[pkgsrc/trunk]: pkgsrc/graphics/graphviz Add patch for the graphviz 2.20.3 re...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c2554504b6ff
branches:  trunk
changeset: 548250:c2554504b6ff
user:      tron <tron%pkgsrc.org@localhost>
date:      Sun Oct 12 13:14:39 2008 +0000

description:
Add patch for the graphviz 2.20.3 release to fix the security
vulnerability reported in SA32186.

diffstat:

 graphics/graphviz/Makefile         |   6 +++---
 graphics/graphviz/distinfo         |   3 ++-
 graphics/graphviz/patches/patch-au |  24 ++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 4 deletions(-)

diffs (64 lines):

diff -r 43ba977e7dca -r c2554504b6ff graphics/graphviz/Makefile
--- a/graphics/graphviz/Makefile        Sun Oct 12 13:06:42 2008 +0000
+++ b/graphics/graphviz/Makefile        Sun Oct 12 13:14:39 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.64 2008/08/01 12:02:09 gdt Exp $
+# $NetBSD: Makefile,v 1.65 2008/10/12 13:14:39 tron Exp $
 
 DISTNAME=      graphviz-2.16.1
-PKGREVISION=   2
+PKGREVISION=   3
 CATEGORIES=    graphics
 MASTER_SITES=  http://www.graphviz.org/pub/graphviz/ARCHIVE/
 
@@ -18,7 +18,7 @@
 
 USE_LANGUAGES=         c c++
 USE_LIBTOOL=           yes
-USE_TOOLS+=            pkg-config
+USE_TOOLS+=            bison pkg-config
 GNU_CONFIGURE=         yes
 CONFIGURE_ARGS+=       --disable-java
 CONFIGURE_ARGS+=       --disable-perl
diff -r 43ba977e7dca -r c2554504b6ff graphics/graphviz/distinfo
--- a/graphics/graphviz/distinfo        Sun Oct 12 13:06:42 2008 +0000
+++ b/graphics/graphviz/distinfo        Sun Oct 12 13:14:39 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2008/03/14 01:16:36 joerg Exp $
+$NetBSD: distinfo,v 1.29 2008/10/12 13:14:39 tron Exp $
 
 SHA1 (graphviz-2.16.1.tar.gz) = 46b704bd9b81922bcd17167c88f3278a9645e894
 RMD160 (graphviz-2.16.1.tar.gz) = 6d0f23fa176a1bef7ee0ca48cf1b700fe6cbfb42
@@ -23,3 +23,4 @@
 SHA1 (patch-ar) = 44e5fdf98c8a86e2c17faca7d88df11c801a68fc
 SHA1 (patch-as) = cf7408ba799ba70f7404205d99be950eb1d67d79
 SHA1 (patch-at) = 2d9880b76536596dfadaf98cc1aa00aed1abd70c
+SHA1 (patch-au) = 896ee85993c69f83a6808b026fa873a82a4cfa3e
diff -r 43ba977e7dca -r c2554504b6ff graphics/graphviz/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/graphviz/patches/patch-au        Sun Oct 12 13:14:39 2008 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-au,v 1.10 2008/10/12 13:14:39 tron Exp $
+
+--- lib/graph/parser.y.orig    2007-09-07 13:05:44.000000000 +0100
++++ lib/graph/parser.y 2008-10-12 13:46:18.000000000 +0100
+@@ -31,7 +31,8 @@
+ static Agnode_t               *N;
+ static Agedge_t               *E;
+ static objstack_t     *SP;
+-static Agraph_t               *Gstack[32];
++#define GSTACK_SIZE 64
++static Agraph_t               *Gstack[64];
+ static int                    GSP;
+ 
+ static void subgraph_warn (void)
+@@ -44,6 +45,9 @@
+ 
+ static void push_subg(Agraph_t *g)
+ {
++      if (GSP >= GSTACK_SIZE) {
++              agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1);
++      }
+       G = Gstack[GSP++] = g;
+ }
+