graphviz-addons-2.48.0-150400.3.3.1

- VUL-0: CVE-2023-46045: graphviz: out-of-bounds read via a crafted config6a file
  bsc#1219491
  A gvc-detect-plugin-installation-failure-and-display-an-error.patch

- Changelog Update for SLES:
  The following patch has been backported to SLES and is therefore
  missing from the Factory changelog:
  * graphviz-malformed_input.patch (boo#1132091)

- Changelog Update for SLES:
  The Following patches have been backported to SLES and are therefore
  missing from the Factory changelog:
  * graphviz-2.40.1-fix-dot-segfault.patch (bsc#1151207)
  * graphviz-out-of-bounds-write.patch (bsc#1185833)
  * graphviz-null_dereference.patch (bsc#1185833)

- Dropped python2 subpackages as the bindings are removed in 2.48
- Update to version 2.48.0 (changes since 2.47.1)
  * marginally more accurate computations in Smyrna sphere projection
  * Perl is no longer required to build Graphviz #2067
  * nop more reliably returns success and failure exit statuses
  * implicit 63 character limit on plugin names is removed in GVC
  * remove Python 2 bindings #1992
  * improved thread-safety in Graphviz bindings Makefile
  * the CMake build system now enables -Wextra when building C++
  * some Cgraph functions that take char* arguments that they do not modify have
    been updated to take const char* arguments #634
  * incorrectly using the layout attribute on anything other than a graph now
    results in a warning about this being invalid #2078
  * edgepaint accepts more standard -- prefixed command line arguments and
    rejects invalid options #1971
  * improved detection of Lefty dependencies in the Autotools build system
  * Fix: out of bounds read when attempting to load a plugin whose name is ≥63 characters
  * Fix: out of bounds read when examining a registered plugin whose name is ≥63 characters
  * Fix: do not fclose(NULL) in gvmap
  * Fix: Uninitialized variable read in delaunay_tri
    potentially mismatched format string in tclpkg
  * Fix: ortho's eqEndSeg incorrectly modifies its arguments #2047
  * Fix: Autotools enables -Wtrampolines and -Wlogical-op for Clang #2066
  * Fix: node_distinct_coloring failure due to out-of-memory now reported correctly
    instead of referring to a failure to open lab_gamut
  * Fix: a typo GD_LIBS to GDLIB_LIBS in tclpkg/tcldot/Makefile.am !2022
  * Fix: Autotools build system sets libgd variables now instead of incorrectly setting
    GTK variables
  * Fix: HTML strings used as labels are distinguishable in GXL output by kind="HTML-like string"
  * Fix: a Bashism removed from the Autotools build system
  * Fix: when Criterion is available, the command_line test binary is no longer built
    and installed by default, but rather during make check
  * Fix: round-tripping a file through gv2gxl and then gxl2gv no longer causes
    HTML-like labels to become non-HTML like labels #517
  * Fix: fix ODR violation by including the ortho object files in the gvc lib also for
    CMake and MSbuild #2096

- Update graphviz-2.20.2-interpreter_names.patch so the Python demo
  uses Python 3.

- Install epl-v10.txt instead of COPYING.
  The COPYING file is a symlink to epl-v10.txt.

- Update to version 2.47.1
  * More detailed error messages when opening input file fails
  * The edges in JSON output are ordered now
  * Fixed xdot man page does not document some functions
  * Fixed PIC renderer
  * Fixed dot conversion to dia format
  * Fixed memory leak of reference-counted HTML strings
  * Fix for TBbalance attribute code
  * Fixed HTML parser error with single closing square bracket in
    table row
  * Fixed reference counted strings put the HTML bit in the middle
    of the reference count
  * Fixed & escape disappearing
  * Fixed gvpr -? to actually print usage and exit non-zero
  * Fixed memory leak in libmingle
  * Fixed memory leak in ANN bridge
  * Fixed buffer overflow in unflatten
  * Fixed agxbputc macro does not bracket its arguments
- Drop upstream fixed graphviz-2.46-fix-shebang.patch
  * Using POSIX shell, no need for ksh

- Remove obsolete pre_checkin.sh

- Buildrequire full ghostscript in the addons package
  to avoid a conflict betwen ghostcript-mini and ghostscript-devel

- Replace ghostscript-mini dependency with ghostscript_any

- Add graphviz-webp package to for webp image support

- Reenable ghostscript, but require just ghostscript-mini

- Update to new release 2.46.1 (changes since 2.44.1)
  * Support for building against Guile 2.2
  * Portable source is now also offered as a .tar.xz
  * CentOS/RHEL 6 is no longer supported
  * Vestiges of Qt4 support have been removed
  * C++11 support is now required of the C++ compiler used to build Graphviz
  * C99 support is now required of the C compiler used to build Graphviz
  * Question about userout() function in agerror.c #1924
  * The minimum version of Python required to run the test suite is 3.6
  * memory leak in label construction
  * gvedit compilation errors out, but works if manually compiled with qt5 #1862
  * incorrect HTML BR attribute parsing code #1913
  * broken overflow checks in RectArea #1906
  * various memory leaks !1699
  * Fix bad free in lefty !1709
  * typo in pathcross #1926
  * Out-of-bounds write caused by incorrect error handling of malloc in genUserdata #1928
  * Offer .tar.xz files too #454
  * Header file graphviz_version.h has no include guards #1929
  * regression: newlines embedded in quoted labels / node names are not preserved in 2.46.0 #1931
  * Properly fill graphviz_version.h !1706
  * Cgraph's agxbuf API gained a new function agxbdisown(), for dissociating
  * backing memory from the managed buffer
  * Build system support for the Elbrus 2000 CPU, thanks to Michael Shigorin
  * Cgraph's agheap() API has been removed
  * Autotools build system support for eFence has been removed
  * Building Graphviz with ICC defaults to -O2 instead of -O0
  * Build system work arounds for GCC 3 have been removed
  * Incomplete support for running the test suite under CMake has been removed
  * Portable source tarballs now use the “ustar” POSIX format
  * Minimum version of Flex required to build Graphviz is now 2.5.2
  * Minimum version of Bison required to build Graphviz is now 3.0
  * Minimum version of CMake required to build Graphviz using CMake is now 3.1
  * gvpr: line numbers in gvpr errors/warnings are incorrect #1594
  * URL typo in patchwork man page
  * Escaped backslashes are not correctly handled when producing xdot with dot #165
  * heap-over-flow(off-by-null) in lib/common/shapes.c #1700
  * Windows MSBuild executables have the wrong version #1745
  * Cast Overflow at pango_textlayout #1314
  * x11 back end segfaults if display is unavailable #1776
  * typo in cmd/gvpr/lib/clustg #1781
  * Segfault in dot #1783
  * Incorrect 'Arrow type "s" unknown' error #1444
  * segfault on reading 0x10 #1724
  * Null-dereference READ (144736912) #1676
  * "Warning! PATH too long installer unable to modify PATH!" using CMake Windows installer and PATH length > 1024 #1770
  * gvedit -? gives "option - unrecognized - ignored" instead of showing usage #1813
  * lefty is not built for Windows (fixed for MSBuild builds only) #1818
  * a failure to detect OpenGL glGenTextures() errors has been corrected
  * sfio does compile time benchmarknig #1422
  * iffe "lib" check always succeeds when compiler optimises #1521
  * syntax error near text who is not present #1411
  * Explicitly links with libstdc++; should allow libc++ if appropriate #163
  * A macOS file that was erroneously excluded from portable source tarballs has
  * been restored
  * Add option -? for usage to diffimg
  * Add option -? for usage to dotty
  * Add option -? for usage to lneato
  * Add option -? for usage to vimdot
  * Fix smyrna -? to actually print usage instead of error
  * Fix edgepaint -? to actually print usage instead of error
  * Remove '"' from usage text in non-Windows version of dotty
  * Correct misspelled 'smyrna' in usage
  * Fix edgepaint -o option
  * Correct shebang of gvmap.sh to use ksh
  * Fix gvmap.sh -? option to exit with zero exit status
  * Graphviz doesn't build on MacOS with the latest libc++ #1785
  * make fails if ps2pdf is not installed (using autotools) #1763
  * multiple graphs to file output causes a segfault #1845
  * lefty PTY functionality relies on file descriptor implementation details #1823
  * buffer overflow in fdpgen
  * Crashes by VRML output when current directory is not writable #793
  * Segmentation fault when newrank=true #1221
  * sfdp craches #236
  * fdp segmentation fault with GK=0 #1290
  * fdp crash #1865
  * Graphviz always crash with this simple dot file #167
  * Seg fault in dot #1771
  * gml2gv doesn't handle some attributes correctly #1869
  * Add missing circo, fdp, neato, osage, patchwork, sfdp & twopi tools to Windows builds (copies of dot)
  * Add gv2gml tool to CMake (copy of gml2gv on Windows, symlink to gml2gv otherwise)
  * Regression: fdp generates internal names in the output #1876
  * Regression: fdp assertion error on cluster in edge #1877
  * Regression in id / <title> in svg for twopi #1907
- graphviz-2.46-fix-shebang.patch added to make rpmlint happy
- graphviz-no_strict_aliasing.patch changed to be applicable to current files
- configure without ghostscript to break new build cycle
- Update source URLs

