Bug 6561

Funda Wang updated the package in Cauldron.

Version: Cauldron => 2
Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO

Patched package uploaded for Mageia 1 and Mageia 2.

I'm not sure how to test for this issue specifically.

Advisory:
========================

Updated graphicsmagick packages fix security vulnerability:

This update fixes a security issue in the SetImageAttribute function in
magick/attribute.c related to translating comment and label attributes
when loading images.  It was fixed upstream in GraphicsMagick 1.3.16.

References:
http://www.graphicsmagick.org/NEWS.html#june-24-2012
========================

Updated packages in core/updates_testing:
========================
graphicsmagick-1.3.12-3.1.mga1
libgraphicsmagick3-1.3.12-3.1.mga1
libgraphicsmagickwand2-1.3.12-3.1.mga1
libgraphicsmagick-devel-1.3.12-3.1.mga1
perl-Graphics-Magick-1.3.12-3.1.mga1
graphicsmagick-doc-1.3.12-3.1.mga1
graphicsmagick-1.3.13-1.2.mga2
libgraphicsmagick3-1.3.13-1.2.mga2
libgraphicsmagickwand2-1.3.13-1.2.mga2
libgraphicsmagick-devel-1.3.13-1.2.mga2
perl-Graphics-Magick-1.3.13-1.2.mga2
graphicsmagick-doc-1.3.13-1.2.mga2

from SRPMS:
graphicsmagick-1.3.12-3.1.mga1.src.rpm
graphicsmagick-1.3.13-1.2.mga2.src.rpm

Assignee: bugsquad => qa-bugs

Carolyn provided a testing procedure for graphicsmagick: 
https://wiki.mageia.org/en/QA_procedure:GraphicsMagick

CC: (none) => stormi

Testing complete for Mageia 1 32.

Whiteboard: MGA1TOO has_procedure => MGA1TOO has_procedure MGA1-32-OK

Test complete for Mageia 1 64.

Whiteboard: MGA1TOO has_procedure MGA1-32-OK => MGA1TOO has_procedure MGA1-32-OK MGA1-64-OK

Testing on Mageia 2 32 bits. 

Using gm in CLI works fine, but I can't use perl-Graphics-Magick.

The following script has the following output

[live@localhost ~]$ cat test.pl
#!/usr/local/bin/perl
# taken from http://www.graphicsmagick.org/perl.html#example-script
use Graphics::Magick;
my($image, $status);
$image = Graphics::Magick->new;
$status = $image->Read('filename.jpg', 'filename1.jpg', 'filename2.png');
warn "$status" if "$status";
$status = $image->Write('x.gif');
warn "$status" if "$status";
[live@localhost ~]$ perl test.pl
perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.14.2/i386-linux-thread-multi/auto/Graphics/Magick/Magick.so: undefined symbol: InitializeMagick

It's not a regression, but any idea of where it comes from and would you like to fix it before pushing the update?

Testing on Mageia 2 

Confirm stormi's findings for the perl module.

$ perl test.pl 
perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so: undefined symbol: InitializeMagick

Changed #!/usr/local/bin/perl to #!/usr/bin/perl in case it made any difference but it doesn't.

Everything else is OK

Mageia 2 64 above

$ perl -e ' use Graphics::Magick;'
perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so: undefined symbol: InitializeMagick

Maybe the output of this command from a Mageia 2 would help:
ldd /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so

I don't see a reason to rush this update, so we should get this fixed.

It looks like a linking problem, but I don't know how to fix it.  Hopefully Olivier can help :o)

(In reply to comment #10)
> Maybe the output of this command from a Mageia 2 would help:
> ldd
> /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so

[samuel@localhost ~]$ ldd /usr/lib/perl5/vendor_perl/5.14.2/i386-linux-thread-multi/auto/Graphics/Magick/Magick.so
        linux-gate.so.1 =>  (0xffffe000)
        libm.so.6 => /lib/i686/libm.so.6 (0xb768e000)
        libpthread.so.0 => /lib/i686/libpthread.so.0 (0xb7674000)
        libc.so.6 => /lib/i686/libc.so.6 (0xb74f6000)
        /lib/ld-linux.so.2 (0xb76f3000)

The perl module was indeed broken: tested in cauldron, and this was likely the case in previous versions.
Worse, it did not even build (or actually, link).

Fixed in graphicsmagick-1.3.16-2.mga3.x86_64
You should probably backport this fix for stable releases.

Thanks Olivier!  Fix backported.

Advisory:
========================

Updated graphicsmagick packages fix security vulnerability:

This update fixes a security issue in the SetImageAttribute function in
magick/attribute.c related to translating comment and label attributes
when loading images.  It was fixed upstream in GraphicsMagick 1.3.16.

Also, the graphicsmagick perl module was not working because it had not
been linked against the graphicsmagick library.  This has been fixed.

