mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

gnuplot: fix CVE-2025-31177

Browse Source 
CVE-2025-31177:
gnuplot is affected by a heap buffer overflow at function utf8_copy_one.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31177]

Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This commit is contained in:
Zhang Peng
2025-09-02 15:44:28 +08:00
committed by Anuj Mittal
parent a3826c4999
commit dd4b10de44
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch
+40
View File
@@ -0,0 +1,40 @@
From 36a4355010a81a78cf9df03d3c76dcd599ed994b Mon Sep 17 00:00:00 2001
From: Ethan A Merritt <merritt@u.washington.edu>
Date: Wed, 15 Jan 2025 11:56:13 -0800
Subject: [PATCH] dumb: more stringent tests against y bound of dumb terminal
charcell array
Bug 2756
CVE: CVE-2025-31177
Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
term/dumb.trm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/term/dumb.trm b/term/dumb.trm
index c93afb94e..bb22ca25f 100644
--- a/term/dumb.trm
+++ b/term/dumb.trm
@@ -637,7 +637,7 @@ DUMB_put_text(unsigned int x, unsigned int y, const char *str)
{
int i, length;
- if (y > dumb_ymax)
+ if (y < 0 || y > dumb_ymax)
return;
length = gp_strlen(str);
@@ -784,7 +784,7 @@ ENHdumb_FLUSH()
y += i;
/* print the string fragment, perhaps invisibly */
- if (ENHdumb_show && y < dumb_ymax) {
+ if (ENHdumb_show && (0 <= y && y < dumb_ymax)) {
#ifdef DUMB_UTF8
for (i = 0; i < len && x < dumb_xmax; i++, x++) {
utf8_copy_one( (char *)(&DUMB_PIXEL(x, y)), gp_strchrn(str,i));
--
2.43.0
meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
+1
View File
@@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
file://gnuplot.png \
file://CVE-2025-3359.patch \
file://CVE-2025-31176.patch \
file://CVE-2025-31177.patch \
"
SRC_URI:append:class-target = " \
file://0002-do-not-build-demos.patch \