Florian Weimer <fw@deneb.enyo.de> (12/10/2008): > For lenny, yes. Just ask the release managers for an unblock after an > upload with urgency=high. RMs, please unblock graphviz 2.20.2-3 according to security team's suggestion, it contains the following fix: ,-- | graphviz (2.20.2-3) unstable; urgency=high | | * Backport patch to fix a stack overflow in the graph parser, reported | by IBM and fixed in 2.20.3. To avoid autotools noise, only the actual | fix is backported here, instead of pulling a brand new upstream | release (though functionally minimal). As usual, thanks to upstream | for their absolute kindness: | - debian/patches/20_fix_parser_stack_overflow | * Set “urgency=high” accordingly, after discussion with the security | team. | | -- Cyril Brulebois <kibi@debian.org> Sun, 12 Oct 2008 23:24:12 +0200 `-- Full diff attached & thanks for your time. > For stable, I suggest an upload to stable-proposed-updates and a > notification of the stable release managers, provided that etch is > affected as well. Will be done later today. Mraw, KiBi.
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+graphviz (2.20.2-3) unstable; urgency=high
+
+ * Backport patch to fix a stack overflow in the graph parser, reported
+ by IBM and fixed in 2.20.3. To avoid autotools noise, only the actual
+ fix is backported here, instead of pulling a brand new upstream
+ release (though functionally minimal). As usual, thanks to upstream
+ for their absolute kindness:
+ - debian/patches/20_fix_parser_stack_overflow
+ * Set “urgency=high” accordingly, after discussion with the security
+ team.
+
+ -- Cyril Brulebois <kibi@debian.org> Sun, 12 Oct 2008 23:24:12 +0200
+
graphviz (2.20.2-2) unstable; urgency=low
* Backport patch by Emden R. Gansner to fix a regression in tred, which
--- /dev/null
+++ b/debian/patches/20_fix_parser_stack_overflow
@@ -0,0 +1,66 @@
+--- a/lib/graph/parser.c
++++ b/lib/graph/parser.c
+@@ -110,7 +110,8 @@ static Agraph_t *G;
+ static Agnode_t *N;
+ static Agedge_t *E;
+ static objstack_t *SP;
+-static Agraph_t *Gstack[32];
++#define GSTACK_SIZE 64
++static Agraph_t *Gstack[GSTACK_SIZE];
+ static int GSP;
+
+ static void subgraph_warn (void)
+@@ -123,6 +124,9 @@ static void subgraph_warn (void)
+
+ static void push_subg(Agraph_t *g)
+ {
++ if (GSP >= GSTACK_SIZE) {
++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1);
++ }
+ G = Gstack[GSP++] = g;
+ }
+
+--- a/lib/graph/parser.y
++++ b/lib/graph/parser.y
+@@ -31,7 +31,8 @@ static Agraph_t *G;
+ static Agnode_t *N;
+ static Agedge_t *E;
+ static objstack_t *SP;
+-static Agraph_t *Gstack[32];
++#define GSTACK_SIZE 64
++static Agraph_t *Gstack[GSTACK_SIZE];
+ static int GSP;
+
+ static void subgraph_warn (void)
+@@ -44,6 +45,9 @@ static void subgraph_warn (void)
+
+ static void push_subg(Agraph_t *g)
+ {
++ if (GSP >= GSTACK_SIZE) {
++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1);
++ }
+ G = Gstack[GSP++] = g;
+ }
+
+--- a/lib/graph/y.tab.c
++++ b/lib/graph/y.tab.c
+@@ -110,7 +110,8 @@ static Agraph_t *G;
+ static Agnode_t *N;
+ static Agedge_t *E;
+ static objstack_t *SP;
+-static Agraph_t *Gstack[32];
++#define GSTACK_SIZE 64
++static Agraph_t *Gstack[GSTACK_SIZE];
+ static int GSP;
+
+ static void subgraph_warn (void)
+@@ -123,6 +124,9 @@ static void subgraph_warn (void)
+
+ static void push_subg(Agraph_t *g)
+ {
++ if (GSP >= GSTACK_SIZE) {
++ agerr (AGERR, "Gstack overflow in graph parser\n"); exit(1);
++ }
+ G = Gstack[GSP++] = g;
+ }
+
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
0_tcl_manpages_section
#0_libtool_linking_reorder_workaround
10_fix_tred_regression
+20_fix_parser_stack_overflow
Attachment:
signature.asc
Description: Digital signature