Your message dated Sun, 29 Dec 2019 15:49:56 +0000
with message-id <[email protected]>
and subject line Bug#947708: fixed in libtext-markdown-perl 1.000031-3
has caused the Debian Bug report #947708,
regarding libtext-markdown-perl: please make the build reproducible
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
947708: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947708
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libtext-markdown-perl
Version: 1.000031-2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: randomness toolchain
X-Debbugs-Cc: [email protected]
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
libtext-markdown-perl generates output that is not reproducible.
Specifically it encodes some email addresses using random HTML
entities in an attempt to thwart spammers. A patch is attached that
seeds the random number generation with a deterministic value based on
SOURCE_DATE_EPOCH [1].
(This was accidentally filed against src:markdown in #947608 but there
were other, essentially unrelated, issues there too.)
[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/947608
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
diff --git a/lib/Text/Markdown.pm b/lib/Text/Markdown.pm
index 1c1f93e..c62401d 100644
--- a/lib/Text/Markdown.pm
+++ b/lib/Text/Markdown.pm
@@ -1463,6 +1463,8 @@ sub _DoAutoLinks {
return $text;
}
+my $SRAND_CALLED = 0;
+
sub _EncodeEmailAddress {
#
# Input: an email address, e.g. "[email protected]"
@@ -1481,6 +1483,11 @@ sub _EncodeEmailAddress {
my ($self, $addr) = @_;
+ if ($ENV{SOURCE_DATE_EPOCH} and not $SRAND_CALLED) {
+ srand $ENV{SOURCE_DATE_EPOCH};
+ $SRAND_CALLED = 1;
+ }
+
my @encode = (
sub { '&#' . ord(shift) . ';' },
sub { '&#x' . sprintf( "%X", ord(shift) ) . ';' },
--- End Message ---
--- Begin Message ---
Source: libtext-markdown-perl
Source-Version: 1.000031-3
We believe that the bug you reported is fixed in the latest version of
libtext-markdown-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gregor herrmann <[email protected]> (supplier of updated libtext-markdown-perl
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Dec 2019 16:23:34 +0100
Source: libtext-markdown-perl
Architecture: source
Version: 1.000031-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: gregor herrmann <[email protected]>
Closes: 947708
Changes:
libtext-markdown-perl (1.000031-3) unstable; urgency=medium
.
[ Lucas Kanashiro ]
* Add d/u/metadata
.
[ Salvatore Bonaccorso ]
* debian/control: Use HTTPS transport protocol for Vcs-Git URI
.
[ gregor herrmann ]
* debian/copyright: change Copyright-Format 1.0 URL to HTTPS.
* debian/upstream/metadata: change GitHub/CPAN URL(s) to HTTPS.
* Remove Jonathan Yu from Uploaders. Thanks for your work!
.
[ Salvatore Bonaccorso ]
* Update Vcs-* headers for switch to salsa.debian.org
.
[ gregor herrmann ]
* debian/*: replace ADTTMP with AUTOPKGTEST_TMP.
.
[ Chris Lamb ]
* Add patch debian/patches/seed_rng.patch to seed the random number
generation with a deterministic value based on SOURCE_DATE_EPOCH in
function which "encodes" email addresses. (Closes: #947708)
.
[ gregor herrmann ]
* Don't run POD tests during build.
They are author tests supposed to be run at release time.
* Update years of packaging copyright.
* Annotate test-only build dependencies with <!nocheck>.
* Declare compliance with Debian Policy 4.4.1.
* Bump debhelper-compat to 12.
* debian/watch: use uscan version 4.
* Set upstream metadata fields: Bug-Submit, Repository, Repository-
Browse.
* Remove obsolete fields Contact, Name from debian/upstream/metadata.
* Add build dependency on libmodule-install-perl.
The shipped fragments in inc/ are not found anymore after the debhelper
compat bump.
* Fix hashbang in /usr/bin/markdown.
* Add empty debian/tests/pkg-perl/syntax-skip to enable more autopkgtests.
Checksums-Sha1:
82bbdd4bec817d45bc55c017f0e81c47cd970364 2658
libtext-markdown-perl_1.000031-3.dsc
93ab81fe2bd6c67e2b56dcef60594f3db89a41b4 6204
libtext-markdown-perl_1.000031-3.debian.tar.xz
Checksums-Sha256:
d96b7582bf0ab80090b2ea8d7b159175012524d65ef89ad8e2faca8f93537498 2658
libtext-markdown-perl_1.000031-3.dsc
96ee210887eb6ff09cf13b3123b8af54e654e66156838f2afe038c7361ca088d 6204
libtext-markdown-perl_1.000031-3.debian.tar.xz
Files:
d474e7de4e549fa530fcae0695e2c629 2658 perl optional
libtext-markdown-perl_1.000031-3.dsc
6e959af4f174e376633fd7f413ce185e 6204 perl optional
libtext-markdown-perl_1.000031-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAl4IxaxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgYchA//co0WbxbXom9a9qmhXJZI5IrkVDPaoFfWQbfsRdJ6t7dAiIHyzf+AOyaI
CpbqqN09xcl+9WVDMauBDMmwMWphXqDF440KEBy6PZ+q1mY82cPjTV0HNipNeJkz
DsbWg3LsoDHK+LFMbwmlNj8H19xLGCpkZicXSWnVrKbcHpDu3z/aH/FyugsRQ4kK
LnTlcPqlNrsbM+FUkNv/ScspiMiqeCe0TqDynQP2uvdjV+1UK0wA81CkI7UceZy6
d5b4iU4HSwT6b6RmLzqmPIybOYMqYKMAjOoaNbi6ofmYXRiT3yaH3PV22Ok9xfMQ
9eWFxdJwLafv7vNtrEJw8qZ42b3SJUAJMxccWLHNp9idemNpAT2jDyeDJJuKJmpP
aPkwr4EdjvueJ3J5DwZwix1wj7TdMNtpvM20v4/gXIxV+8S6+Di/OEhCnXsci5+A
+gjSNrdvaW+vJWYNPUS3xcJNT3qgUrjvgvSds4IGyWSnrd234K5e4jrTASI4Erow
9yCV4z+wg1Pf32nzHw7DTyftFafgqZLz7g9+xGwj3CNzXh1t11+o2GyBXJIP6Dol
FpgUFCzH8m7FUt2gXiGcnU9TxxbPfHtA0D5bvCvSofoNIiCfWssoMmdpxgJltAKC
7uxQhdYxeR4tP9NHekohg05aTIurBPTwQbWxdJ4DPUO3lBTMOBs=
=ZBp+
-----END PGP SIGNATURE-----
--- End Message ---
