diff --git a/CVE-2019-11023.patch b/CVE-2019-11023.patch deleted file mode 100644 index 325348a..0000000 --- a/CVE-2019-11023.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 839085f8026afd6f6920a0c31ad2a9d880d97932 Mon Sep 17 00:00:00 2001 -From: Stephen C North -Date: Tue, 9 Apr 2019 12:38:23 -0400 -Subject: [PATCH] attempted fix for null pointer deference on malformed input - ---- - cmd/tools/graphml2gv.c | 36 +++++++++++++++++++++--------------- - lib/cgraph/grammar.y | 8 ++++++++ - lib/cgraph/obj.c | 2 ++ - 3 files changed, 31 insertions(+), 15 deletions(-) - -diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c -index f4798089e..b9fc9730c 100644 ---- a/cmd/tools/graphml2gv.c -+++ b/cmd/tools/graphml2gv.c -@@ -468,8 +468,10 @@ startElementHandler(void *userData, const char *name, const char **atts) - if (pos > 0) { - const char *attrname; - attrname = atts[pos]; -- -- bind_node(attrname); -+ if (G == 0) -+ fprintf(stderr,"node %s outside graph, ignored\n",attrname); -+ else -+ bind_node(attrname); - - pushString(&ud->elements, attrname); - } -@@ -495,21 +497,25 @@ startElementHandler(void *userData, const char *name, const char **atts) - if (tname) - head = tname; - -- bind_edge(tail, head); -+ if (G == 0) -+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head); -+ else { -+ bind_edge(tail, head); - -- t = AGTAIL(E); -- tname = agnameof(t); -+ t = AGTAIL(E); -+ tname = agnameof(t); - -- if (strcmp(tname, tail) == 0) { -- ud->edgeinverted = FALSE; -- } else if (strcmp(tname, head) == 0) { -- ud->edgeinverted = TRUE; -- } -+ if (strcmp(tname, tail) == 0) { -+ ud->edgeinverted = FALSE; -+ } else if (strcmp(tname, head) == 0) { -+ ud->edgeinverted = TRUE; -+ } - -- pos = get_xml_attr("id", atts); -- if (pos > 0) { -- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); -- } -+ pos = get_xml_attr("id", atts); -+ if (pos > 0) { -+ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); -+ } -+ } - } else { - /* must be some extension */ - fprintf(stderr, -@@ -530,7 +536,7 @@ static void endElementHandler(void *userData, const char *name) - char *ele_name = topString(ud->elements); - if (ud->closedElementType == TAG_GRAPH) { - Agnode_t *node = agnode(root, ele_name, 0); -- agdelete(root, node); -+ if (node) agdelete(root, node); - } - popString(&ud->elements); - Current_class = TAG_GRAPH; -diff --git a/lib/cgraph/grammar.y b/lib/cgraph/grammar.y -index 90aa27387..127a7241a 100644 ---- a/lib/cgraph/grammar.y -+++ b/lib/cgraph/grammar.y -@@ -22,6 +22,7 @@ extern void yyerror(char *); /* gets mapped to aagerror, see below */ - #endif - - static char Key[] = "key"; -+static int SubgraphDepth = 0; - - typedef union s { /* possible items in generic list */ - Agnode_t *n; -@@ -542,6 +543,7 @@ static void startgraph(char *name, int directed, int strict) - static Agdesc_t req; /* get rid of warnings */ - - if (G == NILgraph) { -+ SubgraphDepth = 0; - req.directed = directed; - req.strict = strict; - req.maingraph = TRUE; -@@ -562,6 +564,11 @@ static void endgraph() - - static void opensubg(char *name) - { -+ if (++SubgraphDepth >= YYMAXDEPTH/2) { -+ char buf[128]; -+ sprintf(buf,"subgraphs nested more than %d deep",YYMAXDEPTH); -+ agerr(AGERR,buf); -+ } - S = push(S,agsubg(S->g,name,TRUE)); - agstrfree(G,name); - } -@@ -569,6 +576,7 @@ static void opensubg(char *name) - static void closesubg() - { - Agraph_t *subg = S->g; -+ --SubgraphDepth; - S = pop(S); - S->subg = subg; - assert(subg); -diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c -index 7b1c8c101..709774e3d 100644 ---- a/lib/cgraph/obj.c -+++ b/lib/cgraph/obj.c -@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack) - - Agraph_t *agroot(void* obj) - { -+ // fixes CVE-2019-11023 by moving the problem to the caller :-) -+ if (obj == 0) return NILgraph; - switch (AGTYPE(obj)) { - case AGINEDGE: - case AGOUTEDGE: --- -2.21.0 - diff --git a/elimination-define-difference.patch b/elimination-define-difference.patch deleted file mode 100644 index cc6d3ab..0000000 --- a/elimination-define-difference.patch +++ /dev/null @@ -1,32 +0,0 @@ -/lib/sfio/features/sfio b/lib/sfio/features/sfio ---- a/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000 -+++ b/lib/sfio/features/sfio 2018-01-01 00:00:00.000000000 +0000 -@@ -89,7 +89,7 @@ lib memchr note{ see if memchr is fast } - t2 = (etm2.tms_utime - stm2.tms_utime) + - (etm2.tms_stime - stm2.tms_stime); - -- return t1 < t2 ? 0 : 1; -+ return 1; - } - }end - -@@ -130,7 +130,7 @@ lib memccpy note{ see if memccpy is fast - t2 = (etm2.tms_utime - stm2.tms_utime) + - (etm2.tms_stime - stm2.tms_stime); - -- return t1 < t2 ? 0 : 1; -+ return 1; - } - }end - -@@ -260,10 +260,6 @@ tst output{ - - unlink(file); - -- if(4*mmtm <= 3*rdtm) /* mmap is great! */ -- printf("#define _mmap_worthy 2 \n"); -- else if(4*mmtm <= 5*rdtm) /* mmap is good */ -- printf("#define _mmap_worthy 1 \n"); - - return 0; - } diff --git a/graphviz-2.40.1-CVE-2018-10196.patch b/graphviz-2.40.1-CVE-2018-10196.patch deleted file mode 100644 index 7b7587b..0000000 --- a/graphviz-2.40.1-CVE-2018-10196.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c ---- a/lib/dotgen/conc.c -+++ b/lib/dotgen/conc.c -@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g) - - for (r = GD_minrank(g); r <= GD_maxrank(g); r++) { - lead = GD_rankleader(g)[r]; -- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) { -+ if (lead == NULL) { -+ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r); -+ longjmp(jbuf, 1); -+ } -+ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) { - agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n", - agnameof(lead), ND_order(lead), r); - longjmp(jbuf, 1); diff --git a/graphviz-2.40.1-dotty-menu-fix.patch b/graphviz-2.40.1-dotty-menu-fix.patch deleted file mode 100644 index 8c5f34a..0000000 --- a/graphviz-2.40.1-dotty-menu-fix.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/cmd/dotty/dotty_ui.lefty b/cmd/dotty/dotty_ui.lefty -index a8c9116..a708c61 100644 ---- a/cmd/dotty/dotty_ui.lefty -+++ b/cmd/dotty/dotty_ui.lefty -@@ -342,7 +342,7 @@ dotty.protovt.normal.uifuncs = [ - else - gt.insertedge (gt, data.pobj, null, data.obj, null, null, 1); - }; -- 'rightdown' = function (data) { -+ 'rightup' = function (data) { - local vt, gt, menu, i; - - vt = dotty.views[data.widget]; -@@ -447,7 +447,7 @@ dotty.protovt.birdseye.uifuncs = [ - 'middledown' = dotty.protovt.normal.uifuncs.middledown; - 'middlemove' = dotty.protovt.normal.uifuncs.middlemove; - 'middleup' = dotty.protovt.normal.uifuncs.middleup; -- 'rightdown' = dotty.protovt.normal.uifuncs.rightdown; -+ 'rightup' = dotty.protovt.normal.uifuncs.rightup; - 'keyup' = dotty.protovt.normal.uifuncs.keyup; - 'redraw' = dotty.protovt.normal.uifuncs.redraw; - 'closeview' = dotty.protovt.normal.uifuncs.closeview; diff --git a/graphviz-2.40.1-python3.patch b/graphviz-2.40.1-python3.patch deleted file mode 100644 index 0c3e315..0000000 --- a/graphviz-2.40.1-python3.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff --git a/config/config_python.py b/config/config_python.py -index b747045..2b1ac8d 100644 ---- a/config/config_python.py -+++ b/config/config_python.py -@@ -1,12 +1,13 @@ -+from __future__ import print_function -+ - import sys - from distutils import sysconfig - - if sys.argv[1] == "archlib": -- print sysconfig.get_python_lib(1,1) -+ print(sysconfig.get_python_lib(1,1)) - elif sys.argv[1] == "lib": -- print sysconfig.get_python_lib(0,1) -+ print(sysconfig.get_python_lib(0,1)) - elif sys.argv[1] == "archsitelib": -- print sysconfig.get_python_lib(1,0) -+ print(sysconfig.get_python_lib(1,0)) - elif sys.argv[1] == "sitelib": -- print sysconfig.get_python_lib(0,0) -- -+ print(sysconfig.get_python_lib(0,0)) -diff --git a/configure.ac b/configure.ac -index 51166c3..0f18965 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1142,7 +1142,7 @@ else - if test `$SWIG -help 2>&1 | $EGREP -c '\-python *- Generate'` = 0; then - use_python="No (swig does not support -python option)" - else -- AC_CHECK_PROG(PYTHON,python,python) -+ AC_CHECK_PROGS(PYTHON,[python3 python]) - if test "x$PYTHON" = "x"; then - use_python="No (python not available)" - else -@@ -1167,8 +1167,8 @@ else - if test "x$PYTHON" = "x"; then - use_python="No (python is too old)" - else -- PYTHON_PREFIX=`$PYTHON -c "import sys; print sys.prefix"` -- PYTHON_INCLUDES=-I$PYTHON_PREFIX/include/python$PYTHON_VERSION_SHORT -+ PYTHON_PREFIX=`$PYTHON -c "import sys; print(sys.prefix)"` -+ PYTHON_INCLUDES=`$PYTHON-config --includes` - # PYTHON_LIBS="-lpython$PYTHON_VERSION_SHORT" - PYTHON_LIBS="-undefined dynamic_lookup" - PYTHON_INSTALL_DIR="`$PYTHON $srcdir/config/config_python.py archsitelib`" -@@ -1548,7 +1548,7 @@ else - if test "x$PYTHON34" = "x"; then - use_python34="No (python34 is too old)" - else -- PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print sys.prefix"` -+ PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print(sys.prefix)"` - # PYTHON34_INCLUDES=-I$PYTHON34_PREFIX/include/python$PYTHON34_VERSION_SHORT - # FIXME - whats the stupid "m" for? - PYTHON34_INCLUDES=-I/usr/include/python3.4m diff --git a/graphviz-2.40.1-visio.patch b/graphviz-2.40.1-visio.patch deleted file mode 100644 index 051d34c..0000000 --- a/graphviz-2.40.1-visio.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/plugin/visio/VisioGraphic.cpp b/plugin/visio/VisioGraphic.cpp -index 303eac0..14e377c 100644 ---- a/plugin/visio/VisioGraphic.cpp -+++ b/plugin/visio/VisioGraphic.cpp -@@ -29,6 +29,8 @@ - #define isfinite(x) finite(x) - #endif - -+#include -+ - #include "VisioGraphic.h" - - #include "gvcjob.h" -diff --git a/plugin/visio/VisioText.cpp b/plugin/visio/VisioText.cpp -index 635806c..3c6441a 100644 ---- a/plugin/visio/VisioText.cpp -+++ b/plugin/visio/VisioText.cpp -@@ -17,6 +17,7 @@ - - #include "gvcjob.h" - #include "gvio.h" -+#include - #include - - extern "C" char *xml_string(char* str); diff --git a/graphviz.tar.gz b/graphviz-2.44.1.tar.gz similarity index 61% rename from graphviz.tar.gz rename to graphviz-2.44.1.tar.gz index 2b75ff6..0b04ce6 100644 Binary files a/graphviz.tar.gz and b/graphviz-2.44.1.tar.gz differ diff --git a/graphviz.spec b/graphviz.spec index f2d9a04..4e94615 100644 --- a/graphviz.spec +++ b/graphviz.spec @@ -15,22 +15,12 @@ Name: graphviz -Version: 2.40.1 -Release: 39 +Version: 2.44.1 +Release: 1 Summary: Graph Visualization Tools License: EPL URL: http://www.graphviz.org/ -Source0: https://gitlab.com/graphviz/graphviz/-/archive/stable_release_%{version}/graphviz.tar.gz - -Patch0: graphviz-2.40.1-visio.patch - -Patch1: graphviz-2.40.1-python3.patch - -Patch2: graphviz-2.40.1-CVE-2018-10196.patch -Patch3: graphviz-2.40.1-dotty-menu-fix.patch - -Patch6000: CVE-2019-11023.patch -Patch9000: elimination-define-difference.patch +Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33 BuildRequires: zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3 @@ -321,6 +311,9 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/ %changelog +* Fri Jul 24 2020 hanhui - 2.44.1-1 +- update to 2.44.1 + * Tue Jun 23 2020 xinghe - 2.40.1-39 - Type:bugfix - ID:NA @@ -334,4 +327,4 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/ - DESC:optimization the spec * Thu Sep 19 2019 hufeng - 2.40.1-37 --Create spec \ No newline at end of file +-Create spec