Hmmm, maybe bzip2 is a strict dependency, because IIRC there is bzip2 filter, and filters are part of PHP's core.

These extensions are enabled by default.
About GD used as external dependency: this is by intention. I have bad experience with the internal GD stuff, I've seen PHP running out of memory on 2MB JPEG with 32MB memory limit, where it would work completely fine with a 16MB memory limit with external GD.

Also, having many projects forking internal copies of some library means that everytime there's a security update, we have to rebuild all these packages, which is a bad idea.
Other distros ship with external GD also because of this.

One thing I have to agree about: our GD has security issues. Will patch them out ASAP.

> These extensions are enabled by default.

OK. But what about ncurses - I'm just interesting which enabled extension use it, or it is required by php-cli?


In which PHP version you had problems with bundled GD? (They even mentioned this memory problem in their FAQ).

Bundled GD library has some features that are not available in external GD. And PHP team recommends to use bundled GD library.
("GD library is now bundled with the distribution and it is recommended to always use the bundled version.")
External GD has not received _any_ update since 2004!

Here are some changes regarding php_gd extension:

5.1.3:
Improved GD extension: (Pierre)
Added a weak/tolerant mode to the JPEG loader.
Added filtering mode option to imagepng() to allow reducing file size.
Fixed imagecolorallocate() and imagecolorallocatelapha() to return FALSE on error.

5.1.2:
Added PNG compression support to GD extension. (Pierre)

5.0.0 beta 1:
Improved the GD extension: (Pierre-Alain Joye, Ilia)
imagefilter() - Apply different filters to image. (Only available with bundled GD library)
Antialiased drawing support:
imageantialias() - (de)active antialias
imageline() and imagepolygon() antialias support

Note that filters (a very usefull new feature) are available _only_ with bundled GD.
PNG compression and JPEG loader improvements seems to be implemented on 'low GD level', not on 'extension level' too.
I don't mentioned security fixes that are still not available in external GD.


> Also, having many projects forking internal copies of some library means that everytime there's a security update, we have to rebuild all these packages, which is a bad idea.

In this case security updates are available from PHP team. They are included in all PHP 5.x.x versions but not in external GD (remember, it is not updated since 2004), other distros apply fixes from PHPs CVS or maybe CERT or some other sources.
IIRC there are only few packages that require GD.
Maybe we solve this in this way:
1) php package uses bundled GD,
gd package uses GD with security patches from PHP team.
or 2) php uses gd package which is compiled from stripped sources from PHP's gd (from CVS maybe?).
Sorry if v2 sounds like a stupid idea.

GD is no longer bundled with PHP, and I cannot find any tickets that explain why.

See also: http://bugs.archlinux.org/task/6925

A simple test for bundled vs non-bundled GD is:

php -m | grep gd # Should say "gd"
php -r 'var_dump(function_exists("imagelayereffect"));' # Should say "bool(true)" if GD is bundled or "bool(false)" if not.

http://us.php.net/imagelayereffect See the note at the end of the docs about bundled GD.

According to Pierre (the PHP and GD dev), using --with-gd=shared should work exactly the same as --with-gd=php. However, there is a bug in PHP ( http://bugs.php.net/bug.php?id=49882 ) which prevents this from being true. I think --with-gd=php should be used until the PHP bug is closed and a new PHP has been released.

any news on this? is relevant to keep this open for more time? (+3 years)