From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path:
Received: from mp10.migadu.com ([2001:41d0:2:4a6f::])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
by ms5.migadu.com with LMTPS
id GOvIGpM84GJgqgAAbAwnHQ
(envelope-from )
for ; Tue, 26 Jul 2022 21:12:19 +0200
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
by mp10.migadu.com with LMTPS
id kIWyGZM84GLEOAAAG6o9tA
(envelope-from )
for ; Tue, 26 Jul 2022 21:12:19 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by aspmx1.migadu.com (Postfix) with ESMTPS id EF4C42B895
for ; Tue, 26 Jul 2022 21:12:18 +0200 (CEST)
Received: from localhost ([::1]:49852 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1oGPyb-0000QM-Vw
for larch@yhetil.org; Tue, 26 Jul 2022 15:12:18 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47362)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from )
id 1oGPyM-0000QA-5A
for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:36442)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.90_1) (envelope-from )
id 1oGPyL-00012N-T0
for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
(envelope-from ) id 1oGPyL-00045j-Jy
for guix-patches@gnu.org; Tue, 26 Jul 2022 15:12:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#56766] [PATCH] gnu: exiv2: Fix test failure on ppc64-le
Resent-From: Maxime Devos
Original-Sender: "Debbugs-submit"
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 26 Jul 2022 19:12:01 +0000
Resent-Message-ID:
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 56766
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Marcel van der Boom , 56766@debbugs.gnu.org
Received: via spool by 56766-submit@debbugs.gnu.org id=B56766.165886268115656
(code B ref 56766); Tue, 26 Jul 2022 19:12:01 +0000
Received: (at 56766) by debbugs.gnu.org; 26 Jul 2022 19:11:21 +0000
Received: from localhost ([127.0.0.1]:54424 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from )
id 1oGPxg-00044P-Nc
for submit@debbugs.gnu.org; Tue, 26 Jul 2022 15:11:21 -0400
Received: from laurent.telenet-ops.be ([195.130.137.89]:47092)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from ) id 1oGPxe-00044D-BZ
for 56766@debbugs.gnu.org; Tue, 26 Jul 2022 15:11:19 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
by laurent.telenet-ops.be with bizsmtp
id zvBG2700920ykKC01vBGAb; Tue, 26 Jul 2022 21:11:16 +0200
Message-ID: <4f61b4a9-a299-dc9a-c817-a74909091a6c@telenet.be>
Date: Tue, 26 Jul 2022 21:11:16 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Thunderbird/91.11.0
Content-Language: en-US
References: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com>
From: Maxime Devos
In-Reply-To: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------taE8ESYe5mvLXxV6xfsKC70q"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
t=1658862676; bh=zr1PaWt9Bz1rowKpfvVRI+3UGTNKxieVomxnd36TvmQ=;
h=Date:To:References:From:Subject:In-Reply-To;
b=RiCuUaROrq9Xi8S4qQobFqTaxkKg641/qtnDPjdTGOkGHZYHu0kgdIqTgYPWljbeW
2sbwoHzea+DZzme8wZ8mODpKwO64CtXG+fip4WdWvnXwY0i3T+ibMKOmpY/molz39l
6jHflO4dtC+VxMoYnXr5K2KNmw7sFwpa2QMWG/qFVGqqcZ2zdUXdDOCIbuEkY3GiCO
OzFJ5PnUNmkDPC5Yxl/htpxwmfF+jZv802uL9mnzVzNR0f7Mnxjz1Av3IXvg5upwcm
TBeRyvUjBbHH09ZyOVVMPZFwl6FCUDewpuXLCAFoq+kIwHC6aZgq+IgazZVeMzu5jM
yBGkiksA66rxQ==
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id:
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches"
X-Migadu-Flow: FLOW_IN
X-Migadu-To: larch@yhetil.org
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
s=key1; t=1658862739;
h=from:from:sender:sender:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:resent-cc:resent-from:resent-sender:
resent-message-id:in-reply-to:in-reply-to:references:references:
list-id:list-help:list-unsubscribe:list-subscribe:list-post:
dkim-signature; bh=TgaYy6Qpn1n0PkWkaXB+19A+CjvOLEwDuDrEwmtpo3c=;
b=GodPzWzFdhzA8O5tUK29BMxZHnzoMtQE+ruTsgpudlA/gKN7O2gp8lynk/rV2Kk2Dy+V2S
rb5eOrW6QSOVNHb6aDUhki2rfe8AIoG/PLzQ9KGVWM+WjC6hPSAxK6OKBCVHhNq86OmSor
Eu5QCWsHUntCvF1G22RQ2O1owxiUIPjYwquvtKzX51X2v5640hA1ArB+yqhD3rZ4sVMViw
HmVJKQiLucAFX0spMUjPstSTm8KKRvU70WDPnvcbr9nccVOmyZmHQdgwk6V8873b5pXdnF
l6N/SWabObx7vvsa351HgbCzHRYDS/KWvFjv7S80lR5cbsgb1iYJJzPpgogQOQ==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658862739; a=rsa-sha256; cv=none;
b=UdK+YJEclApxMH8SiCYNAYLpRsQ5gY08NxCpwURCtGBRl/Mu9pMhVdZgt7vwoz8bD56KEA
eLNJuWQkYuLWOQdR4ms+GbNx2WWbqDG4S3ZBO/hI+ELNeNYBbi4zNTh0GJTfzZGHVAddN4
g0kuTG3Ki7O3HKpkmN5mPBuj7f7b5ua+mkerz/0ZhlCu4N/6pYCRBu1QdYR4GWAKxeAHjD
i2xwlfSDTDouGM7Dz02mEO9n4ufvd46ZFCuLGI390NMNMr7rRRlUPkMVSiaFBSqJT1GXFV
iCRkVGYhjRTbWKRW9B7whZh+fZTxFEREF0Hx584FfmnLae5fl8EQuYsVHzl9kg==
ARC-Authentication-Results: i=1;
aspmx1.migadu.com;
dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=RiCuUaRO;
dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: 5.67
Authentication-Results: aspmx1.migadu.com;
dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=RiCuUaRO;
dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none);
spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: EF4C42B895
X-Spam-Score: 5.67
X-Migadu-Scanner: scn1.migadu.com
X-TUID: 7dfdP+YL61of
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------taE8ESYe5mvLXxV6xfsKC70q
Content-Type: multipart/mixed; boundary="------------Ir4czRRlsZaUM7n0vsuNUsi1";
protected-headers="v1"
From: Maxime Devos
To: Marcel van der Boom , 56766@debbugs.gnu.org
Message-ID: <4f61b4a9-a299-dc9a-c817-a74909091a6c@telenet.be>
Subject: Re: [bug#56766] [PATCH] gnu: exiv2: Fix test failure on ppc64-le
References: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com>
In-Reply-To: <2b700a6dc4b5b7dd09465c0ef7c04f73b055d463.1658777229.git.marcel@hsdev.com>
--------------Ir4czRRlsZaUM7n0vsuNUsi1
Content-Type: multipart/mixed; boundary="------------wOZ12EtA60d0rovVH47k5Hk0"
--------------wOZ12EtA60d0rovVH47k5Hk0
Content-Type: multipart/alternative;
boundary="------------gt2D0alcO4X4bEMUxyWgvPFg"
--------------gt2D0alcO4X4bEMUxyWgvPFg
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
Pj4gMS4gSW5mb3JtIHVwc3RyZWFtIHRoYXQgdGhlIHRlc3QgKG9yIHRoZSBjb2RlIGl0IHRl
c3RzKSBpcyBicm9rZW4gb24NCj4+IMKgwqAgcHBjNjRsZSwgc3VjaCB0aGF0IGEgYmV0dGVy
IHRlc3QgY2FuIGJlIGRldmlzZWQgYW5kIGV2ZXJ5b25lIMKgwqAgKG5vdA0KPj4gwqDCoCBv
bmx5IEd1aXgpIGJlbmVmaXRzLA0KPg0KPiBUaGlzIGhhcyBiZWVuIGRvbmUuIFRoZWlyIHJl
cGx5LCBpbiBzaG9ydDogcHBjNjQgaXMgbm90IG9uIHRoZWlyIA0KPiBzdXBwb3J0ZWQgcGxh
dGZvcm1zIGxpc3QgYW5kIHRoZXkgZGVsZWdhdGUgdGhlIGZpeCB0byBvdGhlcnMuIA0KT0ss
IGluIHRoYXQgY2FzZSAuLi4NCg0KT24gMjUtMDctMjAyMiAyMTo0NywgTWFyY2VsIHZhbiBk
ZXIgQm9vbSB3cm90ZToNCj4gKy0tLSAvdGVzdHMvYnVnZml4ZXMvZ2l0aHViL3Rlc3RfQ1ZF
XzIwMThfMTIyNjUucHkNCj4gKysrKyAvdGVzdHMvYnVnZml4ZXMvZ2l0aHViL3Rlc3RfQ1ZF
XzIwMThfMTIyNjUucHkNCj4gK0BAIC0xOCw3ICsxOCw2IEBADQo+ICsgV2FybmluZzogRGly
ZWN0b3J5IEltYWdlLCBlbnRyeSAweDAyMDE6IFN0cmlwIDAgaXMgb3V0c2lkZSBvZiB0aGUg
ZGF0YSBhcmVhOyBpZ25vcmVkLg0KPiArIFdhcm5pbmc6IERpcmVjdG9yeSBJbWFnZSwgZW50
cnkgMHgwMjAxOiBTdHJpcCA3IGlzIG91dHNpZGUgb2YgdGhlIGRhdGEgYXJlYTsgaWdub3Jl
ZC4NCj4gKyBFcnJvcjogT2Zmc2V0IG9mIGRpcmVjdG9yeSBUaHVtYm5haWwsIGVudHJ5IDB4
MDIwMSBpcyBvdXQgb2YgYm91bmRzOiBPZmZzZXQgPSAweDAwMDAwMDAwOyB0cnVuY2F0aW5n
IHRoZSBlbnRyeQ0KPiArLSR1bmNhdWdodF9leGNlcHRpb24gJGFkZGl0aW9uX292ZXJmbG93
X21lc3NhZ2UNCj4gKyAiIiINCj4gKyAgICAgXQ0KPiArLSAgICByZXR2YWwgPSBbMV0NCj4g
KysgICAgcmV0dmFsID0gWzBdDQoNCi4uLiB0aGlzIGlzIHlvdXIgcHJvcG9zZWQgZml4IGZv
ciBwb3dlcnBjNjRsZSwgYnV0IGhvdyBkbyB3ZSBrbm93IA0Kd2hldGhlciBpdCBpcyBjb3Jy
ZWN0PyBJcyB0aGlzIGp1c3QgcmV3cml0aW5nIHRoZSB0ZXN0IHVudGlsIGl0IHBhc3Nlcywg
DQpoaWRpbmcgdGhlIHVuZGVybHlpbmcgb3ZlcmZsb3cgYnVnIHdoaWNoIGV2ZW4gaGFkIGFu
IENWRSBzbyBwcm9iYWJseSANCnByZXR0eSBpbXBvcnRhbnQgdG8gbm90IGhpZGUgaXQgYW5k
IGFjdHVhbGx5IGZpeCBpdCwgb3IgZG8gd2Uga25vdyBmb3IgYSANCmZhY3QgdGhhdCBvbiBw
cGM2NGxlLCBhIHJldHZhbCA9IFswXSBpcyBjb3JyZWN0Pw0KDQpNYXliZSB0aGlzIGlzIGFu
c3dlcmVkIGJ5Og0KDQo+IHBwYzY0IGFuZCBhcm0gZG8gbm90IHJhaXNlIGV4Y2VwdGlvbiBh
bmQgdGh1cyBvdXRwdXQgYW5kIGV4aXQgY29kZSBmb3IgdGVzdCBpcyBkaWZmZXJlbnQuDQpi
dXQgSSBkb24ndCBrbm93IGlmIHRoYXQncyB3b3JraW5nIGFyb3VuZCBzeW1wdG9tcyBvciBh
ZGRyZXNzaW5nIHRoZSANCmNhdXNlLCBlLmcuIA0KaHR0cHM6Ly9naXRodWIuY29tL0V4aXYy
L2V4aXYyL2lzc3Vlcy85MzMjaXNzdWVjb21tZW50LTg2MzMzMzAzMiBub3RpY2VkIA0Kc29t
ZXRoaW5nIG9uIG9mZnNldHMgLS0gc3VtbWFyaXNlZCwgdGhpcyBpcyBub3QgYSBzdWZmaWNp
ZW50bHkgDQpjb252aW5jaW5nIGV4cGxhbmF0aW9uIGZvciBtZS4NCg0KQWxzbywgc29tZWhv
dyB0aGlzIHZlcnNpb24gb2YgdGhlIHBhY2thZ2UgYnVpbGRzIG9uIERlYmlhbiBzaWQsIHNv
IG1heWJlIA0KRGViaWFuIGtub3dzIG1vcmUsIHRob3VnaCBJJ20gbm90IGZpbmRpbmcgYW55
dGhpbmcgcmVsZXZhbnQgaW4gdGhlIA0KRGViaWFuIHBhY2thZ2UgbXlzZWxmLg0KDQpHcmVl
dGluZ3MsDQpNYXhpbWUuDQoNCg==
--------------gt2D0alcO4X4bEMUxyWgvPFg
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
1. Inform
upstream that the test (or the code it tests) is broken on
=C2=A0=C2=A0 ppc64le, such that a better test can be devised an=
d
everyone =C2=A0=C2=A0 (not
=C2=A0=C2=A0 only Guix) benefits,
This has been done. Their reply, in short: ppc64 is not on their
supported platforms list and they delegate the fix to others.
OK, in that case ...
On 25-07-2022 21:47, Marcel van der
Boom wrote:
+--- /tests/bugfixes/github/=
test_CVE_2018_12265.py
++++ /tests/bugfixes/github/test_CVE_2018_12265.py
+@@ -18,7 +18,6 @@
+ Warning: Directory Image, entry 0x0201: Strip 0 is outside of the data =
area; ignored.
+ Warning: Directory Image, entry 0x0201: Strip 7 is outside of the data =
area; ignored.
+ Error: Offset of directory Thumbnail, entry 0x0201 is out of bounds: Of=
fset =3D 0x00000000; truncating the entry
+-$uncaught_exception $addition_overflow_message
+ """
+ ]
+- retval =3D [1]
++ retval =3D [0]
... this is your proposed fix for powerpc64le, but how do we know
whether it is correct? Is this just rewriting the test until it
passes, hiding the underlying overflow bug which even had an CVE
so probably pretty important to not hide it and actually fix it,
or do we know for a fact that on ppc64le, a retval =3D [0] is
correct?
Maybe this is answered by:
ppc64 and arm do not raise=
exception and thus output and exit code for test is different.
but I don't know if that's working around symptoms or addressing
the cause, e.g.
https://github.com/Exiv2/exiv2/=
issues/933#issuecomment-863333032
noticed something on offsets -- summarised, this is not a
sufficiently convincing explanation for me.
Also, somehow this version of the package builds on Debian sid,
so maybe Debian knows more, though I'm not finding anything
relevant in the Debian package myself.
Greetings,
Maxime.
--------------gt2D0alcO4X4bEMUxyWgvPFg--
--------------wOZ12EtA60d0rovVH47k5Hk0
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----
--------------wOZ12EtA60d0rovVH47k5Hk0--
--------------Ir4czRRlsZaUM7n0vsuNUsi1--
--------------taE8ESYe5mvLXxV6xfsKC70q
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYuA8VAUDAAAAAAAKCRBJ4+4iGRcl7gAX
AP9cQYKKPPPQifTQhjkjnK4V0w1Rr3eh3PKSoJDKsERHawEA2SDaBDoWO5nvMMwgJA3cef6Za9Sm
l0cHqI5dSweNbwU=
=ESDr
-----END PGP SIGNATURE-----
--------------taE8ESYe5mvLXxV6xfsKC70q--