sed: update to v4.10

[RussellSenior]

📦 Package Details

Maintainer: @RussellSenior

Description:

update to version v4.10, disable building gnulib-tests to avoid
compilation errors.

Changes in sed since v4.9, from NEWS:

From NEWS:

** Bug fixes

sed 's/a/b/g' (and other global substitutions) now works on input
lines longer than 2GB. Previously, matches beyond the 2^31 byte offset
would evoke a "panic" (exit 4).
[bug present since the beginning]

'sed --follow-symlinks -i' no longer has a TOCTOU race that could let
an attacker swap a symlink between resolution and open, causing sed to
read attacker-chosen content and write it to the original target.
[bug introduced in sed 4.1e]

sed no longer falsely matches when back-references are combined with
optional groups (.?) and the $ anchor. For example, this no longer
falsely matches the empty string at beginning of line:
$ echo ab | sed -E 's/^(.?)(.?).?\2\1$/X/'
Xab
[bug present since "the beginning"]

In --posix mode, sed no longer mishandles backslash escapes (\n,
\t, \a, etc.) after a named character class like [[:alpha:]].
For example, 's/^A\n[[:alpha:]]\n*/XXX/' would fail to match the
trailing newline, treating \n as a literal backslash and an 'n'
rather than a newline. This happened when an earlier backslash
escape in the same regex had already been converted, shifting the
in-place normalization buffer.
[bug introduced in sed 4.9]

sed --debug no longer crashes when a label (":") command is compiled
before the --debug option is processed, e.g., sed -f<(...) --debug.
[bug introduced in sed 4.7 with --debug]

sed no longer rejects the documented GNU extension 'a**' (equivalent
to 'a*') in Basic Regular Expression (BRE) mode. Previously, this
worked only with -E (ERE mode), even though grep has always accepted
it in BRE mode.
[bug present since "the beginning"]

sed no longer rejects "\c[" in regular expressions
[bug present since the beginning]

'sed --follow-symlinks -i' no longer mishandles an operand that is a
short symbolic link to a long symbolic link to a file.
[bug introduced in sed 4.9]

Fix some some longstanding but unlikely integer overflows.
Internally, 'sed' now more often prefers signed integer arithmetic,
which can be checked automatically via 'gcc -fsanitize=undefined'.

** Changes in behavior

In the default C locale, diagnostics now quote 'like this' (with
apostrophes) instead of `like this' (with a grave accent and an
apostrophe). This tracks the GNU coding standards.

'sed --posix' now warns about uses of backslashes in the 's' command
that are handled by GNU sed but are not portable to other
implementations.

** Build-related

builds no longer fail on platforms without the <getopt.h> header or
getopt_long function.
[bug introduced in sed 4.9]

---

🧪 Run Testing Details

• OpenWrt Version: Snapshot
• OpenWrt Target/Subtarget: airoha
• OpenWrt Device: gemtek,w1700k-ubi

---

✅ Formalities

• I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

If your PR contains a patch:

• It can be applied using git am
• It has been refreshed to avoid offsets, fuzzes, etc., using

  make package/<your-package>/refresh V=s

• It is structured in a way that it is potentially upstreamable
  _{(e.g., subject line, commit description, etc.)
  We must try to upstream patches to reduce maintenance burden.}

[BKPepe]

Hi there,

I'm looking at your overall changes in this pull request and the commit you're proposing.
Since the commit description is really long due to being copied from NEWS for 4.10, there are actually more changes within the commit than I would have expected. We are adding a dependency, we added autoreconf, but there is no explanation anywhere as to why or what it's for, which makes me wonder if these changes are intentional. Adding a patch to disable the testsuite and manpages is fine, but I would really prefer if we didn't need to carry these patches at all and there was a way to disable those directly during the package build.

And please, please note that the patch cannot be applied using git am because it's missing a patch header.

Would it be possible to look into this, please? I know it can be a hassle, but patches without a commit subject and commit description just aren't the right way to go, given that nobody takes ownership of them later and we have to maintain them with every new version.

Thanks a lot.

[RussellSenior]

Looks like CONFIGURE_ARGS+= --disable-xattr may be an alternative to including the dependency.

[RussellSenior]

So far, still not finding a way of turning off gnulib-tests, where the build failure is occurring, short of Makefile.am hackery.

[RussellSenior]

@BKPepe do you like this better? Using sed to help sed compile seems somehow appropriate. Run-tested as far as:

# sed --version
sed (GNU sed) 4.10
Copyright (C) 2026 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Jay Fenlason, Tom Lord, Ken Pizzini,
Paolo Bonzini, Jim Meyering, and Assaf Gordon.

This sed program was built with SELinux support.
SELinux is disabled on this system.

GNU sed home page: <https://www.gnu.org/software/sed/>.
General help using GNU software: <https://www.gnu.org/gethelp/>.
E-mail bug reports to: <bug-sed@gnu.org>.

# ldd $(readlink /bin/sed)
        /lib/ld-musl-aarch64.so.1 (0x7fa5f60000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7fa5f2f000)
        libc.so => /lib/ld-musl-aarch64.so.1 (0x7fa5f60000)