diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-27 11:07:52 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-27 11:07:52 +0000 |
| commit | 8c89f11b647949f06fbef635e60814476280caa9 (patch) | |
| tree | be5fb78c1610b58bdc4bff3317c23e25da3a6e3c /main/graphviz | |
| parent | 65306a18e2d26e3724f00b5856166a87ebf4439e (diff) | |
| download | aports-8c89f11b647949f06fbef635e60814476280caa9.tar.bz2 aports-8c89f11b647949f06fbef635e60814476280caa9.tar.xz | |
main/graphviz: security fix for CVE-2014-9157
ref #3752
Diffstat (limited to 'main/graphviz')
| -rw-r--r-- | main/graphviz/APKBUILD | 12 | ||||
| -rw-r--r-- | main/graphviz/CVE-2014-9157.patch | 21 |
2 files changed, 29 insertions, 4 deletions
diff --git a/main/graphviz/APKBUILD b/main/graphviz/APKBUILD index 947b5e924..72da0c0f3 100644 --- a/main/graphviz/APKBUILD +++ b/main/graphviz/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=graphviz pkgver=2.38.0 -pkgrel=3 +pkgrel=4 pkgdesc="Graph Visualization Tools" url="http://www.graphviz.org/" arch="all" @@ -20,6 +20,7 @@ source="http://www.graphviz.org/pub/graphviz/stable/SOURCES/graphviz-$pkgver.tar $pkgname.trigger 0001-clone-nameclash.patch musl-posix-grep.patch + CVE-2014-9157.patch " _builddir="$srcdir"/graphviz-$pkgver @@ -113,12 +114,15 @@ graphs() { md5sums="5b6a829b2ac94efcd5fa3c223ed6d3ae graphviz-2.38.0.tar.gz 6e30f6cb07c20d92fe280586c56104eb graphviz.trigger bce8a9ae4c3a8c52c1bcf0e03d5ce364 0001-clone-nameclash.patch -f2e8e751d8b26dd659b51940f7210b8a musl-posix-grep.patch" +f2e8e751d8b26dd659b51940f7210b8a musl-posix-grep.patch +8da7607dfaaf0ea01e2618d647f79c45 CVE-2014-9157.patch" sha256sums="81aa238d9d4a010afa73a9d2a704fc3221c731e1e06577c2ab3496bdef67859e graphviz-2.38.0.tar.gz 990a108305f0188102b15bf946fee7aff27a9e449eae480192d8d2f933bb9802 graphviz.trigger 2b6c8186bf2799658494428d68597f63b91799f37809cbe59d8adcab60c27363 0001-clone-nameclash.patch -c9629e3e5502450ff000af173d568147aee5d8e884d7d8d8754cb7dd94e90ba6 musl-posix-grep.patch" +c9629e3e5502450ff000af173d568147aee5d8e884d7d8d8754cb7dd94e90ba6 musl-posix-grep.patch +4289ed4dbcfc2e6d19131e029364eaf7bc728948bbed2b211e808868b7450752 CVE-2014-9157.patch" sha512sums="0e51a97dae595f4e80bc9e4a12ba3c48485fab19941a28d522f5a0624b6a767e0ba720e9e55bff8efe8308dd1cd3793e2c99cb5fdfceb2d5cafb0cbee907e531 graphviz-2.38.0.tar.gz 50947e6a11929f724759266f7716d52d10923eba6d59704ab39e4bdf18f8471d548c2b11ab051dd4b67cb82742aaf54d6358890d049d5b5982f3383b65f7ae8c graphviz.trigger aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch -365ecb684b26c382f62b2c8bc075169eafd46478d21a49ecc433fcbf7b720027567438a01659fada7714433c1eced7f5662913179e6d59437fc5daba0d66b0cc musl-posix-grep.patch" +365ecb684b26c382f62b2c8bc075169eafd46478d21a49ecc433fcbf7b720027567438a01659fada7714433c1eced7f5662913179e6d59437fc5daba0d66b0cc musl-posix-grep.patch +0bd86ddab647ddc2c4b6b2ae8435b725c7e5a66028d51bae6f1111030be3f338b6b767327ad04e8f830cc2483812eee9e54943197ae5de06395d70c240e36552 CVE-2014-9157.patch" diff --git a/main/graphviz/CVE-2014-9157.patch b/main/graphviz/CVE-2014-9157.patch new file mode 100644 index 000000000..25f7b3f40 --- /dev/null +++ b/main/graphviz/CVE-2014-9157.patch @@ -0,0 +1,21 @@ +https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 + +--- ./lib/cgraph/scan.l.orig ++++ ./lib/cgraph/scan.l +@@ -209,6 +209,7 @@ + <hstring>([^><\n]*) addstr(yytext); + . return (yytext[0]); + %% ++ + void yyerror(char *str) + { + unsigned char xbuf[BUFSIZ]; +@@ -225,7 +226,7 @@ + agxbput (&xb, buf); + agxbput (&xb, yytext); + agxbput (&xb,"'\n"); +- agerr(AGERR,agxbuse(&xb)); ++ agerr(AGERR, "%s", agxbuse(&xb)); + agxbfree(&xb); + } + /* must be here to see flex's macro defns */ |