[pkgsrc/pkgsrc-2008Q3]: pkgsrc/graphics/graphviz pullup ticket #2555 - reques...

[rtr <rtr%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2531131f03eb
branches:  pkgsrc-2008Q3
changeset: 547836:2531131f03eb
user:      rtr <rtr%pkgsrc.org@localhost>
date:      Mon Oct 13 07:04:20 2008 +0000

description:
pullup ticket #2555 - requested by tron
graphviz: add a patch for security vulnerability

revisions pulled up:
pkgsrc/graphics/graphviz/Makefile               1.65
pkgsrc/graphics/graphviz/distinfo               1.29
pkgsrc/graphics/graphviz/patches/patch-au       1.10

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Sun Oct 12 13:14:39 UTC 2008

   Modified Files:
           pkgsrc/graphics/graphviz: Makefile distinfo
   Added Files:
           pkgsrc/graphics/graphviz/patches: patch-au

   Log Message:
   Add patch for the graphviz 2.20.3 release to fix the security
   vulnerability reported in SA32186.

diffstat:

 graphics/graphviz/Makefile         |   6 +++---
 graphics/graphviz/distinfo         |   3 ++-
 graphics/graphviz/patches/patch-au |  24 ++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 4 deletions(-)

diffs (64 lines):

diff -r aeb2997a22b7 -r 2531131f03eb graphics/graphviz/Makefile
--- a/graphics/graphviz/Makefile        Sun Oct 12 12:09:47 2008 +0000
+++ b/graphics/graphviz/Makefile        Mon Oct 13 07:04:20 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2008/08/01 12:02:09 gdt Exp $
+# $NetBSD: Makefile,v 1.64.4.1 2008/10/13 07:04:20 rtr Exp $
 
 DISTNAME=      graphviz-2.16.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    graphics
 MASTER_SITES=  http://www.graphviz.org/pub/graphviz/ARCHIVE/
 
@@ -18,7 +18,7 @@
 
 USE_LANGUAGES=         c c++
 USE_LIBTOOL=           yes
-USE_TOOLS+=            pkg-config
+USE_TOOLS+=            bison pkg-config
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --disable-java
 CONFIGURE_ARGS+=       --disable-perl
diff -r aeb2997a22b7 -r 2531131f03eb graphics/graphviz/distinfo
--- a/graphics/graphviz/distinfo        Sun Oct 12 12:09:47 2008 +0000
+++ b/graphics/graphviz/distinfo        Mon Oct 13 07:04:20 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2008/03/14 01:16:36 joerg Exp $
+$NetBSD: distinfo,v 1.28.10.1 2008/10/13 07:04:20 rtr Exp $
 
 SHA1 (graphviz-2.16.1.tar.gz) = 46b704bd9b81922bcd17167c88f3278a9645e894
 RMD160 (graphviz-2.16.1.tar.gz) = 6d0f23fa176a1bef7ee0ca48cf1b700fe6cbfb42
@@ -23,3 +23,4 @@
 SHA1 (patch-ar) = 44e5fdf98c8a86e2c17faca7d88df11c801a68fc
 SHA1 (patch-as) = cf7408ba799ba70f7404205d99be950eb1d67d79
 SHA1 (patch-at) = 2d9880b76536596dfadaf98cc1aa00aed1abd70c
+SHA1 (patch-au) = 896ee85993c69f83a6808b026fa873a82a4cfa3e
diff -r aeb2997a22b7 -r 2531131f03eb graphics/graphviz/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/graphviz/patches/patch-au        Mon Oct 13 07:04:20 2008 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-au,v 1.9.26.1 2008/10/13 07:04:20 rtr Exp $
+
+--- lib/graph/parser.y.orig    2007-09-07 13:05:44.000000000 +0100
++++ lib/graph/parser.y 2008-10-12 13:46:18.000000000 +0100
+@@ -31,7 +31,8 @@
+ static Agnode_t               *N;
+ static Agedge_t               *E;
+ static objstack_t     *SP;
+-static Agraph_t               *Gstack[32];
++#define GSTACK_SIZE 64
++static Agraph_t               *Gstack[64];
+ static int                    GSP;
+ 
+ static void subgraph_warn (void)
+@@ -44,6 +45,9 @@
+ 
+ static void push_subg(Agraph_t *g)
+ {
++      if (GSP >= GSTACK_SIZE) {
++              agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1);
++      }
+       G = Gstack[GSP++] = g;
+ }
+