packages/gnuplot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2020-25969

Browse Source 
(cherry picked from commit 3fdfd0c34c7133e803457993efa3a5477b59a8e0)
This commit is contained in:
starlet-dx 2023-07-13 09:39:40 +08:00 committed by openeuler-sync-bot
parent bcf9b78172
commit 80eedbfcb9
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2020-25969.patch Normal file
View File

@ -0,0 +1,39 @@
From 1f36c4fbb3e8e0beb213b4a29ab463e43db9ef42 Mon Sep 17 00:00:00 2001
From: Ethan A Merritt <merritt@u.washington.edu>
Date: Fri, 11 Sep 2020 17:38:55 -0700
Subject: [PATCH] prevent buffer overflow of enhanced text fragment
The generic enhanced text buffering uses a shared buffer with fixed length.
Add a check on the current position before adding each character in an
enhanced text fragment. Affects terminals
caca canvas dumb emf gd pc pdf pm tkcanvas x11 win
Does not affect terminals with customized text handling
qt wxt cairo
Bugs #2310 #2311
---
src/term.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/term.c b/src/term.c
index 7fd46fa04..70a2a7f25 100644
--- a/src/term.c
+++ b/src/term.c
@@ -185,6 +185,7 @@ char *enhanced_cur_text = NULL;
double enhanced_fontscale = 1.0;
char enhanced_escape_format[16] = "";
double enhanced_max_height = 0.0, enhanced_min_height = 0.0;
+#define ENHANCED_TEXT_MAX (&enhanced_text[MAX_LINE_LEN])
/* flag variable to disable enhanced output of filenames, mainly. */
TBOOLEAN ignore_enhanced_text = FALSE;
@@ -2021,6 +2022,9 @@ test_term()
void
do_enh_writec(int c)
{
+ /* Guard against buffer overflow */
+ if (enhanced_cur_text >= ENHANCED_TEXT_MAX)
+ return;
/* note: c is meant to hold a char, but is actually an int, for
* the same reasons applying to putc() and friends */
*enhanced_cur_text++ = c;

6
gnuplot.spec
View File

@ -2,7 +2,7 @@
Name: gnuplot Name: gnuplot
Summary: a portable command-line driven graphing utility Summary: a portable command-line driven graphing utility
Version: %{major_minor}.6 Version: %{major_minor}.6
Release: 13 Release: 14
License: gnuplot and MIT License: gnuplot and MIT
URL: http://www.gnuplot.info/ URL: http://www.gnuplot.info/
@ -14,6 +14,7 @@ Patch2: gnuplot-4.6.1-plot-sigsegv.patch
Patch3: gnuplot-4.6.4-singlethread.patch Patch3: gnuplot-4.6.4-singlethread.patch
Patch4: gnuplot-5.0.6-no-lena.patch Patch4: gnuplot-5.0.6-no-lena.patch
Patch5: gnuplot-5.0.6-add-lib-gobject-when-config.patch Patch5: gnuplot-5.0.6-add-lib-gobject-when-config.patch
Patch6: CVE-2020-25969.patch
BuildRequires: cairo-devel latex2html emacs gd-devel giflib-devel libotf libpng-devel BuildRequires: cairo-devel latex2html emacs gd-devel giflib-devel libotf libpng-devel
BuildRequires: librsvg2 texinfo libX11-devel libXt-devel lua-devel m17n-lib tex-tex4ht BuildRequires: librsvg2 texinfo libX11-devel libXt-devel lua-devel m17n-lib tex-tex4ht
@ -161,6 +162,9 @@ fi
%exclude %{_mandir}/man1/%{name}-ja.1* %exclude %{_mandir}/man1/%{name}-ja.1*
%changelog %changelog
* Thu Jul 13 2023 yaoxin <yao_xin001@hoperun.com> - 5.0.6-14
- Fix CVE-2020-25969
* Tue Nov 22 2022 Ge Wang <wangge20@h-partners.com> - 5.0.6-13 * Tue Nov 22 2022 Ge Wang <wangge20@h-partners.com> - 5.0.6-13
- Bring source file into correspondence with described in spec file - Bring source file into correspondence with described in spec file