Hello, Is this just me? Or has graphicsmagick really been packaged without debian/patches/*?
⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % dget http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.dsc % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2642 100 2642 0 0 1385 0 0:00:01 0:00:01 --:--:-- 1385 dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16.orig.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 8531k 100 8531k 0 0 190k 0 0:00:44 0:00:44 --:--:-- 379k dget: retrieving http://security.debian.org/debian-security/pool/updates/main/g/graphicsmagick/graphicsmagick_1.3.16-1.1+deb7u3.diff.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 228k 100 228k 0 0 270k 0 --:--:-- --:--:-- --:--:-- 270k graphicsmagick_1.3.16-1.1+deb7u3.dsc: Good signature found validating graphicsmagick_1.3.16.orig.tar.gz validating graphicsmagick_1.3.16-1.1+deb7u3.diff.gz All files validated successfully. dpkg-source: info: extracting graphicsmagick in graphicsmagick-1.3.16 dpkg-source: info: unpacking graphicsmagick_1.3.16.orig.tar.gz dpkg-source: info: applying graphicsmagick_1.3.16-1.1+deb7u3.diff.gz dpkg-source: info: upstream files that have been modified: graphicsmagick-1.3.16/.pc/.quilt_patches graphicsmagick-1.3.16/.pc/.quilt_series graphicsmagick-1.3.16/.pc/.version graphicsmagick-1.3.16/.pc/CVE-2016-5240.patch/magick/render.c graphicsmagick-1.3.16/.pc/CVE-2016-5241.patch/magick/render.c graphicsmagick-1.3.16/.pc/applied-patches graphicsmagick-1.3.16/PerlMagick/Makefile.PL graphicsmagick-1.3.16/coders/gif.c graphicsmagick-1.3.16/coders/locale.c graphicsmagick-1.3.16/coders/mvg.c graphicsmagick-1.3.16/coders/png.c graphicsmagick-1.3.16/coders/svg.c graphicsmagick-1.3.16/config/delegates.mgk.in graphicsmagick-1.3.16/magick/GraphicsMagick-config.1 graphicsmagick-1.3.16/magick/GraphicsMagick-config.in graphicsmagick-1.3.16/magick/blob.c graphicsmagick-1.3.16/magick/color_lookup.c graphicsmagick-1.3.16/magick/command.c graphicsmagick-1.3.16/magick/delegate.c graphicsmagick-1.3.16/magick/effect.c graphicsmagick-1.3.16/magick/image.c graphicsmagick-1.3.16/magick/locale_c.h graphicsmagick-1.3.16/magick/log.c graphicsmagick-1.3.16/magick/module.c graphicsmagick-1.3.16/magick/nt_feature.c graphicsmagick-1.3.16/magick/render.c graphicsmagick-1.3.16/magick/static.c graphicsmagick-1.3.16/magick/type.c graphicsmagick-1.3.16/magick/utility.c graphicsmagick-1.3.16/magick/utility.h ⌁ [brian:~/tree/debian/debian-lts/wheezy/graphicsmagick] % cd graphicsmagick-1.3.16 ⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt pop Patch CVE-2016-5241.patch does not remove cleanly (refresh it or enforce with -f) Just trying to see if I can fix this now using the files under .pc as a reference. I notice that the package doesn't have the debian/source/format file however I don't think this explains the missing debian/patches directory. Currently got to the stage where quilt is happy, but dpkg-source isn't. dpkg-source reports fuzz in the patch, and quilt refresh says there are no changes to the patch. ⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] 2 % quilt pop -a Removing patch CVE-2016-5241.patch Restoring magick/render.c Removing patch CVE-2016-5240.patch Restoring magick/render.c No patches applied ⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh Applying patch CVE-2016-5240.patch patching file magick/render.c Now at patch CVE-2016-5240.patch Patch CVE-2016-5240.patch is unchanged ⌁ [brian:~/tree … ezy/graphicsmagick/graphicsmagick-1.3.16] % quilt push ; quilt refresh Applying patch CVE-2016-5241.patch patching file magick/render.c Now at patch CVE-2016-5241.patch Patch CVE-2016-5241.patch is unchanged [...] dpkg-source: info: using source format '3.0 (quilt)' diff: standard output: Broken pipe diff: standard output: Broken pipe diff: standard output: Broken pipe diff: standard output: Broken pipe diff: standard output: Broken pipe dpkg-source: info: building graphicsmagick using existing ./graphicsmagick_1.3.16.orig.tar.gz patching file magick/render.c Hunk #1 succeeded at 1484 (offset -35 lines). Hunk #2 succeeded at 1496 (offset -35 lines). Hunk #3 succeeded at 2388 (offset -86 lines). Hunk #4 FAILED at 2504. 1 out of 4 hunks FAILED dpkg-source: info: the patch has fuzz which is not allowed, or is malformed dpkg-source: info: if patch 'CVE-2016-5240.patch' is correctly applied by quilt, use 'quilt refresh' to update it dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -E -b -B .pc/CVE-2016-5240.patch/ --reject-file=- < graphicsmagick-1.3.16.orig.lqK_28/debian/patches/CVE-2016-5240.patch gave error exit status 1 -- Brian May <b...@debian.org>
