Package: licensecheck Version: 3.3.5-1 Severity: normal Tags: upstream X-Debbugs-Cc: vignesh.ra...@collabora.com
Dear Maintainer, scan-copyrights is unable to create the copyright file when using texlive-extra sources (https://deb.debian.org/debian/pool/main/t/texlive-extra/texlive-extra_2020.20210202-3.dsc). The below program crashes, #!/usr/bin/env python3 import sh scan_copyrights = sh.Command('scan-copyrights') def main(): try: scan_copyrights() except sh.ErrorReturnCode as e: print("An error occurred:", e.stderr, file=sys.stderr) sys.exit(1) except Exception as e: print("An unknown error occurred:", e, file=sys.stderr) sys.exit(1) if __name__ == '__main__': main() Output: raise exc sh.ErrorReturnCode_255: RAN: /usr/bin/scan-copyrights It appears that the following files may be causing the issue: ./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-Bold.pfb ./texmf-dist/fonts/type1/public/baskervillef/BaskervilleF-BoldItalic.pfb ./texmf-dist/tex/latex/exp-testopt/exp-testopt.sty Removing these files prevents the program from crashing, but individual runs of licensecheck on these files do not result in any issues. This issue has been observed with libconfig-model-dpkg-perl versions 2.143 and 2.165, licensecheck version 3.1.1-2 and 3.3.5-1. This issue is not consistently reproducible. scan-copyrights crashes because the output from licensecheck looks invalid. licensecheck tries to parse the binary file (pfb) and returns invalid data. As per the comment in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828941, it is mentioned, For use right now, I recommend to combine licensecheck with helper scripts part of cdbs (but *not* build-depend on or otherwise use cdbs). For examples of using those helper scripts to pre-parse some binary files and skip select other ones, while not accidentally silencing later introduced unknown types of files, see file debian/copyright-check in the source code of ghostscript (or pandoc or valentina), and the files /usr/lib/cdbs/license-miner and /usr/lib/cdbs/licensecheck2dep5 in package cdbs. Please let me know if this recommendation can be followed or if there are any other fixes for this issue. Thank you. Regards, Vignesh -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-6-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_IN, LC_CTYPE=en_IN (charmap=UTF-8), LANGUAGE=en_IN:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages licensecheck depends on: ii libfeature-compat-class-perl 0.05-1 ii libfeature-compat-try-perl 0.05-1 ii libio-interactive-perl 1.023-2 ii liblist-someutils-perl 0.59-1 ii liblog-any-adapter-screen-perl 0.140-2 ii liblog-any-perl 1.713-1 ii libnamespace-clean-perl 0.27-2 ii libpath-iterator-rule-perl 1.015-2 ii libpath-tiny-perl 0.144-1 ii libpod-constants-perl 0.19-2 ii libstrictures-perl 2.000006-1 ii libstring-copyright-perl 0.003014-1 ii libstring-escape-perl 2010.002-3 ii libstring-license-perl 0.0.2-1 ii perl 5.36.0-7 Versions of packages licensecheck recommends: ii libregexp-pattern-license-perl 3.9.4-3 Versions of packages licensecheck suggests: ii bash-completion 1:2.11-6 -- no debconf information
