diff mbox series

[meta-oe,scarthgap,5/7] gnuplot: fix CVE-2025-31179

Message ID 20250902074432.1068537-5-peng.zhang1.cn@windriver.com
State New
Headers show
Series [meta-oe,scarthgap,1/7] gnuplot: fix CVE-2025-3359 | expand

Commit Message

Peng Zhang Sept. 2, 2025, 7:44 a.m. UTC 
From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2025-31179:
A flaw was found in gnuplot. The xstrftime() function may lead to a
segmentation fault, causing a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31179]

Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
 .../gnuplot/gnuplot/CVE-2025-31179.patch      | 35 +++++++++++++++++++
 .../recipes-extended/gnuplot/gnuplot_5.4.3.bb |  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch
new file mode 100644
index 0000000000..a7ec6e78f0
--- /dev/null
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch
@@ -0,0 +1,35 @@ 
+From 92c147cbcb8c28e4662963b378fc31e1d58c72f2 Mon Sep 17 00:00:00 2001
+From: Ethan A Merritt <merritt@u.washington.edu>
+Date: Tue, 11 Mar 2025 16:31:23 -0700
+Subject: [PATCH] guard against trying to format a huge number as a time
+
+The time formatting code does not handle time_in_seconds > 1.e12
+(sometime in the year 33658).
+
+Bug 2779
+CVE: CVE-2025-31179
+Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/]
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ src/mouse.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/mouse.c b/src/mouse.c
+index 1571144ce..86dee805c 100644
+--- a/src/mouse.c
++++ b/src/mouse.c
+@@ -513,6 +513,11 @@ static char *
+ xDateTimeFormat(double x, char *b, int mode)
+ {
+     struct tm tm;
++    if (fabs(x) > 1.e12) {  /* Some time in the year 33688 */
++	int_warn(NO_CARET, "time value out of range");
++	*b = '\0';
++	return b;
++    }
+ 
+     switch (mode) {
+     case MOUSE_COORDINATES_XDATE:
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
index 7dfe4b6657..c05ecd2b95 100644
--- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
@@ -19,6 +19,7 @@  SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
            file://CVE-2025-31176.patch \
            file://CVE-2025-31177.patch \
            file://CVE-2025-31178.patch \
+           file://CVE-2025-31179.patch \
            "
 SRC_URI:append:class-target = " \
     file://0002-do-not-build-demos.patch \