Your message dated Fri, 24 Jan 2025 12:34:46 +0000
with message-id <[email protected]>
and subject line Bug#1065498: fixed in diffoscope 286
has caused the Debian Bug report #1065498,
regarding diffoscope: Crash on files without read permission
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1065498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065498
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: diffoscope
Version: 259
Severity: normal
Dear Maintainer,
I am able to crash diffoscope with a simple scenario:
sudo touch a b # Create 2 zero-byte files (owner=root)
sudo chmod go= a b # No access rights for group and others, default
access for root
diffoscope a b # This is a regular user, who is not allowed to read
these files
When the file does not have read permission for the current user, Python
exists with
PermissionError: [Errno 13] Permission denied: 'a'
Expected behaviour:
* Skip this file and add it to the output as an inaccessible file
(similar to how /dev/stdout is handled)
With kind regards,
Roland Clobus
-- System Information:
Debian Release: trixie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.6.13-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages diffoscope depends on:
ii diffoscope-minimal 259
Versions of packages diffoscope recommends:
ii 7zip 23.01+dfsg-8
ii aapt 1:14~beta1-2+b1
ii abootimg 0.6-1.1
ii acl 2.3.2-1
ii androguard 3.4.0~a1-10
ii apksigcopier 1.1.1-1
ii apksigner 31.0.2-1
ii apktool 2.7.0+dfsg-7
ii binutils-multiarch 2.42-3
ii bzip2 1.0.8-5+b2
ii caca-utils 0.99.beta20-4
ii colord 1.4.6-5
ii coreboot-utils 4.15~dfsg-4
ii db-util 5.3.3
ii default-jdk-headless 2:1.17-75
ii device-tree-compiler 1.7.0-2
ii dexdump 14.0.0+r15-1+b1
ii docx2txt 1.4-5
ii e2fsprogs 1.47.0-2.3
ii enjarify 1:1.0.3-5
ii ffmpeg 7:6.1.1-2
ii fontforge-extras 1:20230101~dfsg-1+b1
ii fonttools 4.46.0-1
ii fp-utils 3.2.2+dfsg-32
ii fp-utils-3.2.2 [fp-utils] 3.2.2+dfsg-32
ii genisoimage 9:1.1.11-3.4
ii gettext 0.21-14+b1
ii ghc 9.4.7-3
ii ghostscript 10.02.1~dfsg-3
ii giflib-tools 5.2.2-1
ii gnumeric 1.12.56-2+b1
ii gnupg-utils 2.2.40-1.1+b1
ii gpg 2.2.40-1.1+b1
ii hdf5-tools 1.10.10+repack-3.1
ii html2text 2.2.3-2
ii imagemagick 8:6.9.12.98+dfsg1-5.1
ii imagemagick-6.q16 [imagemagick] 8:6.9.12.98+dfsg1-5.1
ii jsbeautifier 1.14.11-1
ii libarchive-tools 3.7.2-1.1
ii libxmlb-utils 0.3.15-1
ii llvm 1:16.0-57
ii lz4 [liblz4-tool] 1.9.4-1+b2
ii lzip 1.24.1-1
ii mono-utils 6.8.0.105+dfsg-3.5
ii ocaml-nox 4.14.1-1
ii odt2txt 0.5-7
ii oggvideotools 0.9.1-6
ii openssh-client 1:9.6p1-4
ii openssl 3.1.5-1.1
ii pgpdump 0.36-1
ii poppler-utils 22.12.0-2+b1
ii procyon-decompiler 0.6.0-1
ii python3-argcomplete 3.1.4-1
ii python3-binwalk 2.3.4+dfsg1-4
ii python3-debian 0.1.49
ii python3-defusedxml 0.7.1-2
ii python3-guestfs 1:1.52.0-2.1
ii python3-jsondiff 2.0.0-2
ii python3-pdfminer 20221105+dfsg-1
ii python3-progressbar 2.5-4
ii python3-pypdf 4.0.2-1
ii python3-pyxattr 0.8.1-1+b1
ii python3-rpm 4.18.2+dfsg-2.1
ii python3-tlsh 3.4.4+20151206-1.4+b5
ii r-base-core 4.3.3-1
ii radare2 5.5.0+dfsg-1.1
ii rpm2cpio 4.18.2+dfsg-2.1
ii sng 1.1.0-4
ii sqlite3 3.45.1-1
ii squashfs-tools 1:4.6.1-1
ii tcpdump 4.99.4-3
ii u-boot-tools 2024.01+dfsg-1
ii unzip 6.0-28
ii wabt 1.0.34+dsfg2+~cs1.0.32-1
ii xmlbeans 4.0.0-2
ii xxd 2:9.1.0016-1
ii xz-utils 5.6.0-0.2
ii zip 3.0-13
ii zstd 1.5.5+dfsg2-2
Versions of packages diffoscope suggests:
ii libjs-jquery 3.6.1+dfsg+~3.5.14-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: diffoscope
Source-Version: 286
Done: Chris Lamb <[email protected]>
We believe that the bug you reported is fixed in the latest version of
diffoscope, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lamb <[email protected]> (supplier of updated diffoscope package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Jan 2025 12:07:52 +0000
Source: diffoscope
Built-For-Profiles: nocheck
Architecture: source
Version: 286
Distribution: unstable
Urgency: medium
Maintainer: Reproducible builds folks
<[email protected]>
Changed-By: Chris Lamb <[email protected]>
Closes: 1065498 1093484
Changes:
diffoscope (286) unstable; urgency=medium
.
