ImageMagick Unresponsive Maintainer process - hubbitus (Pavel Alexeev)
Sources were last updated 2016-01-06 13:43:26 - https://koji.fedoraproject.org/koji/packageinfo?packageID=425
Since then there have been numerous security vulnerabilities including ImageTragick.
I commented here: https://bugzilla.redhat.com/show_bug.cgi?id=1299275#c153 that "Many security bugs were closed automatically when F23 went EOL. Those are the only 2 versions supported upstream @ https://www.imagemagick.org/download/linux/CentOS/x86_64/ "
Ouch.
Since the unresponsive maintainer process takes some time, could a provenpackager please update ImageMagick while we wait for this to go through?
It is a serious oversight that our security process can fail like this for such a major package when the maintainer is not watching Bugzilla. :/
Michael
On 27 July 2017 at 13:11, Michael Catanzaro mike.catanzaro@gmail.com wrote:
Ouch.
Since the unresponsive maintainer process takes some time, could a provenpackager please update ImageMagick while we wait for this to go through?
It is a serious oversight that our security process can fail like this for such a major package when the maintainer is not watching Bugzilla. :/
Looks like we have a new volunteer for the Security process. Which is where this comes and goes over years. We have good years with various people helping to keep track of security related tasks and helping with packages. And then they all burn out from being told not to touch packages without permission or similar things and we have bad years. Then someone comes and says "It is a serious oversight" and get put in the position of fixing it.. and we do the dance again.
Michael
devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org
On 27 July 2017 at 13:37, Stephen John Smoogen smooge@gmail.com wrote:
On 27 July 2017 at 13:11, Michael Catanzaro mike.catanzaro@gmail.com wrote:
Ouch.
Since the unresponsive maintainer process takes some time, could a provenpackager please update ImageMagick while we wait for this to go through?
It is a serious oversight that our security process can fail like this for such a major package when the maintainer is not watching Bugzilla. :/
Looks like we have a new volunteer for the Security process. Which is where this comes and goes over years. We have good years with various people helping to keep track of security related tasks and helping with packages. And then they all burn out from being told not to touch packages without permission or similar things and we have bad years. Then someone comes and says "It is a serious oversight" and get put in the position of fixing it.. and we do the dance again
And I hit send too soon.
I am not saying this is a good method and we should probably find a new way that can be staffed and enforced. However we have a lot of other things we should be doing and only so many people with time who can do them. So what is the priority of this over all of the other items that needed to be dealt with... which is a question for consensus over peanut gallery points from me.
-- Stephen J Smoogen.
On 07/27/2017 10:11 AM, Michael Catanzaro wrote:
Ouch.
Since the unresponsive maintainer process takes some time, could a provenpackager please update ImageMagick while we wait for this to go through?
I can try and update to the latest 6.x version... but looks like 7.x changes api and we need to look at how that affects the
% sudo dnf repoquery --srpm --whatrequires ImageMagick | wc -l 30
packages that BuildRequire it.
a2ps-0:4.14-30.fc26.src anyremote-0:6.6.1-2.fc26.src caja-extensions-0:1.18.1-1.fc27.src c-graph-0:2.0-10.fc26.src conky-manager-0:2.3.4-3.fc26.src dblatex-0:0.3.10-1.fc27.src epix-0:1.2.16-2.fc26.src fbida-0:2.09-11.fc26.src freewrl-0:3.0.0-2.20170208git621ae4e.fc26.src gallery2-0:2.3.2-16.fc26.src geeqie-0:1.3-3.fc27.src gegl03-0:0.3.18-1.fc27.src gnome-photos-0:3.25.3-1.fc27.src gyachi-0:1.2.11-14.fc24.src gyazo-0:1.2-2.fc26.src icewm-0:1.3.8-12.fc26.src ImageMagick-0:6.9.3.0-7.fc27.src jumpnbump-0:1.60-2.fc27.src latex2rtf-0:2.3.16-1.fc27.src libpst-0:0.6.71-1.fc27.src lyx-0:2.2.3-2.fc27.src mediawiki-0:1.29.0-1.fc27.src mtpaint-0:3.40-21.fc26.src nautilus-image-converter-0:0.3.1-0.11.git430afce31.fc26.src nemo-extensions-0:3.4.0-2.fc27.src perl-Panotools-Script-0:0.28-11.fc27.src phatch-0:0.2.7-27.fc26.src playonlinux-0:4.2.12-1.fc27.src rubygem-rmagick-0:2.16.0-3.fc26.src w3m-0:0.5.3-32.git20170102.fc27.src
kevin
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something. ;)
kevin
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
Am 28.07.2017 um 16:20 schrieb Michael Cronenworth:
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
I've rebuilt Emacs in Rawhide, but it's still waiting to get signed.
