From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Craven Subject: [PATCH] gnu: flex: Update to 2.6.2. Date: Tue, 29 Nov 2016 22:43:40 +0100 Message-ID: <20161129214340.20725-1-david@craven.ch> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:54642) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cBqBx-00015n-S9 for guix-devel@gnu.org; Tue, 29 Nov 2016 16:43:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cBqBu-0000r6-KB for guix-devel@gnu.org; Tue, 29 Nov 2016 16:43:57 -0500 Received: from so254-10.mailgun.net ([198.61.254.10]:63125) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cBqBu-0000qs-EZ for guix-devel@gnu.org; Tue, 29 Nov 2016 16:43:54 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org * gnu/packages/flex.scm (flex): Update to 2.6.2. [native-inputs]: Add help2man. [origin]: Update uri to github. Remove CVE-2016-6354 patch. * gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file. --- gnu/packages/flex.scm | 16 ++++++++------ gnu/packages/patches/flex-CVE-2016-6354.patch | 30 --------------------------- 2 files changed, 10 insertions(+), 36 deletions(-) delete mode 100644 gnu/packages/patches/flex-CVE-2016-6354.patch diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index c1f74d6..98eb88d 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -24,6 +24,7 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages m4) + #:use-module (gnu packages man) #:use-module (gnu packages bison) #:use-module (gnu packages indent) #:use-module (srfi srfi-1)) @@ -31,15 +32,16 @@ (define-public flex (package (name "flex") - (version "2.6.0") + (version "2.6.2") (source (origin (method url-fetch) - (uri (string-append "mirror://sourceforge/flex/flex-" - version ".tar.bz2")) - (patches (search-patches "flex-CVE-2016-6354.patch")) + (uri (string-append + "https://github.com/westes/flex" + "/releases/download/v" version "/" + "flex-" version ".tar.gz")) (sha256 (base32 - "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4")))) + "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs")))) (build-system gnu-build-system) (inputs (let ((bison-for-tests @@ -61,7 +63,9 @@ `(("bison" ,bison-for-tests) ("indent" ,indent)))) ;; m4 is not present in PATH when cross-building - (native-inputs `(("m4" ,m4))) + (native-inputs + `(("help2man" ,help2man) + ("m4" ,m4))) (propagated-inputs `(("m4" ,m4))) (home-page "http://flex.sourceforge.net/") (synopsis "Fast lexical analyser generator") diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb02..0000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) -- 2.9.0