[lua-l] Re: LuaSocket 3.0-rc1... Please release a 3.0 rock, at a convenient time?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[lua-l] Re: LuaSocket 3.0-rc1... Please release a 3.0 rock, at a convenient time?

sur-behoffski
On 2019-10-18 01:13, Bruno Silvestre wrote:

> This problem came from LuaSocket. Luarocks is installing it as dependency.
>
> from LuaSocket 3.0-RC1, file src/option.c:40,41
>         char msg[45];
>         sprintf(msg, "unsupported option `%.35s'", name);
>
> It was fixed in 'master' branch:
>       char msg[57];
>       sprintf(msg, "unsupported option `%.35s'", name);
>
> regards
> --
> bruno

FYI, I run Gentoo GNU/Linux, and have "luasocket" installed both as:

     1. An OS-stable package:

         =dev-lua/luasocket-3.0_rc1-r4

and

     2. A LuaRocks Rock:

         luasocket
            3.0rc1-2 (installed) - /usr/local/lib/luarocks/rocks-5.1

My impression is that Gentoo marking "3.0-rc1-r4" as Stable is a strong vote for
releasing the set of sources, plus the patch sets that comprise the -r4 set, as
a full LuaSocket 3.0 Rock.

Presumably the simple array size expansion, to eliminate the chances of a
buffer overflow on sprintf, would be included in Gentoo's -r4 patches, and thus
would address the compiler warnings.

Gentoo's "eix luasocket" describes dev-lua/luasocket's Homepage as:

         http://www.tecgraf.puc-rio.br/~diego/professional/luasocket/

Sorry to be pushy, but I hope that this is a fairly simple and easy change.  If
the developer's workload is high, and it takes many months before this change is
attempted, I would still be grateful:  I very much enjoy the Lua language and
extended ecosystem; my reasons for pushing back on warning messages is because
these can be off-putting for newcomers, leading to an impression of a
second-class ecosystem.  In particular, I believe that LuaRocks 3.2.1 has now
settled into a space where it works better than 2.x for being a central package
manager, and so am now trying to make it more of a central unifying component
(e.g. std.normalize, std.strict, bit32, ldoc, luaposix etc) for many of my
scripts.

cheers,

s-b etc.

Reply | Threaded
Open this post in threaded view
|

Re: [lua-l] Re: LuaSocket 3.0-rc1... Please release a 3.0 rock, at a convenient time?

Paul K-2
> Sorry to be pushy, but I hope that this is a fairly simple and easy change.  If
> the developer's workload is high, and it takes many months before this change is
> attempted, I would still be grateful:  I very much enjoy the Lua language and
> extended ecosystem; my reasons for pushing back on warning messages is because
> these can be off-putting for newcomers, leading to an impression of a
> second-class ecosystem.

I'd support a new release as well. 3.0-rc1 has been released more than
6 years ago (https://github.com/diegonehab/luasocket/releases/tag/v3.0-rc1)
with 214 commits applied after the release with the last one being
more than 6 months ago. It looks like it may be time to tag the rc1 as
3.0 and tag the current version as 3.1 or something similar.

I think it's a question primarily for Diego, but are there any plans
for a release?

Paul.