This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=93f84e68f8883384414726a18a251c84954609cf commit 93f84e68f8883384414726a18a251c84954609cf Author: Guillem Jover <[email protected]> AuthorDate: Sat Jan 17 15:04:54 2026 +0100 dpkg-buildflags(1): Clarify that LDFLAGS are not safe for direct ld(1) use The options in the LDFLAGS variable are not safe to be passed to direct ld(1) calls, as these might have been escaped with -Wl, or might contain options that conflict with the ld(1) options, but are recognized by the compiler. If such use is to be done anyway, then only options known to work should be passed through, and any -Wl escaped options should get unescaped. Ref: #1125323 --- man/dpkg-buildflags.pod | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/man/dpkg-buildflags.pod b/man/dpkg-buildflags.pod index 7a759eb7a..3ff6fa375 100644 --- a/man/dpkg-buildflags.pod +++ b/man/dpkg-buildflags.pod @@ -322,11 +322,16 @@ Since dpkg 1.17.7. =item B<LDFLAGS> Options passed to the host compiler when linking executables or shared -objects (if the linker is called directly, then -B<-Wl> -and -B<,> -have to be stripped from these options). +objects. + +B<Note>: It is not safe to pass this variable directly to L<ld(1)>, +but if the variable needs to be passed anyway, +then these options should be sanitized to allow only options known to work. +In general B<-Wl>, B<-l> and B<-L> options should be safe, +with B<-Wl> getting stripped and B<,> in its arguments replaced with spaces. +But whether any sanitized option is safe to be passed through, +will depend on the intended semantics of the L<ld(1)> invocation. + Default value: empty. =item B<ASFLAGS_FOR_BUILD> @@ -387,9 +392,18 @@ Since dpkg 1.22.1. =item B<LDFLAGS_FOR_BUILD> Options passed to the build compiler when linking executables or shared -objects (if the linker is called directly, then B<-Wl> and B<,> have to -be stripped from these options). +objects. + +B<Note>: It is not safe to pass this variable directly to L<ld(1)>, +but if the variable needs to be passed anyway, +then these options should be sanitized to allow only options known to work. +In general B<-Wl>, B<-l> and B<-L> options should be safe, +with B<-Wl> getting stripped and B<,> in its arguments replaced with spaces. +But whether any sanitized option is safe to be passed through, +will depend on the intended semantics of the L<ld(1)> invocation. + Default value: empty. + Since dpkg 1.22.1. =back -- Dpkg.Org's dpkg
