diff --git a/graphviz-2.40.1-CVE-2019-11023.patch b/graphviz-2.40.1-CVE-2019-11023.patch new file mode 100644 index 0000000..e5e0183 --- /dev/null +++ b/graphviz-2.40.1-CVE-2019-11023.patch @@ -0,0 +1,65 @@ +--- a/cmd/tools/graphml2gv.c ++++ b/cmd/tools/graphml2gv.c +@@ -477,8 +468,10 @@ + if (pos > 0) { + const char *attrname; + attrname = atts[pos]; +- +- bind_node(attrname); ++ if (G == 0) ++ fprintf(stderr,"node %s outside graph, ignored\n",attrname); ++ else ++ bind_node(attrname); + + pushString(&ud->elements, attrname); + } +@@ -504,21 +497,25 @@ + if (tname) + head = tname; + +- bind_edge(tail, head); +- +- t = AGTAIL(E); +- tname = agnameof(t); +- +- if (strcmp(tname, tail) == 0) { +- ud->edgeinverted = FALSE; +- } else if (strcmp(tname, head) == 0) { +- ud->edgeinverted = TRUE; +- } +- +- pos = get_xml_attr("id", atts); +- if (pos > 0) { +- setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); +- } ++ if (G == 0) ++ fprintf(stderr,"edge source %s target %s outside graph, ignored\n",(char*)tail,(char*)head); ++ else { ++ bind_edge(tail, head); ++ ++ t = AGTAIL(E); ++ tname = agnameof(t); ++ ++ if (strcmp(tname, tail) == 0) { ++ ud->edgeinverted = FALSE; ++ } else if (strcmp(tname, head) == 0) { ++ ud->edgeinverted = TRUE; ++ } ++ ++ pos = get_xml_attr("id", atts); ++ if (pos > 0) { ++ setEdgeAttr(E, GRAPHML_ID, (char *) atts[pos], ud); ++ } ++ } + } else { + /* must be some extension */ + fprintf(stderr, +@@ -545,7 +536,7 @@ + char *ele_name = topString(ud->elements); + if (ud->closedElementType == TAG_GRAPH) { + Agnode_t *node = agnode(root, ele_name, 0); +- agdelete(root, node); ++ if (node) agdelete(root, node); + } + popString(&ud->elements); + Current_class = TAG_GRAPH; diff --git a/graphviz.spec b/graphviz.spec index e20accd..d8c57af 100644 --- a/graphviz.spec +++ b/graphviz.spec @@ -61,7 +61,7 @@ Name: graphviz Summary: Graph Visualization Tools Version: 2.40.1 -Release: 44%{?dist} +Release: 45%{?dist} License: EPL-1.0 URL: http://www.graphviz.org/ # A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371 @@ -73,6 +73,7 @@ Patch2: graphviz-2.40.1-CVE-2018-10196.patch # rhbz#1505230 Patch3: graphviz-2.40.1-dotty-menu-fix.patch Patch4: graphviz-2.40.1-coverity-scan-fixes.patch +Patch5: graphviz-2.40.1-CVE-2019-11023.patch BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2 BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig, sed BuildRequires: fontconfig-devel, libtool-ltdl-devel, ruby-devel, ruby, guile-devel @@ -289,6 +290,7 @@ Various tcl packages (extensions) for the graphviz tools. %patch2 -p1 -b .CVE-2018-10196 %patch3 -p1 -b .dotty-menu-fix %patch4 -p1 -b .coverity-scan-fixes +%patch5 -p1 -b .CVE-2019-11023 # Attempt to fix rpmlint warnings about executable sources find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';' @@ -607,6 +609,10 @@ php --no-php-ini \ %{_mandir}/man3/*.3tcl* %changelog +* Wed Apr 24 2019 Jaroslav Škarvada - 2.40.1-45 +- Fixed null pointer dereference in function agroot() + Resolves: CVE-2019-11023 + * Fri Feb 01 2019 Fedora Release Engineering - 2.40.1-44 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild