[php-maint] Bug#770105: Bug#770105: sed in wheezy doesn't have -z option
ondrej at sury.org
Wed Nov 19 08:09:16 UTC 2014
On Wed, Nov 19, 2014, at 01:18, Aaron Schrab wrote:
> On Wed, 19 Nov 2014 00:21:19 +0100 Piotr Ożarowski <piotr at debian.org>
> > sed in wheezy (v4.2.1) doesn't have -z (AKA --null-data).
> > removing this option and -0 from xargs call in
> > /usr/lib/php5/sessionclean fixed this for me, but I'm not sure if it's
> > the proper fix (can php5 session file names contain special
> > characters?)
> Besides those changes, I you'd also need to change `-F0` argument for
> lsof to just `-F`. This would have problems if there are filenames
> which contain newlines, but I suspect that wouldn't happen.
> Even with the above it just echoes the touch command rather than
> actually running it, so the `echo` needs to be removed as well. This
> wouldn't be noticed if the lsof command isn't modified, since sed will
> fail to match anything leaving nothing for xargs to do.
There's a long-standing RFH bug open on PHP. Your comments are much
welcome, so would you be willing to subscribe to PHP BTS and help with
fixing the bugs in general? I really do not mean that as sarcasm, just
stating the fact, that such help is much sought.
> A better option may be just backing out the change that introduced this,
Yup, I am just building deb7u2 version that backs out the change.
Unfortunately that also means that the security vulnerability described
in #766147 will be unfixed in wheezy.
> it definitely doesn't look like it was tested enough to have been
> introduced in a security update.
For the history of this change see #766147. We did spend a quite lot of
time testing the change with the submitter, but unfortunatelly we missed
the fact that wheezy's sed doesn't have -z.
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint