From d4689ff4803240e76be04b3e5a3035204f225b62 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20=C5=A0karvada?= <jskarvad@redhat.com>
Date: Tue, 25 Nov 2014 17:58:37 +0100
Subject: [PATCH] Fixed format string vulnerability

  Resolves: rhbz#1167868
---
 graphviz-2.30.1-format-string.patch | 13 +++++++++++++
 graphviz.spec                       |  9 ++++++++-
 2 files changed, 21 insertions(+), 1 deletion(-)
 create mode 100644 graphviz-2.30.1-format-string.patch

diff --git a/graphviz-2.30.1-format-string.patch b/graphviz-2.30.1-format-string.patch
new file mode 100644
index 0000000..0b9070e
--- /dev/null
+++ b/graphviz-2.30.1-format-string.patch
@@ -0,0 +1,13 @@
+diff --git a/lib/cgraph/scan.l b/lib/cgraph/scan.l
+index 94e4c17..2255b59 100644
+--- a/lib/cgraph/scan.l
++++ b/lib/cgraph/scan.l
+@@ -224,7 +224,7 @@ void yyerror(char *str)
+ 	agxbput (&xb, buf);
+ 	agxbput (&xb, yytext);
+ 	agxbput (&xb,"'\n");
+-	agerr(AGWARN,agxbuse(&xb));
++	agerr(AGWARN, "%s", agxbuse(&xb));
+ 	agxbfree(&xb);
+ }
+ /* must be here to see flex's macro defns */
diff --git a/graphviz.spec b/graphviz.spec
index 548027f..8259a07 100644
--- a/graphviz.spec
+++ b/graphviz.spec
@@ -51,7 +51,7 @@
 Name:			graphviz
 Summary:		Graph Visualization Tools
 Version:		2.30.1
-Release:		12%{?dist}
+Release:		13%{?dist}
 Group:			Applications/Multimedia
 License:		EPL
 URL:			http://www.graphviz.org/
@@ -79,6 +79,8 @@ Patch11:		graphviz-2.30.1-man-fix.patch
 Patch12:		graphviz-2.30.1-CVE-2014-0978-CVE-2014-1235.patch
 # Fix chknum overflow (CVE-2014-1236)
 Patch13:		graphviz-2.30.1-CVE-2014-1236.patch
+# Backported from upstream
+Patch14:		graphviz-2.30.1-format-string.patch
 BuildRoot:		%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:		zlib-devel, libpng-devel, libjpeg-devel, expat-devel, freetype-devel >= 2
 BuildRequires:		ksh, bison, m4, flex, tk-devel, tcl-devel >= 8.3, swig
@@ -288,6 +290,7 @@ Various tcl packages (extensions) for the graphviz tools.
 %patch11 -p1 -b .man-fix
 %patch12 -p1 -b .CVE-2014-0978-CVE-2014-1235
 %patch13 -p1 -b .CVE-2014-1236
+%patch14 -p1 -b .format-string
 
 # Attempt to fix rpmlint warnings about executable sources
 find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
@@ -564,6 +567,10 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Nov 25 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.30.1-13
+- Fixed format string vulnerability
+  Resolves: rhbz#1167868
+
 * Fri Jan 10 2014 Jaroslav Škarvada <jskarvad@redhat.com> - 2.30.1-12
 - Prevent possible buffer overflow in yyerror()
   Resolves: CVE-2014-1235