diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/graphviz.scm | 20 | ||||
-rw-r--r-- | gnu/packages/patches/graphviz-CVE-2020-18032.patch | 49 |
3 files changed, 5 insertions, 65 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index ce4bcf2d9a..c57e587e84 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1141,7 +1141,6 @@ dist_patch_DATA = \ %D%/packages/patches/gpodder-disable-updater.patch \ %D%/packages/patches/gpsbabel-fix-i686-test.patch \ %D%/packages/patches/grantlee-merge-theme-dirs.patch \ - %D%/packages/patches/graphviz-CVE-2020-18032.patch \ %D%/packages/patches/grep-timing-sensitive-test.patch \ %D%/packages/patches/grocsvs-dont-use-admiral.patch \ %D%/packages/patches/gromacs-tinyxml2.patch \ diff --git a/gnu/packages/graphviz.scm b/gnu/packages/graphviz.scm index 72c96655bc..34d6434f60 100644 --- a/gnu/packages/graphviz.scm +++ b/gnu/packages/graphviz.scm @@ -62,16 +62,15 @@ (define-public graphviz (package (name "graphviz") - (replacement graphviz/fixed) - (version "2.42.3") + (version "2.47.1") (source (origin (method url-fetch) - (uri (string-append - "https://www2.graphviz.org/Packages/stable/portable_source/" - "graphviz-" version ".tar.gz")) + (uri (string-append "https://gitlab.com/graphviz/graphviz" + "/-/package_files/9573974/download")) + (file-name (string-append "graphviz-" version ".tar.xz")) (sha256 (base32 - "1pbswjbx3fjdlsxcm7cmlsl5bvaa3d6gcnr0cr8x3c8pag13zbwg")))) + "1hff831p300n989x1gmyzh3ix43xd2mgx01qgrrqill44n7zxfza")))) (build-system gnu-build-system) (arguments ;; FIXME: rtest/rtest.sh is a ksh script (!). Add ksh as an input. @@ -127,15 +126,6 @@ software engineering, database and web design, machine learning, and in visual interfaces for other technical domains.") (license license:epl1.0))) -(define-public graphviz/fixed - (hidden-package - (package - (inherit graphviz) - (source (origin - (inherit (package-source graphviz)) - (patches (append (search-patches "graphviz-CVE-2020-18032.patch") - (origin-patches (package-source graphviz))))))))) - ;; Older Graphviz needed for pygraphviz. See ;; https://github.com/pygraphviz/pygraphviz/issues/175 (define-public graphviz-2.38 diff --git a/gnu/packages/patches/graphviz-CVE-2020-18032.patch b/gnu/packages/patches/graphviz-CVE-2020-18032.patch deleted file mode 100644 index 4cf94a9a36..0000000000 --- a/gnu/packages/patches/graphviz-CVE-2020-18032.patch +++ /dev/null @@ -1,49 +0,0 @@ -Fix CVE-2020-18032: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-18032 -https://gitlab.com/graphviz/graphviz/-/issues/1700 - -Patch copied from upstream source repository: - -https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b - -From 784411ca3655c80da0f6025ab20634b2a6ff696b Mon Sep 17 00:00:00 2001 -From: Matthew Fernandez <matthew.fernandez@gmail.com> -Date: Sat, 25 Jul 2020 19:31:01 -0700 -Subject: [PATCH] fix: out-of-bounds write on invalid label - -When the label for a node cannot be parsed (due to it being malformed), it falls -back on the symbol name of the node itself. I.e. the default label the node -would have had if it had no label attribute at all. However, this is applied by -dynamically altering the node's label to "\N", a shortcut for the symbol name of -the node. All of this is fine, however if the hand written label itself is -shorter than the literal string "\N", not enough memory would have been -allocated to write "\N" into the label text. - -Here we account for the possibility of error during label parsing, and assume -that the label text may need to be overwritten with "\N" after the fact. Fixes -issue #1700. ---- - lib/common/shapes.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/common/shapes.c b/lib/common/shapes.c -index 0a0635fc3..9dca9ba6e 100644 ---- a/lib/common/shapes.c -+++ b/lib/common/shapes.c -@@ -3546,9 +3546,10 @@ static void record_init(node_t * n) - reclblp = ND_label(n)->text; - len = strlen(reclblp); - /* For some forgotten reason, an empty label is parsed into a space, so -- * we need at least two bytes in textbuf. -+ * we need at least two bytes in textbuf, as well as accounting for the -+ * error path involving "\\N" below. - */ -- len = MAX(len, 1); -+ len = MAX(MAX(len, 1), (int)strlen("\\N")); - textbuf = N_NEW(len + 1, char); - if (!(info = parse_reclbl(n, flip, TRUE, textbuf))) { - agerr(AGERR, "bad label format %s\n", ND_label(n)->text); --- -2.31.1 - |