[arch-commits] Commit in graphviz/trunk (PKGBUILD yyerror0.patch yyerror1.patch)
Gaetan Bisson
bisson at nymeria.archlinux.org
Fri Jan 10 04:15:51 UTC 2014
Date: Friday, January 10, 2014 @ 05:15:50
Author: bisson
Revision: 203403
fix FS#38441
Added:
graphviz/trunk/yyerror0.patch
graphviz/trunk/yyerror1.patch
Modified:
graphviz/trunk/PKGBUILD
----------------+
PKGBUILD | 8 +++++++-
yyerror0.patch | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
yyerror1.patch | 26 ++++++++++++++++++++++++++
3 files changed, 86 insertions(+), 1 deletion(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-01-09 21:38:31 UTC (rev 203402)
+++ PKGBUILD 2014-01-10 04:15:50 UTC (rev 203403)
@@ -5,7 +5,7 @@
pkgname=graphviz
pkgver=2.34.0
-pkgrel=2
+pkgrel=3
pkgdesc='Graph visualization software'
url='http://www.graphviz.org/'
license=('CPL')
@@ -23,8 +23,12 @@
'tcl: tcl bindings'
'qt4: gvedit')
source=("${url}/pub/${pkgname}/stable/SOURCES/${pkgname}-${pkgver}.tar.gz"
+ 'yyerror0.patch'
+ 'yyerror1.patch'
'dotty.patch')
sha1sums=('5a0c00bebe7f4c7a04523db21f40966dc9f0d441'
+ '7a6fe4f532974d9ca173b1aba9927bdeb5f80be9'
+ '6d76a230ee6c11bcd610ebe56f98e96ecef6217d'
'31bc9f505c8b6470289a0d6ec31c237765cba239')
install=install
@@ -31,6 +35,8 @@
prepare() {
cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../yyerror0.patch
+ patch -p1 -i ../yyerror1.patch
patch -p1 -i ../dotty.patch
sed \
-e '/LIBPOSTFIX="64"/d' \
Added: yyerror0.patch
===================================================================
--- yyerror0.patch (rev 0)
+++ yyerror0.patch 2014-01-10 04:15:50 UTC (rev 203403)
@@ -0,0 +1,53 @@
+From 7aaddf52cd98589fb0c3ab72a393f8411838438a Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <erg at alum.mit.edu>
+Date: Fri, 4 Oct 2013 09:06:39 -0400
+Subject: [PATCH] Fix buffer overflow problem when reporting a syntax error
+ with a very long input line
+
+---
+ lib/cgraph/scan.l | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3cfde0f..2efd203 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -16,6 +16,7 @@
+ %{
+ #include <grammar.h>
+ #include <cghdr.h>
++#include <agxbuf.h>
+ #include <ctype.h>
+ #define GRAPH_EOF_TOKEN '@' /* lex class must be defined below */
+ /* this is a workaround for linux flex */
+@@ -191,13 +192,21 @@ ID ({NAME}|{NUMBER})
+ %%
+ void yyerror(char *str)
+ {
++ unsigned char xbuf[BUFSIZ];
+ char buf[BUFSIZ];
+- if (InputFile)
+- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile, line_num,
+- str,line_num,yytext);
+- else
+- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
+- agerr(AGWARN,buf);
++ agxbuf xb;
++
++ agxbinit(&xb, BUFSIZ, xbuf);
++ if (InputFile) {
++ agxbput (&xb, InputFile);
++ agxbput (&xb, ": ");
++ }
++ sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, buf);
++ agxbput (&xb, yytext);
++ agxbput (&xb,"'\n");
++ agerr(AGWARN,agxbuse(&xb));
++ agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
+ void aglexeof() { unput(GRAPH_EOF_TOKEN); }
+--
+1.8.5.1
+
Added: yyerror1.patch
===================================================================
--- yyerror1.patch (rev 0)
+++ yyerror1.patch 2014-01-10 04:15:50 UTC (rev 203403)
@@ -0,0 +1,26 @@
+From d266bb2b4154d11c27252b56d86963aef4434750 Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <erg at alum.mit.edu>
+Date: Tue, 7 Jan 2014 10:45:36 -0500
+Subject: [PATCH] Prevent possible buffer overflow in yyerror()
+
+---
+ lib/cgraph/scan.l | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3efe1d5..212967c 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -201,7 +201,8 @@ void yyerror(char *str)
+ agxbput (&xb, InputFile);
+ agxbput (&xb, ": ");
+ }
+- sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, str);
++ sprintf(buf," in line %d near '", line_num);
+ agxbput (&xb, buf);
+ agxbput (&xb, yytext);
+ agxbput (&xb,"'\n");
+--
+1.8.5.1
+
More information about the arch-commits
mailing list