- Use _multibuild to build graphviz and graphviz-addons in a single
  development project
  - graphviz-addons.changes
  - graphviz-addons.spec

- Update to new release 2.44.1 (changes since 2.42.3)
  * applied RH patches (from graphviz-2.42.2-8.fc32.src.rpm)
  * some allocation failures that could previously allow memory
    corruption now exit
  * lab_gamut.3.pdf is no longer included in release archives
  * Fixed Neato's hier mode is broken since v2.44.0
  * Fixed segmentation fault (core dumped)
  * New SGD mode in neato
  * Add pkg-config files
  * tred: add feature to output removed edges to stderr upon request
  * Workaround: avoid creating a virtual edge loop.
  * Add riscv64 to host_cpu configure.ac
  * lib/cgraph: include empty malloc.h from subdir include
  * lib/gvpr: compile mkdefs with $(HOSTCC) rather than $(CC)
  * lib/vpsc: rename bcopy->b_copy
  * Fixed the NativeCodeAnalysis task failed unexpectedly.
  * Include all test files in distro
  * host_cpu add mips64 platform
  * Correct description of 'port' syntax in manual
  * svg output displays TITLE of %3 if graph had no name
  * XML errors in generated SVG when URL attribute contains
    ampersand (&)
  * Test files missing from source distributions
  * SVG error for "g.transform.scale " in graphviz version 2.43
- BuildRequires for ghostscript and groff (generate cdt documentation)
- Extension graphviz-php changes:
  * Require php(api) and php(zend-abi) to guarantee ABI compatibility
  * Don't pull in extra libraries from PHP
    + graphviz-no_php_extra_libs.patch
  * Remove argon2-devel from list of dependencies
  * Automatically enable extension when installed by providing
    /etc/php{5,7}/conf.d/gv.ini

- Rename python*-graphviz to python*-gv, there is also normal
  pypi graphviz package and we clash otherwise and override
  each other

- Add also configure option to not build py2 if the python2
  build is disabled

- Add python2/python3 split subpkgs in order to allow building
  without python2 available

- Auto-identify the correct ruby-version using pkg-config.

- Update to new release 2.42.3
  - tidy gvedit about dialog strings
  - check for mmap failure in plugin code
  - fix broken symlinks to _gv.so with Python
  - fix out of source build with LIBGD
  - some minor bugfixes
- Fix changelog of last update:
  - Accidentally had both CVE entries mashed together.

- Added graphviz-null_dereference.patch to fix CVE-2018-10196
  (boo#1093447)

- Added graphivz-malformed_input.patch from commit  839085f8
  to fix CVE-2019-11023 (boo#1132091)

- Disable building the graphviz-ocaml package: we have no consumer
  of it, but not building it allows us to elminiate a build cycle.

- Reverse last change.

- Remove pre_checkin.sh and graphviz-addon.* as they aren't needed
  anymore.

- Replace the recommends for graphviz-gnome by a 'supplements packageand'
  so that graphviz doesn't pull in all the X11 related stuff on a
  machine without graphical desktop (bsc#930442).

- Exclude %{_mandir}/man1/smyrna.1%{ext_man} from graphiz' main
  package, since the man page is packaged in the -smyrna sub
  package already.

- Add bcond for java and ocaml that can be overriden in staging prj

- Drop smyrna and gvedit separate spec, now handled by
  graphviz-addons
  * Switch graphviz-gvedit to Qt5:
    + graphviz-qt5.patch
- Drop graphviz-plugin subkpg in favor of graphviz-addons.spec
  that is generated from graphviz directly
- Make sure all patches are applied also in main package so none
  get lost by accident
- Refresh patch graphviz-plugins-fix_install_dirs.patch
- Make sure graphviz php plugins are generated using php7
  * set the php7 path in graphviz-plugins-fix_install_dirs.patch
- Remove tkspline from tcl package as it is no longer shipped
- Make sure the pic/pie is enforced on all the libs/bins

