gnuplot: fix CVE-2025-31179

CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179]

Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch

@@ -0,0 +1,35 @@
+From 92c147cbcb8c28e4662963b378fc31e1d58c72f2 Mon Sep 17 00:00:00 2001
+From: Ethan A Merritt <merritt@u.washington.edu>
+Date: Tue, 11 Mar 2025 16:31:23 -0700
+Subject: [PATCH] guard against trying to format a huge number as a time
+
+The time formatting code does not handle time_in_seconds > 1.e12
+(sometime in the year 33658).
+
+Bug 2779
+CVE: CVE-2025-31179
+Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/]
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/mouse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/mouse.c b/src/mouse.c
+index 1571144ce..86dee805c 100644
+--- a/src/mouse.c
++++ b/src/mouse.c
+@@ -513,6 +513,11 @@ static char *
+ xDateTimeFormat(double x, char *b, int mode)
+ {
+     struct tm tm;
++    if (fabs(x) > 1.e12) {  /* Some time in the year 33688 */
++	int_warn(NO_CARET, "time value out of range");
++	*b = '\0';
++	return b;
++    }
+ 
+     switch (mode) {
+     case MOUSE_COORDINATES_XDATE:
+-- 
+2.43.0
+

meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb

@@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
            file://CVE-2025-31176.patch \
            file://CVE-2025-31177.patch \
            file://CVE-2025-31178.patch \
+           file://CVE-2025-31179.patch \
            "
 SRC_URI:append:class-target = " \
     file://0002-do-not-build-demos.patch \