Bug#987300: unblock: imagemagick/8:6.9.11.60+dfsg-1.3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: carnil@debian.org,jmm@debian.org,roucaries.bastien@gmail.com,rouca@debian.org
Dear release team,
Please unblock package imagemagick
Initially both 8:6.9.11.60+dfsg-1.1 (independtly) and
8:6.9.11.60+dfsg-1.2 was unblocked. The later was done to bring inline
with the previous changes done in stable already for imagemagick to
disable the ghostscript handled formats by default in the imagemagick
policy (See: DSA 4712-1 / imagemagick 8:6.9.10.23+dfsg-2.1+deb10u1)
Due to an oversight on my end, this caused obviously the own
imagemagick autopkgtests to fail, cf. #987247. The autopkgtests ware
changed to not try to actually perform now the PDF related tests,
which are now correct to not function.
Related, the changes uncovered autopkgtest failures in bookletimposer
filled as #987249. The problem here is that for performing the tests,
bookletimposer 'integration' test needs 4 PDFs to test the
bookletimposer functionality, and used for that the 'convert xc:none
-page A4 $i.pdf' conmmand which will fail due to the imagemagick
changes, in consequence the autopkgtest fails though that was not the
actual part of the tests which wanted to be performed.
I'm attaching both the debdiff between the already unblocked versions
but for completeness as well the debdiff against the current version
in testing.
Can you unblock imagemagick accordingly? bookletimposer autopkgtest
should probably independly be adjusted to not use imagemagick to
generate the initial set of PDFs to then further test the
functionality of bookletimposer.
Regards,
Salvatore
diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog
--- imagemagick-6.9.11.60+dfsg/debian/changelog 2021-04-19 20:16:51.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/changelog 2021-04-20 16:37:59.000000000 +0200
@@ -1,3 +1,11 @@
+imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * autopkgtest: Drop PDF related tests which will fail after disabling
+ ghostscript handled formats by default (Closes: #987247)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 20 Apr 2021 16:37:59 +0200
+
imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/control imagemagick-6.9.11.60+dfsg/debian/tests/control
--- imagemagick-6.9.11.60+dfsg/debian/tests/control 2021-04-19 20:15:14.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/tests/control 2021-04-20 16:37:59.000000000 +0200
@@ -1,11 +1,11 @@
Tests: rose-6.q16
-Depends: imagemagick-6.q16, libmagickcore-6.q16-6-extra, ghostscript, netpbm
+Depends: imagemagick-6.q16, libmagickcore-6.q16-6-extra, netpbm
Tests: perlmagick-6.q16
Depends: libimage-magick-q16-perl, libmagickcore-6.q16-6-extra, libaliased-perl, gsfonts
Tests: rose-6.q16hdri
-Depends: imagemagick-6.q16hdri, libmagickcore-6.q16hdri-6-extra, ghostscript, netpbm
+Depends: imagemagick-6.q16hdri, libmagickcore-6.q16hdri-6-extra, netpbm
Tests: perlmagick-6.q16hdri
Depends: libimage-magick-q16hdri-perl, libmagickcore-6.q16hdri-6-extra, libaliased-perl, gsfonts
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16
--- imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 2021-04-19 20:15:14.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im6.q16
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri
--- imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri 2021-04-19 20:15:14.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im6.q16hdri
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in
--- imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in 2021-04-19 20:15:14.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in 2021-04-20 16:37:59.000000000 +0200
@@ -1,5 +1,5 @@
Tests: rose-${IMVERSION}.${QUANTUMDEPTH}
-Depends: imagemagick-${IMVERSION}.${QUANTUMDEPTH}, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, ghostscript, netpbm
+Depends: imagemagick-${IMVERSION}.${QUANTUMDEPTH}, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, netpbm
Tests: perlmagick-${IMVERSION}.${QUANTUMDEPTH}
Depends: libimage-magick-${QUANTUMDEPTH}-perl, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, libaliased-perl, gsfonts
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in
--- imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in 2021-04-19 20:15:14.000000000 +0200
+++ imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im${IMVERSION}.${QUANTUMDEPTH}
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
diff -Nru imagemagick-6.9.11.60+dfsg/debian/changelog imagemagick-6.9.11.60+dfsg/debian/changelog
--- imagemagick-6.9.11.60+dfsg/debian/changelog 2021-02-01 17:22:02.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/changelog 2021-04-20 16:37:59.000000000 +0200
@@ -1,3 +1,25 @@
+imagemagick (8:6.9.11.60+dfsg-1.3) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * autopkgtest: Drop PDF related tests which will fail after disabling
+ ghostscript handled formats by default (Closes: #987247)
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Tue, 20 Apr 2021 16:37:59 +0200
+
+imagemagick (8:6.9.11.60+dfsg-1.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Disable ghostscript handled formats based on -SAFER insecurity
+
+ -- Salvatore Bonaccorso <carnil@debian.org> Mon, 19 Apr 2021 20:16:51 +0200
+
+imagemagick (8:6.9.11.60+dfsg-1.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Import upstream patch to fix font size (Closes: #980202).
+
+ -- Jochen Sprickerhof <jspricke@debian.org> Tue, 13 Apr 2021 20:58:45 +0200
+
imagemagick (8:6.9.11.60+dfsg-1) unstable; urgency=high
* New upstream version
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch imagemagick-6.9.11.60+dfsg/debian/patches/0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch 1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch 2021-04-19 20:15:14.000000000 +0200
@@ -0,0 +1,32 @@
+From 650f0f7ecfaee42b3da89a04b92b05f27fe786e9 Mon Sep 17 00:00:00 2001
+From: Cristy <mikayla-grace@urban-warrior.org>
+Date: Sat, 10 Apr 2021 12:15:54 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick6/issues/145
+
+---
+ magick/annotate.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/magick/annotate.c b/magick/annotate.c
+index 29c8bbe74..20fbf7bb1 100644
+--- a/magick/annotate.c
++++ b/magick/annotate.c
+@@ -1484,6 +1484,15 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
+ metrics->pixels_per_em.y=face->size->metrics.y_ppem;
+ metrics->ascent=(double) face->size->metrics.ascender/64.0;
+ metrics->descent=(double) face->size->metrics.descender/64.0;
++ if (face->size->metrics.ascender == 0)
++ {
++ /*
++ Sanitize buggy ascender and descender values.
