On Thu, Apr 11, 2024 at 01:48:18AM +0200, Fay Stegerman wrote: > Salsa is probably better for figuring out what to do next, but I get these > mails > too :)
:) > The libscout.jar has duplicate ZIP entries in the central directory, pointing > to > the same actual entry in the ZIP. So the "overlapped entries" error is > entirely > correct, even if it's not a zip bomb. ah! > unzip does seem to extract all the files, though it errors out. Not sure what > diffoscope should do here. This is definitely a broken ZIP file. That bug > should probably be reported against libscout or whatever tooling it used to > create that JAR. I agree it's more complicated, but fundamentally, diffoscope should *not* crash here! (but rather report the broken zip file.) thanks! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ I’ve said it once, and I’ll say it a thousand times: If the penalty for breaking a law is a fine, then that law only exists for the poor.
signature.asc
Description: PGP signature