Hi Aaron, On Wed, Nov 19, 2014, at 01:18, Aaron Schrab wrote: > On Wed, 19 Nov 2014 00:21:19 +0100 Piotr Ożarowski <pi...@debian.org> > wrote: > > sed in wheezy (v4.2.1) doesn't have -z (AKA --null-data). > > > > removing this option and -0 from xargs call in > > /usr/lib/php5/sessionclean fixed this for me, but I'm not sure if it's > > the proper fix (can php5 session file names contain special > > characters?) > > Besides those changes, I you'd also need to change `-F0` argument for > lsof to just `-F`. This would have problems if there are filenames > which contain newlines, but I suspect that wouldn't happen. > > Even with the above it just echoes the touch command rather than > actually running it, so the `echo` needs to be removed as well. This > wouldn't be noticed if the lsof command isn't modified, since sed will > fail to match anything leaving nothing for xargs to do.
There's a long-standing RFH bug open on PHP. Your comments are much welcome, so would you be willing to subscribe to PHP BTS and help with fixing the bugs in general? I really do not mean that as sarcasm, just stating the fact, that such help is much sought. > A better option may be just backing out the change that introduced this, Yup, I am just building deb7u2 version that backs out the change. Unfortunately that also means that the security vulnerability described in #766147 will be unfixed in wheezy. > it definitely doesn't look like it was tested enough to have been > introduced in a security update. For the history of this change see #766147. We did spend a quite lot of time testing the change with the submitter, but unfortunatelly we missed the fact that wheezy's sed doesn't have -z. Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
