From mboxrd@z Thu Jan 1 00:00:00 1970 From: ng0 Subject: bug#27556: libpng has wrong hash. [Fwd: Re: why has the hash for libpng-apng 1.6.28 changed?] Date: Sun, 30 Jul 2017 09:37:22 +0000 Message-ID: <20170730093722.xqhesfpmbpmussag@abyayala> References: <20170702201344.dvqpopouvpbzr4c2@abyayala> <20170723101547.3oi5uu2xhi625njp@abyayala> <20170725184936.GA32001@jasmine.lan> <20170726065651.qvsz25b44txl6et7@abyayala> <20170726084040.GE12553@macbook42.flashner.co.il> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="zsmt7duisyuzvz5h" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39520) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dbkfl-0005HO-3T for bug-guix@gnu.org; Sun, 30 Jul 2017 05:38:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dbkfh-0004Ar-Uz for bug-guix@gnu.org; Sun, 30 Jul 2017 05:38:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:59167) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dbkfh-0004Aj-Qh for bug-guix@gnu.org; Sun, 30 Jul 2017 05:38:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dbkfh-0003xp-Kn for bug-guix@gnu.org; Sun, 30 Jul 2017 05:38:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <20170726084040.GE12553@macbook42.flashner.co.il> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Efraim Flashner Cc: 27556@debbugs.gnu.org --zsmt7duisyuzvz5h Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Efraim Flashner transcribed 4.1K bytes: > On Wed, Jul 26, 2017 at 06:56:51AM +0000, ng0 wrote: > > Leo Famulari transcribed 2.3K bytes: > > > On Sun, Jul 23, 2017 at 10:15:47AM +0000, ng0 wrote: > > > > ----- Forwarded message ----- > > > >=20 > > > > > Date: Sun, 23 Jul 2017 18:21:19 +0900 (JST) > > > > > To: ng0 > > > > > Cc: daisuken@users.sourceforge.net > > > > > Subject: Re: why has the hash for libpng-apng 1.6.28 changed? > > > > >=20 > > > > > Hi, > > > > >=20 > > > > > I calculated the hash for libpng-apng files on my local orignals. > > > > >=20 > > > > > md5sum > > > > > 9f2b36bccf89c5f4097111f0f73c1798 libpng-1.6.28-apng.patch.README= =2Etxt > > > > > fca7c6d87c8352e645facefc2e1dd153 libpng-1.6.28-apng.patch.gz > > > > >=20 > > > > > sha1sum > > > > > cb620589ecf9c28a4ecc00e6225dd41ca660a959 libpng-1.6.28-apng.patc= h.README.txt > > > > > 4fa952f5ad374fce8d478b7e54ee4298a0b8d159 libpng-1.6.28-apng.patc= h.gz > > > > >=20 > > > > > Local file time stamps are > > > > > 2017-01-06 21:02:10.938833896 +0900 libpng-1.6.28-apng.patch.REA= DME.txt > > > > > 2017-01-06 21:02:10.938833896 +0900 libpng-1.6.28-apng.patch.gz > > > > >=20 > > > > > That values equals on sourceforge.net. > > > > > https://sourceforge.net/projects/libpng-apng/files/libpng16/1.6.2= 8/ > > > > >=20 > > > > > I don't really understand what happend, but it look just fine. > > > > >=20 > > > > > Cheers, > > > > > --- > > > > > daisuken@users.sourceforge.net > > >=20 > > > Okay, this doesn't help us, so we need to inspect the different tarba= lls > > > ourselves. Do you have an old copy of the patch you can share? > >=20 > > Yes. I mean no. I am not sure. I have libpng-apng git checkout > > and also the 1.6.25 extracted tarball directory (but not sure > > when I got it), and the tarballs for 1.6.5 and 1.6.28. > >=20 > > But I think I found our problem: > >=20 > > user@shadownet ~/re-src$ guix hash tarballs/libpng-1.6.28-apng.patch.gz > > 0m5nv70n9903x3xzxw9qqc6sgf2rp106ha0x6gix0xf8wcrljaab > > user@shadownet ~/re-src$ guix hash tarballs/libpng-1.6.25-apng.patch.gz > > 026r0gbkf6d6v54wca02cdxln8sj4m2c1yk62sj2aasv2ki2ffh5 > >=20 > > (inputs > > `(("apng" ,(origin > > (method url-fetch) > > (uri > > (string-append "mirror://sourceforge/libpng-apng/libpng16/" > > version "/libpng-" version "-apng.patch.gz")) > > (sha256 > > (base32 > > "026r0gbkf6d6v54wca02cdxln8sj4m2c1yk62sj2aasv2ki2ffh5")))))) > >=20 > > My really strong guess is that we never updated the hash for > > libpng-apng when the libpng was updated fron which libpng-apng > > inherits its version. > >=20 > > I don't have the time to look at our git history right now, > > but you could do that, look at wether libpng-apng was touched > > since 1.6.25->1.6.28 update of libpng. > >=20 >=20 > git blame shows that back in February I updated libpng to 1.6.28 from > 1.6.25, but that the last time libpng-apng was touched was by ng0 back > in January. >=20 > commit: 864738baaa7bb75c08647ccfc684736479e67f7f Okay, so I will send the update for libpng-apng (which due to its inheritance of libpng is just the hash) and I will also add a second commit which adds a comment above libpng that we must update libpng-apng when we update libpng, if that's already possible (libpng-apng might not immediately be up to date, but we don't update libpng immediately aswell due to it being a core-updates candidate). >=20 > --=20 > Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7= =9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 > GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypt= ed --=20 ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://n0is.noblogs.org/my-keys https://www.infotropique.org https://krosos.org --zsmt7duisyuzvz5h Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEqIyK3RKYKNfqwC5S4i+bv+40hYgFAll9qNEACgkQ4i+bv+40 hYj4bA/+IaDCJRaSVwuEBefMYVlLYj14sVWc8LI9VsYRSKpr4c4u/dQmxwt+Kplp QbPg6CWaPSoxfZ/9ClXoRI8zeQKdKvCPkUZ6gYsAv6aEqMU0r4bzzdVzubpwxQgT L4Q9jAXlP0ujACk5w6KNCs52ODSZyy+tXNnntmwXyPhrE/nd7CixJsWKDyPXrwUB U00TBKUtmr5WCtbJjFhOiy7ujySYHqnYm2+neG/WOEJas7Y3U9ljEqeCzw9m0Gon zazWckIGzgq16Z92G0KNq4ZGx8H0KG82nvTs/Nx1o5xTCi5Q37KWM46+hjYo/p2q VmSFlv9oMc+nCt0381SOXB2Br49YvTND9NUtiIDMiU1E2x1SBJeJUXjTorXOG0ya RDRJAVU7XwOefmZyD0nscMinCcxEywYeqIip+IhHR02OpUnre1JNvy8mZxe5wtk3 fP5/9bLNb4xZYDQkCYYQpNKf1CjdFGBZpDqMYJPo2ZOM7/9eORiywNLs5i2RGF6t cUjEc3rf8rf5DoSBpJxZvxNwQdMJA4ws7ZuRsaXL8okLbg5y4YEXgwulGkXO34x7 yjPg7t8NeKdzg6TBnCRwYzGN4BWQJKTKNOobJptOK8xdoPJRE0IC2FC3Fijbjgxv ZdrN0YTLZ4Be5gY7M4CHMaIRv2XOKpQWkflI21atlaUwg2QoWyw= =ecpr -----END PGP SIGNATURE----- --zsmt7duisyuzvz5h--