packages/graphviz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
songnannan 2019-12-31 15:12:54 +08:00
parent cfbf2b5a80
commit 7d0a57c9cb
8 changed files with 611 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
CVE-2019-11023.patch Normal file
View File

@ -0,0 +1,131 @@
From 839085f8026afd6f6920a0c31ad2a9d880d97932 Mon Sep 17 00:00:00 2001
From: Stephen C North <scnorth@gmail.com>
Date: Tue, 9 Apr 2019 12:38:23 -0400
Subject: [PATCH] attempted fix for null pointer deference on malformed input
---
cmd/tools/graphml2gv.c | 36 +++++++++++++++++++++---------------
lib/cgraph/grammar.y | 8 ++++++++
lib/cgraph/obj.c | 2 ++
3 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c
index f4798089e..b9fc9730c 100644
--- a/cmd/tools/graphml2gv.c
+++ b/cmd/tools/graphml2gv.c
@@ -468,8 +468,10 @@ startElementHandler(void *userData, const char *name, const char **atts)
if (pos > 0) {
const char *attrname;
attrname = atts[pos];
-
- bind_node(attrname);
+ if (G == 0)
+ fprintf(stderr,"node %s outside graph, ignored\n",attrname);
+ else
+ bind_node(attrname);
pushString(&ud->elements, attrname);
}
@@ -495,21 +497,25 @@ startElementHandler(void *userData, const char *name, const char **atts)
if (tname)
head = tname;
- bind_edge(tail, head);
+ if (G == 0)
+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
+ else {
+ bind_edge(tail, head);
- t = AGTAIL(E);
- tname = agnameof(t);
+ t = AGTAIL(E);
+ tname = agnameof(t);
- if (strcmp(tname, tail) == 0) {
- ud->edgeinverted = FALSE;
- } else if (strcmp(tname, head) == 0) {
- ud->edgeinverted = TRUE;
- }
+ if (strcmp(tname, tail) == 0) {
+ ud->edgeinverted = FALSE;
+ } else if (strcmp(tname, head) == 0) {
+ ud->edgeinverted = TRUE;
+ }
- pos = get_xml_attr("id", atts);
- if (pos > 0) {
- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
- }
+ pos = get_xml_attr("id", atts);
+ if (pos > 0) {
+ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
+ }
+ }
} else {
/* must be some extension */
fprintf(stderr,
@@ -530,7 +536,7 @@ static void endElementHandler(void *userData, const char *name)
char *ele_name = topString(ud->elements);
if (ud->closedElementType == TAG_GRAPH) {
Agnode_t *node = agnode(root, ele_name, 0);
- agdelete(root, node);
+ if (node) agdelete(root, node);
}
popString(&ud->elements);
Current_class = TAG_GRAPH;
diff --git a/lib/cgraph/grammar.y b/lib/cgraph/grammar.y
index 90aa27387..127a7241a 100644
--- a/lib/cgraph/grammar.y
+++ b/lib/cgraph/grammar.y
@@ -22,6 +22,7 @@ extern void yyerror(char *); /* gets mapped to aagerror, see below */
#endif
static char Key[] = "key";
+static int SubgraphDepth = 0;
typedef union s { /* possible items in generic list */
Agnode_t *n;
@@ -542,6 +543,7 @@ static void startgraph(char *name, int directed, int strict)
static Agdesc_t req; /* get rid of warnings */
if (G == NILgraph) {
+ SubgraphDepth = 0;
req.directed = directed;
req.strict = strict;
req.maingraph = TRUE;
@@ -562,6 +564,11 @@ static void endgraph()
static void opensubg(char *name)
{
+ if (++SubgraphDepth >= YYMAXDEPTH/2) {
+ char buf[128];
+ sprintf(buf,"subgraphs nested more than %d deep",YYMAXDEPTH);
+ agerr(AGERR,buf);
+ }
S = push(S,agsubg(S->g,name,TRUE));
agstrfree(G,name);
}
@@ -569,6 +576,7 @@ static void opensubg(char *name)
static void closesubg()
{
Agraph_t *subg = S->g;
+ --SubgraphDepth;
S = pop(S);
S->subg = subg;
assert(subg);
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
index 7b1c8c101..709774e3d 100644
--- a/lib/cgraph/obj.c
+++ b/lib/cgraph/obj.c
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
Agraph_t *agroot(void* obj)
{
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
+ if (obj == 0) return NILgraph;
switch (AGTYPE(obj)) {
case AGINEDGE:
case AGOUTEDGE:
--
2.21.0

