diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2024-07-29 10:48:56 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2024-08-03 11:58:41 -0400 |
| commit | ec85533ee538c0a91bf8fb219d134c4fca123def (patch) | |
| tree | 55f19215d95f4d0871ea184c066f8175942d3265 | |
| parent | ae5d6c81fa5f4fd89e4d0a6327740da654dc5a80 (diff) | |
| download | meta-openembedded-ec85533ee538c0a91bf8fb219d134c4fca123def.tar.gz | |
graphviz: fix CVE-2023-46045
Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a
crafted config6a file. NOTE: exploitability may be uncommon
because this file is typically owned by root.
CVE-2023-46045-0003.patch is the CVE fix and CVE-2023-46045-0001.patch,
CVE-2023-46045-0002.patch are dependent commits to fix the CVE.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-46045
Upstream patches:
https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
4 files changed, 111 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0001.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0001.patch new file mode 100644 index 0000000000..7b177370df --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0001.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | From 361f274ca901c3c476697a6404662d95f4dd43cb Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Matthew Fernandez <matthew.fernandez@gmail.com> | ||
| 3 | Date: Wed, 24 Jul 2024 13:19:03 +0800 | ||
| 4 | Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope | ||
| 5 | 'gv_api' | ||
| 6 | |||
| 7 | CVE: CVE-2023-46045 | ||
| 8 | Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb] | ||
| 9 | |||
| 10 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 11 | --- | ||
| 12 | lib/gvc/gvconfig.c | 3 +-- | ||
| 13 | 1 file changed, 1 insertion(+), 2 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c | ||
| 16 | index d03de09..2f31b98 100644 | ||
| 17 | --- a/lib/gvc/gvconfig.c | ||
| 18 | +++ b/lib/gvc/gvconfig.c | ||
| 19 | @@ -174,7 +174,6 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) | ||
| 20 | { | ||
| 21 | char *package_path, *name, *api; | ||
| 22 | const char *type; | ||
| 23 | - api_t gv_api; | ||
| 24 | int quality; | ||
| 25 | int nest = 0; | ||
| 26 | gvplugin_package_t *package; | ||
| 27 | @@ -189,7 +188,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) | ||
| 28 | package = gvplugin_package_record(gvc, package_path, name); | ||
| 29 | do { | ||
| 30 | api = token(&nest, &s); | ||
| 31 | - gv_api = gvplugin_api(api); | ||
| 32 | + const api_t gv_api = gvplugin_api(api); | ||
| 33 | do { | ||
| 34 | if (nest == 2) { | ||
| 35 | type = token(&nest, &s); | ||
| 36 | -- | ||
| 37 | 2.25.1 | ||
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0002.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0002.patch new file mode 100644 index 0000000000..fbab10bb31 --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0002.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From 3f31704cafd7da3e86bb2861accf5e90c973e62a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Matthew Fernandez <matthew.fernandez@gmail.com> | ||
| 3 | Date: Wed, 24 Jul 2024 13:39:39 +0800 | ||
| 4 | Subject: [PATCH] gvc gvconfig_plugin_install_from_config: more tightly scope | ||
| 5 | 'api' | ||
| 6 | |||
| 7 | CVE: CVE-2023-46045 | ||
| 8 | Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a] | ||
| 9 | |||
| 10 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 11 | --- | ||
| 12 | lib/gvc/gvconfig.c | 4 ++-- | ||
| 13 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 14 | |||
| 15 | diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c | ||
| 16 | index 2f31b98..ea0d81b 100644 | ||
| 17 | --- a/lib/gvc/gvconfig.c | ||
| 18 | +++ b/lib/gvc/gvconfig.c | ||
| 19 | @@ -172,7 +172,7 @@ static char *token(int *nest, char **tokens) | ||
| 20 | |||
| 21 | static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) | ||
| 22 | { | ||
| 23 | - char *package_path, *name, *api; | ||
| 24 | + char *package_path, *name; | ||
| 25 | const char *type; | ||
| 26 | int quality; | ||
| 27 | int nest = 0; | ||
| 28 | @@ -187,7 +187,7 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) | ||
| 29 | name = "x"; | ||
| 30 | package = gvplugin_package_record(gvc, package_path, name); | ||
| 31 | do { | ||
| 32 | - api = token(&nest, &s); | ||
| 33 | + const char *api = token(&nest, &s); | ||
| 34 | const api_t gv_api = gvplugin_api(api); | ||
| 35 | do { | ||
| 36 | if (nest == 2) { | ||
| 37 | -- | ||
| 38 | 2.25.1 | ||
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0003.patch b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0003.patch new file mode 100644 index 0000000000..372f44efee --- /dev/null +++ b/meta-oe/recipes-graphics/graphviz/graphviz/CVE-2023-46045-0003.patch | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | From a95f977f5d809915ec4b14836d2b5b7f5e74881e Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Matthew Fernandez <matthew.fernandez@gmail.com> | ||
| 3 | Date: Wed, 24 Jul 2024 15:02:06 +0800 | ||
| 4 | Subject: [PATCH] gvc: detect plugin installation failure and display an error | ||
| 5 | |||
| 6 | Gitlab: fixes #2441 | ||
| 7 | Reported-by: GJDuck | ||
| 8 | |||
| 9 | CVE: CVE-2023-46045 | ||
| 10 | Upstream-Status: Backport [https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e] | ||
| 11 | |||
| 12 | Signed-off-by: Yogita Urade <yogita.urade@windriver.com> | ||
| 13 | --- | ||
| 14 | lib/gvc/gvconfig.c | 4 ++++ | ||
| 15 | 1 file changed, 4 insertions(+) | ||
| 16 | |||
| 17 | diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c | ||
| 18 | index ea0d81b..1eccc70 100644 | ||
| 19 | --- a/lib/gvc/gvconfig.c | ||
| 20 | +++ b/lib/gvc/gvconfig.c | ||
| 21 | @@ -189,6 +189,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s) | ||
| 22 | do { | ||
| 23 | const char *api = token(&nest, &s); | ||
| 24 | const api_t gv_api = gvplugin_api(api); | ||
| 25 | + if (gv_api == (api_t)-1) { | ||
| 26 | + agerr(AGERR, "config error: %s %s not found\n", package_path, api); | ||
| 27 | + return 0; | ||
| 28 | + } | ||
| 29 | do { | ||
| 30 | if (nest == 2) { | ||
| 31 | type = token(&nest, &s); | ||
| 32 | -- | ||
| 33 | 2.25.1 | ||
diff --git a/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb b/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb index 2700142e5d..b3f02148be 100644 --- a/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb +++ b/meta-oe/recipes-graphics/graphviz/graphviz_8.1.0.bb | |||
| @@ -20,6 +20,9 @@ inherit autotools-brokensep pkgconfig gettext qemu | |||
| 20 | 20 | ||
| 21 | SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ | 21 | SRC_URI = "https://gitlab.com/api/v4/projects/4207231/packages/generic/${BPN}-releases/${PV}/${BP}.tar.xz \ |
| 22 | file://0001-Autotools-fix-do-not-put-prefix-based-paths-in-compi.patch \ | 22 | file://0001-Autotools-fix-do-not-put-prefix-based-paths-in-compi.patch \ |
| 23 | file://CVE-2023-46045-0001.patch \ | ||
| 24 | file://CVE-2023-46045-0002.patch \ | ||
| 25 | file://CVE-2023-46045-0003.patch \ | ||
| 23 | " | 26 | " |
| 24 | # Use native mkdefs | 27 | # Use native mkdefs |
| 25 | SRC_URI:append:class-target = "\ | 28 | SRC_URI:append:class-target = "\ |