[graphviz/f19] Fixed format string vulnerability
Jaroslav Škarvada
jskarvad at fedoraproject.org
Tue Nov 25 16:58:43 UTC 2014
commit d4689ff4803240e76be04b3e5a3035204f225b62
Author: Jaroslav Škarvada <jskarvad at redhat.com>
Date: Tue Nov 25 17:58:37 2014 +0100
Fixed format string vulnerability
Resolves: rhbz#1167868
graphviz-2.30.1-format-string.patch | 13 +++++++++++++
graphviz.spec | 9 ++++++++-
2 files changed, 21 insertions(+), 1 deletions(-)
---
diff --git a/graphviz-2.30.1-format-string.patch b/graphviz-2.30.1-format-string.patch
new file mode 100644
index 0000000..0b9070e
--- /dev/null
+++ b/graphviz-2.30.1-format-string.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 94e4c17..2255b59 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -224,7 +224,7 @@ void yyerror(char *str)
+ agxbput (&xb, buf);
+ agxbput (&xb, yytext);
+ agxbput (&xb,"'\n");
+- agerr(AGWARN,agxbuse(&xb));
++ agerr(AGWARN, "%s", agxbuse(&xb));
+ agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
diff --git a/graphviz.spec b/graphviz.spec
index 548027f..8259a07 100644
--- a/graphviz.spec
+++ b/graphviz.spec
@@ -51,7 +51,7 @@
Name: graphviz
Summary: Graph Visualization Tools
Version: 2.30.1
-Release: 12%{?dist}
+Release: 13%{?dist}
Group: Applications/Multimedia
License: EPL
URL: http://www.graphviz.org/
@@ -79,6 +79,8 @@ Patch11: graphviz-2.30.1-man-fix.patch
Patch12: graphviz-2.30.1-CVE-2014-0978-CVE-2014-1235.patch
# Fix chknum overflow (CVE-2014-1236)
Patch13: graphviz-2.30.1-CVE-2014-1236.patch
+# Backported from upstream
+Patch14: graphviz-2.30.1-format-string.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
@@ -288,6 +290,7 @@ Various tcl packages (extensions) for the graphviz tools.
%patch11 -p1 -b .man-fix
%patch12 -p1 -b .CVE-2014-0978-CVE-2014-1235
%patch13 -p1 -b .CVE-2014-1236
+%patch14 -p1 -b .format-string
# Attempt to fix rpmlint warnings about executable sources
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
@@ -564,6 +567,10 @@ rm -rf %{buildroot}
%changelog
+* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 2.30.1-13
+- Fixed format string vulnerability
+ Resolves: rhbz#1167868
+
* Fri Jan 10 2014 Jaroslav Škarvada <jskarvad at redhat.com> - 2.30.1-12
- Prevent possible buffer overflow in yyerror()
Resolves: CVE-2014-1235
More information about the scm-commits
mailing list