[dpkg] 07/08: Dpkg::Vendor::Debian: Disable fixdebugpath on unsafe characters in path

[Guillem Jover]

This is an automated email from the git hooks/post-receive script.

guillem pushed a commit to branch master
in repository dpkg.

commit a3fe877790c4f8feb6e99bdd49912aeb75c996d1
Author: Guillem Jover <guil...@debian.org>
Date:   Wed Jul 6 22:47:25 2016 +0200

    Dpkg::Vendor::Debian: Disable fixdebugpath on unsafe characters in path
    
    If the path has any unsafe characters we would need to escape them on
    output, but the escaping method depends on how the output is going to
    be used, which complicates things a bit. To make it safe to eventually
    enable this feature by default, we'll just check for safe characters
    and silently disable it otherwise.
---
 debian/changelog              |  2 ++
 scripts/Dpkg/Vendor/Debian.pm | 18 ++++++++++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b6a2d54..7621023 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ dpkg (1.18.10) UNRELEASED; urgency=medium
 
   [ Guillem Jover ]
   * Fix a short-lived memory leak in dpkg archive argument parsing.
+  * Perl modules:
+    - Disable fixdebugpath feature on unsafe characters in the path.
   * Documentation:
     - Document Testsuite-Triggers in dsc(5).
     - Fix deb-changes(5) description to talk about .changes instead of .dsc.
diff --git a/scripts/Dpkg/Vendor/Debian.pm b/scripts/Dpkg/Vendor/Debian.pm
index 160d9f9..29aeece 100644
--- a/scripts/Dpkg/Vendor/Debian.pm
+++ b/scripts/Dpkg/Vendor/Debian.pm
@@ -161,9 +161,25 @@ sub _add_reproducible_flags {
         fixdebugpath => 0,
     );
 
+    my $build_path;
+
     # Adjust features based on user or maintainer's desires.
     $self->_parse_feature_area('reproducible', \%use_feature);
 
+    # Mask features that might have an unsafe usage.
+    if ($use_feature{fixdebugpath}) {
+        require Cwd;
+
+        $build_path = $ENV{DEB_BUILD_PATH} || Cwd::cwd();
+
+        # If we have any unsafe character in the path, disable the flag,
+        # so that we do not need to worry about escaping the characters
+        # on output.
+        if ($build_path =~ m/[^-+:.0-9a-zA-Z~\/_]/) {
+            $use_feature{fixdebugpath} = 0;
+        }
+    }
+
     # Warn when the __TIME__, __DATE__ and __TIMESTAMP__ macros are used.
     if ($use_feature{timeless}) {
        $flags->append('CPPFLAGS', '-Wdate-time');
@@ -171,8 +187,6 @@ sub _add_reproducible_flags {
 
     # Avoid storing the build path in the debug symbols.
     if ($use_feature{fixdebugpath}) {
-        require Cwd;
-        my $build_path = $ENV{DEB_BUILD_PATH} || Cwd::cwd();
         my $map = '-fdebug-prefix-map=' . $build_path . '=.';
         $flags->append('CFLAGS', $map);
         $flags->append('CXXFLAGS', $map);

-- 
Alioth's /usr/local/bin/git-commit-notice on 
/srv/git.debian.org/git/dpkg/dpkg.git