Debian Bug report logs - #65699
dpkg-buildpackage should support hooks, logging, environment sanitizing and possibly more

version graph

Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@lists.debian.org>; Source for dpkg-dev is src:dpkg.

Reported by: Julian Gilbey <jdg@debian.org>

Date: Thu, 15 Jun 2000 18:48:02 UTC

Severity: wishlist

Merged with 476221, 507609

Found in versions 1.6.13, dpkg/1.14.18, dpkg/1.14.23

Fixed in version dpkg/1.17.6

Done: Guillem Jover <guillem@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Wichert Akkerman <wakkerma@debian.org>:
Bug#65699; Package dpkg-dev. Full text and rfc822 format available.

Acknowledgement sent to Julian Gilbey <J.D.Gilbey@qmw.ac.uk>:
New Bug report received and forwarded. Copy sent to Wichert Akkerman <wakkerma@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
To: Debian bug reports <submit@bugs.debian.org>
Subject: dpkg-dev: dpkg-buildpackage should sanitise the environment before running
Date: Thu, 15 Jun 2000 17:15:39 +0100
Package: dpkg-dev
Version: 1.6.13
Severity: wishlist

I've been bitten so many times (as have others because of me) by
having a copy of perl in /usr/local/bin and /usr/local/bin in my PATH:
when I build packages and forget to reset my PATH, my package might
end up having #!/usr/local/bin/perl shebang lines.

I think that it would be really good if dpkg-buildpackage reset PATH,
IFS and so on before running.  Not as a security measure, 'cos that
won't work, but just to avoid these gaffes.  I guess that PATH need
only be "/usr/bin:/bin" for the build target and
"/usr/sbin:/sbin:/usr/bin:/bin" for the binary* targets.

   Julian

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
        Debian GNU/Linux Developer,  see http://www.debian.org/~jdg
  Donate free food to the world's hungry: see http://www.thehungersite.com/



Tags added: Request was from Wichert Akkerman <wichert@cistron.nl> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: wontfix Request was from Wichert Akkerman <wichert@cistron.nl> to control@bugs.debian.org. Full text and rfc822 format available.

Bug closed, send any further explanations to Julian Gilbey <J.D.Gilbey@qmw.ac.uk> Request was from Julian Gilbey <jdg@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reopened, originator set to Julian Gilbey <jdg@debian.org>. Request was from Julian Gilbey <jdg@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: wontfix Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Mon, 05 May 2008 12:48:55 GMT) Full text and rfc822 format available.

Merged 65699 476221. Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Mon, 05 May 2008 12:48:56 GMT) Full text and rfc822 format available.

Changed Bug title to `dpkg-buildpackage should support hooks, logging, environment sanitizing and possibly more' from `dpkg-dev: dpkg-buildpackage should sanitise the environment before running'. Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Mon, 11 May 2009 06:51:04 GMT) Full text and rfc822 format available.

Merged 65699 476221 507609. Request was from Raphael Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Mon, 11 May 2009 06:51:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dpkg Developers <debian-dpkg@lists.debian.org>:
Bug#65699; Package dpkg-dev. (Tue, 02 Aug 2011 12:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to g6299304p@rezozer.net:
Extra info received and forwarded to list. Copy sent to Dpkg Developers <debian-dpkg@lists.debian.org>. (Tue, 02 Aug 2011 12:48:04 GMT) Full text and rfc822 format available.

Message #26 received at 65699@bugs.debian.org (full text, mbox):

From: Jerome BENOIT <g6299304p@rezozer.net>
To: 65699@bugs.debian.org
Subject: dpkg-buildpackage should support hooks, logging, environment sanitizing and possibly more
Date: Tue, 02 Aug 2011 13:44:08 +0200
Hello:

Concerning  environment sanitizing,
CONFIG_SITE may be unset.

hth,
Jerome




Message #27 received at 476221-close@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 476221-close@bugs.debian.org
Subject: Bug#476221: fixed in dpkg 1.17.6
Date: Wed, 15 Jan 2014 18:18:47 +0000
Source: dpkg
Source-Version: 1.17.6

