On Sun, 3 Jul 2022 17:59:53 -0400
Roberto C. Sánchez <robe...@debian.org> wrote:
>On Sat, Jul 02, 2022 at 01:30:26AM +0200, Andreas Rönnquist wrote:
>> Hello -
>>
>> I have updated the imagemagick package in LTS, with fixes for some
>> CVE's, but then it doesn't build properly on the buildd - some tests
>> fail on the XBM format -
>>
>> The frustrating thing is that it builds just fine locally, both on
>> amd64 and on i386, but on the buildd it has built finally on amd64 (on
>> the third try, but on i386 it has done 5 without succeeding). [1]
>>
>> And I do not believe it is my changes that does it - it has failed
>> similarly on earlier versions, but there it hasn't required as many
>> rebuilds to succeed, so I don't believe that my changes are the cause -
>> the test failures on the version before the one I uploaded are identical.
>>
>> I ask here for help now, after asking on the imagemagick mailinglist
>> [2] without a reply for some time - so I am getting out of options -
>>
>> Help would be very much appreciated.
>>
>Hi Andreas,
>
>I have looked at your patches for ImageMagick 8:6.9.7.4+dfsg-11+deb9u14
>and it appears that the patch for CVE-2021-3596 may have an error in the
>way it was backported.
>
>After the commit in question (27f314e2e6), the upstream code has this
>structure starting at line 3605:
>
>if (n > 0)
> {
> ...
> }
>if (svg_info->parser == (xmlParserCtxtPtr) NULL)
> {
> ...
> }
>
>However, your patch puts the second if statement within the scope of the
>first, like this:
>
>if (n > 0)
> {
> ...
> if (svg_info->parser == (xmlParserCtxtPtr) NULL)
> {
> ...
> }
> }
>
>I suspect that may have something to do with the test failures you are
>observing. It may be necessary to correct the patch and upload again.
>
Oh - you are right - that is indeed a mistake from my side. I will fix
this and re-upload - however, the version before my upload shows similar
build errors (even if it managed to build that one on all arches after
some tries), so I have a slight suspicion that it will fail again, but
well see - Let's hope for the best!
Thank you very much for the help!
best
/Andreas
