Your message dated Mon, 15 Jun 2009 18:17:11 +0000
with message-id <[email protected]>
and subject line Bug#530815: fixed in devscripts 2.10.51
has caused the Debian Bug report #530815,
regarding checkbashisms: multiple false positives and false negatives
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
530815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530815
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.10.49
User: [email protected]
Usertags: checkbashisms
Hi,
These are some of my findings based on the recent checkbashisms run:
(NOTE: a combined diff is attached)
-----------------
FP:
> possible bashism in
> ./usr/share/pyshared/support-files/setuptools-0.6c9-py2.4.egg line 202
Fix (allow exec to be preceded by 'then'):
@@ -408,7 +409,7 @@ sub script_is_evil_and_wrong {
last if (++$i > 55);
if (m~
# the exec should either be "eval"ed or a new statement
- (^\s*|\beval\s*[\'\"]|(;|&&)\s*)
+ (^\s*|\beval\s*[\'\"]|(;|&&|\bthen)\s*)
# eat anything between the exec and $0
exec\s*.+\s*
-----------------
FP:
> possible bashism in ./usr/share/shorewall6-lite/lib.base line 684 (sourced
> script with arguments):
> . $(find_file $(expand $@))
Workaround (this needs to be fixed by stripping evals, $(), ``, and any other
form of code execution and looking for bashisms in those parts individually):
Apply the same dummy logic used for "" and '' to $()
@@ -281,8 +282,8 @@ foreach my $filename (@ARGV) {
# detect source (.) trying to pass args to the command it runs
# The first expression weeds out '. "foo bar"'
if (not $found and
- not m/^\s*\.\s+(\"[^\"]+\"|\'[^\']+\')\s*(\&|\||\d?>|<|;|\Z)/
- and m/^\s*(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
+ not m/^\s*\.\s+(\"[^\"]+\"|\'[^\']+\'|\$\([^)]+\)+)\s*(\&|\||
\d?>|<|;|\Z)/
+ and m/\s*(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
if ($2 =~ /^(\&|\||\d?>|<)/) {
# everything is ok
;
-----------------
FN:
> if something; then . foo bar; else bar; fi
Fix (+ move LEADIN to the global scope):
@@ -281,8 +282,8 @@ foreach my $filename (@ARGV) {
# detect source (.) trying to pass args to the command it runs
# The first expression weeds out '. "foo bar"'
if (not $found and
- not m/^\s*\.\s+(\"[^\"]+\"|\'[^\']+\')\s*(\&|\||\d?>|<|;|\Z)/
- and m/^\s*(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
+ not m/$LEADIN\.\s+(\"[^\"]+\"|\'[^\']+\'|\$\([^)]+\)+)\s*(\&|
\||\d?>|<|;|\Z)/
+ and m/$LEADIN(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
if ($2 =~ /^(\&|\||\d?>|<)/) {
# everything is ok
;
-----------------
Still to be fixed:
> . $(foo $(bar) moo)
-----------------
FP (new kind of wrapper):
usr/share/doc/systemtap-doc/examples/process/errsnoop.stp:
> #!/bin/sh
> //usr/bin/env stap -DMAXMAPENTRIES=20480 $0 $@; exit $?
> # errsnoop.stp
> ...
-----------------
FP (ref: #530084):
> if false; then foo; else exec something; fi
@@ -408,7 +409,7 @@ sub script_is_evil_and_wrong {
last if (++$i > 55);
if (m~
# the exec should either be "eval"ed or a new statement
- (^\s*|\beval\s*[\'\"]|(;|&&)\s*)
+ (^\s*|\beval\s*[\'\"]|(;|&&|\b(then|else))\s*)
# eat anything between the exec and $0
exec\s*.+\s*
-----------------
FN:
> #!/bin/sh
> cat <<FOO
> hello
> $(echo -e "world\c")
>
> Running on $OSTYPE
> FOO
Only here docs with quoted markers should be ignored.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
diff --git a/checkbashisms.orig b/checkbashisms
index 40cffc9..d97e6b5 100755
--- a/checkbashisms.orig
+++ b/checkbashisms
@@ -74,6 +74,7 @@ my $status = 0;
my $makefile = 0;
my (%bashisms, %string_bashisms, %singlequote_bashisms);
+our $LEADIN = qr'(?:(?:^|[`&;(|{])\s*|(?:if|then|do|while|shell)\s+)';
init_hashes;
foreach my $filename (@ARGV) {
@@ -281,8 +282,8 @@ foreach my $filename (@ARGV) {
# detect source (.) trying to pass args to the command it runs
# The first expression weeds out '. "foo bar"'
if (not $found and
- not m/^\s*\.\s+(\"[^\"]+\"|\'[^\']+\')\s*(\&|\||\d?>|<|;|\Z)/
- and m/^\s*(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
+ not m/$LEADIN\.\s+(\"[^\"]+\"|\'[^\']+\'|\$\([^)]+\)+)\s*(\&|\||\d?>|<|;|\Z)/
+ and m/$LEADIN(\.\s+[^\s;\`:]+\s+([^\s;]+))/) {
if ($2 =~ /^(\&|\||\d?>|<)/) {
# everything is ok
;
@@ -408,7 +409,7 @@ sub script_is_evil_and_wrong {
last if (++$i > 55);
if (m~
# the exec should either be "eval"ed or a new statement
- (^\s*|\beval\s*[\'\"]|(;|&&)\s*)
+ (^\s*|\beval\s*[\'\"]|(;|&&|\b(then|else))\s*)
# eat anything between the exec and $0
exec\s*.+\s*
@@ -458,7 +459,6 @@ sub script_is_evil_and_wrong {
}
sub init_hashes {
- my $LEADIN = qr'(?:(^|[`&;(|{])\s*|(if|then|do|while|shell)\s+)';
%bashisms = (
qr'(?:^|\s+)function \w+(\s|\(|\Z)' => q<'function' is useless>,
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.10.51
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive:
devscripts_2.10.51.dsc
to pool/main/d/devscripts/devscripts_2.10.51.dsc
devscripts_2.10.51.tar.gz
to pool/main/d/devscripts/devscripts_2.10.51.tar.gz
devscripts_2.10.51_amd64.deb
to pool/main/d/devscripts/devscripts_2.10.51_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam D. Barratt <[email protected]> (supplier of updated devscripts
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 15 Jun 2009 18:57:20 +0100
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.10.51
Distribution: unstable
Urgency: low
Maintainer: Devscripts Devel Team <[email protected]>
Changed-By: Adam D. Barratt <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 530362 530815 530926 531059 531247 531332 531422 531570 531593
Changes:
devscripts (2.10.51) unstable; urgency=low
.
