From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id GOvIGpM84GJgqgAAbAwnHQ (envelope-from ) for ; Tue, 26 Jul 2022 21:12:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id kIWyGZM84GLEOAAAG6o9tA (envelope-from ) for ; Tue, 26 Jul 2022 21:12:19 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EF4C42B895 for ; Tue, 26 Jul 2022 21:12:18 +0200 (CEST) Received: from localhost ([::1]:49852 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oGPyb-0000QM-Vw for larch@yhetil.org; Tue, 26 Jul 2022 15:12:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47362) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oGPyM-0000QA-5A for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36442) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oGPyL-00012N-T0 for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oGPyL-00045j-Jy for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#56766] [PATCH] gnu: exiv2: Fix test failure on ppc64-le Resent-From: Maxime Devos Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 26 Jul 2022 19:12:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56766 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Marcel van der Boom , 56766@debbugs.gnu.org Received: via spool by 56766-submit@debbugs.gnu.org id=B56766.165886268115656 (code B ref 56766); Tue, 26 Jul 2022 19:12:01 +0000 Received: (at 56766) by debbugs.gnu.org; 26 Jul 2022 19:11:21 +0000 Received: from localhost ([127.0.0.1]:54424 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oGPxg-00044P-Nc for submit@debbugs.gnu.org; Tue, 26 Jul 2022 15:11:21 -0400 Received: from laurent.telenet-ops.be ([195.130.137.89]:47092) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oGPxe-00044D-BZ for 56766@debbugs.gnu.org; Tue, 26 Jul 2022 15:11:19 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by laurent.telenet-ops.be with bizsmtp id zvBG2700920ykKC01vBGAb; Tue, 26 Jul 2022 21:11:16 +0200 Message-ID: <4f61b4a9-a299-dc9a-c817-a74909091a6c@telenet.be> Date: Tue, 26 Jul 2022 21:11:16 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Content-Language: en-US References: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com> From: Maxime Devos In-Reply-To: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------taE8ESYe5mvLXxV6xfsKC70q" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1658862676; bh=zr1PaWt9Bz1rowKpfvVRI+3UGTNKxieVomxnd36TvmQ=; h=Date:To:References:From:Subject:In-Reply-To; b=RiCuUaROrq9Xi8S4qQobFqTaxkKg641/qtnDPjdTGOkGHZYHu0kgdIqTgYPWljbeW 2sbwoHzea+DZzme8wZ8mODpKwO64CtXG+fip4WdWvnXwY0i3T+ibMKOmpY/molz39l 6jHflO4dtC+VxMoYnXr5K2KNmw7sFwpa2QMWG/qFVGqqcZ2zdUXdDOCIbuEkY3GiCO OzFJ5PnUNmkDPC5Yxl/htpxwmfF+jZv802uL9mnzVzNR0f7Mnxjz1Av3IXvg5upwcm TBeRyvUjBbHH09ZyOVVMPZFwl6FCUDewpuXLCAFoq+kIwHC6aZgq+IgazZVeMzu5jM yBGkiksA66rxQ== X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658862739; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=TgaYy6Qpn1n0PkWkaXB+19A+CjvOLEwDuDrEwmtpo3c=; b=GodPzWzFdhzA8O5tUK29BMxZHnzoMtQE+ruTsgpudlA/gKN7O2gp8lynk/rV2Kk2Dy+V2S rb5eOrW6QSOVNHb6aDUhki2rfe8AIoG/PLzQ9KGVWM+WjC6hPSAxK6OKBCVHhNq86OmSor Eu5QCWsHUntCvF1G22RQ2O1owxiUIPjYwquvtKzX51X2v5640hA1ArB+yqhD3rZ4sVMViw HmVJKQiLucAFX0spMUjPstSTm8KKRvU70WDPnvcbr9nccVOmyZmHQdgwk6V8873b5pXdnF l6N/SWabObx7vvsa351HgbCzHRYDS/KWvFjv7S80lR5cbsgb1iYJJzPpgogQOQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658862739; a=rsa-sha256; cv=none; b=UdK+YJEclApxMH8SiCYNAYLpRsQ5gY08NxCpwURCtGBRl/Mu9pMhVdZgt7vwoz8bD56KEA eLNJuWQkYuLWOQdR4ms+GbNx2WWbqDG4S3ZBO/hI+ELNeNYBbi4zNTh0GJTfzZGHVAddN4 g0kuTG3Ki7O3HKpkmN5mPBuj7f7b5ua+mkerz/0ZhlCu4N/6pYCRBu1QdYR4GWAKxeAHjD i2xwlfSDTDouGM7Dz02mEO9n4ufvd46ZFCuLGI390NMNMr7rRRlUPkMVSiaFBSqJT1GXFV iCRkVGYhjRTbWKRW9B7whZh+fZTxFEREF0Hx584FfmnLae5fl8EQuYsVHzl9kg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=RiCuUaRO; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 