Source: qemu
Version: 1:2.6+dfsg-3
Severity: minor
Tags: upstream patch
User: [email protected]
Usertags: environment
Dear Maintainer,
While working on the “reproducible builds” effort, we have noticed that
qemu could not be built reproducibly; the diff between two builds is:
https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/qemu.html
[excerpt]
│ │ │ │ │ -<- { "return": "kvm support: enabled
│ │ │ │ │ -" }
│ │ │ │ │ +<- { "return": "kvm support: enabled\r\n" }
This difference is due to scripts/hxtool invoking echo(1) with arguments
that contains literal backslashs. The behaviour of echo(1) in that case
is implementation-defined, both according to POSIX and in practice:
% LC_ALL=C dash -c 'echo "\t"' | xxd
0000000: 090a ..
% LC_ALL=C bash -c 'echo "\t"' | xxd
0000000: 5c74 0a \t.
Consequently, qemu's build output is different when /bin/sh is dash
compared to when /bin/sh is bash:
% ARGV0=sh /bin/dash scripts/hxtool -q < qmp-commands.hx | grep 'kvm
support: enabled'
<- { "return": "kvm support: enabled
% ARGV0=sh /bin/bash scripts/hxtool -q < qmp-commands.hx | grep 'kvm
support: enabled'
<- { "return": "kvm support: enabled\r\n" }
With the attached patch, the output becomes:
% ARGV0=sh /bin/dash scripts/hxtool -q < qmp-commands.hx | grep 'kvm
support: enabled'
<- { "return": "kvm support: enabled\r\n" }
% ARGV0=sh /bin/bash scripts/hxtool -q < qmp-commands.hx | grep 'kvm
support: enabled'
<- { "return": "kvm support: enabled\r\n" }
The patch is attached.
Cheers,
Daniel
P.S. When testing this patch, I noticed a copy-paste error in the
documentation: in qemu-options.hx,
..
177 @findex -set
178 Set parameter @var{arg} for item @var{id} of type @var{group}\n"
..
The trailing «\n"» on line 178 should be removed.
diff --git a/debian/patches/fix-undefined-behaviour-of-echo.patch b/debian/patches/fix-undefined-behaviour-of-echo.patch
new file mode 100644
index 0000000..2cbe0db
--- /dev/null
+++ b/debian/patches/fix-undefined-behaviour-of-echo.patch
@@ -0,0 +1,80 @@
+Description: Avoid undefined behaviour of echo(1) with backslashes in arguments
+ The behaviour is implementation-defined, different /bin/sh's behave differently.
+Author: Daniel Shahaf <[email protected]>
+Bug-Debian: https://bugs.debian.org/-1
+Last-Update: 2016-08-01
+
+Index: qemu-2.6+dfsg/scripts/hxtool
+===================================================================
+--- qemu-2.6+dfsg.orig/scripts/hxtool
++++ qemu-2.6+dfsg/scripts/hxtool
+@@ -26,32 +26,32 @@ hxtotexi()
+ ;;
+ STEXI*)
+ if test $flag -eq 1 ; then
+- echo "line $line: syntax error: expected ETEXI, found $str" >&2
++ printf "line %d: syntax error: expected ETEXI, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ flag=1
+ ;;
+ ETEXI*)
+ if test $flag -ne 1 ; then
+- echo "line $line: syntax error: expected STEXI, found $str" >&2
++ printf "line %d: syntax error: expected STEXI, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ flag=0
+ ;;
+ SQMP*|EQMP*)
+ if test $flag -eq 1 ; then
+- echo "line $line: syntax error: expected ETEXI, found $str" >&2
++ printf "line %d: syntax error: expected ETEXI, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ ;;
+ DEFHEADING*)
+- echo "$(expr "$str" : "DEFHEADING(\(.*\))")"
++ printf '%s\n' "$(expr "$str" : "DEFHEADING(\(.*\))")"
+ ;;
+ ARCHHEADING*)
+- echo "$(expr "$str" : "ARCHHEADING(\(.*\),.*)")"
++ printf '%s\n' "$(expr "$str" : "ARCHHEADING(\(.*\),.*)")"
+ ;;
+ *)
+- test $flag -eq 1 && echo "$str"
++ test $flag -eq 1 && printf '%s\n' "$str"
+ ;;
+ esac
+ line=$((line+1))
+@@ -69,26 +69,26 @@ hxtoqmp()
+ ;;
+ SQMP*)
+ if test $flag -eq 1 ; then
+- echo "line $line: syntax error: expected EQMP, found $str" >&2
++ printf "line %d: syntax error: expected EQMP, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ flag=1
+ ;;
+ EQMP*)
+ if test $flag -ne 1 ; then
+- echo "line $line: syntax error: expected SQMP, found $str" >&2
++ printf "line %d: syntax error: expected SQMP, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ flag=0
+ ;;
+ STEXI*|ETEXI*)
+ if test $flag -eq 1 ; then
+- echo "line $line: syntax error: expected EQMP, found $str" >&2
++ printf "line %d: syntax error: expected EQMP, found '%s'\n" "$line" "$str" >&2
+ exit 1
+ fi
+ ;;
+ *)
+- test $flag -eq 1 && echo "$str"
++ test $flag -eq 1 && printf '%s\n' "$str"
+ ;;
+ esac
+ line=$((line+1))
diff --git a/debian/patches/series b/debian/patches/series
index b4c824e..682764c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -27,3 +27,4 @@ vmsvga-add-more-fifo-checks-CVE-2016-4454.patch
vmsvga-shadow-fifo-registers-CVE-2016-4454.patch
vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch
scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch
+fix-undefined-behaviour-of-echo.patch
_______________________________________________
Reproducible-builds mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
