Bug#855097: unblock: diffoscope/77
Chris Lamb
lamby at debian.org
Tue Feb 14 01:32:06 UTC 2017
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: reproducible-builds at lists.alioth.debian.org
Dear release team,
Please consider unblocking diffoscope 77 for stretch. Just to be
*very* up-front, this obviously includes a large number of changes:
164 files changed, 4433 insertions(+), 1510 deletions(-)
However:
a) We must close #854723 in stretch to fix CVE-2017-0359 so we either
need an unblock or a specific t-p-u update. Simply using 77 would be
far less messy, at the very least.
b) diffoscope is a non-native source package but we are upstream for it.
b) We believe we are extremely responsive to changes and know our codebase
pretty thoroughly.
c) A lot of the diffstat is simply improving our tests and/or test
coverage anyway. Whilst there are other features, we also fix a lot of
bugs that would only be a burden to users throughout stretch's lifetime.
d) A lot of the changes were made prior to the freeze but a number of
issues prevented a testing migrations.
~
I naturally understand that it would have been preferable to have had
this development spurt far before the freeze but, alas, inspiration and
motivation are fickle mistresses...
We would, however, in future be limiting further uploads to unstable to
changes targeted for stretch.
~
The relevant debian/changelog entries are:
diffoscope (77) unstable; urgency=medium
[ Chris Lamb ]
* tests/comparators/utils:
+ Correct logic of module_exists, ensuring we correctly skip in case of
modules containing a dot in their name. Closes: #854745
* comparators/utils/libarchive:
+ No need to track archive directory locations.
* Add --exclude option. Closes: #854783
* Add PyPI badge to README.rst.
* Update .travis.yml from http://travis.debian.net.
[ Mattia Rizzolo ]
* Add CVE reference to the changelog of v76.
* Add my key to debian/upstream/signing-key.asc.
[ Ximin Luo ]
* comparators/utils/libarchive:
+ When extracting archives, try to keep directory sizes small.
-- Mattia Rizzolo <mattia at debian.org> Mon, 13 Feb 2017 16:25:02 +0100
diffoscope (76) unstable; urgency=medium
[ Chris Lamb ]
* Extract archive members using an auto-incrementing integer, avoiding the
need to sanitise filenames and avoiding writes to arbitrary locations.
(Closes: #854723 - CVE-2017-0359)
[ Ximin Luo ]
* Simplify call to subprocess.Popen
-- Chris Lamb <lamby at debian.org> Fri, 10 Feb 2017 11:37:52 +1300
diffoscope (75) unstable; urgency=medium
[ Chris Lamb ]
* Fix ImportError in Debian comparator tests. This was caused by not
handling the case where ``importlib.find_spec`` was testing for a submodule
(ie. ``debian.Deb822``) where it will attempt to import the ``debian``
module and raise an exception if it does not exist. Thanks to Iain Lane for
initial patches. (Closes: #854670)
[ Ximin Luo ]
* Remove pointless use of a thread
-- Chris Lamb <lamby at debian.org> Fri, 10 Feb 2017 09:28:47 +1300
diffoscope (74) unstable; urgency=medium
* Add missing Recommends for comparators. This was a regression introduced in
version 71 due to lazily-importing them; they were then not available when
we called "--list-tools=debian" during package build. (Closes: #854655)
-- Chris Lamb <lamby at debian.org> Thu, 09 Feb 2017 16:58:28 +1300
diffoscope (73) unstable; urgency=medium
* debian/tests/pytest: Remove spurious clipboard contents.
-- Chris Lamb <lamby at debian.org> Thu, 09 Feb 2017 13:24:59 +1300
diffoscope (72) unstable; urgency=medium
* Fix autopkgtest failures when Recommends are not installed.
(Closes: #854593)
* Specify <html lang="en"> in HTML output. (re. #849411)
* Tests:
- Add a "@skip_unless_module_exists" decorator.
- Show local variables in tracebacks.
-- Chris Lamb <lamby at debian.org> Thu, 09 Feb 2017 12:49:40 +1300
diffoscope (71) unstable; urgency=medium
[ Chris Lamb ]
* New features:
- Add a machine-readable JSON output format. (Closes: #850791)
- Show results from debugging packages last. (Closes: #820427)
- Add a --max-text-report-size option. (Closes: #851147)
* Bug fixes:
- Clean all temp files in signal handler thread instead of attempting to
bubble exception back to the main thread. (Closes: #852013)
- Prevent FTBFS by loading fixtures as UTF-8 in case surrounding terminal
is not Unicode-aware. (Closes: #852926)
- Fix errors when comparing directories with non-directories.
(Closes: #835641)
- Fix behaviour of setting report maximums to zero (ie. no limits)
* Tests:
- Test the RPM "fallback" comparison.
- Test the Deb{Changes,Buildinfo,Dsc} fallback comparisons.
- Test --progress and --status-fd output.
- Add tests for symlinks differing in destination.
- When comparing two empty directories, ensure that the mtime of the
directory is consistent to avoid non-deterministic failures.
- Smoke test profiling output.
- Ensure we ignore invalid JSON files correctly.
- Ensure 2nd source of a Difference is a string, not just the 1st.
- Don't report on test coverage for some internal error messages.
* Misc:
- Add docs about releasing signed tarballs.
- Drop the incomplete list of external tools from README.rst.
- Add debian/watch file with cryptographic signature verification.
- Drop CpioContent command now that we use libarchive.
- Use a singleton to manage our Comparator classes.
- Many small optimisations and code cleanups.
[ Brett Smith ]
* diffoscope.diff: Improve FIFO writing robustness.
[ Ximin Luo ]
* Fix bug introduced in commit 36d1c964 that only worked "accidentally".
