Date: Friday, January 10, 2014 @ 05:16:47
Author: bisson
Revision: 203404
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
graphviz/repos/extra-i686/PKGBUILD
(from rev 203403, graphviz/trunk/PKGBUILD)
graphviz/repos/extra-i686/dotty.patch
(from rev 203403, graphviz/trunk/dotty.patch)
graphviz/repos/extra-i686/install
(from rev 203403, graphviz/trunk/install)
graphviz/repos/extra-i686/yyerror0.patch
(from rev 203403, graphviz/trunk/yyerror0.patch)
graphviz/repos/extra-i686/yyerror1.patch
(from rev 203403, graphviz/trunk/yyerror1.patch)
graphviz/repos/extra-x86_64/PKGBUILD
(from rev 203403, graphviz/trunk/PKGBUILD)
graphviz/repos/extra-x86_64/dotty.patch
(from rev 203403, graphviz/trunk/dotty.patch)
graphviz/repos/extra-x86_64/install
(from rev 203403, graphviz/trunk/install)
graphviz/repos/extra-x86_64/yyerror0.patch
(from rev 203403, graphviz/trunk/yyerror0.patch)
graphviz/repos/extra-x86_64/yyerror1.patch
(from rev 203403, graphviz/trunk/yyerror1.patch)
Deleted:
graphviz/repos/extra-i686/PKGBUILD
graphviz/repos/extra-i686/dotty.patch
graphviz/repos/extra-i686/install
graphviz/repos/extra-x86_64/PKGBUILD
graphviz/repos/extra-x86_64/dotty.patch
graphviz/repos/extra-x86_64/install
-----------------------------+
/PKGBUILD | 116 ++++++++++++++++++++++++++++++++++++++++++
/dotty.patch | 42 +++++++++++++++
/install | 24 ++++++++
extra-i686/PKGBUILD | 52 ------------------
extra-i686/dotty.patch | 21 -------
extra-i686/install | 12 ----
extra-i686/yyerror0.patch | 53 +++++++++++++++++++
extra-i686/yyerror1.patch | 26 +++++++++
extra-x86_64/PKGBUILD | 52 ------------------
extra-x86_64/dotty.patch | 21 -------
extra-x86_64/install | 12 ----
extra-x86_64/yyerror0.patch | 53 +++++++++++++++++++
extra-x86_64/yyerror1.patch | 26 +++++++++
13 files changed, 340 insertions(+), 170 deletions(-)
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-i686/PKGBUILD 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bis...@archlinux.org>
-# Contributor: kevin <ke...@archlinux.org>
-# Contributor: John Proctor <jproc...@prium.net>
-
-pkgname=graphviz
-pkgver=2.34.0
-pkgrel=2
-pkgdesc='Graph visualization software'
-url='http://www.graphviz.org/'
-license=('CPL')
-arch=('i686' 'x86_64')
-depends=('libltdl' 'gd' 'librsvg' 'libxaw' 'ghostscript' 'pango' 'gts')
-makedepends=('swig' 'mono' 'guile' 'lua51' 'ocaml' 'perl' 'php' 'python2' 'r'
'tk' 'qt4')
-optdepends=('mono: sharp bindings'
- 'guile: guile bindings'
- 'lua51: lua bindings'
- 'ocaml: ocaml bindings'
- 'perl: perl bindings'
- 'php: php bindings'
- 'python2: python bindings'
- 'r: r bindings'
- 'tcl: tcl bindings'
- 'qt4: gvedit')
-source=("${url}/pub/${pkgname}/stable/SOURCES/${pkgname}-${pkgver}.tar.gz"
- 'dotty.patch')
-sha1sums=('5a0c00bebe7f4c7a04523db21f40966dc9f0d441'
- '31bc9f505c8b6470289a0d6ec31c237765cba239')
-
-install=install
-
-prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- patch -p1 -i ../dotty.patch
- sed \
- -e '/LIBPOSTFIX="64"/d' \
- -i configure
-}
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- export PYTHON=python2
- export LUA=lua5.1
-
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
-}
Copied: graphviz/repos/extra-i686/PKGBUILD (from rev 203403,
graphviz/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bis...@archlinux.org>
+# Contributor: kevin <ke...@archlinux.org>
+# Contributor: John Proctor <jproc...@prium.net>
+
+pkgname=graphviz
+pkgver=2.34.0
+pkgrel=3
+pkgdesc='Graph visualization software'
+url='http://www.graphviz.org/'
+license=('CPL')
+arch=('i686' 'x86_64')
+depends=('libltdl' 'gd' 'librsvg' 'libxaw' 'ghostscript' 'pango' 'gts')
+makedepends=('swig' 'mono' 'guile' 'lua51' 'ocaml' 'perl' 'php' 'python2' 'r'
'tk' 'qt4')
+optdepends=('mono: sharp bindings'
