Christoph Biedl: > Package: debhelper > Version: 12.8 > Severity: wishlist > > Heya, > > some debhelper programs call the file program, and I noticed the > invocation does not guard against file names that file(1) could > misinterpret as a command line option. In other words, file names > starting with a dash will create undesired results. > > You might argue Debian should not ship such strange file names, and I > concur. But this already happens a few times, openfoam-examples for > example. It seems these files are just not tested by any of the > debhelper programs. Perhaps just not yet. > > So as a safeguard I suggest to place "--" as usual between the options > and the argument. Before ugly things happen. > > This affects at least /usr/bin/dh_shlibdeps and /usr/bin/dh_strip. > > Cheers, > > Christoph > > [...] >
Thanks for the suggestion. At the moment, there is no problem at all as debhelper passes the full path to file at the relevant call sites. That said, it is a fine "defense-in-depth" strategy for avoiding "funny breakage" in the future. Thanks, ~Niels
