From owner-svn-ports-all@FreeBSD.ORG Mon May 19 20:01:31 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51AD5EFA; Mon, 19 May 2014 20:01:31 +0000 (UTC) Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 54D9E21BD; Mon, 19 May 2014 20:01:30 +0000 (UTC) Received: by mail-we0-f171.google.com with SMTP id w62so6083824wes.16 for ; Mon, 19 May 2014 13:01:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=KGMrGXwzEFRP2t/5Gtp900plKbbk80sB81+P1JEcXSo=; b=nlUFwcp8rpydijWMF7R2UgTQikVl3yAilRXRh8bKKzzG6eXT4S/9WUivpS01TUQeRc Yw3DVhyrWS9fQUj/qSnEkNOR0AUmU8nnhvHZNzJC+YT7rBQNH5vz9C1bo9fG5ZswcNHE zbXk04Id+m9PZ9ctNI1nlrW52eSvHWsaKFNeYvq4flyhZSb5u0tdKC/7+ROykKSu1NTI XiDVm3ykxPDWHOv3KFacPR37uWfV923YLqsDLjOE7pkWBrjjailcYuONinDiKgwPBQMC QtWG+LEA8J82Zak3n6trqFxZ1GyPY/zWtqv/klnHkNcmgFgqKu3xmEsra1YscE9S1rJB emcw== X-Received: by 10.180.80.232 with SMTP id u8mr405736wix.13.1400529688606; Mon, 19 May 2014 13:01:28 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by mx.google.com with ESMTPSA id l4sm15376008wjf.14.2014.05.19.13.01.27 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 May 2014 13:01:27 -0700 (PDT) Sender: Baptiste Daroussin Date: Mon, 19 May 2014 22:01:25 +0200 From: Baptiste Daroussin To: Steve Wills Subject: Re: svn commit: r354025 - in head/textproc/rubygem-nokogiri: . files Message-ID: <20140519200125.GA72340@ivaldir.etoilebsd.net> References: <201405140650.s4E6oOMw059963@svn.freebsd.org> <20140516154153.GA59733@mouf.net> <86ppjcsbii.knu@iDaemons.org> <20140519013952.GB12777@mouf.net> <86k39itpis.knu@iDaemons.org> <20140519194815.GB31349@mouf.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline In-Reply-To: <20140519194815.GB31349@mouf.net> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: Akinori MUSHA , svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2014 20:01:31 -0000 --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 19, 2014 at 07:48:16PM +0000, Steve Wills wrote: > Hi, >=20 > On Mon, May 19, 2014 at 12:29:15PM +0900, Akinori MUSHA wrote: > > At Mon, 19 May 2014 01:39:52 +0000, > > Steve Wills wrote: > > > > Starting from 1.6.2, nokogiri explicitly suggests using bundled > > > > libxml2/libxslt that are properly patched for the gem including > > > > security problems instead of using some unknown version provided by > > > > the platform. > > > > > > Thanks for the info, I wasn't aware of that. > > > > > > Wouldn't it be better to get the libxml2 from ports updated with the = bug fixes > > > instead of having one buggy version in ports and one non-buggy versio= n bundled > > > with nokogiri? > >=20 > > Libxml2 2.9.x, having had no release for one year and a half, finally > > rolled out a new release at the timing we (the Team Nokogiri) didn't > > expect while we were working on long-term release engineering for > > nokogiri 1.6.2 targetted for a patched libxml2 2.8.0. > >=20 > > We do want to take the time to tackle the new release of libxml2. but > > we currently have to deal with issues reported after 2.9.2, and then > > 2.9.2.1, so it may take at least a couple of weeks before we can start > > working on it. > >=20 > > > Can you please send me the fixes that libxml2 needs? > >=20 > > So far, libxml2 2.9.1 looks like a decent release as it should be, > > because it includes all it had exclusively in their repository, > > including bug fixes and security fixes. > >=20 > > However, it is confirmed that some test cases in nokogiri's test suite > > fail, which we are yet to figure out if it's libxml2 that introduced > > bugs, or nokogiri that had incorrect assumptions about some features > > of libxml2 or XML specifications. In any case, the ball is now on > > nokogiri's side. > >=20 > > One thing for sure is that nokogiri does not currently have a known > > security issue at the moment, and all features covered by the test > > suite should work fine when built with the bundled version of libxml2. > >=20 > > > > Hopefully, when nokogiri is finally updated to support libxml2 2.9.= 1, > > > > and if libxml2 stops neglecting their new releases, then the situat= ion > > > > may change, but I just can't recommend that at the moment. > > > > > > So are you saying nokogiri doesn't build with libxml2 2.9.1? Or doesn= 't work at > > > all with libxml2 2.9.1? Or partially broken? Or is it not supported d= ue to > > > missing fixes, which we could easily add in ports? > >=20 > > It builds with libxml2 2.9.1, but will be partially broken. It is not > > certain if it's a bug of libxml2's side, or if there are other pieces > > of software affected by the incompatibilities introduced by an upgrade > > to 2.9.1. > >=20 > > So, until nokogiri rolls out a new release that claims full support > > for libxml2 2.9.1, I'd recommend using the bundled libraries for the > > moment. I'll let you posted. >=20 > Sorry, missed this mail in my mailer. Thanks for the update. Perhaps we s= hould > create a libxml28 port for use until nokogiri supports libxml 2.9? As much as I want to see everything unbundled in that specific case, I would go into following upstream here, meaning libxml bundle for now and unbundle once it is compatible with 2.9 Creating a libxml28 will be a nightmare to handle with conflicts and so. regards, Bapt --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iEUEARECAAYFAlN6YxUACgkQ8kTtMUmk6ExbAwCWJXAuVFLW1opec4ZKk8SOOBTM /ACggSh+zbRbvX3o7j7brNc0KHg984k= =VnTE -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv--