Greetings all, I have prepared an update of ImageMagick that takes the work Ben Hutchings started and incorporates patches for all remaining security issues which have been fixed in jessie [0].
The nature of my request in this message is:
1. I would appreciate it if someone would take a look at the package
(.dsc [1], .changes [2]) and see if anything appears out of place.
The changes that Ben made combined with the changes that I made
total about 80 patches, so I would feel more comfortable uploading
if someone else weighed in.
2. Also, I am wondering how to handle testing. After I finished
integrating all of the patches I found that the test suite failed to
pass (though this did not cause the package to fail to build). I
built the last wheezy version of ImageMagick (deb7u7) and found that
all the tests passed for that version. I carefully audited the
patches, found some mistakes which I corrected, found some changes
which had later changes in upstream to partially revert or correct,
etc. After all of that, I have the unit tests passing again. Is
there more extensive testing that I need to do?
3. I am seeking advice about how to handle the issues which do not have
a CVE ID. On the security tracker page the issues to which I refer
appear with an ID starting with TEMP. For the moment I have
annotated the changelog entries that correspond to specific CVE IDs
with those IDs and, based on the pattern in Ben's changelog entries,
I have not specifically annotated the issues. Is this the correct
approach? When I post the DLA, would I likewise list those issues
without specific IDs?
I understand if the review takes some time, but please post back to the
list to let me and others know that you are reviewing these packages.
That will prevent duplication of effort and will also let me know that
someone is looking. If hear nothing by Wednesday evening (EST) then I
will proceed with uploading the package I have built and release a
corresponding DLA.
Regards,
-Roberto
[0] https://security-tracker.debian.org/tracker/source-package/imagemagick
[1] http://people.debian.org/~roberto/imagemagick_6.7.7.10-5+deb7u8.dsc
[2]
http://people.debian.org/~roberto/imagemagick_6.7.7.10-5+deb7u8_amd64.changes
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
signature.asc
Description: Digital signature
