guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] gnu: flex: Update to 2.6.2.

From: David Craven
Subject: [PATCH] gnu: flex: Update to 2.6.2.
Date: Tue, 29 Nov 2016 22:43:40 +0100 
* gnu/packages/flex.scm (flex): Update to 2.6.2.
  [native-inputs]: Add help2man.
  [origin]: Update uri to github. Remove CVE-2016-6354 patch.
* gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file.
---
 gnu/packages/flex.scm                         | 16 ++++++++------
 gnu/packages/patches/flex-CVE-2016-6354.patch | 30 ---------------------------
 2 files changed, 10 insertions(+), 36 deletions(-)
 delete mode 100644 gnu/packages/patches/flex-CVE-2016-6354.patch

diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d6..98eb88d 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages indent)
   #:use-module (srfi srfi-1))
@@ -31,15 +32,16 @@
 (define-public flex
   (package
     (name "flex")
-    (version "2.6.0")
+    (version "2.6.2")
     (source (origin
              (method url-fetch)
-             (uri (string-append "mirror://sourceforge/flex/flex-"
-                                 version ".tar.bz2"))
-             (patches (search-patches "flex-CVE-2016-6354.patch"))
+             (uri (string-append
+                   "https://github.com/westes/flex";
+                   "/releases/download/v" version "/"
+                   "flex-" version ".tar.gz"))
              (sha256
               (base32
-               "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+               "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
     (build-system gnu-build-system)
     (inputs
      (let ((bison-for-tests
@@ -61,7 +63,9 @@
        `(("bison" ,bison-for-tests)
          ("indent" ,indent))))
     ;; m4 is not present in PATH when cross-building
-    (native-inputs `(("m4" ,m4)))
+    (native-inputs
+     `(("help2man" ,help2man)
+       ("m4" ,m4)))
     (propagated-inputs `(("m4" ,m4)))
     (home-page "http://flex.sourceforge.net/";)
     (synopsis "Fast lexical analyser generator")
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch 
b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb02..0000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <address@hidden>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
- 
-       else
-               {
--                      yy_size_t num_to_read =
-+                      int num_to_read =
-                       YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move 
- 1;
- 
-               while ( num_to_read <= 0 )
-- 
2.9.0
reply via email to
[Prev in Thread] Current Thread [Next in Thread]