Page MenuHomePhabricator

Deploy a PHP and HHVM patch (Exif values retrieved incorrectly if they appear before IFD)
Closed, ResolvedPublic

Description

Is it possible to deploy a PHP and HHVM patch to fix T97253: Exif values retrieved incorrectly if they appear before IFD? Patches exist (and are needed) for both of them. The patch changes three lines of code (plus tests, release notes, etc.).

The patches are:

I have verified that they apply cleanly to PHP 5.5.9 and HHVM 3.12.1, which appear to be what we're running.

Event Timeline

matmarex created this task.Jul 14 2016, 8:58 PM
Restricted Application added subscribers: Zppix, Aklapper. · View Herald TranscriptJul 14 2016, 8:58 PM
Restricted Application added subscribers: Poyekhali, Steinsplitter, Matanya. · View Herald TranscriptJul 17 2016, 9:35 PM
matmarex moved this task from Untriaged to Doing on the Multimedia board.Jul 17 2016, 9:57 PM

Could this be triaged or declined, please? I would like to know if this is possible to do at all, or if we have to just wait a couple years until we upgrade to PHP/HHVM that has these patches.

ori added subscribers: Joe, ori.Jul 22 2016, 5:09 PM

It's definitely possible; we do this with security patches and other critical updates. @Joe, what do you think?

matmarex raised the priority of this task from Normal to Needs Triage.Aug 4 2016, 7:29 PM

Any update, please?

Sure, we can merge that patch the next time we upgrade to a HHVM security release. HHVM upgrades are fairly time-consuming so we can't do that for this patch alone, but piggybacking it into the next security release is no problem.

There's no time frame for the next HHVM security release yet, but usually up to 1-2 months at most.

We're currently no longer using PHP on production app servers, is that relevant for PHP/CI? These use unpatched PHP builds at the moment.

Thank you for the reply!

We're currently no longer using PHP on production app servers, is that relevant for PHP/CI? These use unpatched PHP builds at the moment.

Ah, alright then. I was under the impression that we still have imagescalers or jobrunners or something running on PHP rather than HHVM.

MoritzMuehlenhoff closed this task as Resolved.Oct 7 2016, 7:52 AM

@matmarex : I'm currently preparing the next HHVM update, but when having a closer look at the your patch I noticed it's already live on the production cluster: When it was merged, the HHVM developers backported it into the 3.12.8 release, which we're currently using on the production cluster since mid-August.

Nice surprise. Thanks!

The patch is present in the 3.12.7+dfsg-1+wmf1 package onwards and this is version installed on all hosts with hhvm in production.