Bug#935292: lintian: reporing-harness get stuck when lintian deadlocks
Control: retitle -1 lintian: encrypted zip files stall processing
Hi,
On Wed, Aug 21, 2019 at 4:27 AM Niels Thykier <niels@thykier.net> wrote:
>
> Below is the log from where
> lintian was manually killed by me on a stuck package
We have a new tag sieve that examines the archive. It is separate from
Lintian, and will be moved to a team location soon:
https://salsa.debian.org/lechner/taxiv
The tag sieve currently gets stuck on two packages that ship encrypted
zip files that require passwords. Archive::Zip apparently waits for
user input, although there is no prompt. The affected packages are:
androguard
fcrackzip
The following commands appear in the process table. Lintian will
resume processing when they are killed, but the condition should not
appear:
unzip -t /tmp/lintian-pool-isMSeQshki/pool/a/androguard/androguard_3.3.5-2_all_binary/unpacked/usr/share/doc/androguard/examples/malware/4e2201cde26141715255d2421f0bcfb1.zip
unzip -t /tmp/lintian-pool-x_RwncOeP5/pool/f/fcrackzip/fcrackzip_1.0-10_amd64_binary/unpacked/usr/share/doc/fcrackzip/examples/noradi.zip
This patch seemed plausible but did not work:
index 2142c92da..2322f4962 100644
--- a/lib/Lintian/Index/Java.pm
+++ b/lib/Lintian/Index/Java.pm
@@ -164,6 +164,10 @@ sub parse_jar {
next
if $member->isDirectory;
+ # prompts for password otherwise
+ next
+ if $member->isEncrypted;
+
# store for later processing
$manifest = $member
if $name =~ m@^META-INF/MANIFEST.MF$@oi;
The presence of an encrypted zip member should probably also trigger a tag.
Kind regards
Felix Lechner
Reply to: