Debian Bug report logs - #852207
libfile-stripnondeterminism-perl: Breaks .zip with encrypted files

version graph

Package: libfile-stripnondeterminism-perl; Maintainer for libfile-stripnondeterminism-perl is Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>; Source for libfile-stripnondeterminism-perl is src:strip-nondeterminism (PTS, buildd, popcon).

Reported by: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>

Date: Sun, 22 Jan 2017 14:00:02 UTC

Severity: normal

Found in version strip-nondeterminism/0.029-2

Fixed in version strip-nondeterminism/1.0.0-1

Done: Chris Lamb <lamby@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#852207; Package libfile-stripnondeterminism-perl. (Sun, 22 Jan 2017 14:00:04 GMT) (full text, mbox, link).

Acknowledgement sent to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
New Bug report received and forwarded. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Sun, 22 Jan 2017 14:00:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libfile-stripnondeterminism-perl: Breaks .zip with encrypted files
Date: Sun, 22 Jan 2017 14:58:20 +0100
[Message part 1 (text/plain, inline)]
Package: libfile-stripnondeterminism-perl
Version: 0.029-2
Severity: normal

Dear Maintainer,

This looks a lot like #817943 but still might be a different issue.

When dh-strip-nondeterminism processes a .zip with an encrypted file,
the .zip is altered in a way it should be considered broken afterwards.

How to repeat:

* Create a small encrypted .zip

$ touch a-file
$ zip -Pverysecret archive.zip a-file

* zipinfo tells it is sound:

$ zipinfo archive.zip 
| Archive:  archive.zip
| Zip file size: 190 bytes, number of entries: 1
| -rw-r--r--  3.0 unx        0 BX stor 17-Jan-22 14:35 a-file
| 1 file, 0 bytes uncompressed, 0 bytes compressed:  0.0%

* Run File::StripNondeterminism against that file. Like using the following
  script which is what dh-strip-nondeterminism basically does:

-------------------------------------------------------------------
#!/usr/bin/perl -w
use strict;
use File::StripNondeterminism;
my $file = $ARGV[0];
my $normalizer = File::StripNondeterminism::get_normalizer_for_file($file);
$normalizer->($file);
-------------------------------------------------------------------

* Check the .zip again

$ zipinfo archive.zip 
| Archive:  archive.zip
| Zip file size: 178 bytes, number of entries: 1
| -rw-r--r--  3.0 unx        0 BX stor 80-Jan-01 13:01 a-file
| 1 file, 0 bytes uncompressed, 18446744073709551604 bytes compressed:  0.0%
                                = 0xfffffffffffffff4

* Also unzip cannot handle this:

$ unzip -t archive.zip
| Archive:  archive.zip
| 
|   error:  invalid compressed data to inflate
| At least one error was detected in archive.zip.

In case there's a package in Debian that ships an encrypted .zip file,
that one was broken now. Although I cannot think why anyone would want
to do that. Severity left to normal therefore.

Regards,

    Christoph

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.1 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: unable to detect

Versions of packages libfile-stripnondeterminism-perl depends on:
ii  libarchive-zip-perl  1.59-1
ii  perl                 5.24.1~rc4-1

libfile-stripnondeterminism-perl recommends no packages.

libfile-stripnondeterminism-perl suggests no packages.

-- no debconf information


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#852207; Package libfile-stripnondeterminism-perl. (Mon, 23 Jan 2017 00:42:05 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Mon, 23 Jan 2017 00:42:05 GMT) (full text, mbox, link).

Message #10 received at 852207@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: 852207@bugs.debian.org
Cc: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Subject: Re: libfile-stripnondeterminism-perl: Breaks .zip with encrypted files
Date: Mon, 23 Jan 2017 00:38:35 +0000
tags 852207 + moreinfo
thanks


Hi,

> libfile-stripnondeterminism-perl: Breaks .zip with encrypted files

Could you attach your testcase file...? :)


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Information forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#852207; Package libfile-stripnondeterminism-perl. (Mon, 23 Jan 2017 07:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Extra info received and forwarded to list. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Mon, 23 Jan 2017 07:03:03 GMT) (full text, mbox, link).

Message #15 received at 852207@bugs.debian.org (full text, mbox, reply):

From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
To: Chris Lamb <lamby@debian.org>
Cc: 852207@bugs.debian.org
Subject: Re: libfile-stripnondeterminism-perl: Breaks .zip with encrypted files
Date: Mon, 23 Jan 2017 08:01:03 +0100
[Message part 1 (text/plain, inline)]
Chris Lamb wrote...

> Could you attach your testcase file...? :)

Here we go (I thought the instructions very straightforward).

    Christoph

[archive.zip (application/zip, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#852207; Package libfile-stripnondeterminism-perl. (Wed, 25 Jan 2017 02:15:05 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Wed, 25 Jan 2017 02:15:05 GMT) (full text, mbox, link).

Message #20 received at 852207@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Cc: 852207@bugs.debian.org
Subject: Re: libfile-stripnondeterminism-perl: Breaks .zip with encrypted files
Date: Wed, 25 Jan 2017 02:13:11 +0000
Hi Christoph,

> Here we go (I thought the instructions very straightforward).

Thanks! To make it easier for someone to have a go at this, check out
the "lamby/852207-encrypted-zip" branch where the testsuite is (now)
failing with this example.


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Message sent on to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Bug#852207. (Sun, 25 Nov 2018 17:15:10 GMT) (full text, mbox, link).

Message #23 received at 852207-submitter@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: 852207-submitter@bugs.debian.org
Subject: Bug #852207 in strip-nondeterminism marked as pending
Date: Sun, 25 Nov 2018 17:13:56 +0000
Control: tag -1 pending

Hello,

Bug #852207 in strip-nondeterminism reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/reproducible-builds/strip-nondeterminism/commit/43d93c718f205310c647f03ab3b89e768e03977e

------------------------------------------------------------------------
Ignore encrypted .zip files as we can never normalise them. (Closes: #852207)

------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/852207

Added tag(s) pending. Request was from Chris Lamb <lamby@debian.org> to 852207-submitter@bugs.debian.org. (Sun, 25 Nov 2018 17:15:10 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>:
Bug#852207; Package libfile-stripnondeterminism-perl. (Sun, 25 Nov 2018 17:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Chris Lamb <lamby@debian.org>:
Extra info received and forwarded to list. Copy sent to Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>. (Sun, 25 Nov 2018 17:21:04 GMT) (full text, mbox, link).

Message #30 received at 852207@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: 852207@bugs.debian.org
Cc: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Subject: Re: libfile-stripnondeterminism-perl: Breaks .zip with encrypted files
Date: Sun, 25 Nov 2018 12:17:11 -0500
Hi,

I fixed in Git by simply skipping encrypted .zip files (although
TIL .zip files are encrypted per member, not globally).


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

Reply sent to Chris Lamb <lamby@debian.org>:
You have taken responsibility. (Thu, 06 Dec 2018 17:24:07 GMT) (full text, mbox, link).

Notification sent to Christoph Biedl <debian.axhn@manchmal.in-ulm.de>:
Bug acknowledged by developer. (Thu, 06 Dec 2018 17:24:07 GMT) (full text, mbox, link).

Message #35 received at 852207-close@bugs.debian.org (full text, mbox, reply):

From: Chris Lamb <lamby@debian.org>
To: 852207-close@bugs.debian.org
Subject: Bug#852207: fixed in strip-nondeterminism 1.0.0-1
Date: Thu, 06 Dec 2018 17:20:03 +0000
Source: strip-nondeterminism
Source-Version: 1.0.0-1

