graphviz: fix CVE-2014-9157, enable lefty, reduce package size by 45MB.

Patches from Debian.

srcpkgs/graphviz/patches/CVE-2014-9157.patch

@@ -0,0 +1,22 @@
+Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
+Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
+Bug-Debian: https://bugs.debian.org/772648
+Forwarded: no
+Author: Emden R. Gansner
+Last-Update: 2014-12-10
+
+---
+ lib/cgraph/scan.l |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- lib/cgraph/scan.l
++++ lib/cgraph/scan.l
+@@ -225,7 +225,7 @@ void yyerror(char *str)
+ 	agxbput (&xb, buf);
+ 	agxbput (&xb, yytext);
+ 	agxbput (&xb,"'\n");
+-	agerr(AGERR,agxbuse(&xb));
++	agerr(AGERR, "%s", agxbuse(&xb));
+ 	agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */

srcpkgs/graphviz/patches/reduce_lab_color.patch

@@ -0,0 +1,30 @@
+Description: Use a signed char instead of a double for lab_struct
+ The massive data structure was using a double for each struct member,
+ which makes the resulting object extremely large. By switching it to a
+ signed char we reduce the size from around 20 MiB to 2.5 MiB, so an order
+ of magnitude. The new data type should be fine as the number literals do
+ not exceed the type range.
+ .
+ In any case this gets embedded into at least three binaries, one of which
+ contais an extremely generic filename(!). Which is still rather ridiculous
+ as this should most possibly be computable at run-time, or stored in a
+ shared data file, or in a single shared library or plugin.
+Author: Guillem Jover <guillem@debian.org>
+Origin: vendor
+Bug-Debian:
+Forwarded: no
+Last-Update: 2014-07-18
+
+---
+
+--- lib/edgepaint/lab.h
++++ lib/edgepaint/lab.h
+@@ -21,7 +21,7 @@ struct xyz_struct {
+ typedef struct xyz_struct color_xyz;
+ 
+ struct lab_struct {
+-  double l, a, b;/* l: 0 to 100, a,b: -128 tp 128 */
++  signed char l, a, b;/* l: 0 to 100, a,b: -128 tp 128 */
+ };
+ typedef struct lab_struct color_lab;
+ 

srcpkgs/graphviz/template

@@ -1,11 +1,12 @@
 # Template file for 'graphviz'
 pkgname=graphviz
 version=2.38.0
-revision=3
+revision=4
 replaces="graphviz-libs<2.38.0_3"
 build_style=gnu-configure
 hostmakedepends="automake libtool flex pkg-config libltdl-devel"
-makedepends="libpng-devel gd-devel gtk+-devel librsvg-devel libltdl-devel"
+makedepends="libpng-devel gd-devel gtk+-devel librsvg-devel libltdl-devel
+ libXaw-devel"
 short_desc="Graph Visualization Software"
 configure_args="--disable-rpath --enable-ltdl --disable-ltdl-install
  --disable-swig --disable-sharp --disable-guile --disable-io --disable-java