Sync from SUSE:SLFO:Main graphviz revision 5e06e215427194a40d29f636f27e6ece
This commit is contained in:
parent
89b73f9ea9
commit
04e1a86bd4
@ -1,6 +1,4 @@
|
|||||||
# This line is mandatory to access the configuration functions
|
# This line is mandatory to access the configuration functions
|
||||||
from Config import *
|
from Config import *
|
||||||
|
|
||||||
addFilter("graphviz-tcl.* devel-file-in-non-devel-package")
|
|
||||||
addFilter("lib.* obsolete-not-provided libgraphviz6")
|
addFilter("lib.* obsolete-not-provided libgraphviz6")
|
||||||
addFilter("liblab_gamut.* shared-library-without-dependency-information")
|
|
||||||
|
@ -1,3 +1,24 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 7 14:57:35 UTC 2024 - Thomas Renninger <trenn@suse.de>
|
||||||
|
|
||||||
|
- VUL-0: CVE-2023-46045: graphviz: out-of-bounds read via a crafted config6a file
|
||||||
|
bsc#1219491
|
||||||
|
A gvc-detect-plugin-installation-failure-and-display-an-error.patch
|
||||||
|
- Some alphabetical re-ordering and other spec file changes which should
|
||||||
|
not have any functional change which came from some kind of auto-spec
|
||||||
|
cleaner
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 22 07:45:53 UTC 2024 - Michael Vetter <mvetter@suse.com>
|
||||||
|
|
||||||
|
- Use %patch -P N instead of deprecated %patchN.
|
||||||
|
- Update graphviz-rpmlintrc
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 28 10:23:46 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||||
|
|
||||||
|
- Require bitstream-vera-fonts for correct .png rendering by doxygen+dot
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 1 23:16:17 UTC 2023 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
Wed Mar 1 23:16:17 UTC 2023 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package graphviz
|
# spec file for package graphviz
|
||||||
#
|
#
|
||||||
# Copyright (c) 2023 SUSE LLC
|
# Copyright (c) 2024 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,43 +17,32 @@
|
|||||||
|
|
||||||
|
|
||||||
%global flavor @BUILD_FLAVOR@%{nil}
|
%global flavor @BUILD_FLAVOR@%{nil}
|
||||||
|
|
||||||
%if "%{flavor}" != ""
|
%if "%{flavor}" != ""
|
||||||
%define psuffix -%{flavor}
|
%define psuffix -%{flavor}
|
||||||
%else
|
%else
|
||||||
%define psuffix %{nil}
|
%define psuffix %{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
#fixes build failure caused by new .debug files, not sure how to fix correctly
|
#fixes build failure caused by new .debug files, not sure how to fix correctly
|
||||||
|
|
||||||
%define mname graphviz
|
%define mname graphviz
|
||||||
# name of the plugin config file that dot creates
|
# name of the plugin config file that dot creates
|
||||||
%define config_file config6
|
%define config_file config6
|
||||||
# Java and ocaml are not in ring1, thus this gets overriden in staging
|
|
||||||
# Also, both install into generic locations instead of a language
|
|
||||||
# specific prefix, disable both
|
|
||||||
%bcond_with java
|
|
||||||
%bcond_with ocaml
|
|
||||||
%if "%{flavor}" == "addons"
|
%if "%{flavor}" == "addons"
|
||||||
|
%define phpconf_dir %{_sysconfdir}/php%{php_version}/conf.d
|
||||||
|
%define phpext_dir %(%{__php_config} --extension-dir)
|
||||||
|
%define ruby_version $(pkg-config --variable=RUBY_API_VERSION %{_libdir}/pkgconfig/ruby-*.pc)
|
||||||
# PHP8 requires swig >= 4.1.0, https://github.com/swig/swig/commit/56d74355735f3661406d69d04d89d1bdb4ca96f9
|
# PHP8 requires swig >= 4.1.0, https://github.com/swig/swig/commit/56d74355735f3661406d69d04d89d1bdb4ca96f9
|
||||||
%if 0%{?suse_version} >= 1599
|
%if 0%{?suse_version} >= 1599
|
||||||
%define php_version 8
