summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/flex.scm61
-rw-r--r--gnu/packages/kde-frameworks.scm12
-rw-r--r--gnu/packages/patches/flex-CVE-2016-6354.patch30
4 files changed, 26 insertions, 78 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index ac21c9e078..fdd5e3c81e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -536,7 +536,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/fasthenry-spFactor.patch			\
   %D%/packages/patches/findutils-localstatedir.patch		\
   %D%/packages/patches/findutils-test-xargs.patch		\
-  %D%/packages/patches/flex-CVE-2016-6354.patch			\
   %D%/packages/patches/flint-ldconfig.patch			\
   %D%/packages/patches/fltk-shared-lib-defines.patch		\
   %D%/packages/patches/fltk-xfont-on-demand.patch		\
diff --git a/gnu/packages/flex.scm b/gnu/packages/flex.scm
index c1f74d65ad..d9abbfa4e2 100644
--- a/gnu/packages/flex.scm
+++ b/gnu/packages/flex.scm
@@ -24,6 +24,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages m4)
+  #:use-module (gnu packages man)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages indent)
   #:use-module (srfi srfi-1))
@@ -31,29 +32,32 @@
 (define-public flex
   (package
     (name "flex")
-    (version "2.6.0")
+    (version "2.6.2")
     (source (origin
-             (method url-fetch)
-             (uri (string-append "mirror://sourceforge/flex/flex-"
-                                 version ".tar.bz2"))
-             (patches (search-patches "flex-CVE-2016-6354.patch"))
-             (sha256
-              (base32
-               "1sdqx63yadindzafrq1w31ajblf9gl1c301g068s20s7bbpi3ri4"))))
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/westes/flex"
+                    "/releases/download/v" version "/"
+                    "flex-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1jdjghh1qjq3z7snphshcak6p07gch2n4215vjvrkism25x460cs"))))
     (build-system gnu-build-system)
     (inputs
      (let ((bison-for-tests
             ;; Work around an incompatibility with Bison 3.0:
             ;; <http://lists.gnu.org/archive/html/bug-bison/2013-09/msg00014.html>.
-            (package (inherit bison)
+            (package
+              (inherit bison)
               (version "2.7.1")
               (source (origin
-                       (method url-fetch)
-                       (uri (string-append "mirror://gnu/bison/bison-"
-                                           version ".tar.xz"))
-                       (sha256
-                        (base32
-                         "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
+                        (method url-fetch)
+                        (uri (string-append
+                              "mirror://gnu/bison/"
+                              "bison-" version ".tar.xz"))
+                        (sha256
+                         (base32
+                          "1yx7isx67sdmyijvihgyra1f59fwdz7sqriginvavfj5yb5ss2dl"))))
 
               ;; Unlike Bison 3.0, this version did not need Flex for its
               ;; tests, so it allows us to break the cycle.
@@ -61,9 +65,11 @@
        `(("bison" ,bison-for-tests)
          ("indent" ,indent))))
     ;; m4 is not present in PATH when cross-building
-    (native-inputs `(("m4" ,m4)))
+    (native-inputs
+     `(("help2man" ,help2man)
+       ("m4" ,m4)))
     (propagated-inputs `(("m4" ,m4)))
-    (home-page "http://flex.sourceforge.net/")
+    (home-page "https://github.com/westes/flex")
     (synopsis "Fast lexical analyser generator")
     (description
      "Flex is a tool for generating scanners.  A scanner, sometimes
@@ -78,23 +84,4 @@ is run, it analyzes its input for occurrences of text matching the
 regular expressions for each rule.  Whenever it finds a match, it
 executes the corresponding C code.")
     (license (non-copyleft "file://COPYING"
-                        "See COPYING in the distribution."))))
-
-(define-public flex-2.6.1
-  ;; The kservice and solid packages use flex.  extra-cmake-modules
-  ;; forces C89 for all C files for compatibility with windows.
-  ;; Flex 2.6.0 generates a lexer containing a single line comment.  Single
-  ;; line comments are part of the C99 standard, so the lexer won't compile
-  ;; if C89 is used.
-  (package
-    (inherit flex)
-    (version "2.6.1")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                    "https://github.com/westes/flex"
-                    "/releases/download/v" version "/"
-                    "flex-" version ".tar.gz"))
-              (sha256
-               (base32
-                "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))
+                           "See COPYING in the distribution."))))
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 9df37ac38d..d285faecb1 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -1049,11 +1049,7 @@ which are used in DBus communication.")
     (native-inputs
      `(("bison" ,bison)
        ("extra-cmake-modules" ,extra-cmake-modules)
-       ;; extra-cmake-modules forces C89 for all C files for compatibility with
-       ;; Windows.  Flex 2.6.0 generates a lexer containing a single line
-       ;; comment.  Single line comments are part of the C99 standard, so the
-       ;; lexer won't compile if C89 is used.
-       ("flex" ,flex-2.6.1)
+       ("flex" ,flex)
        ("qttools" ,qttools)))
     (inputs
      `(("qtbase" ,qtbase)
@@ -2456,11 +2452,7 @@ typed.")
     (native-inputs
      `(("bison" ,bison)
        ("extra-cmake-modules" ,extra-cmake-modules)
-       ;; extra-cmake-modules forces C89 for all C files for compatibility with
-       ;; Windows.  Flex 2.6.0 generates a lexer containing a single line
-       ;; comment.  Single line comments are part of the C99 standard, so the
-       ;; lexer won't compile if C89 is used.
-       ("flex" ,flex-2.6.1)))
+       ("flex" ,flex)))
     (inputs
      `(("kcrash" ,kcrash)
        ("kdbusaddons" ,kdbusaddons)
diff --git a/gnu/packages/patches/flex-CVE-2016-6354.patch b/gnu/packages/patches/flex-CVE-2016-6354.patch
deleted file mode 100644
index 1f3cb028d4..0000000000
--- a/gnu/packages/patches/flex-CVE-2016-6354.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Fix CVE-2016-6354 (Buffer overflow in generated code (yy_get_next_buffer).
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6354
-https://security-tracker.debian.org/tracker/CVE-2016-6354
-
-Patch copied from upstream source repository:
-https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466
-
-From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001
-From: Will Estes <westes575@gmail.com>
-Date: Sat, 27 Feb 2016 11:56:05 -0500
-Subject: [PATCH] Fixed incorrect integer type
-
----
- src/flex.skl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/flex.skl b/src/flex.skl
-index 36a526a..64f853d 100644
---- a/src/flex.skl
-+++ b/src/flex.skl
-@@ -1703,7 +1703,7 @@ int yyFlexLexer::yy_get_next_buffer()
- 
- 	else
- 		{
--			yy_size_t num_to_read =
-+			int num_to_read =
- 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
- 
- 		while ( num_to_read <= 0 )