Debian Bug report logs - #415567
findutils: Regexps not handled correctly in PRUNEPATHS

version graph

Package: findutils; Maintainer for findutils is Andreas Metzler <ametzler@debian.org>; Source for findutils is src:findutils.

Reported by: István Váradi <ivaradi@gmail.com>

Date: Tue, 20 Mar 2007 12:18:05 UTC

Severity: normal

Tags: confirmed

Found in version findutils/4.2.28-1

Forwarded to http://savannah.gnu.org/bugs/?19374

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Andreas Metzler <ametzler@debian.org>:
Bug#415567; Package findutils. Full text and rfc822 format available.

Acknowledgement sent to István Váradi <ivaradi@gmail.com>:
New Bug report received and forwarded. Copy sent to Andreas Metzler <ametzler@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: István Váradi <ivaradi@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: findutils: Regexps not handled correctly in PRUNEPATHS
Date: Tue, 20 Mar 2007 13:07:30 +0100
Package: findutils
Version: 4.2.28-1
Severity: normal

The updatedb script uses the PRUNEPATHS environment variable without
quoting it. This causes some problems when putting regular expressions
into the value of this variable. For example, if I use an asterisk (*)
in a path, it will be expanded by the shell before using it as a regular
expression. Thus, .*/lost+found becomes ../lost+found (and possibly others,
depending on how many files or directories, whose names start with a dot 
I have in the working directory).

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17
Locale: LANG=C, LC_CTYPE=hu_HU (charmap=ISO-8859-2)

Versions of packages findutils depends on:
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries

findutils recommends no packages.

-- no debconf information



Tags added: confirmed Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. (Tue, 20 Mar 2007 19:06:02 GMT) Full text and rfc822 format available.

Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. Full text and rfc822 format available.

Message #10 received at 415567-submitter@bugs.debian.org (full text, mbox):

From: Andreas Metzler <INVALID.NOREPLY@gnu.org>
To: Andreas Metzler <gnu@downhill.at.eu.org>, 415567-submitter@bugs.debian.org, bug-findutils@gnu.org
Subject: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Wed, 21 Mar 2007 18:21:48 +0000
URL:
  <http://savannah.gnu.org/bugs/?19374>

                 Summary: Insufficient quoting of PRUNEPATHS in updatedb
                 Project: findutils
            Submitted by: ametzler
            Submitted on: Mittwoch 21.03.2007 um 19:21
                Category: updatedb
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: István Váradi
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.2.28
           Fixed Release: None

    _______________________________________________________

Details:

This is http://bugs.debian.org/415567

István Váradi writes: -----------------------
The updatedb script uses the PRUNEPATHS environment variable without quoting
it. This causes some problems when putting regular expressions into the value
of this variable. For example, if I use an asterisk (*) in a path, it will be
expanded by the shell before using it as a regular expression. Thus,
.*/lost+found becomes ../lost+found (and possibly others, depending on how
many files or directories, whose names start with a dot I have in the working
directory).
---------------------------------------------

Afaict the fix should be trivial:

- for p in $PRUNEPATHS; do
+ for p in "$PRUNEPATHS"; do
[...]
-  PRUNEREGEX=`echo $PRUNEPATHS|sed -e 's,^,\\\(^,' -e 's, ,$\\\)\\\|\\\(^,g'
-e 's,$,$\\\),'`
+   PRUNEREGEX=`echo "$PRUNEPATHS"|sed -e 's,^,\\\(^,' -e 's,
,$\\\)\\\|\\\(^,g' -e 's,$,$\\\),'`

thanks, cu andreas




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/




Noted your statement that Bug has been forwarded to http://savannah.gnu.org/bugs/?19374. Request was from Andreas Metzler <ametzler@debian.org> to control@bugs.debian.org. (Wed, 21 Mar 2007 19:12:07 GMT) Full text and rfc822 format available.

Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. (Tue, 27 Jan 2009 12:24:04 GMT) Full text and rfc822 format available.

Message #15 received at 415567-submitter@bugs.debian.org (full text, mbox):

From: anonymous <INVALID.NOREPLY@gnu.org>
To: 415567-submitter@bugs.debian.org, bug-findutils@gnu.org
Subject: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Tue, 27 Jan 2009 12:21:58 +0000
Follow-up Comment #1, bug #19374 (project findutils):

I second this ticket. Trying to prune directories based on regular
expressions doesn't work. For example:

updatedb --findoptions='-mount' --localpaths='/cygdrive/c'
--prunepaths='.*/.svn'

The asterisk in '.*/.svn' is shell-expanded by the line where pruned paths
are converted to regular expressions. If $PRUNEPATH in this line is placed in
double quotes works.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. (Mon, 09 Feb 2009 09:24:11 GMT) Full text and rfc822 format available.

Message #18 received at 415567-submitter@bugs.debian.org (full text, mbox):

From: anonymous <INVALID.NOREPLY@gnu.org>
To: 415567-submitter@bugs.debian.org, bug-findutils@gnu.org
Subject: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Mon, 09 Feb 2009 09:22:18 +0000
Follow-up Comment #2, bug #19374 (project findutils):

Here is a patch:

--- updatedb.org        2009-01-27 13:29:28.575086300 +0100
+++ updatedb    2009-02-09 10:19:41.132505500 +0100
@@ -163,7 +163,7 @@
 # Trailing slashes result in regex items that are never matched, which
 # is not what the user will expect.   Therefore we now reject such
 # constructs.
-for p in $PRUNEPATHS; do
+for p in "$PRUNEPATHS"; do
     case "$p" in
        /*/)   echo "$0: $p: pruned paths should not contain trailing
slashes" >&2
               exit 1
@@ -172,7 +172,7 @@
 
 # The same, in the form of a regex that find can use.
 test -z "$PRUNEREGEX" &&
-  PRUNEREGEX=`echo $PRUNEPATHS|sed -e 's,^,\(^,' -e 's, ,$\)\|\(^,g' -e
's,$,$\),'`
+  PRUNEREGEX=`echo "$PRUNEPATHS"|sed -e 's,^,\(^,' -e 's, ,$\)\|\(^,g' -e
's,$,$\),'`
 
 # The database file to build.
 : ${LOCATE_DB=/var/locatedb}


    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





Information forwarded to debian-bugs-dist@lists.debian.org, Andreas Metzler <ametzler@debian.org>:
Bug#415567; Package findutils. (Sat, 21 Feb 2009 22:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to James Youngman <jay@gnu.org>:
Extra info received and forwarded to list. Copy sent to Andreas Metzler <ametzler@debian.org>. (Sat, 21 Feb 2009 22:48:02 GMT) Full text and rfc822 format available.

Message #23 received at 415567@bugs.debian.org (full text, mbox):

From: James Youngman <jay@gnu.org>
To: 415567@bugs.debian.org
Cc: 415567-submitter@bugs.debian.org, bug-findutils@gnu.org
Subject: Re: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Sat, 21 Feb 2009 22:42:52 +0000
On Mon, Feb 9, 2009 at 9:22 AM, anonymous <INVALID.NOREPLY@gnu.org> wrote:
>
> Follow-up Comment #2, bug #19374 (project findutils):
>
> Here is a patch:
>
> --- updatedb.org        2009-01-27 13:29:28.575086300 +0100
> +++ updatedb    2009-02-09 10:19:41.132505500 +0100
> @@ -163,7 +163,7 @@
>  # Trailing slashes result in regex items that are never matched, which
>  # is not what the user will expect.   Therefore we now reject such
>  # constructs.
> -for p in $PRUNEPATHS; do
> +for p in "$PRUNEPATHS"; do
>     case "$p" in
>        /*/)   echo "$0: $p: pruned paths should not contain trailing
> slashes" >&2
>               exit 1
> @@ -172,7 +172,7 @@
>
>  # The same, in the form of a regex that find can use.
>  test -z "$PRUNEREGEX" &&
> -  PRUNEREGEX=`echo $PRUNEPATHS|sed -e 's,^,\(^,' -e 's, ,$\)\|\(^,g' -e
> 's,$,$\),'`
> +  PRUNEREGEX=`echo "$PRUNEPATHS"|sed -e 's,^,\(^,' -e 's, ,$\)\|\(^,g' -e
> 's,$,$\),'`

This looks like a useful patch, would you please mail it to
bug-findutils@gnu.org and findutils-patches@gnu.org as a git patch
against the current source tree (see
https://savannah.gnu.org/git/?group=findutils) and with updates to the
ChangeLog and NEWS files?

Thanks,
James.




Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. (Sat, 21 Feb 2009 22:48:07 GMT) Full text and rfc822 format available.

Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. (Sun, 11 Apr 2010 12:42:52 GMT) Full text and rfc822 format available.

Message #29 received at 415567-submitter@bugs.debian.org (full text, mbox):

From: James Youngman <INVALID.NOREPLY@gnu.org>
To: 415567-submitter@bugs.debian.org, James Youngman <jay@gnu.org>, bug-findutils@gnu.org
Subject: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Sun, 11 Apr 2010 11:56:39 +0000
Update of bug #19374 (project findutils):

                  Status:                    None => Postponed              

    _______________________________________________________

Follow-up Comment #3:

updatedb would probably be best rewritten.   I'm going to mark the
updatedb-related bus as "Postponed" in order to consider them all in a batch,
when I get around to the rewrite.

(Leslie P. Polzer did start on a rewrite some time back as part of the Summer
of Code but there are some updatedb-related issues his changes don't resolve
yet, I think)

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





Message sent on to István Váradi <ivaradi@gmail.com>:
Bug#415567. (Wed, 14 Jul 2010 20:36:03 GMT) Full text and rfc822 format available.

Message #32 received at 415567-submitter@bugs.debian.org (full text, mbox):

From: anonymous <INVALID.NOREPLY@gnu.org>
To: 415567-submitter@bugs.debian.org, James Youngman <jay@gnu.org>, bug-findutils@gnu.org
Subject: [bug #19374] Insufficient quoting of PRUNEPATHS in updatedb
Date: Wed, 14 Jul 2010 20:11:51 +0000
Follow-up Comment #4, bug #19374 (project findutils):

Patches don't work for me when using the command-line option --prunepath as
the asterisks are expanded in the "for arg" access of the implicit $@.  As a
workaround, wrapping my pattern with ( and ) works, like updatedb
--prunepaths='(.*/.svn)'

Patches do work when setting the PRUNEPATH environment variable.

    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:31:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.