commit 870b156af25d77b4924725a22b59f3796bdbcd7b Author: Chris Lamb Date: Fri Mar 17 09:25:59 2017 +0100 Update changelog for 0.032-1 release diff --git a/debian/changelog b/debian/changelog index 48836c5..1b08d40 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +strip-nondeterminism (0.032-1) unstable; urgency=medium + + * Add support for testing files we should reject. + * Fix a possible endless loop while stripping ar files due to trusting the + file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org) + for the report, patch and testcase. (Closes: #857975) + + -- Chris Lamb Fri, 17 Mar 2017 09:25:53 +0100 + strip-nondeterminism (0.031-1) unstable; urgency=medium * Don't test for stat(2) blksize and blocks; they are filesystem-specific and commit 2706778314fc7bd0184ba2b90c04258b28d73970 Merge: 5e27d49 76ad240 Author: Chris Lamb Date: Fri Mar 17 09:25:28 2017 +0100 Merge tag '0.032' into debian Release 0.032 * tag '0.032': Release 0.032 Fix a possible endless loop while stripping ar files due to trusting the file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org) for the report, patch and testcase. (Closes: #857975) Add support for testing files we should reject. commit 76ad240d64845363f477f9172e737f34a5f1a93e Author: Chris Lamb Date: Fri Mar 17 09:25:00 2017 +0100 Release 0.032 diff --git a/lib/File/StripNondeterminism.pm b/lib/File/StripNondeterminism.pm index ef25742..a9eb309 100644 --- a/lib/File/StripNondeterminism.pm +++ b/lib/File/StripNondeterminism.pm @@ -34,7 +34,7 @@ use File::StripNondeterminism::handlers::zip; our($VERSION, $canonical_time, $clamp_time); -$VERSION = '0.031'; # 0.031 +$VERSION = '0.032'; # 0.032 sub init { $ENV{'TZ'} = 'UTC'; commit 083b174c7c9245fed90af61ca8c001c8ead1b6d7 Author: Chris Lamb Date: Fri Mar 17 09:19:25 2017 +0100 Fix a possible endless loop while stripping ar files due to trusting the file's file size data. Thanks to Tobias Stoeckmann (tobias@stoeckmann.org) for the report, patch and testcase. (Closes: #857975) Signed-off-by: Chris Lamb diff --git a/lib/File/StripNondeterminism/handlers/ar.pm b/lib/File/StripNondeterminism/handlers/ar.pm index 660fa8f..08a1925 100644 --- a/lib/File/StripNondeterminism/handlers/ar.pm +++ b/lib/File/StripNondeterminism/handlers/ar.pm @@ -65,6 +65,10 @@ sub normalize { my $file_mode = oct(substr($buf, 40, 8)); my $file_size = substr($buf, 48, 10); + + die "Incorrect file size" + if $file_size < 1; + seek $fh, $file_header_start + 16, SEEK_SET; # mtime diff --git a/t/failures/ar/857975.a b/t/failures/ar/857975.a new file mode 100644 index 0000000..dfb8a49 --- /dev/null +++ b/t/failures/ar/857975.a @@ -0,0 +1,2 @@ +! +/ 0 0 0 644 -60 ` commit 9a230af32229bd45dee0eb0794792c60369b7e2c Author: Chris Lamb Date: Fri Mar 17 09:17:49 2017 +0100 Add support for testing files we should reject. diff --git a/t/failures.t b/t/failures.t new file mode 100644 index 0000000..44ae11d --- /dev/null +++ b/t/failures.t @@ -0,0 +1,49 @@ +#!perl + +# +# Copyright 2017 Chris Lamb +# +# This file is part of strip-nondeterminism. +# +# strip-nondeterminism is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# strip-nondeterminism is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with strip-nondeterminism. If not, see . +# + +use strict; +use warnings; + +use File::Basename qw(basename); +use File::Copy qw(copy); +use File::Temp qw(tempdir); +use File::StripNondeterminism; +use Test::More; + +File::StripNondeterminism::init(); + +my $temp = tempdir( CLEANUP => 1 ); +my @failures = glob('t/failures/*/*'); + +plan tests => scalar @failures; + +foreach my $filename (@failures) { + my $in = $temp . "/" . basename($filename); + copy($filename, $in) or die "Copy failed: $!"; + + eval { + my $normalizer = File::StripNondeterminism::get_normalizer_for_file($in); + $normalizer->($in); + }; + ok($@ ne ""); +} + +done_testing;