nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gnu: flex: Update to 2.6.2. 

* gnu/packages/flex.scm (flex): Update to 2.6.2.
  [native-inputs]: Add help2man.
  [origin]: Update uri to github. Remove CVE-2016-6354 patch.
  (flex-2.6.1): Remove variable.
* gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Update.
* gnu/packages/kde-frameworks.scm (solid, kservice)[native-inputs]: Use
  flex.
This commit is contained in:
David Craven 2016-10-29 16:48:43 +02:00
parent 7d07e2a527
commit 83dcfa72d4
No known key found for this signature in database
GPG Key ID: C5E051C79C0BECDB
4 changed files with 26 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -536,7 +536,6 @@ dist_patch_DATA = \
%D%/packages/patches/fasthenry-spFactor.patch \ %D%/packages/patches/fasthenry-spFactor.patch \
%D%/packages/patches/findutils-localstatedir.patch \ %D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \ %D%/packages/patches/findutils-test-xargs.patch \
%D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \ %D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \ %D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \ %D%/packages/patches/fltk-xfont-on-demand.patch \

61
gnu/packages/flex.scm
View File

@ -24,6 +24,7 @@
#:use-module (guix build-system gnu) #:use-module (guix build-system gnu)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages m4) #:use-module (gnu packages m4)
#:use-module (gnu packages man)
#:use-module (gnu packages bison) #:use-module (gnu packages bison)
#:use-module (gnu packages indent) #:use-module (gnu packages indent)
#:use-module (srfi srfi-1)) #:use-module (srfi srfi-1))
@ -31,29 +32,32 @@
(define-public flex (define-public flex
(package (package
(name "flex") (name "flex")
(version "2.6.0") (version "2.6.2")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://sourceforge/flex/flex-" (uri (string-append
version ".tar.bz2")) "https://github.com/westes/flex"
(patches (search-patches "flex-CVE-2016-6354.patch")) "/releases/download/v" version "/"
(sha256 "flex-" version ".tar.gz"))
(base32 (sha256
"1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4")))) (base32
"1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(inputs (inputs
(let ((bison-for-tests (let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0: ;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>. ;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
(package (inherit bison) (package
(inherit bison)
(version "2.7.1") (version "2.7.1")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://gnu/bison/bison-" (uri (string-append
version ".tar.xz")) "mirror://gnu/bison/"
(sha256 "bison-" version ".tar.xz"))
(base32 (sha256
"1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl")))) (base32
"1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its ;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle. ;; tests, so it allows us to break the cycle.
@ -61,9 +65,11 @@
`(("bison" ,bison-for-tests) `(("bison" ,bison-for-tests)
("indent" ,indent)))) ("indent" ,indent))))
;; m4 is not present in PATH when cross-building ;; m4 is not present in PATH when cross-building
(native-inputs `(("m4" ,m4))) (native-inputs
`(("help2man" ,help2man)
("m4" ,m4)))
(propagated-inputs `(("m4" ,m4))) (propagated-inputs `(("m4" ,m4)))
(home-page "http://flex.sourceforge.net/") (home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator") (synopsis "Fast lexical analyser generator")
(description (description
"Flex is a tool for generating scanners. A scanner, sometimes "Flex is a tool for generating scanners. A scanner, sometimes
@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.") executes the corresponding C code.")
(license (non-copyleft "file://COPYING" (license (non-copyleft "file://COPYING"
"See COPYING in the distribution.")))) "See COPYING in the distribution."))))
(define-public flex-2.6.1
;; The kservice and solid packages use flex. extra-cmake-modules
;; forces C89 for all C files for compatibility with windows.
;; Flex 2.6.0 generates a lexer containing a single line comment. Single
;; line comments are part of the C99 standard, so the lexer won't compile
;; if C89 is used.
(package
(inherit flex)
(version "2.6.1")
(source (origin
(method url-fetch)
(uri (string-append
"https://github.com/westes/flex"
"/releases/download/v" version "/"
"flex-" version ".tar.gz"))
(sha256
(base32
"0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))

12
gnu/packages/kde-frameworks.scm
View File

@ -1049,11 +1049,7 @@ which are used in DBus communication.")
(native-inputs (native-inputs
`(("bison" ,bison) `(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules) ("extra-cmake-modules" ,extra-cmake-modules)
;; extra-cmake-modules forces C89 for all C files for compatibility with ("flex" ,flex)
;; Windows. Flex 2.6.0 generates a lexer containing a single line
;; comment. Single line comments are part of the C99 standard, so the
;; lexer won't compile if C89 is used.
("flex" ,flex-2.6.1)
("qttools" ,qttools))) ("qttools" ,qttools)))
(inputs (inputs
`(("qtbase" ,qtbase) `(("qtbase" ,qtbase)
@ -2456,11 +2452,7 @@ typed.")
(native-inputs (native-inputs
`(("bison" ,bison) `(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules) ("extra-cmake-modules" ,extra-cmake-modules)
;; extra-cmake-modules forces C89 for all C files for compatibility with ("flex" ,flex)))
;; Windows. Flex 2.6.0 generates a lexer containing a single line
;; comment. Single line comments are part of the C99 standard, so the
;; lexer won't compile if C89 is used.
("flex" ,flex-2.6.1)))
(inputs (inputs
`(("kcrash" ,kcrash) `(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons) ("kdbusaddons" ,kdbusaddons)

30
gnu/packages/patches/flex-CVE-2016-6354.patch
View File

@ -1,30 +0,0 @@
Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
https://security-tracker.debian.org/tracker/CVE-2016-6354
Patch copied from upstream source repository:
https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
From: Will Estes <westes575@gmail.com>
Date: Sat, 27 Feb 2016 11:56:05 -0500
Subject: [PATCH] Fixed incorrect integer type
---
src/flex.skl | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/flex.skl b/src/flex.skl
index 36a526a..64f853d 100644
--- a/src/flex.skl
+++ b/src/flex.skl
@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
else
{
- yy_size_t num_to_read =
+ int num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )