The cause of this particular bug is in glob.c, but I don't have time
to figure out patches at the moment, and besides I wouldn't feel
comfortable making this reversion without understanding a lot more.
@@ -389,13 +389,10 @@
break;
case STAR:
pglob->gl_flags |= GLOB_MAGCHAR;
- /* collapse adjacent stars to one [or three if globstar],
- * to avoid exponential behavior
+ /* collapse adjacent stars to one, to avoid
+ * exponential behavior
*/
- if (bufnext == patbuf || bufnext[-1] != M_ALL ||
- ((flags & GLOB_STAR) != 0 &&
- (bufnext - 1 == patbuf || bufnext[-2] != M_ALL ||
- bufnext - 2 == patbuf || bufnext[-3] != M_ALL)))
+ if (bufnext == patbuf || bufnext[-1] != M_ALL)
*bufnext++ = M_ALL;
break;
default:
I think the extra lines of logic were from a patch by Greg Dionne but
I'm not sure, I cannot find the patch, only one line in the Fixes
file.
Perhaps a better alternative for the many tcsh users out there
(notwithstanding the "considered harmful" article) is to install some
older version, somehow. I am using 6.17.00 from tcsh.org. I have no
idea how this might break my Debian installation, but the broken
globbing is not acceptable in my workflow.
Andrew
On Mon, Nov 15, 2010 at 7:39 AM, Lucas Nussbaum
<lu...@lucas-nussbaum.net> wrote:
> found 603545 6.17.02-3
> thanks
>
> On 15/11/10 at 03:39 -0500, Andrew Seniuk wrote:
>> Package: tcsh
>> Version: 6.17.02
>>
>> Hello, this is my first real bug report ever. I'm sorry if I make
>> a mess of it. I tried to use reportbug, but it crashed when I
>> submitted my report.
>>
>> The tcsh bug: If there are two files, such as "z" and "zz", in
>> the current directory, then zz* expands to both files.
>>
>> This can cause unexpected data loss when for instance copying or
>> moving files. It could also destabilise the system if the system
>> ran tcsh scripts. Possibly there could be security vulnerabilities.
>>
>> The version I am using to produce the bug is 6.17.02 (from sid).
>> I compiled version 6.17.00 of tcsh from source obtained through
>> www.tcsh.org and the bug is not there manifest. (zz* expands to
>> only zz.)
>
> I confirm the problem on squeeze, too.
>
>> I was expecting the tcsh.org version number to be higher? I suppose
>> I didn't find the development repo, but the bug exists on the
>> Debian 6.17.02 version in any case.
>
> 6.17.02 was a development release. At the time, it sounded like a good
> idea to package it in Debian, because it was fixing several Debian bugs,
> and was supposed to be followed by a final release soon. But the final
> release didn't happen, and apparently, some interesting bugs like this
> one crept in.
>
> I won't work on this bug (tcsh is orphaned, and I'm too busy currently).
> When someone attacks it, I'd recommend also looking at the other
> Debian+Ubuntu bug reports for tcsh: I think I remember seeing other
> nasty bugs affecting that version. Also, the git repository is a good
> start to see what changed between 6.17.00 and 6.17.02.
>
>
> - Lucas
>
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
