From 83dcfa72d4d7aadf7c772607a97f6501de106dca Mon Sep 17 00:00:00 2001 From: David Craven Date: Sat, 29 Oct 2016 16:48:43 +0200 Subject: gnu: flex: Update to 2.6.2. * gnu/packages/flex.scm (flex): Update to 2.6.2. [native-inputs]: Add help2man. [origin]: Update uri to github. Remove CVE-2016-6354 patch. (flex-2.6.1): Remove variable. * gnu/packages/patches/flex-CVE-2016-6354.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Update. * gnu/packages/kde-frameworks.scm (solid, kservice)[native-inputs]: Use flex. --- gnu/packages/flex.scm | 61 +++++++++++---------------- gnu/packages/kde-frameworks.scm | 12 +----- gnu/packages/patches/flex-CVE-2016-6354.patch | 30 ------------- 3 files changed, 26 insertions(+), 77 deletions(-) delete mode 100644 gnu/packages/patches/flex-CVE-2016-6354.patch (limited to 'gnu/packages') diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index c1f74d65ad..d9abbfa4e2 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -24,6 +24,7 @@ #:use-module (guix build-system gnu) #:use-module (gnu packages) #:use-module (gnu packages m4) + #:use-module (gnu packages man) #:use-module (gnu packages bison) #:use-module (gnu packages indent) #:use-module (srfi srfi-1)) @@ -31,29 +32,32 @@ (define-public flex (package (name "flex") - (version "2.6.0") + (version "2.6.2") (source (origin - (method url-fetch) - (uri (string-append "mirror://sourceforge/flex/flex-" - version ".tar.bz2")) - (patches (search-patches "flex-CVE-2016-6354.patch")) - (sha256 - (base32 - "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4")))) + (method url-fetch) + (uri (string-append + "https://github.com/westes/flex" + "/releases/download/v" version "/" + "flex-" version ".tar.gz")) + (sha256 + (base32 + "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs")))) (build-system gnu-build-system) (inputs (let ((bison-for-tests ;; Work around an incompatibility with Bison 3.0: ;; . - (package (inherit bison) + (package + (inherit bison) (version "2.7.1") (source (origin - (method url-fetch) - (uri (string-append "mirror://gnu/bison/bison-" - version ".tar.xz")) - (sha256 - (base32 - "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl")))) + (method url-fetch) + (uri (string-append + "mirror://gnu/bison/" + "bison-" version ".tar.xz")) + (sha256 + (base32 + "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl")))) ;; Unlike Bison 3.0, this version did not need Flex for its ;; tests, so it allows us to break the cycle. @@ -61,9 +65,11 @@ `(("bison" ,bison-for-tests) ("indent" ,indent)))) ;; m4 is not present in PATH when cross-building - (native-inputs `(("m4" ,m4))) + (native-inputs + `(("help2man" ,help2man) + ("m4" ,m4))) (propagated-inputs `(("m4" ,m4))) - (home-page "http://flex.sourceforge.net/") + (home-page "https://github.com/westes/flex") (synopsis "Fast lexical analyser generator") (description "Flex is a tool for generating scanners. A scanner, sometimes @@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the regular expressions for each rule. Whenever it finds a match, it executes the corresponding C code.") (license (non-copyleft "file://COPYING" - "See COPYING in the distribution.")))) - -(define-public flex-2.6.1 - ;; The kservice and solid packages use flex. extra-cmake-modules - ;; forces C89 for all C files for compatibility with windows. - ;; Flex 2.6.0 generates a lexer containing a single line comment. Single - ;; line comments are part of the C99 standard, so the lexer won't compile - ;; if C89 is used. - (package - (inherit flex) - (version "2.6.1") - (source (origin - (method url-fetch) - (uri (string-append - "https://github.com/westes/flex" - "/releases/download/v" version "/" - "flex-" version ".tar.gz")) - (sha256 - (base32 - "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw")))))) + "See COPYING in the distribution.")))) diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm index 9df37ac38d..d285faecb1 100644 --- a/gnu/packages/kde-frameworks.scm +++ b/gnu/packages/kde-frameworks.scm @@ -1049,11 +1049,7 @@ which are used in DBus communication.") (native-inputs `(("bison" ,bison) ("extra-cmake-modules" ,extra-cmake-modules) - ;; extra-cmake-modules forces C89 for all C files for compatibility with - ;; Windows. Flex 2.6.0 generates a lexer containing a single line - ;; comment. Single line comments are part of the C99 standard, so the - ;; lexer won't compile if C89 is used. - ("flex" ,flex-2.6.1) + ("flex" ,flex) ("qttools" ,qttools))) (inputs `(("qtbase" ,qtbase) @@ -2456,11 +2452,7 @@ typed.") (native-inputs `(("bison" ,bison) ("extra-cmake-modules" ,extra-cmake-modules) - ;; extra-cmake-modules forces C89 for all C files for compatibility with - ;; Windows. Flex 2.6.0 generates a lexer containing a single line - ;; comment. Single line comments are part of the C99 standard, so the - ;; lexer won't compile if C89 is used. - ("flex" ,flex-2.6.1))) + ("flex" ,flex))) (inputs `(("kcrash" ,kcrash) ("kdbusaddons" ,kdbusaddons) diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch deleted file mode 100644 index 1f3cb028d4..0000000000 --- a/gnu/packages/patches/flex-CVE-2016-6354.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer). - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354 -https://security-tracker.debian.org/tracker/CVE-2016-6354 - -Patch copied from upstream source repository: -https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 - -From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 -From: Will Estes -Date: Sat, 27 Feb 2016 11:56:05 -0500 -Subject: [PATCH] Fixed incorrect integer type - ---- - src/flex.skl | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/flex.skl b/src/flex.skl -index 36a526a..64f853d 100644 ---- a/src/flex.skl -+++ b/src/flex.skl -@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer() - - else - { -- yy_size_t num_to_read = -+ int num_to_read = - YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; - - while ( num_to_read <= 0 ) -- cgit v1.2.3