[ Chris Lamb ]
* Bug fixes:
- When passing files on the command line, don't call specialize(..) before
we've checked that the files are identical. In the worst case, this was
resulting in spinning up binwalk and extracting two entire filesystem
images merely to confirm that they were indeed filesystem images..
before simply concluding that they were identical anyway.
- Do not exit with a traceback if paths are inaccessible, either directly,
via symbolic links or within a directory. (Closes: #1065498)
- Correctly identify changes to only the line-endings of files; don't mark
them as "Ordering differences only".
- Use the "surrogateescape" mechanism of str.{decode,encode} to avoid a
UnicodeDecodeError and crash when decoding zipinfo output that is not
valid UTF-8. (Closes: #1093484)
* Testsuite changes:
- Don't mangle newlines when opening test fixtures; we want them untouched.
- Move to assert_diff in test_text.py.
* Misc:
- Remove unnecessary return value from check_for_ordering_differences in
the Difference class.
- Drop an unused function in iso9600.py
- Inline a call/check of Config().force_details; no need for an additional
variable.
Checksums-Sha1:
c2219796e7beae46ed013ae8084c3a009e098b71 5043 diffoscope_286.dsc
005fff7c68e270889a4899973ca8bf399cacec7f 2463128 diffoscope_286.tar.xz
0b813df64a72ffd81445c95cb7a3da148d60c01c 7615 diffoscope_286_amd64.buildinfo
Checksums-Sha256:
b38bf74cbc5ff2c044fa27bebeee8488b8e819804f30d58427f482ee5dea8637 5043
diffoscope_286.dsc
2ac2acbe9f86c11af570d39704ddc5035b48b3009bbe060a4399e68ba8c0cbf0 2463128
diffoscope_286.tar.xz
510959be08c0e1613f2d4ee9e18ddfc56e5ccc645f66293ba4083e5ce37c6c6a 7615
diffoscope_286_amd64.buildinfo
Files:
b0c4d7acd9b92c2515b67ee2df5f0cd5 5043 devel optional diffoscope_286.dsc
7afcf2aaee2c307f1cdf9df155fb9941 2463128 devel optional diffoscope_286.tar.xz
91a2a7542cb5e693a9ff92039ae8d885 7615 devel optional
diffoscope_286_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmeTgtMACgkQHpU+J9Qx
HlgYoQ//eafAUm9BXpJAq4JgXPcPlsgUlQ0UzGEhzW9tTEAObFOg7BZoKjWvJkJ7
3orX9KdJfJnXEg8Q9VSz3ga5rbJ7xQJaoipRRjKHejUDIHnqgabcRv8dEx4hWCsi
Ov2iXeZD4h6a9ryISYiU3moot08Sx5++XEr92rNQXKuoE8W81YcNMNP+FKmS8FI/
qW3BADwy1s4Wnr58OyzMe83k+XSz0wfbVfo+yr6pjwz8WpzOvEw6oaTD/JvTFifc
tGiLkvds/JGg4jd+jLOIOdDVxPzvkqhbZBNJtE5+zaKAU3SlBF6Cmp6N0VeI9yr0
v6gbFPPsrUKO4O2OFbo7WGmKkSmldfNejF1/pA/gyCAYxpgw6AkzvzDYBhWRJpkl
jC8D5vCcLx7Atb81EPQFVQcpuxi3dI1msrHEQvYfSVjoCUUyxjTAxUzVLLJT7ThD
1vLHG0ZSUpz0ccWDTbgG7Jh0yOyDiA+MNERS/KmX96nXN9Hb5cpA9jtzk5K9Q/Nz
9JcNUGUKdB7ZGRZDqBZMn00jlmMlAGJLiV5jSUi0w1R0neSxHUiL/lgN39XM4H9S
Vwv9A2wF9duTtSfd16+uS034veJDboAacwbZwigXVdzfkPbMk6FKiEUN3HrLrtaf
sILBK6QYF6Xhj40Pc3YsjqbRleKdN/pJvzs8U3cIi6wXswVFoRY=
=LlZI
-----END PGP SIGNATURE-----
pgpfszSR5frNU.pgp
Description: PGP signature
--- End Message ---