5.67 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=RiCuUaRO; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: EF4C42B895 X-Spam-Score: 5.67 X-Migadu-Scanner: scn1.migadu.com X-TUID: 7dfdP+YL61of This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------taE8ESYe5mvLXxV6xfsKC70q Content-Type: multipart/mixed; boundary="------------Ir4czRRlsZaUM7n0vsuNUsi1"; protected-headers="v1" From: Maxime Devos To: Marcel van der Boom , 56766@debbugs.gnu.org Message-ID: <4f61b4a9-a299-dc9a-c817-a74909091a6c@telenet.be> Subject: Re: [bug#56766] [PATCH] gnu: exiv2: Fix test failure on ppc64-le References: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com> In-Reply-To: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com> --------------Ir4czRRlsZaUM7n0vsuNUsi1 Content-Type: multipart/mixed; boundary="------------wOZ12EtA60d0rovVH47k5Hk0" --------------wOZ12EtA60d0rovVH47k5Hk0 Content-Type: multipart/alternative; boundary="------------gt2D0alcO4X4bEMUxyWgvPFg" --------------gt2D0alcO4X4bEMUxyWgvPFg Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 Pj4gMS4gSW5mb3JtIHVwc3RyZWFtIHRoYXQgdGhlIHRlc3QgKG9yIHRoZSBjb2RlIGl0IHRl c3RzKSBpcyBicm9rZW4gb24NCj4+IMKgwqAgcHBjNjRsZSwgc3VjaCB0aGF0IGEgYmV0dGVy IHRlc3QgY2FuIGJlIGRldmlzZWQgYW5kIGV2ZXJ5b25lIMKgwqAgKG5vdA0KPj4gwqDCoCBv bmx5IEd1aXgpIGJlbmVmaXRzLA0KPg0KPiBUaGlzIGhhcyBiZWVuIGRvbmUuIFRoZWlyIHJl cGx5LCBpbiBzaG9ydDogcHBjNjQgaXMgbm90IG9uIHRoZWlyIA0KPiBzdXBwb3J0ZWQgcGxh dGZvcm1zIGxpc3QgYW5kIHRoZXkgZGVsZWdhdGUgdGhlIGZpeCB0byBvdGhlcnMuIA0KT0ss IGluIHRoYXQgY2FzZSAuLi4NCg0KT24gMjUtMDctMjAyMiAyMTo0NywgTWFyY2VsIHZhbiBk ZXIgQm9vbSB3cm90ZToNCj4gKy0tLSAvdGVzdHMvYnVnZml4ZXMvZ2l0aHViL3Rlc3RfQ1ZF XzIwMThfMTIyNjUucHkNCj4gKysrKyAvdGVzdHMvYnVnZml4ZXMvZ2l0aHViL3Rlc3RfQ1ZF XzIwMThfMTIyNjUucHkNCj4gK0BAIC0xOCw3ICsxOCw2IEBADQo+ICsgV2FybmluZzogRGly ZWN0b3J5IEltYWdlLCBlbnRyeSAweDAyMDE6IFN0cmlwIDAgaXMgb3V0c2lkZSBvZiB0aGUg ZGF0YSBhcmVhOyBpZ25vcmVkLg0KPiArIFdhcm5pbmc6IERpcmVjdG9yeSBJbWFnZSwgZW50 cnkgMHgwMjAxOiBTdHJpcCA3IGlzIG91dHNpZGUgb2YgdGhlIGRhdGEgYXJlYTsgaWdub3Jl ZC4NCj4gKyBFcnJvcjogT2Zmc2V0IG9mIGRpcmVjdG9yeSBUaHVtYm5haWwsIGVudHJ5IDB4 MDIwMSBpcyBvdXQgb2YgYm91bmRzOiBPZmZzZXQgPSAweDAwMDAwMDAwOyB0cnVuY2F0aW5n IHRoZSBlbnRyeQ0KPiArLSR1bmNhdWdodF9leGNlcHRpb24gJGFkZGl0aW9uX292ZXJmbG93 X21lc3NhZ2UNCj4gKyAiIiINCj4gKyAgICAgXQ0KPiArLSAgICByZXR2YWwgPSBbMV0NCj4g KysgICAgcmV0dmFsID0gWzBdDQoNCi4uLiB0aGlzIGlzIHlvdXIgcHJvcG9zZWQgZml4IGZv ciBwb3dlcnBjNjRsZSwgYnV0IGhvdyBkbyB3ZSBrbm93IA0Kd2hldGhlciBpdCBpcyBjb3Jy ZWN0PyBJcyB0aGlzIGp1c3QgcmV3cml0aW5nIHRoZSB0ZXN0IHVudGlsIGl0IHBhc3Nlcywg DQpoaWRpbmcgdGhlIHVuZGVybHlpbmcgb3ZlcmZsb3cgYnVnIHdoaWNoIGV2ZW4gaGFkIGFu IENWRSBzbyBwcm9iYWJseSANCnByZXR0eSBpbXBvcnRhbnQgdG8gbm90IGhpZGUgaXQgYW5k IGFjdHVhbGx5IGZpeCBpdCwgb3IgZG8gd2Uga25vdyBmb3IgYSANCmZhY3QgdGhhdCBvbiBw cGM2NGxlLCBhIHJldHZhbCA9IFswXSBpcyBjb3JyZWN0Pw0KDQpNYXliZSB0aGlzIGlzIGFu c3dlcmVkIGJ5Og0KDQo+IHBwYzY0IGFuZCBhcm0gZG8gbm90IHJhaXNlIGV4Y2VwdGlvbiBh bmQgdGh1cyBvdXRwdXQgYW5kIGV4aXQgY29kZSBmb3IgdGVzdCBpcyBkaWZmZXJlbnQuDQpi dXQgSSBkb24ndCBrbm93IGlmIHRoYXQncyB3b3JraW5nIGFyb3VuZCBzeW1wdG9tcyBvciBh ZGRyZXNzaW5nIHRoZSANCmNhdXNlLCBlLmcuIA0KaHR0cHM6Ly9naXRodWIuY29tL0V4aXYy L2V4aXYyL2lzc3Vlcy85MzMjaXNzdWVjb21tZW50LTg2MzMzMzAzMiBub3RpY2VkIA0Kc29t ZXRoaW5nIG9uIG9mZnNldHMgLS0gc3VtbWFyaXNlZCwgdGhpcyBpcyBub3QgYSBzdWZmaWNp ZW50bHkgDQpjb252aW5jaW5nIGV4cGxhbmF0aW9uIGZvciBtZS4NCg0KQWxzbywgc29tZWhv dyB0aGlzIHZlcnNpb24gb2YgdGhlIHBhY2thZ2UgYnVpbGRzIG9uIERlYmlhbiBzaWQsIHNv IG1heWJlIA0KRGViaWFuIGtub3dzIG1vcmUsIHRob3VnaCBJJ20gbm90IGZpbmRpbmcgYW55 dGhpbmcgcmVsZXZhbnQgaW4gdGhlIA0KRGViaWFuIHBhY2thZ2UgbXlzZWxmLg0KDQpHcmVl dGluZ3MsDQpNYXhpbWUuDQoNCg== --------------gt2D0alcO4X4bEMUxyWgvPFg Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

1. Inform upstream that the test (or the code it tests) is broken on
=C2=A0=C2=A0 ppc64le, such that a better test can be devised an= d everyone =C2=A0=C2=A0 (not
=C2=A0=C2=A0 only Guix) benefits,

This has been done. Their reply, in short: ppc64 is not on their supported platforms list and they delegate the fix to others.
OK, in that case ...

On 25-07-2022 21:47, Marcel van der Boom wrote:
+--- /tests/bugfixes/github/=
test_CVE_2018_12265.py
++++ /tests/bugfixes/github/test_CVE_2018_12265.py
+@@ -18,7 +18,6 @@
+ Warning: Directory Image, entry 0x0201: Strip 0 is outside of the data =
area; ignored.
+ Warning: Directory Image, entry 0x0201: Strip 7 is outside of the data =
area; ignored.
+ Error: Offset of directory Thumbnail, entry 0x0201 is out of bounds: Of=
fset =3D 0x00000000; truncating the entry
+-$uncaught_exception $addition_overflow_message
+ """
+     ]
+-    retval =3D [1]
++    retval =3D [0]

... this is your proposed fix for powerpc64le, but how do we know whether it is correct? Is this just rewriting the test until it passes, hiding the underlying overflow bug which even had an CVE so probably pretty important to not hide it and actually fix it, or do we know for a fact that on ppc64le, a retval =3D [0] is correct?

Maybe this is answered by:

ppc64 and arm do not raise=
 exception and thus output and exit code for test is different.
but I don't know if that's working around symptoms or addressing the cause, e.g. https://github.com/Exiv2/exiv2/= issues/933#issuecomment-863333032 noticed something on offsets -- summarised, this is not a sufficiently convincing explanation for me.

Also, somehow this version of the package builds on Debian sid, so maybe Debian knows more, though I'm not finding anything relevant in the Debian package myself.

Greetings,
Maxime.

--------------gt2D0alcO4X4bEMUxyWgvPFg-- --------------wOZ12EtA60d0rovVH47k5Hk0 Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------wOZ12EtA60d0rovVH47k5Hk0-- --------------Ir4czRRlsZaUM7n0vsuNUsi1-- --------------taE8ESYe5mvLXxV6xfsKC70q Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYuA8VAUDAAAAAAAKCRBJ4+4iGRcl7gAX AP9cQYKKPPPQifTQhjkjnK4V0w1Rr3eh3PKSoJDKsERHawEA2SDaBDoWO5nvMMwgJA3cef6Za9Sm l0cHqI5dSweNbwU= =ESDr -----END PGP SIGNATURE----- --------------taE8ESYe5mvLXxV6xfsKC70q--