update to 2.44.1

2020-07-24 09:56:51 +08:00 · 2020-07-24 09:56:51 +08:00 · bdc570b1ab
commit bdc570b1ab
parent 651d365495
8 changed files with 7 additions and 296 deletions
--- a/CVE-2019-11023.patch
+++ b/CVE-2019-11023.patch
@ -1,131 +0,0 @@
-From 839085f8026afd6f6920a0c31ad2a9d880d97932 Mon Sep 17 00:00:00 2001
-From: Stephen C North <scnorth@gmail.com>
-Date: Tue, 9 Apr 2019 12:38:23 -0400
-Subject: [PATCH] attempted fix for null pointer deference on malformed input
-
---
- cmd/tools/graphml2gv.c | 36 +++++++++++++++++++++---------------
- lib/cgraph/grammar.y   |  8 ++++++++
- lib/cgraph/obj.c       |  2 ++
- 3 files changed, 31 insertions(+), 15 deletions(-)
-
-diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c
-index f4798089e..b9fc9730c 100644
--- a/cmd/tools/graphml2gv.c
-+++ b/cmd/tools/graphml2gv.c
-@@ -468,8 +468,10 @@ startElementHandler(void *userData, const char *name, const char **atts)
- 	if (pos > 0) {
- 	    const char *attrname;
- 	    attrname = atts[pos];
-
-	    bind_node(attrname);
-+            if (G == 0)
-+                fprintf(stderr,"node %s outside graph, ignored\n",attrname);
-+	    else
-+                bind_node(attrname);
- 
- 	    pushString(&ud->elements, attrname);
- 	}
-@@ -495,21 +497,25 @@ startElementHandler(void *userData, const char *name, const char **atts)
- 	if (tname)
- 	    head = tname;
- 
-	bind_edge(tail, head);
-+        if (G == 0)
-+            fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head);
-+        else {
-+            bind_edge(tail, head);
- 
-	t = AGTAIL(E);
-	tname = agnameof(t);
-+            t = AGTAIL(E);
-+	    tname = agnameof(t);
- 
-	if (strcmp(tname, tail) == 0) {
-	    ud->edgeinverted = FALSE;
-	} else if (strcmp(tname, head) == 0) {
-	    ud->edgeinverted = TRUE;
-	}
-+	    if (strcmp(tname, tail) == 0) {
-+	        ud->edgeinverted = FALSE;
-+	    } else if (strcmp(tname, head) == 0) {
-+	        ud->edgeinverted = TRUE;
-+	    }
- 
-	pos = get_xml_attr("id", atts);
-	if (pos > 0) {
-	    setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
-	}
-+	    pos = get_xml_attr("id", atts);
-+	    if (pos > 0) {
-+	        setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud);
-+	    }
-+        }
-     } else {
- 	/* must be some extension */
- 	fprintf(stderr,
-@@ -530,7 +536,7 @@ static void endElementHandler(void *userData, const char *name)
- 	char *ele_name = topString(ud->elements);
- 	if (ud->closedElementType == TAG_GRAPH) {
- 	    Agnode_t *node = agnode(root, ele_name, 0);
-	    agdelete(root, node);
-+	    if (node) agdelete(root, node);
- 	}
- 	popString(&ud->elements);
- 	Current_class = TAG_GRAPH;
-diff --git a/lib/cgraph/grammar.y b/lib/cgraph/grammar.y
-index 90aa27387..127a7241a 100644
--- a/lib/cgraph/grammar.y
-+++ b/lib/cgraph/grammar.y
-@@ -22,6 +22,7 @@ extern void yyerror(char *);	/* gets mapped to aagerror, see below */
- #endif
- 
- static char Key[] = "key";
-+static int SubgraphDepth = 0;
- 
- typedef union s {					/* possible items in generic list */
- 		Agnode_t		*n;
-@@ -542,6 +543,7 @@ static void startgraph(char *name, int directed, int strict)
- 	static Agdesc_t	req;	/* get rid of warnings */
- 
- 	if (G == NILgraph) {
-+    SubgraphDepth = 0;
- 		req.directed = directed;
- 		req.strict = strict;
- 		req.maingraph = TRUE;
-@@ -562,6 +564,11 @@ static void endgraph()
- 
- static void opensubg(char *name)
- {
-+  if (++SubgraphDepth >= YYMAXDEPTH/2) {
-+    char buf[128];
-+    sprintf(buf,"subgraphs nested more than %d deep",YYMAXDEPTH);
-+    agerr(AGERR,buf);
-+  }
- 	S = push(S,agsubg(S->g,name,TRUE));
- 	agstrfree(G,name);
- }
-@@ -569,6 +576,7 @@ static void opensubg(char *name)
- static void closesubg()
- {
- 	Agraph_t *subg = S->g;
-+  --SubgraphDepth;
- 	S = pop(S);
- 	S->subg = subg;
- 	assert(subg);
-diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
-index 7b1c8c101..709774e3d 100644
--- a/lib/cgraph/obj.c
-+++ b/lib/cgraph/obj.c
-@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
- 
- Agraph_t *agroot(void* obj)
- {
-+    // fixes CVE-2019-11023 by moving the problem to the caller :-)
-+    if (obj == 0) return NILgraph; 
-     switch (AGTYPE(obj)) {
-     case AGINEDGE:
-     case AGOUTEDGE:
-- 
-2.21.0
-
--- a/elimination-define-difference.patch
+++ b/elimination-define-difference.patch
@ -1,32 +0,0 @@
-/lib/sfio/features/sfio b/lib/sfio/features/sfio
--- a/lib/sfio/features/sfio	2018-01-01 00:00:00.000000000 +0000
-+++ b/lib/sfio/features/sfio	2018-01-01 00:00:00.000000000 +0000
-@@ -89,7 +89,7 @@ lib memchr note{ see if memchr is fast }
- 		t2 = (etm2.tms_utime - stm2.tms_utime) +
- 		     (etm2.tms_stime - stm2.tms_stime);
- 	
-		return t1 < t2 ? 0 : 1;
-+		return 1;
- 	}
- }end
- 
-@@ -130,7 +130,7 @@ lib memccpy note{ see if memccpy is fast
- 		t2 = (etm2.tms_utime - stm2.tms_utime) +
- 		     (etm2.tms_stime - stm2.tms_stime);
- 	
-		return t1 < t2 ? 0 : 1;
-+		return 1;
- 	}
- }end
- 
-@@ -260,10 +260,6 @@ tst	output{
- 
- 		unlink(file);
- 	
-		if(4*mmtm <= 3*rdtm)		/* mmap is great! */
-			printf("#define _mmap_worthy	2	\n");
