X-Loop: [email protected] Subject: bug#734: report of tcsh square-bracket globbing bug Reply-To: "Robert M. Riches Jr." <[email protected]>, [email protected] Resent-From: "Robert M. Riches Jr." <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Wed, 04 Jan 2023 03:48:01 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: report 734 X-Devuan-PR-Package: tcsh X-Devuan-PR-Keywords: Received: via spool by [email protected] id=B.167280400121854 (code B); Wed, 04 Jan 2023 03:48:01 +0000 Received: (at submit) by bugs.devuan.org; 4 Jan 2023 03:46:41 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Wed, 04 Jan 2023 03:46:41 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 7VqKKXv2tGOwcgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Wed, 04 Jan 2023 03:46:03 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 9C29E1267; Wed, 4 Jan 2023 03:46:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=136.175.108.88; helo=mail-108-mta88.mxroute.com; [email protected]; receiver=<UNKNOWN> Received: from mail-108-mta88.mxroute.com (mail-108-mta88.mxroute.com [136.175.108.88]) by email.devuan.org (Postfix) with ESMTPS id 7053FB11 for <[email protected]>; Wed, 4 Jan 2023 03:46:02 +0000 (UTC) Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta88.mxroute.com (ZoneMTA) with ESMTPSA id 1857ae2be08000011e.001 for <[email protected]> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Wed, 04 Jan 2023 03:45:58 +0000 X-Zone-Loop: a513a91697461ba46e44a92b00087a6743994c1add83 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jacob21819.net; s=x; h=From:Message-Id:Subject:To:Date:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0NnBZIZhfAypN8bbFsMSDNhX8uSa41pQOLaWDnBQ08k=; b=N2PPeGJOgy72hqhUoQKH6iBxW4 gKZlsrQ7blFPLK0Qk6nPapj8oTfOZh12kqY1oLj6s1Shp2Y+N+4AfUfjmRwCX/My5FNVEzAMHA4X6 erptGSjJOPALdwMlObf+hsB+Ic/+tVTq/qwBDtHmkuI6c/zyErpM/zRy9ne3+fz5sTOax09yK7iaE MazIRiEGgtTyOsoU/IATzet4vWFjoLZFjXP0Rc8Cq+tnwR2clsJ4dULauEzAtegWIwjx6CRr82YOv 0g3BxArp4WoCBMEprqufk8E9dFKzS257Nkz/6cLyW3u7FLQGaWO2wNHzrFcJyPYierHh6qcq6dyl7 bZKD6r0A==; Date: Tue, 03 Jan 2023 19:45:54 -0800 To: [email protected] User-Agent: s-nail v14.9.22 Message-Id: <[email protected]> From: "Robert M. Riches Jr." <[email protected]> X-Authenticated-Id: [email protected] Package: tcsh Version: 6.21.00-1.1 Severity: critical Justification: causes serious data loss Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. Dear Maintainer, (Apologies for sending this outside the reportbug tool. The tool refused to send it. If this report gets accepted, I should file bug reports against reportbug.) -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 4 (chimaera) Release: 4 Codename: chimaera Architecture: x86_64 Kernel: Linux 5.10.0-20-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages tcsh depends on: ii libc6 2.31-13+deb11u5 ii libcrypt1 1:4.4.18-4 ii libtinfo6 6.2+20201114-2 tcsh recommends no packages. tcsh suggests no packages. -- no debconf information Square-bracket globbing in this version of tcsh has false positives, which can cause unintended files to be deleted (perhaps without being noticed). To reproduce: In an empty directory do these three commands: touch {a,b,c,d,2}{1,2,3} echo [a-d]* echo [a-d]? Each of the echo commands prints this (modulo indentation): 21 22 23 a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 Each of the echo commands SHOULD print this (modulo indentation): a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 The man page says this about a hyphen between square brackets: Within `[...]', a pair of characters separated by `-' matches any character lexically between the two. "2" is _NOT_ lexically between "a" and "d". Therefore, the filenames that start with "2" should not be in the glob expansion. This bug can result in files being deleted that should not have been deleted. I'm told the bug is fixed in the latest upstream version and possibly earlier.
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: "Robert M. Riches Jr." <[email protected]> Subject: bug#734: Acknowledgement (report of tcsh square-bracket globbing bug) Message-ID: <[email protected]> References: <[email protected]> X-Devuan-PR-Message: ack 734 X-Devuan-PR-Package: tcsh Reply-To: [email protected] Date: Wed, 04 Jan 2023 03:48:06 +0000 Thank you for filing a new bug report with Devuan. You can follow progress on this bug here: 734: https://bugs.devuan.org/cgi/= bugreport.cgi?bug=3D734. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): [email protected] If you wish to submit further information on this problem, please send it to [email protected]. Please do not send mail to [email protected] unless you wish to report a problem with the Bug-tracking system. --=20 734: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D734 Devuan Bug Tracking System Contact [email protected] with problems
X-Loop: [email protected] Subject: bug#734: report of tcsh square-bracket globbing bug Reply-To: Mark Hindley <[email protected]>, [email protected] Resent-From: Mark Hindley <[email protected]> Resent-To: [email protected] Resent-CC: [email protected] X-Loop: [email protected] Resent-Date: Mon, 09 Jan 2023 16:20:02 +0000 Resent-Message-ID: <[email protected]> Resent-Sender: [email protected] X-Devuan-PR-Message: followup 734 X-Devuan-PR-Package: tcsh X-Devuan-PR-Keywords: References: <[email protected]> <[email protected]> Received: via spool by [email protected] id=B734.167328108318578 (code B ref 734); Mon, 09 Jan 2023 16:20:02 +0000 Received: (at 734) by bugs.devuan.org; 9 Jan 2023 16:18:03 +0000 Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 09 Jan 2023 16:18:03 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id R9vfKiI+vGO6ZQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 09 Jan 2023 16:17:38 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 8DE3FB85; Mon, 9 Jan 2023 16:17:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 964228CB for <[email protected]>; Mon, 9 Jan 2023 16:17:33 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pEuq3-0002xq-Cu; Mon, 09 Jan 2023 16:17:31 +0000 Received: (nullmailer pid 1926 invoked by uid 1000); Mon, 09 Jan 2023 16:17:31 -0000 Date: Mon, 9 Jan 2023 16:17:31 +0000 From: Mark Hindley <[email protected]> To: "Robert M. Riches Jr." <[email protected]>, [email protected] Message-ID: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> Control: tags -1 debian Control: forwarded -1 https://bugs.debian.org/999754 Control: fixed -1 tcsh/6.21.00-2 Robert, Many thanks for this. On Tue, Jan 03, 2023 at 07:45:54PM -0800, Robert M. Riches Jr. wrote: > Package: tcsh > Version: 6.21.00-1.1 > Severity: critical > Justification: causes serious data loss > Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. tsch is not a forked package and Devuan uses Debian's packages directly without recompilation. Fortunately this issue appears to have been reported to Debian's BTS[1] and is fixed in version 6.21.00-2. Mark [1] https://bugs.debian.org/999754
Received: (at 734) by bugs.devuan.org; 9 Jan 2023 16:18:03 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 09 Jan 2023 16:18:03 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id R9vfKiI+vGO6ZQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 09 Jan 2023 16:17:38 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 8DE3FB85; Mon, 9 Jan 2023 16:17:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 964228CB for <[email protected]>; Mon, 9 Jan 2023 16:17:33 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pEuq3-0002xq-Cu; Mon, 09 Jan 2023 16:17:31 +0000 Received: (nullmailer pid 1926 invoked by uid 1000); Mon, 09 Jan 2023 16:17:31 -0000 Date: Mon, 9 Jan 2023 16:17:31 +0000 From: Mark Hindley <[email protected]> To: "Robert M. Riches Jr." <[email protected]>, [email protected] Subject: Re: bug#734: report of tcsh square-bracket globbing bug Message-ID: <[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> X-Debbugs-No-Ack: No Thanks Control: tags -1 debian Control: forwarded -1 https://bugs.debian.org/999754 Control: fixed -1 tcsh/6.21.00-2 Robert, Many thanks for this. On Tue, Jan 03, 2023 at 07:45:54PM -0800, Robert M. Riches Jr. wrote: > Package: tcsh > Version: 6.21.00-1.1 > Severity: critical > Justification: causes serious data loss > Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. tsch is not a forked package and Devuan uses Debian's packages directly without recompilation. Fortunately this issue appears to have been reported to Debian's BTS[1] and is fixed in version 6.21.00-2. Mark [1] https://bugs.debian.org/999754
Received: (at 734) by bugs.devuan.org; 9 Jan 2023 16:18:03 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 09 Jan 2023 16:18:03 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id R9vfKiI+vGO6ZQAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 09 Jan 2023 16:17:38 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 8DE3FB85; Mon, 9 Jan 2023 16:17:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 964228CB for <[email protected]>; Mon, 9 Jan 2023 16:17:33 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pEuq3-0002xq-Cu; Mon, 09 Jan 2023 16:17:31 +0000 Received: (nullmailer pid 1926 invoked by uid 1000); Mon, 09 Jan 2023 16:17:31 -0000 Date: Mon, 9 Jan 2023 16:17:31 +0000 From: Mark Hindley <[email protected]> To: "Robert M. Riches Jr." <[email protected]>, [email protected] Subject: Re: bug#734: report of tcsh square-bracket globbing bug Message-ID: <[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> X-Debbugs-No-Ack: No Thanks Control: tags -1 debian Control: forwarded -1 https://bugs.debian.org/999754 Control: fixed -1 tcsh/6.21.00-2 Robert, Many thanks for this. On Tue, Jan 03, 2023 at 07:45:54PM -0800, Robert M. Riches Jr. wrote: > Package: tcsh > Version: 6.21.00-1.1 > Severity: critical > Justification: causes serious data loss > Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. tsch is not a forked package and Devuan uses Debian's packages directly without recompilation. Fortunately this issue appears to have been reported to Debian's BTS[1] and is fixed in version 6.21.00-2. Mark [1] https://bugs.debian.org/999754
MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: Mark Hindley <[email protected]> Subject: bug#734: marked as done (report of tcsh square-bracket globbing bug) Message-ID: <[email protected]> References: <Y7xC4jCPbFwEXU/[email protected]> <[email protected]> X-Devuan-PR-Message: closed 734 X-Devuan-PR-Package: tcsh X-Devuan-PR-Keywords: debian Reply-To: [email protected] Date: Mon, 09 Jan 2023 16:40:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1673282402-20595-0" This is a multi-part message in MIME format... ------------=_1673282402-20595-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your message dated Mon, 9 Jan 2023 16:37:54 +0000 with message-id <Y7xC4jCPbFwEXU/[email protected]> and subject line Re: bug#734: report of tcsh square-bracket globbing bug has caused the Devuan bug report #734, regarding report of tcsh square-bracket globbing bug to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) --=20 734: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D734 Devuan Bug Tracking System Contact [email protected] with problems ------------=_1673282402-20595-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.devuan.org; 4 Jan 2023 03:46:41 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Wed, 04 Jan 2023 03:46:41 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 7VqKKXv2tGOwcgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Wed, 04 Jan 2023 03:46:03 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 9C29E1267; Wed, 4 Jan 2023 03:46:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=136.175.108.88; helo=mail-108-mta88.mxroute.com; [email protected]; receiver=<UNKNOWN> Received: from mail-108-mta88.mxroute.com (mail-108-mta88.mxroute.com [136.175.108.88]) by email.devuan.org (Postfix) with ESMTPS id 7053FB11 for <[email protected]>; Wed, 4 Jan 2023 03:46:02 +0000 (UTC) Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta88.mxroute.com (ZoneMTA) with ESMTPSA id 1857ae2be08000011e.001 for <[email protected]> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Wed, 04 Jan 2023 03:45:58 +0000 X-Zone-Loop: a513a91697461ba46e44a92b00087a6743994c1add83 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jacob21819.net; s=x; h=From:Message-Id:Subject:To:Date:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0NnBZIZhfAypN8bbFsMSDNhX8uSa41pQOLaWDnBQ08k=; b=N2PPeGJOgy72hqhUoQKH6iBxW4 gKZlsrQ7blFPLK0Qk6nPapj8oTfOZh12kqY1oLj6s1Shp2Y+N+4AfUfjmRwCX/My5FNVEzAMHA4X6 erptGSjJOPALdwMlObf+hsB+Ic/+tVTq/qwBDtHmkuI6c/zyErpM/zRy9ne3+fz5sTOax09yK7iaE MazIRiEGgtTyOsoU/IATzet4vWFjoLZFjXP0Rc8Cq+tnwR2clsJ4dULauEzAtegWIwjx6CRr82YOv 0g3BxArp4WoCBMEprqufk8E9dFKzS257Nkz/6cLyW3u7FLQGaWO2wNHzrFcJyPYierHh6qcq6dyl7 bZKD6r0A==; Date: Tue, 03 Jan 2023 19:45:54 -0800 To: [email protected] Subject: report of tcsh square-bracket globbing bug User-Agent: s-nail v14.9.22 Message-Id: <[email protected]> From: "Robert M. Riches Jr." <[email protected]> X-Authenticated-Id: [email protected] Package: tcsh Version: 6.21.00-1.1 Severity: critical Justification: causes serious data loss Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. Dear Maintainer, (Apologies for sending this outside the reportbug tool. The tool refused to send it. If this report gets accepted, I should file bug reports against reportbug.) -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 4 (chimaera) Release: 4 Codename: chimaera Architecture: x86_64 Kernel: Linux 5.10.0-20-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages tcsh depends on: ii libc6 2.31-13+deb11u5 ii libcrypt1 1:4.4.18-4 ii libtinfo6 6.2+20201114-2 tcsh recommends no packages. tcsh suggests no packages. -- no debconf information Square-bracket globbing in this version of tcsh has false positives, which can cause unintended files to be deleted (perhaps without being noticed). To reproduce: In an empty directory do these three commands: touch {a,b,c,d,2}{1,2,3} echo [a-d]* echo [a-d]? Each of the echo commands prints this (modulo indentation): 21 22 23 a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 Each of the echo commands SHOULD print this (modulo indentation): a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 The man page says this about a hyphen between square brackets: Within `[...]', a pair of characters separated by `-' matches any character lexically between the two. "2" is _NOT_ lexically between "a" and "d". Therefore, the filenames that start with "2" should not be in the glob expansion. This bug can result in files being deleted that should not have been deleted. I'm told the bug is fixed in the latest upstream version and possibly earlier. ------------=_1673282402-20595-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 734-done) by bugs.devuan.org; 9 Jan 2023 16:38:19 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 09 Jan 2023 16:38:19 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id ObyLGORCvGNzZgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 09 Jan 2023 16:37:56 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 5B0EFB85; Mon, 9 Jan 2023 16:37:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 1567B8CB for <[email protected]>; Mon, 9 Jan 2023 16:37:55 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pEv9m-00036p-Fl; Mon, 09 Jan 2023 16:37:54 +0000 Received: (nullmailer pid 7177 invoked by uid 1000); Mon, 09 Jan 2023 16:37:54 -0000 Date: Mon, 9 Jan 2023 16:37:54 +0000 From: Mark Hindley <[email protected]> To: "Robert M. Riches Jr." <[email protected]>, [email protected] Subject: Re: bug#734: report of tcsh square-bracket globbing bug Message-ID: <Y7xC4jCPbFwEXU/[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> Version: 6.21.00-2 Closing as fixed in Debian 6.21.00-2 Mark ------------=_1673282402-20595-0--
MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) X-Loop: [email protected] From: "Devuan bug Tracking System" <[email protected]> To: "Robert M. Riches Jr." <[email protected]> Subject: bug#734 closed by Mark Hindley <[email protected]> (Re: bug#734: report of tcsh square-bracket globbing bug) Message-ID: <[email protected]> References: <Y7xC4jCPbFwEXU/[email protected]> <[email protected]> X-Devuan-PR-Message: they-closed 734 X-Devuan-PR-Package: tcsh X-Devuan-PR-Keywords: debian Reply-To: [email protected] Date: Mon, 09 Jan 2023 16:40:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1673282403-20595-1" This is a multi-part message in MIME format... ------------=_1673282403-20595-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" This is an automatic notification regarding your bug report which was filed against the tcsh package: #734: report of tcsh square-bracket globbing bug It has been closed by Mark Hindley <[email protected]>. Their explanation is attached below along with your original report. If this explanation is unsatisfactory and you have not received a better one in a separate message then please contact Mark Hindley <mark@hin= dley.org.uk> by replying to this email. --=20 734: https://bugs.devuan.org/cgi/bugreport.cgi?bug=3D734 Devuan Bug Tracking System Contact [email protected] with problems ------------=_1673282403-20595-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 734-done) by bugs.devuan.org; 9 Jan 2023 16:38:19 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Mon, 09 Jan 2023 16:38:19 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id ObyLGORCvGNzZgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Mon, 09 Jan 2023 16:37:56 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 5B0EFB85; Mon, 9 Jan 2023 16:37:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=0.4 required=5.0 tests=RDNS_DYNAMIC,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=193.36.131.86; helo=mx.hindley.org.uk; [email protected]; receiver=<UNKNOWN> Received: from mx.hindley.org.uk (193-36-131-86.cfwn.uk [193.36.131.86]) by email.devuan.org (Postfix) with ESMTPS id 1567B8CB for <[email protected]>; Mon, 9 Jan 2023 16:37:55 +0000 (UTC) Received: from apollo.hindleynet ([192.168.1.3] helo=hindley.org.uk) by mx.hindley.org.uk with smtp (Exim 4.84_2) (envelope-from <[email protected]>) id 1pEv9m-00036p-Fl; Mon, 09 Jan 2023 16:37:54 +0000 Received: (nullmailer pid 7177 invoked by uid 1000); Mon, 09 Jan 2023 16:37:54 -0000 Date: Mon, 9 Jan 2023 16:37:54 +0000 From: Mark Hindley <[email protected]> To: "Robert M. Riches Jr." <[email protected]>, [email protected] Subject: Re: bug#734: report of tcsh square-bracket globbing bug Message-ID: <Y7xC4jCPbFwEXU/[email protected]> References: <[email protected]> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <[email protected]> Version: 6.21.00-2 Closing as fixed in Debian 6.21.00-2 Mark ------------=_1673282403-20595-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by bugs.devuan.org; 4 Jan 2023 03:46:41 +0000 Return-Path: <[email protected]> Delivered-To: [email protected] Received: from email.devuan.org [2001:41d0:2:d06e::5c4:2612] by doc.devuan.org with IMAP (fetchmail-6.4.16) for <debbugs@localhost> (single-drop); Wed, 04 Jan 2023 03:46:41 +0000 (UTC) Received: from email.devuan.org by email.devuan.org with LMTP id 7VqKKXv2tGOwcgAAmSBk0A (envelope-from <[email protected]>) for <[email protected]>; Wed, 04 Jan 2023 03:46:03 +0000 Received: by email.devuan.org (Postfix, from userid 109) id 9C29E1267; Wed, 4 Jan 2023 03:46:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on email.devuan.org X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=136.175.108.88; helo=mail-108-mta88.mxroute.com; [email protected]; receiver=<UNKNOWN> Received: from mail-108-mta88.mxroute.com (mail-108-mta88.mxroute.com [136.175.108.88]) by email.devuan.org (Postfix) with ESMTPS id 7053FB11 for <[email protected]>; Wed, 4 Jan 2023 03:46:02 +0000 (UTC) Received: from mail-111-mta2.mxroute.com ([136.175.111.2] filter006.mxroute.com) (Authenticated sender: mN4UYu2MZsgR) by mail-108-mta88.mxroute.com (ZoneMTA) with ESMTPSA id 1857ae2be08000011e.001 for <[email protected]> (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256); Wed, 04 Jan 2023 03:45:58 +0000 X-Zone-Loop: a513a91697461ba46e44a92b00087a6743994c1add83 X-Originating-IP: [136.175.111.2] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jacob21819.net; s=x; h=From:Message-Id:Subject:To:Date:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0NnBZIZhfAypN8bbFsMSDNhX8uSa41pQOLaWDnBQ08k=; b=N2PPeGJOgy72hqhUoQKH6iBxW4 gKZlsrQ7blFPLK0Qk6nPapj8oTfOZh12kqY1oLj6s1Shp2Y+N+4AfUfjmRwCX/My5FNVEzAMHA4X6 erptGSjJOPALdwMlObf+hsB+Ic/+tVTq/qwBDtHmkuI6c/zyErpM/zRy9ne3+fz5sTOax09yK7iaE MazIRiEGgtTyOsoU/IATzet4vWFjoLZFjXP0Rc8Cq+tnwR2clsJ4dULauEzAtegWIwjx6CRr82YOv 0g3BxArp4WoCBMEprqufk8E9dFKzS257Nkz/6cLyW3u7FLQGaWO2wNHzrFcJyPYierHh6qcq6dyl7 bZKD6r0A==; Date: Tue, 03 Jan 2023 19:45:54 -0800 To: [email protected] Subject: report of tcsh square-bracket globbing bug User-Agent: s-nail v14.9.22 Message-Id: <[email protected]> From: "Robert M. Riches Jr." <[email protected]> X-Authenticated-Id: [email protected] Package: tcsh Version: 6.21.00-1.1 Severity: critical Justification: causes serious data loss Subject: tcsh: globbing false positives: [a-d]? and [a-d]* can delete unintended files like 21, 22, 23, etc. Dear Maintainer, (Apologies for sending this outside the reportbug tool. The tool refused to send it. If this report gets accepted, I should file bug reports against reportbug.) -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 4 (chimaera) Release: 4 Codename: chimaera Architecture: x86_64 Kernel: Linux 5.10.0-20-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) LSM: AppArmor: enabled Versions of packages tcsh depends on: ii libc6 2.31-13+deb11u5 ii libcrypt1 1:4.4.18-4 ii libtinfo6 6.2+20201114-2 tcsh recommends no packages. tcsh suggests no packages. -- no debconf information Square-bracket globbing in this version of tcsh has false positives, which can cause unintended files to be deleted (perhaps without being noticed). To reproduce: In an empty directory do these three commands: touch {a,b,c,d,2}{1,2,3} echo [a-d]* echo [a-d]? Each of the echo commands prints this (modulo indentation): 21 22 23 a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 Each of the echo commands SHOULD print this (modulo indentation): a1 a2 a3 b1 b2 b3 c1 c2 c3 d1 d2 d3 The man page says this about a hyphen between square brackets: Within `[...]', a pair of characters separated by `-' matches any character lexically between the two. "2" is _NOT_ lexically between "a" and "d". Therefore, the filenames that start with "2" should not be in the glob expansion. This bug can result in files being deleted that should not have been deleted. I'm told the bug is fixed in the latest upstream version and possibly earlier. ------------=_1673282403-20595-1--
Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.
Devuan Bugs Owner <[email protected]>.
Last modified:
Thu, 28 Nov 2024 08:39:01 UTC