Fixed format string vulnerability
Resolves: rhbz#1167868
This commit is contained in:
parent
f17e912aa0
commit
ccd1e1ab20
13
graphviz-2.34.0-format-string.patch
Normal file
13
graphviz-2.34.0-format-string.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
|
||||||
|
index f01785a..e54a302 100644
|
||||||
|
--- a/lib/cgraph/scan.l
|
||||||
|
+++ b/lib/cgraph/scan.l
|
||||||
|
@@ -223,7 +223,7 @@ void yyerror(char *str)
|
||||||
|
agxbput (&xb, buf);
|
||||||
|
agxbput (&xb, yytext);
|
||||||
|
agxbput (&xb,"'\n");
|
||||||
|
- agerr(AGWARN,agxbuse(&xb));
|
||||||
|
+ agerr(AGWARN, "%s", agxbuse(&xb));
|
||||||
|
agxbfree(&xb);
|
||||||
|
}
|
||||||
|
/* must be here to see flex's macro defns */
|
@ -52,7 +52,7 @@
|
|||||||
Name: graphviz
|
Name: graphviz
|
||||||
Summary: Graph Visualization Tools
|
Summary: Graph Visualization Tools
|
||||||
Version: 2.34.0
|
Version: 2.34.0
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
Group: Applications/Multimedia
|
Group: Applications/Multimedia
|
||||||
License: EPL
|
License: EPL
|
||||||
URL: http://www.graphviz.org/
|
URL: http://www.graphviz.org/
|
||||||
@ -69,6 +69,8 @@ Patch4: graphviz-2.34.0-CVE-2014-0978-CVE-2014-1235.patch
|
|||||||
Patch5: graphviz-2.34.0-CVE-2014-1236.patch
|
Patch5: graphviz-2.34.0-CVE-2014-1236.patch
|
||||||
# Backported fix for rhbz#1058323
|
# Backported fix for rhbz#1058323
|
||||||
Patch6: graphviz-2.34.0-lefty-xdot12.patch
|
Patch6: graphviz-2.34.0-lefty-xdot12.patch
|
||||||
|
# Backported from upstream
|
||||||
|
Patch7: graphviz-2.34.0-format-string.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
|
BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
|
||||||
BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
|
BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
|
||||||
@ -278,6 +280,7 @@ Various tcl packages (extensions) for the graphviz tools.
|
|||||||
%patch4 -p1 -b .CVE-2014-0978-CVE-2014-1235
|
%patch4 -p1 -b .CVE-2014-0978-CVE-2014-1235
|
||||||
%patch5 -p1 -b .CVE-2014-1236
|
%patch5 -p1 -b .CVE-2014-1236
|
||||||
%patch6 -p1 -b .left-xdot12
|
%patch6 -p1 -b .left-xdot12
|
||||||
|
%patch7 -p1 -b .format-string
|
||||||
|
|
||||||
# Attempt to fix rpmlint warnings about executable sources
|
# Attempt to fix rpmlint warnings about executable sources
|
||||||
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
|
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
|
||||||
@ -566,6 +569,10 @@ rm -rf %{buildroot}
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.34.0-10
|
||||||
|
- Fixed format string vulnerability
|
||||||
|
Resolves: rhbz#1167868
|
||||||
|
|
||||||
* Mon Nov 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.34.0-9
|
* Mon Nov 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.34.0-9
|
||||||
- Lefty now uses xdot-1.2, added ISO8859-1 fonts as requirement
|
- Lefty now uses xdot-1.2, added ISO8859-1 fonts as requirement
|
||||||
Resolves: rhbz#1058323
|
Resolves: rhbz#1058323
|
||||||
|
Loading…
Reference in New Issue
Block a user