diff --git a/graphviz-2.40.1-CVE-2019-11023.patch b/graphviz-2.40.1-CVE-2019-11023.patch index e5e0183..abda75f 100644 --- a/graphviz-2.40.1-CVE-2019-11023.patch +++ b/graphviz-2.40.1-CVE-2019-11023.patch @@ -1,6 +1,8 @@ +diff --git a/cmd/tools/graphml2gv.c b/cmd/tools/graphml2gv.c +index 7b8214b..0910d99 100644 --- a/cmd/tools/graphml2gv.c +++ b/cmd/tools/graphml2gv.c -@@ -477,8 +468,10 @@ +@@ -477,8 +477,10 @@ startElementHandler(void *userData, const char *name, const char **atts) if (pos > 0) { const char *attrname; attrname = atts[pos]; @@ -13,39 +15,36 @@ pushString(&ud->elements, attrname); } -@@ -504,21 +497,25 @@ +@@ -504,21 +506,25 @@ startElementHandler(void *userData, const char *name, const char **atts) if (tname) head = tname; - bind_edge(tail, head); -- ++ if (G == 0) ++ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head); ++ else { ++ bind_edge(tail, head); + - t = AGTAIL(E); - tname = agnameof(t); -- ++ t = AGTAIL(E); ++ tname = agnameof(t); + - if (strcmp(tname, tail) == 0) { - ud->edgeinverted = FALSE; - } else if (strcmp(tname, head) == 0) { - ud->edgeinverted = TRUE; - } -- -- pos = get_xml_attr("id", atts); -- if (pos > 0) { -- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); -- } -+ if (G == 0) -+ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head); -+ else { -+ bind_edge(tail, head); -+ -+ t = AGTAIL(E); -+ tname = agnameof(t); -+ + if (strcmp(tname, tail) == 0) { + ud->edgeinverted = FALSE; + } else if (strcmp(tname, head) == 0) { + ud->edgeinverted = TRUE; + } -+ + +- pos = get_xml_attr("id", atts); +- if (pos > 0) { +- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); +- } + pos = get_xml_attr("id", atts); + if (pos > 0) { + setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); @@ -54,7 +53,7 @@ } else { /* must be some extension */ fprintf(stderr, -@@ -545,7 +536,7 @@ +@@ -539,7 +545,7 @@ static void endElementHandler(void *userData, const char *name) char *ele_name = topString(ud->elements); if (ud->closedElementType == TAG_GRAPH) { Agnode_t *node = agnode(root, ele_name, 0); @@ -63,3 +62,16 @@ } popString(&ud->elements); Current_class = TAG_GRAPH; +diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c +index 7b1c8c1..709774e 100644 +--- a/lib/cgraph/obj.c ++++ b/lib/cgraph/obj.c +@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack) + + Agraph_t *agroot(void* obj) + { ++ // fixes CVE-2019-11023 by moving the problem to the caller :-) ++ if (obj == 0) return NILgraph; + switch (AGTYPE(obj)) { + case AGINEDGE: + case AGOUTEDGE: diff --git a/graphviz.spec b/graphviz.spec index d8c57af..c42dfa0 100644 --- a/graphviz.spec +++ b/graphviz.spec @@ -61,7 +61,7 @@ Name: graphviz Summary: Graph Visualization Tools Version: 2.40.1 -Release: 45%{?dist} +Release: 46%{?dist} License: EPL-1.0 URL: http://www.graphviz.org/ # A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371 @@ -609,6 +609,10 @@ php --no-php-ini \ %{_mandir}/man3/*.3tcl* %changelog +* Wed Apr 24 2019 Jaroslav Škarvada - 2.40.1-46 +- Updated CVE-2019-11023 patch + Related: CVE-2019-11023 + * Wed Apr 24 2019 Jaroslav Škarvada - 2.40.1-45 - Fixed null pointer dereference in function agroot() Resolves: CVE-2019-11023