GitList

Browse code

Fixing security bug CVE-2016-6354

Change-Id: I1942d5848d86e9d4ebbd2e3962b865c343db925a
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1517
Reviewed-by: suezzelur <anishs@vmware.com>
Tested-by: suezzelur <anishs@vmware.com>
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1522
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George

Kumar Kaushik authored on 2016/10/14 03:29:43
Showing 2 changed files

SPECS/flex/CVE-2016-6354.patch index 0000000..56d4e3d
SPECS/flex/flex.spec index b3324a4..6e2c0d6 100644

SPECS/flex/CVE-2016-6354.patch

History View file @ 1e2bfff

                     new file mode 100644
@@ -0,0 +1,21 @@
                     +diff -rup flex-2.5.39/flex.skl flex-2.5.39-new/flex.skl
                     +--- flex-2.5.39/flex.skl	2014-03-26 05:46:44.000000000 -0700
                     +@@ -1664,7 +1664,7 @@ int yyFlexLexer::yy_get_next_buffer()
+                    +
                     + 	else
                     + 		{
                     +-			yy_size_t num_to_read =
                     ++			int num_to_read =
                     + 			YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
+                    +
                     + 		while ( num_to_read <= 0 )
                     +@@ -1715,7 +1715,7 @@ m4_ifdef( [[M4_YY_USES_REJECT]],
+                    +
                     + 		/* Read in more data. */
                     + 		YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
                     +-			YY_G(yy_n_chars), num_to_read );
                     ++			YY_G(yy_n_chars), (yy_size_t) num_to_read );
+                    +
                     + 		YY_CURRENT_BUFFER_LVALUE->yy_n_chars = YY_G(yy_n_chars);
                     + 		}

SPECS/flex/flex.spec

History View file @ 1e2bfff

@@ -1,7 +1,7 @@
                      Summary:	A utility for generating programs that recognize patterns in text
                      Name:		flex
                      Version:	2.5.39
                     -Release:	2%{?dist}
                     +Release:	3%{?dist}
                      License:	BSD
                      URL:		http://flex.sourceforge.net
                      Group:		Applications/System
@@ -9,6 +9,7 @@ Vendor:		VMware, Inc.
                      Distribution: 	Photon
                      Source0:	http://prdownloads.sourceforge.net/flex/%{name}-%{version}.tar.xz
                      %define sha1 flex=415e82bb0dc9b1713fc4802a9db2274cd8d2909a
                     +Patch0:         CVE-2016-6354.patch
                      BuildRequires:	m4
                      Requires:	m4
                      %description
@@ -26,6 +27,7 @@ flex.
                      %prep
                      %setup -q
                     +%patch0 -p1
                      sed -i -e '/test-bison/d' tests/Makefile.in
                      %build
                      ./configure \
@@ -66,12 +68,14 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
                      %{_includedir}/*
                      %changelog
                     +*       Thu Oct 13 2016 Kumar Kaushik <kaushikk@vmware.com> 2.5.39-3
                     +-       Fixing Security bug CVE-2016-6354.
                      *	Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 2.5.39-2
                      -	GA - Bump release of all rpms
                      * 	Tue Jan 12 2016 Xiaolin Li <xiaolinl@vmware.com> 2.5.39-1
                      - 	Updated to version 2.5.39
                     -*   Mon Oct 12 2015 Xiaolin Li <xiaolinl@vmware.com> 2.5.38-3
                     --   Moving static lib files to devel package.
                     +*       Mon Oct 12 2015 Xiaolin Li <xiaolinl@vmware.com> 2.5.38-3
                     +-       Moving static lib files to devel package.
                      *	Fri Jun 5 2015 Divya Thaluru <dthaluru@vmware.com> 2.5.38-2
                      -	Adding m4 package to build and run time required package
                      *	Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 2.5.38-1