diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

• Optimisations:
  • Avoid unnecessary string manipulation writing --text output (~20x speedup).
  • Avoid n iterations over archive files (~8x speedup).
  • Don't analyse .deb s twice when comparing .changes files (2x speedup).
  • Avoid shelling out to colordiff by implementing color support directly.
  • Memoize calls to distutils.spawn.find_executable to avoid excessive stat(1) syscalls.
• Progress bar:
  • Show current file / ELF section under analysis etc. in progress bar.
  • Move the --status-fd output to use JSON and to include the current filename.
• Code tidying:
  • Split out the try.diffoscope.org client so that it can be released separately on PyPI.
  • Completely rework the diffoscope and diffoscope.comparators modules, grouping similar utilities into their own modules, etc.
• Miscellaneous:
  • Update dex_expected_diffs test to ensure compatibility with enjarify ≥ 1.0.3.
  • Ensure that running from Git will always use that checkout's Python modules.
  • Add a simple profiling framework.

strip-nondeterminism

strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.

• Makefile.PL: Change NAME argument to a Perl package name.
• Ensure our binaries are available in autopkgtest tests.

try.diffoscope.org

trydiffoscope is a web-based version of the diffoscope in-depth and content-aware diff utility. Continued thanks to Bytemark for sponsoring the hardware.

• Show progress bar and position in queue, etc. (#25 & #26)
• Promote command-line client with PyPI instructions.
• Increase comparison time limit to 90 seconds.

buildinfo.debian.net

buildinfo.debian.net is my experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them.

• Added support for version 0.2 .buildinfo files. (#15)

Debian LTS

This month I have been paid to work 13½ hours on Debian Long Term Support (LTS). In that time I did the following:

• "Frontdesk" duties, triaging CVEs, etc.
• Issued DLA 733-1 for openafs, fixing an information leak vulnerability. Due to incomplete initialization or clearing of reused memory, directory objects could contain 'dead' directory entry information.
• Issued DLA 734-1 for mapserver closing an information leakage vulnerability.
• Issued DLA 737-1 for roundcube preventing arbitrary remote code execution by sending a specially crafted email.
• Issued DLA 738-1 for spip patching a cross-site scripting (XSS) vulnerability.
• Issued DLA 740-1 for libgsf fixing a null pointer deference exploit via a crafted .tar file.

Debian Uploads

• redis:
  • 3.2.5-5 — Add RunTimeDirectory=redis to systemd .service files.
  • 3.2.5-6 — Add missing Depends on lsb-base for /lib/lsb/init-functions usage in redis-sentinel's initscript.
  • 3.2.6-1 — New upstream release.
  • 4.0-1 & 4.0-rc2-1 — New upstream experimental releases.
• aptfs: 0.9-1 & 0.10-1 — New upstream releases.

Debian bugs filed

• bugs.debian.org: Please move the canonical bug URLs to /123456
• git-gui: Error when staging hunk
• lcms2: liblcms2-2 causes cd-iccdump to output incorrect locale names
• nbformat: Doesn't support non-UTF-8 paths
• sagenb-export: Fails when LC_CTYPE is not explicitly UTF-8
• roundcube: Maintainer address bounces

I filed 29 FTBFS bugs against a7xpg, conntrack-tools, factory-boy, faker, glimpse, gunroar, hexchat-otr, jackson-datatype-guava, jalview, jquery, kodi-pvr-mythtv, leap-cli, libbio-graphics-perl, libparanoid-perl, libsass-python, metastudent-data, node-temporary, node-yargs, python-requests-unixsocket, python-restless, ruby-bunny, ruby-github-markup, ruby-rabl, sagenb-export, seaborn, soapdenovo2, titanion, ufw & vagrant-cachier.

I additionally filed 2 bugs for packages that access the internet during build against fence-agents & lua-geoip.

Debian FTP Team

As a Debian FTP assistant I ACCEPTed 107 packages: android-platform-libcore, compiz, debian-edu, dehydrated, dh-cargo, gnome-shell-extension-pixelsaver, golang-1.8, golang-github-btcsuite-btcd-btcec, golang-github-elithrar-simple-scrypt, golang-github-pelletier-go-toml, golang-github-restic-chunker, golang-github-weaveworks-mesh, golang-google-genproto, igmpproxy, jimfs, kpmcore, libbio-coordinate-perl, libdata-treedumper-oo-perl, libdate-holidays-de-perl, libpgobject-type-bytestring-perl, libspecio-library-path-tiny-perl, libterm-table-perl, libtext-hogan-perl, lighttpd, linux, linux-signed, llmnrd, lua-geoip, lua-sandbox-extensions, lua-systemd, node-cli-cursor, node-command-join, node-death, node-detect-indent, node-domhandler, node-duplexify, node-end-of-stream, node-first-chunk-stream, node-from2, node-glob-stream, node-has-binary, node-inquirer, node-interpret, node-is-negated-glob, node-is-unc-path, node-lazy-debug-legacy, node-lazystream, node-load-grunt-tasks, node-merge-stream, node-object-assign-sorted, node-orchestrator, node-pkg-up, node-resolve-from, node-resolve-pkg, node-rx, node-sorted-object, node-stream-shift, node-streamtest, node-string.prototype.codepointat, node-strip-bom-stream, node-through2-filter, node-to-absolute-glob, node-unc-path-regex, node-vinyl, openzwave, openzwave-controlpanel, pcb-rnd, pd-upp, pg-partman, postgresql-common, pybigwig, python-acora, python-cartopy, python-codegen, python-efilter, python-flask-sockets, python-intervaltree, python-jsbeautifier, python-portpicker, python-pretty-yaml, python-protobix, python-sigmavirus24-urltemplate, python-sqlsoup, python-tinycss, python-watson-developer-cloud, python-zc.customdoctests, python-zeep, r-cran-dbitest, r-cran-dynlm, r-cran-mcmcpack, r-cran-memoise, r-cran-modelmetrics, r-cran-plogr, r-cran-prettyunits, r-cran-progress, r-cran-withr, ruby-clean-test, ruby-gli, ruby-json-pure, ruby-parallel, rustc, sagemath, sbuild, scram, sidedoor, toolz & yabasic.

I additionally filed 4 RC bugs against packages that had incomplete debian/copyright files against jimfs, compiz, python-efilter & ruby-json-pure.