Djam/graphviz
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/graphviz.git synced 2025-02-22 23:32:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated to 2.40.1 + fix for CVE-2018-10196

Browse source
This commit is contained in:
Denis Silakov 2019-03-23 20:35:42 +03:00
parent fca0fd747c
commit 63202d5878
7 changed files with 72 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.abf.yml
View file

@ -1,2 +1,4 @@
sources: removed_sources:
graphviz-2.38.0.tar.gz: 053c771278909160916ca5464a0a98ebf034c6ef graphviz-2.38.0.tar.gz: 053c771278909160916ca5464a0a98ebf034c6ef
sources:
graphviz-2.40.1.tar.gz: 8a44d19bcdb50df1bd8e649de472ebf868468888

48
graphviz-2.30.1-linkage.patch
View file

@ -1,48 +0,0 @@
--- cmd/dot/Makefile.in.orig 2013-02-23 11:26:50.729883499 +0000
+++ cmd/dot/Makefile.in 2013-02-23 11:28:44.263888094 +0000
@@ -70,8 +70,8 @@
@WITH_LIBGD_TRUE@am__append_5 = $(top_builddir)/plugin/gd/libgvplugin_gd.la $(GD_LIBS)
@WITH_PANGOCAIRO_TRUE@@WITH_WEBP_TRUE@am__append_6 = $(top_builddir)/plugin/webp/.libs/libgvplugin_webp_C.a $(WEBP_LIBS)
@WITH_PANGOCAIRO_TRUE@@WITH_WEBP_TRUE@am__append_7 = $(top_builddir)/plugin/webp/libgvplugin_webp.la $(WEBP_LIBS)
-@WITH_PANGOCAIRO_TRUE@am__append_8 = $(top_builddir)/plugin/pango/.libs/libgvplugin_pango_C.a $(PANGOCAIRO_LIBS)
-@WITH_PANGOCAIRO_TRUE@am__append_9 = $(top_builddir)/plugin/pango/libgvplugin_pango.la $(PANGOCAIRO_LIBS)
+@WITH_PANGOCAIRO_TRUE@am__append_8 = $(top_builddir)/plugin/pango/.libs/libgvplugin_pango_C.a $(PANGOCAIRO_LIBS) $(PANGOFT2_LIBS)
+@WITH_PANGOCAIRO_TRUE@am__append_9 = $(top_builddir)/plugin/pango/libgvplugin_pango.la $(PANGOCAIRO_LIBS) $(PANGOFT2_LIBS)
@WITH_PANGOCAIRO_TRUE@@WITH_WEBP_TRUE@am__append_10 = $(top_builddir)/plugin/webp/.libs/libgvplugin_webp_C.a $(WEBP_LIBS)
@WITH_PANGOCAIRO_TRUE@@WITH_WEBP_TRUE@am__append_11 = $(top_builddir)/plugin/webp/libgvplugin_webp.la $(WEBP_LIBS)
@WITH_LASI_TRUE@am__append_12 = $(top_builddir)/plugin/lasi/.libs/libgvplugin_lasi_C.a \
--- cmd/dot/Makefile.am.orig 2013-02-23 11:26:45.574883291 +0000
+++ cmd/dot/Makefile.am 2013-02-23 11:27:51.231885948 +0000
@@ -117,8 +117,8 @@
dot_static_LDADD += $(top_builddir)/plugin/webp/.libs/libgvplugin_webp_C.a $(WEBP_LIBS)
dot_builtins_LDADD += $(top_builddir)/plugin/webp/libgvplugin_webp.la $(WEBP_LIBS)
endif
-dot_static_LDADD += $(top_builddir)/plugin/pango/.libs/libgvplugin_pango_C.a $(PANGOCAIRO_LIBS)
-dot_builtins_LDADD += $(top_builddir)/plugin/pango/libgvplugin_pango.la $(PANGOCAIRO_LIBS)
+dot_static_LDADD += $(top_builddir)/plugin/pango/.libs/libgvplugin_pango_C.a $(PANGOCAIRO_LIBS) $(PANGOFT2_LIBS)
+dot_builtins_LDADD += $(top_builddir)/plugin/pango/libgvplugin_pango.la $(PANGOCAIRO_LIBS) $(PANGOFT2_LIBS)
if WITH_WEBP
dot_static_LDADD += $(top_builddir)/plugin/webp/.libs/libgvplugin_webp_C.a $(WEBP_LIBS)
dot_builtins_LDADD += $(top_builddir)/plugin/webp/libgvplugin_webp.la $(WEBP_LIBS)
--- plugin/gtk/Makefile.am.orig 2013-02-23 11:25:20.238879837 +0000
+++ plugin/gtk/Makefile.am 2013-02-23 11:25:40.256880647 +0000
@@ -37,7 +37,7 @@
libgvplugin_gtk_la_LDFLAGS = -version-info @GVPLUGIN_VERSION_INFO@
libgvplugin_gtk_la_SOURCES = $(libgvplugin_gtk_C_la_SOURCES)
-libgvplugin_gtk_la_LIBADD = $(GTK_LIBS)
+libgvplugin_gtk_la_LIBADD = $(GTK_LIBS) -lX11
if WITH_WIN32
libgvplugin_gtk_la_LDFLAGS += -no-undefined
--- plugin/gtk/Makefile.in.orig 2013-02-23 11:25:47.896880957 +0000
+++ plugin/gtk/Makefile.in 2013-02-23 11:26:20.128882261 +0000
@@ -535,7 +535,7 @@
libgvplugin_gtk_la_LDFLAGS = -version-info @GVPLUGIN_VERSION_INFO@ \
$(am__append_1) $(am__append_2)
libgvplugin_gtk_la_SOURCES = $(libgvplugin_gtk_C_la_SOURCES)
-libgvplugin_gtk_la_LIBADD = $(GTK_LIBS)
+libgvplugin_gtk_la_LIBADD = $(GTK_LIBS) -lX11
EXTRA_DIST = gtk.glade gtk.gladep
all: all-am

