On Thu, Apr 11, 2024 at 01:48:18AM +0200, Fay Stegerman wrote: > Salsa is probably better for figuring out what to do next, but I get these > mails > too :)
:)
> The libscout.jar has duplicate ZIP entries in the central directory, pointing
> to
> the same actual entry in the ZIP. So the "overlapped entries" error is
> entirely
> correct, even if it's not a zip bomb.
ah!
> unzip does seem to extract all the files, though it errors out. Not sure what
> diffoscope should do here. This is definitely a broken ZIP file. That bug
> should probably be reported against libscout or whatever tooling it used to
> create that JAR.
I agree it's more complicated, but fundamentally, diffoscope should *not* crash
here! (but rather report the broken zip file.)
thanks!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
I’ve said it once, and I’ll say it a thousand times: If the penalty for
breaking a law is a fine, then that law only exists for the poor.
signature.asc
Description: PGP signature