On 07/28/2017 07:20 AM, Michael Cronenworth wrote:
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
Yeah, luckily there's very few things that actually link against it. Most everything using it calls out to it's command line binaries.
Looks like the list is:
vips autotrace
if I got my query right.
kevin
On 07/28/2017 04:43 PM, Kevin Fenzi wrote:
On 07/28/2017 07:20 AM, Michael Cronenworth wrote:
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
Yeah, luckily there's very few things that actually link against it. Most everything using it calls out to it's command line binaries.
Looks like the list is:
vips autotrace
if I got my query right.
Which I did not. ;)
Thats the -devel package ones, there's also -c++-devel:
synfig
kevin
On Sat, Jul 29, 2017 at 2:45 AM, Kevin Fenzi kevin@scrye.com wrote:
On 07/28/2017 04:43 PM, Kevin Fenzi wrote:
On 07/28/2017 07:20 AM, Michael Cronenworth wrote:
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
Yeah, luckily there's very few things that actually link against it. Most everything using it calls out to it's command line binaries.
Looks like the list is:
vips autotrace
if I got my query right.
Which I did not. ;)
Thats the -devel package ones, there's also -c++-devel:
synfig
Unless I'm missing something, the query shouldn't be run against any devel in the first place, as it's the above mentioned soname change in -libs that we're after, right?
I think this would give a more correct picture:
$ dnf -q repoquery --disablerepo="*" --enablerepo=rawhide --alldeps --qf "%{SOURCERPM}" --whatrequires "libMagickCore-6.Q16.so.2()(64bit)" | sort -u autotrace-0.31.1-44.fc26.src.rpm converseen-0.9.6.2-1.fc27.src.rpm dmtx-utils-0.7.4-2.fc27.src.rpm drawtiming-0.7.1-20.fc26.src.rpm emacs-25.2-2.fc25.src.rpm emacs-25.2-3.fc27.src.rpm gtatool-2.2.0-4.fc27.src.rpm imageinfo-0.05-25.fc26.src.rpm ImageMagick-6.9.3.0-6.fc25.src.rpm ImageMagick-6.9.3.0-7.fc27.src.rpm inkscape-0.92.1-4.20170510bzr15686.fc25.src.rpm inkscape-0.92.1-5.20170510bzr15686.fc27.src.rpm kxstitch-1.2.0-7.fc26.src.rpm perl-Image-SubImageFind-0.03-11.fc27.src.rpm pfstools-2.0.5-4.fc27.src.rpm php-magickwand-1.0.9.2-9.fc24.src.rpm php-pecl-imagick-3.4.3-0.3.RC1.fc26.src.rpm psiconv-0.9.8-20.fc26.src.rpm q-7.11-27.fc27.src.rpm ripright-0.11-3.fc26.src.rpm rss-glx-0.9.1.p-29.fc26.src.rpm rubygem-rmagick-2.16.0-3.fc26.src.rpm synfig-1.2.0-5.fc27.src.rpm synfigstudio-1.1.10-0.20160706gitd4e547.fc25.src.rpm vdr-scraper2vdr-1.0.5-2.20170611git254122b.fc27.src.rpm vips-8.5.6-1.fc27.src.rpm WindowMaker-0.95.8-1.fc27.src.rpm
On 07/29/2017 12:07 AM, Ville Skyttä wrote:
On Sat, Jul 29, 2017 at 2:45 AM, Kevin Fenzi kevin@scrye.com wrote:
On 07/28/2017 04:43 PM, Kevin Fenzi wrote:
On 07/28/2017 07:20 AM, Michael Cronenworth wrote:
On 07/27/2017 09:29 PM, Kevin Fenzi wrote:
ok. I have pushed 6.9.9-3 to rawhide.
Hopefully I got all the CVE's right in the changelog. If someone wants to check over and make sure I didn't miss any that were fixed in the 6.x branch that would be great.
I'd like to let it run a few days in rawhide before updating stable branches, just in case I missed something.;)
First off, thanks, Kevin.
The update will require rebuilds. It introduces a SONAME change.
libMagickCore-6.Q16.so.2 -> libMagickCore-6.Q16.so.5
Yeah, luckily there's very few things that actually link against it. Most everything using it calls out to it's command line binaries.
Looks like the list is:
vips autotrace
if I got my query right.
Which I did not. ;)
Thats the -devel package ones, there's also -c++-devel:
synfig
Unless I'm missing something, the query shouldn't be run against any devel in the first place, as it's the above mentioned soname change in -libs that we're after, right?
I think this would give a more correct picture:
$ dnf -q repoquery --disablerepo="*" --enablerepo=rawhide --alldeps --qf "%{SOURCERPM}" --whatrequires "libMagickCore-6.Q16.so.2()(64bit)" | sort -u autotrace-0.31.1-44.fc26.src.rpm converseen-0.9.6.2-1.fc27.src.rpm dmtx-utils-0.7.4-2.fc27.src.rpm drawtiming-0.7.1-20.fc26.src.rpm emacs-25.2-2.fc25.src.rpm emacs-25.2-3.fc27.src.rpm gtatool-2.2.0-4.fc27.src.rpm imageinfo-0.05-25.fc26.src.rpm ImageMagick-6.9.3.0-6.fc25.src.rpm ImageMagick-6.9.3.0-7.fc27.src.rpm inkscape-0.92.1-4.20170510bzr15686.fc25.src.rpm inkscape-0.92.1-5.20170510bzr15686.fc27.src.rpm kxstitch-1.2.0-7.fc26.src.rpm perl-Image-SubImageFind-0.03-11.fc27.src.rpm pfstools-2.0.5-4.fc27.src.rpm php-magickwand-1.0.9.2-9.fc24.src.rpm php-pecl-imagick-3.4.3-0.3.RC1.fc26.src.rpm psiconv-0.9.8-20.fc26.src.rpm q-7.11-27.fc27.src.rpm ripright-0.11-3.fc26.src.rpm rss-glx-0.9.1.p-29.fc26.src.rpm rubygem-rmagick-2.16.0-3.fc26.src.rpm synfig-1.2.0-5.fc27.src.rpm synfigstudio-1.1.10-0.20160706gitd4e547.fc25.src.rpm vdr-scraper2vdr-1.0.5-2.20170611git254122b.fc27.src.rpm vips-8.5.6-1.fc27.src.rpm WindowMaker-0.95.8-1.fc27.src.rpm
Indeed so.
I'll try and get these cleaned up as best I can today...
kevin
ok, I rebuilt the following ones. The ones with F next to them failed to build:
autotrace-0.31.1-44.fc26.src.rpm converseen-0.9.6.2-1.fc27.src.rpm dmtx-utils-0.7.4-2.fc27.src.rpm drawtiming-0.7.1-20.fc26.src.rpm F gtatool-2.2.0-4.fc27.src.rpm imageinfo-0.05-25.fc26.src.rpm inkscape-0.92.1-5.20170510bzr15686.fc27.src.rpm kxstitch-1.2.0-7.fc26.src.rpm perl-Image-SubImageFind-0.03-11.fc27.src.rpm pfstools-2.0.6-1.fc27.src.rpm F php-magickwand-1.0.9.2-9.fc24.src.rpm F php-pecl-imagick-3.4.3-0.3.RC1.fc26.src.rpm psiconv-0.9.8-20.fc26.src.rpm q-7.11-27.fc27.src.rpm ripright-0.11-3.fc26.src.rpm rss-glx-0.9.1.p-29.fc26.src.rpm F rubygem-rmagick-2.16.0-3.fc26.src.rpm F synfig-1.2.0-5.fc27.src.rpm (boost issues) F synfigstudio-1.1.10-0.20160706gitd4e547.fc25.src.rpm (needs synfig) vdr-scraper2vdr-1.0.5-2.20170611git254122b.fc27.src.rpm vips-8.5.6-1.fc27.src.rpm WindowMaker-0.95.8-1.fc27.src.rpm F cuneiform (some c++ blowup) k3d
With that I think rawhide should be back on track.
