Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2

[Julien Lepiller <julien@lepiller.eu>]

[-- Attachment #1: Type: text/plain, Size: 3732 bytes --]

I don't think I understand the problem fully, but it looks like there is nothing wrong with the graft now that you symlinked tge library, so it's fine to keep the graft. Hopefully we can ungraft shortly during the "ungraftathon" next week :)

Le 19 mars 2021 05:40:45 GMT-04:00, "Léo Le Bouter" <lle-bout@zaclys.net> a écrit :
>Hello!
>
>See commit: 82e887ba48c2ba91b17aa9b6b17501e3e0ef4aef
>
>Following discussion around whether it is safe to graft and whether we
>should do so or not, first, I apologize for not doing as rigorous
>checking on this issue as I should have, and also requesting more peer-
>review, I initially believed those two ImageMagick version were ABI
>compatible with unchanged soname so it turns out it would be a rather
>uncontroversial graft to make but now it turns out we have a changed
>soname but whether it is binary (backwards) compatible or not remains a
>question.
>
>We had a user reporting that Inkscape stopped working after the graft (
>https://logs.guix.gnu.org/guix/2021-03-18.log#100200), after which we
>decided on IRC with rekado we might cheat by symlinking the shared
>libraries, which I've done in commit
>2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd, from a glance it didnt seem
>the soname change caused backwards incompatible changes but only
>forward incompatible changes.
>
>Let's see some abidiff output now:
>
>$ ./pre-inst-env guix environment --ad-hoc libabigail -- abidiff
>$(./pre-inst-env guix build --no-grafts imagemagick@6.9.11-48 | grep -v
>doc)/lib/libMagickCore-6.Q16.so.6 $(./pre-inst-env guix build 
>imagemagick@6.9.12-2g | grep -v doc)/lib/libMagickCore-6.Q16.so.7
>ELF SONAME changed
>Functions changes summary: 0 Removed, 0 Changed, 0 Added function
>Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
>Function symbols changes summary: 0 Removed, 0 Added function symbol
>not referenced by debug info
>Variable symbols changes summary: 0 Removed, 1 Added variable symbol
>not referenced by debug info
>
>SONAME changed from 'libMagickCore-6.Q16.so.6' to 'libMagickCore-
>6.Q16.so.7'
>
>1 Added variable symbol not referenced by debug info:
>
>  [A] .gomp_critical_user_analyzeImage
>
>
>$ ./pre-inst-env guix environment --ad-hoc libabigail -- abidiff
>$(./pre-inst-env guix build --no-grafts imagemagick@6.9.11-48 | grep -v
>doc)/lib/libMagick++-6.Q16.so.8 $(./pre-inst-env guix build 
>imagemagick@6.9.12-2g | grep -v doc)/lib/libMagick++-6.Q16.so.9
>ELF SONAME changed
>Functions changes summary: 0 Removed, 0 Changed, 0 Added function
>Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
>
>SONAME changed from 'libMagick++-6.Q16.so.8' to 'libMagick++-
>6.Q16.so.9'
>
>$ ./pre-inst-env guix environment --ad-hoc libabigail -- abidiff
>$(./pre-inst-env guix build --no-grafts imagemagick@6.9.11-48 | grep -v
>doc)/lib/libMagickWand-6.Q16.so.6 $(./pre-inst-env guix build 
>imagemagick@6.9.12-2g | grep -v doc)/lib/libMagickWand-6.Q16.so.7
>ELF SONAME changed
>Functions changes summary: 0 Removed, 0 Changed, 0 Added function
>Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
>
>SONAME changed from 'libMagickWand-6.Q16.so.6' to 'libMagickWand-
>6.Q16.so.7'
>
>Any more ABI diff-ing/testing, information, etc.. on whether this is
>safe or not is welcome, it sounds to me it could be fine but there is
>some amount of doubt still.
>
>If we can't graft ImageMagick we shall revert all commits and then it
>means we would have to apply patches for each and every CVE which can
>be tedious to create and maintain and to me leaving the package as-is
>without patching is not really OK :-/
>
>To graft or not to graft?
>
>Thank you,
>Léo

[-- Attachment #2: Type: text/html, Size: 4127 bytes --]