32
elimination-define-difference.patch Normal file
View File

@ -0,0 +1,32 @@
/lib/sfio/features/sfio b/lib/sfio/features/sfio
--- a/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000
+++ b/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000
@@ -89,7 +89,7 @@ lib memchr note{ see if memchr is fast }
t2 = (etm2.tms_utime - stm2.tms_utime) +
(etm2.tms_stime - stm2.tms_stime);
- return t1 < t2 ? 0 : 1;
+ return 1;
}
}end
@@ -130,7 +130,7 @@ lib memccpy note{ see if memccpy is fast
t2 = (etm2.tms_utime - stm2.tms_utime) +
(etm2.tms_stime - stm2.tms_stime);
- return t1 < t2 ? 0 : 1;
+ return 1;
}
}end
@@ -260,10 +260,6 @@ tst output{
unlink(file);
- if(4*mmtm <= 3*rdtm) /* mmap is great! */
- printf("#define _mmap_worthy 2 \n");
- else if(4*mmtm <= 5*rdtm) /* mmap is good */
- printf("#define _mmap_worthy 1 \n");
return 0;
}

16
graphviz-2.40.1-CVE-2018-10196.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
--- a/lib/dotgen/conc.c
+++ b/lib/dotgen/conc.c
@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
lead = GD_rankleader(g)[r];
- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
+ if (lead == NULL) {
+ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
+ longjmp(jbuf, 1);
+ }
+ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n",
agnameof(lead), ND_order(lead), r);
longjmp(jbuf, 1);

22
graphviz-2.40.1-dotty-menu-fix.patch Normal file
View File

@ -0,0 +1,22 @@
diff --git a/cmd/dotty/dotty_ui.lefty b/cmd/dotty/dotty_ui.lefty
index a8c9116..a708c61 100644
--- a/cmd/dotty/dotty_ui.lefty
+++ b/cmd/dotty/dotty_ui.lefty
@@ -342,7 +342,7 @@ dotty.protovt.normal.uifuncs = [
else
gt.insertedge (gt, data.pobj, null, data.obj, null, null, 1);
};
- 'rightdown' = function (data) {
+ 'rightup' = function (data) {
local vt, gt, menu, i;
vt = dotty.views[data.widget];
@@ -447,7 +447,7 @@ dotty.protovt.birdseye.uifuncs = [
'middledown' = dotty.protovt.normal.uifuncs.middledown;
'middlemove' = dotty.protovt.normal.uifuncs.middlemove;
'middleup' = dotty.protovt.normal.uifuncs.middleup;
- 'rightdown' = dotty.protovt.normal.uifuncs.rightdown;
+ 'rightup' = dotty.protovt.normal.uifuncs.rightup;
'keyup' = dotty.protovt.normal.uifuncs.keyup;
'redraw' = dotty.protovt.normal.uifuncs.redraw;
'closeview' = dotty.protovt.normal.uifuncs.closeview;

58
graphviz-2.40.1-python3.patch Normal file
View File

@ -0,0 +1,58 @@
diff --git a/config/config_python.py b/config/config_python.py
index b747045..2b1ac8d 100644
--- a/config/config_python.py
+++ b/config/config_python.py
@@ -1,12 +1,13 @@
+from __future__ import print_function
+
import sys
from distutils import sysconfig
if sys.argv[1] == "archlib":
- print sysconfig.get_python_lib(1,1)
+ print(sysconfig.get_python_lib(1,1))
elif sys.argv[1] == "lib":
- print sysconfig.get_python_lib(0,1)
+ print(sysconfig.get_python_lib(0,1))
elif sys.argv[1] == "archsitelib":
- print sysconfig.get_python_lib(1,0)
+ print(sysconfig.get_python_lib(1,0))
elif sys.argv[1] == "sitelib":
- print sysconfig.get_python_lib(0,0)
-
+ print(sysconfig.get_python_lib(0,0))
diff --git a/configure.ac b/configure.ac
index 51166c3..4d8c9a0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1142,7 +1142,7 @@ else
if test `$SWIG -help 2>&1 | $EGREP -c '\-python *- Generate'` = 0; then
use_python="No (swig does not support -python option)"
else
- AC_CHECK_PROG(PYTHON,python,python)
+ AC_CHECK_PROGS(PYTHON,[python3 python])
if test "x$PYTHON" = "x"; then
use_python="No (python not available)"
else
@@ -1167,8 +1167,11 @@ else
if test "x$PYTHON" = "x"; then
use_python="No (python is too old)"
else
- PYTHON_PREFIX=`$PYTHON -c "import sys; print sys.prefix"`
+ PYTHON_PREFIX=`$PYTHON -c "import sys; print(sys.prefix)"`
PYTHON_INCLUDES=-I$PYTHON_PREFIX/include/python$PYTHON_VERSION_SHORT
+ if test $PYTHON_VERSION_MAJOR -gt 2; then
+ PYTHON_INCLUDES="${PYTHON_INCLUDES}m"
+ fi
# PYTHON_LIBS="-lpython$PYTHON_VERSION_SHORT"
PYTHON_LIBS="-undefined dynamic_lookup"
PYTHON_INSTALL_DIR="`$PYTHON $srcdir/config/config_python.py archsitelib`"
@@ -1548,7 +1551,7 @@ else
if test "x$PYTHON34" = "x"; then
use_python34="No (python34 is too old)"
else
- PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print sys.prefix"`
+ PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print(sys.prefix)"`
# PYTHON34_INCLUDES=-I$PYTHON34_PREFIX/include/python$PYTHON34_VERSION_SHORT
# FIXME - whats the stupid "m" for?
PYTHON34_INCLUDES=-I/usr/include/python3.4m

25
graphviz-2.40.1-visio.patch Normal file
View File

@ -0,0 +1,25 @@
diff --git a/plugin/visio/VisioGraphic.cpp b/plugin/visio/VisioGraphic.cpp
index 303eac0..14e377c 100644
--- a/plugin/visio/VisioGraphic.cpp
+++ b/plugin/visio/VisioGraphic.cpp
@@ -29,6 +29,8 @@
#define isfinite(x) finite(x)
#endif
+#include <cstdlib>
+
#include "VisioGraphic.h"
#include "gvcjob.h"
diff --git a/plugin/visio/VisioText.cpp b/plugin/visio/VisioText.cpp
index 635806c..3c6441a 100644
--- a/plugin/visio/VisioText.cpp
+++ b/plugin/visio/VisioText.cpp
@@ -17,6 +17,7 @@
#include "gvcjob.h"
#include "gvio.h"
+#include <cstdlib>
#include <string.h>
extern "C" char *xml_string(char* str);

327
graphviz.spec Normal file
View File

@ -0,0 +1,327 @@
%bcond_with python2
%bcond_with php
%if "%{php_version}" < "5.6"
%global ini_name %{name}.ini
%else
%global ini_name 40-%{name}.ini
%endif
%global pluginsver 6
%global php_extdir %(php-config --extension-dir 2>/dev/null || echo %{_libdir}/php4)
Name: graphviz
Version: 2.40.1
Release: 38
Summary: Graph Visualization Tools
License: EPL
URL: http://www.graphviz.org/
Source0: https://gitlab.com/graphviz/graphviz/-/archive/stable_release_%{version}//graphviz.tar.gz
Patch0: graphviz-2.40.1-visio.patch
Patch1: graphviz-2.40.1-python3.patch
Patch2: graphviz-2.40.1-CVE-2018-10196.patch
Patch3: graphviz-2.40.1-dotty-menu-fix.patch
Patch6000: CVE-2019-11023.patch
Patch9000: elimination-define-difference.patch
BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
BuildRequires: zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3
BuildRequires: python3-devel libXaw-devel libSM-devel libXext-devel java-devel pango-devel gmp-devel lua-devel gtk2-devel cairo-devel >= 1.1.10
BuildRequires: ghostscript libgs-devel gd-devel perl-devel
%if %{with python2}
BuildRequires: python2-devel
%endif
%if %{with php}
BuildRequires: php-devel
%endif
Requires: urw-base35-fonts xorg-x11-fonts-ISO8859-1-100dpi guile glibc
Requires(post): glibc
Requires(postun): glibc
Provides: %{name}-gd %{name}-graphs %{name}-guile
Obsoletes: %{name}-gd %{name}-graphs %{name}-guile
%description
Graphviz is open source graph visualization software. Graph visualization is a way of representing structural
information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics,
software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.
%package devel
Summary: Development headers and libraries for interfacing to the graphviz
Requires: %{name} = %{version}-%{release} pkgconfig
%description devel
Header files for using the graphviz libraries. The
libdhcpctl and libomapi static libraries are also included in this package.
%package docs
Summary: Documentation files for graphviz
%description docs
The docs package contains documentation files.
%package java
Summary: Java extension for graphviz
Requires: %{name} = %{version}-%{release}
%description java
Java extension for graphviz.
%package lua
Summary: Lua extension for graphviz
Requires: %{name} = %{version}-%{release} lua
%description lua
Lua extension for graphviz.
%package ocaml
Summary: Ocaml extension for graphviz
Requires: %{name} = %{version}-%{release} ocaml
%description ocaml
Ocaml extension for graphviz.
%package perl
Summary: Perl extension for graphviz
Requires: %{name} = %{version}-%{release} perl
%description perl
Perl extension for graphviz.
%package ruby
Summary: Ruby extension for graphviz
Requires: %{name} = %{version}-%{release} ruby
%description ruby
Ruby extension for graphviz.
%package tcl
Summary: Tcl extension & tools for graphviz
Requires: %{name} = %{version}-%{release} tcl >= 8.3 tk
%description tcl
Various tcl packages (extensions) for the graphviz tools.
%if %{with php}
%package php
Summary: PHP extension for graphviz
Requires: %{name} = %{version}-%{release} php-common php
%description php
PHP extension for graphviz.
%endif
%if %{with python2}
%package python2
Summary: Python extension for graphviz
Requires: %{name} = %{version}-%{release}
Provides: python2dist(gv) = %{version} python%{python2_version}dist(gv) = %{version}
Provides: %{name}-python = %{version}-%{release} %{name}-python% = %{version}-%{release}
Obsoletes: %{name}-python < 2.40.1-25 python2-%{name} < 2.40.1-25
%description python2
Python extension for graphviz.
%endif
%package python3
Summary: Python 3 extension for graphviz
Requires: %{name} = %{version}-%{release}
Provides: python3dist(gv) = %{version} python%{python3_version}dist(gv) = %{version}
%description python3
Python 3 extension for graphviz.
%prep
%autosetup -n graphviz-%{version} -p1
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
%build
./autogen.sh
sed -i '/JavaVM.framework/!s/JAVA_INCLUDES=/JAVA_INCLUDES=\"_MY_JAVA_INCLUDES_\"/g' configure
sed -i 's|_MY_JAVA_INCLUDES_|-I%{java_home}/include/ -I%{java_home}/include/linux/|g' configure
sed -i -e 's|expand(|expand(RbConfig::|' -e 's|sitearchdir|vendorarchdir|' config/config_ruby.rb
export CPPFLAGS=-I`ruby -e "puts File.join(RbConfig::CONFIG['includedir'], RbConfig::CONFIG['sitearch'])" || echo /dev/null`
%configure --with-x --disable-static --disable-dependency-tracking \
--without-mylibgd --with-ipsepcola --with-pangocairo \
--with-gdk-pixbuf --with-visio --disable-silent-rules \
--without-lasi --without-gts --disable-sharp --without-ming \
--disable-r --without-devil --without-qt
%if %{with python2}
cp -a tclpkg/gv tclpkg/gv.python2
%endif
%make_build CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow %{?FFSTORE}" \
CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow %{?FFSTORE}" \
PYTHON_INCLUDES=-I/usr/include/python%{python3_version}m PYTHON_LIBS="-lpython%{python3_version}m" \
PYTHON_INSTALL_DIR=%{python3_sitearch} PYTHON=%{__python3}
%if %{with python2}
cd tclpkg/gv.python2
%make_build CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow %{?FFSTORE}" \
CXXFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fno-strict-overflow %{?FFSTORE}" \
PYTHON_INCLUDES=-I/usr/include/python%{python2_version} PYTHON_LIBS="-lpython%{python2_version}" \
PYTHON_INSTALL_DIR=%{python2_sitearch} libgv_python.la
%endif
%install
%make_install docdir=%{buildroot}%{_docdir}/%{name} \
pkgconfigdir=%{_libdir}/pkgconfig PYTHON_LIBS="-lpython%{python3_version}m" \
PYTHON_INSTALL_DIR=%{python3_sitearch} install
%delete_la
%if %{with php}
%{__mkdir_p} %{buildroot}%{_sysconfdir}/php.d
%{__cat} << __EOF__ > %{buildroot}%{_sysconfdir}/php.d/%{ini_name}
; Enable %{name} extension module
extension=gv.so
__EOF__
%endif
find $RPM_BUILD_ROOT%{_datadir}/%{name}/demo -type f -exec chmod a-x {} ';'
chmod -x $RPM_BUILD_ROOT%{_datadir}/%{name}/lefty/*
%if %{with python2}
pushd tclpkg/gv.python2
install -pD .libs/libgv_python.so $RPM_BUILD_ROOT%{python2_sitearch}/_gv.so
install -p gv.py $RPM_BUILD_ROOT%{python2_sitearch}/gv.py
popd
%endif
# python 3
pushd tclpkg/gv
install -pD .libs/libgv_python.so $RPM_BUILD_ROOT%{python3_sitearch}/_gv.so
install -p gv.py $RPM_BUILD_ROOT%{python3_sitearch}/gv.py
popd
rm -rf $RPM_BUILD_ROOT%{_libdir}/graphviz/python
touch $RPM_BUILD_ROOT%{_libdir}/graphviz/config%{pluginsver}
%check
%if %{with php}
LD_LIBRARY_PATH=$RPM_BUILD_ROOT%{_libdir} \
php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/ \
--define extension=libgv_php.so --modules | grep gv
%endif
%pre
%preun
%post
/sbin/ldconfig
%{_bindir}/dot -c
%postun -p /sbin/ldconfig
%files
%defattr(-,root,root)
%doc README
%{_bindir}/*
%dir %{_libdir}/graphviz
%{_libdir}/*.so.*
%{_libdir}/graphviz/*.so.*
%{_libdir}/graphviz/guile/
%dir %{_datadir}/graphviz
%{_datadir}/graphviz/
%ghost %{_libdir}/graphviz/config%{pluginsver}
%exclude %{_bindir}/dot_builtins
%if %{with php}
%files php
%config(noreplace) %{_sysconfdir}/php.d/%{ini_name}
%{_libdir}/graphviz/php/
%{php_extdir}/gv.so
%{_datadir}/php*/*
%endif
%files devel
%{_includedir}/graphviz
%{_libdir}/*.so
%{_libdir}/graphviz/*.so
%{_libdir}/pkgconfig/*.pc
%files docs
%defattr(644,root,root)
%doc %{_datadir}/%{name}/doc
%doc %{_datadir}/%{name}/demo
%doc %{_datadir}/%{name}/doc/pdf
%{_mandir}/man1/*
%{_mandir}/man3/*
%{_mandir}/man7/*
%files java
%{_libdir}/graphviz/java/
%files lua
%{_libdir}/graphviz/lua/
%{_libdir}/lua*/*
%files ocaml
%{_libdir}/graphviz/ocaml/
%files perl
%{_libdir}/graphviz/perl/
%{_libdir}/perl*/*
%if %{with python2}
%files python2
%{python2_sitearch}/*
%endif
%files python3
%{python3_sitearch}/*
%files ruby
%{_libdir}/graphviz/ruby/
%{_libdir}/*ruby*/*
%files tcl
%{_libdir}/graphviz/tcl/
%{_libdir}/tcl*/*
%changelog
* Tue Dec 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.40.1-38
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:optimization the spec
* Thu Sep 19 2019 hufeng <solar.hu@huawei.com> - 2.40.1-37
-Create spec

BIN
graphviz.tar.gz Normal file
View File

Binary file not shown.