[tin-dev] [tin 2.4.3] snapshots - please test
Corinna Vinschen
vinschen at redhat.com
Wed Jul 4 13:00:24 CEST 2018
On Jul 4 09:23, Urs Janßen wrote:
> In <mailman.173.1530633342.592.tin-dev at tin.org>, Corinna Vinschen wrote:
> >> | o add check for ICU unorm2.h/unorm2_normalize(); prefer it over
> >> | ICU unorm.h/unorm_normalize()
> >> volunteers? ,-)
> >
> > Hmm, the call has changed significantly. Not that easy...
>
> that's why it's still on the todo list ,-)
>
> >> > pcre/pcre_study.c:419:35: warning: ‘<<’ in boolean context, did you mean ‘<’ ? [-Wint-in-bool-context]
> >> > if ((tcode[c/8] && (1 << (c&7))) != 0)
> >> > ~~~^~~~~~~~~
> >> > The && looks wrong. In the equivalent piece of code in upstream
> >> > pcre-8.42 this reads:
> >> >
> >> > if ((map[c/8] & (1 << (c&7))) != 0)
>
> btw. that one was fixed in pcre-8.10
>
> >> the included pcre source is very outdated (> 10 years old now) and should
> >> either be updated or dropped (at least any system wide installed version
> >> should be preferred).
> > Dropping the included pcre would be preferrable, otherwise you get
>
> I'd like to see the current pcre-8.x included instead - pcre-8 is
> feature complete and only gets bug fixes...
Features are not the problem, security fixes are. External code
bundled into a subdir of "my project" is prone to get outdated
and forgotten, as the current case proves. Better to *not* bundle
it in the first place and to use the system version instead, which
at least has a chance of regular security updates as necessary.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.tin.org/pipermail/tin-dev/attachments/20180704/fd04311e/attachment.sig>
More information about the tin-dev
mailing list