Florian Weimer <fw@deneb.enyo.de> (12/10/2008): > For lenny, yes. Just ask the release managers for an unblock after an > upload with urgency=high. RMs, please unblock graphviz 2.20.2-3 according to security team's suggestion, it contains the following fix: ,-- | graphviz (2.20.2-3) unstable; urgency=high | | * Backport patch to fix a stack overflow in the graph parser, reported | by IBM and fixed in 2.20.3. To avoid autotools noise, only the actual | fix is backported here, instead of pulling a brand new upstream | release (though functionally minimal). As usual, thanks to upstream | for their absolute kindness: | - debian/patches/20_fix_parser_stack_overflow | * Set “urgency=high” accordingly, after discussion with the security | team. | | -- Cyril Brulebois <kibi@debian.org> Sun, 12 Oct 2008 23:24:12 +0200 `-- Full diff attached & thanks for your time. > For stable, I suggest an upload to stable-proposed-updates and a > notification of the stable release managers, provided that etch is > affected as well. Will be done later today. Mraw, KiBi.
--- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +graphviz (2.20.2-3) unstable; urgency=high + + * Backport patch to fix a stack overflow in the graph parser, reported + by IBM and fixed in 2.20.3. To avoid autotools noise, only the actual + fix is backported here, instead of pulling a brand new upstream + release (though functionally minimal). As usual, thanks to upstream + for their absolute kindness: + - debian/patches/20_fix_parser_stack_overflow + * Set “urgency=high” accordingly, after discussion with the security + team. + + -- Cyril Brulebois <kibi@debian.org> Sun, 12 Oct 2008 23:24:12 +0200 + graphviz (2.20.2-2) unstable; urgency=low * Backport patch by Emden R. Gansner to fix a regression in tred, which --- /dev/null +++ b/debian/patches/20_fix_parser_stack_overflow @@ -0,0 +1,66 @@ +--- a/lib/graph/parser.c ++++ b/lib/graph/parser.c +@@ -110,7 +110,8 @@ static Agraph_t *G; + static Agnode_t *N; + static Agedge_t *E; + static objstack_t *SP; +-static Agraph_t *Gstack[32]; ++#define GSTACK_SIZE 64 ++static Agraph_t *Gstack[GSTACK_SIZE]; + static int GSP; + + static void subgraph_warn (void) +@@ -123,6 +124,9 @@ static void subgraph_warn (void) + + static void push_subg(Agraph_t *g) + { ++ if (GSP >= GSTACK_SIZE) { ++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1); ++ } + G = Gstack[GSP++] = g; + } + +--- a/lib/graph/parser.y ++++ b/lib/graph/parser.y +@@ -31,7 +31,8 @@ static Agraph_t *G; + static Agnode_t *N; + static Agedge_t *E; + static objstack_t *SP; +-static Agraph_t *Gstack[32]; ++#define GSTACK_SIZE 64 ++static Agraph_t *Gstack[GSTACK_SIZE]; + static int GSP; + + static void subgraph_warn (void) +@@ -44,6 +45,9 @@ static void subgraph_warn (void) + + static void push_subg(Agraph_t *g) + { ++ if (GSP >= GSTACK_SIZE) { ++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1); ++ } + G = Gstack[GSP++] = g; + } + +--- a/lib/graph/y.tab.c ++++ b/lib/graph/y.tab.c +@@ -110,7 +110,8 @@ static Agraph_t *G; + static Agnode_t *N; + static Agedge_t *E; + static objstack_t *SP; +-static Agraph_t *Gstack[32]; ++#define GSTACK_SIZE 64 ++static Agraph_t *Gstack[GSTACK_SIZE]; + static int GSP; + + static void subgraph_warn (void) +@@ -123,6 +124,9 @@ static void subgraph_warn (void) + + static void push_subg(Agraph_t *g) + { ++ if (GSP >= GSTACK_SIZE) { ++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1); ++ } + G = Gstack[GSP++] = g; + } + --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 0_tcl_manpages_section #0_libtool_linking_reorder_workaround 10_fix_tred_regression +20_fix_parser_stack_overflow
Attachment:
signature.asc
Description: Digital signature