Package: ucf
Version: 3.0044
Severity: important
I noticed https://salsa.debian.org/cjwatson/debusine/-/jobs/6699495
today, containing:
Setting up ucf (3.0044) ...
...
Setting up postgresql-common (267) ...
/usr/bin/ucf: 13: unset: Part of #568.: bad variable name
dpkg: error processing package postgresql-common (--configure):
installed postgresql-common package post-installation script subprocess
returned error exit status 2
"Part of #568." is a fragment of the commit message of the commit being
tested here, which is exported as an environment variable by GitLab CI.
Since the commit message is multi-line, the value of that environment
variable is too.
In the latest ucf, I see:
# Sanitise environment
while read -r env ; do
env="${env%%=*}"
case "$env" in
PATH|PWD|TERM) ;;
DEB_*|DEBIAN_*|DEBCONF_*) ;;
UCF_*) ;;
*) unset "$env" ;;
esac
done<<EOF
$(env)
EOF
This is unsafe if any variables are multi-line, since it assumes
newline-separation.
Perhaps something like this approach would help:
for env in $(env -0 | cut -z -d= -f1 | xargs -0); do
case "$env" in
...
esac
done
... but I haven't really tested this and it certainly needs some careful
review.
Thanks,
--
Colin Watson (he/him) [[email protected]]
