Package: systemd
Version: 259.1-1
Severity: normal
Dear Maintainer (i.e. not bluca),
There's a typo in /usr/lib/systemd/profile.d/80-systemd-osc-context.sh:
__systemd_osc_context_escape() {
# Escape according to the OSC 3008 spec. Since this requires shelling out
# to 'sed' we'll only do it where it's strictly necessary, and skip it
when
# processing strings we are pretty sure we won't need it for, such as
# uuids, id128, hostnames, usernames, since they all come with syntax
# requirements that exclude \ and ; anyway. This hence primarily is about
# escaping the current working directory.
echo "$1" | sed -e 's/\\/\\x5x/g' -e 's/;/\\x3b/g'
}
Notice: \\x5x
Instead of: \\x5c
BTW, is this thing actually being used somehow? And for what
specifically? I have only recently noticed this SNAFU when tinkering
with a terminal emulator and noticed:
1. libvte terminals (or at least some of them) put their own thing
in PS0 and/or PROMPT_COMMAND, apparently overriding or preventing
this script from placing __systemd_osc_context_ps0 in PS0.
2. Outside lbvte, e.g. in a Linux VT, I saw the string
"__systemd_osc_context_ps0" printed after every shell command
entered. Apparently this is because I have bash "promptvars"
option disabled which prevents eval of that string in PS0. A
many-years-old comment in my bashrc file says "for improved
security" but I can no longer remember what the threat was.
Thanks.