We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 476221@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated dpkg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 15 Jan 2014 05:29:45 +0100
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.17.6
Distribution: unstable
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 108196 253265 476221 694524 708033 718295 719348 732648 733326 733746 733980 734114 734783
Changes: 
 dpkg (1.17.6) unstable; urgency=low
 .
   [ Guillem Jover ]
   * Move signing in dpkg-buildpackage to the end of the build.
   * Add new --check-command and --check-option options to dpkg-buildpackage,
     and DEB_CHECK_COMMAND environment variable as a default value, to
     specify a package checker to use before the signing process.
   * Detect a missing gain-root-command even if dpkg-buildpackage is running
     as root.
   * Detect a missing sign-command in dpkg-buildpackage, before starting the
     build, to avoid a failure at the end of the process.
   * Remove trailing newlines from dpkg-deb warning message.
   * Change dpkg-deb conffile name length warning into an error, as dpkg will
     reject those packages at install time anyway.
   * Unify and clarify dpkg-deb and dpkg conffile name length error message.
     Closes: #108196
   * Add new start-stop-daemon --pid option. Closes: #253265
   * Mention Multi-Arch: no value in man pages. Closes: #732648
   * Correctly hyphenate binary-only and source-only in dpkg-buildpackage
     output messages.
   * Use makedev(3) when extracting .deb archives rather than ad-hoc
     computations, to be able to support large major/minor device numbers,
     supported on at least Linux, NetBSD and OpenBSD based systems.
     Thanks to Peter Chang <dpf@google.com>.
   * Turn the ARM Embedded ABI symbols blacklist into a regex, to stop having
     to keep up with the GNU toolchain, or other toolchains emitting different
     symbols.
   * Blacklist GOMP critical section symbols. Closes: #708033
   * Add support for Ignore-Blacklist-Groups field in symbols files, with the
     two available group values aeabi and gomp. Closes: #694524
   * Allow updating checksums in Dpkg::Checksums without erroring out.
   * Add shell hooks support to dpkg-buildpackage, based on the debuild
     implementation in devscripts 2.13.9. Closes: #476221
   * Add support for Testsuite source field.
   * Clarify error message about missing revision in non-native source package.
     Closes: #719348, #733746
   * Set default compression options in source format specific modules instead
     of dpkg-source. This makes sure the correct compression level is set, even
     for “3.0 (native)” packages with non-default compressors. Closes: #733326
   * Change default source package compressor for new formats (>= 2.0) to xz.
   * Ignore the same packages in «dpkg-query --list» when computing the
     column width as when printing the entries. Closes: #734114
   * Do not produce .deb archives with uncompressed gzip members on
     «dpkg-deb -Zgzip -z0», instead create them as non-compressed members,
     as if -Znone had been passed, as documented. Closes: #718295
   * Add support for .deb archives with a control member not compressed
     (control.tar) or compressed with xz (control.tar.xz).
