diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-10-14 11:59:06 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-10-14 12:05:12 +0000 |
| commit | f63b96be2fe0f6fc14f13f208218a2b78c7d91ff (patch) | |
| tree | a01b6992ee96b702d5bb055a71b4480342495eec | |
| parent | 0b9606c74e0669bf33b6218fa17b9c1e765eb79a (diff) | |
| download | aports-f63b96be2fe0f6fc14f13f208218a2b78c7d91ff.tar.bz2 aports-f63b96be2fe0f6fc14f13f208218a2b78c7d91ff.tar.xz | |
main/flex: security fix (CVE-2016-6354). Fixes #6091
(cherry picked from commit fdfea2e5175624e5e5de51a3a34b1de9666fd3e7)
| -rw-r--r-- | main/flex/APKBUILD | 24 | ||||
| -rw-r--r-- | main/flex/CVE-2016-6354.patch | 42 |
2 files changed, 61 insertions, 5 deletions
diff --git a/main/flex/APKBUILD b/main/flex/APKBUILD index 6da91a6d17..3a0214e815 100644 --- a/main/flex/APKBUILD +++ b/main/flex/APKBUILD @@ -1,18 +1,29 @@ # Maintainer: Natanael Copa <ncop@alpinelinux.org> pkgname=flex pkgver=2.5.39 -pkgrel=0 +pkgrel=1 pkgdesc="A tool for generating text-scanning programs" url="http://flex.sourceforge.net" arch="all" license="BSD and LGPLv2+" depends='m4' makedepends=m4 -source="http://downloads.sourceforge.net/sourceforge/flex/flex-$pkgver.tar.bz2" subpackages="$pkgname-doc $pkgname-libs $pkgname-dev" +source="http://downloads.sourceforge.net/sourceforge/flex/flex-$pkgver.tar.bz2 + CVE-2016-6354.patch + " + +# secfixes: +# 2.5.39-r1: +# - CVE-2016-6354 prepare() { cd "$srcdir/$pkgname-$pkgver" + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done update_config_sub || return 1 } @@ -37,6 +48,9 @@ package() { rm "$pkgdir"/usr/lib/*.la || return 1 } -md5sums="77d44c6bb8c0705e0017ab9a84a1502b flex-2.5.39.tar.bz2" -sha256sums="add2b55f3bc38cb512b48fad7d72f43b11ef244487ff25fc00aabec1e32b617f flex-2.5.39.tar.bz2" -sha512sums="8b1b86b81e7d231c746887c0c24fd1004f3f7598af4e41408667f609918a9994721b61d666a1e184822409de329323b829193a4a8dcdf12ce9313d0fe37cbbc1 flex-2.5.39.tar.bz2" +md5sums="77d44c6bb8c0705e0017ab9a84a1502b flex-2.5.39.tar.bz2 +2a8840f6ffe84023b86784877c2c174e CVE-2016-6354.patch" +sha256sums="add2b55f3bc38cb512b48fad7d72f43b11ef244487ff25fc00aabec1e32b617f flex-2.5.39.tar.bz2 +aac826ed26c13f3fb940034314b17af8a2612419acda3d60392a6260aaeb39eb CVE-2016-6354.patch" +sha512sums="8b1b86b81e7d231c746887c0c24fd1004f3f7598af4e41408667f609918a9994721b61d666a1e184822409de329323b829193a4a8dcdf12ce9313d0fe37cbbc1 flex-2.5.39.tar.bz2 +6344a914660b9ea349c3d6dd4992e23f8c671782b6b9c6ee699fa0ef6b4748ce7904fe41a8c6fcb648becdad91937da37a1ef60ec47c9bd21dcaf842ea66fb40 CVE-2016-6354.patch" diff --git a/main/flex/CVE-2016-6354.patch b/main/flex/CVE-2016-6354.patch new file mode 100644 index 0000000000..346fd3d45c --- /dev/null +++ b/main/flex/CVE-2016-6354.patch @@ -0,0 +1,42 @@ +From a5cbe929ac3255d371e698f62dc256afe7006466 Mon Sep 17 00:00:00 2001 +From: Will Estes <westes575@gmail.com> +Date: Sat, 27 Feb 2016 11:56:05 -0500 +Subject: [PATCH] Fixed incorrect integer type + +--- + flex.skl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/flex.skl ++++ b/flex.skl +@@ -1677,7 +1677,7 @@ int yyFlexLexer::yy_get_next_buffer() + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) +--- a/scan.c ++++ b/scan.c +@@ -4325,7 +4325,7 @@ static int yy_get_next_buffer (void) + + else + { +- yy_size_t num_to_read = ++ int num_to_read = + YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; + + while ( num_to_read <= 0 ) +--- a/skel.c ++++ b/skel.c +@@ -1888,7 +1888,7 @@ const char *skel[] = { + "", + " else", + " {", +- " yy_size_t num_to_read =", ++ " int num_to_read =", + " YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;", + "", + " while ( num_to_read <= 0 )", |