Your message dated Thu, 28 Jun 2018 14:18:17 +0000
with message-id <[email protected]>
and subject line Bug#842988: fixed in masscan 2:1.0.5+ds1-1
has caused the Debian Bug report #842988,
regarding masscan: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
842988: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842988
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: masscan
Version: 2:1.0.3-104-g676635d~ds0-1
Severity: wishlist
Tags: patch upstream
User: [email protected]
Usertags: fileordering
X-Debbugs-Cc: [email protected]
Hi!
While working on the "reproducible builds" effort [1], we have noticed
that masscan could not be built reproducibly.
It links objects in non-deterministic order.
The attached patch fixes this by sorting the list of source files.
Regards,
Reiner
[1]: https://wiki.debian.org/ReproducibleBuilds
diff --git a/debian/patches/0002-reproducible-build.patch b/debian/patches/0002-reproducible-build.patch
new file mode 100644
index 0000000..cccfb20
--- /dev/null
+++ b/debian/patches/0002-reproducible-build.patch
@@ -0,0 +1,14 @@
+Author: Reiner Herrmann <[email protected]>
+Description: Sort source files for deterministic linking order
+
+--- a/Makefile
++++ b/Makefile
+@@ -87,7 +87,7 @@
+ $(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@
+
+
+-SRC = $(wildcard src/*.c)
++SRC = $(sort $(wildcard src/*.c))
+ OBJ = $(addprefix tmp/, $(notdir $(addsuffix .o, $(basename $(SRC)))))
+
+
diff --git a/debian/patches/series b/debian/patches/series
index b5c7eee..6ebcf90 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
0001-buildsystem.patch
+0002-reproducible-build.patch
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: masscan
Source-Version: 2:1.0.5+ds1-1
We believe that the bug you reported is fixed in the latest version of
masscan, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sophie Brun <[email protected]> (supplier of updated masscan package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Jun 2018 11:19:24 +0200
Source: masscan
Binary: masscan
Architecture: source
Version: 2:1.0.5+ds1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Sophie Brun <[email protected]>
Description:
masscan - TCP port scanner
Closes: 842988 901596
Changes:
masscan (2:1.0.5+ds1-1) unstable; urgency=medium
.
[ Sophie Brun ]
* Remove get-git-source.sh
* New upstream version 1.0.5+ds1 (Closes: #901596)
- fixes reproducible build (Closes: #842988)
* Taking over the maintenance of package with Alessio
Treglia's permission. Thank you to him for the work
on the package.
* Remove old gbp.conf
* Add missing build-dep clang
* Update date in d/copyright
* Fix details in d/copyright for lintian
* Use debhelper 11
* Refresh patch
* Add a patch fix-spelling-errors
* d/rules: add build hardening
* Bump Standards-Version to 4.1.4: no change required
.
[ Raphaƫl Hertzog ]
* Try to manually enable PIE compilation since clang does not enable it by
default.
Checksums-Sha1:
08a54b95b895cf50d0ee27ad185facf2d3ee36f2 1650 masscan_1.0.5+ds1-1.dsc
f21759d5146bbffbc37a61a3c8d30d74aab5e44e 337492 masscan_1.0.5+ds1.orig.tar.gz
c770eef69b33cb639ff074f4dc156e335cfb7ebb 15268
masscan_1.0.5+ds1-1.debian.tar.xz
bc73700687dd21d5baad76673d56654861bf4ae3 5811
masscan_1.0.5+ds1-1_source.buildinfo
Checksums-Sha256:
0a77b33ca671850bd37e399b45eef5095a2823e861a05ed48c6a6625e6b10c24 1650
masscan_1.0.5+ds1-1.dsc
3385690662bd891860d7f56cd8f5741cfd4149630b51a1b2e738c8b5785ee8cd 337492
masscan_1.0.5+ds1.orig.tar.gz
2a5f3dc406a50bef0d0882cc8ef5047565dd65bc15e8d37cc5bb69ea5c4273fa 15268
masscan_1.0.5+ds1-1.debian.tar.xz
9baa997ab149f02165dc364afa7e3874864c0b3e2eeda1db508a26a318e8fd5d 5811
masscan_1.0.5+ds1-1_source.buildinfo
Files:
fab7eb013e2207d36b8dae0b8db490fa 1650 net optional masscan_1.0.5+ds1-1.dsc
932119ee27429ee7ce50db9c1c99fe99 337492 net optional
masscan_1.0.5+ds1.orig.tar.gz
01827a409aba487ae6dca71bb40d0117 15268 net optional
masscan_1.0.5+ds1-1.debian.tar.xz
811a6f3e544d98eae3e3bf708a5b2596 5811 net optional
masscan_1.0.5+ds1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAls06egACgkQA4gdq+vC
mrkBLwf/X2hSRBFUG1t+V9iVSb4FVWQ3HUl+WmaLbHS7yzrQh2tTcnzLW98/6OPv
XvJtHhi6TwBpjAiKzv8/Bl/YCH3JY3Vbr2zOrG7gkRufurme7Bj9pOm9REcwNYs2
XJ18sVBYeG0/w7OXfAeDQ9hTkzPYy4xdFSN2VHWjAEdb5Ge6HFCfGMADmRpzd0H7
rlxw/SA+F3YR250kN4D2wJ0dM5VQAqAVwmuNlaUdyl6Ta24m5shUnPIukiyBao02
fawTKY5Aii428BLwrevVuPQ5zisPmR0q89EZnU1KVfcnT5VXEl2JsuUzrmFeCknZ
ho0NaFy7GTS7pu6bvuiqPjMy0PUi+g==
=lbLW
-----END PGP SIGNATURE-----
--- End Message ---