   * Add support for creating uniformly compressed .deb archive members,
     with the new dpkg-deb option --uniform-compression.
   * Fix file descriptor leaks in diversions and statoverride databases.
     Closes: #734783
   * Allow missing prior-version argument in dpkg-maintscript-helper
     dir_to_symlink and symlink_to_dir commands. Closes: #733980
 .
   [ Updated dpkg translations ]
   * Swedish (Peter Krefting).
   * Vietnamese (Trần Ngọc Quân).
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
   * Swedish (Peter Krefting).
 .
   [ Updated manpages translations ]
   * German (Helge Kreutzmann).
   * Swedish (Peter Krefting).
Checksums-Sha1: 
 17149a077e85450c4d0f157fd68175c038367843 1989 dpkg_1.17.6.dsc
 93d1d55fa82a9bcebfa4f7fdc50f1cb7d1d734e1 3859780 dpkg_1.17.6.tar.xz
 7652783bc417fd8a906e08c7cbb5e1399a829383 755382 libdpkg-dev_1.17.6_amd64.deb
 df4cdec82073940f8c623ae68cc646ca7973cefd 2624918 dpkg_1.17.6_amd64.deb
 3e4762e0cf298a9c2913dc68cae6fdb659a957cb 1015506 dselect_1.17.6_amd64.deb
 5448b4550e1b17f8786751eb6d14a1c66429a4b5 1381378 dpkg-dev_1.17.6_all.deb
 9acc2e4e97157dac242680f7cf55e1c2558f3d71 926988 libdpkg-perl_1.17.6_all.deb
Checksums-Sha256: 
 603b2a9debc695a4c156629447d32ce0f7ec2c376e10c4bdd84dbc98e8279fa9 1989 dpkg_1.17.6.dsc
 96f5cddffbd7557574a90a4b90cb5387c4cd5334011b90b38fe67ebfdf9eb464 3859780 dpkg_1.17.6.tar.xz
 197d1d264723305096bc1810ca53bee1ccf455ecf7fde2babc6aeaa03488d41c 755382 libdpkg-dev_1.17.6_amd64.deb
 6e087d4059f5d09d680881e7f52dbd0307b21d1186bdc39415586830acd1b2de 2624918 dpkg_1.17.6_amd64.deb
 5c0c0f14d81d93b1f8c419bdbb351023cc623fd8ce777dda0877286c2811b418 1015506 dselect_1.17.6_amd64.deb
 e831302d2ed309ae487ac0bce3e2af23b991ae9cfc82c675aaff2948a1477d8a 1381378 dpkg-dev_1.17.6_all.deb
 539bba2f0fef28eac65edadd819daa62119853bdcd1eabf1eaf60b98dd4caf31 926988 libdpkg-perl_1.17.6_all.deb
Files: 
 30c7bac84b1d4ce8bcdb021cf97dad30 1989 admin required dpkg_1.17.6.dsc
 c87f2ae291d460015353e01d121bea85 3859780 admin required dpkg_1.17.6.tar.xz
 7feb0595f1e32fe7370e49a09b13fc6b 755382 libdevel optional libdpkg-dev_1.17.6_amd64.deb
 7b6c92341cb9cdfa9d34ae499e81ac25 2624918 admin required dpkg_1.17.6_amd64.deb
 7fc31cecda631b7803f2c9fc91f4d654 1015506 admin optional dselect_1.17.6_amd64.deb
 876399b13e36332fe367b7720f5f3a34 1381378 utils optional dpkg-dev_1.17.6_all.deb
 4bc10add44b5430a7fbe72707a5eae67 926988 perl optional libdpkg-perl_1.17.6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJS1skyAAoJELlyvz6krlejEvkQAIXigTGxHvwLndy4m2S7XSxs
xIr+N0T6XHkggvzy/arT+K8RoOqPCIEVZ1JK/+TKmJ9tKAEU18twrF3Y/OfCw5/E
1bmI69wGkDqitMcwk2prB6z3ypD+DEf0TVPRFmEaW3BudeZB8GXQ7GtP3KfmoQb9
vC7aw3/bR963RDcGOF4nFJ0Jr9lkpg6sACpPQhg5nVr+CIvBP6DXMaU0UIPcZNV+
GdHhtDLp8MkNQQJyPLEkitCl8QScvRJ8Qoa9f8YBTnbrLkAZP7gb0nse3Tgy+ps0
Oxiw1A/C7PB4IMr4BczhIS5TStKzV/kvbH11HWOd2FNCis+fKkkxSVIK5G24b2gB
E9+nXiC+U+MXRnT+GD5uuTPKeIlHxgqXHumQacevIEgFvHTxfCSXdvET6SjMbXTX
qZh1FIMQt7Npis5dXgdbz2zK4TEsVzS8gb6TbyFBbLue8X+yx4kv9kGyw8Fl2Yx9
fmjwY1DB9G3ZhIBs5IKx8AwW7fM2ZN1jUZRCx/y5Xdqqes8pmlkN80O5G0z0k5Kb
ZqJSYYvBDr7NJMIvr4vuk1EAyNLRZaVDM0TyCH30I6l0559uBPO7A7+Rb6K2ghh6
bRsClJ/1vsVrH76r2er3Qq+41gk0zf7sxnnrwcmhXEbfjURhwg8Ugg13PuHJqeAH
0wqyjhVKT3JJ8IoJt/Rc
=X5JS
-----END PGP SIGNATURE-----




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 11:48:39 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.