Hello community, here is the log from the commit of package gnuplot for openSUSE:Factory checked in at 2020-10-03 18:52:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gnuplot (Old) and /work/SRC/openSUSE:Factory/.gnuplot.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gnuplot" Sat Oct 3 18:52:21 2020 rev:78 rq:838238 version:5.4.0 Changes: -------- --- /work/SRC/openSUSE:Factory/gnuplot/gnuplot.changes 2020-07-21 15:46:47.212028362 +0200 +++ /work/SRC/openSUSE:Factory/.gnuplot.new.4249/gnuplot.changes 2020-10-03 18:52:33.617271210 +0200 @@ -1,0 +2,11 @@ +Mon Sep 28 10:14:01 UTC 2020 - Dr. Werner Fink <[email protected]> + +- Add temporary upstream commits as patches + * 052cbd17.patch + * 1f36c4fb.patch + * 963c7df3.patch + * a31c3b70.patch + to fix the bugs bsc#1176689 with CVE-2020-25559 and bsc#1176687 + with CVE-2020-25412 + +------------------------------------------------------------------- New: ---- 052cbd17.patch 1f36c4fb.patch 963c7df3.patch a31c3b70.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gnuplot.spec ++++++ --- /var/tmp/diff_new_pack.hkeLeW/_old 2020-10-03 18:52:36.161274515 +0200 +++ /var/tmp/diff_new_pack.hkeLeW/_new 2020-10-03 18:52:36.161274515 +0200 @@ -103,6 +103,10 @@ Patch5: gnuplot-wx3.diff Patch6: gnuplot-QtCore-PIC.dif Patch7: gnuplot-gd.patch +Patch10: 963c7df3.patch +Patch11: 052cbd17.patch +Patch12: 1f36c4fb.patch +Patch13: a31c3b70.patch %define _x11lib %{_libdir} %define _x11data %{_datadir}/X11 %define _libx11 %{_exec_prefix}/lib/X11 @@ -137,7 +141,10 @@ %patch5 -p1 -b .w3x %patch6 -p0 -b .pic %patch7 -p1 -b .gd - +%patch10 +%patch11 +%patch12 +%patch13 %build autoreconf -fi ++++++ 052cbd17.patch ++++++ >From 052cbd17c3cbbc602ee080b2617d32a8417d7563 Mon Sep 17 00:00:00 2001 From: Ethan A Merritt <[email protected]> Date: Wed, 9 Sep 2020 11:00:59 -0700 Subject: [PATCH] successive failures of "set print <foo>" could cause double-free Bug #2312 --- src/command.c | 1 + 1 file changed, 1 insertion(+) diff --git src/command.c src/command.c index c6a923b5a..9701de995 100644 --- src/command.c +++ src/command.c @@ -1914,6 +1914,7 @@ print_set_output(char *name, TBOOLEAN datablock, TBOOLEAN append_p) #endif if (0 > fclose(print_out)) perror(print_out_name); + print_out = stderr; } free(print_out_name); -- 2.26.2 ++++++ 1f36c4fb.patch ++++++ >From 1f36c4fbb3e8e0beb213b4a29ab463e43db9ef42 Mon Sep 17 00:00:00 2001 From: Ethan A Merritt <[email protected]> Date: Fri, 11 Sep 2020 17:38:55 -0700 Subject: [PATCH] prevent buffer overflow of enhanced text fragment The generic enhanced text buffering uses a shared buffer with fixed length. Add a check on the current position before adding each character in an enhanced text fragment. Affects terminals caca canvas dumb emf gd pc pdf pm tkcanvas x11 win Does not affect terminals with customized text handling qt wxt cairo Bugs #2310 #2311 --- src/term.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git src/term.c src/term.c index 7fd46fa04..70a2a7f25 100644 --- src/term.c +++ src/term.c @@ -185,6 +185,7 @@ char *enhanced_cur_text = NULL; double enhanced_fontscale = 1.0; char enhanced_escape_format[16] = ""; double enhanced_max_height = 0.0, enhanced_min_height = 0.0; +#define ENHANCED_TEXT_MAX (&enhanced_text[MAX_LINE_LEN]) /* flag variable to disable enhanced output of filenames, mainly. */ TBOOLEAN ignore_enhanced_text = FALSE; @@ -2021,6 +2022,9 @@ test_term() void do_enh_writec(int c) { + /* Guard against buffer overflow */ + if (enhanced_cur_text >= ENHANCED_TEXT_MAX) + return; /* note: c is meant to hold a char, but is actually an int, for * the same reasons applying to putc() and friends */ *enhanced_cur_text++ = c; -- 2.26.2 ++++++ 963c7df3.patch ++++++ >From 963c7df3e0c5266efff260d0dff757dfe03d3632 Mon Sep 17 00:00:00 2001 From: Ethan A Merritt <[email protected]> Date: Tue, 1 Sep 2020 17:57:37 -0700 Subject: [PATCH] Better error handling for faulty font syntax A missing close-quote in an enhanced text font specification could cause a segfault. Bug #2303 --- src/term.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git src/term.c src/term.c index fb99a9a6f..7fd46fa04 100644 --- src/term.c +++ src/term.c @@ -2175,7 +2175,7 @@ enhanced_recursion( ++p; if (*p != *start_of_fontname) { int_warn(NO_CARET, "cannot interpret font name %s", start_of_fontname); - p = start_of_fontname; + p = start_of_fontname + 1; } start_of_fontname++; end_of_fontname = p++; -- 2.26.2 ++++++ a31c3b70.patch ++++++ >From a31c3b70d8d4f887f906afe35accbc9a59ebcd37 Mon Sep 17 00:00:00 2001 From: Ethan A Merritt <[email protected]> Date: Sat, 12 Sep 2020 10:18:10 -0700 Subject: [PATCH] Better error handling for faulty font syntax Commit 963c7df3 failed to deal with an error detected at the final character of a text string. Bugs #2303 #2308 --- src/term.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git src/term.c src/term.c index 70a2a7f25..b9237784d 100644 --- src/term.c +++ src/term.c @@ -2179,7 +2179,7 @@ enhanced_recursion( ++p; if (*p != *start_of_fontname) { int_warn(NO_CARET, "cannot interpret font name %s", start_of_fontname); - p = start_of_fontname + 1; + break; } start_of_fontname++; end_of_fontname = p++; -- 2.26.2
