This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch master in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ff505bc6a53a4b49e50b0725e71cc27d1226052b commit ff505bc6a53a4b49e50b0725e71cc27d1226052b Author: Guillem Jover <[email protected]> AuthorDate: Fri Jun 19 23:34:34 2020 +0200 Dpkg::Build::Info: Avoid whitelist in function name While the terms whitelist and blacklist do not have an etymology with racial connotations, they still attribute positive and negative connotations to these colors for terms that are not explicitly descriptive of what they mean. We can use instead terms that are more descriptive, and have no negative connotations. Deprecate get_build_env_whitelist() in favor of get_build_env_allowed(), and emit warnings when using the former. --- debian/changelog | 1 + man/deb-buildinfo.pod | 2 +- man/dpkg-genbuildinfo.pod | 2 +- scripts/Dpkg/Build/Info.pm | 28 +++++++++++++++++++++++----- scripts/dpkg-genbuildinfo.pl | 6 +++--- scripts/t/Dpkg_Build_Info.t | 4 ++-- 6 files changed, 31 insertions(+), 12 deletions(-) diff --git a/debian/changelog b/debian/changelog index 609d5a49d..a33b1b524 100644 --- a/debian/changelog +++ b/debian/changelog @@ -46,6 +46,7 @@ dpkg (1.20.1) UNRELEASED; urgency=medium Thanks to Taowa Munene-Tardif <[email protected]>. Closes: #956055 - Dpkg::Vendor::Debian: Detect merged-usr-via-symlinks also with absolute pathnames. Reported by Adam Borowski <[email protected]>. + - Dpkg::Build::Info: Avoid whitelist in function name. * Documentation: - man: Fix misused two-fonts macros. Thanks to Bjarni Ingi Gislason <[email protected]>. Closes: #955028 diff --git a/man/deb-buildinfo.pod b/man/deb-buildinfo.pod index 2297459eb..79894bd8a 100644 --- a/man/deb-buildinfo.pod +++ b/man/deb-buildinfo.pod @@ -161,7 +161,7 @@ requested it, to avoid leaking possibly sensitive information. =item B<Build-Path:> I<build-path> The absolute build path, which correspond to the unpacked source tree. -This field is only going to be present if the vendor has whitelisted it +This field is only going to be present if the vendor has allowed it via some pattern match to avoid leaking possibly sensitive information. On Debian and derivatives only build paths starting with I</build/> diff --git a/man/dpkg-genbuildinfo.pod b/man/dpkg-genbuildinfo.pod index 699592c0e..6dff6876f 100644 --- a/man/dpkg-genbuildinfo.pod +++ b/man/dpkg-genbuildinfo.pod @@ -132,7 +132,7 @@ B<Build-Kernel-Version> field when generating the B<.buildinfo>. =item B<--always-include-path> By default, the B<Build-Path> field will only be written if the current -directory starts with a whitelisted pattern. +directory starts with an allowed pattern. On Debian and derivatives the pattern matches on B</build/> at the start of the pathname. diff --git a/scripts/Dpkg/Build/Info.pm b/scripts/Dpkg/Build/Info.pm index 4935f0f08..15ed8f942 100644 --- a/scripts/Dpkg/Build/Info.pm +++ b/scripts/Dpkg/Build/Info.pm @@ -18,9 +18,10 @@ package Dpkg::Build::Info; use strict; use warnings; -our $VERSION = '1.00'; +our $VERSION = '1.01'; our @EXPORT_OK = qw( get_build_env_whitelist + get_build_env_allowed ); use Exporter qw(import); @@ -40,14 +41,14 @@ information. =over 4 -=item @envvars = get_build_env_whitelist() +=item @envvars = get_build_env_allowed() -Get an array with the whitelist of environment variables that can affect +Get an array with the allowed list of environment variables that can affect the build, but are still not privacy revealing. =cut -my @env_whitelist = ( +my @env_allowed = ( # Toolchain. qw(CC CPP CXX OBJC OBJCXX PC FC M2C AS LD AR RANLIB MAKE AWK LEX YACC), # Toolchain flags. @@ -77,14 +78,31 @@ my @env_whitelist = ( qw(SOURCE_DATE_EPOCH), ); +sub get_build_env_allowed { + return @env_allowed; +} + +=item @envvars = get_build_env_whitelist() + +This is a deprecated alias for get_build_env_allowed(). + +=cut + sub get_build_env_whitelist { - return @env_whitelist; + warnings::warnif('deprecated', 'use get_build_env_allowed() instead'); + return get_build_env_allowed(); } =back =head1 CHANGES +=head2 Version 1.01 (dpkg 1.20.1) + +New function: get_build_env_allowed(). + +Deprecated function: get_build_env_whitelist(). + =head2 Version 1.00 (dpkg 1.18.14) Mark the module as public. diff --git a/scripts/dpkg-genbuildinfo.pl b/scripts/dpkg-genbuildinfo.pl index 5b2cfe6f7..9498451b0 100755 --- a/scripts/dpkg-genbuildinfo.pl +++ b/scripts/dpkg-genbuildinfo.pl @@ -36,7 +36,7 @@ use Dpkg::Checksums; use Dpkg::ErrorHandling; use Dpkg::Arch qw(get_build_arch get_host_arch debarch_eq); use Dpkg::Build::Types; -use Dpkg::Build::Info qw(get_build_env_whitelist); +use Dpkg::Build::Info qw(get_build_env_allowed); use Dpkg::BuildOptions; use Dpkg::BuildFlags; use Dpkg::BuildProfiles qw(get_build_profiles); @@ -248,13 +248,13 @@ sub collect_installed_builddeps { } sub cleansed_environment { - # Consider only whitelisted variables which are not supposed to leak + # Consider only allowed variables which are not supposed to leak # local user information. my %env = map { $_ => $ENV{$_} } grep { exists $ENV{$_} - } get_build_env_whitelist(); + } get_build_env_allowed(); # Record flags from dpkg-buildflags. my $bf = Dpkg::BuildFlags->new(); diff --git a/scripts/t/Dpkg_Build_Info.t b/scripts/t/Dpkg_Build_Info.t index 3f67c3a20..c964e5556 100644 --- a/scripts/t/Dpkg_Build_Info.t +++ b/scripts/t/Dpkg_Build_Info.t @@ -22,7 +22,7 @@ BEGIN { use_ok('Dpkg::Build::Info'); } -is(scalar Dpkg::Build::Info::get_build_env_whitelist(), 50, - 'whitelisted environment variables array'); +is(scalar Dpkg::Build::Info::get_build_env_allowed(), 50, + 'allowed environment variables array'); 1; -- Dpkg.Org's dpkg
