extension
Joe Orton
jorton at redhat.com
Sun Sep 7 17:22:34 UTC 2008
Hi Remi!
On Sun, Sep 07, 2008 at 10:13:20AM +0200, Remi Collet wrote:
> I'm working to understand how PHP provides GD functions.
>
> php.spec use :
> --with-gd=shared
>
> So it provides the bundled version of GD library
>
> If we switch to
> --with-gd=shared,%{_prefix}
>
> it will use the system one, but we'll loose 8 gd functions.
>
> So, keeping, the bundled one is probably a better solution (even if it's
> subject to a security issue : https://bugzilla.redhat.com/459529)
Yes, we should stick with the bundled one; in general, use of the
bundled GD is better because it has been patched to use the custom PHP
allocation functions, safe_emalloc et al. This has historically meant
that some GD security issues have *not* affected the bundled GD in PHP.
This should probably be documented in the spec file.
> So, if we keep bundled GD we should switch from
> BuildRequires: gd-devel, freetype-devel
> To :
> BuildRequires: libXpm-devel, libjpeg-devel, libpng-devel, freetype-devel
Yes, definitely!
> I also notice that libXpm is not detected on configure, we should add :
> --with-xpm-dir=%{_prefix} \
>
> This add the XPM support in GD and the imagecreatefromxpm function but
> will pull an new dependency on libX11 (is it a problem on a server
> without X installed ?).
The list of deps that libX11 pulls in doesn't look *too* bad. I'd say,
let's try it and see whether there's much complaint? Anybody object?
Regards, Joe
More information about the php-devel
mailing list