Hi,
This code belongs to the MathGL library used by IUP. I usually don't
patch third party libraries.
Unfortunately our MathGL version is outdated from the official release,
maybe they fixed that already.
Best,
Scuri
2018-04-08 8:49 GMT-03:00 sur-behoffski <sur_behoff...@grouse.com.au>:
> G'day,
>
> I've been unable to find a subset of packages that allows IUP to
> build under Gentoo GNU/Linux. So, for the moment, I'll have to
> revert to a virtual machine if really getting involved in code on
> that system.
>
> I've really been pushing for Gentoo support platform, partially
> because it's easier to bring in compilers such as gcc 6.4.0,
> instead of gcc 5.4.0 used in Linux Mint, and partially because
> Gentoo offered me certain advantages.
>
> In any case, I see that being able to support GNU/Linux Mint,
> which is more popular than Ubuntu, and hope that this can open
> up the tools to a wider audience.
>
> As promised, at some point fairly soon, I'll release my apparatus
> ("build/run superstructure") that I use to even out, and/or cater
> for differences in, the two distributions that I'm familiar with,
> and hope that this can be helpful.
>
> --------------------------
>
> There have been quite a lot of changes to the IUP Subversion
> repository as of late, and I've been tracking them as they appear.
> To date, none if IM, CD or IUP seems to be broken by the changes,
> which is welcome news. Here is one subset of warning messages,
> and a corresponding patch to fix them, for IUP with gcc 6.4.0.
>
> The warnings are from the famous Apple "goto fail" vulnerability,
> which helped prompt the "misleading-indentation" warning suite
> to gcc 6.x. See David Wheeler's article on this bug; Section 3.5
> discusses indentation warnings as one way of alerting the
> user to a potential problem:
>
> https://www.dwheeler.com/essays/apple-goto-fail.html
>
> The essence of the problem is straightforward. The code
> included these lines [Apple2014] in function
> SSLVerifySignedServerKeyExchange:
>
> if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
> goto fail;
> goto fail;
> ... other checks ...
> fail:
> ... buffer frees (cleanups) ...
> return err;
>
> The problem was the second (duplicate) “goto fail”. The
> indentation here is misleading; [...]
>
> [A number of validation checks on SSL certificates were skipped
> because of this bug, making it easier for a malicious actor to
> gain access to the system.]
>
> --------------------------
>
> So, I believe that eliminating compilation warnings is highly
> worthwhile, and the "misleading indent" family is one of the
> most straightforward to tackle.
>
> It turns out that, in IUP, all "misleading else" warnings are
> concentrated in the file iup/srcmglplot/src/exec.cpp. So,
> attached are two files:
>
> * One is a summary if all the "misleading else" messages
> emitted by the compiler ("this-else-clause-...-summary.out");
>
> * The other is a single patch file that seeks to eliminate all
> the warnings; all are in iup/srcmglplot/src/exec.cpp
> (iup-srcmglplot-src...-indent.patch).
>
> (The IUP Subversion repository for these files is Revision 4778.)
>
> I've been able to build the modified sources without a glitch, and
> have tried to visually inspect the patch diffs, looking for
> defects. (I haven't found any, which is why I'm releasing the
> patch now; but I'm tired, and fallible, and a fresh, independent
> reviewer would be highly welcome.)
>
> cheers,
>
> sur-behoffski
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Iup-users mailing list
> Iup-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/iup-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users
