From a3626aee12316e72e5d47b273fcfea1dd5a94c2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Tue, 25 Nov 2014 18:06:04 +0100
Subject: [PATCH] Fixed format string vulnerability

  Resolves: rhbz#1167869
---
 graphviz-2.12-format-string.patch | 13 +++++++++++++
 graphviz.spec                     |  9 ++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 graphviz-2.12-format-string.patch

diff --git a/graphviz-2.12-format-string.patch b/graphviz-2.12-format-string.patch
new file mode 100644
index 0000000..afa66b4
--- /dev/null
+++ b/graphviz-2.12-format-string.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/agraph/scan.l b/lib/agraph/scan.l
+index 02eaaab..799ff89 100644
+--- a/lib/agraph/scan.l
++++ b/lib/agraph/scan.l
+@@ -179,7 +179,7 @@ void yyerror(char *str)
+ 	agxbput (&xb, buf);
+ 	agxbput (&xb, yytext);
+ 	agxbput (&xb,"'\n");
+-	agerror(AGERROR_SYNTAX,agxbuse(&xb));
++	agerror(AGERROR_SYNTAX, "%s", agxbuse(&xb));
+ 	agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
diff --git a/graphviz.spec b/graphviz.spec
index 56ef91a..f1a929e 100644
--- a/graphviz.spec
+++ b/graphviz.spec
@@ -7,7 +7,7 @@
 #-- graphviz src.rpm --------------------------------------------------------
 Name:		graphviz
 Version:	2.12
-Release:	10%{?dist}
+Release:	11%{?dist}
 
 License:	CPL
 URL:		http://www.graphviz.org/
@@ -18,6 +18,8 @@ Patch1:		%{name}-libcdt.patch
 Patch2:		graphviz-2.12-CVE-2014-0978-CVE-2014-1235.patch
 # Fix chknum overflow (CVE-2014-1236)
 Patch3:		graphviz-2.12-CVE-2014-1236.patch
+# Backported from upstream
+Patch4:		graphviz-2.12-format-string.patch
 
 # graphviz is relocatable
 #Prefix: /usr
@@ -414,6 +416,7 @@ Provides some additional PDF and HTML documentation for graphviz.
 %patch1 -p1
 %patch2 -p1 -b .CVE-2014-0978-CVE-2014-1235
 %patch3 -p1 -b .CVE-2014-1236
+%patch4 -p1 -b .format-string
 
 %build
 # XXX ix86 only used to have -ffast-math, let's use everywhere
@@ -450,6 +453,10 @@ rm -rf $RPM_BUILD_ROOT
 #-- changelog --------------------------------------------------
 
 %changelog
+* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.12-11
+- Fixed format string vulnerability
+  Resolves: rhbz#1167869
+
 * Fri Jan 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.12-10
 - Prevent possible buffer overflow in yyerror()
   Resolves: CVE-2014-1235