Your message dated Mon, 12 Feb 2018 21:05:04 +0000 with message-id <[email protected]> and subject line Bug#835542: fixed in flex 2.6.4-1 has caused the Debian Bug report #835542, regarding flex: comparison between signed and unsigned integer expressions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 835542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835542 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: flex Version: 2.5.39-8+deb8u1 Severity: normal After this update, I get the following warning when compiling the flex generated code with gcc, which I didn't get before: scan.cpp: In function âint yy_get_next_buffer(yyscan_t)â: scan.cpp:758:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] scan.cpp:1384:3: note: in expansion of macro âYY_INPUTâ Looking at the code: #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ size_t n; \ for ( n = 0; n < max_size && \ Invoked as: int num_to_read = ... YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), yyg->yy_n_chars, num_to_read ); So indeed an unsigned value (n) is compared with a signed one (num_to_read). If this is correct, the warning can be silenced with a cast of the appropriate one of them. flex hasn't exactly been known for generating warning-free code, but what really worries me is that this is a security update. Fixing a security problem by introducing a sign-problem seems fishy to me. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages flex depends on: ii debconf [debconf-2.0] 1.5.56 ii dpkg 1.17.27 ii install-info 5.2.0.dfsg.1-6 ii libc6 2.19-18+deb8u5 ii libfl-dev 2.5.39-8+deb8u1 ii m4 1.4.17-4 Versions of packages flex recommends: ii clang-3.5 [c-compiler] 1:3.5-10 ii gcc [c-compiler] 4:4.9.2-2 ii gcc-4.8 [c-compiler] 4.8.4-1 ii gcc-4.9 [c-compiler] 4.9.2-10 Versions of packages flex suggests: ii bison 2:3.0.2.dfsg-2 ii build-essential 11.7 -- no debconf information
--- End Message ---
--- Begin Message ---Source: flex Source-Version: 2.6.4-1 We believe that the bug you reported is fixed in the latest version of flex, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Manoj Srivastava <[email protected]> (supplier of updated flex package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 12 Feb 2018 11:19:29 -0800 Source: flex Binary: flex flex-doc libfl-dev Architecture: source amd64 all Version: 2.6.4-1 Distribution: unstable Urgency: medium Maintainer: Manoj Srivastava <[email protected]> Changed-By: Manoj Srivastava <[email protected]> Description: flex - fast lexical analyzer generator flex-doc - Documentation for flex (a fast lexical analyzer generator) libfl-dev - static library for flex (a fast lexical analyzer generator) Closes: 835542 851675 856956 Changes: flex (2.6.4-1) unstable; urgency=medium . * New upstream version. Notable changes + a segfalt involving yyrestart(NULL) has been fixed + flex should now handle quoting when mixed with m4 processing correctly + flex handles `[[' and `]]' correctly + flex no longer generates non-ANSI code + more compilation warnings were squashed in generated scanners + prevented a buffer overflow that could occur when input buffers were the exact wrong size + several bug fixes resolved problems introduced in recent flex versions regarding processing of comments, literals and various quoting scenarios. + If the path to m4 was sufficiently long, a buffer overflow could occur. This has been resolved. The fix also removes dependence on the constant PATH_MAX. + Some minor performance enhancements. + We honor