[debhelper-devel] Bug#882626: debhelper: dh_installdeb should error out on invalid dpkg-maintscript-helper arguments
Andreas Beckmann
anbe at debian.org
Fri Nov 24 23:15:37 UTC 2017
Package: debhelper
Version: 10.10.9
Severity: normal
Since shell escaping the dpkg-maintscript-helper arguments can produce
invalid parameters, dh_installdeb should check whether the version and
package arguments (if given) are valid for a package name or version.
E.g. \$VARIABLE (after unescaping: $VARIABLE) cannot be a valid package
name or '1.2-3\~4' (after unescaping: 1.2-3\~4) cannot be a valid
version.
There is #880430 requesting a lintian check, but it would probably be
better not to generate known broken packages. This brokenness may not be
detected immediately, but only on special upgrade paths. (The lintian
bug has references to an occurrence in the package name (needed a
special upgrade path to show up) and another one in the version).
Andreas
More information about the debhelper-devel
mailing list