Your message dated Thu, 24 Mar 2022 20:37:16 +0000
with message-id <[email protected]>
and subject line Bug#1007816: fixed in dpkg 1.21.3
has caused the Debian Bug report #1007816,
regarding dpkg: build-time config of tool paths doesn't support full paths
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1007816: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007816
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dpkg
Version 1.12.2
Tags: patch
dpkg `configure` allows configuration of run-time tools via
environment variables (`PATCH`, `TAR`, etc.). These variables are
apparently expected to be populated by bare program names, though this
requirement is not documented anyway, and I only discovered it by
reading the source. Configuring these variables with fully-qualified
pathnames causes run-time errors like:
$ sudo dpkg -i
Password:
dpkg: warning: '/usr/local/opt/gnu-tar/bin/gtar' not found in PATH or
not executable
dpkg: error: 1 expected program not found in PATH or not executable
Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin
There are deployment environments in which fixed paths would be more
appropriate, rather than relying on runtime `PATH` settings. If I
understand correctly, the tools are launched via `execvp()`, which
handles full pathnames just fine.
Therefore, I propose the attached patch, which fixes `find_command()`
to only build candidate paths for unqualified names, and test
fully-qualified paths as-is.
diff --git a/src/main/help.c b/src/main/help.c
index 7762aca..f7d9d16 100644
--- a/src/main/help.c
+++ b/src/main/help.c
@@ -83,6 +83,10 @@ find_command(const char *prog)
const char *path, *path_end;
size_t path_len;
+ if (*prog == '/') {
+ return stat(prog, &stab) == 0 && (stab.st_mode & 0111);
+ }
+
path_list = getenv("PATH");
if (!path_list)
ohshit(_("PATH is not set"));
--- End Message ---
--- Begin Message ---
Source: dpkg
Source-Version: 1.21.3
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dpkg, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated dpkg package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Mar 2022 21:00:24 +0100
Source: dpkg
Architecture: source
Version: 1.21.3
Distribution: unstable
Urgency: medium
Maintainer: Dpkg Developers <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 1001915 1007816
Changes:
dpkg (1.21.3) unstable; urgency=medium
.
[ Helge Kreutzmann ]
* Localization:
- Update German man pages translation.
- Update German scripts translation.
.
[ Guillem Jover ]
* dpkg-db-backup: Check for required commands before starting.
* dpkg: Allow absolute pathnames for configurable external run-time tools.
Based on a patch by Adrian Ho <[email protected]>. Closes: #1007816
* dpkg-fsys-usrunmess: Add options and prompt about regression prevention
package. Prompted by Paul Wise <[email protected]>.
* dpkg-deb: Move duped control member check inside the detection conditional.
* dpkg-deb: Fix movecontrol() to take a directory argument.
* dselect: Remove non-multi-cd code from multi_cd method.
* dselect: Rename multicd method to media.
* dselect: Remove left overs for mount support from disk method.
* dselect: Remove bogus quote escaping from method setup scripts.
* dselect: Rename disk method to file.
* scripts: Use backport-version-regex vendor hook instead of hardcoding the
marker.
* Perl modules:
- Dpkg::Source::Package::V3::Git: Name bundle remote as bundle.
- Dpkg::Source::Package::V3::Git: Set origin remote to Vcs-Git if present.
- Dpkg::Path: Resolve /dev/null before comparing canonicalized pathnames.
- Dpkg::Compression: Conditionally use the gzip --rsyncable option.
- Dpkg::Compression: Use gzip -n instead of --no-name.
- Dpkg::Vendor: Add a new backport-version-regex hook.
- Dpkg::Control::Fields: Add Static-Built-Using field support.
* Documentation:
- man: Clarify Built-Using field purpose and format.
* Code internals:
- libdpkg: Refactor file_is_exec().
- libdpkg: Check that executables are regular files.
- dpkg-fsys-usrunmess: Refactor prompting into a new function.
- dpkg: Rename r variable to remainder.
* Packaging:
- Clarify the merged-usr-via-aliased-dirs warning.
Prompted by Paul Wise <[email protected]>.
- Sync original bug-script merged-usr warning with postinst updates.
* Test suite:
- Check deb format with duplicate debian-binary and control.tar members.
- Add further deb-split format checks.
- Place deb-old and deb checks on their own test groups.
- Check all currently supported deb-old formats.
* Localization:
- Update Portuguese man pages translation.
Thanks to Américo Monteiro <[email protected]>. Closes: #1001915
Checksums-Sha1:
735e675dac05a52a62b6228c4c40140dda0d223e 2120 dpkg_1.21.3.dsc
599567b51874eda2de29db0f0f7bf8d7f1d3faac 5070912 dpkg_1.21.3.tar.xz
966c688d9323a40b272dfd27432036269f25723e 7802 dpkg_1.21.3_amd64.buildinfo
Checksums-Sha256:
8519020d21c7af23d7188f9113047829a35978552d996c30eae185a35a7725d0 2120
dpkg_1.21.3.dsc
668222141dde0f352eee75d46b07f5f1cf3b9550464b54c2287bdd15650c499a 5070912
dpkg_1.21.3.tar.xz
87d0dffe4d6facb1eb62bcbac4df2e5d0220b6ed127e7bbd0172059064c05628 7802
dpkg_1.21.3_amd64.buildinfo
Files:
51555ec9e912db446a96950f444722e7 2120 admin required dpkg_1.21.3.dsc
dfd250be57ff6b2ae489fc3e14d7e57e 5070912 admin required dpkg_1.21.3.tar.xz
5c31a4046ae7a5d227caeae6ba191898 7802 admin required
dpkg_1.21.3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETz509DYFDBD1aWV0uXK/PqSuV6MFAmI80LMACgkQuXK/PqSu
V6P7xw/+KeUwkXY6mVScZfQkipQ2ZSy5rmQrnGYNsMOeK3iR1+Yb3Ndhhc3o6T1a
o+oek+77Z/TbfqKEtezxzdZrJIpDCAYc6F3VdeBpXttI0N1zzeNOQYBPMnSxZXZC
AO1v0I1zUv8B0HdB21lPG3f9j2sKDoVUG0zboGOUrqYQ0U/Ybu3afhZH9tAA0Lil
VzkjEChlAKe0zl2aATcmT8n4mEjqVSC4aTD+UFig6WntH4hzY6gjQemM7eh5rbeH
s3t3IAw8LuMHeGRRxESqp/t8pXm2ackzv1xJIVxsyr3QtlY9RCEjDPfpLCI1vc/9
3cNTnJM3WqRS2ycZnFvg+r10gplIcWf7PEpc3fExKtav16H5a8fSQbRtWXH8mUdO
fMthvB6WSREKSgRs711Xb0MWGnbns1n7KQzkOpZtzRnK8hN8e3xFw60OKaVpazGg
ZNfgtDPjhP26LfIH9irEesHXhv64ragnMQN7x55MleHOmHYhGE4oGR39UsQL7JkC
l7E17Cfyzqro6QUQN7CRsfOXsa9AMuqGfuIV1EeX+YmsSNCBdz2Ip9Pt3sGjwWkN
B2ERs/e6jgtktNUQFTC37dKhdeo7hlbKKBdfWGg2ko7iOjsQDVkGT9CEoers6MLO
jkBfR3kY19A/9cD2dZDPummwj2gvwaOdZ3BFlQP5ONlbp+s0AJw=
=Djrc
-----END PGP SIGNATURE-----
--- End Message ---
