From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id BQgZHCd1WGBQKwAA0tVLHw (envelope-from ) for ; Mon, 22 Mar 2021 10:44:55 +0000 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id mF1/Fyd1WGA4ewAA1q6Kng (envelope-from ) for ; Mon, 22 Mar 2021 10:44:55 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F30101689D for ; Mon, 22 Mar 2021 11:44:54 +0100 (CET) Received: from localhost ([::1]:40638 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lOI3K-00069V-2r for larch@yhetil.org; Mon, 22 Mar 2021 06:44:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34178) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOHoK-0002Es-6C for guix-devel@gnu.org; Mon, 22 Mar 2021 06:29:24 -0400 Received: from hera.aquilenet.fr ([2a0c:e300::1]:34138) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lOHoH-0005kg-1F for guix-devel@gnu.org; Mon, 22 Mar 2021 06:29:23 -0400 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 672E83FE; Mon, 22 Mar 2021 11:29:12 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tdZBCnzUtIhK; Mon, 22 Mar 2021 11:29:11 +0100 (CET) Received: from jurong (p200300dd5710fa00d100617c1be1ebbb.dip0.t-ipconnect.de [IPv6:2003:dd:5710:fa00:d100:617c:1be1:ebbb]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5889F2B4; Mon, 22 Mar 2021 11:29:07 +0100 (CET) Date: Mon, 22 Mar 2021 11:29:04 +0100 From: Andreas Enge To: =?iso-8859-15?B?TOlv?= Le Bouter Subject: Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2 Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spamd-Bar: / X-Rspamd-Server: hera X-Rspamd-Queue-Id: 672E83FE X-Spamd-Result: default: False [-0.50 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_RECIPIENTS(2.00)[lle-bout@zaclys.net ..,andreas.enge@aquilenet.fr ...]; RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-3.00)[100.00%] Received-SPF: neutral client-ip=2a0c:e300::1; envelope-from=andreas@enge.fr; helo=hera.aquilenet.fr X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_NEUTRAL=0.779 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616409895; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lbDMbccM0rqgeDN2xTimPeX8U3aZP7W/ZT5xRIzAYTk=; b=mx7Ed/3MDWUphwPG6ymE+LWu086hbgCDGfuR9jrSqqtV366+KbgnhcXYrLg7paFDbHRbhK 6yXua4pcavNrc3JVcHMDk7kSznE31d1df6i4zanLJyNgyEXf14dFc3Jxy4llo3IpHlphvc aGbxKoriOXaCFDAitx1aGKHT+gFZUBkuhBnl+FoZp303zGzzhxDSZ7sVB5YwsWzb73IEfG RTTNywfeCT1rLTI/szjM8FUQvvth4MTpCp1bKYQNdmyfZHPdljjZYbvNsCVR8ZH6sVmthW i1NWDVUHNPh43SCUV+HhWDw6W1INUi1ni16571RB20Ur43MYNPK1+OfvJ3PtyQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616409895; a=rsa-sha256; cv=none; b=SesF+raEoak5Ud51VJYMilpzuB4u7UUocJvgjfmrFbGJ0kimErHjmLQjF9lMUBsyS11x3P yGvWgEp9i9jUMi+WYsYOj6cWyzIDpF7W8oKF/zJtF116GTbmRSxbOw5EV+p5L9DiSt9Jqx dMM+x1Xa3L+d4QPBc2nbt/WvYqcLlF6fUlbNqb4bxl2CLJ7jTb+CGIqzNfZH+jR4hgSS6O awzMb5XzwK56IEdeajJgQSPfkWcOVhGLeC6h/I1Zorsnouc8HLkpuLvBFBGOLFIel8g2qT Gm3yx/bI5RKGdN0fqhH9Vkr5tw3aM3qzwZl6izTPNw7U7C4iXIGC6DOVYdk9vA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -1.92 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: F30101689D X-Spam-Score: -1.92 X-Migadu-Scanner: scn0.migadu.com X-TUID: bEj8tqArFe02 Am Fri, Mar 19, 2021 at 10:40:45AM +0100 schrieb Léo Le Bouter: > We had a user reporting that Inkscape stopped working after the graft ( > https://logs.guix.gnu.org/guix/2021-03-18.log#100200), after which we > decided on IRC with rekado we might cheat by symlinking the shared > libraries, which I've done in commit > 2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd, from a glance it didnt seem > the soname change caused backwards incompatible changes but only > forward incompatible changes. It happens I just wanted to use inkscape, started submitting a bug report: https://issues.guix.gnu.org/47315 and ended up realising that this is exactly the issue discussed on guix-devel. I cannot afford a "guix pull" right now, since with https://issues.guix.gnu.org/31719 this might mean a download of a few gigabytes, so I did not check whether the symlinking fix does work. But honestly, this feels like piling a cludge (symlinking) onto a cludge (grafting), and that we are not in the high quality approach for which I appreciate Guix. Personally, I would suggest to revert the commits. If the CVE is sufficiently important (it would be useful if the commit log or the diff itself contained its number), maybe we can update the imagemagick version on the wip-release branch, which is supposed to be built soon and merged back to master? And please let us agree that in the future, we only backport fixes in grafts and do not update version numbers. Andreas