Package: dash Version: 0.5.12-2 Version: 0.5.11+git20210903+057cd650a4ed-9 Severity: wishlist
Dear Maintainer, (I built 0.5.12-2 from the .dsc, the binary packages don't appear to have propagated yet. I also originally wrote this without knowing that glob classes are negated by !, not ^. s/correct/compatible/ and s/broken/incompatible/, i guess) Original reproducer: sh -xc 'rerat_secs=7200; [ "${rerat_secs%[^0-9]*}" != "$rerat_secs" ]; echo $?' reduced for testing: sh -c 'i=10; echo "${i%[^0-9]*}"' The /correct/ output, given by 0.5.11+git20200708+dd9ef66-5 (bullseye) (and bash, and any other shell), is, naturally "10": we're removing, from the end, a nondigit, then anything. There are no nondigits, so nothing is removed. Let's observe: bullseye$ sh -c 'i=10; echo "${i%[^0-9]*}"' 10 sid$ sh -c 'i=10; echo "${i%[^0-9]*}"' 1 0.5.12-2$ sh -c 'i=10; echo "${i%[^0-9]*}"' 1 trunk$ sh -c 'i=10; echo "${i%[^0-9]*}"' 1 Ruh-roh!!! That's /horrific/. In my original reproducer that test is for checking the input is an integer, this is a common pattern. This smells an awful lot like it'd affect all globs, right? Yeah. $ ls 1 10 2 3 4 5 6 7 8 9 bin DEBIAN usr $ echo [^0-9]* # bash, bullseye dash bin DEBIAN usr $ sh -c 'echo [^0-9]*' # sid dash, dash 0.5.12+ trunk 1 10 2 3 4 5 6 7 8 9 Terrifying. Bisecting over the upstream git, I got commit 8f9cca055bc661c4c690a5f5e1ca71370d129bc3 (HEAD, refs/bisect/bad) Author: Herbert Xu <herb...@gondor.apana.org.au> Date: Wed Jan 19 16:37:54 2022 +1100 expand: Always quote caret when using fnmatch This patch forces ^ to be a literal when we use fnmatch. In order to allow for the extra space to quote the caret, the function _rmescapes will allocate up to twice the memory if the flag RMESCAPE_GLOB is set. Fixes: 7638476c18f2 ("shell: Enable fnmatch/glob by default") Reported-by: Christoph Anton Mitterer <cales...@scientia.org> Suggested-by: Harald van Dijk <har...@gigawatt.nl> Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au> as the first bad commit with default configuration (HAVE_FNMATCH=1). I /cannot/ find a set-up where configuring like Debian (--disable-fnmatch --disable-lineno --disable-glob) isn't broken. Y'know what, I bisected the Salsa git, too, but then I consulted POSIX. Apparently, this is fine. Apparently, XCU, 2.13.1 Patterns Matching a Single Character: When unquoted and outside a bracket expression, the following three characters shall have special meaning in the specification of patterns: [ If an open bracket introduces a bracket expression as in XBD RE Bracket Expression, except that the <exclamation-mark> character ( '!' ) shall replace the <circumflex> character ( '^' ) in its role in a non-matching list in the regular expression notation, it shall introduce a pattern bracket expression. A bracket expression starting with an unquoted <circumflex> character produces unspecified results. Otherwise, '[' shall match the character itself. Please for the love of god add this to the NEWS. I /guarantee/ people are using '[^0-9]' to mean "not 0-9", and similar constructs, even if they are well-versed in the shell language. This is a breaking change going from bullseye, and quite an insidious one. I assume my reaction is gonna mirror others' quite well. /Please/ add this to the NEWS. Thanks, наб -- System Information: Debian Release: bookworm/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: x32 (x86_64) Foreign Architectures: amd64, i386 Kernel: Linux 6.0.0-6-amd64 (SMP w/2 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dash depends on: ii debianutils 5.7-0.4 ii dpkg 1.21.15 ii libc6 2.36-7 dash recommends no packages. dash suggests no packages. -- debconf information excluded
signature.asc
Description: PGP signature