10
graphviz-2.30.1-pkgconfig.patch
View file

@ -1,10 +0,0 @@
--- lib/gvc/libgvc.pc.in.orig 2013-02-23 20:09:24.352375169 +0000
+++ lib/gvc/libgvc.pc.in 2013-02-23 20:09:33.643375545 +0000
@@ -7,6 +7,6 @@
Name: libgvc
Description: The GraphVizContext library
Version: @VERSION@
-Libs: -L${libdir} -lgvc -lgraph -lcdt
+Libs: -L${libdir} -lgvc -lcgraph -lcdt
Cflags: -I${includedir}

11
graphviz-2.38.0-lua-5.3.patch
View file

@ -1,11 +0,0 @@
--- graphviz-2.38.0/configure.ac.orig 2016-05-15 19:27:52.204176821 +0200
+++ graphviz-2.38.0/configure.ac 2016-05-15 19:28:14.198171673 +0200
@@ -928,7 +928,7 @@
if test "x$ac_found_lua_header" = "xyes" -a "x$ac_found_liblua_header" = "xyes"; then
LUA_INCLUDES="$CFLAGS"
fi
- for l in "$lua_suffix" "" "52" "5.2" "51" "5.1" "50" "5.0" ; do
+ for l in "$lua_suffix" "" "53" "5.3" "52" "5.2" "51" "5.1" "50" "5.0" ; do
AC_CHECK_LIB(lua$l,lua_call,ac_found_lua_lib="yes",ac_found_lua_lib="no")
if test "x$ac_found_lua_lib" = "xyes" ; then
LUA_VERSION=">=5.1.0"

16
graphviz-2.40.1-CVE-2018-10196.patch Normal file
View file

@ -0,0 +1,16 @@
diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
--- a/lib/dotgen/conc.c
+++ b/lib/dotgen/conc.c
@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
lead = GD_rankleader(g)[r];
- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
+ if (lead == NULL) {
+ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
+ longjmp(jbuf, 1);
+ }
+ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n",
agnameof(lead), ND_order(lead), r);
longjmp(jbuf, 1);

33
graphviz-2.40.1-link.patch Normal file
View file

@ -0,0 +1,33 @@
--- a/plugin/gtk/Makefile.am~ 2013-02-14 21:27:39.000000000 +0800
+++ b/plugin/gtk/Makefile.am 2013-05-27 11:22:45.127287033 +0800
@@ -37,7 +37,7 @@
libgvplugin_gtk_la_LDFLAGS = -version-info @GVPLUGIN_VERSION_INFO@
libgvplugin_gtk_la_SOURCES = $(libgvplugin_gtk_C_la_SOURCES)
-libgvplugin_gtk_la_LIBADD = $(GTK_LIBS)
+libgvplugin_gtk_la_LIBADD = $(GTK_LIBS) -lX11
if WITH_WIN32
libgvplugin_gtk_la_LDFLAGS += -no-undefined
--- ./configure.ac.orig 2017-10-08 11:55:15.622878825 +0300
+++ ./configure.ac 2017-10-08 11:56:08.642875683 +0300
@@ -2775,7 +2775,7 @@ if test "x$use_gd" = "x"; then
AC_MSG_WARN(Optional GD library not available)
use_gd="No (library not found)"
with_libgd="no"
- ], $GD_LIBS)
+ ], $GDLIB_LIBS)
fi
LDFLAGS=$save_LDFLAGS
CPPFLAGS=$save_CPPFLAGS
--- ./tclpkg/tcldot/Makefile.am.orig 2017-10-08 11:55:28.973374397 +0300
+++ ./tclpkg/tcldot/Makefile.am 2017-10-08 11:55:43.072841696 +0300
@@ -97,7 +97,7 @@ endif
if WITH_LIBGD
libtcldot_builtin_la_LIBADD += $(top_builddir)/plugin/gd/libgvplugin_gd_C.la
-libtcldot_builtin_la_LIBADD += $(GD_LIBS)
+libtcldot_builtin_la_LIBADD += $(GDLIB_LIBS)
endif
libtcldot_builtin_la_LIBADD += $(EXPAT_LIBS) $(LIBGEN_LIBS) $(SOCKET_LIBS) $(IPSEPCOLA_LIBS) $(MATH_LIBS)

28
graphviz.spec
View file

@ -10,6 +10,7 @@
%define cdt_major 5 %define cdt_major 5
%define cgraph_major 6 %define cgraph_major 6
%define gamut_major 1
%define gvc_major 6 %define gvc_major 6
%define gvpr_major 2 %define gvpr_major 2
%define pathplan_major 4 %define pathplan_major 4
@ -17,6 +18,7 @@
%define lib_cdt %mklibname cdt %{cdt_major} %define lib_cdt %mklibname cdt %{cdt_major}
%define lib_cgraph %mklibname cgraph %{cgraph_major} %define lib_cgraph %mklibname cgraph %{cgraph_major}
%define lib_gamut %mklibname lab_gamut %{gamut_major}
%define lib_gvc %mklibname gvc %{gvc_major} %define lib_gvc %mklibname gvc %{gvc_major}
%define lib_gvpr %mklibname gvpr %{gvpr_major} %define lib_gvpr %mklibname gvpr %{gvpr_major}
%define lib_pathplan %mklibname pathplan %{pathplan_major} %define lib_pathplan %mklibname pathplan %{pathplan_major}
@ -30,15 +32,14 @@
Summary: Graph visualization tools Summary: Graph visualization tools
Name: graphviz Name: graphviz
Version: 2.38.0 Version: 2.40.1
Release: 9 Release: 1
License: Common Public License License: Common Public License
Group: Graphics Group: Graphics
Url: http://www.graphviz.org Url: http://www.graphviz.org
Source0: http://www.graphviz.org/pub/graphviz/ARCHIVE/%{name}-%{version}.tar.gz Source0: http://www.graphviz.org/pub/graphviz/ARCHIVE/%{name}-%{version}.tar.gz
Patch0: graphviz-2.30.1-linkage.patch Patch0: graphviz-2.40.1-link.patch
Patch1: graphviz-2.30.1-pkgconfig.patch Patch1: graphviz-2.40.1-CVE-2018-10196.patch
Patch2: graphviz-2.38.0-lua-5.3.patch
BuildRequires: bison BuildRequires: bison
BuildRequires: flex BuildRequires: flex
BuildRequires: libtool BuildRequires: libtool
@ -125,6 +126,18 @@ This package provides the cgraph shared library for %{name}.
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
%package -n %{lib_gamut}
Group: System/Libraries
Summary: Shared library for %{name}
%description -n %{lib_gamut}
This package provides the lib_gamut shared library for %{name}.
%files -n %{lib_gamut}
%{_libdir}/liblab_gamut.so.%{gamut_major}*
#-------------------------------------------------------------------------
%package -n %{lib_gvc} %package -n %{lib_gvc}
Summary: Shared library for %{name} Summary: Shared library for %{name}
Group: System/Libraries Group: System/Libraries
@ -364,9 +377,8 @@ Static development package for %{name}.
%prep %prep
%setup -q %setup -q
%patch0 -p0 -b .link~ %patch0 -p1 -b .link~
%patch2 -p1 -b .lua~ %patch1 -p1 -b .cve~
sed -i s,"ruby-1.9","ruby-2.1",g configure.ac
%build %build
autoreconf -fi autoreconf -fi