Package: release.debian.org Severity: normal Tags: bookworm User: [email protected], [email protected] Usertags: pu X-Debbugs-Cc: [email protected] Control: affects -1 + src:vtk9
[ Reason ] This package is affected by #1114938. There were backports of security fixes to expat in version expat 2.5.0-1+deb12u2 which as a result removed one possible way to parse xml files with raw binary data in it. [ Impact ] Vtk9 is not able to parse vtk files with raw binary data in it, a common output file format for scientific simulation. It means that visualizing those in paraview or other viewers is not possible. Because of this build tests of dune-grid also broke. Those use vtk9 to check the correct output of vtk files with binary data in them. Due to this it is FTBFS, currently. [ Tests ] Manual build and install are tested by me and Santiago Vila. I also tested on example files that visualization with paraview works now. [ Risks ] The patch is cherry-picked from the trixie release (was introduced there in version 9.1.0+really9.1.0+dfsg2-8, see #1064762. Back then the fix was backported from upstream. Hence it should be well tested by now and the risk of breaking functionality rather low. [ Checklist ] [X] *all* changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in (old)stable [X ] the issue is verified as fixed in unstable [ Changes ] The patch added on this pu prevents vtk9 from passing appended binary data to libexpat after it artificially has ended the xmk document but tracks it internally in vtk9 instead. The same changes are part of upstream and trixie
diff -Nru vtk9-9.1.0+really9.1.0+dfsg2/debian/changelog vtk9-9.1.0+really9.1.0+dfsg2/debian/changelog --- vtk9-9.1.0+really9.1.0+dfsg2/debian/changelog 2023-02-25 09:59:35.000000000 +0100 +++ vtk9-9.1.0+really9.1.0+dfsg2/debian/changelog 2025-09-15 11:36:36.000000000 +0200 @@ -1,3 +1,12 @@ +vtk9 (9.1.0+really9.1.0+dfsg2-5.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Cherry-pick patch from upstream to fix issue with newer expat and + appended data. (Closes: 1114938) + + + -- Markus Blatt <[email protected]> Mon, 15 Sep 2025 11:36:36 +0200 + vtk9 (9.1.0+really9.1.0+dfsg2-5) unstable; urgency=medium [ Elvis Stansvik ] diff -Nru vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/09_newer_expat.patch vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/09_newer_expat.patch --- vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/09_newer_expat.patch 1970-01-01 01:00:00.000000000 +0100 +++ vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/09_newer_expat.patch 2025-09-15 11:36:36.000000000 +0200 @@ -0,0 +1,64 @@ +From: Ben Boeckel <[email protected]> +Date: Mon, 15 Apr 2024 22:22:22 -0400 +Subject: vtkXMLDataParser: track `AppendedData` state explicitly +Bug-Debian: https://bugs.debian.org/1064762 +Origin: upstream,https://gitlab.kitware.com/vtk/vtk/-/commit/3efa07ad277efe5c1d11a2ef2b907c095f68bbef +Forwarded: not-needed + +Newer `libexpat` doesn't like being given the appended data after the +artificially ended document anymore. Avoid pushing it through to its +parser. + +--- + IO/XMLParser/vtkXMLDataParser.cxx | 6 +++++- + IO/XMLParser/vtkXMLDataParser.h | 3 +++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +--- vtk9.orig/IO/XMLParser/vtkXMLDataParser.cxx ++++ vtk9/IO/XMLParser/vtkXMLDataParser.cxx +@@ -47,6 +47,7 @@ + this->RootElement = nullptr; + this->AppendedDataPosition = 0; + this->AppendedDataMatched = 0; ++ this->AppendedDataFound = false; + this->DataStream = nullptr; + this->InlineDataStream = vtkBase64InputStream::New(); + this->AppendedDataStream = vtkBase64InputStream::New(); +@@ -99,6 +100,7 @@ + { + this->Superclass::PrintSelf(os, indent); + os << indent << "AppendedDataPosition: " << this->AppendedDataPosition << "\n"; ++ os << indent << "AppendedDataFound: " << this->AppendedDataFound << "\n"; + if (this->RootElement) + { + this->RootElement->PrintXML(os, indent); +@@ -227,7 +229,7 @@ + // If we have reached the appended data section, we stop parsing. + // This prevents the XML parser from having to walk over the entire + // appended data section. +- if (this->AppendedDataPosition) ++ if (this->AppendedDataPosition || this->AppendedDataFound) + { + return 1; + } +@@ -448,6 +450,8 @@ + { + return 0; + } ++ ++ this->AppendedDataFound = true; + } + + return 1; +--- vtk9.orig/IO/XMLParser/vtkXMLDataParser.h ++++ vtk9/IO/XMLParser/vtkXMLDataParser.h +@@ -215,6 +215,9 @@ + // How much of the string "<AppendedData" has been matched in input. + int AppendedDataMatched; + ++ // Whether AppendedData has been dealt with or not. ++ bool AppendedDataFound; ++ + // The byte order of the binary input. + int ByteOrder; + diff -Nru vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/series vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/series --- vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/series 2023-02-25 09:49:31.000000000 +0100 +++ vtk9-9.1.0+really9.1.0+dfsg2/debian/patches/series 2025-09-15 11:36:36.000000000 +0200 @@ -1,3 +1,4 @@ +09_newer_expat.patch 10_matplotlib.patch 20_do_not_link_against_socket.patch 30_drop_medical_example.patch
