* [PATCH] gnu: flex: Update to 2.6.2.
@ 2016-11-29 21:43 David Craven
2016-11-29 23:51 ` Marius Bakke
0 siblings, 1 reply; 6+ messages in thread
From: David Craven @ 2016-11-29 21:43 UTC (permalink / raw)
To: guix-devel
* gnu/packages/flex.scm (flex): Update to 2.6.2.
[native-inputs]: Add help2man.
[origin]: Update uri to github. Remove CVE-2016-6354 patch.
* gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file.
---
gnu/packages/flex.scm | 16 ++++++++------
gnu/packages/patches/flex-CVE-2016-6354.patch | 30 ---------------------------
2 files changed, 10 insertions(+), 36 deletions(-)
delete mode 100644 gnu/packages/patches/flex-CVE-2016-6354.patch
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d6..98eb88d 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@@ -31,15 +32,16 @@
(define-public flex
(package
(name "flex")
- (version "2.6.0")
+ (version "2.6.2")
(source (origin
(method url-fetch)
- (uri (string-append "mirror://sourceforge/flex/flex-"
- version ".tar.bz2"))
- (patches (search-patches "flex-CVE-2016-6354.patch"))
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
(sha256
(base32
- "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+ "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
@@ -61,7 +63,9 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
- (native-inputs `(("m4" ,m4)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
(home-page "http://flex.sourceforge.net/")
(synopsis "Fast lexical analyser generator")
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb02..0000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )
--
2.9.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] gnu: flex: Update to 2.6.2.
2016-11-29 21:43 [PATCH] gnu: flex: Update to 2.6.2 David Craven
@ 2016-11-29 23:51 ` Marius Bakke
2016-11-30 0:03 ` Marius Bakke
0 siblings, 1 reply; 6+ messages in thread
From: Marius Bakke @ 2016-11-29 23:51 UTC (permalink / raw)
To: David Craven, guix-devel
[-- Attachment #1: Type: text/plain, Size: 770 bytes --]
David Craven <david@craven.ch> writes:
> * gnu/packages/flex.scm (flex): Update to 2.6.2.
> [native-inputs]: Add help2man.
> [origin]: Update uri to github. Remove CVE-2016-6354 patch.
> * gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file.
> ---
> gnu/packages/flex.scm | 16 ++++++++------
> gnu/packages/patches/flex-CVE-2016-6354.patch | 30 ---------------------------
> 2 files changed, 10 insertions(+), 36 deletions(-)
> delete mode 100644 gnu/packages/patches/flex-CVE-2016-6354.patch
LGTM. Note that [origin] should be [source]. Can you update [home-page]
too? And I think it's okay to remove the 'flex-2.6.1' package (and
update users) in the same commit.
Apparently only ~27 rebuilds, so should be good for 'master'.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] gnu: flex: Update to 2.6.2.
2016-11-29 23:51 ` Marius Bakke
@ 2016-11-30 0:03 ` Marius Bakke
2016-11-30 3:54 ` Leo Famulari
0 siblings, 1 reply; 6+ messages in thread
From: Marius Bakke @ 2016-11-30 0:03 UTC (permalink / raw)
To: David Craven, guix-devel
[-- Attachment #1: Type: text/plain, Size: 323 bytes --]
Marius Bakke <mbakke@fastmail.com> writes:
> Apparently only ~27 rebuilds, so should be good for 'master'.
Hmm, on second thought, there is a 'flex-boot0' package in (gnu packages
commencement) that inherits flex. I don't get a substitute for 'bison'
after applying this, so it should definitely go in 'core-updates' :-)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] gnu: flex: Update to 2.6.2.
2016-11-30 0:03 ` Marius Bakke
@ 2016-11-30 3:54 ` Leo Famulari
2016-11-30 12:18 ` David Craven
0 siblings, 1 reply; 6+ messages in thread
From: Leo Famulari @ 2016-11-30 3:54 UTC (permalink / raw)
To: Marius Bakke; +Cc: guix-devel
[-- Attachment #1: Type: text/plain, Size: 458 bytes --]
On Wed, Nov 30, 2016 at 01:03:56AM +0100, Marius Bakke wrote:
> Marius Bakke <mbakke@fastmail.com> writes:
>
> > Apparently only ~27 rebuilds, so should be good for 'master'.
>
> Hmm, on second thought, there is a 'flex-boot0' package in (gnu packages
> commencement) that inherits flex. I don't get a substitute for 'bison'
> after applying this, so it should definitely go in 'core-updates' :-)
Yes, I think it needs to go in core-updates! :)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] gnu: flex: Update to 2.6.2.
2016-11-30 3:54 ` Leo Famulari
@ 2016-11-30 12:18 ` David Craven
2016-11-30 20:48 ` Leo Famulari
0 siblings, 1 reply; 6+ messages in thread
From: David Craven @ 2016-11-30 12:18 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
flex-2.6.2 introduces breaking changes, I expect a lot of packages
breaking (unless the kde frameworks packages aren't a representative
sample). I think we need to keep flex-2.6.1 for now and change all
broken packages to flex-2.6.1 until they update...
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] gnu: flex: Update to 2.6.2.
2016-11-30 12:18 ` David Craven
@ 2016-11-30 20:48 ` Leo Famulari
0 siblings, 0 replies; 6+ messages in thread
From: Leo Famulari @ 2016-11-30 20:48 UTC (permalink / raw)
To: David Craven; +Cc: guix-devel
On Wed, Nov 30, 2016 at 01:18:38PM +0100, David Craven wrote:
> flex-2.6.2 introduces breaking changes, I expect a lot of packages
> breaking (unless the kde frameworks packages aren't a representative
> sample). I think we need to keep flex-2.6.1 for now and change all
> broken packages to flex-2.6.1 until they update...
How about putting it on core-updates? I don't expect that we'll try
building that for at least 1 month, and I'd hate to forget about this
update.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-11-30 20:48 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-11-29 21:43 [PATCH] gnu: flex: Update to 2.6.2 David Craven
2016-11-29 23:51 ` Marius Bakke
2016-11-30 0:03 ` Marius Bakke
2016-11-30 3:54 ` Leo Famulari
2016-11-30 12:18 ` David Craven
2016-11-30 20:48 ` Leo Famulari
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).