summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMeenali Gupta <meenali.gupta@windriver.com>2024-02-13 11:13:03 +0000
committerArmin Kuster <akuster808@gmail.com>2024-02-28 08:18:18 -0500
commitab7c9bea36833c439321272a2bdf98e15483672b (patch)
treed16a964820df1f4d80ff762d673a2f49a5faba22
parent5800571ad7adb79186a79d96b89de2f43b86a21d (diff)
downloadmeta-openembedded-ab7c9bea36833c439321272a2bdf98e15483672b.tar.gz
graphviz: fix CVE-2023-46045
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch38
-rw-r--r--meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch39
-rw-r--r--meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch31
-rw-r--r--meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb3
4 files changed, 111 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
new file mode 100644
index 0000000000..a48f8aa06a
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch
@@ -0,0 +1,38 @@
1From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001
2From: Matthew Fernandez <matthew.fernandez@gmail.com>
3Date: Fri, 12 Jan 2024 17:06:17 +1100
4Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
5 'gv_api'
6
7Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb]
8CVE: CVE-2023-46045
9
10Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
11---
12 lib/gvc/gvconfig.c | 3 +--
13 1 file changed, 1 insertion(+), 2 deletions(-)
14
15diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
16index 2d86321..f9d1dcc 100644
17--- a/lib/gvc/gvconfig.c
18+++ b/lib/gvc/gvconfig.c
19@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
20 {
21 char *package_path, *name, *api;
22 const char *type;
23- api_t gv_api;
24 int quality, rc;
25 int nest = 0;
26 gvplugin_package_t *package;
27@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
28 package = gvplugin_package_record(gvc, package_path, name);
29 do {
30 api = token(&nest, &s);
31- gv_api = gvplugin_api(api);
32+ const api_t gv_api = gvplugin_api(api);
33 do {
34 if (nest == 2) {
35 type = token(&nest, &s);
36--
372.40.0
38
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
new file mode 100644
index 0000000000..4c70b1a877
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch
@@ -0,0 +1,39 @@
1From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001
2From: Matthew Fernandez <matthew.fernandez@gmail.com>
3Date: Fri, 12 Jan 2024 17:06:17 +1100
4Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope
5 'api'
6
7Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a]
8CVE: CVE-2023-46045
9
10Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
11---
12 lib/gvc/gvconfig.c | 4 ++--
13 1 file changed, 2 insertions(+), 2 deletions(-)
14
15diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
16index f9d1dcc..95e8c6c 100644
17--- a/lib/gvc/gvconfig.c
18+++ b/lib/gvc/gvconfig.c
19@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens)
20
21 static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
22 {
23- char *package_path, *name, *api;
24+ char *package_path, *name;
25 const char *type;
26 int quality, rc;
27 int nest = 0;
28@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
29 name = "x";
30 package = gvplugin_package_record(gvc, package_path, name);
31 do {
32- api = token(&nest, &s);
33+ const char *api = token(&nest, &s);
34 const api_t gv_api = gvplugin_api(api);
35 do {
36 if (nest == 2) {
37--
382.40.0
39
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
new file mode 100644
index 0000000000..4746265eeb
--- /dev/null
+++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch
@@ -0,0 +1,31 @@
1From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001
2From: Matthew Fernandez <matthew.fernandez@gmail.com>
3Date: Fri, 12 Jan 2024 17:06:17 +1100
4Subject: [PATCH] gvc: detect plugin installation failure and display an error
5
6Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e]
7CVE: CVE-2023-46045
8
9Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
10---
11 lib/gvc/gvconfig.c | 4 ++++
12 1 file changed, 4 insertions(+)
13
14diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
15index 95e8c6c..77d0865 100644
16--- a/lib/gvc/gvconfig.c
17+++ b/lib/gvc/gvconfig.c
18@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
19 do {
20 const char *api = token(&nest, &s);
21 const api_t gv_api = gvplugin_api(api);
22+ if (gv_api == (api_t)-1) {
23+ agerr(AGERR, "config error: %s %s not found\n", package_path, api);
24+ return 0;
25+ }
26 do {
27 if (nest == 2) {
28 type = token(&nest, &s);
29--
302.40.0
31
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
index 4c51af669c..f06e2adb02 100644
--- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
+++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb
@@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native"
20inherit autotools-brokensep pkgconfig gettext qemu 20inherit autotools-brokensep pkgconfig gettext qemu
21 21
22SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ 22SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \
23 file://CVE-2023-46045-1.patch \
24 file://CVE-2023-46045-2.patch \
25 file://CVE-2023-46045-3.patch \
23 " 26 "
24# Use native mkdefs 27# Use native mkdefs
25SRC_URI:append:class-target = "\ 28SRC_URI:append:class-target = "\