Processing of diffoscope_75_amd64.changes

2017-02-09 Thread Debian FTP Masters
diffoscope_75_amd64.changes uploaded successfully to localhost along with the files: diffoscope_75.dsc diffoscope_75.tar.xz diffoscope_75_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___

diffoscope_75_amd64.changes ACCEPTED into unstable

2017-02-09 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 10 Feb 2017 09:28:47 +1300 Source: diffoscope Binary: diffoscope Architecture: source Version: 75 Distribution: unstable Urgency: medium Maintainer: Reproducible builds folks

Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Ximin Luo
Package: diffoscope Version: 67 Severity: grave Tags: patch security Justification: user security hole Dear Maintainer, 5fdfe91e71f1c520d902350b18f793b8c69d9118 introduced a security hole where diffoscope may write to arbitrary locations on disk depending on the contents of an untrusted archive.

Bug#852013: Patch to prevent segfaults on signal

2017-02-09 Thread Ximin Luo
The bug is closed, but I took a closer look at the issue to learn more about the situation. Chris' commit fixed the cleanup issue, but I think Brett's FIFO patch was probably also needed to deal with the segfaults. Brett Smith: > [..] While I was debugging, I added the line >

Bug#854670: marked as done (diffoscope: autopkgtest failures)

2017-02-09 Thread Debian Bug Tracking System
Your message dated Thu, 09 Feb 2017 20:49:18 + with message-id and subject line Bug#854670: fixed in diffoscope 75 has caused the Debian Bug report #854670, regarding diffoscope: autopkgtest failures to be marked as done. This means that you claim that

Processed: Re: diffoscope: autopkgtest failures

2017-02-09 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 854670 + pending Bug #854670 [src:diffoscope] diffoscope: autopkgtest failures Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 854670:

Bug#854670: diffoscope: autopkgtest failures

2017-02-09 Thread Chris Lamb
tags 854670 + pending thanks Fixed in Git: https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=541de9e1f69f2fec5451584359c5f0c2aad1f172 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Bug#777239: strip-nondeterminism: print log entry when fixing a file

2017-02-09 Thread Chris Lamb
tags 777239 + pending thanks Fixed in Git: https://anonscm.debian.org/git/reproducible/strip-nondeterminism.git/commit/?id=506fc41 Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `-

Processed: Re: strip-nondeterminism: print log entry when fixing a file

2017-02-09 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 777239 + pending Bug #777239 [strip-nondeterminism] strip-nondeterminism: print log entry when fixing a file Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 777239:

Bug#854670: diffoscope: autopkgtest failures

2017-02-09 Thread Mattia Rizzolo
Source: diffoscope Version: 74 Severity: important autopkgtest still fails: https://ci.debian.net/data/packages/unstable/amd64/d/diffoscope/20170209_062723.autopkgtest.log.gz adt-run [06:33:34]: test command1: debian/tests/pytest adt-run [06:33:34]: test command1: [---

strip-nondeterminism_0.030-1_amd64.changes ACCEPTED into unstable

2017-02-09 Thread Debian FTP Masters
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 09 Feb 2017 22:11:16 +1300 Source: strip-nondeterminism Binary: libfile-stripnondeterminism-perl strip-nondeterminism dh-strip-nondeterminism Architecture: source Version: 0.030-1 Distribution: unstable Urgency:

Bug#777239: marked as done (strip-nondeterminism: print log entry when fixing a file)

2017-02-09 Thread Debian Bug Tracking System
Your message dated Thu, 09 Feb 2017 09:34:47 + with message-id and subject line Bug#777239: fixed in strip-nondeterminism 0.030-1 has caused the Debian Bug report #777239, regarding strip-nondeterminism: print log entry when fixing a file to be marked as

УПРАВЛЕНИЕ НА ПРОЕКТИ

2017-02-09 Thread Проджекта
  Здравейте,Независимо дали нямате опит в управлението на проекти или искате да систематизирате и надградите своите познания и опит, нашите обучения са доказано ефективни и са преминати от хиляди участници от

Processed: Re: Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 854723 + pending Bug #854723 [diffoscope] diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. --

Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Chris Lamb
tags 854723 + pending thanks > diffoscope may write to arbitrary locations on disk depending on the contents > of an untrusted archive We can actually avoid all edge-cases of sanitisation by simply not using the supplied filename and maintaining our own mapping. Given this is both safer (and

Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Ximin Luo
Ximin Luo: > Chris Lamb: >> tags 854723 + pending >> thanks >> >>> diffoscope may write to arbitrary locations on disk depending on the >>> contents >>> of an untrusted archive >> >> We can actually avoid all edge-cases of sanitisation by simply not using >> the supplied filename and maintaining

Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Ximin Luo
Chris Lamb: > tags 854723 + pending > thanks > >> diffoscope may write to arbitrary locations on disk depending on the contents >> of an untrusted archive > > We can actually avoid all edge-cases of sanitisation by simply not using > the supplied filename and maintaining our own mapping. > >

Bug#854723: diffoscope writes to arbitrary locations on disk based on the contents of an untrusted archive

2017-02-09 Thread Chris Lamb
Ximin Luo wrote: > this particular scheme might not work so well with large archives > with lots and lots of members Mm although unlikely to be a serious problem as we aren't iterating over the directory. > Also, are you sure this doesn't interfere with the detection of > order-only

Bug#854745: diffoscope: autopkgtest failures

2017-02-09 Thread Mattia Rizzolo
Source: diffoscope Version: 65 Severity important https://ci.debian.net/data/packages/unstable/amd64/d/diffoscope/20170209_233402.autopkgtest.log.gz adt-run [23:40:53]: test command1: debian/tests/pytest adt-run [23:40:53]: test command1: [--- =

Bug#854745: diffoscope: autopkgtest failures

2017-02-09 Thread Mattia Rizzolo
Control: notfound -1 65 Control: found -1 75 On Fri, Feb 10, 2017 at 01:30:24AM +0100, Mattia Rizzolo wrote: > Version: 65 off by ten. Yes I know v76 is out too (and still untested), but I have no reasons to think that version fixes it. -- regards, Mattia Rizzolo GPG

NetBSD run

2017-02-09 Thread Christos Zoulas
Hi, First thanks very much for hosting NetBSD! It has been really helpful. I noticed that there was a run today, but unfortunately our git sync was broken so repository was the same as last week. We fixed it now so if you can run again it will run with the new data, and hopefully all the repro

Processed: Re: diffoscope: autopkgtest failures

2017-02-09 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > tags 854745 + pending Bug #854745 [src:diffoscope] diffoscope: autopkgtest failures Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 854745:

Please review the draft for week 93's blog post

2017-02-09 Thread Ximin Luo
https://reproducible.alioth.debian.org/blog/drafts/93/ Feel free to commit fixes directly to drafts/93.mdwn in https://anonscm.debian.org/git/reproducible/blog.git/ I will publish this in 24 hours. X -- GPG: ed25519/56034877E1F87C35 GPG: rsa4096/1318EFAC5FBBDBCE

Bug#854670: diffoscope: autopkgtest failures

2017-02-09 Thread Iain Lane
On Thu, Feb 09, 2017 at 05:45:35PM +, Iain Lane wrote: > BTW, maybe it would be nice if the 'debian' tests were run in > autopkgtest; add a test-dep on python3-debian? Oho, mapreri pointed me to the other tests which do run this (needs-recommends), so nm. -- Iain Lane

Bug#854670: diffoscope: autopkgtest failures

2017-02-09 Thread Iain Lane
On Thu, Feb 09, 2017 at 05:45:35PM +, Iain Lane wrote: > On Thu, Feb 09, 2017 at 11:52:50AM +0100, Mattia Rizzolo wrote: > > E ImportError: No module named 'debian' > > Hmm, looks like skip_unless_module_exists() needs to catch the > exception. Patch attached - I don't like the "skip"

Processing of strip-nondeterminism_0.030-1_amd64.changes

2017-02-09 Thread Debian FTP Masters
strip-nondeterminism_0.030-1_amd64.changes uploaded successfully to localhost along with the files: strip-nondeterminism_0.030-1.dsc strip-nondeterminism_0.030.orig.tar.gz strip-nondeterminism_0.030-1.debian.tar.xz strip-nondeterminism_0.030-1_amd64.buildinfo Greetings, Your

Bug#854670: diffoscope: autopkgtest failures

2017-02-09 Thread Iain Lane
On Thu, Feb 09, 2017 at 11:52:50AM +0100, Mattia Rizzolo wrote: > E ImportError: No module named 'debian' Hmm, looks like skip_unless_module_exists() needs to catch the exception. Patch attached - I don't like the "skip" variable, so if you know of a nicer way (the function needs to return a