Re: bash without importing shell functions from the environment

[Nikolaus Rath]

Matthias Klose  writes:
> Am 25.09.2014 um 17:29 schrieb Ian Jackson:
>> (It took me merely a few moments with the source code to prepare the
>> code patch.  But then I had to spend an hour or two wrestling with the
>> patch systems of the packages in squeeze and wheezy.  I would like to
>> take this opportunity to say how much I appreciate the work of the
>> security team, who have to cope on a daily basis with [CoC violation]
>> such as that found in the squeeze and wheezy bash Debian `source'
>> packages.)
>> 
>> Ian.
>
> so maybe as a non-native speaker I am unaware of some joke here, or are you 
> just
> trolling about something fixed for jessie/unstable?

I think the latter. I was actually curious as well and checked. The
wheezy version has custom debian/patches handling where e.g.
debian/patches/series is processed by the C preprocessor. I think that
qualifies at least as exotic :-).

Best,
Nikolaus

-- 
GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

 »Time flies like an arrow, fruit flies like a Banana.«


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8738b8ilk9@vostro.rath.org

Re: bash exorcism experiment ('bug' 762923 & 763012)

[Steve Langasek]

On Tue, Sep 30, 2014 at 06:23:22PM -0700, Russ Allbery wrote:
> Russell Stuart  writes:

> > The only reason I ported things to dash is /bin/sh is now linked to it,
> > which in view makes it the standard shell.  Every script starting with
> > #!/bin/sh must work with.  If I can't get it working because of a
> > missing feature like arrays then I have to change it to #!/bin/bash or
> > something, and add an explicit dependency.

> bash is essential, so from a Debian perspective, you don't need to add an
> extra dependency.  Of course, that's exactly what this thread is about,
> but that's why we're unlikely to ever remove it from the essential set.
> It's a lot of work and archive churn to add all those dependencies, and
> it's not at all clear that we're better off in the end, or at least not
> sufficiently better off to warrant the effort.

However, uses of essential bash can be detected fairly reliably:  just
looking for executable files using /bin/bash as the interpreter should catch
nearly all of them, except for things that need bash at build time, and that
could be addressed by moving bash from Essential to build-essential as a
first step.

So if someone wanted to do the work to analyze use of bash in the archive,
we could at least evaluate how many packages would actually need to be
changed.

I do think it's a bug that we have two implementations of POSIX sh in the
essential set, and if someone was willing to do the work to remove bash, I
would welcome it.

-- 
Steve Langasek   Give me a lever long enough and a Free OS
Debian Developer   to set it on, and I can move the world.
Ubuntu Developerhttp://www.debian.org/
slanga...@ubuntu.com vor...@debian.org


signature.asc
Description: Digital signature

Re: bash exorcism experiment ('bug' 762923 & 763012)

[Russ Allbery]

Russell Stuart  writes:

> The only reason I ported things to dash is /bin/sh is now linked to it,
> which in view makes it the standard shell.  Every script starting with
> #!/bin/sh must work with.  If I can't get it working because of a
> missing feature like arrays then I have to change it to #!/bin/bash or
> something, and add an explicit dependency.

bash is essential, so from a Debian perspective, you don't need to add an
extra dependency.  Of course, that's exactly what this thread is about,
but that's why we're unlikely to ever remove it from the essential set.
It's a lot of work and archive churn to add all those dependencies, and
it's not at all clear that we're better off in the end, or at least not
sufficiently better off to warrant the effort.

Targetted removal of uses of bash where they're not required is, of
course, still useful, and I've been in favor of that going all the way
back to the days of active checkbashisms development and various Lintian
tests.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87lhp0twfp@hope.eyrie.org

Re: bash exorcism experiment ('bug' 762923 & 763012)

[Russell Stuart]

On Tue, 2014-09-30 at 13:08 +0200, Thorsten Glaser wrote:
> You really really should be looking at replacing any
> ash variant with mksh. It’s not that much bigger (at
> least if you add -DMKSH_SMALL to CPPFLAGS and build
> with klibc or dietlibc or so), but much saner.

I am not a fan of any particular variant of *sh.  They are all horrible
computer languages.  Nothing over a couple of lines should be written in
them, as they are idiosyncratic, error prone and basic software
engineering processes (like units tests) difficult.

