Re: [PATCH] Fix link error on GNU/Hurd.
On 5/9/25 1:29 AM, Collin Funk wrote: Hi Chet, Building bash from the devel branch fails the link on GNU/Hurd. Here is the error: Thanks for the report. I'm interested in why you're not using ncurses. Is it just not installed on your build system? Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/ OpenPGP_signature.asc Description: OpenPGP digital signature
Re: SourceAv in xparse_dolparen when trying to compare with rvalue
On 5/13/25 7:14 PM, Александр Ушаков wrote: Dear Bash maintainers, I recently reported a NULL-pointer dereference issues (leading to a segmentation fault) in Bash 5.2. Thank you for confirming the bug and worked on a fix. Could you clarify whether a CVE will be assigned for this vulnerability? If so, would you like me to request one through MITRE or another CNA, or will the Bash team handle the CVE assignment? This does not require a CVE assignment. For reference, I believe this qualifies for a CVE because: * It is a reproducible crash (DoS) in a security-sensitive component (command interpreter). If we follow this logic, every bug that crashes bash, even with fuzzing input like this one, requires a CVE, even if there's no privilege escalation. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/ OpenPGP_signature.asc Description: OpenPGP digital signature
What is the status of bash-5.3?
At the linuxfromscratch project, we document for users how to build a relatively complete Linux system from source code. When we do this we consider bash to be one of the most important packages in the system. https://www.linuxfromscratch.org/lfs/view/stable/ Our policy is to use the most recent "stable" versions of applications (that is, no release candidates or git clones) when at all possible. Right now we are using bash-5.2.37. Recently gcc-15.1 was released and we would like to update our system to that, but bash-5.2.37 does not build with that version of gcc. We have looked at bash-5.3-rc1 which was released om April 8th and that does build with gcc-15. Can you give us an idea when the stable bash-5.3 will be released? Thanks. -- Bruce Dubbs linuxfromscratch.org
Re: [PATCH] Fix link error on GNU/Hurd.
Hi Chet, Chet Ramey writes: > Thanks for the report. I'm interested in why you're not using ncurses. Is > it just not installed on your build system? I occasionally test Gnulib in a Hurd VM (fresh each time since my image doesn't like to reboot, unfortunately). I had assumed that libncurses-dev was installed as a transitive dependency, but I guess not. After running 'apt install libncurses-dev', I can confirm that bash builds on the devel branch. Thanks! Collin
Re: Cross-Compile - Makefile - Install-strip
On 5/12/25 5:02 PM, NR wrote:
"STRIP" is currently hard-set to "strip", which fails for
cross-compiled binaries.
There's no builtin autoconf macro for strip. I suppose I could add one
using AC_CHECK_TOOL.
```
install-strip:
$(MAKE) $(MFLAGS) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s
--strip-program=${MINE_CROSS_COMPILE}strip' \
prefix=${prefix} exec_prefix=${exec_prefix} \
DESTDIR=$(DESTDIR) install
$ install -s --strip-program=strip bash /tmp
install: illegal option -- -
```
Examples of implementations that allow a custom "strip" program to be
used can be found in coreutils and make:
```
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)"
INSTALL_STRIP_FLAG=-s \
install;
These just use the included `install-sh'.
```
During a build setting 'INSTALL_STRIP_PROGRAM="install -s
--strip-program=-strip"', allows the install with strip to
succeed.
This is obviously not portable, but could work in some environments.
It'd be nice if this implementation could be standardized under the
GNU umbrella.
I'll see what I can do before bash-5.3 comes out.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
Re: Brace expansion change on devel
On 5/10/25 11:18 AM, Sam James wrote:
Hi,
Since the following commit on devel
commit c3ca11424d2ae66cafa2f931b008dfb728e209a5
Author: Chet Ramey
Date: Wed Feb 12 11:18:16 2025 -0500
fix issue with redirections to bash input file descriptor; new minimal
chmod builtin; posix mode change for kill builtin return status; perform
additional validation on brace expansion sequence expressions
The rationale for this change is to identify brace expansions that contain
multiple expressions, some valid and some not. The examples added to the
tests show what I mean:
echo {{1,2,3}..{7,8,9}}
Here the sequence expansion is invalid and shouldn't be evaluated as such,
but the rest of the brace expansion is valid and should produce
{1..7} {1..8} {1..9} {2..7} {2..8} {2..9} {3..7} {3..8} {3..9}
Bash versions through bash-5.2 produced
1..7 1..8 1..9 2..7 2..8 2..9 3..7 3..8 3..9
So the additional validation on sequence expressions means that they have
to follow the documented rules for those expansions, which was a little
lax before the change.
the following behaves differently:
$ echo {a,../a.cfg}
{a,../a.cfg} # with devel
The problem here is that additional validation: the code always treated
the `../a.cfg' as a potential sequence expression, but left it alone and
just expanded the comma if it didn't qualify as valid. After the change,
it still tries to treat that as a potential sequence expression, but now
marks it as invalid, so the entire brace expansion fails.
We can fix this particular issue by noting the comma and treating it as
the separator, and not trying to treat the ../a.cfg as a sequence
expression and validate it. This forces the comma to have higher
precedence, which I think is the right thing and is still backwards
compatible even with the additional validation.
Does this constitute a valid sequence expression? The documentation
implies that even if not, an unquoted comma may be fine.
I think it is not.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRUc...@case.eduhttp://tiswww.cwru.edu/~chet/
OpenPGP_signature.asc
Description: OpenPGP digital signature
