diff options
| author | tron <tron> | 2014-12-01 22:47:13 +0000 |
|---|---|---|
| committer | tron <tron> | 2014-12-01 22:47:13 +0000 |
| commit | ce6251bf3688319d4553272852f15fa48915fd9e (patch) | |
| tree | fc37447bb76c189855da75fe5a861a59774036aa | |
| parent | 7735b80538c54dabf72a02f857a1387bd6793749 (diff) | |
| download | pkgsrc-ce6251bf3688319d4553272852f15fa48915fd9e.tar.gz | |
Pullup ticket #4561 - requested by wiz
graphics/graphviz: security patch
Revisions pulled up:
- graphics/graphviz/Makefile 1.146 via patch
- graphics/graphviz/distinfo 1.53
- graphics/graphviz/patches/patch-lib_cgraph_scan.l 1.4
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Dec 1 08:45:04 UTC 2014
Modified Files:
pkgsrc/graphics/graphviz: Makefile distinfo
Added Files:
pkgsrc/graphics/graphviz/patches: patch-lib_cgraph_scan.l
Log Message:
Fix format string vulnerability.
>From upstream git.
Bump PKGREVISION.
| -rw-r--r-- | graphics/graphviz/Makefile | 4 | ||||
| -rw-r--r-- | graphics/graphviz/distinfo | 3 | ||||
| -rw-r--r-- | graphics/graphviz/patches/patch-lib_cgraph_scan.l | 16 |
3 files changed, 20 insertions, 3 deletions
diff --git a/graphics/graphviz/Makefile b/graphics/graphviz/Makefile index bcde20f5413..f83449e9ab5 100644 --- a/graphics/graphviz/Makefile +++ b/graphics/graphviz/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.143 2014/05/29 23:36:38 wiz Exp $ +# $NetBSD: Makefile,v 1.143.4.1 2014/12/01 22:47:13 tron Exp $ DISTNAME= graphviz-2.38.0 -PKGREVISION= 1 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= http://www.graphviz.org/pub/graphviz/stable/SOURCES/ diff --git a/graphics/graphviz/distinfo b/graphics/graphviz/distinfo index 8d78f0f8e8a..7c778742215 100644 --- a/graphics/graphviz/distinfo +++ b/graphics/graphviz/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.52 2014/05/16 12:29:04 ryoon Exp $ +$NetBSD: distinfo,v 1.52.4.1 2014/12/01 22:47:13 tron Exp $ SHA1 (graphviz-2.38.0.tar.gz) = 053c771278909160916ca5464a0a98ebf034c6ef RMD160 (graphviz-2.38.0.tar.gz) = a80c2fa6b9955444b2103a99167d7020b23e4c4e @@ -7,4 +7,5 @@ SHA1 (patch-cmd_lefty_os_unix_io.c) = 48f91c79b97928b54ae24af59a9fea173f34dfe5 SHA1 (patch-config_config__perl.pl) = 85d535282a819c1055386244f7b520387d0ddbb1 SHA1 (patch-configure) = f772bedfac63c3b473ebae1621b72982a13fe5a3 SHA1 (patch-configure.ac) = ec844ae85b6be9cf095ec800df6983b061d62b5d +SHA1 (patch-lib_cgraph_scan.l) = 72cc178acb369007a4a672d20af196bb6b6df35b SHA1 (patch-lib_gvc_Makefile.in) = 985ffe3efb0e7f876ece14dc0d2a719ec06357e2 diff --git a/graphics/graphviz/patches/patch-lib_cgraph_scan.l b/graphics/graphviz/patches/patch-lib_cgraph_scan.l new file mode 100644 index 00000000000..da2a5d47f43 --- /dev/null +++ b/graphics/graphviz/patches/patch-lib_cgraph_scan.l @@ -0,0 +1,16 @@ +$NetBSD: patch-lib_cgraph_scan.l,v 1.4.2.2 2014/12/01 22:47:13 tron Exp $ + +Add format string. +https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 + +--- lib/cgraph/scan.l.orig 2014-04-13 20:40:25.000000000 +0000 ++++ lib/cgraph/scan.l +@@ -149,7 +149,7 @@ static int chkNum(void) { + agxbput(&xb,buf); + agxbput(&xb,fname); + agxbput(&xb, " splits into two tokens\n"); +- agerr(AGWARN,agxbuse(&xb)); ++ agerr(AGWARN,"%s", agxbuse(&xb)); + + agxbfree(&xb); + return 1; |