[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

graphicsmagick packaging

Hello,

Is this just me? Or has graphicsmagick really been packaged without
debian/patches/*?

⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % dget http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2642  100  2642    0     0   1385      0  0:00:01  0:00:01 --:--:--  1385
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16.orig.tar.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 8531k  100 8531k    0     0   190k      0  0:00:44  0:00:44 --:--:--  379k
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  228k  100  228k    0     0   270k      0 --:--:-- --:--:-- --:--:--  270k
graphicsmagick_1.3.16-1.1+deb7u3.dsc:
      Good signature found
   validating graphicsmagick_1.3.16.orig.tar.gz
   validating graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
All files validated successfully.
dpkg-source: info: extracting graphicsmagick in graphicsmagick-1.3.16
dpkg-source: info: unpacking graphicsmagick_1.3.16.orig.tar.gz
dpkg-source: info: applying graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
dpkg-source: info: upstream files that have been modified: 
 graphicsmagick-1.3.16/.pc/.quilt_patches
 graphicsmagick-1.3.16/.pc/.quilt_series
 graphicsmagick-1.3.16/.pc/.version
 graphicsmagick-1.3.16/.pc/CVE-2016-5240.patch/magick/render.c
 graphicsmagick-1.3.16/.pc/CVE-2016-5241.patch/magick/render.c
 graphicsmagick-1.3.16/.pc/applied-patches
 graphicsmagick-1.3.16/PerlMagick/Makefile.PL
 graphicsmagick-1.3.16/coders/gif.c
 graphicsmagick-1.3.16/coders/locale.c
 graphicsmagick-1.3.16/coders/mvg.c
 graphicsmagick-1.3.16/coders/png.c
 graphicsmagick-1.3.16/coders/svg.c
 graphicsmagick-1.3.16/config/delegates.mgk.in
 graphicsmagick-1.3.16/magick/GraphicsMagick-config.1
 graphicsmagick-1.3.16/magick/GraphicsMagick-config.in
 graphicsmagick-1.3.16/magick/blob.c
 graphicsmagick-1.3.16/magick/color_lookup.c
 graphicsmagick-1.3.16/magick/command.c
 graphicsmagick-1.3.16/magick/delegate.c
 graphicsmagick-1.3.16/magick/effect.c
 graphicsmagick-1.3.16/magick/image.c
 graphicsmagick-1.3.16/magick/locale_c.h
 graphicsmagick-1.3.16/magick/log.c
 graphicsmagick-1.3.16/magick/module.c
 graphicsmagick-1.3.16/magick/nt_feature.c
 graphicsmagick-1.3.16/magick/render.c
 graphicsmagick-1.3.16/magick/static.c
 graphicsmagick-1.3.16/magick/type.c
 graphicsmagick-1.3.16/magick/utility.c
 graphicsmagick-1.3.16/magick/utility.h
⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % cd graphicsmagick-1.3.16 
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt pop
Patch CVE-2016-5241.patch does not remove cleanly (refresh it or enforce with -f)


Just trying to see if I can fix this now using the files under .pc as a
reference. I notice that the package doesn't have the
debian/source/format file however I don't think this explains the
missing debian/patches directory. Currently got to the stage where quilt
is happy, but dpkg-source isn't. dpkg-source reports fuzz in the patch,
and quilt refresh says there are no changes to the patch.

⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] 2 % quilt pop -a
Removing patch CVE-2016-5241.patch
Restoring magick/render.c

Removing patch CVE-2016-5240.patch
Restoring magick/render.c

No patches applied
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh
Applying patch CVE-2016-5240.patch
patching file magick/render.c

Now at patch CVE-2016-5240.patch
Patch CVE-2016-5240.patch is unchanged
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh
Applying patch CVE-2016-5241.patch
patching file magick/render.c

Now at patch CVE-2016-5241.patch
Patch CVE-2016-5241.patch is unchanged

[...]

dpkg-source: info: using source format '3.0 (quilt)'
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
dpkg-source: info: building graphicsmagick using existing ./graphicsmagick_1.3.16.orig.tar.gz
patching file magick/render.c
Hunk #1 succeeded at 1484 (offset -35 lines).
Hunk #2 succeeded at 1496 (offset -35 lines).
Hunk #3 succeeded at 2388 (offset -86 lines).
Hunk #4 FAILED at 2504.
1 out of 4 hunks FAILED
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch 'CVE-2016-5240.patch' is correctly applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B .pc/CVE-2016-5240.patch/ --reject-file=- < graphicsmagick-1.3.16.orig.lqK_28/debian/patches/CVE-2016-5240.patch gave error exit status 1

-- 
Brian May <bam@debian.org>
Reply to: