[Git][reproducible-builds/diffoscope][master] Fix MozillaZipContainer's monkeypatch after Python's zipfile module changed to...
Chris Lamb (@lamby)
gitlab at salsa.debian.org
Sun Mar 31 15:39:25 UTC 2024
Chris Lamb pushed to branch master at Reproducible Builds / diffoscope
Commits:
cc3b077f by FC (Fay) Stegerman at 2024-03-31T16:38:21+01:00
Fix MozillaZipContainer's monkeypatch after Python's zipfile module changed to detect potentially insecure overlapping entries within .zip files. (Closes: reproducible-builds/diffoscope#362)
- - - - -
2 changed files:
- diffoscope/comparators/zip.py
- tests/comparators/test_zip.py
Changes:
=====================================
diffoscope/comparators/zip.py
=====================================
@@ -273,10 +273,13 @@ class MozillaZipContainer(ZipContainer):
# This is gross: Monkeypatch zipfile._EndRecData to work with
# Mozilla-optimized ZIPs
_orig_EndRecData = zipfile._EndRecData
+ eocd_offset = None
def _EndRecData(fh):
endrec = _orig_EndRecData(fh)
if endrec:
+ nonlocal eocd_offset
+ eocd_offset = endrec[zipfile._ECD_LOCATION]
endrec[zipfile._ECD_LOCATION] = (
endrec[zipfile._ECD_OFFSET] + endrec[zipfile._ECD_SIZE]
)
@@ -285,6 +288,17 @@ class MozillaZipContainer(ZipContainer):
zipfile._EndRecData = _EndRecData
result = super(MozillaZipContainer, self).open_archive()
zipfile._EndRecData = _orig_EndRecData
+ # fix _end_offset after https://github.com/python/cpython/pull/110016
+ # added a check that fails because the central directory comes before
+ # the entries in these files
+ zinfos = sorted(
+ result.filelist,
+ key=lambda zinfo: zinfo.header_offset,
+ reverse=True,
+ )
+ if zinfos:
+ if hasattr(zinfos[0], "_end_offset"):
+ zinfos[0]._end_offset = eocd_offset
return result
=====================================
tests/comparators/test_zip.py
=====================================
@@ -18,12 +18,11 @@
# along with diffoscope. If not, see <https://www.gnu.org/licenses/>.
import pytest
-import sys
from diffoscope.comparators.zip import ZipFile, MozillaZipFile, JmodJavaModule
from ..utils.data import load_fixture, assert_diff
-from ..utils.tools import skip_unless_tools_exist, skipif
+from ..utils.tools import skip_unless_tools_exist
from ..utils.nonexisting import assert_non_existing
@@ -39,12 +38,6 @@ jmod2 = load_fixture("test2.jmod")
test_comment1 = load_fixture("test_comment1.zip")
test_comment2 = load_fixture("test_comment2.zip")
-# See #362
-skip_if_python_zip_regression = pytest.mark.skipif(
- sys.version_info >= (3, 10, 14),
- reason="Test fails under 3.10.14+ (and 3.11.8+); possible regression",
-)
-
def test_identification(zip1):
assert isinstance(zip1, ZipFile)
@@ -93,7 +86,6 @@ def test_mozzip_identification(mozzip1):
assert isinstance(mozzip1, MozillaZipFile)
- at skip_if_python_zip_regression
def test_mozzip_no_differences(mozzip1):
difference = mozzip1.compare(mozzip1)
assert difference is None
@@ -105,13 +97,11 @@ def mozzip_differences(mozzip1, mozzip2):
@skip_unless_tools_exist("zipinfo")
- at skip_if_python_zip_regression
def test_mozzip_metadata(mozzip_differences, mozzip1, mozzip2):
assert_diff(mozzip_differences[0], "mozzip_zipinfo_expected_diff")
@skip_unless_tools_exist("zipinfo")
- at skip_if_python_zip_regression
def test_mozzip_compressed_files(mozzip_differences):
assert mozzip_differences[-1].source1 == "dir/text"
assert mozzip_differences[-1].source2 == "dir/text"
@@ -119,7 +109,6 @@ def test_mozzip_compressed_files(mozzip_differences):
@skip_unless_tools_exist("zipinfo")
- at skip_if_python_zip_regression
def test_mozzip_compare_non_existing(monkeypatch, mozzip1):
assert_non_existing(monkeypatch, mozzip1)
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/cc3b077f6ef97b4e20036e9823926fe633c7d4d0
--
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/cc3b077f6ef97b4e20036e9823926fe633c7d4d0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240331/bcb02e5e/attachment.htm>
More information about the rb-commits
mailing list