Source: libtext-markdown-perl
Version: 1.000031-2
Severity: wishlist
Tags: patch
User: [email protected]
Usertags: randomness toolchain
X-Debbugs-Cc: [email protected]
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
libtext-markdown-perl generates output that is not reproducible.
Specifically it encodes some email addresses using random HTML
entities in an attempt to thwart spammers. A patch is attached that
seeds the random number generation with a deterministic value based on
SOURCE_DATE_EPOCH [1].
(This was accidentally filed against src:markdown in #947608 but there
were other, essentially unrelated, issues there too.)
[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/947608
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` [email protected] / chris-lamb.co.uk
`-
diff --git a/lib/Text/Markdown.pm b/lib/Text/Markdown.pm
index 1c1f93e..c62401d 100644
--- a/lib/Text/Markdown.pm
+++ b/lib/Text/Markdown.pm
@@ -1463,6 +1463,8 @@ sub _DoAutoLinks {
return $text;
}
+my $SRAND_CALLED = 0;
+
sub _EncodeEmailAddress {
#
# Input: an email address, e.g. "[email protected]"
@@ -1481,6 +1483,11 @@ sub _EncodeEmailAddress {
my ($self, $addr) = @_;
+ if ($ENV{SOURCE_DATE_EPOCH} and not $SRAND_CALLED) {
+ srand $ENV{SOURCE_DATE_EPOCH};
+ $SRAND_CALLED = 1;
+ }
+
my @encode = (
sub { '&#' . ord(shift) . ';' },
sub { '&#x' . sprintf( "%X", ord(shift) ) . ';' },
