From owner-svn-ports-head@FreeBSD.ORG Mon May 19 19:48:27 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4C451905; Mon, 19 May 2014 19:48:27 +0000 (UTC) Received: from mouf.net (mouf.net [IPv6:2607:fc50:0:4400:216:3eff:fe69:33b3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mouf.net", Issuer "mouf.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D96B2043; Mon, 19 May 2014 19:48:27 +0000 (UTC) Received: from mouf.net (swills@mouf [199.48.129.64]) by mouf.net (8.14.5/8.14.5) with ESMTP id s4JJmHBZ033210 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 19 May 2014 19:48:22 GMT (envelope-from swills@mouf.net) Received: (from swills@localhost) by mouf.net (8.14.5/8.14.5/Submit) id s4JJmG8x033209; Mon, 19 May 2014 19:48:16 GMT (envelope-from swills) Date: Mon, 19 May 2014 19:48:16 +0000 From: Steve Wills To: Akinori MUSHA Subject: Re: svn commit: r354025 - in head/textproc/rubygem-nokogiri: . files Message-ID: <20140519194815.GB31349@mouf.net> References: <201405140650.s4E6oOMw059963@svn.freebsd.org> <20140516154153.GA59733@mouf.net> <86ppjcsbii.knu@iDaemons.org> <20140519013952.GB12777@mouf.net> <86k39itpis.knu@iDaemons.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <86k39itpis.knu@iDaemons.org> User-Agent: Mutt/1.5.22 (2013-10-16) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mouf.net [199.48.129.64]); Mon, 19 May 2014 19:48:22 +0000 (UTC) X-Spam-Status: No, score=0.0 required=4.5 tests=none autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mouf.net X-Virus-Scanned: clamav-milter 0.98.1 at mouf.net X-Virus-Status: Clean Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2014 19:48:27 -0000 Hi, On Mon, May 19, 2014 at 12:29:15PM +0900, Akinori MUSHA wrote: > At Mon, 19 May 2014 01:39:52 +0000, > Steve Wills wrote: > > > Starting from 1.6.2, nokogiri explicitly suggests using bundled > > > libxml2/libxslt that are properly patched for the gem including > > > security problems instead of using some unknown version provided by > > > the platform. > > > > Thanks for the info, I wasn't aware of that. > > > > Wouldn't it be better to get the libxml2 from ports updated with the bug fixes > > instead of having one buggy version in ports and one non-buggy version bundled > > with nokogiri? > > Libxml2 2.9.x, having had no release for one year and a half, finally > rolled out a new release at the timing we (the Team Nokogiri) didn't > expect while we were working on long-term release engineering for > nokogiri 1.6.2 targetted for a patched libxml2 2.8.0. > > We do want to take the time to tackle the new release of libxml2. but > we currently have to deal with issues reported after 2.9.2, and then > 2.9.2.1, so it may take at least a couple of weeks before we can start > working on it. > > > Can you please send me the fixes that libxml2 needs? > > So far, libxml2 2.9.1 looks like a decent release as it should be, > because it includes all it had exclusively in their repository, > including bug fixes and security fixes. > > However, it is confirmed that some test cases in nokogiri's test suite > fail, which we are yet to figure out if it's libxml2 that introduced > bugs, or nokogiri that had incorrect assumptions about some features > of libxml2 or XML specifications. In any case, the ball is now on > nokogiri's side. > > One thing for sure is that nokogiri does not currently have a known > security issue at the moment, and all features covered by the test > suite should work fine when built with the bundled version of libxml2. > > > > Hopefully, when nokogiri is finally updated to support libxml2 2.9.1, > > > and if libxml2 stops neglecting their new releases, then the situation > > > may change, but I just can't recommend that at the moment. > > > > So are you saying nokogiri doesn't build with libxml2 2.9.1? Or doesn't work at > > all with libxml2 2.9.1? Or partially broken? Or is it not supported due to > > missing fixes, which we could easily add in ports? > > It builds with libxml2 2.9.1, but will be partially broken. It is not > certain if it's a bug of libxml2's side, or if there are other pieces > of software affected by the incompatibilities introduced by an upgrade > to 2.9.1. > > So, until nokogiri rolls out a new release that claims full support > for libxml2 2.9.1, I'd recommend using the bundled libraries for the > moment. I'll let you posted. Sorry, missed this mail in my mailer. Thanks for the update. Perhaps we should create a libxml28 port for use until nokogiri supports libxml 2.9? Steve