diff options
author | wiz <wiz> | 2014-01-07 15:15:17 +0000 |
---|---|---|
committer | wiz <wiz> | 2014-01-07 15:15:17 +0000 |
commit | 692d5c6d33a1b7b613a0336ae5c78cd715133378 (patch) | |
tree | bebc285c94e06634cff483d2580f206a84c49942 /graphics/graphviz | |
parent | 563f4d86372ccae6ecb523a3be8204f814d53099 (diff) | |
download | pkgsrc-692d5c6d33a1b7b613a0336ae5c78cd715133378.tar.gz |
Security fix from upstream for a buffer overflow in the parser
error handler. Bump PKGREVISION.
Diffstat (limited to 'graphics/graphviz')
-rw-r--r-- | graphics/graphviz/Makefile | 4 | ||||
-rw-r--r-- | graphics/graphviz/distinfo | 3 | ||||
-rw-r--r-- | graphics/graphviz/patches/patch-lib_cgraph_scan.l | 44 |
3 files changed, 48 insertions, 3 deletions
diff --git a/graphics/graphviz/Makefile b/graphics/graphviz/Makefile index 31859bebd6d..d2394fcd4fd 100644 --- a/graphics/graphviz/Makefile +++ b/graphics/graphviz/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.133 2013/11/06 00:50:47 gdt Exp $ +# $NetBSD: Makefile,v 1.134 2014/01/07 15:15:17 wiz Exp $ DISTNAME= graphviz-2.34.0 -PKGREVISION= 3 +PKGREVISION= 4 CATEGORIES= graphics MASTER_SITES= http://www.graphviz.org/pub/graphviz/stable/SOURCES/ diff --git a/graphics/graphviz/distinfo b/graphics/graphviz/distinfo index cb44fbda2bf..c1aa6124f12 100644 --- a/graphics/graphviz/distinfo +++ b/graphics/graphviz/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.47 2013/11/20 07:17:22 richard Exp $ +$NetBSD: distinfo,v 1.48 2014/01/07 15:15:17 wiz Exp $ SHA1 (graphviz-2.34.0.tar.gz) = 5a0c00bebe7f4c7a04523db21f40966dc9f0d441 RMD160 (graphviz-2.34.0.tar.gz) = 583a2332bcf0f9c8d24d19044415cd768be51745 @@ -6,6 +6,7 @@ Size (graphviz-2.34.0.tar.gz) = 23921350 bytes SHA1 (patch-config_config__perl.pl) = 85d535282a819c1055386244f7b520387d0ddbb1 SHA1 (patch-configure) = 8f45d8cbaf9798a01216d7850c5c1dbe9dfd9106 SHA1 (patch-configure.ac) = 02ab80dfe182586e78b49d91a8cde69d1d266d4e +SHA1 (patch-lib_cgraph_scan.l) = 3d14db62d055c15969e15716ea314072d0586ab6 SHA1 (patch-lib_gvc_Makefile.in) = 44c514720a840574c9aa75f4c67798471138a642 SHA1 (patch-plugin_gd_Makefile.am) = 81de41e7589eaf7682a21636155840123a7716ab SHA1 (patch-plugin_gd_Makefile.in) = 0008791375bfcaf2f264d07ac59db0310905e5a0 diff --git a/graphics/graphviz/patches/patch-lib_cgraph_scan.l b/graphics/graphviz/patches/patch-lib_cgraph_scan.l new file mode 100644 index 00000000000..737f3293a34 --- /dev/null +++ b/graphics/graphviz/patches/patch-lib_cgraph_scan.l @@ -0,0 +1,44 @@ +$NetBSD: patch-lib_cgraph_scan.l,v 1.1 2014/01/07 15:15:18 wiz Exp $ + +http://secunia.com/advisories/55666/ + +https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a#diff-0 + +--- lib/cgraph/scan.l.orig 2013-09-07 01:07:52.000000000 +0000 ++++ lib/cgraph/scan.l +@@ -16,6 +16,7 @@ + %{ + #include <grammar.h> + #include <cghdr.h> ++#include <agxbuf.h> + #include <ctype.h> + #define GRAPH_EOF_TOKEN '@' /* lex class must be defined below */ + /* this is a workaround for linux flex */ +@@ -191,13 +192,21 @@ ID ({NAME}|{NUMBER}) + %% + void yyerror(char *str) + { ++ unsigned char xbuf[BUFSIZ]; + char buf[BUFSIZ]; +- if (InputFile) +- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile, line_num, +- str,line_num,yytext); +- else +- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext); +- agerr(AGWARN,buf); ++ agxbuf xb; ++ ++ agxbinit(&xb, BUFSIZ, xbuf); ++ if (InputFile) { ++ agxbput (&xb, InputFile); ++ agxbput (&xb, ": "); ++ } ++ sprintf(buf," %s in line %d near '", str,line_num); ++ agxbput (&xb, buf); ++ agxbput (&xb, yytext); ++ agxbput (&xb,"'\n"); ++ agerr(AGWARN,agxbuse(&xb)); ++ agxbfree(&xb); + } + /* must be here to see flex's macro defns */ + void aglexeof() { unput(GRAPH_EOF_TOKEN); } |