graphicsmagick packaging
Hello,
Is this just me? Or has graphicsmagick really been packaged without
debian/patches/*?
⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % dget http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2642 100 2642 0 0 1385 0 0:00:01 0:00:01 --:--:-- 1385
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16.orig.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8531k 100 8531k 0 0 190k 0 0:00:44 0:00:44 --:--:-- 379k
dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 228k 100 228k 0 0 270k 0 --:--:-- --:--:-- --:--:-- 270k
graphicsmagick_1.3.16-1.1+deb7u3.dsc:
Good signature found
validating graphicsmagick_1.3.16.orig.tar.gz
validating graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
All files validated successfully.
dpkg-source: info: extracting graphicsmagick in graphicsmagick-1.3.16
dpkg-source: info: unpacking graphicsmagick_1.3.16.orig.tar.gz
dpkg-source: info: applying graphicsmagick_1.3.16-1.1+deb7u3.diff.gz
dpkg-source: info: upstream files that have been modified:
graphicsmagick-1.3.16/.pc/.quilt_patches
graphicsmagick-1.3.16/.pc/.quilt_series
graphicsmagick-1.3.16/.pc/.version
graphicsmagick-1.3.16/.pc/CVE-2016-5240.patch/magick/render.c
graphicsmagick-1.3.16/.pc/CVE-2016-5241.patch/magick/render.c
graphicsmagick-1.3.16/.pc/applied-patches
graphicsmagick-1.3.16/PerlMagick/Makefile.PL
graphicsmagick-1.3.16/coders/gif.c
graphicsmagick-1.3.16/coders/locale.c
graphicsmagick-1.3.16/coders/mvg.c
graphicsmagick-1.3.16/coders/png.c
graphicsmagick-1.3.16/coders/svg.c
graphicsmagick-1.3.16/config/delegates.mgk.in
graphicsmagick-1.3.16/magick/GraphicsMagick-config.1
graphicsmagick-1.3.16/magick/GraphicsMagick-config.in
graphicsmagick-1.3.16/magick/blob.c
graphicsmagick-1.3.16/magick/color_lookup.c
graphicsmagick-1.3.16/magick/command.c
graphicsmagick-1.3.16/magick/delegate.c
graphicsmagick-1.3.16/magick/effect.c
graphicsmagick-1.3.16/magick/image.c
graphicsmagick-1.3.16/magick/locale_c.h
graphicsmagick-1.3.16/magick/log.c
graphicsmagick-1.3.16/magick/module.c
graphicsmagick-1.3.16/magick/nt_feature.c
graphicsmagick-1.3.16/magick/render.c
graphicsmagick-1.3.16/magick/static.c
graphicsmagick-1.3.16/magick/type.c
graphicsmagick-1.3.16/magick/utility.c
graphicsmagick-1.3.16/magick/utility.h
⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % cd graphicsmagick-1.3.16
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt pop
Patch CVE-2016-5241.patch does not remove cleanly (refresh it or enforce with -f)
Just trying to see if I can fix this now using the files under .pc as a
reference. I notice that the package doesn't have the
debian/source/format file however I don't think this explains the
missing debian/patches directory. Currently got to the stage where quilt
is happy, but dpkg-source isn't. dpkg-source reports fuzz in the patch,
and quilt refresh says there are no changes to the patch.
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] 2 % quilt pop -a
Removing patch CVE-2016-5241.patch
Restoring magick/render.c
Removing patch CVE-2016-5240.patch
Restoring magick/render.c
No patches applied
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh
Applying patch CVE-2016-5240.patch
patching file magick/render.c
Now at patch CVE-2016-5240.patch
Patch CVE-2016-5240.patch is unchanged
⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh
Applying patch CVE-2016-5241.patch
patching file magick/render.c
Now at patch CVE-2016-5241.patch
Patch CVE-2016-5241.patch is unchanged
[...]
dpkg-source: info: using source format '3.0 (quilt)'
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
diff: standard output: Broken pipe
dpkg-source: info: building graphicsmagick using existing ./graphicsmagick_1.3.16.orig.tar.gz
patching file magick/render.c
Hunk #1 succeeded at 1484 (offset -35 lines).
Hunk #2 succeeded at 1496 (offset -35 lines).
Hunk #3 succeeded at 2388 (offset -86 lines).
Hunk #4 FAILED at 2504.
1 out of 4 hunks FAILED
dpkg-source: info: the patch has fuzz which is not allowed, or is malformed
dpkg-source: info: if patch 'CVE-2016-5240.patch' is correctly applied by quilt, use 'quilt refresh' to update it
dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B .pc/CVE-2016-5240.patch/ --reject-file=- < graphicsmagick-1.3.16.orig.lqK_28/debian/patches/CVE-2016-5240.patch gave error exit status 1
--
Brian May <bam@debian.org>
Reply to: