Package: debhelper Version: 12.1.1 Severity: minor Dear Maintainer,
while debugging #931985 I notized the output of the file invocation in dh_shlibdeps (both places) detects ELF binaries by checking for "ELF" anywhere in the output ("$ff =~ m/ELF/"). While debhelper isn't prone against malicious packaging in many more places, I'm a bit concerned this might trigger a mis-detection by accident when the file program, while printing some bytes found in the examined file, shows that letter sequence. So I'd like to suggest using the --brief option of file and check for /^ELF/ Regards, Christoph -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.58 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages debhelper depends on: ii autotools-dev 20180224.1 ii dh-autoreconf 19 ii dh-strip-nondeterminism 1.2.0-2 ii dpkg 1.19.7 ii dpkg-dev 1.19.7 ii dwz 0.12.20190711-1 ii file 1:5.37-1 ii libdpkg-perl 1.19.7 ii man-db 2.8.5-2 ii perl 5.28.1-6 ii po-debconf 1.0.21 debhelper recommends no packages. Versions of packages debhelper suggests: ii dh-make 2.201802 -- no debconf information
signature.asc
Description: PGP signature