References:
http://www.graphicsmagick.org/NEWS.html#june-24-2012
========================

Updated packages in core/updates_testing:
========================
graphicsmagick-1.3.12-3.2.mga1
libgraphicsmagick3-1.3.12-3.2.mga1
libgraphicsmagickwand2-1.3.12-3.2.mga1
libgraphicsmagick-devel-1.3.12-3.2.mga1
perl-Graphics-Magick-1.3.12-3.2.mga1
graphicsmagick-doc-1.3.12-3.2.mga1
graphicsmagick-1.3.13-1.3.mga2
libgraphicsmagick3-1.3.13-1.3.mga2
libgraphicsmagickwand2-1.3.13-1.3.mga2
libgraphicsmagick-devel-1.3.13-1.3.mga2
perl-Graphics-Magick-1.3.13-1.3.mga2
graphicsmagick-doc-1.3.13-1.3.mga2

from SRPMS:
graphicsmagick-1.3.12-3.2.mga1.src.rpm
graphicsmagick-1.3.13-1.3.mga2.src.rpm

ok, let's test again Mageia 2!

Whiteboard: MGA1TOO has_procedure MGA1-32-OK MGA1-64-OK MGA2-32-OK? MGA2-64-OK? => MGA1TOO has_procedure MGA1-32-OK MGA1-64-OK

Testing x86_64

# rpm -qa | grep -i magick | grep -i graphics
perl-Graphics-Magick-1.3.13-1.3.mga2
lib64graphicsmagickwand2-1.3.13-1.3.mga2
lib64graphicsmagick3-1.3.13-1.3.mga2
graphicsmagick-1.3.13-1.3.mga2

$ perl -e 'use Graphics::Magick'
perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so: undefined symbol: InitializeMagick

$ perl test.pl
perl: symbol lookup error: /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so: undefined symbol: InitializeMagick

I don't think the fix has worked unfortunately David.

# ldd /usr/lib/perl5/vendor_perl/5.14.2/x86_64-linux-thread-multi/auto/Graphics/Magick/Magick.so
        linux-vdso.so.1 =>  (0x00007fff19130000)
        libm.so.6 => /lib64/libm.so.6 (0x00007fa6d265c000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa6d2440000)
        libc.so.6 => /lib64/libc.so.6 (0x00007fa6d20b3000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fa6d2b2f000)

I used the exact same patch on Mageia 2 as Olivier commited to Cauldron.

Is this really fixed in Cauldron?

I've at least tested that this command works in Cauldron with the locally built Magick.so: perl -e 'use Graphics::Magick'

(In reply to comment #20)
> I've at least tested that this command works in Cauldron with the locally built
> Magick.so: perl -e 'use Graphics::Magick'

Building it with your patch on Mageia 2, I get the undefined symbol error when I try that.

(In reply to comment #21)
> (In reply to comment #20)
> > I've at least tested that this command works in Cauldron with the locally built
> > Magick.so: perl -e 'use Graphics::Magick'
> 
> Building it with your patch on Mageia 2, I get the undefined symbol error when
> I try that.

OK, I see the problem.  Someone deleted the linkage_fix patch before Mageia 2.  That's why it's still broken.  I have the fix locally, I'll upload it as soon as the Mageia infrastructure is accessible again from here.

Fix confirmed locally and uploaded for Mageia 2.

Advisory:
========================

Updated graphicsmagick packages fix security vulnerability:

This update fixes a security issue in the SetImageAttribute function in
magick/attribute.c related to translating comment and label attributes
when loading images.  It was fixed upstream in GraphicsMagick 1.3.16.

Also, the graphicsmagick perl module was not working on Mageia 2 because
it had not been linked against the graphicsmagick library.  This has been
fixed.

References:
http://www.graphicsmagick.org/NEWS.html#june-24-2012
========================

Updated packages in core/updates_testing:
========================
graphicsmagick-1.3.12-3.2.mga1
libgraphicsmagick3-1.3.12-3.2.mga1
libgraphicsmagickwand2-1.3.12-3.2.mga1
libgraphicsmagick-devel-1.3.12-3.2.mga1
perl-Graphics-Magick-1.3.12-3.2.mga1
graphicsmagick-doc-1.3.12-3.2.mga1
graphicsmagick-1.3.13-1.4.mga2
libgraphicsmagick3-1.3.13-1.4.mga2
libgraphicsmagickwand2-1.3.13-1.4.mga2
libgraphicsmagick-devel-1.3.13-1.4.mga2
perl-Graphics-Magick-1.3.13-1.4.mga2
graphicsmagick-doc-1.3.13-1.4.mga2

from SRPMS:
graphicsmagick-1.3.12-3.2.mga1.src.rpm
graphicsmagick-1.3.13-1.4.mga2.src.rpm

Testing complete on Mageia 2 32 bits.

Whiteboard: MGA1TOO has_procedure MGA1-32-OK MGA1-64-OK => MGA1TOO has_procedure MGA1-32-OK MGA1-64-OK MGA2-32-OK

That fixed it, thanks guys.

Testing complete x86_64

Validating

Advisory and srpms in comment 23

Sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Hardware: i586 => All

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0192

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED