On 11/2/24 19:47, James Youngman wrote:
I have installed a modified version of the patch
(1dcdf3de8e27cc130968891ee5a529a461a248da), updated in the ways you
suggested.
Thanks, nice.
I have the 4 attached follow-up patches. Pushing soon.
Have a nice day,
Berny
From 57fb016b73c2df6ab5e4cc908f716b520373f53a Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Sun, 3 Nov 2024 21:14:37 +0100
Subject: [PATCH 4/4] maint: add NEWS entry for recent 'find -execdir/-okdir'
change
* NEWS (Changes in find): Reflect the change in behavir in recent
commit v4.10.0-15-g1dcdf3de.
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index 56298c48..cfb752cd 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,12 @@ GNU findutils NEWS - User visible changes. -*- outline -*- (allout)
already states this, and now find's behaviour matches the
documentation.
+** Changes in find
+
+ The actions -execdir and -okdir now refuse the '{}' replacement in the zeroth
+ argument of the command to be run. While POSIX allows this for -exec, this is
+ deemed insecure as an attacker could influence which files could be found.
+
** Documentation Changes
The forthcoming Issue 8 of the POSIX standard will standardise "find
--
2.47.0
From 2ef0b4ce38ce99ba6ceed043158e65b87705f25e Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Sun, 3 Nov 2024 21:09:51 +0100
Subject: [PATCH 3/4] maint: fix indentation in NEWS
* NEWS: Use 2 char indentation.
---
NEWS | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/NEWS b/NEWS
index 3276887a..56298c48 100644
--- a/NEWS
+++ b/NEWS
@@ -4,19 +4,20 @@ GNU findutils NEWS - User visible changes. -*- outline -*- (allout)
** Bug Fixes
- 'find -ignore_readdir_race' now has a race between FTS read and the visiting
- of the entry when the file was removed. [#45930]
+ 'find -ignore_readdir_race' now has a race between FTS read and the visiting
+ of the entry when the file was removed. [#45930]
- To fix a POSIX compatibility bug, -exec foo Z{} + is no longer a
- complete predicate, because '+' is only a terminator when it follows
- an argument which is exactly '{}'. The findutils documentation
- already states this, and now find's behaviour matches the
- documentation.
+ To fix a POSIX compatibility bug, -exec foo Z{} + is no longer a
+ complete predicate, because '+' is only a terminator when it follows
+ an argument which is exactly '{}'. The findutils documentation
+ already states this, and now find's behaviour matches the
+ documentation.
** Documentation Changes
- The forthcoming Issue 8 of the POSIX standard will standardise "find
- -print0" and "xargs -0". Our documentation now points this out.
+ The forthcoming Issue 8 of the POSIX standard will standardise "find
+ -print0" and "xargs -0". Our documentation now points this out.
+
* Noteworthy changes in release 4.10.0 (2024-06-01) [stable]
--
2.47.0
From 128c5b18c9254a1c7f8735c4e29f78fa110de671 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Sun, 3 Nov 2024 17:18:43 +0100
Subject: [PATCH 2/4] maint: make tests/sample-test executable
To avoid that new tests copied from the template sample-test lack the
executable bit, add the executable bit to that file.
* tests/sample-test: Set executable permission bit.
---
tests/sample-test | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 tests/sample-test
diff --git a/tests/sample-test b/tests/sample-test
old mode 100644
new mode 100755
--
2.47.0
From 727d261bb86a2c521136d6a5b92a62c56f0e66a7 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <m...@bernhard-voelker.de>
Date: Sun, 3 Nov 2024 17:18:18 +0100
Subject: [PATCH 1/4] maint: make new tests/find/sv-bug-66365-exec.sh
executable
'make syntax-check' fails with:
tests_executable
maint.mk: Please make test executable: tests/find/sv-bug-66365-exec.sh
make: *** [cfg.mk:129: sc_tests_executable] Error 1
* tests/find/sv-bug-66365-exec.sh: Set executable permission bit.
---
tests/find/sv-bug-66365-exec.sh | 0
1 file changed, 0 insertions(+), 0 deletions(-)
mode change 100644 => 100755 tests/find/sv-bug-66365-exec.sh
diff --git a/tests/find/sv-bug-66365-exec.sh b/tests/find/sv-bug-66365-exec.sh
old mode 100644
new mode 100755
--
2.47.0