The only reason I ported things to dash is /bin/sh is now linked to it,
which in view makes it the standard shell.  Every script starting with
#!/bin/sh must work with.  If I can't get it working because of a
missing feature like arrays then I have to change it to #!/bin/bash or
something, and add an explicit dependency.

It's the additional dependency I find irksome.  If I am going to add
one, whether it is to bash, mksh or any other variant doesn't really
matter - they are all equally bad as programming languages.  If I wasn't
so lazy, I'd move them to a real computer language.


signature.asc
Description: This is a digitally signed message part

Bug#763557: ITP: sisu-maven-plugin -- Maven plugin indexing JSR-330 components

[Emmanuel Bourg]

Package: wnpp
Severity: wishlist
Owner: Emmanuel Bourg 

* Package name: sisu-maven-plugin
  Version : 1.1
  Upstream Author : Sonatype
* URL : http://sonatype.github.io/sisu-maven-plugin/
* License : Apache-2.0 and EPL-1.0
  Programming Lang: Java
  Description : Maven plugin indexing JSR-330 components

Sisu is a modular JSR330-based container that supports classpath
scanning, auto-binding, and dynamic auto-wiring.

sisu-maven-plugin indexes the JSR-330 components to be made available to
Maven. It creates an index in META-INF/sisu/javax.inject.Named
enumerating the components. This means that no classpath scanning is
required at runtime to find them, which keeps Maven's startup time fast.


This package is required to update Maven to the latest release.



signature.asc
Description: OpenPGP digital signature

Bug#763554: ITP: aspell-dsb -- Lower Sorbian dictionary for GNU Aspell

[Jan Jeroným Zvánovec]

Package: wnpp
Severity: wishlist
Owner: "Jan Jeroným Zvánovec" 

* Package name: aspell-dsb
  Version : 1.4.8
  Upstream Author : 
* URL : http://dsb-spell.sourceforge.net/dsb/
* License : GPLv2
  Programming Lang: -
  Description : Lower Sorbian dictionary for GNU Aspell

Long description:
This package contains all the required files to add support for the Lower
Sorbian language to the GNU Aspell spell checker. 

-- 
Jan Jeroným Zvánovec, j...@zvano.net
Jabber: janjero...@jabber.cz
OpenPGP: A583 9D8D 64E2 3030 42BE FE33 0EB7 F529 4D58 0B93
-- -- -- -- -- -- -- -- -- -- -- -- -- -- --


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930220652.GA18062@mellivora

Processed: Re: Bug#763520: Including LibreJS add-on as proposed by GNU and Free Software Foundation in later Iceweasel Versions

[Debian Bug Tracking System]

Processing commands for cont...@bugs.debian.org:

> reassign 763520 iceweasel
Bug #763520 [general] Including LibreJS add-on as proposed by GNU and Free 
Software Foundation in later Iceweasel Versions 
Bug reassigned from package 'general' to 'iceweasel'.
Ignoring request to alter found versions of bug #763520 to the same values 
previously set
Ignoring request to alter fixed versions of bug #763520 to the same values 
previously set
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
763520: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763520
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.141211380827482.transcr...@bugs.debian.org

Bug#763520: Including LibreJS add-on as proposed by GNU and Free Software Foundation in later Iceweasel Versions

[Tomasz Nitecki]

Hey,

You are running Debian stable which provides Iceweasel 24 (it will be
treated like Firefox 24 (ESR)). According to GNU LibreJS version history
[1] the last version supported by Iceweasel 23 is 'Version 5.4.1'. You
can download it from gnu.org [2]. I do not have access to any Debian
stable machine at the moment (so I was unable to test it) but [3] should
work.

[1] https://addons.mozilla.org/en-US/firefox/addon/librejs/versions/
[2] ftp://ftp.gnu.org/gnu/librejs/
[3] ftp://ftp.gnu.org/gnu/librejs/librejs-5.4.1.xpi


General pseudo-package [4] is by no means related to iceweasel package,
so I will reassigning your wishlist bug there.

[4] https://www.debian.org/Bugs/pseudo-packages

Thanks for report!


Regards,
T.



signature.asc
Description: OpenPGP digital signature

Bug#763520: Including LibreJS add-on as proposed by GNU and Free Software Foundation in later Iceweasel Versions

[Tomasz Nitecki]

reassign 763520 iceweasel
thanks


Hey,

Lakshmikanth Kammat problem was explained in a previous message.
Attached below is his wishlist request for LibreJS inclusion:

I wish the latest update of Iceweasel to include this add-on, as it can
effectively block execution of any non-free javascript that could
potentially harm a less experienced user. Also a humble request the
Debian team; If possible please work out a permanent solution to this
issue by working along with Free Software Foundation.


Regards,
T.



signature.asc
Description: OpenPGP digital signature

Bug#763548: ITP: sireader -- Python module to communicate with SportIdent main stations

[Gaudenz Steinlin]

Package: wnpp
Severity: wishlist
Owner: Gaudenz Steinlin 

* Package name: sireader
  Version : 1.0.0
  Upstream Author : Gaudenz Steinlin 
* URL : http://bosco.durcheinandertal.ch/
* License : GPLv3
  Programming Lang: Python
  Description : Python module to communicate with SportIdent main stations


 Sireader is a python module to communicate with a SportIdent main station to
 read out SportIdent cards. SportIdent is an electronic punching system mainly
 used for orienteering events.
 .
 Sireader supports two major operation modes. It can be used for complete card 
 readout or in control station mode to send punches from a control. The first 
mode
 is typically used for card readout after the finish line to read the card data 
 into an event software. The second mode is used to get live result from an 
 intermediate control.

I intend to maintain as the primary maintainer as I'm also the upstream author 
but
under the umbrella of the Python modules team.

Gaudenz


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140930204540.22729.49871.reportbug@moebius.durcheinandertal.local

Re: bash without importing shell functions from the environment

[Jonathan Dowland]

On Tue, Sep 30, 2014 at 07:58:38PM +0200, Matthias Klose wrote:
> so maybe as a non-native speaker I am unaware of some joke here, or are you 
> just
> trolling about something fixed for jessie/unstable?

I was curious to see what Ian was complaining about, and what has changed up to
the jessie version. I can see that the rules file is a little bit simpler. I 
guess
that's because you've moved to the 3.0 (quilt) package type? I couldn't find the
changelog entry documenting when you did this.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930201939.GA8221@debian

Bug#763538: ITP: geolinks -- Library for using geospatial links (catalogue interoperablity)

[Johan Van de Wauw]

Package: wnpp
Severity: wishlist
Owner: Johan Van de Wauw 

* Package name: geolinks
  Version : 0.0.1
  Upstream Author : Tom Kralidis 
* URL : https://pypi.python.org/pypi/geolinks
* License : MIT
  Programming Lang: Python
  Description : Library for using geospatial links (catalogue
interoperablity)

This package is a utility library to work with geospatial links.
It is an implementation of the Cat-Interop work described at
http://wiki.osgeo.org/wiki/Cat-Interop

This (very small, just one short script) library is required for python-pycsw,
for which I filed an ITP recently. I will maintain this package in Debian GIS.

http://anonscm.debian.org/cgit/pkg-grass/geolinks.git


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140930184711.3188.21737.report...@debian-usb.fritz.box

Re: bash without importing shell functions from the environment

[Matthias Klose]

Am 25.09.2014 um 17:29 schrieb Ian Jackson:
> (It took me merely a few moments with the source code to prepare the
> code patch.  But then I had to spend an hour or two wrestling with the
> patch systems of the packages in squeeze and wheezy.  I would like to
> take this opportunity to say how much I appreciate the work of the
> security team, who have to cope on a daily basis with [CoC violation]
> such as that found in the squeeze and wheezy bash Debian `source'
> packages.)
> 
> Ian.

so maybe as a non-native speaker I am unaware of some joke here, or are you just
trolling about something fixed for jessie/unstable?

Matthias


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/542aef4e.9000...@debian.org

Bug#763520: Including LibreJS add-on as proposed by GNU and Free Software Foundation in later Iceweasel Versions

[Lakshmikanth Kammath b]

Subject: general: Including LibreJS add-on as proposed by GNU and FSF in later 
Iceweasel Versions 
Package: general
Severity: wishlist

Dear Maintainer,

   * What led up to the situation?

 I tried to install the add-on LibreJS to disable any non-free javascript 
in Iceweasel Internet Browser (Version 24.8.1).

   * What exactly did you do (or not do) that was effective (or ineffective)?

 I visited the website https://www.gnu.org/software/librejs/ and clicked 
the link Install in Mozilla browser

   * What was the outcome of this action?

 The browser downloaded the add-on, but on clicking it to install, the 
browser tells that the LibreJs add-on is incompatible with
 Iceweasel Version 24.8.1.

   * What outcome did you expect instead?

 I wish the latest update of Iceweasel to include this add-on, as it can 
effectively block execution of any non-free javascript that could
 potentially harm a less experienced user. Also a humble request the Debian 
team; If possible please work out a permanent solution to this 

 issue by working along with Free Software Foundation.   



-- System Information:
  Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
  Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=locale: Cannot set 
LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

 
With Regards,

Lakshmikanth Kammath B
Phone: +91- 9400 140 234


-- My computation is powered by
Debian -- The Universal Operating System

Re: [bal...@balintreczey.hu: Accepted xbmc 2:13.2+dfsg1-2~exp0 (source all amd64) into experimental

[Bálint Réczey]

Hi David,

2014-09-30 13:35 GMT+02:00 David Weinehall :
> The latest upload of xbmc seems a bit botched; this is the
> changelog in its entirety:
>
>
>  xbmc (2:13.2+dfsg1-2~exp0) UNRELEASED; urgency=medium
>  .
>*
>
> Now, there is nothing wrong with terse and succinct changelogs,
> but I'd say this is a bit *too* terse, and not at all succinct.
:-)
Thanks for pointing this out. I'll upload a fixed version soon.
Luckily the content of the package content was OK, I just forgot about
the last update to the changelog.

>
> Also, should the builders even accept packages that has an invalid
> distribution specified (in the most recent changelog entry, that is)?
I think rejecting those during upload would be a good idea.

Cheers,
Balint

>
> Filtering out "UNRELEASED" and packages with an empty changelog would
> prevent at least some premature uploads.
>
>
> Kind regards, David Weinehall
> --
>  /) David Weinehall  /) Rime on my window   (\
> //  ~   //  Diamond-white roses of fire //
> \)  http://www.acc.umu.se/~tao/(/   Beautiful hoar-frost   (/
>


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAK0OdpzHzU3vAhHjoXLS-qiz0-SfMwcwMFi5O8HJJxaBgBNE=w...@mail.gmail.com

Re: [bal...@balintreczey.hu: Accepted xbmc 2:13.2+dfsg1-2~exp0 (source all amd64) into experimental

[Jakub Wilk]

* Cyril Brulebois , 2014-09-30, 13:43:

You might be interested in things like this:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542747


I've also filed #763457.

--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930123919.ga2...@jwilk.net

Re: Bug#763450: ITP: python-sysv-ipc -- semaphores, shared memory and message queues

[Thibaut Paumard]

Le 30/09/2014 13:31, Thomas Goirand a écrit :
> Package: wnpp
> Severity: wishlist
> Owner: Thomas Goirand 
> 
> * Package name: python-sysv-ipc
>   Version : 0.6.8
>   Upstream Author : Philip Semanchuk 
> * URL : http://semanchuk.com/philip/sysv_ipc/
> * License : BSD-3-clause
>   Programming Lang: Python
>   Description : semaphores, shared memory and message queues
> 
>  Sysv_ipc gives Python programs access to System V semaphores, shared memory
>  and message queues. Most (all?) Unixes (including OS X) support System V IPC.
> 
> 

Hi, for the record we already have:
https://packages.debian.org/search?keywords=svipc

Kind regards, Thibaut.



signature.asc
Description: OpenPGP digital signature

Bug#763455: ITP: o3dgc -- Open 3D Graphics Compression library

[Rene Engelhard]

Package: wnpp
Severity: wishlist
Owner: Rene Engelhard 

* Package name: o3dgc
  Version : ?
  Upstream Author : Advanced Micro Devices, Inc.
* URL : https://github.com/amd/rest3d/tree/master/server/o3dgc 
* License : MIT
  Programming Lang: C++
  Description : Open 3D Graphics Compression library

Needs to packaged as it's a (build-)dependency of collada2gltf.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930121646.ga4...@rene-engelhard.de

Bug#763453: ITP: rapidjson -- JSON parser and generator for C++

[Rene Engelhard]

Package: wnpp
Severity: wishlist
Owner: Rene Engelhard 

* Package name: rapidjson
  Version : 0.11
  Upstream Author : Milo Yip (milo...@gmail.com)
* URL : https://github.com/miloyip/rapidjson
* License : BSD
  Programming Lang: C++
  Description : JSON parser and generator for C++

Needs to packaged as it's a (build-)dependency of collada2gltf.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930120640.ga19...@rene-engelhard.de

Re: [bal...@balintreczey.hu: Accepted xbmc 2:13.2+dfsg1-2~exp0 (source all amd64) into experimental

[Cyril Brulebois]

David Weinehall  (2014-09-30):
> The latest upload of xbmc seems a bit botched; this is the
> changelog in its entirety:
> 
> 
>  xbmc (2:13.2+dfsg1-2~exp0) UNRELEASED; urgency=medium
>  .
>*
> 
> Now, there is nothing wrong with terse and succinct changelogs,
> but I'd say this is a bit *too* terse, and not at all succinct.
> 
> Also, should the builders even accept packages that has an invalid
> distribution specified (in the most recent changelog entry, that is)?
> 
> Filtering out "UNRELEASED" and packages with an empty changelog would
> prevent at least some premature uploads.

What's in changelog doesn't actually matter; see changes file instead.

You might be interested in things like this:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542747

Mraw,
KiBi.


signature.asc
Description: Digital signature

[bal...@balintreczey.hu: Accepted xbmc 2:13.2+dfsg1-2~exp0 (source all amd64) into experimental

[David Weinehall]

The latest upload of xbmc seems a bit botched; this is the
changelog in its entirety:


 xbmc (2:13.2+dfsg1-2~exp0) UNRELEASED; urgency=medium
 .
   *

Now, there is nothing wrong with terse and succinct changelogs,
but I'd say this is a bit *too* terse, and not at all succinct.

Also, should the builders even accept packages that has an invalid
distribution specified (in the most recent changelog entry, that is)?

Filtering out "UNRELEASED" and packages with an empty changelog would
prevent at least some premature uploads.


Kind regards, David Weinehall
-- 
 /) David Weinehall  /) Rime on my window   (\
//  ~   //  Diamond-white roses of fire //
\)  http://www.acc.umu.se/~tao/(/   Beautiful hoar-frost   (/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930113553.ga8...@hirohito.acc.umu.se

Bug#763450: ITP: python-sysv-ipc -- semaphores, shared memory and message queues

[Thomas Goirand]

Package: wnpp
Severity: wishlist
Owner: Thomas Goirand 

* Package name: python-sysv-ipc
  Version : 0.6.8
  Upstream Author : Philip Semanchuk 
* URL : http://semanchuk.com/philip/sysv_ipc/
* License : BSD-3-clause
  Programming Lang: Python
  Description : semaphores, shared memory and message queues

 Sysv_ipc gives Python programs access to System V semaphores, shared memory
 and message queues. Most (all?) Unixes (including OS X) support System V IPC.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140930113103.29230.59717.report...@buzig.gplhost.com

Bug#763445: ITP: collada2gltf -- COLLADA to glTF converter

[Rene Engelhard]

Package: wnpp
Severity: wishlist
Owner: Rene Engelhard 

* Package name: collada2gltf
  Version : 20140923
  Upstream Author : KhronosGroup / Motorola Mobility, Inc.
sGroup
* URL : 
https://github.com/KhronosGroup/glTF/tree/master/converter/COLLADA2GLTF
* License : BSD
  Programming Lang: C++
  Description : COLLADA to glTF converter

Will be packaged as 
 - libcollada2glzfconvert-dev (ships the staic-only(!) library)
 - collada2gltf (cmmand line utitily, if I get it built)

Needed for LO (actually already since 4.3.0 but thankfully there's
--disable-collada since 4.3.1...)

