- Add a patch that fixes ancient buffer overflow

- Resolves: #454583

byacc.spec

@@ -3,11 +3,12 @@
 Summary: Berkeley Yacc, a parser generator
 Name: byacc
 Version: 1.9.%{byaccdate}
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public Domain
 Group: Development/Tools
 URL: http://invisible-island.net/byacc/byacc.html
 Source: ftp://invisible-island.net/byacc/byacc-%{byaccdate}.tgz
+Patch1: skeleton.c.diff
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -19,6 +20,7 @@ this package.
 
 %prep
 %setup -q -n byacc-%{byaccdate}
+%patch1 -p3
 
 %build
 %configure --disable-dependency-tracking
@@ -47,6 +49,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/byacc.1*
 
 %changelog
+* Mon Jul 14 2008 Petr Machata <pmachata@redhat.com> - 1.9.20070509-3
+- Add a patch that fixes ancient buffer overflow
+- Resolves: #454583
+
 * Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.9.20070509-2
 - Autorebuild for GCC 4.3
 

skeleton.c.diff

@@ -0,0 +1,25 @@
+===================================================================
+RCS file: /usr/OpenBSD/cvs/src/usr.bin/yacc/skeleton.c,v
+retrieving revision 1.28
+retrieving revision 1.29
+diff -u -r1.28 -r1.29
+--- src/usr.bin/yacc/skeleton.c	2007/09/03 21:14:58	1.28
++++ src/usr.bin/yacc/skeleton.c	2008/07/08 15:06:50	1.29
+@@ -63,4 +63,5 @@
+     "#endif",
+     "#include <stdlib.h>",
++    "#include <string.h>",
+     "#define YYBYACC 1",
+     "#define YYMAJOR 1",
+@@ -346,7 +347,10 @@
+     "                YYPREFIX, yystate, yyn, yyrule[yyn]);",
+     "#endif",
+     "    yym = yylen[yyn];",
+-    "    yyval = yyvsp[1-yym];",
++    "    if (yym)",
++    "        yyval = yyvsp[1-yym];",
++    "    else",
++    "        memset(&yyval, 0, sizeof yyval);",
+     "    switch (yyn)",
+     "    {",
+     0