[Build-common-hackers] Bug#306941: cdbs: Shell arguments not protected
Martin Ferrari
Martin Ferrari <martin.ferrari@gmail.com>, 306941@bugs.debian.org
Fri, 29 Apr 2005 11:44:04 -0300
Package: cdbs
Version: 0.4.26-1.1
Severity: normal
After some headbanging with strange errors, I just found out that if my
cwd has spaces, the ant build fails. That's because there are no proper
protection for variables. My specific problem was in /usr/share/cdbs/1/class/ant-vars.mk:
DEB_ANT_PROPERTYFILE = $(shell test -f $(CURDIR)/debian/ant.properties
&& echo $(CURDIR)/debian/ant.properties)
should be:
DEB_ANT_PROPERTYFILE = $(shell test -f "$(CURDIR)"/debian/ant.properties
&& echo "$(CURDIR)"/debian/ant.properties)
This problem is everywhere in cdbs, and fixing this sole line didn't
solve my problem, it just exploded later.
I know "basename `pwd`" should not have spaces as per the Debian Policy,
but nothing prevents me having it inside some other directory with
spaces, as it was my case... Not to mention what could happen if the
directory is called "blah; rm -rf .." :)
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=es_AR, LC_CTYPE=es_AR (charmap=ISO-8859-1)
-- no debconf information