Regards,

Rene


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930110749.ga30...@rene-engelhard.de

Re: bash exorcism experiment ('bug' 762923 & 763012)

[Thorsten Glaser]

On Sun, 28 Sep 2014, Russell Stuart wrote:

>   - pipefail,

mksh has “set -o pipefail” and the PIPESTATUS array.

>   - local variables, 

mksh has them, of course. ksh93 only has them in
functions declared with the “function” keyword,
and lacks a default “alias local=typeset” to make
it useful.

Note that Debian Policy §10.4 prescribes local
support for /bin/sh.

>   - array variables.

Sure, in all other shells.

> If dash had those features conversion could almost be mechanical.

You really really should be looking at replacing any
ash variant with mksh. It’s not that much bigger (at
least if you add -DMKSH_SMALL to CPPFLAGS and build
with klibc or dietlibc or so), but much saner.

bye,
//mirabilos
-- 
 Du hast Recht.
 Du hast Recht!


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/alpine.deb.2.11.1409301305070.20...@tglase.lan.tarent.de

Re: Bug#762839: bash without importing shell functions from the environment

[Henrique de Moraes Holschuh]

On Tue, 30 Sep 2014, Thorsten Glaser wrote:
> On Fri, 26 Sep 2014, Matthias Urlichs wrote:
> > In any case, adding "-p" to any #!/bin/bash shebang line looks like a very
> > good idea. Shall we add a Lintian check for this?
> 
> ***ABSOLUTELY NOT***
> 
> The -p option is for the shell to *not* drop privileges when
> called setuid.

Agreed.  Better to come up with a new command line flag.  And this needs to
be done upstream in the first place.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930104334.ga10...@khazad-dum.debian.net

Re: Bug#762839: bash without importing shell functions from the environment

[Matthias Urlichs]

Hi,

Thorsten Glaser:
> On Fri, 26 Sep 2014, Matthias Urlichs wrote:
> 
> > In any case, adding "-p" to any #!/bin/bash shebang line looks like a very
> > good idea. Shall we add a Lintian check for this?
> 
> ***ABSOLUTELY NOT***
> 
> The -p option is for the shell to *not* drop privileges when
> called setuid.

Yes, it does that. It _also_ does all the other sanity-preserving things a
shell started in an insecure environment should do.

IMHO, code which calls a shell script with euid != ruid is buggy anyway,
because it _cannot_ depend on the shell to pro-actively fix that omission.
Any other program which happens to not be a #!/bin/bash shell script,
started the same way, will not reset its euid either. I don't expect any
other shell to care; the dash(1) manpage implies that it does not, for
instance.

Therefore I do not think that adding this flag would create any new
security problems.

Feel free to find a real-world counterexample.

-- 
-- Matthias Urlichs


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930095719.ge7...@smurf.noris.de

Re: Bug#762839: bash without importing shell functions from the environment

[Thorsten Glaser]

On Fri, 26 Sep 2014, Matthias Urlichs wrote:

> In any case, adding "-p" to any #!/bin/bash shebang line looks like a very
> good idea. Shall we add a Lintian check for this?

***ABSOLUTELY NOT***

The -p option is for the shell to *not* drop privileges when
called setuid.

bye,
//mirabilos
-- 
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font.   -- Rob Pike in "Notes on Programming in C"


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/alpine.deb.2.11.1409301056180.20...@tglase.lan.tarent.de

Bug#763424: ITP: libsixel -- DEC SIXEL graphics codec implementation

[NOKUBI Takatsugu]

Package: wnpp
Severity: wishlist
Owner: NOKUBI Takatsugu 

* Package name: libsixel
  Version : 1.1.2
  Upstream Author : Hayaki Saito
* URL : https://github.com/saitoha/libsixel
* License : MIT
  Programming Lang: C, C++
  Description : DEC SIXEL graphics codec implementation

  SIXEL is one of image formats for printer and terminal imaging
  introduced by Digital Equipment Corp. (DEC). Its data scheme is
  represented as a terminal-friendly escape sequence.
  So if you want to view a SIXEL image file, all you have to do
  is "cat" it to your terminal.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140930073644.10399.21617.reportbug@putia