fix more problems with the scanner, one was introduced by the last fix

(CVE-2014-1235, CVE-2014-1236) bump PKGREV
author: drochner <drochner@pkgsrc.org> 2014-01-10 15:27:11 +0000
committer: drochner <drochner@pkgsrc.org> 2014-01-10 15:27:11 +0000
commit: 06919e053964cb1a7b4ca424474125c667db9c63 (patch)
tree: d8336856439b48659859c3c05513f121c78c9fbc /graphics/graphviz
parent: afcb9b22f6a5736c92beea1eeaf06bcde6318224 (diff)
download: pkgsrc-06919e053964cb1a7b4ca424474125c667db9c63.tar.gz
3 files changed, 52 insertions, 7 deletions
diff --git a/graphics/graphviz/Makefile b/graphics/graphviz/Makefile
index 7cf6ebe7cce..cc97a6b3ada 100644
--- a/graphics/graphviz/Makefile
+++ b/graphics/graphviz/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.135 2014/01/08 10:24:14 jperkin Exp $
+# $NetBSD: Makefile,v 1.136 2014/01/10 15:27:11 drochner Exp $
 
 DISTNAME=	graphviz-2.34.0
-PKGREVISION=	4
+PKGREVISION=	5
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.graphviz.org/pub/graphviz/stable/SOURCES/
 
diff --git a/graphics/graphviz/distinfo b/graphics/graphviz/distinfo
index c1aa6124f12..5ce915d0130 100644
--- a/graphics/graphviz/distinfo
+++ b/graphics/graphviz/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.48 2014/01/07 15:15:17 wiz Exp $
+$NetBSD: distinfo,v 1.49 2014/01/10 15:27:11 drochner Exp $
 
 SHA1 (graphviz-2.34.0.tar.gz) = 5a0c00bebe7f4c7a04523db21f40966dc9f0d441
 RMD160 (graphviz-2.34.0.tar.gz) = 583a2332bcf0f9c8d24d19044415cd768be51745
@@ -6,7 +6,7 @@ Size (graphviz-2.34.0.tar.gz) = 23921350 bytes
 SHA1 (patch-config_config__perl.pl) = 85d535282a819c1055386244f7b520387d0ddbb1
 SHA1 (patch-configure) = 8f45d8cbaf9798a01216d7850c5c1dbe9dfd9106
 SHA1 (patch-configure.ac) = 02ab80dfe182586e78b49d91a8cde69d1d266d4e
-SHA1 (patch-lib_cgraph_scan.l) = 3d14db62d055c15969e15716ea314072d0586ab6
+SHA1 (patch-lib_cgraph_scan.l) = c7ad8c47ed478eddc8904865988ada76af781a84
 SHA1 (patch-lib_gvc_Makefile.in) = 44c514720a840574c9aa75f4c67798471138a642
 SHA1 (patch-plugin_gd_Makefile.am) = 81de41e7589eaf7682a21636155840123a7716ab
 SHA1 (patch-plugin_gd_Makefile.in) = 0008791375bfcaf2f264d07ac59db0310905e5a0
diff --git a/graphics/graphviz/patches/patch-lib_cgraph_scan.l b/graphics/graphviz/patches/patch-lib_cgraph_scan.l
index 737f3293a34..9c2e898a1e3 100644
--- a/graphics/graphviz/patches/patch-lib_cgraph_scan.l
+++ b/graphics/graphviz/patches/patch-lib_cgraph_scan.l
@@ -1,8 +1,10 @@
-$NetBSD: patch-lib_cgraph_scan.l,v 1.1 2014/01/07 15:15:18 wiz Exp $
+$NetBSD: patch-lib_cgraph_scan.l,v 1.2 2014/01/10 15:27:11 drochner Exp $
 
 http://secunia.com/advisories/55666/
 
 https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a#diff-0
+https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
+https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
 
 --- lib/cgraph/scan.l.orig	2013-09-07 01:07:52.000000000 +0000
 +++ lib/cgraph/scan.l
@@ -14,7 +16,49 @@ https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f841183843
  #include <ctype.h>
  #define GRAPH_EOF_TOKEN		'@'		/* lex class must be defined below */
  	/* this is a workaround for linux flex */
-@@ -191,13 +192,21 @@ ID		({NAME}|{NUMBER})
+@@ -128,15 +129,32 @@ static void ppDirective (void)
+  * and report this to the user.
+  */
+ static int chkNum(void) {
+-  unsigned char	c = (unsigned char)yytext[yyleng-1];   /* last character */
+-  if (!isdigit(c) && (c != '.')) {  /* c is letter */
+-	char	buf[BUFSIZ];
+-	sprintf(buf,"syntax error - badly formed number '%s' in line %d of %s\n",yytext,line_num, InputFile);
+-    strcat (buf, "splits into two name tokens\n");
+-	agerr(AGWARN,buf);
+-    return 1;
+-  }
+-  else return 0;
++    unsigned char c = (unsigned char)yytext[yyleng-1];   /* last character */
++    if (!isdigit(c) && (c != '.')) {  /* c is letter */
++        unsigned char xbuf[BUFSIZ];
++        char buf[BUFSIZ];
++        agxbuf  xb;
++        char* fname;
++
++        if (InputFile)
++            fname = InputFile;
++        else
++            fname = "input";
++
++        agxbinit(&xb, BUFSIZ, xbuf);
++
++        agxbput(&xb,"syntax ambiguity - badly delimited number '");
++        agxbput(&xb,yytext);
++        sprintf(buf,"' in line %d of ", line_num);
++        agxbput(&xb,buf);
++        agxbput(&xb,fname);
++        agxbput(&xb, " splits into two tokens\n");
++        agerr(AGWARN,agxbuse(&xb));
++
++        agxbfree(&xb);
++        return 1;
++    }
++    else return 0;
+ }
+ 
+ /* The LETTER class below consists of ascii letters, underscore, all non-ascii
+@@ -191,13 +209,22 @@ ID		({NAME}|{NUMBER})
  %%
  void yyerror(char *str)
  {
@@ -33,7 +77,8 @@ https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f841183843
 +		agxbput (&xb, InputFile);
 +		agxbput (&xb, ": ");
 +	}
-+	sprintf(buf," %s in line %d near '", str,line_num);
++	agxbput (&xb, str);
++	sprintf(buf," in line %d near '", line_num);
 +	agxbput (&xb, buf);
 +	agxbput (&xb, yytext);
 +	agxbput (&xb,"'\n");
author	drochner <drochner@pkgsrc.org>	2014-01-10 15:27:11 +0000
committer	drochner <drochner@pkgsrc.org>	2014-01-10 15:27:11 +0000
commit	06919e053964cb1a7b4ca424474125c667db9c63 (patch)
tree	d8336856439b48659859c3c05513f121c78c9fbc /graphics/graphviz
parent	afcb9b22f6a5736c92beea1eeaf06bcde6318224 (diff)
download	pkgsrc-06919e053964cb1a7b4ca424474125c667db9c63.tar.gz