Security fix for CVE-2014-9157, graphviz: format string vulnerability in yyerror()

ok edd@ (MAINTAINER)

math/graphviz/Makefile

@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.60 2015/06/10 21:42:26 sthen Exp $
+# $OpenBSD: Makefile,v 1.61 2015/08/21 16:06:06 jasper Exp $
 
 COMMENT-main=	graph drawing software
 
 DISTNAME=	graphviz-2.36.0
-REVISION=	3
+REVISION=	4
 PKGNAME-main=	${DISTNAME}
 CATEGORIES=	math devel graphics
 

math/graphviz/patches/patch-lib_cgraph_scan_l

@@ -0,0 +1,16 @@
+$OpenBSD: patch-lib_cgraph_scan_l,v 1.2 2015/08/21 16:06:06 jasper Exp $
+
+Security fix for CVE-2014-9157, graphviz: format string vulnerability in yyerror()
+https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081.patch
+
+--- lib/cgraph/scan.l.orig2	Fri Aug 21 10:25:19 2015
++++ lib/cgraph/scan.l	Fri Aug 21 10:25:42 2015
+@@ -223,7 +223,7 @@ void yyerror(char *str)
+ 	agxbput (&xb, buf);
+ 	agxbput (&xb, yytext);
+ 	agxbput (&xb,"'\n");
+-	agerr(AGWARN,agxbuse(&xb));
++	agerr(AGWARN, "%s", agxbuse(&xb));
+ 	agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */