Bug#973313: lintian: Salsa CI jobs fail for many sources hosted there

I have a reproduction recipe that doesn't involve Salsa CI: * Start a clean buster virtual machine. (I used LXD, with "lxc launch --vm images:debian/buster", but any VM software will probably do.) * In the VM: - apt update && apt install -y docker.io man-db - docker pull debian:unstabl

Re: suggestion for checking unicode characters against "trojan source attacks"

Hi, On Mon, Nov 1, 2021 at 2:21 PM Jérémy Lal wrote: > > grep -r > $'[\u061C\u200E\u200F\u202A\u202B\u202C\u202D\u202E\u2066\u2067\u2068\u2069]' Does that cover both conditions? There is a risk that it will be slow, by the way—but I generally favor doing things right, so no problem here. Kind

Re: suggestion for checking unicode characters against "trojan source attacks"

Le lun. 1 nov. 2021 à 21:38, Felix Lechner a écrit : > Dear Jérémy, > > On Mon, Nov 1, 2021 at 1:14 PM Jérémy Lal wrote: > > > > it seems this python tool does the job: > > Looks great. If you can package it, your check may be only a few lines > long, or less. I can help with processing the outp

Re: suggestion for checking unicode characters against "trojan source attacks"

Dear Jérémy, On Mon, Nov 1, 2021 at 1:14 PM Jérémy Lal wrote: > > it seems this python tool does the job: Looks great. If you can package it, your check may be only a few lines long, or less. I can help with processing the output in Perl. Kind regards Felix Lechner

Re: suggestion for checking unicode characters against "trojan source attacks"

Le lun. 1 nov. 2021 à 20:59, Felix Lechner a écrit : > Hi Jérémy, > > On Mon, Nov 1, 2021 at 11:22 AM Jérémy Lal wrote: > > > > the topic is about CVE-2021-42574 and CVE-2021-42694. > > Lintian does not currently look for either condition. I do not have > time to read up in detail on either cond

Re: suggestion for checking unicode characters against "trojan source attacks"

Hi Jérémy, On Mon, Nov 1, 2021 at 11:22 AM Jérémy Lal wrote: > > the topic is about CVE-2021-42574 and CVE-2021-42694. Lintian does not currently look for either condition. I do not have time to read up in detail on either condition, but would happily help you write a Lintian check. Due to the

suggestion for checking unicode characters against "trojan source attacks"

Hi, the topic is about CVE-2021-42574 and CVE-2021-42694. Some unicode control characters, bidirectional characters, are dangerous in source code files because they can allow one to reorder source code tokens. I wonder if lintian is already doing that kind of check, and if not, it seems to be a g

lintian_2.111.0~bpo11+1_amd64.changes ACCEPTED into bullseye-backports

Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 01 Nov 2021 09:04:26 + Source: lintian Binary: lintian Architecture: source all Version: 2.111.0~bpo11+1 Distribution: bullseye-backports Urgency: medium Maintainer: Debian Lintian Maintainers Changed-By: Chr

Processing of lintian_2.111.0~bpo11+1_amd64.changes

lintian_2.111.0~bpo11+1_amd64.changes uploaded successfully to localhost along with the files: lintian_2.111.0~bpo11+1.dsc lintian_2.111.0~bpo11+1.tar.xz lintian_2.111.0~bpo11+1_all.deb lintian_2.111.0~bpo11+1_amd64.buildinfo Greetings, Your Debian queue daemon (running on host us