[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#858006: marked as done (unblock: strip-nondeterminism/0.032-1)

Your message dated Fri, 17 Mar 2017 18:02:20 +0000
with message-id <E1cowCi-0002dv-Q7@respighi.debian.org>
and subject line unblock strip-nondeterminism
has caused the Debian Bug report #858006,
regarding unblock: strip-nondeterminism/0.032-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
858006: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858006
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org

Dear Release Team,

Please consider unblocking strip-nondetermism 0.032-1. The relevant
changelog entry is:

    strip-nondeterminism (0.032-1) unstable; urgency=medium

      * Add support for testing files we should reject.
      * Fix a possible endless loop while stripping ar files due to trusting the
        file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org)
        for the report, patch and testcase. (Closes: #857975)

     -- Chris Lamb <lamby@debian.org>  Fri, 17 Mar 2017 09:25:53 +0100


Debdiff is attached. The actual code change is 2 lines but I also add
a test to catch this case in the future.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

commit 870b156af25d77b4924725a22b59f3796bdbcd7b
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Mar 17 09:25:59 2017 +0100

    Update changelog for 0.032-1 release

diff --git a/debian/changelog b/debian/changelog
index 48836c5..1b08d40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strip-nondeterminism (0.032-1) unstable; urgency=medium
+
+  * Add support for testing files we should reject.
+  * Fix a possible endless loop while stripping ar files due to trusting the
+    file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org)
+    for the report, patch and testcase. (Closes: #857975)
+
+ -- Chris Lamb <lamby@debian.org>  Fri, 17 Mar 2017 09:25:53 +0100
+
 strip-nondeterminism (0.031-1) unstable; urgency=medium
 
   * Don't test for stat(2) blksize and blocks; they are filesystem-specific and

commit 2706778314fc7bd0184ba2b90c04258b28d73970
Merge: 5e27d49 76ad240
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Mar 17 09:25:28 2017 +0100

    Merge tag '0.032' into debian
    
    Release 0.032
    
    * tag '0.032':
      Release 0.032
      Fix a possible endless loop while stripping ar files due to trusting the file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org) for the report, patch and testcase. (Closes: #857975)
      Add support for testing files we should reject.

commit 76ad240d64845363f477f9172e737f34a5f1a93e
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Mar 17 09:25:00 2017 +0100

    Release 0.032

diff --git a/lib/File/StripNondeterminism.pm b/lib/File/StripNondeterminism.pm
index ef25742..a9eb309 100644
--- a/lib/File/StripNondeterminism.pm
+++ b/lib/File/StripNondeterminism.pm
@@ -34,7 +34,7 @@ use File::StripNondeterminism::handlers::zip;
 
 our($VERSION, $canonical_time, $clamp_time);
 
-$VERSION = '0.031'; # 0.031
+$VERSION = '0.032'; # 0.032
 
 sub init {
 	$ENV{'TZ'} = 'UTC';

commit 083b174c7c9245fed90af61ca8c001c8ead1b6d7
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Mar 17 09:19:25 2017 +0100

    Fix a possible endless loop while stripping ar files due to trusting the file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org) for the report, patch and testcase. (Closes: #857975)
    
    Signed-off-by: Chris Lamb <lamby@debian.org>

diff --git a/lib/File/StripNondeterminism/handlers/ar.pm b/lib/File/StripNondeterminism/handlers/ar.pm
index 660fa8f..08a1925 100644
--- a/lib/File/StripNondeterminism/handlers/ar.pm
+++ b/lib/File/StripNondeterminism/handlers/ar.pm
@@ -65,6 +65,10 @@ sub normalize {
 
 		my $file_mode = oct(substr($buf, 40, 8));
 		my $file_size = substr($buf, 48, 10);
+
+		die "Incorrect file size"
+		  if $file_size < 1;
+
 		seek $fh, $file_header_start + 16, SEEK_SET;
 
 		# mtime
diff --git a/t/failures/ar/857975.a b/t/failures/ar/857975.a
new file mode 100644
index 0000000..dfb8a49
--- /dev/null
+++ b/t/failures/ar/857975.a
@@ -0,0 +1,2 @@
+!<arch>
+/               0           0     0     644     -60       `

commit 9a230af32229bd45dee0eb0794792c60369b7e2c
Author: Chris Lamb <lamby@debian.org>
Date:   Fri Mar 17 09:17:49 2017 +0100

    Add support for testing files we should reject.

diff --git a/t/failures.t b/t/failures.t
new file mode 100644
index 0000000..44ae11d
--- /dev/null
+++ b/t/failures.t
@@ -0,0 +1,49 @@
+#!perl
+
+#
+# Copyright 2017 Chris Lamb <lamby@debian.org>
+#
+# This file is part of strip-nondeterminism.
+#
+# strip-nondeterminism is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# strip-nondeterminism is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with strip-nondeterminism.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+use strict;
+use warnings;
+
+use File::Basename qw(basename);
+use File::Copy qw(copy);
+use File::Temp qw(tempdir);
+use File::StripNondeterminism;
+use Test::More;
+
+File::StripNondeterminism::init();
+
+my $temp = tempdir( CLEANUP => 1 );
+my @failures = glob('t/failures/*/*');
+
+plan tests => scalar @failures;
+
+foreach my $filename (@failures) {
+	my $in = $temp . "/" . basename($filename);
+	copy($filename, $in) or die "Copy failed: $!";
+
+	eval {
+		my $normalizer = File::StripNondeterminism::get_normalizer_for_file($in);
+		$normalizer->($in);
+	};
+	ok($@ ne "");
+}
+
+done_testing;

--- End Message ---
--- Begin Message --- 
Unblocked strip-nondeterminism.

--- End Message ---
Reply to: