Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package sed for openSUSE:Factory checked in at 2026-04-28 11:52:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sed (Old) and /work/SRC/openSUSE:Factory/.sed.new.11940 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sed" Tue Apr 28 11:52:53 2026 rev:39 rq:1349069 version:4.10 Changes: -------- --- /work/SRC/openSUSE:Factory/sed/sed.changes 2023-01-07 17:15:55.500799557 +0100 +++ /work/SRC/openSUSE:Factory/.sed.new.11940/sed.changes 2026-04-28 11:52:54.852908060 +0200 @@ -1,0 +2,48 @@ +Thu Apr 23 15:19:27 UTC 2026 - Antonio Teixeira <[email protected]> + +- Update to 4.10: + * sed 's/a/b/g' (and other global substitutions) now works on input + lines longer than 2GB. Previously, matches beyond the 2^31 byte offset + would evoke a "panic" (exit 4). + * 'sed --follow-symlinks -i' no longer has a TOCTOU race that could let + an attacker swap a symlink between resolution and open, causing sed to + read attacker-chosen content and write it to the original target. + (bsc#1262144, CVE-2026-5958) + * sed no longer falsely matches when back-references are combined with + optional groups (.?) and the $ anchor. For example, this no longer + falsely matches the empty string at beginning of line: + $ echo ab | sed -E 's/^(.?)(.?).?\2\1$/X/' + Xab + * In --posix mode, sed no longer mishandles backslash escapes (\n, + \t, \a, etc.) after a named character class like [[:alpha:]]. + For example, 's/^A\n[[:alpha:]]\n*/XXX/' would fail to match the + trailing newline, treating \n as a literal backslash and an 'n' + rather than a newline. This happened when an earlier backslash + escape in the same regex had already been converted, shifting the + in-place normalization buffer. + * sed --debug no longer crashes when a label (":") command is compiled + before the --debug option is processed, e.g., sed -f<(...) --debug. + * sed no longer rejects the documented GNU extension 'a**' (equivalent + to 'a*') in Basic Regular Expression (BRE) mode. Previously, this + worked only with -E (ERE mode), even though grep has always accepted + it in BRE mode. + * sed no longer rejects "\c[" in regular expressions + * 'sed --follow-symlinks -i' no longer mishandles an operand that is a + short symbolic link to a long symbolic link to a file. + * Fix some some longstanding but unlikely integer overflows. + Internally, 'sed' now more often prefers signed integer arithmetic, + which can be checked automatically via 'gcc -fsanitize=undefined'. + * In the default C locale, diagnostics now quote 'like this' (with + apostrophes) instead of `like this' (with a grave accent and an + apostrophe). This tracks the GNU coding standards. + * 'sed --posix' now warns about uses of backslashes in the 's' command + that are handled by GNU sed but are not portable to other + implementations. + * builds no longer fail on platforms without the <getopt.h> header or + getopt_long function. +- Add disable-backref-test.patch + * The bug for back references combined with optional groups and anchor + hasn't been fixed in glibc yet, so the tests fail when building with + "--without-included-regex". Disable the tests for now. + +------------------------------------------------------------------- Old: ---- sed-4.9.tar.xz sed-4.9.tar.xz.sig New: ---- disable-backref-test.patch sed-4.10.tar.xz sed-4.10.tar.xz.sig ----------(New B)---------- New: getopt_long function. - Add disable-backref-test.patch * The bug for back references combined with optional groups and anchor ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sed.spec ++++++ --- /var/tmp/diff_new_pack.0pdiYT/_old 2026-04-28 11:52:55.840948802 +0200 +++ /var/tmp/diff_new_pack.0pdiYT/_new 2026-04-28 11:52:55.840948802 +0200 @@ -1,7 +1,7 @@ # # spec file for package sed # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: sed -Version: 4.9 +Version: 4.10 Release: 0 Summary: A Stream-Oriented Non-Interactive Text Editor License: GPL-3.0-or-later @@ -26,6 +26,9 @@ Source0: https://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz Source1: https://ftp.gnu.org/gnu/sed/%{name}-%{version}.tar.xz.sig Source2: %{name}.keyring +# PATCH-FIX-OPENSUSE disable-backref-test.patch [email protected] -- Tests for back reference bugfix fail as we use glibc regex and it hasn't been fixed there yet +# Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=34073 +Patch0: disable-backref-test.patch BuildRequires: libacl-devel BuildRequires: libselinux-devel Provides: base:/bin/sed ++++++ disable-backref-test.patch ++++++ Index: b/testsuite/backref-anchor.sh =================================================================== --- a/testsuite/backref-anchor.sh +++ b/testsuite/backref-anchor.sh @@ -9,6 +9,8 @@ . "${srcdir=.}/testsuite/init.sh"; path_prepend_ ./sed +skip_ "Bug is still present when not using the included regex implementation" + echo ab > in || framework_failure_ # Expect no match. Index: b/gnulib-tests/test-regex.c =================================================================== --- a/gnulib-tests/test-regex.c +++ b/gnulib-tests/test-regex.c @@ -472,38 +472,6 @@ main (void) if (s && !streq (s, "Invalid back reference")) report_error ("%s: %s", pat_badback, s); - /* bug#68725, reported by Ed Morton. - The regex uses backrefs with optional groups to detect palindromes. */ - { - regex_t re68725; - int ret = regcomp (&re68725, "^(.?)(.?).?\\2\\1$", REG_EXTENDED); - if (ret) - report_error ("regcomp bug#68725 failed (%d)", ret); - else - { - regmatch_t pm; - /* "ab" is not a palindrome, so must not match with $. */ - if (regexec (&re68725, "ab", 1, &pm, 0) == 0) - report_error ("regexec bug#68725: \"ab\" matched with $," - " should not"); - regfree (&re68725); - } - - /* Without $, "ab" should match: the engine must retry with a - shorter match_last when set_regs fails at the longest - structural match. */ - ret = regcomp (&re68725, "^(.?)(.?).?\\2\\1", REG_EXTENDED); - if (ret) - report_error ("regcomp bug#68725 (no $) failed (%d)", ret); - else - { - regmatch_t pm[3]; - if (regexec (&re68725, "ab", 3, pm, 0) != 0) - report_error ("regexec bug#68725: \"ab\" should match" - " without $"); - regfree (&re68725); - } - } /* An assertion failure related to back references, seen in sed's dc.sed. To reproduce, use gcc or clang with UBSAN. */ ++++++ sed-4.9.tar.xz -> sed-4.10.tar.xz ++++++ ++++ 270299 lines of diff (skipped)
