packages/graphviz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!38 Fix CVE-2023-46045

Browse Source 
From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2024-02-02 09:14:11 +00:00 committed by Gitee
commit 089a015141
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 57 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2023-46045.patch Normal file
View File

@ -0,0 +1,50 @@
From 4becebe422e167358f4e57679d845932cc9f3a8a Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Fri, 2 Feb 2024 10:24:35 +0800
Subject: [PATCH 1/1] Merge branch 'smattr/gitlab-2441' into 'main'
gvc: detect plugin installation failure and display an error
Closes #2441
Origin:
https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
---
lib/gvc/gvconfig.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
index 06c3326..9d3f6fc 100644
--- a/lib/gvc/gvconfig.c
+++ b/lib/gvc/gvconfig.c
@@ -165,9 +165,8 @@ static char *token(int *nest, char **tokens)
static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
{
- char *path, *name, *api;
+ char *path, *name;
const char *type;
- api_t gv_api;
int quality, rc;
int nest = 0;
gvplugin_package_t *package;
@@ -181,8 +180,12 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
name = "x";
package = gvplugin_package_record(gvc, path, name);
do {
- api = token(&nest, &s);
- gv_api = gvplugin_api(api);
+ const char *api = token(&nest, &s);
+ const api_t gv_api = gvplugin_api(api);
+ if (gv_api == (api_t)-1) {
+ agerr(AGERR, "config error: %s %s not found\n", path, api);
+ return 0;
+ }
do {
if (nest == 2) {
type = token(&nest, &s);
--
2.33.0

9
graphviz.spec
View File

@ -16,14 +16,16 @@
Name: graphviz Name: graphviz
Version: 2.44.0 Version: 2.44.0
Release: 4 Release: 5
Summary: Graph Visualization Tools Summary: Graph Visualization Tools
License: EPL License: EPL-1.0
URL: http://www.graphviz.org/ URL: http://www.graphviz.org/
Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz
Patch1: graphviz-2.40.1-dotty-menu-fix.patch Patch1: graphviz-2.40.1-dotty-menu-fix.patch
Patch6000: backport-CVE-2020-18032.patch Patch6000: backport-CVE-2020-18032.patch
# https://gitlab.com/graphviz/graphviz/-/commit/5d09f70d7f6b81eb891749895c2e6b81365ac234
Patch6001: CVE-2023-46045.patch
BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33 BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf ocaml urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
BuildRequires: zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3 BuildRequires: zlib-devel libpng-devel libjpeg-devel expat-devel tk-devel fontconfig-devel libtool-ltdl-devel ruby-devel guile-devel freetype-devel >= 2 tcl-devel >= 8.3
@ -317,6 +319,9 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
%changelog %changelog
* Fri Feb 02 2024 yaoxin <yao_xin001@hoperun.com> - 2.44.0-5
- Fix CVE-2023-46045
* Wed Nov 08 2023 Ge Wang <wang__ge@126.com> - 2.44.0-4 * Wed Nov 08 2023 Ge Wang <wang__ge@126.com> - 2.44.0-4
- Type:bugfix - Type:bugfix
ID:NA ID:NA