diff options
| author |   Meenali Gupta <meenali.gupta@windriver.com> | 2024-02-13 11:13:03 +0000 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2024-02-28 08:18:18 -0500 |
| commit | ab7c9bea36833c439321272a2bdf98e15483672b (patch) | |
| tree | d16a964820df1f4d80ff762d673a2f49a5faba22 /meta-oe | |
| parent | 5800571ad7adb79186a79d96b89de2f43b86a21d (diff) | |
| download | meta-openembedded-contrib-ab7c9bea36833c439321272a2bdf98e15483672b.tar.gz | |
graphviz: fix CVE-2023-46045
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file.
NOTE: exploitability may be uncommon because this file is typically owned by root.
Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe')
4 files changed, 111 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch new file mode 100644 index 0000000000..a48f8aa06a --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-1.patch @@ -0,0 +1,38 @@ +From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'gv_api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 2d86321..f9d1dcc 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -173,7 +173,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { + char *package_path, *name, *api; + const char *type; +- api_t gv_api; + int quality, rc; + int nest = 0; + gvplugin_package_t *package; +@@ -188,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + package = gvplugin_package_record(gvc, package_path, name); + do { + api = token(&nest, &s); +- gv_api = gvplugin_api(api); ++ const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch new file mode 100644 index 0000000000..4c70b1a877 --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-2.patch @@ -0,0 +1,39 @@ +From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope + 'api' + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index f9d1dcc..95e8c6c 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -171,7 +171,7 @@ static char *token(int *nest, char **tokens) + + static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + { +- char *package_path, *name, *api; ++ char *package_path, *name; + const char *type; + int quality, rc; + int nest = 0; +@@ -186,7 +186,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + name = "x"; + package = gvplugin_package_record(gvc, package_path, name); + do { +- api = token(&nest, &s); ++ const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); + do { + if (nest == 2) { +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch new file mode 100644 index 0000000000..4746265eeb --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-3.patch @@ -0,0 +1,31 @@ +From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Fri, 12 Jan 2024 17:06:17 +1100 +Subject: [PATCH] gvc: detect plugin installation failure and display an error + +Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e] +CVE: CVE-2023-46045 + +Signed-off-by: Meenali Gupta <meenali.gupta@windriver.com> +--- + lib/gvc/gvconfig.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c +index 95e8c6c..77d0865 100644 +--- a/lib/gvc/gvconfig.c ++++ b/lib/gvc/gvconfig.c +@@ -188,6 +188,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) + do { + const char *api = token(&nest, &s); + const api_t gv_api = gvplugin_api(api); ++ if (gv_api == (api_t)-1) { ++ agerr(AGERR, "config error: %s %s not found\n", package_path, api); ++ return 0; ++ } + do { + if (nest == 2) { + type = token(&nest, &s); +-- +2.40.0 + diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb index 4c51af669c..f06e2adb02 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_2.50.0.bb @@ -20,6 +20,9 @@ DEPENDS:append:class-nativesdk = " ${BPN}-native" inherit autotools-brokensep pkgconfig gettext qemu SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ + file://CVE-2023-46045-1.patch \ + file://CVE-2023-46045-2.patch \ + file://CVE-2023-46045-3.patch \ " # Use native mkdefs SRC_URI:append:class-target = "\ |