Package: findutils
Version: 4.7.0-1
Severity: critical
Justification: breaks unrelated software
$ mkdir ./-a
$ mkdir ./-a/b
$ find ./-a
./-a
./-a/b
$ find -- ./-a
./-a
./-a/b
$ find -- -a
find: invalid expression; you have used a binary operator '-a' with nothing
before it.
One normally uses the “--” precisely *because* arbitrary input shouldn’t
be confused with an option. This is even documented in the manpage:
39 ately after the last path name. The five `real' options -H, -L,
-P, -D
40 and -O must appear before the first path name, if at all. A
double
41 dash -- can also be used to signal that any remaining arguments
are not
42 options (though ensuring that all start points begin with
either `./'
43 or `/' is generally safer if you use wildcards in the list
of start
44 points).
-- System Information:
Debian Release: bullseye/sid
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.5.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages findutils depends on:
ii libc6 2.30-4
ii libselinux1 3.0-1+b3
findutils recommends no packages.
Versions of packages findutils suggests:
ii mlocate 0.26-3+b1
-- no debconf information
