Dropped format-string patch, not needed
This commit is contained in:
parent
a3626aee12
commit
a0be5be53e
|
@ -1,13 +0,0 @@
|
|||
diff --git a/lib/agraph/scan.l b/lib/agraph/scan.l
|
||||
index 02eaaab..799ff89 100644
|
||||
--- a/lib/agraph/scan.l
|
||||
+++ b/lib/agraph/scan.l
|
||||
@@ -179,7 +179,7 @@ void yyerror(char *str)
|
||||
agxbput (&xb, buf);
|
||||
agxbput (&xb, yytext);
|
||||
agxbput (&xb,"'\n");
|
||||
- agerror(AGERROR_SYNTAX,agxbuse(&xb));
|
||||
+ agerror(AGERROR_SYNTAX, "%s", agxbuse(&xb));
|
||||
agxbfree(&xb);
|
||||
}
|
||||
/* must be here to see flex's macro defns */
|
|
@ -7,7 +7,7 @@
|
|||
#-- graphviz src.rpm --------------------------------------------------------
|
||||
Name: graphviz
|
||||
Version: 2.12
|
||||
Release: 11%{?dist}
|
||||
Release: 12%{?dist}
|
||||
|
||||
License: CPL
|
||||
URL: http://www.graphviz.org/
|
||||
|
@ -18,8 +18,6 @@ Patch1: %{name}-libcdt.patch
|
|||
Patch2: graphviz-2.12-CVE-2014-0978-CVE-2014-1235.patch
|
||||
# Fix chknum overflow (CVE-2014-1236)
|
||||
Patch3: graphviz-2.12-CVE-2014-1236.patch
|
||||
# Backported from upstream
|
||||
Patch4: graphviz-2.12-format-string.patch
|
||||
|
||||
# graphviz is relocatable
|
||||
#Prefix: /usr
|
||||
|
@ -416,7 +414,6 @@ Provides some additional PDF and HTML documentation for graphviz.
|
|||
%patch1 -p1
|
||||
%patch2 -p1 -b .CVE-2014-0978-CVE-2014-1235
|
||||
%patch3 -p1 -b .CVE-2014-1236
|
||||
%patch4 -p1 -b .format-string
|
||||
|
||||
%build
|
||||
# XXX ix86 only used to have -ffast-math, let's use everywhere
|
||||
|
@ -453,6 +450,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
#-- changelog --------------------------------------------------
|
||||
|
||||
%changelog
|
||||
* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.12-12
|
||||
- Dropped format-string patch, not needed
|
||||
|
||||
* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.12-11
|
||||
- Fixed format string vulnerability
|
||||
Resolves: rhbz#1167869
|
||||
|
|
Loading…
Reference in New Issue