[ Adam D. Barratt ]
* bts:
+ Add a note to the description of --smtp-server explaining that
reportbug.debian.org does not support relaying and is therefore not a
suitable server to use in circumstances where [email protected]
may be automatically Cced.
+ Ignore the --{force-,}interactive options when combined with -n.
(Closes: #531422)
* checkbashisms:
+ Detect shellscript wrappers that use "then" or "else" before calling
exec. Thanks, Raphael Geissert. (Closes: #530815)
+ Fix a false positive detection of ". $(foo bar)" as attempting to pass
arguments to a sourced script. Thanks, Raphael Geissert.
+ Detect use of passing arguments to a sourced script as part of a
conditional statement. Thanks, Raphael Geissert.
+ Correctly count the number of quotes in a line when detecting whether
we are currently inside a "quoted block". Thanks, Raphael Geissert.
(Closes: #531247)
+ Do not check the contents of a dpatch. The wrapper script always uses
/bin/sh and we can't detect the interpreter of a patch.
+ Improve the check for the use of $[] inside quoted text. Thanks,
Raphael Geissert.
+ Apply the "common lead-in text" to the "readonly" check.
+ Remove "\\" from the list of unsafe backslash escapes, as it appears to
work in all shells.
* dcmd: Parse changes / dsc files containing section or priority entries of
"-". (Closes: #531593)
* licensecheck: Fix an error in a regular expression which led to an
uninitialized value warning and missing version for some GPL headers.
Thanks, Jakub Wilk. (Closes: #531059)
* uscan: Make a regular expression example in the manpage clearer. Thanks,
Jason Heeris. (Closes: #530362)
* uupdate: Add support for .lzma compressed tarballs and diffs. Thanks to
Simon Richter for the patch. (Closes: #531570)
.
[ James Vega ]
* bts: Only Cc [email protected] if we're reasonably sure we have
an email body instead of simply control messages; i.e., if the user
specifies the --force-interactive option or the --interactive option and
chooses to edit the email body. (Closes: #530926)
* uscan: Log the correct filename when running the post-download action.
Simplify the surrounding logic so the logging and command are less likely
to get out of sync in the future.
.
[ Mohammed Adnène Trojette ]
* pts-subscribe: refer to bsd-mailx rather to the transitional mailx
package. Thanks Ansgar Burchardt for the patch. (Closes: #531332)
Checksums-Sha1:
794a5b497f931bcd9e9ae14a346e25183dc15aaa 1363 devscripts_2.10.51.dsc
ea1a87c7da2d6922e7f7dc1e9f8a18c0dcdbf7ae 662556 devscripts_2.10.51.tar.gz
14df22849d6cad8f9b1fa34f94c794c4622cdb0c 566816 devscripts_2.10.51_amd64.deb
Checksums-Sha256:
3547fc515e7586fe0c3703d27dbc607ca43a70470b45dd9b9435e560812c597e 1363
devscripts_2.10.51.dsc
a1c054a183a2614112062b4108b3d0f69cdb9175d0bc9314f374f0262678730f 662556
devscripts_2.10.51.tar.gz
958501dc408fcdc72ba5989f8aefd0798ba2462393eff2597038dcf5136695a4 566816
devscripts_2.10.51_amd64.deb
Files:
e006cde4dcc04bec7c0a7626429a776b 1363 devel optional devscripts_2.10.51.dsc
7b98c6c2e08f21a009a285096853c8c8 662556 devel optional
devscripts_2.10.51.tar.gz
96bf1d57a4b442f3b606aa5e44b4e8ad 566816 devel optional
devscripts_2.10.51_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAko2jaoACgkQokcE1TReOoWuXQCglCvU57i6lXyQkPidQu0llFcM
ngsAnRCiNkt/cDSqqf/OzO5rRmM+IXjk
=xkuP
-----END PGP SIGNATURE-----
--- End Message ---
