1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/bison/bison.patch Wed Jan 07 14:58:25 2009 +0100
1.3 @@ -0,0 +1,31 @@
1.4 +Index: lib/timevar.c
1.5 +--- lib/timevar.c.orig 2008-07-14 10:56:12 +0200
1.6 ++++ lib/timevar.c 2008-11-03 19:16:04 +0100
1.7 +@@ -42,6 +42,7 @@
1.8 + # include <sys/times.h>
1.9 + #endif
1.10 + #ifdef HAVE_SYS_RESOURCE_H
1.11 ++#include <sys/time.h>
1.12 + #include <sys/resource.h>
1.13 + #endif
1.14 +
1.15 +----------------------------------------------------------------------------
1.16 +
1.17 +Security Fix:
1.18 +http://undeadly.org/cgi?action=article&sid=20080708155228&mode=flat&count=13
1.19 +
1.20 +Index: data/yacc.c
1.21 +--- data/yacc.c.orig 2008-11-02 19:09:10 +0100
1.22 ++++ data/yacc.c 2008-11-03 19:16:04 +0100
1.23 +@@ -1444,7 +1444,10 @@
1.24 + users should not rely upon it. Assigning to YYVAL
1.25 + unconditionally makes the parser a bit smaller, and it avoids a
1.26 + GCC warning that YYVAL may be used uninitialized. */
1.27 ++if (yylen)
1.28 + yyval = yyvsp[1-yylen];
1.29 ++else
1.30 ++ memset(&yyval, 0, sizeof(yyval));
1.31 +
1.32 + ]b4_locations_if(
1.33 + [[ /* Default location. */
1.34 +
