Your message dated Wed, 04 Jan 2017 17:33:47 +0000 with message-id <[email protected]> and subject line Bug#835542: fixed in flex 2.6.1-1.2 has caused the Debian Bug report #835542, regarding flex: comparison between signed and unsigned integer expressions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 835542: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835542 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: flex Version: 2.5.39-8+deb8u1 Severity: normal After this update, I get the following warning when compiling the flex generated code with gcc, which I didn't get before: scan.cpp: In function âint yy_get_next_buffer(yyscan_t)â: scan.cpp:758:18: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] scan.cpp:1384:3: note: in expansion of macro âYY_INPUTâ Looking at the code: #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ size_t n; \ for ( n = 0; n < max_size && \ Invoked as: int num_to_read = ... YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), yyg->yy_n_chars, num_to_read ); So indeed an unsigned value (n) is compared with a signed one (num_to_read). If this is correct, the warning can be silenced with a cast of the appropriate one of them. flex hasn't exactly been known for generating warning-free code, but what really worries me is that this is a security update. Fixing a security problem by introducing a sign-problem seems fishy to me. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages flex depends on: ii debconf [debconf-2.0] 1.5.56 ii dpkg 1.17.27 ii install-info 5.2.0.dfsg.1-6 ii libc6 2.19-18+deb8u5 ii libfl-dev 2.5.39-8+deb8u1 ii m4 1.4.17-4 Versions of packages flex recommends: ii clang-3.5 [c-compiler] 1:3.5-10 ii gcc [c-compiler] 4:4.9.2-2 ii gcc-4.8 [c-compiler] 4.8.4-1 ii gcc-4.9 [c-compiler] 4.9.2-10 Versions of packages flex suggests: ii bison 2:3.0.2.dfsg-2 ii build-essential 11.7 -- no debconf information
--- End Message ---
--- Begin Message ---Source: flex Source-Version: 2.6.1-1.2 We believe that the bug you reported is fixed in the latest version of flex, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Berg <[email protected]> (supplier of updated flex package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 30 Dec 2016 20:29:41 +0100 Source: flex Binary: flex flex-doc libfl-dev Architecture: source Version: 2.6.1-1.2 Distribution: unstable Urgency: medium Maintainer: Manoj Srivastava <[email protected]> Changed-By: Christoph Berg <[email protected]> Description: flex - fast lexical analyzer generator flex-doc - Documentation for flex (a fast lexical analyzer generator) libfl-dev - static library for flex (a fast lexical analyzer generator) Closes: 835542 Changes: flex (2.6.1-1.2) unstable; urgency=medium . * Non-maintainer upload. * Cherry-pick 1da19feba7c957e0f0af0c3eeadc29e8c82b0ca3, cf4121fa97abac8aeaa5e08b8fc0b2380228494e and 8c098febc9a599397921e9b6938b7fb85e38cc7e from upstream to fix comparison between signed and unsigned integer expressions in generated lexer (Closes: #835542). * Fix distribution in last upload's NEWS.Debian. Checksums-Sha1: 21bcaee44fd40d7acb7e5e4acfbd600be8c47231 2100 flex_2.6.1-1.2.dsc 9459fe26075faaf7e9556cb259751e95dd84470f 34017 flex_2.6.1-1.2.diff.gz Checksums-Sha256: 087791edf96e13217bb0a9ae75269410d1cf47e74428140a3d518b3a5bbaf38b 2100 flex_2.6.1-1.2.dsc de3a076b5342929bfe392004cf67e0635a690bb26440d1bbd7f05614390959be 34017 flex_2.6.1-1.2.diff.gz Files: 71fdf3727527444cc5083cbdd235847d 2100 devel optional flex_2.6.1-1.2.dsc 521cf1a65e7f2c507e768e974eacb133 34017 devel optional flex_2.6.1-1.2.diff.gz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAlhm4uIACgkQTFprqxLS p67XRg//SBrMtEQNdURNQOOydG8838WwBhBYFLt+OXJSDMzRJj/PK5/EyHTptZ5Q p+PLohtEyQpZA2pwQODOLKYpbLus9ZlD5L0CpasfkOyscncSefKGQNT1fkxhCYme 1fUkPWomT+K8ridhHgHY7FbZ0i+N1HPIhSb/BIpne+VWIlW+WRHy4bLE4yNOq0mF 7fgwyWZBJyr4VtBeerbizzjVEdeShjpHIZP6GkOOssJZzuzXhYmeWL7w9tOMHr9G KrZirSqnyO1UtOAPRuPdhxsAtjIFwq4G93vudqVS0ujuRRtRCbGD8bet701UWcIQ UJL7HnrjV/+d2nSQbLrVAMlL0QCiUrZSMBx+dMU7Pag5+ceFSC6g7JOgQXQh3hDh I5oWcD3lj7CuTE21DgbiAVtRYqRspLFlE11+gdy8x3+ngMhq4OHrM6bjlo6OCQ7c h/O+7AIW6ihrGpcp/d7XxUTGPp42ki0pnMWEcdVfjlb4YkSCSJyUe/nD6qITiLxk Ibyfr4PYkLBCuy4XeTBtr1N+dyWmsQvYuohztZ4lnF18UlhW2JM71/sPDHmxl1Fc wjmagbVCA0e2yElu7+aO2NbUWkhx4ifV8yFxCCHtkEdvXdelv6K0bvASsO1OY35X wQEtajI5VDW2eClj2nO0XhBPJrBoG9T68AaDJuj3H2tUDcR2+YE= =0Sx9 -----END PGP SIGNATURE-----
--- End Message ---
