Package: adduser Version: 3.145 Severity: important Dear Maintainer,
The new adduser release using Perl's taint option causes packages (such as openssh-client) to fail to install when they call adduser when $BASH_ENV is set. It seems CI systems, especially hosted CI systems, use $BASH_ENV to pass in environment variables from their config file to commands (the system I ran into this on was CircleCI, but I imagine others will be affected). The workaround of unsetting $BASH_ENV means that this can be solved with some small effort in CI config files, but it would be nice to not require knowing about the existence of Perl's taint option. Would it be possible to change adduser such that this was no longer a problem (in which ever way you deem best)? Regards James P.S. I've left this on a non-RC severity given the workaround, but feel free to bump this up or down if needed. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.12.17-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_AU.UTF-8), LANGUAGE=en_AU:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages adduser depends on: ii passwd 1:4.17.3-1 adduser recommends no packages. Versions of packages adduser suggests: ii cron 3.0pl1-194 ii liblocale-gettext-perl 1.07-7+b1 ii perl 5.40.1-2 pn quota <none> -- debconf information: adduser/homedir-permission: true adduser/title:
