[DRE-maint] Bug#808450: ruby-sanitize: FTBFS: Config::DEFAULT#test_0009_should clean malicious HTML [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:213]:

Chris Lamb lamby at debian.org
Sun Dec 20 10:01:44 UTC 2015


Source: ruby-sanitize
Version: 2.1.0-1
Severity: serious
Justification: fails to build from source
User: reproducible-builds at lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org

Dear Maintainer,

ruby-sanitize fails to build from source in unstable/amd64:

  [..]

  Finished in 0.222619s, 637.8620 runs/s, 871.4452 assertions/s.
  
    1) Failure:
  Config::DEFAULT#test_0009_should clean malicious HTML [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:213]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -"Lorem ipsum dolor sit amet script>alert(\"hello world\");"
  +"Lorem ipsum dolor sit amet <script>alert(\"hello world\");"
  
  
  
    2) Failure:
  Config::BASIC#test_0006_should clean malicious HTML [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:253]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -"<b>Lorem</b> <a rel=\"nofollow\">ipsum</a> <a href=\"http://foo.com/\" rel=\"nofollow\"><strong>dolor</strong></a> sit<br>amet script>alert(\"hello world\");"
  +"<b>Lorem</b> <a rel=\"nofollow\">ipsum</a> <a href=\"http://foo.com/\" rel=\"nofollow\"><strong>dolor</strong></a> sit<br>amet <script>alert(\"hello world\");"
  
  
  
    3) Failure:
  Config::RESTRICTED#test_0004_should clean malicious HTML [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:229]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -"<b>Lorem</b> ipsum <strong>dolor</strong> sit amet script>alert(\"hello world\");"
  +"<b>Lorem</b> ipsum <strong>dolor</strong> sit amet <script>alert(\"hello world\");"
  
  
  
    4) Failure:
  Full Document parser (using clean_document)#test_0008_should wrap malicious with DOCTYPE and HTML tag [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:315]:
  --- expected
  +++ actual
  @@ -1,3 +1,3 @@
   "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\" \"http://www.w3.org/TR/REC-html40/loose.dtd\">
  -<html>Lorem ipsum dolor sit amet script>alert(\"hello world\");</html>
  +<html>Lorem ipsum dolor sit amet <script>alert(\"hello world\");</html>
   "
  
  
  
    5) Failure:
  Config::RELAXED#test_0005_should clean malicious HTML [/build/ruby-sanitize-2.1.0/test/test_sanitize.rb:275]:
  --- expected
  +++ actual
  @@ -1 +1 @@
  -"<b>Lorem</b> <a title=\"foo\">ipsum</a> <a href=\"http://foo.com/\"><strong>dolor</strong></a> sit<br>amet script>alert(\"hello world\");"
  +"<b>Lorem</b> <a title=\"foo\">ipsum</a> <a href=\"http://foo.com/\"><strong>dolor</strong></a> sit<br>amet <script>alert(\"hello world\");"
  
  
  142 runs, 194 assertions, 5 failures, 0 errors, 0 skips
  ERROR: Test "ruby2.2" failed. Exiting.
  dh_auto_install: dh_ruby --install /build/ruby-sanitize-2.1.0/debian/ruby-sanitize returned exit code 1
  debian/rules:15: recipe for target 'binary' failed
  make: *** [binary] Error 1
  dpkg-buildpackage: error: fakeroot debian/rules binary gave error exit status 2

  [..]

The full build log is attached or can be viewed here:

    https://reproducible.debian.net/logs/unstable/amd64/ruby-sanitize_2.1.0-1.build1.log.gz


Regards,

-- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby at debian.org / chris-lamb.co.uk
       `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ruby-sanitize.2.1.0-1.unstable.amd64.log.txt.gz
Type: application/octet-stream
Size: 4975 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-ruby-extras-maintainers/attachments/20151220/90ba2aca/attachment.obj>


More information about the Pkg-ruby-extras-maintainers mailing list