From 49e23d16a2f83da6a3229d0317993e7c5144a2ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Thu, 17 May 2018 13:26:04 +0200
Subject: [PATCH] Fixed CVE-2018-10196

---
 graphviz-2.40.1-CVE-2018-10196.patch | 16 ++++++++++++++++
 graphviz.spec                        |  8 +++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 graphviz-2.40.1-CVE-2018-10196.patch

diff --git a/graphviz-2.40.1-CVE-2018-10196.patch b/graphviz-2.40.1-CVE-2018-10196.patch
new file mode 100644
index 0000000..7b7587b
--- /dev/null
+++ b/graphviz-2.40.1-CVE-2018-10196.patch
@@ -0,0 +1,16 @@
+diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
+--- a/lib/dotgen/conc.c
++++ b/lib/dotgen/conc.c
+@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
+ 
+     for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
+ 	lead = GD_rankleader(g)[r];
+-	if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
++	if (lead == NULL) {
++		agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
++		longjmp(jbuf, 1);
++	}
++	else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
+ 	    agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n", 
+ 		agnameof(lead), ND_order(lead), r);
+ 	    longjmp(jbuf, 1);
diff --git a/graphviz.spec b/graphviz.spec
index 32a4250..58dc9b1 100644
--- a/graphviz.spec
+++ b/graphviz.spec
@@ -55,12 +55,14 @@
 Name:			graphviz
 Summary:		Graph Visualization Tools
 Version:		2.40.1
-Release:		25%{?dist}
+Release:		26%{?dist}
 License:		EPL
 URL:			http://www.graphviz.org/
 Source0:		http://www.graphviz.org/pub/graphviz/ARCHIVE/%{name}-%{version}.tar.gz
 Patch0:			graphviz-2.40.1-visio.patch
 Patch1:			graphviz-2.40.1-python3.patch
+# https://gitlab.com/graphviz/graphviz/issues/1367
+Patch2:			graphviz-2.40.1-CVE-2018-10196.patch
 BuildRequires:		zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
 BuildRequires:		ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
 BuildRequires:		fontconfig-devel, libtool-ltdl-devel, ruby-devel, ruby, guile-devel
@@ -276,6 +278,7 @@ Various tcl packages (extensions) for the graphviz tools.
 %setup -q
 %patch0 -p1 -b .visio
 %patch1 -p1 -b .python3
+%patch2 -p1 -b .CVE-2018-10196
 
 # Attempt to fix rpmlint warnings about executable sources
 find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
@@ -591,6 +594,9 @@ php --no-php-ini \
 %{_mandir}/man3/*.3tcl*
 
 %changelog
+* Thu May 17 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-26
+- Fixed CVE-2018-10196
+
 * Thu May  3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-25
 - Made python2 package optional