mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

graphviz: fix CVE-2023-46045

Browse Source 
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file.
NOTE: exploitability may be uncommon because this file is typically owned by root.

Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Meenali Gupta
2024-02-13 11:13:03 +00:00
committed by Armin Kuster
parent 5800571ad7
commit ab7c9bea36
4 changed files with 111 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
+38
View File
@@ -0,0 +1,38 @@
From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Fri, 12 Jan 2024 17:06:17 +1100
Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
'gv_api'
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb]
CVE: CVE-2023-46045
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
lib/gvc/gvconfig.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
index 2d86321..f9d1dcc 100644
--- a/lib/gvc/gvconfig.c
+++ b/lib/gvc/gvconfig.c
@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
{
char *package_path, *name, *api;
const char *type;
- api_t gv_api;
int quality, rc;
int nest = 0;
gvplugin_package_t *package;
@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
package = gvplugin_package_record(gvc, package_path, name);
do {
api = token(&nest, &s);
- gv_api = gvplugin_api(api);
+ const api_t gv_api = gvplugin_api(api);
do {
if (nest == 2) {
type = token(&nest, &s);
--
2.40.0
meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
+39
View File
@@ -0,0 +1,39 @@
From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Fri, 12 Jan 2024 17:06:17 +1100
Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
'api'
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a]
CVE: CVE-2023-46045
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
lib/gvc/gvconfig.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
index f9d1dcc..95e8c6c 100644
--- a/lib/gvc/gvconfig.c
+++ b/lib/gvc/gvconfig.c
@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens)
static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
{
- char *package_path, *name, *api;
+ char *package_path, *name;
const char *type;
int quality, rc;
int nest = 0;
@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
name = "x";
package = gvplugin_package_record(gvc, package_path, name);
do {
- api = token(&nest, &s);
+ const char *api = token(&nest, &s);
const api_t gv_api = gvplugin_api(api);
do {
if (nest == 2) {
--
2.40.0
meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
+31
View File
@@ -0,0 +1,31 @@
From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Fri, 12 Jan 2024 17:06:17 +1100
Subject: [PATCH] gvc: detect plugin installation failure and display an error
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e]
CVE: CVE-2023-46045
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
---
lib/gvc/gvconfig.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
index 95e8c6c..77d0865 100644
--- a/lib/gvc/gvconfig.c
+++ b/lib/gvc/gvconfig.c
@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
do {
const char *api = token(&nest, &s);
const api_t gv_api = gvplugin_api(api);
+ if (gv_api == (api_t)-1) {
+ agerr(AGERR, "config error: %s %s not found\n", package_path, api);
+ return 0;
+ }
do {
if (nest == 2) {
type = token(&nest, &s);
--
2.40.0
meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
+3
View File
@@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native"
inherit autotools-brokensep pkgconfig gettext qemu
SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
file://CVE-2023-46045-1.patch \
file://CVE-2023-46045-2.patch \
file://CVE-2023-46045-3.patch \
"
# Use native mkdefs
SRC_URI:append:class-target = "\