[ubuntu/jaunty] flex 2.5.35-3ubuntu1 (Accepted)

Kees Cook kees at ubuntu.com
Tue Nov 11 00:00:15 GMT 2008 

flex (2.5.35-3ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - Process (but ignore) the fwrite used in the "ECHO" macro to handle
      being compiled with -D_FORTIFY_SOURCE=2 (debian bug 505233).

flex (2.5.35-3) unstable; urgency=low

  * Bug fix: "debian dir contains *.so", thanks to Raphael Hertzog
    This is a simple rname of a file used purely in packaging, and has low
    risk, but would allow compiling the flex source package with squeeze's
    packaging tools.                                     (Closes: #485095).
  * [88bb2fc] Fix generation of broken output on ia64 when input is piped in

    On ia64, flex appears to generate a completely different (and broken)
    output depending on whether the input file is specified using shell
    redirection or via a pipe.

    This was traced back commit 3971e1a917548977cff71418a7c3575ffbc9571f,
    by Alex Nixon <alex.nixon at citrix.com>: VFS: increase pseudo-filesystem
    block size to PAGE_SIZE. PAGE_SIZE on ia64 kernels is larger than most
    architectures - 16K is what most distributions (including Debian)
    use. An effect of the above changeset, as verified by strace, is that
    the read() and write() system calls issued by flex on a pipe will use
    this bigger size. fread() appears to be properly hiding the actual
    read size and is returning 8192 byte buffers to flex upon request. I
    verified by this by instrumenting YY_INPUT to compare the fread data
    with the original input file.

    Its probably useful to note that the corruption happening here is that
    the last 382 lines of the input file is being prefixed to the output
    file. The only differences in the remainder of the file are the #line
    numbers. I've also found that bumping YY_READ_BUF_SIZE up to 16384
    seems to workaround the problem - but that may just be putting it back
    into hiding.

    The tradeoff here is between correct operation, by making flex's
    buffer at least as big as the system buffer -- and not bigger, so that
    we do not waste memory. At this point, fixing the isue seems more
    important than worrying that flex consumes and additional 8KB of
    memory.

   This fix unblocks RC bugs on other packages.

    Bug fix: "Generates broken output on ia64 when input is piped vs. shell
    redirection", thanks to Chris Lamb. Fix based on comments by Dann
    Frazier and Michael Casadevall.                         (Closes: #501960)
  * [56ec97d] Fix doxygen comments to reflect actual argument name
    Fix the comments to reflect the actual name of the function
    arguments. This is a pure documentation fix.
    Bug fix: "argument &#39;bytes&#39; of command @param is not found in
    the argument list of tp_scan_bytes(yyconst char *yybytes, int
    _yybytes_len)", thanks to Ludovic Rousseau              (Closes: #488272).

Date: Mon, 10 Nov 2008 15:25:58 -0800
Changed-By: Kees Cook <kees at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/flex/2.5.35-3ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 10 Nov 2008 15:25:58 -0800
Source: flex
Binary: flex flex-doc
Architecture: source
Version: 2.5.35-3ubuntu1
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 flex       - A fast lexical analyzer generator.
 flex-doc   - Documentation for flex (a fast lexical analyzer generator).
Closes: 485095 488272 501960
Changes: 
 flex (2.5.35-3ubuntu1) jaunty; urgency=low
 .
   * Merge from debian unstable, remaining changes:
     - Process (but ignore) the fwrite used in the "ECHO" macro to handle
       being compiled with -D_FORTIFY_SOURCE=2 (debian bug 505233).
 .
 flex (2.5.35-3) unstable; urgency=low
 .
   * Bug fix: "debian dir contains *.so", thanks to Raphael Hertzog
     This is a simple rname of a file used purely in packaging, and has low
     risk, but would allow compiling the flex source package with squeeze's
     packaging tools.                                     (Closes: #485095).
   * [88bb2fc] Fix generation of broken output on ia64 when input is piped in
 .
     On ia64, flex appears to generate a completely different (and broken)
     output depending on whether the input file is specified using shell
     redirection or via a pipe.
 .
     This was traced back commit 3971e1a917548977cff71418a7c3575ffbc9571f,
     by Alex Nixon <alex.nixon at citrix.com>: VFS: increase pseudo-filesystem
     block size to PAGE_SIZE. PAGE_SIZE on ia64 kernels is larger than most
     architectures - 16K is what most distributions (including Debian)
     use. An effect of the above changeset, as verified by strace, is that
     the read() and write() system calls issued by flex on a pipe will use
     this bigger size. fread() appears to be properly hiding the actual
     read size and is returning 8192 byte buffers to flex upon request. I
     verified by this by instrumenting YY_INPUT to compare the fread data
     with the original input file.
 .
     Its probably useful to note that the corruption happening here is that
     the last 382 lines of the input file is being prefixed to the output
     file. The only differences in the remainder of the file are the #line
     numbers. I've also found that bumping YY_READ_BUF_SIZE up to 16384
     seems to workaround the problem - but that may just be putting it back
     into hiding.
 .
     The tradeoff here is between correct operation, by making flex's
     buffer at least as big as the system buffer -- and not bigger, so that
     we do not waste memory. At this point, fixing the isue seems more
     important than worrying that flex consumes and additional 8KB of
     memory.
 .
    This fix unblocks RC bugs on other packages.
 .
     Bug fix: "Generates broken output on ia64 when input is piped vs. shell
     redirection", thanks to Chris Lamb. Fix based on comments by Dann
     Frazier and Michael Casadevall.                         (Closes: #501960)
   * [56ec97d] Fix doxygen comments to reflect actual argument name
     Fix the comments to reflect the actual name of the function
     arguments. This is a pure documentation fix.
     Bug fix: "argument &#39;bytes&#39; of command @param is not found in
     the argument list of tp_scan_bytes(yyconst char *yybytes, int
     _yybytes_len)", thanks to Ludovic Rousseau              (Closes: #488272).
Checksums-Sha1: 
 c6dba4341ca367007e8acf6f7e064c64f0e03603 1288 flex_2.5.35-3ubuntu1.dsc
 e1cbff55c9537da3bfa90105b742c6d49d36004b 37949 flex_2.5.35-3ubuntu1.diff.gz
Checksums-Sha256: 
 aaa7fdf5b9b10ede4d9023236b8971bffb0a3db5b2a5fea9aec7c02cc706fe68 1288 flex_2.5.35-3ubuntu1.dsc
 cf2873a349442ae6b077265e1d36d3d5d985bc3f25fcf9641c43fc330ab04faa 37949 flex_2.5.35-3ubuntu1.diff.gz
Files: 
 aa14f5454760eacd6947f289972210d4 1288 devel standard flex_2.5.35-3ubuntu1.dsc
 48d9a77b8730cc8551f42cc936038ed4 37949 devel standard flex_2.5.35-3ubuntu1.diff.gz
Original-Maintainer: Manoj Srivastava <srivasta at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>

iEYEARECAAYFAkkYyKcACgkQH/9LqRcGPm2NIACeJ7fS7fiVPWXTofltR0DaL1d5
nTQAn0UxMLLTWkP6knYi1Zcgu8+rXNS+
=wYeu
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list