refresh_package_versions() must skip binary blobs in debian/
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | CI Train [cu2d] |
Fix Released
|
High
|
Łukasz Zemczak | |
Bug Description
system-image has a binary blob in its debian/ directory, specifically the archive-
in packagemanager.py, refresh_
https:/
Two options that I see, one easy, one harder.
The easy option: just catch any UnicodeDecodeError that happens while reading data out of utf8_inplace(path), and assume the file is binary, so just skip it.
The problem with that is that you could potentially do a harmful string replacement in a binary blob that's accidentally utf-8 compatible.
The hard option: either whitelist the files in debian/* that you want to do the replace of (rather than just the glob of everything in debian/*) or find a way to blacklist certain files. The latter probably requires the package being built to specify that in some way, though I don't know where that would be (a d/control header? some magic debian/* file?). Besides, it's probably safer to whitelist anyway.
Related branches
- Barry Warsaw (community): Approve on 2015-05-11
- PS Jenkins bot: Approve (continuous-integration) on 2015-05-11
-
Diff: 82 lines (+44/-3)3 files modifiedcupstream2distro/packagemanager.py (+12/-3)
tests/data/results/simple_update_alone_arch.changelog (+12/-0)
tests/unit/test_packagemanager.py (+20/-0)
| Changed in cupstream2distro: | |
| status: | New → In Progress |
| assignee: | nobody → Łukasz Zemczak (sil2100) |
| importance: | Undecided → High |
| PS Jenkins bot (ps-jenkins) wrote : | #1 |
| Changed in cupstream2distro: | |
| status: | In Progress → Fix Committed |
| Changed in cupstream2distro: | |
| status: | Fix Committed → Fix Released |
Fix committed into lp:cupstream2distro at revision 980, scheduled for release in cupstream2distro, milestone Unknown