Fix CVE-2023-46045

(cherry picked from commit df0ac3d8c4b02d312d0858525a9bcdd91a901834)

CVE-2023-46045.patch

@@ -0,0 +1,50 @@
+From 4becebe422e167358f4e57679d845932cc9f3a8a Mon Sep 17 00:00:00 2001
+From: starlet-dx <15929766099@163.com>
+Date: Fri, 2 Feb 2024 10:24:35 +0800
+Subject: [PATCH 1/1] Merge branch 'smattr/gitlab-2441' into 'main'
+
+gvc: detect plugin installation failure and display an error
+
+Closes #2441
+
+Origin:
+https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
+https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
+https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
+---
+ lib/gvc/gvconfig.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
+index 06c3326..9d3f6fc 100644
+--- a/lib/gvc/gvconfig.c
++++ b/lib/gvc/gvconfig.c
+@@ -165,9 +165,8 @@ static char *token(int *nest, char **tokens)
+ 
+ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ {
+-    char *path, *name, *api;
++    char *path, *name;
+     const char *type;
+-    api_t gv_api;
+     int quality, rc;
+     int nest = 0;
+     gvplugin_package_t *package;
+@@ -181,8 +180,12 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
+ 	    name = "x";
+         package = gvplugin_package_record(gvc, path, name);
+ 	do {
+-	    api = token(&nest, &s);
+-	    gv_api = gvplugin_api(api);
++	    const char *api = token(&nest, &s);
++	    const api_t gv_api = gvplugin_api(api);
++	    if (gv_api == (api_t)-1) {
++		agerr(AGERR, "config error: %s %s not found\n", path, api);
++		return 0;
++	    }
+ 	    do {
+ 		if (nest == 2) {
+ 		    type = token(&nest, &s);
+-- 
+2.33.0
+

graphviz.spec

@@ -9,7 +9,7 @@
 %global pluginsver 6
 %global php_extdir %(php-config --extension-dir 2>/dev/null || echo %{_libdir}/php4)
 
-%ifarch loongarch64
+%ifarch loongarch64 sw_64
 %global OCAML 0
 %else
 %global OCAML 1
@@ -18,13 +18,15 @@
 
 Name:               graphviz
 Version:            2.48.0
-Release:            3
+Release:            5
 Summary:            Graph Visualization Tools
 License:            EPL-1.0
 URL:                http://www.graphviz.org/
 Source0:            https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz
 
 Patch6000:          backport-graphviz-2.48.0-gvpack-neato-static.patch
+# https://gitlab.com/graphviz/graphviz/-/commit/5d09f70d7f6b81eb891749895c2e6b81365ac234
+Patch6001:          CVE-2023-46045.patch
 
 BuildRequires:      gcc-g++
 BuildRequires:      ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
@@ -122,7 +124,7 @@ Summary:             Ruby extension for graphviz
 Requires:            %{name} = %{version}-%{release} ruby
 %description ruby
 Ruby extension for graphviz.
-%ifnarch loongarch64
+%ifnarch loongarch64 sw_64
 %package tcl
 Summary:             Tcl extension & tools for graphviz
 Requires:            %{name} = %{version}-%{release} tcl >= 8.3 tk
@@ -215,7 +217,7 @@ mkdir -p $RPM_BUILD_ROOT/etc/ld.so.conf.d
 echo "%{_libdir}/graphviz" > $RPM_BUILD_ROOT/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 touch $RPM_BUILD_ROOT%{_libdir}/graphviz/config%{pluginsver}
 
-%ifarch loongarch64
+%ifarch loongarch64 sw_64
 mkdir -p $RPM_BUILD_ROOT/%{_libdir}/lua/5.4/
 mv $RPM_BUILD_ROOT/usr/lib/lua/5.4/gv.so $RPM_BUILD_ROOT/usr/lib64/lua/5.4/gv.so
 %endif
@@ -307,13 +309,19 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
 %{_libdir}/graphviz/ruby/
 %{_libdir}/*ruby*/*
 
-%ifnarch loongarch64
+%ifnarch loongarch64 sw_64
 %files tcl
 %{_libdir}/graphviz/tcl/
 %{_libdir}/tcl*/*
 %endif
 
 %changelog
+* Fri Feb 02 2024 yaoxin <yao_xin001@hoperun.com> - 2.48.0-5
+- Fix CVE-2023-46045
+
+* Wed Jul 19 2023 haomimi <haomimi@uniontech.com> - 2.48.0-4
+- add sw_64 support
+
 * Mon Nov 21 2022 huajingyun <huajingyun@loongson.cn> - 2.48.0-3
 - add loongarch support