Package: git-buildpackage Version: 0.9.13 Severity: normal Tags: patch Steps to reproduce:
* Have a package in git, with patches containing non-ASCII metadata. Good examples include https://anonscm.debian.org/git/pkg-utopia/policykit.git master, at commit 4f1d21c3 (debian/0.105-25), and https://salsa.debian.org/gnome-team/gnome-keyring.git debian/buster, at commit ab353ae9 (debian/3.28.2-5). The same issue seems to be visible in the unblock diff quoted in <https://lists.debian.org/debian-release/2019/03/msg00456.html>, so this isn't only affecting me. * gbp pq drop * gbp pq import * Look at git log. In policykit-1, affected commits include "CVE-2015-3218: backend: Handle invalid object paths in RegisterAuthenticationAgent". In gnome-keyring, affected commits include "gkm-mock: Also store objects in the order they are taken". * gbp pq export * Look at the patches. In policykit-1, affected patches include debian/patches/0.113/00git_invalid_object_paths.patch. In gnome-keyring, affected patches include debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch. Expected result: No semantically significant changes to patches Actual result: `gbp pq import` treats the MIME-Version, Content-Type and Content-Transfer-Encoding as though they were semantically significant parts of the patch metadata (rather than merely an artifact of the email transport) and prepends them to the long commit message: > $ git log patch-queue/debian/buster ... > commit 4169ffaaf4498facee2bbf8c65292761b1d740e2 > Author: Iain Lane <ia...@gnome.org> > Date: 2019-01-30 14:34:51 +0000 > > gkm-mock: Also store objects in the order they are taken > > MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: 8bit > > With GLib 2.59, the `test-login-auto` test fails: ... As a result, after `gbp pq export`, the MIME-Version, Content-Type and Content-Transfer-Encoding in the email header get duplicated into new pseudo-headers, like this (note the same fields still present in the email header, just before the added lines): > $ git diff ... > --- > a/debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch > +++ > b/debian/patches/gkm-mock-Also-store-objects-in-the-order-they-are-taken.patch > @@ -5,6 +5,10 @@ MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: 8bit > > +MIME-Version: 1.0 > +Content-Type: text/plain; charset="utf-8" > +Content-Transfer-Encoding: 8bit > + > With GLib 2.59, the `test-login-auto` test fails: > > Gcr-CRITICAL **: 14:34:24.126: expected prompt property 'choice-label' Proposed patch attached. Regards, smcv -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-3-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages git-buildpackage depends on: ii devscripts 2.19.3 ii git 1:2.20.1-2 ii man-db 2.8.5-2 ii python3 3.7.2-1 ii python3-dateutil 2.7.3-3 ii python3-pkg-resources 40.8.0-1 ii sensible-utils 0.0.12 Versions of packages git-buildpackage recommends: ii cowbuilder 0.88 ii pbuilder 0.230.2 ii pristine-tar 1.46 ii python3-requests 2.21.0-1 ii sbuild 0.78.1-1 Versions of packages git-buildpackage suggests: pn python3-notify2 <none> ii sudo 1.8.27-1 ii unzip 6.0-22 -- no debconf information
>From 7f74448f8688d18e87b74543041392dd32261d15 Mon Sep 17 00:00:00 2001 From: Simon McVittie <s...@debian.org> Date: Wed, 13 Mar 2019 10:19:03 +0000 Subject: [PATCH] Dep3Patch: Ignore MIME headers Otherwise, if we import a patch containing non-ASCII characters exported by `gbp pq export` or `git format-patch` using DEP-3 syntax, we'd misinterpret these fields as semantically significant and copy them into pseudo-headers, causing them to be duplicated in the commit's long description. Signed-off-by: Simon McVittie <s...@debian.org> --- gbp/patch_series.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/gbp/patch_series.py b/gbp/patch_series.py index c47f4b6..7b561e6 100644 --- a/gbp/patch_series.py +++ b/gbp/patch_series.py @@ -255,6 +255,16 @@ class Dep3Patch(Patch): changes += add_date(v) elif k == 'long_desc': pass + elif k in ( + 'content-transfer-encoding', + 'content-type', + 'mime-version', + ): + # These can appear in `git format-patch` or `gbp pq export` + # output. They are not semantically significant: they're + # part of the encoding of the patch as an email, rather + # than real patch metadata. + pass else: pseudo_headers += ''.join(v) changes += 1 -- 2.20.1