Fixed CVE-2018-10196
This commit is contained in:
parent
91f229fac0
commit
cf72afc1b4
16
graphviz-2.40.1-CVE-2018-10196.patch
Normal file
16
graphviz-2.40.1-CVE-2018-10196.patch
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
diff --git a/lib/dotgen/conc.c b/lib/dotgen/conc.c
|
||||||
|
--- a/lib/dotgen/conc.c
|
||||||
|
+++ b/lib/dotgen/conc.c
|
||||||
|
@@ -159,7 +159,11 @@ static void rebuild_vlists(graph_t * g)
|
||||||
|
|
||||||
|
for (r = GD_minrank(g); r <= GD_maxrank(g); r++) {
|
||||||
|
lead = GD_rankleader(g)[r];
|
||||||
|
- if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
|
||||||
|
+ if (lead == NULL) {
|
||||||
|
+ agerr(AGERR, "rebuiltd_vlists: lead is null for rank %d\n", r);
|
||||||
|
+ longjmp(jbuf, 1);
|
||||||
|
+ }
|
||||||
|
+ else if (GD_rank(dot_root(g))[r].v[ND_order(lead)] != lead) {
|
||||||
|
agerr(AGERR, "rebuiltd_vlists: rank lead %s not in order %d of rank %d\n",
|
||||||
|
agnameof(lead), ND_order(lead), r);
|
||||||
|
longjmp(jbuf, 1);
|
@ -49,12 +49,13 @@
|
|||||||
Name: graphviz
|
Name: graphviz
|
||||||
Summary: Graph Visualization Tools
|
Summary: Graph Visualization Tools
|
||||||
Version: 2.40.1
|
Version: 2.40.1
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
Group: Applications/Multimedia
|
Group: Applications/Multimedia
|
||||||
License: EPL
|
License: EPL
|
||||||
URL: http://www.graphviz.org/
|
URL: http://www.graphviz.org/
|
||||||
Source0: http://www.graphviz.org/pub/graphviz/ARCHIVE/%{name}-%{version}.tar.gz
|
Source0: http://www.graphviz.org/pub/graphviz/ARCHIVE/%{name}-%{version}.tar.gz
|
||||||
Patch0: graphviz-2.40.1-visio.patch
|
Patch0: graphviz-2.40.1-visio.patch
|
||||||
|
Patch1: graphviz-2.40.1-CVE-2018-10196.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
|
BuildRequires: zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
|
||||||
BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
|
BuildRequires: ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
|
||||||
@ -259,6 +260,7 @@ Various tcl packages (extensions) for the graphviz tools.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1 -b .visio
|
%patch0 -p1 -b .visio
|
||||||
|
%patch1 -p1 -b .CVE-2018-10196
|
||||||
|
|
||||||
# Attempt to fix rpmlint warnings about executable sources
|
# Attempt to fix rpmlint warnings about executable sources
|
||||||
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
|
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
|
||||||
@ -554,6 +556,9 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man3/*.3tcl*
|
%{_mandir}/man3/*.3tcl*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu May 17 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-11
|
||||||
|
- Fixed CVE-2018-10196
|
||||||
|
|
||||||
* Mon Aug 07 2017 Richard W.M. Jones <rjones@redhat.com> - 2.40.1-10
|
* Mon Aug 07 2017 Richard W.M. Jones <rjones@redhat.com> - 2.40.1-10
|
||||||
- OCaml 4.05.0 rebuild.
|
- OCaml 4.05.0 rebuild.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user