* Fix lazy expression; filter is lazy in Python 3.
[ Mattia Rizzolo ]
* Override the debian-watch-file-in-native-package lintian tag.
[ anthraxx ]
* Arch package changed from cdrkit to cdrtools.
[ Holger Levsen ]
* Restore history section in README, explaining this was started in Debian.
-- Chris Lamb <lamby at debian.org> Wed, 08 Feb 2017 13:02:01 +1300
diffoscope (70) unstable; urgency=medium
[ Mattia Rizzolo ]
* comparators
+ haskell: add a comment describing the file header.
Thanks to James Clarke <jrtc27 at debian.org> for all the investigation done.
* tests:
+ Skip two more tests requiring a x86-64-capable binutils.
This fixes the tests on ppc64el.
* CONTRIBUTING: misc updates, clearer info about how to submit a Debian bug.
[ James Clarke ]
* comparators:
+ haskell: Properly extract version from interface files.
What the code did before was just totally wrong, and worked only by
chance (and only on little endian systems).
This also fixes the test suite when run on big endian systems.
[ Chris Lamb ]
* comparators:
+ haskell: Also catch CalledProcessError, not just OSError.
* presenters:
+ Move text presenter to use Visitor pattern.
+ Add markdown output support. Closes: #848141
+ Add RestructuredText output format.
+ Instantiate our presenter classes directly instead of wrapping a method.
+ Use an optimised indentation routine throughout all text presenters.
+ text: Remove superfluous empty newlines from diff.
* tests:
+ Split main and presenter tests.
+ Actually compare the output of text/ReST/markdown formats to fixtures.
+ Drop output_* calls that are inconsistently applied to differences.
+ Add tests for HTML output.
+ Add a test comparing two empty directories.
+ Test --text-color output format.
+ Test that no arguments (beyond the filenames) prints the text output.
+ Don't warn about coverage lines that raise NotImplementedError.
+ Increase coverage by adding "# noqa" in relevant parts.
* Add build status to README.rst.
[ Brett Smith ]
* diffoscope:
+ Specify choices for --list-tools switch.
+ Improve --help output. Closes: #852015
* CONTRIBUTING: Refresh instructions for contributing to diffoscope.
[ anthraxx ]
* tools: switch Arch Linux dependency for pedump to mono.
-- Mattia Rizzolo <mattia at debian.org> Thu, 26 Jan 2017 16:39:10 +0100
diffoscope (69) unstable; urgency=medium
[ Chris Lamb ]
* Skip tests if binutils can't handle the object file format. Based on a
patch by Mattia Rizzolo. (Closes: #851588)
* Move external tool definitions out of misleading "exceptions" module.
* Save some complicated logic by setting default RE_FILE_{EXTENSION,TYPE}
* Test --html-dir option.
* Misc:
* Add missing `data` imports.
- Inherit GzipFile from File, not object.
- Remove unused imports in comparator tests.
- Consistently space out environment exports in debian/rules.
[ Mattia Rizzolo ]
* If both RE_FILE_TYPE and RE_FILE_EXTENSION are defined, AND them
* Use the path attribute of the specialized file instead of the original name
in tests.
* tests/main:
* Shorten argument lists by unpacking common arguments.
* Disable jQuery while testing --htmldir so tests can run without it.
* tests/comparators:
* Refactor into packages with smaller modules.
* Rename load_fixture() to init_fixture().
* Add a load_fixture() function wrapping both init_fixture() and data().
-- Chris Lamb <lamby at debian.org> Tue, 17 Jan 2017 11:33:54 +1100
diffoscope (68) unstable; urgency=medium
[ Chris Lamb ]
* Don't blow up if directory containing ELF debug symbols already exists.
(Closes: #850807)
* Fix .APK extration when provided with absolute filenames.
(Closes: #850485)
* Support comparing .ico files using img2txt. (Closes: #850730)
* comparators.utils.file: If we don't have an archive-extraction tool (eg.
apktool), don't blow up when attempting to unpack it.
* Include magic file type when we know the file format but can't find
file-specific details. (Closes: #850850)
* Ensure fake "APK metadata" file appears first, fixing non-deterministic
tests/output.
* Correctly escape value of href="" elements (re. #849411)
* Optimisations:
- Disable profiling entirely (unless enabled) for a 2%+ optimisation
- Compile APK filename regex instead of generating it each loop.
* Logging:
- Log tempfile cleanup process
- Log when we add a progress observer.
- Drop milliseconds from log output
* Misc:
- Many unused import removals, indentation changes, etc.
- Fix duplicated word and long line errors in debian/changelog.
- Suggest some promotion in post-release documentation.
[ Maria Glukhova ]
* comparators/device: don't crash when comparing a non-device against a
device (Closes: #850055)
* Remove archive name from apktool.yml and rename it. (Closes: #850501)
* Zipinfo included in APK files comparison. (Closes: #850502)
- Add some tests for APK comparator.
* Add image metadata comparison. (Closes: #849395)
* Ensure imagemagick version is new enough for image metadata tests.
[ Mattia Rizzolo ]
* Skip the openssh_pub_key test if the version of ssh is < 6.9.
* comparators/icc: rename RE_FILE_EXTENSION to RE_FILE_TYPE, as that's what
the regular expression is looking for.
* Make use of a new mechanism to remove a bunch of recognizes() methods
dealing with simple RE_FILE_TYPE matching.
-- Chris Lamb <lamby at debian.org> Mon, 16 Jan 2017 11:24:22 +1100
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` lamby at debian.org / chris-lamb.co.uk
`-
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diffoscope_67_77.diff.txt
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20170214/30c1ad9f/attachment.txt>
More information about the Reproducible-builds
mailing list