+ 'guile: guile bindings'
+ 'lua51: lua bindings'
+ 'ocaml: ocaml bindings'
+ 'perl: perl bindings'
+ 'php: php bindings'
+ 'python2: python bindings'
+ 'r: r bindings'
+ 'tcl: tcl bindings'
+ 'qt4: gvedit')
+source=("${url}/pub/${pkgname}/stable/SOURCES/${pkgname}-${pkgver}.tar.gz"
+ 'yyerror0.patch'
+ 'yyerror1.patch'
+ 'dotty.patch')
+sha1sums=('5a0c00bebe7f4c7a04523db21f40966dc9f0d441'
+ '7a6fe4f532974d9ca173b1aba9927bdeb5f80be9'
+ '6d76a230ee6c11bcd610ebe56f98e96ecef6217d'
+ '31bc9f505c8b6470289a0d6ec31c237765cba239')
+
+install=install
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../yyerror0.patch
+ patch -p1 -i ../yyerror1.patch
+ patch -p1 -i ../dotty.patch
+ sed \
+ -e '/LIBPOSTFIX="64"/d' \
+ -i configure
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ export PYTHON=python2
+ export LUA=lua5.1
+
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+}
Deleted: extra-i686/dotty.patch
===================================================================
--- extra-i686/dotty.patch 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-i686/dotty.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,21 +0,0 @@
-diff -Naur old/cmd/dotty/dotty_layout.lefty new/cmd/dotty/dotty_layout.lefty
---- old/cmd/dotty/dotty_layout.lefty 2013-09-06 15:07:52.000000000 -1000
-+++ new/cmd/dotty/dotty_layout.lefty 2013-10-22 15:23:50.153028328 -1000
-@@ -5,7 +5,7 @@
- local fd;
-
- if (~dotty.lservers[lserver] | tablesize (dotty.lservers[lserver]) == 0) {
-- if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot')) >= 0)) {
-+ if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot1.2')) >= 0)) {
- dotty.message (0, concat ('cannot start ', lserver));
- return null;
- }
-@@ -438,6 +438,8 @@
- }
- } else if (t[i] == 'I') {
- i = i + 7;
-+ } else if (t[i] == 't') {
-+ i = i + 2;
- } else {
- dotty.message (0, concat ('draw language parser error: ', t[i]));
- return null;
Copied: graphviz/repos/extra-i686/dotty.patch (from rev 203403,
graphviz/trunk/dotty.patch)
===================================================================
--- extra-i686/dotty.patch (rev 0)
+++ extra-i686/dotty.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,21 @@
+diff -Naur old/cmd/dotty/dotty_layout.lefty new/cmd/dotty/dotty_layout.lefty
+--- old/cmd/dotty/dotty_layout.lefty 2013-09-06 15:07:52.000000000 -1000
++++ new/cmd/dotty/dotty_layout.lefty 2013-10-22 15:23:50.153028328 -1000
+@@ -5,7 +5,7 @@
+ local fd;
+
+ if (~dotty.lservers[lserver] | tablesize (dotty.lservers[lserver]) == 0) {
+- if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot')) >= 0)) {
++ if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot1.2')) >= 0)) {
+ dotty.message (0, concat ('cannot start ', lserver));
+ return null;
+ }
+@@ -438,6 +438,8 @@
+ }
+ } else if (t[i] == 'I') {
+ i = i + 7;
++ } else if (t[i] == 't') {
++ i = i + 2;
+ } else {
+ dotty.message (0, concat ('draw language parser error: ', t[i]));
+ return null;
Deleted: extra-i686/install
===================================================================
--- extra-i686/install 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-i686/install 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,12 +0,0 @@
-post_install() {
- rm -f usr/lib/graphviz/config{,6}
- usr/bin/dot -c
-}
-
-post_upgrade() {
- post_install
-}
-
-pre_remove() {
- rm -f usr/lib/graphviz/config{,6}
-}
Copied: graphviz/repos/extra-i686/install (from rev 203403,
graphviz/trunk/install)
===================================================================
--- extra-i686/install (rev 0)
+++ extra-i686/install 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,12 @@
+post_install() {
+ rm -f usr/lib/graphviz/config{,6}
+ usr/bin/dot -c
+}
+
+post_upgrade() {
+ post_install
+}
+
