Package: release.debian.org
User: release.debian....@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: reproducible-builds@lists.alioth.debian.org
Dear Release Team,
Please consider unblocking strip-nondetermism 0.032-1. The relevant
changelog entry is:
strip-nondeterminism (0.032-1) unstable; urgency=medium
* Add support for testing files we should reject.
* Fix a possible endless loop while stripping ar files due to trusting the
file's file size data. Thanks to Tobias Stoeckmann
(tob...@stoeckmann.org)
for the report, patch and testcase. (Closes: #857975)
-- Chris Lamb <la...@debian.org> Fri, 17 Mar 2017 09:25:53 +0100
Debdiff is attached. The actual code change is 2 lines but I also add
a test to catch this case in the future.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
commit 870b156af25d77b4924725a22b59f3796bdbcd7b
Author: Chris Lamb <la...@debian.org>
Date: Fri Mar 17 09:25:59 2017 +0100
Update changelog for 0.032-1 release
diff --git a/debian/changelog b/debian/changelog
index 48836c5..1b08d40 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+strip-nondeterminism (0.032-1) unstable; urgency=medium
+
+ * Add support for testing files we should reject.
+ * Fix a possible endless loop while stripping ar files due to trusting the
+ file's file size data. Thanks to Tobias Stoeckmann (tob...@stoeckmann.org)
+ for the report, patch and testcase. (Closes: #857975)
+
+ -- Chris Lamb <la...@debian.org> Fri, 17 Mar 2017 09:25:53 +0100
+
strip-nondeterminism (0.031-1) unstable; urgency=medium
* Don't test for stat(2) blksize and blocks; they are filesystem-specific and
commit 2706778314fc7bd0184ba2b90c04258b28d73970
Merge: 5e27d49 76ad240
Author: Chris Lamb <la...@debian.org>
Date: Fri Mar 17 09:25:28 2017 +0100
Merge tag '0.032' into debian
Release 0.032
* tag '0.032':
Release 0.032
Fix a possible endless loop while stripping ar files due to trusting the
file's file size data. Thanks to Tobias Stoeckmann (tob...@stoeckmann.org) for
the report, patch and testcase. (Closes: #857975)
Add support for testing files we should reject.
commit 76ad240d64845363f477f9172e737f34a5f1a93e
Author: Chris Lamb <la...@debian.org>
Date: Fri Mar 17 09:25:00 2017 +0100
Release 0.032
diff --git a/lib/File/StripNondeterminism.pm b/lib/File/StripNondeterminism.pm
index ef25742..a9eb309 100644
--- a/lib/File/StripNondeterminism.pm
+++ b/lib/File/StripNondeterminism.pm
@@ -34,7 +34,7 @@ use File::StripNondeterminism::handlers::zip;
our($VERSION, $canonical_time, $clamp_time);
-$VERSION = '0.031'; # 0.031
+$VERSION = '0.032'; # 0.032
sub init {
$ENV{'TZ'} = 'UTC';
commit 083b174c7c9245fed90af61ca8c001c8ead1b6d7
Author: Chris Lamb <la...@debian.org>
Date: Fri Mar 17 09:19:25 2017 +0100
Fix a possible endless loop while stripping ar files due to trusting the
file's file size data. Thanks to Tobias Stoeckmann (tob...@stoeckmann.org) for
the report, patch and testcase. (Closes: #857975)
Signed-off-by: Chris Lamb <la...@debian.org>
diff --git a/lib/File/StripNondeterminism/handlers/ar.pm
b/lib/File/StripNondeterminism/handlers/ar.pm
index 660fa8f..08a1925 100644
--- a/lib/File/StripNondeterminism/handlers/ar.pm
+++ b/lib/File/StripNondeterminism/handlers/ar.pm
@@ -65,6 +65,10 @@ sub normalize {
my $file_mode = oct(substr($buf, 40, 8));
my $file_size = substr($buf, 48, 10);
+
+ die "Incorrect file size"
+ if $file_size < 1;
+
seek $fh, $file_header_start + 16, SEEK_SET;
# mtime
diff --git a/t/failures/ar/857975.a b/t/failures/ar/857975.a
new file mode 100644
index 0000000..dfb8a49
--- /dev/null
+++ b/t/failures/ar/857975.a
@@ -0,0 +1,2 @@
+!<arch>
+/ 0 0 0 644 -60 `
commit 9a230af32229bd45dee0eb0794792c60369b7e2c
Author: Chris Lamb <la...@debian.org>
Date: Fri Mar 17 09:17:49 2017 +0100
Add support for testing files we should reject.
diff --git a/t/failures.t b/t/failures.t
new file mode 100644
index 0000000..44ae11d
--- /dev/null
+++ b/t/failures.t
@@ -0,0 +1,49 @@
+#!perl
+
+#
+# Copyright 2017 Chris Lamb <la...@debian.org>
+#
+# This file is part of strip-nondeterminism.
+#
+# strip-nondeterminism is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# strip-nondeterminism is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with strip-nondeterminism. If not, see <http://www.gnu.org/licenses/>.
+#
+
+use strict;
+use warnings;
+
+use File::Basename qw(basename);
+use File::Copy qw(copy);
+use File::Temp qw(tempdir);
+use File::StripNondeterminism;
+use Test::More;
+
+File::StripNondeterminism::init();
+
+my $temp = tempdir( CLEANUP => 1 );
+my @failures = glob('t/failures/*/*');
+
+plan tests => scalar @failures;
+
+foreach my $filename (@failures) {
+ my $in = $temp . "/" . basename($filename);
+ copy($filename, $in) or die "Copy failed: $!";
+
+ eval {
+ my $normalizer =
File::StripNondeterminism::get_normalizer_for_file($in);
+ $normalizer->($in);
+ };
+ ok($@ ne "");
+}
+
+done_testing;
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
