Re: setup 2.887 release candidate - please test

2018-02-15 Thread Jon Turney 

On 14/02/2018 23:02, Ken Brown wrote:

On 2/6/2018 10:04 AM, Jon Turney wrote:


A new setup release candidate is available at:

   https://cygwin.com/setup/setup-2.887.x86_64.exe (64 bit version)
   https://cygwin.com/setup/setup-2.887.x86.exe    (32 bit version)

Please test and report any problems here.


This crashes in ConfirmPage::OnActivate() if a source package is being 
installed.  The problem is that 'pkg' is null, but it is dereferenced in 
confirm.cc:99.  The attached patch fixes this in the laziest possible 
way, but I'm not sure it's the best fix.  Maybe we should check whether 
'pkg' is NULL (both times it's defined) and throw an exception if so 
unless we're installing a source package.


Alternatively, maybe we should just make sure it's non-NULL (both times) 
before dereferencing it.  After all, we're only using 'pkg' to decide 
whether to say "automatically added", so if it's NULL, it might not be 
worth worrying about why.


Thanks. I also came across this, but you beat me to sending a patch :)

Re: setup 2.887 release candidate - please test

2018-02-14 Thread Ken Brown 

On 2/6/2018 10:04 AM, Jon Turney wrote:


A new setup release candidate is available at:

   https://cygwin.com/setup/setup-2.887.x86_64.exe (64 bit version)
   https://cygwin.com/setup/setup-2.887.x86.exe    (32 bit version)

Please test and report any problems here.


This crashes in ConfirmPage::OnActivate() if a source package is being 
installed.  The problem is that 'pkg' is null, but it is dereferenced in 
confirm.cc:99.  The attached patch fixes this in the laziest possible 
way, but I'm not sure it's the best fix.  Maybe we should check whether 
'pkg' is NULL (both times it's defined) and throw an exception if so 
unless we're installing a source package.


Alternatively, maybe we should just make sure it's non-NULL (both times) 
before dereferencing it.  After all, we're only using 'pkg' to decide 
whether to say "automatically added", so if it's NULL, it might not be 
worth worrying about why.


Ken

From c860c1ce6045d6c42f0207f5977a269cbf48c53e Mon Sep 17 00:00:00 2001
From: Ken Brown 
Date: Wed, 14 Feb 2018 17:48:44 -0500
Subject: [PATCH] Avoid crash if a source package is installed

If a source package is installed, setup crashed in
ConfirmPage::OnActivate() when a null pointer 'pkg' was dereferenced.
Check that it is non-NULL before dereferencing.
---
 confirm.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/confirm.cc b/confirm.cc
index 7e949d8..df9b4f9 100644
--- a/confirm.cc
+++ b/confirm.cc
@@ -96,7 +96,7 @@ ConfirmPage::OnActivate()
 s += i->version.Name();
 s += " ";
 s += i->version.Canonical_version();
-if (!pkg->desired)
+if (pkg && !pkg->desired)
   s += " (automatically added)";
 s += "\r\n";
   }
-- 
2.16.1

setup 2.887 release candidate - please test

2018-02-06 Thread Jon Turney 


A new setup release candidate is available at:

  https://cygwin.com/setup/setup-2.887.x86_64.exe (64 bit version)
  https://cygwin.com/setup/setup-2.887.x86.exe(32 bit version)

Please test and report any problems here.

This is not the place for setup feature requests.

Changes compared to 2.884:

User visible changes:
- 'Current' is replaced by 'Best' (which is slightly different in ways 
it's difficult to summarize briefly) and 'Sync' (which exposes the 
--force-current (distupgrade) option through the UI).
- These are modified by a 'Test' checkbox, which allows test packages to 
be used.
- The "prereq" page showing dependencies which will be added is replaced 
by "problems" page showing problems found by the dependency solver, with 
default solutions.

- A "confirm" page is added showing all the changes which will be made.

Internal changes:
- Uses the libsolv dependency solver, rather than a home-made one.
- Add support for 'depends2: package (relation version) [...]', in a 
version section in setup.ini

- Add support for 'obsoletes:' in setup.ini, likewise
- Add support for 'replace-versions:' in a package section setup.ini, to 
indicate problematic versions.


Other:
- Query the user for action to take if a corrupt local file is found
- Validate package hash after download
- Any MessageBox shown during setup.ini parsing is now modal

A big 'thank you' to Ken Brown for all his work on this.