+pre_remove() {
+ rm -f usr/lib/graphviz/config{,6}
+}
Copied: graphviz/repos/extra-i686/yyerror0.patch (from rev 203403,
graphviz/trunk/yyerror0.patch)
===================================================================
--- extra-i686/yyerror0.patch (rev 0)
+++ extra-i686/yyerror0.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,53 @@
+From 7aaddf52cd98589fb0c3ab72a393f8411838438a Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <e...@alum.mit.edu>
+Date: Fri, 4 Oct 2013 09:06:39 -0400
+Subject: [PATCH] Fix buffer overflow problem when reporting a syntax error
+ with a very long input line
+
+---
+ lib/cgraph/scan.l | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3cfde0f..2efd203 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -16,6 +16,7 @@
+ %{
+ #include <grammar.h>
+ #include <cghdr.h>
++#include <agxbuf.h>
+ #include <ctype.h>
+ #define GRAPH_EOF_TOKEN '@' /* lex class must be
defined below */
+ /* this is a workaround for linux flex */
+@@ -191,13 +192,21 @@ ID ({NAME}|{NUMBER})
+ %%
+ void yyerror(char *str)
+ {
++ unsigned char xbuf[BUFSIZ];
+ char buf[BUFSIZ];
+- if (InputFile)
+- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile,
line_num,
+- str,line_num,yytext);
+- else
+- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
+- agerr(AGWARN,buf);
++ agxbuf xb;
++
++ agxbinit(&xb, BUFSIZ, xbuf);
++ if (InputFile) {
++ agxbput (&xb, InputFile);
++ agxbput (&xb, ": ");
++ }
++ sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, buf);
++ agxbput (&xb, yytext);
++ agxbput (&xb,"'\n");
++ agerr(AGWARN,agxbuse(&xb));
++ agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
+ void aglexeof() { unput(GRAPH_EOF_TOKEN); }
+--
+1.8.5.1
+
Copied: graphviz/repos/extra-i686/yyerror1.patch (from rev 203403,
graphviz/trunk/yyerror1.patch)
===================================================================
--- extra-i686/yyerror1.patch (rev 0)
+++ extra-i686/yyerror1.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,26 @@
+From d266bb2b4154d11c27252b56d86963aef4434750 Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <e...@alum.mit.edu>
+Date: Tue, 7 Jan 2014 10:45:36 -0500
+Subject: [PATCH] Prevent possible buffer overflow in yyerror()
+
+---
+ lib/cgraph/scan.l | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3efe1d5..212967c 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -201,7 +201,8 @@ void yyerror(char *str)
+ agxbput (&xb, InputFile);
+ agxbput (&xb, ": ");
+ }
+- sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, str);
++ sprintf(buf," in line %d near '", line_num);
+ agxbput (&xb, buf);
+ agxbput (&xb, yytext);
+ agxbput (&xb,"'\n");
+--
+1.8.5.1
+
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-x86_64/PKGBUILD 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,52 +0,0 @@
-# $Id$
-# Maintainer: Gaetan Bisson <bis...@archlinux.org>
-# Contributor: kevin <ke...@archlinux.org>
-# Contributor: John Proctor <jproc...@prium.net>
-
-pkgname=graphviz
-pkgver=2.34.0
-pkgrel=2
-pkgdesc='Graph visualization software'
-url='http://www.graphviz.org/'
-license=('CPL')
-arch=('i686' 'x86_64')
-depends=('libltdl' 'gd' 'librsvg' 'libxaw' 'ghostscript' 'pango' 'gts')
-makedepends=('swig' 'mono' 'guile' 'lua51' 'ocaml' 'perl' 'php' 'python2' 'r'
'tk' 'qt4')
-optdepends=('mono: sharp bindings'
- 'guile: guile bindings'
- 'lua51: lua bindings'
- 'ocaml: ocaml bindings'
- 'perl: perl bindings'
- 'php: php bindings'
- 'python2: python bindings'
- 'r: r bindings'
- 'tcl: tcl bindings'
- 'qt4: gvedit')
-source=("${url}/pub/${pkgname}/stable/SOURCES/${pkgname}-${pkgver}.tar.gz"
- 'dotty.patch')
-sha1sums=('5a0c00bebe7f4c7a04523db21f40966dc9f0d441'
- '31bc9f505c8b6470289a0d6ec31c237765cba239')
-
-install=install
-
-prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- patch -p1 -i ../dotty.patch
- sed \
- -e '/LIBPOSTFIX="64"/d' \
- -i configure
-}
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- export PYTHON=python2
- export LUA=lua5.1
-
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
-}
Copied: graphviz/repos/extra-x86_64/PKGBUILD (from rev 203403,
graphviz/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,58 @@
+# $Id$
+# Maintainer: Gaetan Bisson <bis...@archlinux.org>
+# Contributor: kevin <ke...@archlinux.org>
+# Contributor: John Proctor <jproc...@prium.net>
+
+pkgname=graphviz
+pkgver=2.34.0
+pkgrel=3
+pkgdesc='Graph visualization software'
+url='http://www.graphviz.org/'
+license=('CPL')
+arch=('i686' 'x86_64')
+depends=('libltdl' 'gd' 'librsvg' 'libxaw' 'ghostscript' 'pango' 'gts')
+makedepends=('swig' 'mono' 'guile' 'lua51' 'ocaml' 'perl' 'php' 'python2' 'r'
'tk' 'qt4')
+optdepends=('mono: sharp bindings'
+ 'guile: guile bindings'
+ 'lua51: lua bindings'
+ 'ocaml: ocaml bindings'
+ 'perl: perl bindings'
+ 'php: php bindings'
+ 'python2: python bindings'
+ 'r: r bindings'
+ 'tcl: tcl bindings'
+ 'qt4: gvedit')
+source=("${url}/pub/${pkgname}/stable/SOURCES/${pkgname}-${pkgver}.tar.gz"
+ 'yyerror0.patch'
+ 'yyerror1.patch'
+ 'dotty.patch')
+sha1sums=('5a0c00bebe7f4c7a04523db21f40966dc9f0d441'
+ '7a6fe4f532974d9ca173b1aba9927bdeb5f80be9'
+ '6d76a230ee6c11bcd610ebe56f98e96ecef6217d'
+ '31bc9f505c8b6470289a0d6ec31c237765cba239')
+
+install=install
+
+prepare() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -p1 -i ../yyerror0.patch
+ patch -p1 -i ../yyerror1.patch
+ patch -p1 -i ../dotty.patch
+ sed \
+ -e '/LIBPOSTFIX="64"/d' \
+ -i configure
+}
+
+build() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ export PYTHON=python2
+ export LUA=lua5.1
+
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+}
Deleted: extra-x86_64/dotty.patch
===================================================================
--- extra-x86_64/dotty.patch 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-x86_64/dotty.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,21 +0,0 @@
-diff -Naur old/cmd/dotty/dotty_layout.lefty new/cmd/dotty/dotty_layout.lefty
---- old/cmd/dotty/dotty_layout.lefty 2013-09-06 15:07:52.000000000 -1000
-+++ new/cmd/dotty/dotty_layout.lefty 2013-10-22 15:23:50.153028328 -1000
-@@ -5,7 +5,7 @@
- local fd;
-
- if (~dotty.lservers[lserver] | tablesize (dotty.lservers[lserver]) == 0) {
-- if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot')) >= 0)) {
-+ if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot1.2')) >= 0)) {
- dotty.message (0, concat ('cannot start ', lserver));
- return null;
- }
-@@ -438,6 +438,8 @@
- }
- } else if (t[i] == 'I') {
- i = i + 7;
-+ } else if (t[i] == 't') {
-+ i = i + 2;
- } else {
- dotty.message (0, concat ('draw language parser error: ', t[i]));
- return null;
Copied: graphviz/repos/extra-x86_64/dotty.patch (from rev 203403,
graphviz/trunk/dotty.patch)
===================================================================
--- extra-x86_64/dotty.patch (rev 0)
+++ extra-x86_64/dotty.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,21 @@
+diff -Naur old/cmd/dotty/dotty_layout.lefty new/cmd/dotty/dotty_layout.lefty
+--- old/cmd/dotty/dotty_layout.lefty 2013-09-06 15:07:52.000000000 -1000
++++ new/cmd/dotty/dotty_layout.lefty 2013-10-22 15:23:50.153028328 -1000
+@@ -5,7 +5,7 @@
+ local fd;
+
+ if (~dotty.lservers[lserver] | tablesize (dotty.lservers[lserver]) == 0) {
+- if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot')) >= 0)) {
++ if (~((fd = openio ('pipe', lserver, 'r+', '%e -Txdot1.2')) >= 0)) {
+ dotty.message (0, concat ('cannot start ', lserver));
+ return null;
+ }
+@@ -438,6 +438,8 @@
+ }
