me/guix
Archived
1
0
Fork 0
Code Activity

gnu: flex: Update to 2.6.2.

Browse source 
* gnu/packages/flex.scm (flex): Update to 2.6.2.
  [native-inputs]: Add help2man.
  [origin]: Update uri to github. Remove CVE-2016-6354 patch.
  (flex-2.6.1): Remove variable.
* gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Update.
* gnu/packages/kde-frameworks.scm (solid, kservice)[native-inputs]: Use
  flex.
This commit is contained in:
David Craven 2016-10-29 16:48:43 +02:00
parent 7d07e2a527
commit 83dcfa72d4
No known key found for this signature in database
GPG key ID: C5E051C79C0BECDB
4 changed files with 26 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -536,7 +536,6 @@ dist_patch_DATA = \
%D%/packages/patches/fasthenry-spFactor.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
%D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \

61
gnu/packages/flex.scm
View file

@ -24,6 +24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
#:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@ -31,29 +32,32 @@
(define-public flex
(package
(name "flex")
(version "2.6.0")
(version "2.6.2")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/flex/flex-"
version ".tar.bz2"))
(patches (search-patches "flex-CVE-2016-6354.patch"))
(sha256
(base32
"1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
(method url-fetch)
(uri (string-append
"https://github.com/westes/flex"
"/releases/download/v" version "/"
"flex-" version ".tar.gz"))
(sha256
(base32
"1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
(package (inherit bison)
(package
(inherit bison)
(version "2.7.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/bison/bison-"
version ".tar.xz"))
(sha256
(base32
"1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
(method url-fetch)
(uri (string-append
"mirror://gnu/bison/"
"bison-" version ".tar.xz"))
(sha256
(base32
"1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle.
@ -61,9 +65,11 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
(native-inputs `(("m4" ,m4)))
(native-inputs
`(("help2man" ,help2man)
("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
(home-page "http://flex.sourceforge.net/")
(home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator")
(description
"Flex is a tool for generating scanners. A scanner, sometimes
@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
"See COPYING in the distribution."))))
(define-public flex-2.6.1
;; The kservice and solid packages use flex. extra-cmake-modules
;; forces C89 for all C files for compatibility with windows.
;; Flex 2.6.0 generates a lexer containing a single line comment. Single
;; line comments are part of the C99 standard, so the lexer won't compile
;; if C89 is used.
(package
(inherit flex)
(version "2.6.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/westes/flex"
"/releases/download/v" version "/"
"flex-" version ".tar.gz"))
(sha256
(base32
"0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
"See COPYING in the distribution."))))

12
gnu/packages/kde-frameworks.scm
View file

@ -1049,11 +1049,7 @@ which are used in DBus communication.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
;; extra-cmake-modules forces C89 for all C files for compatibility with
;; Windows. Flex 2.6.0 generates a lexer containing a single line
;; comment. Single line comments are part of the C99 standard, so the
;; lexer won't compile if C89 is used.
("flex" ,flex-2.6.1)
("flex" ,flex)
("qttools" ,qttools)))
(inputs
`(("qtbase" ,qtbase)
@ -2456,11 +2452,7 @@ typed.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
;; extra-cmake-modules forces C89 for all C files for compatibility with
;; Windows. Flex 2.6.0 generates a lexer containing a single line
;; comment. Single line comments are part of the C99 standard, so the
;; lexer won't compile if C89 is used.
("flex" ,flex-2.6.1)))
("flex" ,flex)))
(inputs
`(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons)

30
gnu/packages/patches/flex-CVE-2016-6354.patch
View file

@ -1,30 +0,0 @@
Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
https://security-tracker.debian.org/tracker/CVE-2016-6354
Patch copied from upstream source repository:
https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
From: Will Estes <westes575@gmail.com>
Date: Sat, 27 Feb 2016 11:56:05 -0500
Subject: [PATCH] Fixed incorrect integer type
---
src/flex.skl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/flex.skl b/src/flex.skl
index 36a526a..64f853d 100644
--- a/src/flex.skl
+++ b/src/flex.skl
@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )