[pkgsrc/trunk]: pkgsrc/devel/byacc Fix denial of sevice vulnerability in Berk...

[tonnerre <tonnerre%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/d64ae2ff1a9e
branches:  trunk
changeset: 545033:d64ae2ff1a9e
user:      tonnerre <tonnerre%pkgsrc.org@localhost>
date:      Thu Jul 24 17:13:00 2008 +0000

description:
Fix denial of sevice vulnerability in Berkeley yacc (CVE-2008-3196).

diffstat:

 devel/byacc/Makefile         |   3 ++-
 devel/byacc/distinfo         |   3 ++-
 devel/byacc/patches/patch-aa |  24 ++++++++++++++++++++++++
 3 files changed, 28 insertions(+), 2 deletions(-)

diffs (52 lines):

diff -r b88f592059d0 -r d64ae2ff1a9e devel/byacc/Makefile
--- a/devel/byacc/Makefile      Thu Jul 24 16:25:47 2008 +0000
+++ b/devel/byacc/Makefile      Thu Jul 24 17:13:00 2008 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2008/06/12 02:14:21 joerg Exp $
+# $NetBSD: Makefile,v 1.9 2008/07/24 17:13:00 tonnerre Exp $
 #
 
 DISTNAME=      byacc-20050813
+PKGREVISION=   1
 CATEGORIES=    devel
 MASTER_SITES=  ftp://invisible-island.net/byacc/
 EXTRACT_SUFX=  .tgz
diff -r b88f592059d0 -r d64ae2ff1a9e devel/byacc/distinfo
--- a/devel/byacc/distinfo      Thu Jul 24 16:25:47 2008 +0000
+++ b/devel/byacc/distinfo      Thu Jul 24 17:13:00 2008 +0000
@@ -1,5 +1,6 @@
-$NetBSD: distinfo,v 1.3 2006/12/09 02:27:47 markd Exp $
+$NetBSD: distinfo,v 1.4 2008/07/24 17:13:00 tonnerre Exp $
 
 SHA1 (byacc-20050813.tgz) = 3258494f3422eb3150944c1823af1c9c2c386062
 RMD160 (byacc-20050813.tgz) = 3ee159857a79025a83e2b0807577925fe460f816
 Size (byacc-20050813.tgz) = 138684 bytes
+SHA1 (patch-aa) = decae78775a5e0f1e1f7aaaa258da53903aa1f7a
diff -r b88f592059d0 -r d64ae2ff1a9e devel/byacc/patches/patch-aa
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/byacc/patches/patch-aa      Thu Jul 24 17:13:00 2008 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.3 2008/07/24 17:13:00 tonnerre Exp $
+
+--- skeleton.c.orig    2005-05-05 01:39:36.000000000 +0200
++++ skeleton.c
+@@ -87,6 +87,7 @@ char *header[] =
+     "short   *yyssp;",
+     "YYSTYPE *yyvsp;",
+     "YYSTYPE  yyval;",
++    "static YYSTYPE yyvalzero;", /* no "const", must compile as C++ */
+     "YYSTYPE  yylval;",
+     "",
+     "/* variables for the parser stack */",
+@@ -275,7 +275,10 @@ char *body[] =
+     "                YYPREFIX, yystate, yyn, yyrule[yyn]);",
+     "#endif",
+     "    yym = yylen[yyn];",
+-    "    yyval = yyvsp[1-yym];",
++    "    if (yym)",
++    "        yyval = yyvsp[1-yym];",
++    "    else",
++    "        yyval = yyvalzero;",
+     "    switch (yyn)",
+     "    {",
+     0