Bug#1076344: bullseye-pu: graphviz/2.42.2-5+deb11u1
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
Control: affects -1 + src:graphviz
Hi RMs,
[ Reason ]
Graphviz scaling output with SVG is wrong when the "size" attribute is set.
[ Impact ]
Basically nothing, the original upstream fix was wrong as even noted
in this commit [1] which reverts that fix.
[ Tests ]
Personally only the compilation was tested. The actual testing made by
someone else.
[ Risks ]
No risk, the fix is part of the upstream distribution for five years
without any issue. Sid and experimental uploads of Graphviz also have
this fix already.
[ Checklist ]
[x] *all* changes are documents in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in bullseye
[x] the issue is verified as fixed in unstable
Thanks for considering,
Laszlo/GCS
[1] https://gitlab.com/graphviz/graphviz/-/commit/a5606d101af1cc949908a6f0bc19caaa4eb31159
diff -Nru graphviz-2.42.2/debian/changelog graphviz-2.42.2/debian/changelog
--- graphviz-2.42.2/debian/changelog 2021-05-08 11:09:59.000000000 +0200
+++ graphviz-2.42.2/debian/changelog 2024-07-14 19:56:30.000000000 +0200
@@ -1,3 +1,9 @@
+graphviz (2.42.2-5+deb11u1) bullseye; urgency=medium
+
+ * Apply fix for broken scale (closes: #1075904).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 14 Jul 2024 19:56:30 +0200
+
graphviz (2.42.2-5) unstable; urgency=high
* Fix CVE-2020-18032: out of bounds write on invalid label
diff -Nru graphviz-2.42.2/debian/patches/fix_for_broken_scale.patch graphviz-2.42.2/debian/patches/fix_for_broken_scale.patch
--- graphviz-2.42.2/debian/patches/fix_for_broken_scale.patch 1970-01-01 01:00:00.000000000 +0100
+++ graphviz-2.42.2/debian/patches/fix_for_broken_scale.patch 2024-07-14 18:17:26.000000000 +0200
@@ -0,0 +1,33 @@
+From a5606d101af1cc949908a6f0bc19caaa4eb31159 Mon Sep 17 00:00:00 2001
+From: Stephen C North <scnorth@gmail.com>
+Date: Thu, 17 Oct 2019 13:52:36 -0400
+Subject: [PATCH] Revert "I think this fixed something wrong with scale."
+
+This reverts commit dbe54f9fe3c7eff44d3a4effcf3336c5d16341c2.
+
+This undoes a commit that changed scale to 1/scale, which now looks
+totally stupid, but there was a reason, so the stupidity may have
+been at a deeper level. Wish we had a better comment about that.
+---
+ plugin/core/gvrender_core_svg.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plugin/core/gvrender_core_svg.c b/plugin/core/gvrender_core_svg.c
+index fbd0defee1..a24b533652 100644
+--- a/plugin/core/gvrender_core_svg.c
++++ b/plugin/core/gvrender_core_svg.c
+@@ -253,9 +253,9 @@ static void svg_begin_page(GVJ_t * job)
+ * and it is the entire graph if we're not currently paging */
+ svg_print_id_class(job, obj->id, NULL, "graph", obj->u.g);
+ gvputs(job, " transform=\"scale(");
+- gvprintdouble(job, 1.0/job->scale.x);
++ gvprintdouble(job, job->scale.x);
+ gvputs(job, " ");
+- gvprintdouble(job, 1.0/job->scale.y);
++ gvprintdouble(job, job->scale.y);
+ gvprintf(job, ") rotate(%d) translate(", -job->rotation);
+ gvprintdouble(job, job->translation.x);
+ gvputs(job, " ");
+--
+GitLab
+
diff -Nru graphviz-2.42.2/debian/patches/series graphviz-2.42.2/debian/patches/series
--- graphviz-2.42.2/debian/patches/series 2021-05-08 11:09:50.000000000 +0200
+++ graphviz-2.42.2/debian/patches/series 2024-07-14 19:56:30.000000000 +0200
@@ -9,3 +9,4 @@
build_with_libann.patch
update_documentation_link.patch
fix_out-of-bounds_write_on_invalid_label.patch
+fix_for_broken_scale.patch
Reply to: