diff --git a/.gitignore b/.gitignore index df67585..5802f9e 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ cflow-1.3.tar.bz2 /cflow-1.4.tar.bz2 /cflow-1.5.tar.bz2 /cflow-1.6.tar.bz2 +/cflow-1.7.tar.bz2 diff --git a/cflow-1.6-CVE-2019-16165.patch b/cflow-1.6-CVE-2019-16165.patch deleted file mode 100644 index 6e4ab6c..0000000 --- a/cflow-1.6-CVE-2019-16165.patch +++ /dev/null @@ -1,86 +0,0 @@ -commit b9a7cd5e9d4efb54141dd0d11c319bb97a4600c6 -Author: Sergey Poznyakoff -Date: Tue Mar 30 10:49:31 2021 +0300 - - Reset static caller at the end of compilation unit. - - This fixes CVE-2019-16165, 66 - - * src/cflow.h (reset_static_caller): New proto. - * src/parser.c (reset_static_caller): New function. - * src/symbol.c (delete_statics): Call reset_static_caller. - -diff --git a/src/cflow.h b/src/cflow.h -index bd6dce7..0868508 100644 ---- a/src/cflow.h -+++ b/src/cflow.h -@@ -210,6 +210,7 @@ void pp_option(const char *arg); - - void init_parse(void); - int yyparse(void); -+void reset_static_caller(void); - - void output(void); - void newline(void); -diff --git a/src/parser.c b/src/parser.c -index 3cb1227..1238bb3 100644 ---- a/src/parser.c -+++ b/src/parser.c -@@ -47,11 +47,11 @@ void maybe_parm_list(int *parm_cnt_return); - void call(char*, int); - void reference(char*, int); - --int level; /* Current nesting level */ --Symbol *caller; /* Current caller */ --struct obstack text_stk; /* Obstack for composing declaration line */ -+static int level; /* Current nesting level */ -+static Symbol *caller; /* Current caller */ -+static struct obstack text_stk; /* Obstack for composing declaration line */ - --int parm_level; /* Parameter declaration nesting level */ -+static int parm_level; /* Parameter declaration nesting level */ - - typedef struct { - int type; -@@ -61,10 +61,10 @@ typedef struct { - - typedef int Stackpos[1]; - --TOKSTK tok; --TOKSTK *token_stack; --int tos; --int curs; -+static TOKSTK tok; -+static TOKSTK *token_stack; -+static int tos; -+static int curs; - int token_stack_length = 64; - int token_stack_increase = 32; - static int need_space; -@@ -1302,3 +1302,14 @@ reference(char *name, int line) - } - } - -+/* If the caller is a static symbol, reset it to NULL. This function -+ is called as a part of cleanup routine at the end of compilation -+ module. */ -+void -+reset_static_caller(void) -+{ -+ if (caller && -+ (caller->storage == StaticStorage || caller->flag == symbol_local)) -+ caller = NULL; -+} -+ -diff --git a/src/symbol.c b/src/symbol.c -index 0d2e916..3738fd8 100644 ---- a/src/symbol.c -+++ b/src/symbol.c -@@ -243,6 +243,7 @@ static_free(void *data) - void - delete_statics() - { -+ reset_static_caller(); - if (static_symbol_list) { - static_symbol_list->free_data = static_free; - linked_list_destroy(&static_symbol_list); diff --git a/cflow.spec b/cflow.spec index 7fd6cd5..5b17bd8 100644 --- a/cflow.spec +++ b/cflow.spec @@ -1,11 +1,10 @@ Summary: Analyzes C files charting control flow within the program Name: cflow -Version: 1.6 -Release: 9%{?dist} +Version: 1.7 +Release: 1%{?dist} License: GPLv2+ URL: http://www.gnu.org/software/cflow/ Source0: http://ftp.gnu.org/gnu/cflow/cflow-%{version}.tar.bz2 -Patch0: cflow-1.6-CVE-2019-16165.patch # to install lisp files BuildRequires: gcc BuildRequires: emacs @@ -42,6 +41,9 @@ make check %{_datadir}/emacs/site-lisp/cflow-mode.el %changelog +* Sun Jan 16 2022 Terje Rosten - 1.7-1 +- 1.7 + * Wed Jul 21 2021 Fedora Release Engineering - 1.6-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild diff --git a/sources b/sources index c632e9d..690b251 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cflow-1.6.tar.bz2) = eb26695b479205ea391623d78ee537cac084a168a52c2bf4f2e4206d7a3f813e6e3f92684903673af905172c3b1df3f8ab1ccb7986bd61ed53feee34fb3fd7c6 +SHA512 (cflow-1.7.tar.bz2) = ec7361b12099e8024f8420469eeddfa068014e8c7bc892ff5780396ce0baa1f915cc57d304f7e228f010379e08b9bd1ce31c9b50b619bb469081a5ea3d2bd9f4