diff options
| author | rtr <rtr@pkgsrc.org> | 2008-10-13 07:04:20 +0000 |
|---|---|---|
| committer | rtr <rtr@pkgsrc.org> | 2008-10-13 07:04:20 +0000 |
| commit | 9b0a745e2b49c7d6677a90f649ae336db533c525 (patch) | |
| tree | b788955d32cc2d208b88907f7fd08a7e37f18ba8 | |
| parent | 2b5f1f2df9c25b20b2cf45a81ddf9f8b4d631605 (diff) | |
| download | pkgsrc-9b0a745e2b49c7d6677a90f649ae336db533c525.tar.gz | |
pullup ticket #2555 - requested by tron
graphviz: add a patch for security vulnerability
revisions pulled up:
pkgsrc/graphics/graphviz/Makefile 1.65
pkgsrc/graphics/graphviz/distinfo 1.29
pkgsrc/graphics/graphviz/patches/patch-au 1.10
Module Name: pkgsrc
Committed By: tron
Date: Sun Oct 12 13:14:39 UTC 2008
Modified Files:
pkgsrc/graphics/graphviz: Makefile distinfo
Added Files:
pkgsrc/graphics/graphviz/patches: patch-au
Log Message:
Add patch for the graphviz 2.20.3 release to fix the security
vulnerability reported in SA32186.
| -rw-r--r-- | graphics/graphviz/Makefile | 6 | ||||
| -rw-r--r-- | graphics/graphviz/distinfo | 3 | ||||
| -rw-r--r-- | graphics/graphviz/patches/patch-au | 24 |
3 files changed, 29 insertions, 4 deletions
diff --git a/graphics/graphviz/Makefile b/graphics/graphviz/Makefile index be9337f11f6..a10dfb355d9 100644 --- a/graphics/graphviz/Makefile +++ b/graphics/graphviz/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.64 2008/08/01 12:02:09 gdt Exp $ +# $NetBSD: Makefile,v 1.64.4.1 2008/10/13 07:04:20 rtr Exp $ DISTNAME= graphviz-2.16.1 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= http://www.graphviz.org/pub/graphviz/ARCHIVE/ @@ -18,7 +18,7 @@ CHECK_FILES_SKIP= ${PREFIX}/lib/graphviz/config USE_LANGUAGES= c c++ USE_LIBTOOL= yes -USE_TOOLS+= pkg-config +USE_TOOLS+= bison pkg-config GNU_CONFIGURE= yes CONFIGURE_ARGS+= --disable-java CONFIGURE_ARGS+= --disable-perl diff --git a/graphics/graphviz/distinfo b/graphics/graphviz/distinfo index de2fe52b6fb..b53a6bb6156 100644 --- a/graphics/graphviz/distinfo +++ b/graphics/graphviz/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.28 2008/03/14 01:16:36 joerg Exp $ +$NetBSD: distinfo,v 1.28.10.1 2008/10/13 07:04:20 rtr Exp $ SHA1 (graphviz-2.16.1.tar.gz) = 46b704bd9b81922bcd17167c88f3278a9645e894 RMD160 (graphviz-2.16.1.tar.gz) = 6d0f23fa176a1bef7ee0ca48cf1b700fe6cbfb42 @@ -23,3 +23,4 @@ SHA1 (patch-aq) = 7a14a748784d8e887a8449b649dab96b1bf7462c SHA1 (patch-ar) = 44e5fdf98c8a86e2c17faca7d88df11c801a68fc SHA1 (patch-as) = cf7408ba799ba70f7404205d99be950eb1d67d79 SHA1 (patch-at) = 2d9880b76536596dfadaf98cc1aa00aed1abd70c +SHA1 (patch-au) = 896ee85993c69f83a6808b026fa873a82a4cfa3e diff --git a/graphics/graphviz/patches/patch-au b/graphics/graphviz/patches/patch-au new file mode 100644 index 00000000000..e04a34ac870 --- /dev/null +++ b/graphics/graphviz/patches/patch-au @@ -0,0 +1,24 @@ +$NetBSD: patch-au,v 1.9.26.1 2008/10/13 07:04:20 rtr Exp $ + +--- lib/graph/parser.y.orig 2007-09-07 13:05:44.000000000 +0100 ++++ lib/graph/parser.y 2008-10-12 13:46:18.000000000 +0100 +@@ -31,7 +31,8 @@ + static Agnode_t *N; + static Agedge_t *E; + static objstack_t *SP; +-static Agraph_t *Gstack[32]; ++#define GSTACK_SIZE 64 ++static Agraph_t *Gstack[64]; + static int GSP; + + static void subgraph_warn (void) +@@ -44,6 +45,9 @@ + + static void push_subg(Agraph_t *g) + { ++ if (GSP >= GSTACK_SIZE) { ++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1); ++ } + G = Gstack[GSP++] = g; + } + |