Stephan Monecke | 15 Oct 11:36 2014
Picon

No colors in directory listings


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey together,

I hope I'm right here with a question because I found no other place to
set it.

- --> Since some time, there is no color anymore (just gray) in the
output of `ls` (even though they are set in .dircolors) and there used
to be some.

I have no idea what caused this change but I spend several hours now on
finding it out. Do you have any ideas?

I'm using termite ("TERM xterm-termite" added to .dircolors) on arch.

Thanks in advance!
Stephan
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJUPkAdAAoJEBDkK1GRK4Dn3fwP/iRHgmp/jW/8DE3BUPxqWlnK
u09UmdAEXpzs7uG66mdOltxeuTfNvIx6HyeSIKWk9IDAZY7Kn0ocVoCT8Ga2Vtue
EoGF5ueE4ItACAL7eeFUg4dObBrQMWQZ0yGdkQOzyibKKq2/ILRjF9Ira3X60PAe
qCJd2k2AgfJ8ZqHC20CFG6EpfomZ8tKog6323dgH9vbHamjMXgaEo6rxE/2YOPCE
SEqfb4XXzn40hmSDeepdo4rIHSFf0CAHiFbMNh4Fyxwz5k9OH4ihqR1K7pgDK09N
xyuqSmB9zGl1yEfMKBiPpKS4caDKxspIYfLRx0dy4C3VqVldP/MS/vlrRAoKzMU6
DjgSzyNj4Gc+BeYzNtRc5Y6bJlHe8MCST6tS6Bz9Z3UaDyizKhIqVICmjwvxB93l
(Continue reading)

David Carlos Manuelda | 10 Oct 14:42 2014
Picon

gpg-agent problem with global variable

I am trying to set GPG_AGENT_INFO as a global variable which is already
defined by (I guess gnome-keyring)

I have an script which only executes once in my xfce-session, like:

set -xU GPG_AGENT_INFO (gpg-agent -v --daemon | egrep -o
"=(.*);[[:space:]]" | sed -e 's/=//' | sed -e 's/;//')

and also even tried

set -xg GPG_AGENT_INFO (gpg-agent -v --daemon | egrep -o
"=(.*);[[:space:]]" | sed -e 's/=//' | sed -e 's/;//')

But does not matter, everytime I open a new fish session, I get
something like:

echo $GPG_AGENT_INFO
/run/user/1001/keyring/gpg 0 1

instead of something like
/tmp/gpg-1JaGYx/S.gpg-agent:2333:1

I really need a way for fish to export correctly that variable across
all fish sessions, any suggestion?

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
(Continue reading)

Andrew Schulman | 10 Oct 04:33 2014
Picon

"set_color: Could not set up terminal" in non-interactive use

I have fish (2.1.1) set as my default login shell now on my Ubuntu (14.04.1) host.
Mostly it works fine, but when I ssh into the host to run a command, so fish runs
non-interactively, I get a bunch of errors:

andrex <at> helium ~> ssh helium w
set_color: Could not set up terminal
set_color: Could not set up terminal
set_color: Could not set up terminal
set_color: Could not set up terminal
set_color: Could not set up terminal
set_color: Could not set up terminal
sed: -e expression #1, char 1: unknown command: `-'
 22:27:09 up 15:53,  5 users,  load average: 1.26, 1.96, 1.50
...

Requesting a TTY makes the errors go away:

andrex <at> helium ~> ssh -t helium w
 22:27:52 up 15:54,  6 users,  load average: 1.57, 1.96, 1.52
...

But that sometimes has undesirable side effects, and it doesn't fix the problem in
other non-interactive cases.  For example, I get the same set of errors when root
runs

/bin/su -c 'run-parts --report /home/andrex/.cron.hourly 2>&1' andrex

and in that case there's no easy way to ask for a TTY.

Does anyone know what causes this problem, or how to fix it?  Anyone else even seen
(Continue reading)

Greg Reagle | 9 Oct 19:10 2014

why builtins?

I was reading an article about fish at
http://arstechnica.com/information-technology/2005/12/linux-20051218/2/
which has:

Most other Unix shells include built-in implementations of common
commands like echo, kill, printf, pwd, time, and test. These internal
implementations are usually slightly incompatible with the standard
Unix tools they replace, making portability an even bigger hurdle.
Making more and more commands a part of the shell also has stability
implications, since a bug in the implementation of a command risks to
crash the entire shell instead of only crashing a separate process.

Also http://fishshell.com/docs/current/index.html has:

To avoid code duplication, and to avoid the confusion of subtly
differing versions of the same command, fish generally only implements
builtins for actions which cannot be performed by a regular command.

However:
$ type echo printf pwd test
echo is a builtin
printf is a builtin
pwd is a builtin
test is a builtin

I wonder why these commands were made built-in.

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
(Continue reading)

David Adam | 8 Oct 05:49 2014
Picon
Picon
Picon

Re: Using emacs as a $PAGER

On Tue, 7 Oct 2014, Greg Reagle wrote:
> psub makes a regular file (not a named pipe), with or without the -f
> option.  Is that a bug?  It doesn't cause any problem for me in this
> use case.

See https://github.com/fish-shell/fish-shell/issues/1040 - the `-f` flag 
is known to be a noop, but actually fixing that exposes a much nastier 
bug. 

David Adam
zanchey@...

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
glphvgacs | 4 Oct 22:05 2014
Picon

Re: need help explaining vimperator

On Oct 04  12:11 -0700, Booker Bense wrote:
> On Sat, Oct 4, 2014 at 7:22 AM, glphvgacs <darwinskernel@...> wrote:
> 
> > hello,
> > i would appreciate if someone could help with articulating this feature
> > request:
> >
> > https://github.com/fish-shell/fish-shell/issues/1465
> >
> > in a nutshell it's to have UI features of vimperator in a shell (fish in
> > this case).
> > <your summary of it goes here and/or on the ticket's page>
> Do you mean something like xiki?
> 
> http://xiki.org

from authors presentations, No. that looks more like blending GUI with
shell...  and some new ideas of its own.
what i'm trying to explain here is, in abstracts, to make a mapping from
some features of vimperator into fish, like:
categorisation of results and/or prioritization of those categories based
on user's preference (i.e. make it configurable) when fish does
auto-suggestion.

for example, bookmarks are one category in what vimperator offers in its
suggestions (visited-pages, aka 'Hisotry' is another). now one can think of
bookmarks, in the context shell, as paths that user has cd'ed into in the
past and so on and so forth.

to put it in another words, there is more granularity in today's browsers'
(Continue reading)

glphvgacs | 4 Oct 16:22 2014
Picon

need help explaining vimperator

hello,
i would appreciate if someone could help with articulating this feature
request:

https://github.com/fish-shell/fish-shell/issues/1465

in a nutshell it's to have UI features of vimperator in a shell (fish in
this case).
<your summary of it goes here and/or on the ticket's page>

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
Andrew Schulman | 2 Oct 20:32 2014
Picon

testing regular expressions

Hi. New fish user, and first post here.

What's the recommended way to do regular expression testing and matching in
fish?  The test function doesn't support regexes.  I could use expr, for
example:

  if expr $var : 'a(.)b(.)'
  then
    # do something with the match
  end

but that's awkward, because expr will only output the result of one match,
it sends the result to stdout, and the exit status isn't necessarily 0 on
success - it depends on the regex.

What I'd like is to have is a function or operator whose exit status tells
me whether the regex matched, and that returns an array of the matched
results from ()... kind of like how (sorry) bash does it.

Any suggestions?

Thanks,
Andrew.

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
(Continue reading)

Peter Monks | 30 Sep 02:39 2014
Picon

Weird behaviour in history fn?

G'day,

I'm seeing some strange behaviour in the history function with fish v2.1.1 (installed via homebrew on Mac OSX 10.9.5).  Specifically:

pmonks <at> pindari ~$ fish --version
fish, version 2.1.1
pmonks <at> pindari ~$ history --search --contains "foo"
fish: Could not expand string '$argv[$i]'
/usr/local/Cellar/fish/2.1.1/share/fish/functions/history.fish (line 17):             switch $argv[$i]
                                                                                             ^
in function 'history',
called on standard input,
with parameter list '--search --contains foo'

pmonks <at> pindari ~$ 

I took a look at the code in question, but couldn't see anything obviously wrong with it, not that that's saying much given I'm a fish n00b.  Any idea what I'm doing wrong, or where to look next to troubleshoot?

Thanks in advance!
Peter

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fish-users mailing list
Fish-users@...
https://lists.sourceforge.net/lists/listinfo/fish-users
David Adam | 26 Sep 15:28 2014
Picon
Picon
Picon

fish shell 2.1.1 released


Hi all,

It's been some months, but I am pleased to announce the release of fish 
shell 2.1.1.

This is a security release, and fixes a number of local privilege escalation 
and one remote code execution problem. I strongly encourage all users to 
upgrade ASAP.

New source and binary packages will shortly be available from
http://fishshell.com/ - it takes a little time to build packages for all
platforms so check back in the next day or two if your platform is not
available.

The SHA-1 checksum for fish-2.1.1.tar.gz is
8f97f39b92ea7dfef1f464b18e304045bf37546d.

Importantly, you should stop all running instances of `fishd` once the 
update is installed - packages published on fishshell.com will do this for 
you, but if you are building from source you need to do this manually (e.g.  
with `pkill fishd` or `killall fishd`). It will automatically be restarted, 
but is required to avoid losing universal variables.

If you are using a platform that sets `$XDG_RUNTIME_DIR`, you should restart 
all running fish instances as well. Fedora 20 is one such distribution; 
`echo $XDG_RUNTIME_DIR` at a fish prompt should show you if yours does.

If you are packaging this software for a distribution, I ask that you 
include a postinstallation script that does this for your users.

The full details of the security problems are as follows:

CVE-2014-2905: fish universal variable socket vulnerable to permission 
bypass leading to privilege escalation

  fish, from at least version 1.16.0 to version 2.1.0 (inclusive), does not
  check the credentials of processes communicating over the fishd universal
  variable server UNIX domain socket. This allows a local attacker to 
  elevate their privileges to those of a target user running fish, including 
  root.

  fish version 2.1.1 is not vulnerable.

  No workaround is currently available for earlier versions of fish.

  https://github.com/fish-shell/fish-shell/issues/1436

CVE-2014-2906 and CVE-2014-3856: fish temporary file creation vulnerable to 
race condition leading to privilege escalation

  fish, from at least version 1.16.0 to version 2.1.0 (inclusive), creates
  temporary files in an insecure manner.

  Versions 1.23.0 to 2.1.0 (inclusive) execute code via `funced` from these
  temporary files, allowing privilege escalation to those of any user 
  running fish, including root. (CVE-2014-3856)

  Additionally, from at least version 1.16.0 to version 2.1.0 (inclusive),
  fish will read data using the psub function from these temporary files,
  meaning that the input of commands used with the psub function is under 
  the control of the attacker. (CVE-2014-2906)

  fish version 2.1.1 is not vulnerable.

  No workaround is currently available for earlier versions of fish.

  https://github.com/fish-shell/fish-shell/issues/1437

CVE-2014-2914: fish web interface does not restrict access leading to remote
code execution

  fish, from version 2.0.0 to version 2.1.0 (inclusive), fails to restrict
  connections to the Web-based configuration service (fish_config). This
  allows remote attackers to execute arbitrary code in the context of the 
  user running fish_config.

  The service is generally only running for short periods of time.

  fish version 2.1.1 is not vulnerable.

  No workaround is currently available for earlier versions of fish, 
  although the use of the fish_config tool is optional as other interfaces 
  to fish configuration are available.

  https://github.com/fish-shell/fish-shell/issues/1438

CVE-2014-3219: fish temporary file access leading to privilege escalation

  fish, from at least version 1.16.0 to version 2.1.0 (inclusive), uses
  temporary files in an insecure manner.

  fish will read and write completions from these temporary files without
  checking for ownership or symbolic links, allowing data corruption.

  fish version 2.1.1 is not vulnerable.

  No workaround is currently available for earlier versions of fish.

  https://github.com/fish-shell/fish-shell/issues/1440

David Adam
fish committer
zanchey@...
Robert L Carpenter | 22 Sep 20:46 2014

OSX: build from source, stuck on an old version of fish (FISH_BULID_VERSION=1.3.1-2515-ge689a38)

This has happened to me for a while now and I'm not sure how to debug it. After I do configure, make, and make install, I kill all my terminal windows, open a new one and expect to get the latest fish shell.

I pulled the latest today and noticed that make instructs me to use a make that is shipped with xcode instead of the version that my env directs me to by default. I swapped out that command and found no difference. After updating the code, recompiling, and reinstalling, fish identifies as 1.23.1.

Here is a snippet of my terminal history. My prompt is a variation that includes the git current sha as well as the current datetime for situations such as these. I've deliberately tried to do a clean build and noticed while looking over the output that FISH_BUILD_VERSION isn't the current stuff.

What am I missing and how do I get the latest stuff? 

Thanks, 
Robert

Snippet:


robert <at> DEM-6 ~/D/i/fish-shell> autoconf

!mastere689a386 Sep-22 12:35:06
robert <at> DEM-6 ~/D/i/fish-shell> ./configure
## snip ##
fish is now configured.
Use 'make' and 'make install' to build and install fish.

!mastere689a386 Sep-22 12:35:15
robert <at> DEM-6 ~/D/i/fish-shell> echo $status
0

!mastere689a386 Sep-22 12:35:23
robert <at> DEM-6 ~/D/i/fish-shell> make clean
rm -f *.o doc.h doc.tmp doc_src/*.doxygen doc_src/*.cpp doc_src/*.o doc_src/commands.hdr
rm -f tests/tmp.err tests/tmp.out tests/tmp.status tests/foo.txt
rm -f fish mimedb fish_indent fish_tests key_reader
rm -f command_list.txt command_list_toc.txt toc.txt
rm -f doc_src/index.hdr doc_src/commands.hdr
rm -f lexicon_filter lexicon.txt lexicon.log
rm -f FISH-BUILD-VERSION-FILE
if test "0" = 1; then \
rm -rf doc user_doc share/man; \
fi
rm -f po/de.gmo po/en.gmo po/fr.gmo po/pt_BR.gmo po/sv.gmo

!mastere689a386 Sep-22 12:35:29
robert <at> DEM-6 ~/D/i/fish-shell> make
FISH_BUILD_VERSION = 1.23.1-2515-ge689a38
## snip ##
fish has now been built.
Use '/Applications/Xcode.app/Contents/Developer/usr/bin/make install' to install fish.

!mastere689a386 Sep-22 12:36:09
robert <at> DEM-6 ~/D/i/fish-shell> which make
/usr/bin/make

!mastere689a386 Sep-22 12:36:23
robert <at> DEM-6 ~/D/i/fish-shell> ls -la (which make)
-rwxr-xr-x  1 root  wheel  14224 Oct 31  2013 /usr/bin/make

!mastere689a386 Sep-22 12:36:29
robert <at> DEM-6 ~/D/i/fish-shell> sudo make install
Password:
fish is now installed on your system.
To run fish, type 'fish' in your terminal.

To use fish as your login shell:
* use the command 'chsh -s /usr/local/bin/fish'.

To set your colors, run 'fish_config'
To scan your man pages for completions, run 'fish_update_completions'
To autocomplete command suggestions press Ctrl + F or right arrow key.

Have fun!

!mastere689a386 Sep-22 12:36:36
robert <at> DEM-6 ~/D/i/fish-shell> ls -la (which make)
-rwxr-xr-x  1 root  wheel  14224 Oct 31  2013 /usr/bin/make

!mastere689a386 Sep-22 12:36:44
robert <at> DEM-6 ~/D/i/fish-shell> ls -la (which fish)
-rwxr-xr-x  1 root  admin  1182252 Sep 22 12:36 /usr/local/bin/fish


------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Fish-users mailing list
Fish-users@...
https://lists.sourceforge.net/lists/listinfo/fish-users

Gmane