[01/68] gnu: Add flex-2.6.1.
Commit Message
* gnu/packages/flex.scm (flex-2.6.1): New variable.
---
gnu/packages/flex.scm | 14 ++++++++++++++
1 file changed, 14 insertions(+)
Comments
David Craven <david@craven.ch> writes:
> * gnu/packages/flex.scm (flex-2.6.1): New variable.
This is newer than what we currently have (2.6.0). I know it's late in
the core-updates cycle, but maybe we can squeeze in a flex upgrade?
I haven't tried building the series, but the patches LGTM overall.
On Sat, Oct 29, 2016 at 07:46:53PM +0100, Marius Bakke wrote:
> David Craven <david@craven.ch> writes:
>
> > * gnu/packages/flex.scm (flex-2.6.1): New variable.
>
> This is newer than what we currently have (2.6.0). I know it's late in
> the core-updates cycle, but maybe we can squeeze in a flex upgrade?
It's also not the latest upstream release, which is 2.6.2. Why use this
particular version instead of the latest?
On Sat, Oct 29, 2016 at 07:46:53PM +0100, Marius Bakke wrote:
> David Craven <david@craven.ch> writes:
>
> > * gnu/packages/flex.scm (flex-2.6.1): New variable.
>
> This is newer than what we currently have (2.6.0). I know it's late in
> the core-updates cycle, but maybe we can squeeze in a flex upgrade?
Unfortunately, changing flex will cause ~1500 rebuilds per architecture,
so I think we won't do it unless there is some very serious problem.
Also see commit eba7fab890f43 on core-updates, which fixes a bug
(CVE-2016-6354) that allow DOS and potentially arbitrary code execution
in code generated by flex.
Updating flex to the latest version should happen in the next
core-updates, or possibly in an earlier staging / security-updates
cycle.
On Sat, Oct 29, 2016 at 07:46:53PM +0100, Marius Bakke wrote:
> David Craven <david@craven.ch> writes:
>
> > * gnu/packages/flex.scm (flex-2.6.1): New variable.
>
> This is newer than what we currently have (2.6.0). I know it's late in
> the core-updates cycle, but maybe we can squeeze in a flex upgrade?
I saw this explanatory message on #guix:
https://gnunet.org/bot/log/guix/2016-10-29#T1187445
Please add some detail in a code comment so we know why it's required :)
@@ -78,3 +78,17 @@ regular expressions for each rule. Whenever it finds a match, it
executes the corresponding C code.")
(license (non-copyleft "file://COPYING"
"See COPYING in the distribution."))))
+
+(define-public flex-2.6.1
+ (package
+ (inherit flex)
+ (version "2.6.1")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://github.com/westes/flex"
+ "/releases/download/v" version "/"
+ "flex-" version ".tar.gz"))
+ (sha256
+ (base32
+ "0fy14c35yz2m1n1m4f02by3501fn0cca37zn7jp8lpp4b3kgjhrw"))))))