diff mbox series

[meta-oe,scarthgap,6/7] gnuplot: fix CVE-2025-31180

Message ID 20250902074432.1068537-6-peng.zhang1.cn@windriver.com
State New
Headers show
Series [meta-oe,scarthgap,1/7] gnuplot: fix CVE-2025-3359 | expand

Commit Message

Peng Zhang Sept. 2, 2025, 7:44 a.m. UTC 
From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2025-31180:
A flaw was found in gnuplot. The CANVAS_text() function may lead to a
segmentation fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31180]

Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
 .../gnuplot/gnuplot/CVE-2025-31180.patch      | 43 +++++++++++++++++++
 .../recipes-extended/gnuplot/gnuplot_5.4.3.bb |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch
new file mode 100644
index 0000000000..e444a87128
--- /dev/null
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch
@@ -0,0 +1,43 @@ 
+From ec0fa6117d8e98918a030e31c2e8df32ab6e4542 Mon Sep 17 00:00:00 2001
+From: Ethan A Merritt <merritt@u.washington.edu>
+Date: Tue, 14 Jan 2025 21:54:14 -0800
+Subject: [PATCH] canvas:  handle nonlinear x2 or y2 axis with an incomplete
+ definition
+
+Actually "handle" means "ignore".
+But now it doesn't segfault trying to probe a non-existant link function.
+
+Bug 2755
+
+CVE: CVE-2025-31180
+Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/]
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ term/canvas.trm | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/term/canvas.trm b/term/canvas.trm
+index fee3e5dfa..e796cec0d 100644
+--- a/term/canvas.trm
++++ b/term/canvas.trm
+@@ -646,7 +646,7 @@ CANVAS_text()
+ 	} else
+ 	    fprintf(gpoutfile, "gnuplot.plot_axis_x2min = \"none\"\n");
+ 	if (axis_array[SECOND_X_AXIS].linked_to_primary
+-	&&  axis_array[FIRST_X_AXIS].link_udf->at) {
++	&&  axis_array[FIRST_X_AXIS].link_udf && axis_array[FIRST_X_AXIS].link_udf->at) {
+ 	    fprintf(gpoutfile, "gnuplot.x2_mapping = function(x) { return x; };");
+ 	    fprintf(gpoutfile, "  // replace returned value with %s\n",
+ 			axis_array[FIRST_X_AXIS].link_udf->definition);
+@@ -657,7 +657,7 @@ CANVAS_text()
+ 	} else
+ 	    fprintf(gpoutfile, "gnuplot.plot_axis_y2min = \"none\"\n");
+ 	if (axis_array[SECOND_Y_AXIS].linked_to_primary
+-	&&  axis_array[FIRST_Y_AXIS].link_udf->at) {
++	&&  axis_array[FIRST_Y_AXIS].link_udf && axis_array[FIRST_Y_AXIS].link_udf->at) {
+ 	    fprintf(gpoutfile, "gnuplot.y2_mapping = function(y) { return y; };");
+ 	    fprintf(gpoutfile, "  // replace returned value with %s\n",
+ 			axis_array[FIRST_Y_AXIS].link_udf->definition);
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
index c05ecd2b95..c2644eaa33 100644
--- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
@@ -20,6 +20,7 @@  SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
            file://CVE-2025-31177.patch \
            file://CVE-2025-31178.patch \
            file://CVE-2025-31179.patch \
+           file://CVE-2025-31180.patch \
            "
 SRC_URI:append:class-target = " \
     file://0002-do-not-build-demos.patch \