head 1.5; access; symbols pkgsrc-2014Q3:1.3.0.52 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.50 pkgsrc-2014Q2-base:1.3 pkgsrc-2014Q1:1.3.0.48 pkgsrc-2014Q1-base:1.3 pkgsrc-2013Q4:1.3.0.46 pkgsrc-2013Q4-base:1.3 pkgsrc-2013Q3:1.3.0.44 pkgsrc-2013Q3-base:1.3 pkgsrc-2013Q2:1.3.0.42 pkgsrc-2013Q2-base:1.3 pkgsrc-2013Q1:1.3.0.40 pkgsrc-2013Q1-base:1.3 pkgsrc-2012Q4:1.3.0.38 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.36 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.34 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.32 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.30 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.28 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.26 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.24 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q4:1.3.0.22 pkgsrc-2010Q4-base:1.3 pkgsrc-2010Q3:1.3.0.20 pkgsrc-2010Q3-base:1.3 pkgsrc-2010Q2:1.3.0.18 pkgsrc-2010Q2-base:1.3 pkgsrc-2010Q1:1.3.0.16 pkgsrc-2010Q1-base:1.3 pkgsrc-2009Q4:1.3.0.14 pkgsrc-2009Q4-base:1.3 pkgsrc-2009Q3:1.3.0.12 pkgsrc-2009Q3-base:1.3 pkgsrc-2009Q2:1.3.0.10 pkgsrc-2009Q2-base:1.3 pkgsrc-2009Q1:1.3.0.8 pkgsrc-2009Q1-base:1.3 pkgsrc-2008Q4:1.3.0.6 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.4 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.2 cube-native-xorg-base:1.3 pkgsrc-base:1.1.1.1 TNF:1.1.1 pkgsrc-2008Q2:1.2.0.14 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.12 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.10 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.8 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.6 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.4 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.2 pkgsrc-2006Q4-base:1.2; locks; strict; comment @# @; 1.5 date 2014.12.15.06.04.13; author mef; state dead; branches; next 1.4; commitid NEBj0m0EXAXle62y; 1.4 date 2014.12.15.05.52.01; author mef; state Exp; branches; next 1.3; commitid soJBhP6cC06lb62y; 1.3 date 2008.07.24.17.13.00; author tonnerre; state Exp; branches; next 1.2; 1.2 date 2006.12.09.02.27.47; author markd; state dead; branches 1.2.14.1; next 1.1; 1.1 date 2006.12.09.02.16.03; author markd; state Exp; branches 1.1.1.1; next ; 1.2.14.1 date 2008.07.25.09.29.04; author rtr; state Exp; branches; next ; 1.1.1.1 date 2008.07.24.17.02.26; author tonnerre; state Exp; branches; next ; desc @@ 1.5 log @(pkgsrc) - Remove patch-aa, no file found, no similar lines found. - Add LICENSE= public-domain, following line is found in README Berkeley Yacc is in the public domain. (upstream) - Update from 20050813 to 20141128 - CHANGLOG found but too huge to quote here. @ text @$NetBSD: patch-aa,v 1.4 2014/12/15 05:52:01 mef Exp $ (from cvs log) date: 2008-07-25 02:13:00 +0900; author: tonnerre; state: Exp; lines: +23 -14; Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196). --- skeleton.c.orig 2005-05-05 01:39:36.000000000 +0200 +++ skeleton.c @@@@ -87,6 +87,7 @@@@ char *header[] = "short *yyssp;", "YYSTYPE *yyvsp;", "YYSTYPE yyval;", + "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */ "YYSTYPE yylval;", "", "/* variables for the parser stack */", @@@@ -275,7 +275,10 @@@@ char *body[] = " YYPREFIX, yystate, yyn, yyrule[yyn]);", "#endif", " yym = yylen[yyn];", - " yyval = yyvsp[1-yym];", + " if (yym)", + " yyval = yyvsp[1-yym];", + " else", + " yyval = yyvalzero;", " switch (yyn)", " {", 0 @ 1.4 log @Add comment on patch-aa from cvs log. Add LICENSE= public-domain. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2008/07/24 17:13:00 tonnerre Exp $ @ 1.3 log @Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196). @ text @d1 5 a5 1 $NetBSD$ @ 1.2 log @Update to 20050813 version. Bug fixes. Add "-o" option. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1 2006/12/09 02:16:03 markd Exp $ d3 22 a24 13 --- output.c.orig 2006-12-08 17:09:10.455919000 +1300 +++ output.c @@@@ -811,8 +811,8 @@@@ void output_defines(void) if (dflag && unionized) { rewind(union_file); - union_file = tmpfile(); - if (union_file == NULL) open_error("union_file"); + /* union_file = tmpfile(); + if (union_file == NULL) open_error("union_file"); */ while ((c = getc(union_file)) != EOF) putc(c, defines_file); fprintf(defines_file, " YYSTYPE;\nextern YYSTYPE %slval;\n", @ 1.2.14.1 log @pullup ticket #2460 requested by tonnerre byacc: patch to fix DoS vulnerability revisions pulled up: pkgsrc/devel/byacc/Makefile 1.9 pkgsrc/devel/byacc/distinfo 1.4 pkgsrc/devel/byacc/patches/patch-aa 1.3 Module Name: pkgsrc Committed By: tonnerre Date: Thu Jul 24 17:13:00 UTC 2008 Modified Files: pkgsrc/devel/byacc: Makefile distinfo Added Files: pkgsrc/devel/byacc/patches: patch-aa Log Message: Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196). @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2008/07/24 17:13:00 tonnerre Exp $ d3 13 a15 22 --- skeleton.c.orig 2005-05-05 01:39:36.000000000 +0200 +++ skeleton.c @@@@ -87,6 +87,7 @@@@ char *header[] = "short *yyssp;", "YYSTYPE *yyvsp;", "YYSTYPE yyval;", + "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */ "YYSTYPE yylval;", "", "/* variables for the parser stack */", @@@@ -275,7 +275,10 @@@@ char *body[] = " YYPREFIX, yystate, yyn, yyrule[yyn]);", "#endif", " yym = yylen[yyn];", - " yyval = yyvsp[1-yym];", + " if (yym)", + " yyval = yyvsp[1-yym];", + " else", + " yyval = yyvalzero;", " switch (yyn)", " {", 0 @ 1.1 log @Fix outputing of union's to y.tab.h when -d option given @ text @d1 1 a1 1 $NetBSD$ @ 1.1.1.1 log @Add Berkeley yacc patch for parser DoS vulnerability (CVE-2008-3196). @ text @d3 13 a15 22 --- skeleton.c.orig 2005-05-05 01:39:36.000000000 +0200 +++ skeleton.c @@@@ -87,6 +87,7 @@@@ char *header[] = "short *yyssp;", "YYSTYPE *yyvsp;", "YYSTYPE yyval;", + "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */ "YYSTYPE yylval;", "", "/* variables for the parser stack */", @@@@ -275,7 +275,10 @@@@ char *body[] = " YYPREFIX, yystate, yyn, yyrule[yyn]);", "#endif", " yym = yylen[yyn];", - " yyval = yyvsp[1-yym];", + " if (yym)", + " yyval = yyvsp[1-yym];", + " else", + " yyval = yyvalzero;", " switch (yyn)", " {", 0 @