++ */
++ metrics->ascent=face->size->metrics.y_ppem;
++ if (face->size->metrics.descender == 0)
++ metrics->descent=face->size->metrics.y_ppem/-3.5;
++ }
+ metrics->width=0;
+ metrics->origin.x=0;
+ metrics->origin.y=0;
+--
+2.31.0
+
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/0023-disable-ghostscript-formats.patch imagemagick-6.9.11.60+dfsg/debian/patches/0023-disable-ghostscript-formats.patch
--- imagemagick-6.9.11.60+dfsg/debian/patches/0023-disable-ghostscript-formats.patch 1970-01-01 01:00:00.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/patches/0023-disable-ghostscript-formats.patch 2021-04-19 20:15:35.000000000 +0200
@@ -0,0 +1,24 @@
+Author: Steve Beattie <steve.beattie@canonical.com>
+Subject: disable ghostscript handled formats based on -SAFER insecurity
+
+Based on Tavis Ormandy's Recommendations
+updated: 2019-11-11
+
+---
+ config/policy.xml | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/config/policy.xml
++++ b/config/policy.xml
+@@ -86,4 +86,11 @@
+ <policy domain="delegate" rights="none" pattern="HTTP" />
+ <!-- in order to avoid to get image with password text -->
+ <policy domain="path" rights="none" pattern="@*"/>
++ <!-- disable ghostscript format types -->
++ <policy domain="coder" rights="none" pattern="PS" />
++ <policy domain="coder" rights="none" pattern="PS2" />
++ <policy domain="coder" rights="none" pattern="PS3" />
++ <policy domain="coder" rights="none" pattern="EPS" />
++ <policy domain="coder" rights="none" pattern="PDF" />
++ <policy domain="coder" rights="none" pattern="XPS" />
+ </policymap>
diff -Nru imagemagick-6.9.11.60+dfsg/debian/patches/series imagemagick-6.9.11.60+dfsg/debian/patches/series
--- imagemagick-6.9.11.60+dfsg/debian/patches/series 2021-02-01 17:20:25.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/patches/series 2021-04-19 20:15:53.000000000 +0200
@@ -20,3 +20,5 @@
0020-Fix-a-typo-in-manpage.patch
0021-Finalize-fixing-error-in-html.patch
0022-FIx-error-in-new-upstream-html.patch
+0001-https-github.com-ImageMagick-ImageMagick6-issues-145.patch
+0023-disable-ghostscript-formats.patch
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/control imagemagick-6.9.11.60+dfsg/debian/tests/control
--- imagemagick-6.9.11.60+dfsg/debian/tests/control 2021-02-01 17:20:23.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/tests/control 2021-04-20 16:37:59.000000000 +0200
@@ -1,11 +1,11 @@
Tests: rose-6.q16
-Depends: imagemagick-6.q16, libmagickcore-6.q16-6-extra, ghostscript, netpbm
+Depends: imagemagick-6.q16, libmagickcore-6.q16-6-extra, netpbm
Tests: perlmagick-6.q16
Depends: libimage-magick-q16-perl, libmagickcore-6.q16-6-extra, libaliased-perl, gsfonts
Tests: rose-6.q16hdri
-Depends: imagemagick-6.q16hdri, libmagickcore-6.q16hdri-6-extra, ghostscript, netpbm
+Depends: imagemagick-6.q16hdri, libmagickcore-6.q16hdri-6-extra, netpbm
Tests: perlmagick-6.q16hdri
Depends: libimage-magick-q16hdri-perl, libmagickcore-6.q16hdri-6-extra, libaliased-perl, gsfonts
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16
--- imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 2021-02-01 17:20:23.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im6.q16
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri
--- imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri 2021-02-01 17:20:23.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/tests/rose-6.q16hdri 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im6.q16hdri
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in
--- imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in 2021-02-01 17:20:23.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/tests.d/control.quantum.in 2021-04-20 16:37:59.000000000 +0200
@@ -1,5 +1,5 @@
Tests: rose-${IMVERSION}.${QUANTUMDEPTH}
-Depends: imagemagick-${IMVERSION}.${QUANTUMDEPTH}, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, ghostscript, netpbm
+Depends: imagemagick-${IMVERSION}.${QUANTUMDEPTH}, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, netpbm
Tests: perlmagick-${IMVERSION}.${QUANTUMDEPTH}
Depends: libimage-magick-${QUANTUMDEPTH}-perl, libmagickcore-${IMVERSION}.${QUANTUMDEPTH}-${CORESOVERSION}-extra, libaliased-perl, gsfonts
diff -Nru imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in
--- imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in 2021-02-01 17:20:23.000000000 +0100
+++ imagemagick-6.9.11.60+dfsg/debian/tests.d/rose-IMVERSION.QUANTUMDEPTH.in 2021-04-20 16:37:59.000000000 +0200
@@ -3,7 +3,6 @@
CONVERT=convert-im${IMVERSION}.${QUANTUMDEPTH}
set -e
-$CONVERT rose: pdf:/dev/null
$CONVERT rose: png:/dev/null
$CONVERT rose: jpeg:/dev/null
$CONVERT rose: bmp:/dev/null
Reply to: