From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eCZxMUaHVGCWCgAA0tVLHw (envelope-from ) for ; Fri, 19 Mar 2021 11:13:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id iItVLUaHVGAgMwAA1q6Kng (envelope-from ) for ; Fri, 19 Mar 2021 11:13:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 761A31801D for ; Fri, 19 Mar 2021 12:13:10 +0100 (CET) Received: from localhost ([::1]:36964 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lND41-0004b9-KS for larch@yhetil.org; Fri, 19 Mar 2021 07:13:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60386) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lND3n-0004Za-SU for guix-devel@gnu.org; Fri, 19 Mar 2021 07:12:56 -0400 Received: from lepiller.eu ([2a00:5884:8208::1]:34506) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lND3i-0001gN-Ey for guix-devel@gnu.org; Fri, 19 Mar 2021 07:12:55 -0400 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id eff6878c; Fri, 19 Mar 2021 11:12:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=znLwofeZVNOKGFGI3z9ScbsFCfIl5JbieiluVbhsHMI=; b=RVHe7SxECzse H7gum8dfXSK/TFY7jdLG4onMAPmFJ3W/bYsjKpIN7PKJ5lNPEYV9UNcwUh+utkM0 /P6vSUkOwfUcBLxMTsu8nkRsplJpcgmjWyBExrB9j4TNraHCFg4DW6PJS6RBKwKU hYGwr6KhF15xBzBsVZqVXo1fIYbMs1pv+CchjnAXEK53BEEBldmoFHBtSPnbO3hw Xm0dh8rAamIe3460QNQaFs33J8Y5fG6fu2RcZYOLsN0usPMqFNLG/ApX4HZoHEFw AmEGfpEJUZPjX/S5m68wBToKW6PXhXr+CEv+HuACncekWq6NUbxvkjNX68r6x9rj YErUTJMFUQ== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 60750e5c (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Fri, 19 Mar 2021 11:12:45 +0000 (UTC) Date: Fri, 19 Mar 2021 07:12:38 -0400 User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----N8G1HV6LBEY0UUPXMSWLR3OJM1VYIB" Content-Transfer-Encoding: 7bit Subject: Re: imagemagick@6.9.11-48 to graft or not to graft with 6.9.12-2 To: guix-devel@gnu.org,=?ISO-8859-1?Q?L=E9o_Le_Bouter?= From: Julien Lepiller Message-ID: <981303C0-4E8D-4D3F-B2C1-1392D323DC03@lepiller.eu> Received-SPF: pass client-ip=2a00:5884:8208::1; envelope-from=julien@lepiller.eu; helo=lepiller.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1616152390; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=HVthnkt8gXpMYgVbzyi6765szNioCasxA4VKAu1sQYw=; b=okPOgqIMDfHGQdQ00KzreUn5h9PuzdtoiZo/u3ncl8Z3ACtznKEWjLAlhiZeF4+HD7WhMz +KIgIImaCy0XDmL0D6oqcBArDnCWR58LNPJQiqFGfKOAPmEoChZewSV+whvlXWdbsOr74y XVlom7n5ZoR8fQjIomeIvbm60OsTmNeEn09oCBjjoQ5dpUXHCZzaTWiaWE/zL6k/57VENC xojt5i7qsSOowmetIkqXNgm+hiBWkYB+K6dIG5KY0aqPp1vGrPGve8jV7Nu2ufM9tTHKDO t4JjjWt+LpbqfpuNhGAE8FYTslSt4+Dk/nlZQwrEtdQyHj4Yiv8KR47LsKP/HQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1616152390; a=rsa-sha256; cv=none; b=fEkdKJ93S4JfIZ+5kk3AW17psIqeYDwLyvc6TXPl/ncfliNGxAlDmYouglM5XMnYICvflK pD2uDZU3IMgFe2nSm3gpr5nyr2/PDUS0OraJBwH/Mb6OqGM7RFXV8JPuwBDHqhSqJ09dn0 UL+2toKdKkcCh4Zgw+5yMzHvgN8aZT1uX5NhqdyFaWQBo5rn9GApGn4P7D5sVGgRMx/rdq ZV/MrSy9ogFT5dFA3Rei8ojt9hS+CeJVBxUdRtgycEV7uco/m5tTWODmlalcVf653/zWza 0Fit3YaS3tjiM/N/tTmW4jh27NdurdtA5IftUN9TY3oPb+S1M5M8AfvUxYsZAQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=lepiller.eu header.s=dkim header.b=RVHe7SxE; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.11 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=lepiller.eu header.s=dkim header.b=RVHe7SxE; dmarc=pass (policy=none) header.from=lepiller.eu; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 761A31801D X-Spam-Score: -2.11 X-Migadu-Scanner: scn0.migadu.com X-TUID: Dbe1pDrwa9gX ------N8G1HV6LBEY0UUPXMSWLR3OJM1VYIB Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I don't think I understand the problem fully, but it looks like there is no= thing wrong with the graft now that you symlinked tge library, so it's fine= to keep the graft=2E Hopefully we can ungraft shortly during the "ungrafta= thon" next week :) Le 19 mars 2021 05:40:45 GMT-04:00, "L=C3=A9o Le Bouter" a =C3=A9crit : >Hello! > >See commit: 82e887ba48c2ba91b17aa9b6b17501e3e0ef4aef > >Following discussion around whether it is safe to graft and whether we >should do so or not, first, I apologize for not doing as rigorous >checking on this issue as I should have, and also requesting more peer- >review, I initially believed those two ImageMagick version were ABI >compatible with unchanged soname so it turns out it would be a rather >uncontroversial graft to make but now it turns out we have a changed >soname but whether it is binary (backwards) compatible or not remains a >question=2E > >We had a user reporting that Inkscape stopped working after the graft ( >https://logs=2Eguix=2Egnu=2Eorg/guix/2021-03-18=2Elog#100200), after whic= h we >decided on IRC with rekado we might cheat by symlinking the shared >libraries, which I've done in commit >2e0ff59f0cd836b156f1ef2e78791d864ce3cfcd, from a glance it didnt seem >the soname change caused backwards incompatible changes but only >forward incompatible changes=2E > >Let's see some abidiff output now: > >$ =2E/pre-inst-env guix environment --ad-hoc libabigail -- abidiff >$(=2E/pre-inst-env guix build --no-grafts imagemagick@6=2E9=2E11-48 | gre= p -v >doc)/lib/libMagickCore-6=2EQ16=2Eso=2E6 $(=2E/pre-inst-env guix build=20 >imagemagick@6=2E9=2E12-2g | grep -v doc)/lib/libMagickCore-6=2EQ16=2Eso= =2E7 >ELF SONAME changed >Functions changes summary: 0 Removed, 0 Changed, 0 Added function >Variables changes summary: 0 Removed, 0 Changed, 0 Added variable >Function symbols changes summary: 0 Removed, 0 Added function symbol >not referenced by debug info >Variable symbols changes summary: 0 Removed, 1 Added variable symbol >not referenced by debug info > >SONAME changed from 'libMagickCore-6=2EQ16=2Eso=2E6' to 'libMagickCore- >6=2EQ16=2Eso=2E7' > >1 Added variable symbol not referenced by debug info: > > [A] =2Egomp_critical_user_analyzeImage > > >$ =2E/pre-inst-env guix environment --ad-hoc libabigail -- abidiff >$(=2E/pre-inst-env guix build --no-grafts imagemagick@6=2E9=2E11-48 | gre= p -v >doc)/lib/libMagick++-6=2EQ16=2Eso=2E8 $(=2E/pre-inst-env guix build=20 >imagemagick@6=2E9=2E12-2g | grep -v doc)/lib/libMagick++-6=2EQ16=2Eso=2E9 >ELF SONAME changed >Functions changes summary: 0 Removed, 0 Changed, 0 Added function >Variables changes summary: 0 Removed, 0 Changed, 0 Added variable > >SONAME changed from 'libMagick++-6=2EQ16=2Eso=2E8' to 'libMagick++- >6=2EQ16=2Eso=2E9' > >$ =2E/pre-inst-env guix environment --ad-hoc libabigail -- abidiff >$(=2E/pre-inst-env guix build --no-grafts imagemagick@6=2E9=2E11-48 | gre= p -v >doc)/lib/libMagickWand-6=2EQ16=2Eso=2E6 $(=2E/pre-inst-env guix build=20 >imagemagick@6=2E9=2E12-2g | grep -v doc)/lib/libMagickWand-6=2EQ16=2Eso= =2E7 >ELF SONAME changed >Functions changes summary: 0 Removed, 0 Changed, 0 Added function >Variables changes summary: 0 Removed, 0 Changed, 0 Added variable > >SONAME changed from 'libMagickWand-6=2EQ16=2Eso=2E6' to 'libMagickWand- >6=2EQ16=2Eso=2E7' > >Any more ABI diff-ing/testing, information, etc=2E=2E on whether this is >safe or not is welcome, it sounds to me it could be fine but there is >some amount of doubt still=2E > >If we can't graft ImageMagick we shall revert all commits and then it >means we would have to apply patches for each and every CVE which can >be tedious to create and maintain and to me leaving the package as-is >without patching is not really OK :-/ > >To graft or not to graft? > >Thank you, >L=C3=A9o ------N8G1HV6LBEY0UUPXMSWLR3OJM1VYIB Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable I don't think I understand the problem fully, but = it looks like there is nothing wrong with the graft now that you symlinked = tge library, so it's fine to keep the graft=2E Hopefully we can ungraft sho= rtly during the "ungraftathon" next week :)

Le 19 mars 2021 05:40:45 GMT-04:00, "L=C3=A9o Le Bouter" <lle-bout@za= clys=2Enet> a =C3=A9crit :
Hello!

See commit: 82e887ba48c2ba91b17aa9b6b1= 7501e3e0ef4aef

Following discussion around whether it is safe to gra= ft and whether we
should do so or not, first, I apologize for not doing = as rigorous
checking on this issue as I should have, and also requesting= more peer-
review, I initially believed those two ImageMagick version w= ere ABI
compatible with unchanged soname so it turns out it would be a r= ather
uncontroversial graft to make but now it turns out we have a chang= ed
soname but whether it is binary (backwards) compatible or not remains= a
question=2E

We had a user reporting that Inkscape stopped work= ing after the graft (
https://logs=2Eguix=2Egnu=2Eorg/guix/2021-03-18=2E= log#100200), after which we
decided on IRC with rekado we might chea= t by symlinking the shared
libraries, which I've done in commit
2e0ff= 59f0cd836b156f1ef2e78791d864ce3cfcd, from a glance it didnt seem
the son= ame change caused backwards incompatible changes but only
forward incomp= atible changes=2E

Let's see some abidiff output now:

$ =2E/pr= e-inst-env guix environment --ad-hoc libabigail -- abidiff
$(=2E/pre-ins= t-env guix build --no-grafts imagemagick@6=2E9=2E11-48 | grep -v
doc)/li= b/libMagickCore-6=2EQ16=2Eso=2E6 $(=2E/pre-inst-env guix build
imagemag= ick@6=2E9=2E12-2g | grep -v doc)/lib/libMagickCore-6=2EQ16=2Eso=2E7
ELF = SONAME changed
Functions changes summary: 0 Removed, 0 Changed, 0 Added = function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variab= le
Function symbols changes summary: 0 Removed, 0 Added function symbol<= br>not referenced by debug info
Variable symbols changes summary: 0 Remo= ved, 1 Added variable symbol
not referenced by debug info

SONAME = changed from 'libMagickCore-6=2EQ16=2Eso=2E6' to 'libMagickCore-
6=2EQ16= =2Eso=2E7'

1 Added variable symbol not referenced by debug info:
=
[A] =2Egomp_critical_user_analyzeImage


$ =2E/pre-inst-env = guix environment --ad-hoc libabigail -- abidiff
$(=2E/pre-inst-env guix = build --no-grafts imagemagick@6=2E9=2E11-48 | grep -v
doc)/lib/libMagick= ++-6=2EQ16=2Eso=2E8 $(=2E/pre-inst-env guix build
imagemagick@6=2E9=2E1= 2-2g | grep -v doc)/lib/libMagick++-6=2EQ16=2Eso=2E9
ELF SONAME changed<= br>Functions changes summary: 0 Removed, 0 Changed, 0 Added function
Var= iables changes summary: 0 Removed, 0 Changed, 0 Added variable

SONAM= E changed from 'libMagick++-6=2EQ16=2Eso=2E8' to 'libMagick++-
6=2EQ16= =2Eso=2E9'

$ =2E/pre-inst-env guix environment --ad-hoc libabigail -= - abidiff
$(=2E/pre-inst-env guix build --no-grafts imagemagick@6=2E9=2E= 11-48 | grep -v
doc)/lib/libMagickWand-6=2EQ16=2Eso=2E6 $(=2E/pre-inst-e= nv guix build
imagemagick@6=2E9=2E12-2g | grep -v doc)/lib/libMagickWan= d-6=2EQ16=2Eso=2E7
ELF SONAME changed
Functions changes summary: 0 Re= moved, 0 Changed, 0 Added function
Variables changes summary: 0 Removed,= 0 Changed, 0 Added variable

SONAME changed from 'libMagickWand-6=2E= Q16=2Eso=2E6' to 'libMagickWand-
6=2EQ16=2Eso=2E7'

Any more ABI d= iff-ing/testing, information, etc=2E=2E on whether this is
safe or not i= s welcome, it sounds to me it could be fine but there is
some amount of = doubt still=2E

If we can't graft ImageMagick we shall revert all com= mits and then it
means we would have to apply patches for each and every= CVE which can
be tedious to create and maintain and to me leaving the p= ackage as-is
without patching is not really OK :-/

To graft or no= t to graft?

Thank you,
L=C3=A9o
------N8G1HV6LBEY0UUPXMSWLR3OJM1VYIB--