From aac67f210df820e84cdd380dc061e417ebd2154e Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 7 Mar 2017 22:37:58 -0500 Subject: gnu: Add flex-2.6.1. * gnu/packages/flex.scm (flex-2.6.1): New variable. --- gnu/packages/flex.scm | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'gnu/packages') diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm index 2d31660f3e..1470b967da 100644 --- a/gnu/packages/flex.scm +++ b/gnu/packages/flex.scm @@ -85,3 +85,20 @@ (define-public flex executes the corresponding C code.") (license (non-copyleft "file://COPYING" "See COPYING in the distribution.")))) + +;;; Many packages fail to build with flex > 2.6.1, due to this bug in flex: +;;; +;;; We must not use a flex before 2.6.1, due to CVE-2016-6354. +;;; TODO Try using flex > 2.6.3. +(define-public flex-2.6.1 + (package + (inherit flex) + (version "2.6.1") + (source (origin + (method url-fetch) + (uri (string-append "https://github.com/westes/flex" + "/releases/download/v" version "/" + "flex-" version ".tar.xz")) + (sha256 + (base32 + "0gqhk4vkwy4gl9xbpgkljph8c0a5kpijz6wd0p5r9q202qn42yic")))))) -- cgit v1.2.3