-		else if(4*mmtm <= 5*rdtm)	/* mmap is good	*/
-			printf("#define _mmap_worthy	1	\n");
- 	
- 		return 0;
- 	}
--- a/graphviz-2.40.1-CVE-2018-10196.patch
+++ b/graphviz-2.40.1-CVE-2018-10196.patch
@ -1,16 +0,0 @@
-diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
--- a/lib/dotgen/conc.c
-+++ b/lib/dotgen/conc.c
-@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
- 
-     for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
- 	lead = GD_rankleader(g)[r];
-	if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
-+	if (lead == NULL) {
-+		agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
-+		longjmp(jbuf, 1);
-+	}
-+	else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
- 	    agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n", 
- 		agnameof(lead), ND_order(lead), r);
- 	    longjmp(jbuf, 1);
--- a/graphviz-2.40.1-dotty-menu-fix.patch
+++ b/graphviz-2.40.1-dotty-menu-fix.patch
@ -1,22 +0,0 @@
-diff --git a/cmd/dotty/dotty_ui.lefty b/cmd/dotty/dotty_ui.lefty
-index a8c9116..a708c61 100644
--- a/cmd/dotty/dotty_ui.lefty
-+++ b/cmd/dotty/dotty_ui.lefty
-@@ -342,7 +342,7 @@ dotty.protovt.normal.uifuncs = [
-         else
-             gt.insertedge (gt, data.pobj, null, data.obj, null, null, 1);
-     };
-    'rightdown' = function (data) {
-+    'rightup' = function (data) {
-         local vt, gt, menu, i;
- 
-         vt = dotty.views[data.widget];
-@@ -447,7 +447,7 @@ dotty.protovt.birdseye.uifuncs = [
-     'middledown' = dotty.protovt.normal.uifuncs.middledown;
-     'middlemove' = dotty.protovt.normal.uifuncs.middlemove;
-     'middleup' = dotty.protovt.normal.uifuncs.middleup;
-    'rightdown' = dotty.protovt.normal.uifuncs.rightdown;
-+    'rightup' = dotty.protovt.normal.uifuncs.rightup;
-     'keyup' = dotty.protovt.normal.uifuncs.keyup;
-     'redraw' = dotty.protovt.normal.uifuncs.redraw;
-     'closeview' = dotty.protovt.normal.uifuncs.closeview;
--- a/graphviz-2.40.1-python3.patch
+++ b/graphviz-2.40.1-python3.patch
@ -1,56 +0,0 @@
-diff --git a/config/config_python.py b/config/config_python.py
-index b747045..2b1ac8d 100644
--- a/config/config_python.py
-+++ b/config/config_python.py
-@@ -1,12 +1,13 @@
-+from __future__ import print_function
-+
- import sys
- from distutils import sysconfig
- 
- if sys.argv[1] == "archlib":
-    print sysconfig.get_python_lib(1,1)
-+    print(sysconfig.get_python_lib(1,1))
- elif sys.argv[1] == "lib":
-    print sysconfig.get_python_lib(0,1)
-+    print(sysconfig.get_python_lib(0,1))
- elif sys.argv[1] == "archsitelib":
-    print sysconfig.get_python_lib(1,0)
-+    print(sysconfig.get_python_lib(1,0))
- elif sys.argv[1] == "sitelib":
-    print sysconfig.get_python_lib(0,0)
-
-+    print(sysconfig.get_python_lib(0,0))
-diff --git a/configure.ac b/configure.ac
-index 51166c3..0f18965 100644
--- a/configure.ac
-+++ b/configure.ac
-@@ -1142,7 +1142,7 @@ else
-     if test `$SWIG -help 2>&1 | $EGREP -c '\-python *- Generate'` = 0; then
-       use_python="No (swig does not support -python option)"
-     else
-      AC_CHECK_PROG(PYTHON,python,python)
-+      AC_CHECK_PROGS(PYTHON,[python3 python])
-       if test "x$PYTHON" = "x"; then
-         use_python="No (python not available)"
-       else
-@@ -1167,8 +1167,8 @@ else
-       if test "x$PYTHON" = "x"; then
- 	use_python="No (python is too old)"
-       else
-        PYTHON_PREFIX=`$PYTHON -c "import sys; print sys.prefix"`
-        PYTHON_INCLUDES=-I$PYTHON_PREFIX/include/python$PYTHON_VERSION_SHORT
-+        PYTHON_PREFIX=`$PYTHON -c "import sys; print(sys.prefix)"`
-+        PYTHON_INCLUDES=`$PYTHON-config --includes`
- #        PYTHON_LIBS="-lpython$PYTHON_VERSION_SHORT"
- 	PYTHON_LIBS="-undefined dynamic_lookup"
-         PYTHON_INSTALL_DIR="`$PYTHON $srcdir/config/config_python.py archsitelib`"
-@@ -1548,7 +1548,7 @@ else
-       if test "x$PYTHON34" = "x"; then
- 	    use_python34="No (python34 is too old)"
-       else
-        PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print sys.prefix"`
-+        PYTHON34_PREFIX=`$PYTHON3 -c "import sys; print(sys.prefix)"`
- #        PYTHON34_INCLUDES=-I$PYTHON34_PREFIX/include/python$PYTHON34_VERSION_SHORT
- # FIXME - whats the stupid "m" for?
-         PYTHON34_INCLUDES=-I/usr/include/python3.4m
--- a/graphviz-2.40.1-visio.patch
+++ b/graphviz-2.40.1-visio.patch
@ -1,25 +0,0 @@
-diff --git a/plugin/visio/VisioGraphic.cpp b/plugin/visio/VisioGraphic.cpp
-index 303eac0..14e377c 100644
--- a/plugin/visio/VisioGraphic.cpp
-+++ b/plugin/visio/VisioGraphic.cpp
-@@ -29,6 +29,8 @@
- #define isfinite(x) finite(x)
- #endif
- 
-+#include <cstdlib>
-+
- #include "VisioGraphic.h"
- 
- #include "gvcjob.h"
-diff --git a/plugin/visio/VisioText.cpp b/plugin/visio/VisioText.cpp
-index 635806c..3c6441a 100644
--- a/plugin/visio/VisioText.cpp
-+++ b/plugin/visio/VisioText.cpp
-@@ -17,6 +17,7 @@
- 
- #include "gvcjob.h"
- #include "gvio.h"
-+#include <cstdlib>
- #include <string.h>
- 
- extern "C" char *xml_string(char* str);
--- a/graphviz-2.44.1.tar.gz
+++ b/graphviz-2.44.1.tar.gz
--- a/graphviz.spec
+++ b/graphviz.spec
@ -15,22 +15,12 @@


 Name:               graphviz
-Version:            2.40.1
-Release:            39
+Version:            2.44.1
+Release:            1
 Summary:            Graph Visualization Tools
 License:            EPL
 URL:                http://www.graphviz.org/
-Source0:            https://gitlab.com/graphviz/graphviz/-/archive/stable_release_%{version}/graphviz.tar.gz
-
-Patch0:             graphviz-2.40.1-visio.patch
-
-Patch1:             graphviz-2.40.1-python3.patch
-
-Patch2:             graphviz-2.40.1-CVE-2018-10196.patch
-Patch3:             graphviz-2.40.1-dotty-menu-fix.patch
-
-Patch6000:          CVE-2019-11023.patch
-Patch9000:          elimination-define-difference.patch
+Source0:            https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz

 BuildRequires:      ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
 BuildRequires:      zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3
@ -321,6 +311,9 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/


 %changelog
+* Fri Jul 24 2020 hanhui <hanhui15@huawei.com> - 2.44.1-1
+- update to 2.44.1
+
 * Tue Jun 23 2020 xinghe <xinghe1@huawei.com> - 2.40.1-39
 - Type:bugfix
 - ID:NA
@ -334,4 +327,4 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
 - DESC:optimization the spec

 * Thu Sep 19 2019 hufeng <solar.hu@huawei.com> - 2.40.1-37
-Create spec
+-Create spec