- Update to 2.40.1 release:
  * Remove usage of ast_common.h
  * network-simplex fixes and optimization (Stephen North)
  * built-in tred tool now available in the various swig generated
    language bindings (John Ellson)
  * number rounding added to SVG renderer (same as PS and TK rounding)
    to aid regression testing. (John Ellson)
  * additional regressson test framework, used in Travis CI builds. (Erwin Janssen)
  * PHP7 support (requires swig-3.0.11 or later). (John Ellson)
  * Allow user to specify clustering algorithm in gvmap. (Emden Gansner)
  * Add Sierpinski graph generator to gvgen. (Emden Gansner)
  * Extensive code cleanup (Erwin Janssen)
  * Removal of libgd source - use vanilla libgd from separate install
  * Windows builds (Erwin Janssen)
  * Appveyor CI for automated Windows build testing (Erwin Janssen)
  * Travis CI for Fedora/Centos builds (Erwin Janssen)
  * Added JSON output format, -Tjson  (Emden Gansner)
  * New curved arrowhead, cylinder node shape.
  * Resolves bugs: 2599, 1172
  * Add cylinder shape for databases.
  * Free installed plugins
  * Update makefile for dot so that the using libpanco_C in the static build include PANGOFT2
    as well as PANGOCAIRO_LIBS (needed for some versions of Ubuntu)
  * Add json output format
  * output class value in svg files
  * Add plain shape for use with HTML-like labels.
  * Add icurve arrowhead.
  * Revert to old, translate to origin semantics in neato, etc. Add flag notranslate if that is
    what the user desires.
- Run over with spec-cleaner and convert deps to pkgconfig
- Fix Group
- Remove unused pre requirements as there is no pre phase
- Inline sed changes and do not rely on pipes
- Do not add needless requires to devel pkg, there are no such stated
  dependencies in any of the .pc files provided
- Add pre_checkin.sh scriptlet to allow generating of the extras subpkg
  instead of having independent spec files

- Add reproducible.patch to not have binaries depend on build system timings

- Remove pangocairo and lasi support as it introduces build cycle

- Build with pangocairo and lasi support.

- fix ksh-specific constrictions in gvmap.sh script
- add patches:
  + graphviz-2.38.0-fix-gvmap.patch

- Remove upstream-included patch graphviz-ppc64le_lib64_support.patch
  from graphviz-plugins.spec

- Fix URL to point to the new location of the sources.

- Update to 2.38.0. Changes since 2.36.0:
  - Resolve bugs: 2409, 2413, 2417, 2420, 2422, 2423, 2425
  - Enable packing for dot
  - Allow scaling to work for all non-dot layouts
  - Add overline text characteristic.
  - Fix bugs in gvpr and gv.cpp so edges can be created in subgraphs.
  - Add edgepaint program for coloring edges to make them easier to
    tell apart.
  - Modify neato to avoid unnecessary translations of output. This
    allows positions given on input to remain the same on output.
  - Fix swig java package to work and support gv.renderresult.
  - Fix test for the absence of layout (old test relied on statically
    allocated Agraphinfo_t).
  - HTML-like tables and cells can now specify which borders should be drawn.
  - The fixedsize attribute now takes the value "shape" which allows
    labels much larger than the node shape.
- Remove graphviz-fix-includes.patch as the fix has been done
  upstream.
- Add graphviz-array_overflow.patch to fix an off-by-one error.

- Update to 2.36,0:
  (graphviz tracker lives at http://www.graphviz.org/mantisbt/my_view_page.php)
  Fixed bugs:
  * The xdot pad attribute is documented to have a default value of
    0.0555 (inches, equals 0002091:0000004 points).  However when no
    pad attribute was specified, xdot output behaved as though the
    default was 0 (graphviz tracker 2372).
  * Graphviz gave incorrect svg when labels contained HTML entities
    (graphviz tracker 2384).
  * Building gvedit failed with undefined references (graphviz
    tracker 2388).
  * Document that edge[style=tapered] does not support colorList and
    that edge[style=tapered] does not work with arrowType:none
    (graphviz tracker 2391).
  * Use a stronger test for orthogonal routing and, if it fails, revert
    to line segments for edges (graphviz tracker 2393).
  * Fix xdot background polygon coordinates being "nan" with no nodes
    (graphviz tracker 2393).
  * Circo couldn't rescale a graph using the mindist attribute
    (graphviz tracker 2395).
  - Remove old libgraph sources from distributions.
  - Move master git repo to github.com
  September 15, 2013
  - Add <S> element for strike-through to HTML-like labels.
  - This version also fixes the security bugs reported in january.

- Change license to EPL-1.0. Remove contrib/gprof2dot.awk as it
  contains a non-working uri.

- graphviz-fix-includes.patch: Use #include "cgraph.h", not <cgraph.h>
  in graphviz/types.h.

- Add graphviz-getaddrinfo.patch to use getaddrinfo instead of
  gethostbyname.