Bug#1068705: diffoscope crashes on libscout 2.3.2-3 build on unstable but not bullseye
Holger Levsen
holger at layer-acht.org
Thu Apr 11 01:14:52 BST 2024
On Thu, Apr 11, 2024 at 01:48:18AM +0200, Fay Stegerman wrote:
> Salsa is probably better for figuring out what to do next, but I get these mails
> too :)
:)
> The libscout.jar has duplicate ZIP entries in the central directory, pointing to
> the same actual entry in the ZIP. So the "overlapped entries" error is entirely
> correct, even if it's not a zip bomb.
ah!
> unzip does seem to extract all the files, though it errors out. Not sure what
> diffoscope should do here. This is definitely a broken ZIP file. That bug
> should probably be reported against libscout or whatever tooling it used to
> create that JAR.
I agree it's more complicated, but fundamentally, diffoscope should *not* crash
here! (but rather report the broken zip file.)
thanks!
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
I’ve said it once, and I’ll say it a thousand times: If the penalty for
breaking a law is a fine, then that law only exists for the poor.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20240411/dbbb79ff/attachment.sig>
More information about the Reproducible-builds
mailing list