M gnu/local.mk => gnu/local.mk +0 -1
@@ 536,7 536,6 @@ dist_patch_DATA = \
%D%/packages/patches/fasthenry-spFactor.patch \
%D%/packages/patches/findutils-localstatedir.patch \
%D%/packages/patches/findutils-test-xargs.patch \
- %D%/packages/patches/flex-CVE-2016-6354.patch \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/fltk-shared-lib-defines.patch \
%D%/packages/patches/fltk-xfont-on-demand.patch \
M gnu/packages/flex.scm => gnu/packages/flex.scm +24 -37
@@ 24,6 24,7 @@
#:use-module (guix build-system gnu)
#:use-module (gnu packages)
#:use-module (gnu packages m4)
+ #:use-module (gnu packages man)
#:use-module (gnu packages bison)
#:use-module (gnu packages indent)
#:use-module (srfi srfi-1))
@@ 31,29 32,32 @@
(define-public flex
(package
(name "flex")
- (version "2.6.0")
+ (version "2.6.2")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://sourceforge/flex/flex-"
- version ".tar.bz2"))
- (patches (search-patches "flex-CVE-2016-6354.patch"))
- (sha256
- (base32
- "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
+ (sha256
+ (base32
+ "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
(build-system gnu-build-system)
(inputs
(let ((bison-for-tests
;; Work around an incompatibility with Bison 3.0:
;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
- (package (inherit bison)
+ (package
+ (inherit bison)
(version "2.7.1")
(source (origin
- (method url-fetch)
- (uri (string-append "mirror://gnu/bison/bison-"
- version ".tar.xz"))
- (sha256
- (base32
- "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
+ (method url-fetch)
+ (uri (string-append
+ "mirror://gnu/bison/"
+ "bison-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
;; Unlike Bison 3.0, this version did not need Flex for its
;; tests, so it allows us to break the cycle.
@@ 61,9 65,11 @@
`(("bison" ,bison-for-tests)
("indent" ,indent))))
;; m4 is not present in PATH when cross-building
- (native-inputs `(("m4" ,m4)))
+ (native-inputs
+ `(("help2man" ,help2man)
+ ("m4" ,m4)))
(propagated-inputs `(("m4" ,m4)))
- (home-page "http://flex.sourceforge.net/")
+ (home-page "https://github.com/westes/flex")
(synopsis "Fast lexical analyser generator")
(description
"Flex is a tool for generating scanners. A scanner, sometimes
@@ 78,23 84,4 @@ is run, it analyzes its input for occurrences of text matching the
regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
- "See COPYING in the distribution."))))
-
-(define-public flex-2.6.1
- ;; The kservice and solid packages use flex. extra-cmake-modules
- ;; forces C89 for all C files for compatibility with windows.
- ;; Flex 2.6.0 generates a lexer containing a single line comment. Single
- ;; line comments are part of the C99 standard, so the lexer won't compile
- ;; if C89 is used.
- (package
- (inherit flex)
- (version "2.6.1")
- (source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/westes/flex"
- "/releases/download/v" version "/"
- "flex-" version ".tar.gz"))
- (sha256
- (base32
- "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
+ "See COPYING in the distribution."))))
M gnu/packages/kde-frameworks.scm => gnu/packages/kde-frameworks.scm +2 -10
@@ 1049,11 1049,7 @@ which are used in DBus communication.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)
+ ("flex" ,flex)
("qttools" ,qttools)))
(inputs
`(("qtbase" ,qtbase)
@@ 2456,11 2452,7 @@ typed.")
(native-inputs
`(("bison" ,bison)
("extra-cmake-modules" ,extra-cmake-modules)
- ;; extra-cmake-modules forces C89 for all C files for compatibility with
- ;; Windows. Flex 2.6.0 generates a lexer containing a single line
- ;; comment. Single line comments are part of the C99 standard, so the
- ;; lexer won't compile if C89 is used.
- ("flex" ,flex-2.6.1)))
+ ("flex" ,flex)))
(inputs
`(("kcrash" ,kcrash)
("kdbusaddons" ,kdbusaddons)
D gnu/packages/patches/flex-CVE-2016-6354.patch => gnu/packages/patches/flex-CVE-2016-6354.patch +0 -30
@@ 1,30 0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
-
- else
- {
-- yy_size_t num_to_read =
-+ int num_to_read =
- YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
-
- while ( num_to_read <= 0 )