mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
graphviz: fix CVE-2023-46045
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. CVE-2023-46045-0003.patch is the CVE fix and CVE-2023-46045-0001.patch, CVE-2023-46045-0002.patch are dependent commits to fix the CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-46045 Upstream patches: https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
committed by
Armin Kuster
parent
ae5d6c81fa
commit
ec85533ee5
@@ -0,0 +1,37 @@
|
|||||||
|
From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Fernandez <matthew.fernandez@gmail.com>
|
||||||
|
Date: Wed, 24 Jul 2024 13:19:03 +0800
|
||||||
|
Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
|
||||||
|
'gv_api'
|
||||||
|
|
||||||
|
CVE: CVE-2023-46045
|
||||||
|
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb]
|
||||||
|
|
||||||
|
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
||||||
|
---
|
||||||
|
lib/gvc/gvconfig.c | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
|
||||||
|
index d03de09..2f31b98 100644
|
||||||
|
--- a/lib/gvc/gvconfig.c
|
||||||
|
+++ b/lib/gvc/gvconfig.c
|
||||||
|
@@ -174,7 +174,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||||
|
{
|
||||||
|
char *package_path, *name, *api;
|
||||||
|
const char *type;
|
||||||
|
- api_t gv_api;
|
||||||
|
int quality;
|
||||||
|
int nest = 0;
|
||||||
|
gvplugin_package_t *package;
|
||||||
|
@@ -189,7 +188,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||||
|
package = gvplugin_package_record(gvc, package_path, name);
|
||||||
|
do {
|
||||||
|
api = token(&nest, &s);
|
||||||
|
- gv_api = gvplugin_api(api);
|
||||||
|
+ const api_t gv_api = gvplugin_api(api);
|
||||||
|
do {
|
||||||
|
if (nest == 2) {
|
||||||
|
type = token(&nest, &s);
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
@@ -0,0 +1,38 @@
|
|||||||
|
From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Fernandez <matthew.fernandez@gmail.com>
|
||||||
|
Date: Wed, 24 Jul 2024 13:39:39 +0800
|
||||||
|
Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
|
||||||
|
'api'
|
||||||
|
|
||||||
|
CVE: CVE-2023-46045
|
||||||
|
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a]
|
||||||
|
|
||||||
|
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
||||||
|
---
|
||||||
|
lib/gvc/gvconfig.c | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
|
||||||
|
index 2f31b98..ea0d81b 100644
|
||||||
|
--- a/lib/gvc/gvconfig.c
|
||||||
|
+++ b/lib/gvc/gvconfig.c
|
||||||
|
@@ -172,7 +172,7 @@ static char *token(int *nest, char **tokens)
|
||||||
|
|
||||||
|
static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||||
|
{
|
||||||
|
- char *package_path, *name, *api;
|
||||||
|
+ char *package_path, *name;
|
||||||
|
const char *type;
|
||||||
|
int quality;
|
||||||
|
int nest = 0;
|
||||||
|
@@ -187,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||||
|
name = "x";
|
||||||
|
package = gvplugin_package_record(gvc, package_path, name);
|
||||||
|
do {
|
||||||
|
- api = token(&nest, &s);
|
||||||
|
+ const char *api = token(&nest, &s);
|
||||||
|
const api_t gv_api = gvplugin_api(api);
|
||||||
|
do {
|
||||||
|
if (nest == 2) {
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
@@ -0,0 +1,33 @@
|
|||||||
|
From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matthew Fernandez <matthew.fernandez@gmail.com>
|
||||||
|
Date: Wed, 24 Jul 2024 15:02:06 +0800
|
||||||
|
Subject: [PATCH] gvc: detect plugin installation failure and display an error
|
||||||
|
|
||||||
|
Gitlab: fixes #2441
|
||||||
|
Reported-by: GJDuck
|
||||||
|
|
||||||
|
CVE: CVE-2023-46045
|
||||||
|
Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e]
|
||||||
|
|
||||||
|
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
||||||
|
---
|
||||||
|
lib/gvc/gvconfig.c | 4 ++++
|
||||||
|
1 file changed, 4 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
|
||||||
|
index ea0d81b..1eccc70 100644
|
||||||
|
--- a/lib/gvc/gvconfig.c
|
||||||
|
+++ b/lib/gvc/gvconfig.c
|
||||||
|
@@ -189,6 +189,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||||
|
do {
|
||||||
|
const char *api = token(&nest, &s);
|
||||||
|
const api_t gv_api = gvplugin_api(api);
|
||||||
|
+ if (gv_api == (api_t)-1) {
|
||||||
|
+ agerr(AGERR, "config error: %s %s not found\n", package_path, api);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
do {
|
||||||
|
if (nest == 2) {
|
||||||
|
type = token(&nest, &s);
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
@@ -20,6 +20,9 @@ inherit autotools-brokensep pkgconfig gettext qemu
|
|||||||
|
|
||||||
SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
|
SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
|
||||||
file://0001-Autotools-fix-do-not-put-prefix-based-paths-in-compi.patch \
|
file://0001-Autotools-fix-do-not-put-prefix-based-paths-in-compi.patch \
|
||||||
|
file://CVE-2023-46045-0001.patch \
|
||||||
|
file://CVE-2023-46045-0002.patch \
|
||||||
|
file://CVE-2023-46045-0003.patch \
|
||||||
"
|
"
|
||||||
# Use native mkdefs
|
# Use native mkdefs
|
||||||
SRC_URI:append:class-target = "\
|
SRC_URI:append:class-target = "\
|
||||||
|
|||||||
Reference in New Issue
Block a user