Package: dh-make
Version: 0.62
Severity: serious
File: /usr/bin/dh_make
Tags: patch
Justification: Policy 9.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The dh_make script depends on the environment variable PWD to determine
the current working directory and thus the package name and version.
This is not portable, ebcause some shells (most shells?) do not export
PWD by default. It works in bash, but not in mksh, for example. This
violates Debian Policy 9.9:
"A program must not depend on environment variables to get reasonable
defaults. (That's because these environment variables would have to be
set in a system-wide configuration file like /etc/profile, which is not
supported by all shells.)"
Funnily enough, dh_make even imports the Perl module Cwd which is used
to safely determine the working directory, but never uses it. Attached
is a trivial patch that fixes this.
Cheers,
Nik
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.10-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh
Versions of packages dh-make depends on:
ii debhelper 9.20130921
ii dpkg-dev 1.17.1
ii make 3.81-8.2
ii perl 5.18.1-4
dh-make recommends no packages.
Versions of packages dh-make suggests:
ii build-essential 11.6
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQJOBAEBCAA4BQJSYDXHMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n
cGctcG9saWN5LnR4dC5hc2MACgkQt5o8FqDE8pbHng//Yrsu6i4k8sSxufhYrqTu
2i5u1zyaimwFTrTZRe5M3lJ/o+7acbf6Mu/QjaW1/EOg3RfrTcV7BnW75/WUdMQf
5B4bKsM8xaXuxRvtimKPEvcJHLLvOovW2qMVUtGtIxdXjmK9E/5tmH5asUV8diea
mCep+AXTlftc0mR/xBWEYfU1jolZD5cZi62RqqwHgst69p1ZuMayuTEjmb74EVYS
0aeCaFqERqOedTRvh/PwNXb60XwgXa9lMz9PCGiIvKQPx5CjfQ3FV6wxTMnL3SNI
fq58VuZKq3HY9yhfsR6XxSZzu95MVpnWnE/3gnP6DXwBQ0wSbcKEKpjFcFn4rGA4
Dil9BRHZBZWoJvT4om61AqmzPCRV5asR6lVpfi9pbHUEvWzShMtvj63uMBX1uHdm
bB+MxkhO+exWilJFXPRBagBNmKrhN3sekHJa8akwjF93cxNwyISGogTL5huBHFhG
BlovHubW3kgriwzAiZdd9QPT3qm99Ltnd29jfFMZvaZHSFKCwoahnl+xWPjHrjQ9
baYhRefEOt5lbtjmhDpDraDBKBqHNYxXuq3N891uymUC1wu0AOnPU6gMdj+sg1a6
oY4a/PDdD3IE1ygxoeNpxUkq+Aafce5+2M+sVBaKGn8WrqSJHlDwGpdcG2PMBLmo
Cft5aRlyzGNZb8QDJ0R87Us=
=alTH
-----END PGP SIGNATURE-----
--- dh_make 2013-10-17 20:58:36.722757271 +0200
+++ dh_make 2013-10-17 20:59:45.511474516 +0200
@@ -356,7 +356,7 @@ sub get_email()
sub get_package
{
- my $pwd = $ENV{PWD};
+ my $pwd = &Cwd::cwd();
my $forced_package_version = "";
# May split the version out of the name
if ( ($main::forced_package_name) &&
