120d1241d8
https://security-tracker.debian.org/tracker/CVE-2019-6293 https://github.com/NixOS/nixpkgs/issues/55386#issuecomment-683792976 "But this bug does not cause stack overflows in the generated code. The function and file referred to in the bug (mark_beginning_as_normal in nfa.c) are part of the flex code generator, not part of the generated code. If flex crashes before generating any code, that can hardly be a vulnerability. If flex does not crash, the generated code is fine (or perhaps subject to other unreported bugs, who knows, but the NFA has been generated correctly)." Upstream has chosen to not provide a fix https://github.com/westes/flex/issues/414 Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> [yann.morin.1998@free.fr: use actual upstream URL] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
36 lines
1.2 KiB
Makefile
36 lines
1.2 KiB
Makefile
################################################################################
|
|
#
|
|
# flex
|
|
#
|
|
################################################################################
|
|
|
|
FLEX_VERSION = 2.6.4
|
|
FLEX_SITE = https://github.com/westes/flex/files/981163
|
|
FLEX_INSTALL_STAGING = YES
|
|
FLEX_LICENSE = FLEX
|
|
FLEX_LICENSE_FILES = COPYING
|
|
FLEX_CPE_ID_VENDOR = flex_project
|
|
# bug does not cause stack overflows in the generated code and has been
|
|
# noted upstream as a bug in the code generator
|
|
FLEX_IGNORE_CVES = CVE-2019-6293
|
|
FLEX_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-m4
|
|
HOST_FLEX_DEPENDENCIES = host-m4
|
|
|
|
# 0001-build-AC_USE_SYSTEM_EXTENSIONS-in-configure.ac.patch
|
|
# 0002-build-make-it-possible-to-disable-the-build-of-the-f.patch
|
|
# 0003-build-make-it-possible-to-disable-the-build-of-the-d.patch
|
|
FLEX_AUTORECONF = YES
|
|
FLEX_GETTEXTIZE = YES
|
|
FLEX_CONF_ENV = ac_cv_path_M4=/usr/bin/m4 \
|
|
ac_cv_func_reallocarray=no
|
|
|
|
# Don't enable programs, they are not needed on the target, and
|
|
# require MMU support.
|
|
# Don't enable the doc, it's not needed on the target and requires
|
|
# special tools (help2man) to build.
|
|
FLEX_CONF_OPTS += --disable-program --disable-doc
|
|
HOST_FLEX_CONF_OPTS = --disable-doc
|
|
|
|
$(eval $(autotools-package))
|
|
$(eval $(host-autotools-package))
|