commit gcin for openSUSE:Factory

Tue, 05 Sep 2017 06:19:48 -0700 

Hello community,

here is the log from the commit of package gcin for openSUSE:Factory checked in 
at 2017-09-05 15:19:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gcin (Old)
 and      /work/SRC/openSUSE:Factory/.gcin.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "gcin"

Tue Sep  5 15:19:05 2017 rev:33 rq:520955 version:2.8.5

Changes:
--------
--- /work/SRC/openSUSE:Factory/gcin/gcin.changes        2017-06-21 
13:58:11.434915646 +0200
+++ /work/SRC/openSUSE:Factory/.gcin.new/gcin.changes   2017-09-05 
15:19:18.458764272 +0200
@@ -1,0 +2,5 @@
+Mon Sep  4 17:10:44 UTC 2017 - [email protected]
+
+- Add gcin-reproducible.patch to initialize memory 
+
+-------------------------------------------------------------------

New:
----
  gcin-reproducible.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ gcin.spec ++++++
--- /var/tmp/diff_new_pack.ihBR1Z/_old  2017-09-05 15:19:19.366636658 +0200
+++ /var/tmp/diff_new_pack.ihBR1Z/_new  2017-09-05 15:19:19.370636096 +0200
@@ -46,6 +46,8 @@
 Patch9:         gcin-fix-qt5-iid.patch
 # PATCH-FIX-OPENSUSE [email protected] - Don't copy gcin-qt5.h.in since we already 
patched gcin-qt5.h
 Patch10:        gcin-dont-copy-gcin-qt5-header.patch
+# PATCH-FIX-UPSTREAM bwiedemann@suse - initialize memory to make build 
reproducible
+Patch11:        gcin-reproducible.patch
 BuildRequires:  anthy-devel
 BuildRequires:  fdupes
 BuildRequires:  gtk2-devel
@@ -170,6 +172,7 @@
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 cp -r %{SOURCE2} .
 cp -r %{SOURCE3} .
 

++++++ gcin-reproducible.patch ++++++
Author: Bernhard M. Wiedemann <[email protected]>

A PIN_JUYIN struct occupies 10 bytes
(from how compilers do alignment and padding)
but the code only writes 9 of them
leading to random bytes in the output file
which makes builds unreproducible
unless ASLR is disabled in the build system

See https://reproducible-builds.org/ for why this matters.

Index: gcin-2.8.5/pin-juyin.cpp
===================================================================
--- gcin-2.8.5.orig/pin-juyin.cpp
+++ gcin-2.8.5/pin-juyin.cpp
@@ -16,6 +16,7 @@ int main()
   PIN_JUYIN pinju[1024];
   short pinjuN=0;
 
+  bzero(pinju, sizeof(pinju));
   if ((fp=fopen(fnamein, "r"))==NULL)
     p_err("cannot open %s", fnamein);

Reply via email to