|
%define php_version 8
|
||||||
%else
|
%else
|
||||||
%define php_version 7
|
%define php_version 7
|
||||||
%endif
|
%endif
|
||||||
%define phpconf_dir %{_sysconfdir}/php%{php_version}/conf.d
|
|
||||||
%define phpext_dir %(%{__php_config} --extension-dir)
|
|
||||||
|
|
||||||
%define ruby_version $(pkg-config --variable=RUBY_API_VERSION %{_libdir}/pkgconfig/ruby-*.pc)
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# No pkgconfig(gts) in sle12 GA or SPx, but in sle15
|
# No pkgconfig(gts) in sle12 GA or SPx, but in sle15
|
||||||
%if 0%{?suse_version} == 1315 && !0%{?is_opensuse}
|
%if 0%{?suse_version} == 1315 && !0%{?is_opensuse}
|
||||||
%bcond_with gts
|
%bcond_with gts
|
||||||
%else
|
%else
|
||||||
%bcond_without gts
|
%bcond_without gts
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%define cdt_soversion 5
|
%define cdt_soversion 5
|
||||||
%define cgraph_soversion 6
|
%define cgraph_soversion 6
|
||||||
%define gvc_soversion 6
|
%define gvc_soversion 6
|
||||||
@ -61,7 +50,11 @@
|
|||||||
%define lab_gamut_soversion 1
|
%define lab_gamut_soversion 1
|
||||||
%define pathplan_soversion 4
|
%define pathplan_soversion 4
|
||||||
%define xdot_soversion 4
|
%define xdot_soversion 4
|
||||||
|
# Java and ocaml are not in ring1, thus this gets overriden in staging
|
||||||
|
# Also, both install into generic locations instead of a language
|
||||||
|
# specific prefix, disable both
|
||||||
|
%bcond_with java
|
||||||
|
%bcond_with ocaml
|
||||||
Name: graphviz%{psuffix}
|
Name: graphviz%{psuffix}
|
||||||
Version: 2.49.3
|
Version: 2.49.3
|
||||||
Release: 0
|
Release: 0
|
||||||
@ -83,7 +76,8 @@ Patch5: graphviz-no_strict_aliasing.patch
|
|||||||
Patch6: graphviz-no_php_extra_libs.patch
|
Patch6: graphviz-no_php_extra_libs.patch
|
||||||
# https://gitlab.com/graphviz/graphviz/-/issues/2303
|
# https://gitlab.com/graphviz/graphviz/-/issues/2303
|
||||||
Patch7: swig-4.1.0.patch
|
Patch7: swig-4.1.0.patch
|
||||||
|
#PATCH-FIX-UPSTREAM gvc: detect plugin installation failure and display an error
|
||||||
|
Patch8: gvc-detect-plugin-installation-failure-and-display-an-error.patch
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
@ -96,12 +90,13 @@ BuildRequires: libstdc++-devel
|
|||||||
BuildRequires: libtool
|
BuildRequires: libtool
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: pkgconfig(expat)
|
BuildRequires: pkgconfig(expat)
|
||||||
|
BuildRequires: pkgconfig(zlib)
|
||||||
|
Requires: bitstream-vera-fonts
|
||||||
|
Requires: graphviz-plugins-core = %{version}
|
||||||
|
Recommends: graphviz-gd = %{version}
|
||||||
%if %{with gts}
|
%if %{with gts}
|
||||||
BuildRequires: pkgconfig(gts)
|
BuildRequires: pkgconfig(gts)
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: pkgconfig(zlib)
|
|
||||||
Requires: graphviz-plugins-core = %{version}
|
|
||||||
Recommends: graphviz-gd = %{version}
|
|
||||||
%if "%{flavor}" == "addons"
|
%if "%{flavor}" == "addons"
|
||||||
BuildRequires: freeglut-devel
|
BuildRequires: freeglut-devel
|
||||||
BuildRequires: ghostscript
|
BuildRequires: ghostscript
|
||||||
@ -109,13 +104,6 @@ BuildRequires: libjpeg-devel
|
|||||||
BuildRequires: libpng-devel
|
BuildRequires: libpng-devel
|
||||||
BuildRequires: libwebp-devel
|
BuildRequires: libwebp-devel
|
||||||
BuildRequires: perl
|
BuildRequires: perl
|
||||||
%if %{php_version} == 8
|
|
||||||
BuildRequires: php8-devel
|
|
||||||
BuildRequires: swig >= 4.1.0
|
|
||||||
%else
|
|
||||||
BuildRequires: php7-devel
|
|
||||||
BuildRequires: swig >= 3.0.11
|
|
||||||
%endif
|
|
||||||
BuildRequires: ruby-devel
|
BuildRequires: ruby-devel
|
||||||
BuildRequires: pkgconfig(cairo)
|
BuildRequires: pkgconfig(cairo)
|
||||||
BuildRequires: pkgconfig(fontconfig)
|
BuildRequires: pkgconfig(fontconfig)
|
||||||
@ -136,6 +124,13 @@ BuildRequires: pkgconfig(tcl)
|
|||||||
BuildRequires: pkgconfig(x11)
|
BuildRequires: pkgconfig(x11)
|
||||||
BuildRequires: pkgconfig(xaw7)
|
BuildRequires: pkgconfig(xaw7)
|
||||||
BuildRequires: pkgconfig(xext)
|
BuildRequires: pkgconfig(xext)
|
||||||
|
%if %{php_version} == 8
|
||||||
|
BuildRequires: php8-devel
|
||||||
|
BuildRequires: swig >= 4.1.0
|
||||||
|
%else
|
||||||
|
BuildRequires: php7-devel
|
||||||
|
BuildRequires: swig >= 3.0.11
|
||||||
|
%endif
|
||||||
%if %{with java}
|
%if %{with java}
|
||||||
BuildRequires: java-devel >= 1.6.0
|
BuildRequires: java-devel >= 1.6.0
|
||||||
%endif
|
%endif
|
||||||
@ -175,7 +170,7 @@ Experimental large graph viewer using graphviz
|
|||||||
Summary: Graphviz plugins that use gtk/GNOME
|
Summary: Graphviz plugins that use gtk/GNOME
|
||||||
Group: Productivity/Graphics/Visualization/Graph
|
Group: Productivity/Graphics/Visualization/Graph
|
||||||
Requires(post): graphviz = %{version}
|
Requires(post): graphviz = %{version}
|
||||||
Supplements: packageand(graphviz:xorg-x11-fonts-core)
|
Supplements: (graphviz and xorg-x11-fonts-core)
|
||||||
|
|
||||||
%description -n graphviz-gnome
|
%description -n graphviz-gnome
|
||||||
Graphviz plugins that use gtk/GNOME.
|
Graphviz plugins that use gtk/GNOME.
|
||||||
@ -405,14 +400,15 @@ programs that use the graphviz libraries including man3 pages.
|
|||||||
%prep
|
%prep
|
||||||
#autosetup breaks graphviz-addons
|
#autosetup breaks graphviz-addons
|
||||||
%setup -q -n %{mname}-%{version}
|
%setup -q -n %{mname}-%{version}
|
||||||
%patch0
|
%patch -P 0
|
||||||
%patch1
|
%patch -P 1
|
||||||
%patch2
|
%patch -P 2
|
||||||
%patch3
|
%patch -P 3
|
||||||
%patch4
|
%patch -P 4
|
||||||
%patch5 -p1
|
%patch -P 5 -p1
|
||||||
%patch6
|
%patch -P 6
|
||||||
%patch7 -p1
|
%patch -P 7 -p1
|
||||||
|
%patch -P 8 -p1
|
||||||
|
|
||||||
# pkg-config returns 0 (TRUE) when guile-2.2 is present
|
# pkg-config returns 0 (TRUE) when guile-2.2 is present
|
||||||
if pkg-config --atleast-version=2.2 guile-2.2; then
|
if pkg-config --atleast-version=2.2 guile-2.2; then
|
||||||
|
@ -0,0 +1,31 @@
|
|||||||
|
From: Matthew Fernandez <matthew.fernandez@gmail.com>
|
||||||
|
Subject: gvc: detect plugin installation failure and display an error
|
||||||
|
References: bsc#1219491
|
||||||
|
Patch-Mainline: 10.0.1
|
||||||
|
Git-commit: a95f977f5d809915ec4b14836d2b5b7f5e74881e
|
||||||
|
Git-repo: git@gitlab.com:graphviz/graphviz.git.git
|
||||||
|
|
||||||
|
Gitlab: fixes #2441
|
||||||
|
Reported-by: GJDuck
|
||||||
|
|
||||||
|
A malformed config6 file that leads to plugin search failing no longer causes
|
||||||
|
out-of-bounds memory reads. This now causes an error message and graceful
|
||||||
|
failure. #2441
|
||||||
|
|
||||||
|
|
||||||
|
Signed-off-by: <trenn@suse.com>
|
||||||
|
Index: graphviz-2.49.3/lib/gvc/gvconfig.c
|
||||||
|
===================================================================
|
||||||
|
--- graphviz-2.49.3.orig/lib/gvc/gvconfig.c
|
||||||
|
+++ graphviz-2.49.3/lib/gvc/gvconfig.c
|
||||||
|
@@ -183,6 +183,10 @@ static int gvconfig_plugin_install_from_
|
||||||
|
do {
|
||||||
|
api = token(&nest, &s);
|
||||||
|
gv_api = gvplugin_api(api);
|
||||||
|
+ if (gv_api == (api_t)-1) {
|
||||||
|
+ agerr(AGERR, "config error: %s %s not found\n", path, api);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
do {
|
||||||
|
if (nest == 2) {
|
||||||
|
type = token(&nest, &s);
|
Loading…
Reference in New Issue
Block a user