We believe that the bug you reported is fixed in the latest version of
strip-nondeterminism, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 852207@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Chris Lamb <lamby@debian.org> (supplier of updated strip-nondeterminism package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 06 Dec 2018 18:13:32 +0100
Source: strip-nondeterminism
Binary: libfile-stripnondeterminism-perl strip-nondeterminism dh-strip-nondeterminism
Architecture: source all
Version: 1.0.0-1
Distribution: unstable
Urgency: medium
Maintainer: Reproducible builds folks <reproducible-builds@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
 dh-strip-nondeterminism - file non-deterministic information stripper — Debhelper add-on
 libfile-stripnondeterminism-perl - file non-deterministic information stripper — Perl module
 strip-nondeterminism - file non-deterministic information stripper — stand-alone tool
Closes: 781262 843811 852207 914289
Changes:
 strip-nondeterminism (1.0.0-1) unstable; urgency=medium
 .
   * Ignore encrypted .zip files as we can never normalise them.
     (Closes: #852207)
   * Drop .ar handler; binutils is reproducible. (Closes: #781262, #843811)
     - Update debian/copyright to drop reference to ar.pm.
   * Remove javaproperties handler after Emmanuel Bourg's patch was released in
     openjdk-11 11.0.1+13-3. (Closes: #914289)
Checksums-Sha1:
 1ead5d4a0813d63fe0ee07b426e158ade075e811 2533 strip-nondeterminism_1.0.0-1.dsc
 1a3a20e2331095600ff2ade5e4e0cc63a321719e 221245 strip-nondeterminism_1.0.0.orig.tar.bz2
 ab56f821cca957807cb9ea86dfc8891bc4003229 30868 strip-nondeterminism_1.0.0-1.debian.tar.xz
 1bac99102339af18e05c20772159ba8260ed7e46 12548 dh-strip-nondeterminism_1.0.0-1_all.deb
 a61ad9f037fee38352faf734fe27d3bddcef37fe 19488 libfile-stripnondeterminism-perl_1.0.0-1_all.deb
 4419769f64002dc2ab5f35274bba1cc365ef7f99 12804 strip-nondeterminism_1.0.0-1_all.deb
 e1e20bb3afbacdb041da7a3cec9a355dda162e21 6344 strip-nondeterminism_1.0.0-1_amd64.buildinfo
Checksums-Sha256:
 d7f34fbab73b907af2a6d5662f931d31ecee467fe1cb3faffe73a34b8b337bad 2533 strip-nondeterminism_1.0.0-1.dsc
 d51fc5be90e85f385737aa9b6482bbd7d8911f10e9bf5d8ccb0441fa8077d18c 221245 strip-nondeterminism_1.0.0.orig.tar.bz2
 c920b0e944c829e120d9bc1118a9f8a687a5de8815f9bcb5aadcab45e11d86fe 30868 strip-nondeterminism_1.0.0-1.debian.tar.xz
 7e7a5fb4d470c91a46b3185eb45c5ab4c379ff49e90adc5c015758cf381b6b8f 12548 dh-strip-nondeterminism_1.0.0-1_all.deb
 d185261e207bdda3b230467ae9a277dbe6fa177578c22d83bfa32fccccca18b2 19488 libfile-stripnondeterminism-perl_1.0.0-1_all.deb
 cd77e2c25cf28625aed61a6c499a3a23669296335cf5962bdacb6dd6689e8f33 12804 strip-nondeterminism_1.0.0-1_all.deb
 9205c88c08eaabdf4e97ca44e152dd71d2aa4de25b41afc97150f0778d586728 6344 strip-nondeterminism_1.0.0-1_amd64.buildinfo
Files:
 951c068d11fd5847bf1bbfc9c7396fda 2533 devel optional strip-nondeterminism_1.0.0-1.dsc
 ef333c2ccab4e55f4e6d4d8f2d68daf7 221245 devel optional strip-nondeterminism_1.0.0.orig.tar.bz2
 747f07cd195ee63102c0e75b1937f0a9 30868 devel optional strip-nondeterminism_1.0.0-1.debian.tar.xz
 9ef9f55f66a93c9db96f6fb1b9339d28 12548 devel optional dh-strip-nondeterminism_1.0.0-1_all.deb
 90b4fe0ab24af1c8a00cb904838eb39e 19488 perl optional libfile-stripnondeterminism-perl_1.0.0-1_all.deb
 bb0d356ea186abbde65f973c55bd0008 12804 devel optional strip-nondeterminism_1.0.0-1_all.deb
 bd6a423df13998648ab467b9010c0c6b 6344 devel optional strip-nondeterminism_1.0.0-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwJWSwACgkQHpU+J9Qx
HljjqxAAgApvdvnAr8N6UnGvit/ZViwVi434t2q6VDHg9H3psAhS07AjUNpeKWHb
m1kQFKFA1Q8d1yWVFde7x+OYyW+kcYRT8b9PhzX9W4vZn36urG9HdRtpLFmMiTYq
FVWTYV+LwIthAAvXsMFAG601ld9NsLw8NHaYKGmJxIWPBSeo3OiGNPXNRcL4o1TM
lYK4JycAZvhoOjRzy4IeyNvCWri57AjUV8zJUOwXr1vftmNbhTv/pDfI113K9/kG
K8HQzTN0UwgwI6VYEkzdgmmiL+KUNuRh6+x8UAtuQNBA+fuXa3gnxlL7PmGbEyJL
pkqmhmc6ViHvpDHJ3klhctjGgroBYqzQv3r6lx93PiOP9L9v5WIXJgPNH8fMKvDK
mzL+p5GF+80nID8kQeqy5kgSdxdagiIGs3gt0+xs9rd5Yd6goq/0vPQOT5w7EaGq
bPjGzxXtKbr7RsWiS6nabatAYqBS4wFvVutcrVIuhZnJ0s9zPGSIBUQuvBq/6m2m
b7oGiFd4/EZuyM8ECEFpnk8MVVjRuqIh3x9ZfZfO2NJb3jZYXaDVb9yHIcDmkCrC
0293s0uzBWlppmHJqrzx4DLo1zp+Isomc6To877RpJSgdZqhPyZeD6zBOIzdD8Qc
AWIA0OV2xn9Y3FLxb2cjyIqp68sDFk3c3lBymWIJ/k2NP1oxWvs=
=EU6t
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 06 Jan 2019 07:25:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 17 11:25:08 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.