If all looks well for a bit I guess I can try and do f25/f26.
kevin
Kevin Fenzi wrote on 08/01/2017 04:13 AM:
ok, I rebuilt the following ones. The ones with F next to them failed to build:
F rubygem-rmagick-2.16.0-3.fc26.src.rpm
Fixed on rawhide.
Regards, Mamoru
On Mon, Jul 31, 2017 at 12:13 PM, Kevin Fenzi kevin@scrye.com wrote:
ok, I rebuilt the following ones. The ones with F next to them failed to build:
autotrace-0.31.1-44.fc26.src.rpm converseen-0.9.6.2-1.fc27.src.rpm dmtx-utils-0.7.4-2.fc27.src.rpm drawtiming-0.7.1-20.fc26.src.rpm F gtatool-2.2.0-4.fc27.src.rpm imageinfo-0.05-25.fc26.src.rpm inkscape-0.92.1-5.20170510bzr15686.fc27.src.rpm kxstitch-1.2.0-7.fc26.src.rpm perl-Image-SubImageFind-0.03-11.fc27.src.rpm pfstools-2.0.6-1.fc27.src.rpm F php-magickwand-1.0.9.2-9.fc24.src.rpm F php-pecl-imagick-3.4.3-0.3.RC1.fc26.src.rpm psiconv-0.9.8-20.fc26.src.rpm q-7.11-27.fc27.src.rpm ripright-0.11-3.fc26.src.rpm rss-glx-0.9.1.p-29.fc26.src.rpm F rubygem-rmagick-2.16.0-3.fc26.src.rpm F synfig-1.2.0-5.fc27.src.rpm (boost issues) F synfigstudio-1.1.10-0.20160706gitd4e547.fc25.src.rpm (needs synfig) vdr-scraper2vdr-1.0.5-2.20170611git254122b.fc27.src.rpm vips-8.5.6-1.fc27.src.rpm WindowMaker-0.95.8-1.fc27.src.rpm F cuneiform (some c++ blowup) k3d
With that I think rawhide should be back on track.
If all looks well for a bit I guess I can try and do f25/f26.
kevin
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
I tagged this update now for Updates Testing for f25 & f26 as it is an urgent fix.
It is also in build root override so affected packages can now be rebuilt.
On 08/23/2017 07:32 PM, Moez Roy wrote:
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
I tagged this update now for Updates Testing for f25 & f26 as it is an urgent fix.
It is also in build root override so affected packages can now be rebuilt.
What you have done is out of line.
You've pushed a change that breaks packages and are dumping the work on others?
You've created an update with autopush enabled with only 1 positive karma required with -99 negative karma?
This is not appropriate behavior for releasing updates.
I have broken builds now that I'll have to spend time fixing.
I'm disabling autopush on your updates until rebuilds can be done. Please do not enable it.
On 08/23/2017 07:32 PM, Moez Roy wrote:
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
I tagged this update now for Updates Testing for f25 & f26 as it is an urgent fix.
It is also in build root override so affected packages can now be rebuilt.
Also, this is a huge no-no.
From ImageMagick.spec: # https://bugzilla.redhat.com/show_bug.cgi?id=1484578 & https://bugzilla.redhat.com/show_bug.cgi?id=1484579 ExcludeArch: s390x ppc64
Other packages build for those arches and now cannot be built because there is no ImageMagick package available now.
Le 24/08/2017 à 02:32, Moez Roy a écrit :
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Such a version bump in stable branch is not acceptable.
ImageMagick 7 removed lot of functions (deprecated in v6)
Especially as ImageMagick 6 is still maintained.
BTW, latest version 6.9.9-9 also have some API changes
- 6.9.6-8 => bump to .3 - 6.9.7-6 => bump to .4 - 6.9.9-0 => bump to .5
Yes, this package is a nightmare.
Remi
On Thu, 2017-08-24 at 06:44 +0200, Remi Collet wrote:
Le 24/08/2017 à 02:32, Moez Roy a écrit :
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Such a version bump in stable branch is not acceptable.
ImageMagick 7 removed lot of functions (deprecated in v6)
Especially as ImageMagick 6 is still maintained.
BTW, latest version 6.9.9-9 also have some API changes
- 6.9.6-8 => bump to .3
- 6.9.7-6 => bump to .4
- 6.9.9-0 => bump to .5
Yes, this package is a nightmare.
Note the versioning is a bit subtle. What was released upstream was 6.9.9-9 , which in our versioning would be 6.9.9.9 . Upstream *didn't* go from 6.9.8 to 6.9.9, but from 6.9.9-8 to 6.9.9-9. The package in Fedora before all this mess was versioned 6.9.9.3 , which I believe would be upstream's 6.9.9-3 , and I *think* there is no ABI/API incompatibility between 6.9.9-3 and 6.9.9-9. The soname in the 6.9.9.3 packages was already "libMagickCore-6.Q16.so.5()(64bit)".
Le 24/08/2017 à 08:58, Adam Williamson a écrit :
On Thu, 2017-08-24 at 06:44 +0200, Remi Collet wrote:
Le 24/08/2017 à 02:32, Moez Roy a écrit :
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Such a version bump in stable branch is not acceptable.
ImageMagick 7 removed lot of functions (deprecated in v6)
Especially as ImageMagick 6 is still maintained.
BTW, latest version 6.9.9-9 also have some API changes
- 6.9.6-8 => bump to .3
- 6.9.7-6 => bump to .4
- 6.9.9-0 => bump to .5
Yes, this package is a nightmare.
Note the versioning is a bit subtle. What was released upstream was 6.9.9-9 , which in our versioning would be 6.9.9.9 . Upstream *didn't* go from 6.9.8 to 6.9.9, but from 6.9.9-8 to 6.9.9-9. The package in Fedora before all this mess was versioned 6.9.9.3 , which I believe would be upstream's 6.9.9-3 , and I *think* there is no ABI/API incompatibility between 6.9.9-3 and 6.9.9-9. The soname in the 6.9.9.3 packages was already "libMagickCore-6.Q16.so.5()(64bit)".
Yes in F27+ (6.9.9.3)
F25/F26 have 6.9.3.0 (upstream 6.9.3-0) with libMagickCore-6.Q16.so.2 libMagickWand-6.Q16.so.2
Remi
On Thu, 2017-08-24 at 09:12 +0200, Remi Collet wrote:
Le 24/08/2017 à 08:58, Adam Williamson a écrit :
On Thu, 2017-08-24 at 06:44 +0200, Remi Collet wrote:
Le 24/08/2017 à 02:32, Moez Roy a écrit :
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Such a version bump in stable branch is not acceptable.
ImageMagick 7 removed lot of functions (deprecated in v6)
Especially as ImageMagick 6 is still maintained.
BTW, latest version 6.9.9-9 also have some API changes
- 6.9.6-8 => bump to .3
- 6.9.7-6 => bump to .4
- 6.9.9-0 => bump to .5
Yes, this package is a nightmare.
Note the versioning is a bit subtle. What was released upstream was 6.9.9-9 , which in our versioning would be 6.9.9.9 . Upstream *didn't* go from 6.9.8 to 6.9.9, but from 6.9.9-8 to 6.9.9-9. The package in Fedora before all this mess was versioned 6.9.9.3 , which I believe would be upstream's 6.9.9-3 , and I *think* there is no ABI/API incompatibility between 6.9.9-3 and 6.9.9-9. The soname in the 6.9.9.3 packages was already "libMagickCore-6.Q16.so.5()(64bit)".
Yes in F27+ (6.9.9.3)
F25/F26 have 6.9.3.0 (upstream 6.9.3-0) with libMagickCore-6.Q16.so.2 libMagickWand-6.Q16.so.2
Yep, I just looked back and saw that nirik built upstream 6.9.9-3 but hadn't actually sent it as an update, since it was an soname bump and all the necessary rebuilds weren't done yet :/
On 08/24/2017 08:19 AM, Adam Williamson wrote:
On Thu, 2017-08-24 at 09:12 +0200, Remi Collet wrote:
Le 24/08/2017 à 08:58, Adam Williamson a écrit :
On Thu, 2017-08-24 at 06:44 +0200, Remi Collet wrote:
Le 24/08/2017 à 02:32, Moez Roy a écrit :
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Such a version bump in stable branch is not acceptable.
ImageMagick 7 removed lot of functions (deprecated in v6)
Especially as ImageMagick 6 is still maintained.
BTW, latest version 6.9.9-9 also have some API changes
- 6.9.6-8 => bump to .3
- 6.9.7-6 => bump to .4
- 6.9.9-0 => bump to .5
Yes, this package is a nightmare.
Note the versioning is a bit subtle. What was released upstream was 6.9.9-9 , which in our versioning would be 6.9.9.9 . Upstream *didn't* go from 6.9.8 to 6.9.9, but from 6.9.9-8 to 6.9.9-9. The package in Fedora before all this mess was versioned 6.9.9.3 , which I believe would be upstream's 6.9.9-3 , and I *think* there is no ABI/API incompatibility between 6.9.9-3 and 6.9.9-9. The soname in the 6.9.9.3 packages was already "libMagickCore-6.Q16.so.5()(64bit)".
Yes in F27+ (6.9.9.3)
F25/F26 have 6.9.3.0 (upstream 6.9.3-0) with libMagickCore-6.Q16.so.2 libMagickWand-6.Q16.so.2
Yep, I just looked back and saw that nirik built upstream 6.9.9-3 but hadn't actually sent it as an update, since it was an soname bump and all the necessary rebuilds weren't done yet :/
Sigh. Yeah, I didn't want to push 7.x to even rawhide without investigation that all dependent packages were ready to move to it.
I was going to look at f25/f26 for a 6.x update, but I haven't had any time to get to it. ;( Would need a bunch of rebuilds and waiting in testing a while so 3rd parties could see it and rebuild at the very least.
kevin
On 08/24/2017 05:48 PM, Kevin Fenzi wrote:
I was going to look at f25/f26 for a 6.x update, but I haven't had any time to get to it. ;( Would need a bunch of rebuilds and waiting in testing a while so 3rd parties could see it and rebuild at the very least.
I think we're going to need an ABI compatibility package for the old soname. This serves a two fold purpose: a) if something in F25/F26 fails to rebuild against the new soname, it can keep using the compat package and doesn't block the whole ImageMagick update from going to stable, and b) we won't break 3rd parties code who might be shipping binaries linked with the old soname.
I'm happy to help with this too, both with rebuilds and putting together a compat package / reviewing it.
On Thursday, August 24, 2017 2:32:02 AM CEST Moez Roy wrote:
On Mon, Jul 31, 2017 at 12:13 PM, Kevin Fenzi kevin@scrye.com wrote:
ok, I rebuilt the following ones. The ones with F next to them failed to
build: autotrace-0.31.1-44.fc26.src.rpm converseen-0.9.6.2-1.fc27.src.rpm dmtx-utils-0.7.4-2.fc27.src.rpm drawtiming-0.7.1-20.fc26.src.rpm
F gtatool-2.2.0-4.fc27.src.rpm
imageinfo-0.05-25.fc26.src.rpm inkscape-0.92.1-5.20170510bzr15686.fc27.src.rpm kxstitch-1.2.0-7.fc26.src.rpm perl-Image-SubImageFind-0.03-11.fc27.src.rpm pfstools-2.0.6-1.fc27.src.rpm
F php-magickwand-1.0.9.2-9.fc24.src.rpm F php-pecl-imagick-3.4.3-0.3.RC1.fc26.src.rpm
psiconv-0.9.8-20.fc26.src.rpm q-7.11-27.fc27.src.rpm ripright-0.11-3.fc26.src.rpm rss-glx-0.9.1.p-29.fc26.src.rpm
F rubygem-rmagick-2.16.0-3.fc26.src.rpm F synfig-1.2.0-5.fc27.src.rpm
(boost issues)
F synfigstudio-1.1.10-0.20160706gitd4e547.fc25.src.rpm
(needs synfig) vdr-scraper2vdr-1.0.5-2.20170611git254122b.fc27.src.rpm vips-8.5.6-1.fc27.src.rpm WindowMaker-0.95.8-1.fc27.src.rpm
F cuneiform
(some c++ blowup) k3d
With that I think rawhide should be back on track.
If all looks well for a bit I guess I can try and do f25/f26.
kevin
The soname bump requires packages that depend on it need to be rebuilt, so I updated ImageMagick to 7.0.6-9.
Why are you updating it in stable Fedora then?
Two less serious problems with your changes:
- Please consider using commit messages that are useful for others.
- Please avoid committing unnecessary white-space changes. If you really think they are necessary, please commit them separately from any functional changes.
Thanks!
Kamil
I tagged this update now for Updates Testing for f25 & f26 as it is an urgent fix.
It is also in build root override so affected packages can now be rebuilt.