Your message dated Fri, 17 Mar 2017 09:32:17 +0000
with message-id <e1coof7-000afr...@fasolo.debian.org>
and subject line Bug#857975: fixed in strip-nondeterminism 0.032-1
has caused the Debian Bug report #857975,
regarding strip-nondeterminism: endless loop while stripping ar files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
857975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: strip-nondeterminism
Version: 0.031-1
Severity: important
It is possible to trigger an endless loop while stripping ar files which
contain an illegal file size.
How to reproduce:
echo H4sICHfpylgCA3Rlc3QuYQBTtEksSs6w49JXQAUGGGwIaWZiA\
qZ1zWAqErgAcKtfFkQAAAA= | base64 -d | gzip -d > loop.a
strip-nondeterminism loop.a
See this patch for a possible solution:
diff --git a/lib/File/StripNondeterminism/handlers/ar.pm
b/lib/File/StripNondeterminism/handlers/ar.pm
index 660fa8f..a71307a 100644
--- a/lib/File/StripNondeterminism/handlers/ar.pm
+++ b/lib/File/StripNondeterminism/handlers/ar.pm
@@ -67,6 +67,8 @@ sub normalize {
my $file_size = substr($buf, 48, 10);
seek $fh, $file_header_start + 16, SEEK_SET;
+ die "Incorrect file size" if $file_size < 1;
+
# mtime
syswrite $fh,
sprintf("%-12d", $File::StripNondeterminism::canonical_time
// 0);
--- End Message ---
--- Begin Message ---
Source: strip-nondeterminism
Source-Version: 0.032-1
We believe that the bug you reported is fixed in the latest version of
strip-nondeterminism, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 857...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <la...@debian.org> (supplier of updated strip-nondeterminism package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 17 Mar 2017 09:25:53 +0100
Source: strip-nondeterminism
Binary: libfile-stripnondeterminism-perl strip-nondeterminism
dh-strip-nondeterminism
Architecture: source
Version: 0.032-1
Distribution: unstable
Urgency: medium
Maintainer: Reproducible builds folks
<reproducible-builds@lists.alioth.debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description:
dh-strip-nondeterminism - file non-deterministic information stripper —
Debhelper add-on
libfile-stripnondeterminism-perl - file non-deterministic information stripper
— Perl module
strip-nondeterminism - file non-deterministic information stripper —
stand-alone tool
Closes: 857975
Changes:
strip-nondeterminism (0.032-1) unstable; urgency=medium
.
* Add support for testing files we should reject.
* Fix a possible endless loop while stripping ar files due to trusting the
file's file size data. Thanks to Tobias Stoeckmann (tob...@stoeckmann.org)
for the report, patch and testcase. (Closes: #857975)
Checksums-Sha1:
5c7b3baec770e0dbbf626c4c08d1627ba2740e7a 2428 strip-nondeterminism_0.032-1.dsc
222fa7cfec2b771448ae43ef6017fd6f1b077acc 170232
strip-nondeterminism_0.032.orig.tar.gz
b5f0bdc92832cbf4235ff6844429feb5fd4ebb92 10656
strip-nondeterminism_0.032-1.debian.tar.xz
299fa14f57a4b0183bad3e1cdc243ab6effc77ef 6526
strip-nondeterminism_0.032-1_amd64.buildinfo
Checksums-Sha256:
fd7e0efca2ef0092f953f01af3df8f5c48ad3b04e59c9915329dd695118e971c 2428
strip-nondeterminism_0.032-1.dsc
43912c367deaf3d2bf545180e07545415c5e0ee7461481e9d89e66328a591b89 170232
strip-nondeterminism_0.032.orig.tar.gz
10b2157dce83082b72d17ce6eb2fa8039bd06c114ade1bea39751434df561263 10656
strip-nondeterminism_0.032-1.debian.tar.xz
dc29bc47cad0eab3d6657991d31cd832fb0fad32c07cc33c08948f62744f5296 6526
strip-nondeterminism_0.032-1_amd64.buildinfo
Files:
facaeab6ce2d6bf7d0fab97485da4b1d 2428 devel optional
strip-nondeterminism_0.032-1.dsc
defb33ee0bb1ec987e370aecf9d4300c 170232 devel optional
strip-nondeterminism_0.032.orig.tar.gz
2f0ec3ccedbc053b8debb9135abe70c9 10656 devel optional
strip-nondeterminism_0.032-1.debian.tar.xz
2acf8cb74c735df6344f319133e8c10a 6526 devel optional
strip-nondeterminism_0.032-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljLnesACgkQHpU+J9Qx
HlgC7xAAoi1HS9yxX22VAFHDA5uJrIE8uA+g/c4jMFqtPNpO7YteAWg2GVlO+LiT
M2Ws7bqzcVGviLEmC3g6wHpfSIqfMKIQSsMnqejKqsxIITjA83K8vKuuAAKT5kcw
+LvQfPaGImqoT0pJuj6s75Pigav7GqpzoIdH972zfYbBdTNN7CgKAbPcYtUO5d4B
EEs4eFbu8ZEzCCZtf5+pTScAK/rPhcu7fYiDwvVwUv+NpESQIKNwSbj0skeD+eS9
3Sqzs8C52uYRSxV3c+z2JPAHVYkUICXPT+8UzJoDR537uvwHuCpZPQGEvxzOXpeR
vDjYB3tjzPijJF0+xsVZ6uC4t7W79YX76Le3W/wJ1aWP/WbTnbPBYHUMxVNPylWC
9Jzp1tGL4iQ635zmtmtikvJ5Y+oSsxQFYwyllHE4dtLNZEzZAyPjYsoSYJKR1PAz
BEL25I3rz/QcIsWAolFnPukRctGhnpoTGzcBW9+LqpwVO1Q8HQUKjHWHQDiV9hNx
SWrZ4h8l+J05vVgimWqaJrLJab7oRLP0qcOgMA39c0cXxW/7h6PHfq3mpqw/GakK
V7HHOY/LWnnLhBa2x+Wcd43xY16PMLYE4msFWv6Nipc6unnXEluoz5FFrWOHX271
+ZbSw2wTA/N9VnoRTMJwN5dUgOW1eAdeDJz9gTCDZ7Hj1FWJPpQ=
=R+iH
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