+ } else if (t[i] == 'I') {
+ i = i + 7;
++ } else if (t[i] == 't') {
++ i = i + 2;
+ } else {
+ dotty.message (0, concat ('draw language parser error: ', t[i]));
+ return null;
Deleted: extra-x86_64/install
===================================================================
--- extra-x86_64/install 2014-01-10 04:15:50 UTC (rev 203403)
+++ extra-x86_64/install 2014-01-10 04:16:47 UTC (rev 203404)
@@ -1,12 +0,0 @@
-post_install() {
- rm -f usr/lib/graphviz/config{,6}
- usr/bin/dot -c
-}
-
-post_upgrade() {
- post_install
-}
-
-pre_remove() {
- rm -f usr/lib/graphviz/config{,6}
-}
Copied: graphviz/repos/extra-x86_64/install (from rev 203403,
graphviz/trunk/install)
===================================================================
--- extra-x86_64/install (rev 0)
+++ extra-x86_64/install 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,12 @@
+post_install() {
+ rm -f usr/lib/graphviz/config{,6}
+ usr/bin/dot -c
+}
+
+post_upgrade() {
+ post_install
+}
+
+pre_remove() {
+ rm -f usr/lib/graphviz/config{,6}
+}
Copied: graphviz/repos/extra-x86_64/yyerror0.patch (from rev 203403,
graphviz/trunk/yyerror0.patch)
===================================================================
--- extra-x86_64/yyerror0.patch (rev 0)
+++ extra-x86_64/yyerror0.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,53 @@
+From 7aaddf52cd98589fb0c3ab72a393f8411838438a Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <e...@alum.mit.edu>
+Date: Fri, 4 Oct 2013 09:06:39 -0400
+Subject: [PATCH] Fix buffer overflow problem when reporting a syntax error
+ with a very long input line
+
+---
+ lib/cgraph/scan.l | 21 +++++++++++++++------
+ 1 file changed, 15 insertions(+), 6 deletions(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3cfde0f..2efd203 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -16,6 +16,7 @@
+ %{
+ #include <grammar.h>
+ #include <cghdr.h>
++#include <agxbuf.h>
+ #include <ctype.h>
+ #define GRAPH_EOF_TOKEN '@' /* lex class must be
defined below */
+ /* this is a workaround for linux flex */
+@@ -191,13 +192,21 @@ ID ({NAME}|{NUMBER})
+ %%
+ void yyerror(char *str)
+ {
++ unsigned char xbuf[BUFSIZ];
+ char buf[BUFSIZ];
+- if (InputFile)
+- sprintf(buf,"%s:%d: %s in line %d near '%s'\n",InputFile,
line_num,
+- str,line_num,yytext);
+- else
+- sprintf(buf," %s in line %d near '%s'\n", str,line_num,yytext);
+- agerr(AGWARN,buf);
++ agxbuf xb;
++
++ agxbinit(&xb, BUFSIZ, xbuf);
++ if (InputFile) {
++ agxbput (&xb, InputFile);
++ agxbput (&xb, ": ");
++ }
++ sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, buf);
++ agxbput (&xb, yytext);
++ agxbput (&xb,"'\n");
++ agerr(AGWARN,agxbuse(&xb));
++ agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
+ void aglexeof() { unput(GRAPH_EOF_TOKEN); }
+--
+1.8.5.1
+
Copied: graphviz/repos/extra-x86_64/yyerror1.patch (from rev 203403,
graphviz/trunk/yyerror1.patch)
===================================================================
--- extra-x86_64/yyerror1.patch (rev 0)
+++ extra-x86_64/yyerror1.patch 2014-01-10 04:16:47 UTC (rev 203404)
@@ -0,0 +1,26 @@
+From d266bb2b4154d11c27252b56d86963aef4434750 Mon Sep 17 00:00:00 2001
+From: "Emden R. Gansner" <e...@alum.mit.edu>
+Date: Tue, 7 Jan 2014 10:45:36 -0500
+Subject: [PATCH] Prevent possible buffer overflow in yyerror()
+
+---
+ lib/cgraph/scan.l | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 3efe1d5..212967c 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -201,7 +201,8 @@ void yyerror(char *str)
+ agxbput (&xb, InputFile);
+ agxbput (&xb, ": ");
+ }
+- sprintf(buf," %s in line %d near '", str,line_num);
++ agxbput (&xb, str);
++ sprintf(buf," in line %d near '", line_num);
+ agxbput (&xb, buf);
+ agxbput (&xb, yytext);
+ agxbput (&xb,"'\n");
+--
+1.8.5.1
+
