This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ebf528830d83bc1ba47dc3f853d5a2b439f4cd9b commit ebf528830d83bc1ba47dc3f853d5a2b439f4cd9b Author: Guillem Jover <[email protected]> AuthorDate: Sat Oct 11 17:05:02 2025 +0200 Dpkg::BuildInfo: Allow TZ, TZDIR and DATEMSK variables Allow timezone and date related environment variables. While the TZ environment variable could be considered to leak local user information, it only tends to be used to override the system default, and we are already leaking it indirectly via the deb-buildinfo(5) Build-Date field for all builds, and for maintainer builds this is also leaked via the trailer line in the changelog entry. --- scripts/Dpkg/BuildInfo.pm | 9 +++++++++ scripts/t/Dpkg_BuildInfo.t | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/Dpkg/BuildInfo.pm b/scripts/Dpkg/BuildInfo.pm index 9d163a9c6..c198f279f 100644 --- a/scripts/Dpkg/BuildInfo.pm +++ b/scripts/Dpkg/BuildInfo.pm @@ -97,6 +97,15 @@ my @env_allowed = ( qw( LD_LIBRARY_PATH ), + # Timezone, see tzset(3). + qw( + TZ + TZDIR + ), + # Dates, see getdate(3). + qw( + DATEMSK + ), # Locale, see locale(1), locale(7). qw( LANG diff --git a/scripts/t/Dpkg_BuildInfo.t b/scripts/t/Dpkg_BuildInfo.t index b71390482..b2774bb4f 100644 --- a/scripts/t/Dpkg_BuildInfo.t +++ b/scripts/t/Dpkg_BuildInfo.t @@ -19,5 +19,5 @@ use Test::More tests => 2; use ok 'Dpkg::BuildInfo'; -is(scalar Dpkg::BuildInfo::get_build_env_allowed(), 68, +is(scalar Dpkg::BuildInfo::get_build_env_allowed(), 71, 'allowed environment variables array'); -- Dpkg.Org's dpkg
