Package: dh-make Version: 0.62 Severity: serious File: /usr/bin/dh_make Tags: patch Justification: Policy 9.9
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The dh_make script depends on the environment variable PWD to determine the current working directory and thus the package name and version. This is not portable, ebcause some shells (most shells?) do not export PWD by default. It works in bash, but not in mksh, for example. This violates Debian Policy 9.9: "A program must not depend on environment variables to get reasonable defaults. (That's because these environment variables would have to be set in a system-wide configuration file like /etc/profile, which is not supported by all shells.)" Funnily enough, dh_make even imports the Perl module Cwd which is used to safely determine the working directory, but never uses it. Attached is a trivial patch that fixes this. Cheers, Nik - -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.10-3-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/mksh Versions of packages dh-make depends on: ii debhelper 9.20130921 ii dpkg-dev 1.17.1 ii make 3.81-8.2 ii perl 5.18.1-4 dh-make recommends no packages. Versions of packages dh-make suggests: ii build-essential 11.6 - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQJOBAEBCAA4BQJSYDXHMRpodHRwczovL3d3dy5kb21pbmlrLWdlb3JnZS5kZS9n cGctcG9saWN5LnR4dC5hc2MACgkQt5o8FqDE8pbHng//Yrsu6i4k8sSxufhYrqTu 2i5u1zyaimwFTrTZRe5M3lJ/o+7acbf6Mu/QjaW1/EOg3RfrTcV7BnW75/WUdMQf 5B4bKsM8xaXuxRvtimKPEvcJHLLvOovW2qMVUtGtIxdXjmK9E/5tmH5asUV8diea mCep+AXTlftc0mR/xBWEYfU1jolZD5cZi62RqqwHgst69p1ZuMayuTEjmb74EVYS 0aeCaFqERqOedTRvh/PwNXb60XwgXa9lMz9PCGiIvKQPx5CjfQ3FV6wxTMnL3SNI fq58VuZKq3HY9yhfsR6XxSZzu95MVpnWnE/3gnP6DXwBQ0wSbcKEKpjFcFn4rGA4 Dil9BRHZBZWoJvT4om61AqmzPCRV5asR6lVpfi9pbHUEvWzShMtvj63uMBX1uHdm bB+MxkhO+exWilJFXPRBagBNmKrhN3sekHJa8akwjF93cxNwyISGogTL5huBHFhG BlovHubW3kgriwzAiZdd9QPT3qm99Ltnd29jfFMZvaZHSFKCwoahnl+xWPjHrjQ9 baYhRefEOt5lbtjmhDpDraDBKBqHNYxXuq3N891uymUC1wu0AOnPU6gMdj+sg1a6 oY4a/PDdD3IE1ygxoeNpxUkq+Aafce5+2M+sVBaKGn8WrqSJHlDwGpdcG2PMBLmo Cft5aRlyzGNZb8QDJ0R87Us= =alTH -----END PGP SIGNATURE-----
--- dh_make 2013-10-17 20:58:36.722757271 +0200 +++ dh_make 2013-10-17 20:59:45.511474516 +0200 @@ -356,7 +356,7 @@ sub get_email() sub get_package { - my $pwd = $ENV{PWD}; + my $pwd = &Cwd::cwd(); my $forced_package_version = ""; # May split the version out of the name if ( ($main::forced_package_name) &&