user defined yy_* macros again. We are also more careful to not leak macro definitions into header files. + A number of portability fixes were introduced so building flex is more reliable on more platforms. Additionally, outdated function calls were removed. + When building the flex executable itself, %# comments from flex.skl are removed when generating the C source code array. This reduces the size of flex. + Flex can be cross compiled. * Bug fix: "comparison between signed and unsigned integer expressions", thanks to Frank Heckenbach. This should be fixed now. (Closes: #835542). * Bug fix: "Please update homepage in package description", thanks to Tim Ruehsen (Closes: #851675). * Bug fix: "Should Suggest: flex-doc", thanks to Yuri D'Elia (Closes: #856956). * Stole some commits from 2.6.5 to fix FTBS issues in 2.6.4 release. Checksums-Sha1: 64458a5505843c8b8334b1d2cee5d61bd2c450af 2009 flex_2.6.4-1.dsc fafece095a0d9890ebd618adb1f242d8908076e1 1419096 flex_2.6.4.orig.tar.gz 8ae51c3f7845da034fafe81d9b045a965b0b1a80 57095 flex_2.6.4-1.diff.gz e99271867033152c1425a8d9057cf1ad478c4916 159796 flex-dbgsym_2.6.4-1_amd64.deb 155a6397224083773004d3bb47282e0b466d194c 762312 flex-doc_2.6.4-1_all.deb 3fed57ebf4a1838c6a4fff30aabc5b8f7a5db379 8513 flex_2.6.4-1_amd64.buildinfo 751a32a0825a8455a7ba265c29d99809bb6f58af 454056 flex_2.6.4-1_amd64.deb 3cffe92a9ba41cb0748fb782f9fcfcc3b6b03a07 101724 libfl-dev_2.6.4-1_amd64.deb Checksums-Sha256: b85c2c0aaea15717decf668664fb04bafa6e32104cd0f74013a7bf6aecffcf33 2009 flex_2.6.4-1.dsc e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995 1419096 flex_2.6.4.orig.tar.gz a03bbb8837ea3869923631695c7a40d5d41bad5a519af31dd7f98718ec6a686d 57095 flex_2.6.4-1.diff.gz 1578439e1589f68e4e41e30e7df61991755630533cd2c11320865530d44c04d0 159796 flex-dbgsym_2.6.4-1_amd64.deb 14c657034c5d04e15e3259e06745a43676369cd5f49f9e6ace14d5c500a217d2 762312 flex-doc_2.6.4-1_all.deb 17523bf2d1534d7ff64da9e238687bd1f966a4e3a23c1d0318c3eaa390ef00ac 8513 flex_2.6.4-1_amd64.buildinfo aff1a9b452206015320f0e9d304adb7ff6a077743ed25272b503cdc955687afd 454056 flex_2.6.4-1_amd64.deb b2e6d012261de213360e3a47166f4312f5bb3cac9f6f270fc0b8e6faf98a597c 101724 libfl-dev_2.6.4-1_amd64.deb Files: 5df20ec47a26e11ddc4689c9b5d2f95a 2009 devel optional flex_2.6.4-1.dsc 2882e3179748cc9f9c23ec593d6adc8d 1419096 devel optional flex_2.6.4.orig.tar.gz 9bcda2e08428063a9aef53dd3eba49c2 57095 devel optional flex_2.6.4-1.diff.gz bb3a02a3da183b4449999b42a88a733a 159796 debug optional flex-dbgsym_2.6.4-1_amd64.deb 08ce62a09dc890ab6adb106461b91258 762312 doc optional flex-doc_2.6.4-1_all.deb 3a1476b6ebe316dab0928ed2f69230be 8513 devel optional flex_2.6.4-1_amd64.buildinfo ec6a807a52d686c04f6c69bc41d11492 454056 devel optional flex_2.6.4-1_amd64.deb 58bb821519b7880fe51b2c2613924994 101724 libdevel optional libfl-dev_2.6.4-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQGaBAEBCgCEFiEEq6cQJaG1qIpOX2jCNr1yD29XZHIFAlqB+6tRFIAAAAAAGwAt c3JpdmFzdGFAZ29sZGVuLWdyeXBob24uY29tQUJBNzEwMjVBMUI1QTg4QTRFNUY2 OEMyMzZCRDcyMEY2RjU3NjQ3Ml8xOTMxFBxzcml2YXN0YUBkZWJpYW4ub3JnAAoJ EDa9cg9vV2Ry3QIH/jdaFNdFxLYRois9Jnlcf7Z1jpcEIibIINMKdCZsi7RJcJaJ OcrWmW8ttL2WkgS7l8vr1Aiqs4uNNfoL6nNM4EUmrnBOGFBJOeQ2W0tA6Eg2yvYr +hzrKSpUcLXZkzWeuS3g5RuRZSqpVO10ubAMgNU3tz2OR4Jnw+10IAlI7X1d0HsA o8x0tH/fsYKAe1XDznefSSGvV6s+PCjlKeFkIann8XLwn/vhTltbnlUfOJULPcaC JvqITpyHBhCycC1sHAsZAZYgyf7KIYV1r4WL/S3DTI1SxcM1hVvvkg0ShPQnqU7B V5/hbq5g9rzdPKokO8IUkh7907wbOGB4AqPGShk= =ftXS -----END PGP SIGNATURE-----
--- End Message ---
