Fix format string vulnerability.

From upstream git. Bump PKGREVISION.
author: wiz <wiz@pkgsrc.org> 2014-12-01 08:45:04 +0000
committer: wiz <wiz@pkgsrc.org> 2014-12-01 08:45:04 +0000
commit: 31f85b7e61b1292472df9c5042b9be86aa4e87b8 (patch)
tree: 5c8aa7da4ce331dd83ea6a1a51f5dcac62543ddc /graphics/graphviz
parent: 9262665d89f1a15d5dbcfd538402bc8d4a290624 (diff)
download: pkgsrc-31f85b7e61b1292472df9c5042b9be86aa4e87b8.tar.gz
3 files changed, 20 insertions, 3 deletions
diff --git a/graphics/graphviz/Makefile b/graphics/graphviz/Makefile
index 9fc80240194..f6dac2ca409 100644
--- a/graphics/graphviz/Makefile
+++ b/graphics/graphviz/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.145 2014/10/09 19:14:03 jaapb Exp $
+# $NetBSD: Makefile,v 1.146 2014/12/01 08:45:04 wiz Exp $
 
 DISTNAME=	graphviz-2.38.0
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.graphviz.org/pub/graphviz/stable/SOURCES/
 
diff --git a/graphics/graphviz/distinfo b/graphics/graphviz/distinfo
index 8d78f0f8e8a..7bbe3da5827 100644
--- a/graphics/graphviz/distinfo
+++ b/graphics/graphviz/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2014/05/16 12:29:04 ryoon Exp $
+$NetBSD: distinfo,v 1.53 2014/12/01 08:45:04 wiz Exp $
 
 SHA1 (graphviz-2.38.0.tar.gz) = 053c771278909160916ca5464a0a98ebf034c6ef
 RMD160 (graphviz-2.38.0.tar.gz) = a80c2fa6b9955444b2103a99167d7020b23e4c4e
@@ -7,4 +7,5 @@ SHA1 (patch-cmd_lefty_os_unix_io.c) = 48f91c79b97928b54ae24af59a9fea173f34dfe5
 SHA1 (patch-config_config__perl.pl) = 85d535282a819c1055386244f7b520387d0ddbb1
 SHA1 (patch-configure) = f772bedfac63c3b473ebae1621b72982a13fe5a3
 SHA1 (patch-configure.ac) = ec844ae85b6be9cf095ec800df6983b061d62b5d
+SHA1 (patch-lib_cgraph_scan.l) = 72cc178acb369007a4a672d20af196bb6b6df35b
 SHA1 (patch-lib_gvc_Makefile.in) = 985ffe3efb0e7f876ece14dc0d2a719ec06357e2
diff --git a/graphics/graphviz/patches/patch-lib_cgraph_scan.l b/graphics/graphviz/patches/patch-lib_cgraph_scan.l
new file mode 100644
index 00000000000..a97628fe8bb
--- /dev/null
+++ b/graphics/graphviz/patches/patch-lib_cgraph_scan.l
@@ -0,0 +1,16 @@
+$NetBSD: patch-lib_cgraph_scan.l,v 1.4 2014/12/01 08:45:04 wiz Exp $
+
+Add format string.
+https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
+
+--- lib/cgraph/scan.l.orig	2014-04-13 20:40:25.000000000 +0000
++++ lib/cgraph/scan.l
+@@ -149,7 +149,7 @@ static int chkNum(void) {
+ 	agxbput(&xb,buf);
+ 	agxbput(&xb,fname);
+ 	agxbput(&xb, " splits into two tokens\n");
+-	agerr(AGWARN,agxbuse(&xb));
++	agerr(AGWARN,"%s", agxbuse(&xb));
+ 
+ 	agxbfree(&xb);
+ 	return 1;
author	wiz <wiz@pkgsrc.org>	2014-12-01 08:45:04 +0000
committer	wiz <wiz@pkgsrc.org>	2014-12-01 08:45:04 +0000
commit	31f85b7e61b1292472df9c5042b9be86aa4e87b8 (patch)
tree	5c8aa7da4ce331dd83ea6a1a51f5dcac62543ddc /graphics/graphviz
parent	9262665d89f1a15d5dbcfd538402bc8d4a290624 (diff)
download	pkgsrc-31f85b7e61b1292472df9c5042b9be86aa4e87b8.tar.gz