Source: qemu Version: 1:2.6+dfsg-3 Severity: minor Tags: upstream patch User: reproducible-builds@lists.alioth.debian.org Usertags: environment
Dear Maintainer, While working on the “reproducible builds” effort, we have noticed that qemu could not be built reproducibly; the diff between two builds is: https://tests.reproducible-builds.org/debian/rb-pkg/unstable/amd64/qemu.html [excerpt] │ │ │ │ │ -<- { "return": "kvm support: enabled │ │ │ │ │ -" } │ │ │ │ │ +<- { "return": "kvm support: enabled\r\n" } This difference is due to scripts/hxtool invoking echo(1) with arguments that contains literal backslashs. The behaviour of echo(1) in that case is implementation-defined, both according to POSIX and in practice: % LC_ALL=C dash -c 'echo "\t"' | xxd 0000000: 090a .. % LC_ALL=C bash -c 'echo "\t"' | xxd 0000000: 5c74 0a \t. Consequently, qemu's build output is different when /bin/sh is dash compared to when /bin/sh is bash: % ARGV0=sh /bin/dash scripts/hxtool -q < qmp-commands.hx | grep 'kvm support: enabled' <- { "return": "kvm support: enabled % ARGV0=sh /bin/bash scripts/hxtool -q < qmp-commands.hx | grep 'kvm support: enabled' <- { "return": "kvm support: enabled\r\n" } With the attached patch, the output becomes: % ARGV0=sh /bin/dash scripts/hxtool -q < qmp-commands.hx | grep 'kvm support: enabled' <- { "return": "kvm support: enabled\r\n" } % ARGV0=sh /bin/bash scripts/hxtool -q < qmp-commands.hx | grep 'kvm support: enabled' <- { "return": "kvm support: enabled\r\n" } The patch is attached. Cheers, Daniel P.S. When testing this patch, I noticed a copy-paste error in the documentation: in qemu-options.hx, .. 177 @findex -set 178 Set parameter @var{arg} for item @var{id} of type @var{group}\n" .. The trailing «\n"» on line 178 should be removed.
diff --git a/debian/patches/fix-undefined-behaviour-of-echo.patch b/debian/patches/fix-undefined-behaviour-of-echo.patch new file mode 100644 index 0000000..2cbe0db --- /dev/null +++ b/debian/patches/fix-undefined-behaviour-of-echo.patch @@ -0,0 +1,80 @@ +Description: Avoid undefined behaviour of echo(1) with backslashes in arguments + The behaviour is implementation-defined, different /bin/sh's behave differently. +Author: Daniel Shahaf <danie...@apache.org> +Bug-Debian: https://bugs.debian.org/-1 +Last-Update: 2016-08-01 + +Index: qemu-2.6+dfsg/scripts/hxtool +=================================================================== +--- qemu-2.6+dfsg.orig/scripts/hxtool ++++ qemu-2.6+dfsg/scripts/hxtool +@@ -26,32 +26,32 @@ hxtotexi() + ;; + STEXI*) + if test $flag -eq 1 ; then +- echo "line $line: syntax error: expected ETEXI, found $str" >&2 ++ printf "line %d: syntax error: expected ETEXI, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + flag=1 + ;; + ETEXI*) + if test $flag -ne 1 ; then +- echo "line $line: syntax error: expected STEXI, found $str" >&2 ++ printf "line %d: syntax error: expected STEXI, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + flag=0 + ;; + SQMP*|EQMP*) + if test $flag -eq 1 ; then +- echo "line $line: syntax error: expected ETEXI, found $str" >&2 ++ printf "line %d: syntax error: expected ETEXI, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + ;; + DEFHEADING*) +- echo "$(expr "$str" : "DEFHEADING(\(.*\))")" ++ printf '%s\n' "$(expr "$str" : "DEFHEADING(\(.*\))")" + ;; + ARCHHEADING*) +- echo "$(expr "$str" : "ARCHHEADING(\(.*\),.*)")" ++ printf '%s\n' "$(expr "$str" : "ARCHHEADING(\(.*\),.*)")" + ;; + *) +- test $flag -eq 1 && echo "$str" ++ test $flag -eq 1 && printf '%s\n' "$str" + ;; + esac + line=$((line+1)) +@@ -69,26 +69,26 @@ hxtoqmp() + ;; + SQMP*) + if test $flag -eq 1 ; then +- echo "line $line: syntax error: expected EQMP, found $str" >&2 ++ printf "line %d: syntax error: expected EQMP, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + flag=1 + ;; + EQMP*) + if test $flag -ne 1 ; then +- echo "line $line: syntax error: expected SQMP, found $str" >&2 ++ printf "line %d: syntax error: expected SQMP, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + flag=0 + ;; + STEXI*|ETEXI*) + if test $flag -eq 1 ; then +- echo "line $line: syntax error: expected EQMP, found $str" >&2 ++ printf "line %d: syntax error: expected EQMP, found '%s'\n" "$line" "$str" >&2 + exit 1 + fi + ;; + *) +- test $flag -eq 1 && echo "$str" ++ test $flag -eq 1 && printf '%s\n' "$str" + ;; + esac + line=$((line+1)) diff --git a/debian/patches/series b/debian/patches/series index b4c824e..682764c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -27,3 +27,4 @@ vmsvga-add-more-fifo-checks-CVE-2016-4454.patch vmsvga-shadow-fifo-registers-CVE-2016-4454.patch vmsvga-don-t-process-more-than-1024-fifo-commands-at-once-CVE-2016-4453.patch scsi-check-buffer-length-before-reading-scsi-command-CVE-2016-5238.patch +fix-undefined-behaviour-of-echo.patch
_______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds