diff mbox series

[meta-oe,scarthgap,7/7] gnuplot: fix CVE-2025-31181

Message ID 20250902074432.1068537-7-peng.zhang1.cn@windriver.com
State New
Headers show
Series [meta-oe,scarthgap,1/7] gnuplot: fix CVE-2025-3359 | expand

Commit Message

Peng Zhang Sept. 2, 2025, 7:44 a.m. UTC 
From: Zhang Peng <peng.zhang1.cn@windriver.com>

CVE-2025-31181:
A flaw was found in gnuplot. The X11_graphics() function may lead to a
segmentation fault and cause a system crash.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-31181]

Upstream patches:
[https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
---
 .../gnuplot/gnuplot/CVE-2025-31181.patch      | 43 +++++++++++++++++++
 .../recipes-extended/gnuplot/gnuplot_5.4.3.bb |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch
new file mode 100644
index 0000000000..2de4617ff1
--- /dev/null
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch
@@ -0,0 +1,43 @@ 
+From 2d9e68278aece7e971815d9c3ec297c5e9bc51bd Mon Sep 17 00:00:00 2001
+From: Ethan A Merritt <merritt@u.washington.edu>
+Date: Tue, 14 Jan 2025 20:56:37 -0800
+Subject: [PATCH] x11: protect against double fclose() if two errors in a row
+
+Bug 2753
+
+CVE: CVE-2025-31181
+Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/]
+Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
+---
+ term/x11.trm | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/term/x11.trm b/term/x11.trm
+index 458fcf5f9..1b51a80c8 100644
+--- a/term/x11.trm
++++ b/term/x11.trm
+@@ -856,8 +856,9 @@ X11_atexit()
+ 	/* dont wait(), since they might be -persist */
+ 	X11_ipc = NULL;
+ #ifdef PIPE_IPC
+-	close(ipc_back_fd);
+-	ipc_back_fd = -1;
++	if (ipc_back_fd >= 0)
++	    close(ipc_back_fd);
++	ipc_back_fd = IPC_BACK_CLOSED;
+ #endif
+     }
+ }
+@@ -1412,7 +1413,8 @@ X11_graphics()
+ #ifdef PIPE_IPC
+     /* if we know the outboard driver has stopped, restart it */
+     if (ipc_back_fd == IPC_BACK_CLOSED) {
+-	fclose(X11_ipc);
++	if (X11_ipc > 0)
++	    fclose(X11_ipc);
+ 	X11_ipc = NULL;
+ 	X11_init();
+     }
+-- 
+2.43.0
+
diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
index c2644eaa33..b945cc318d 100644
--- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
+++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb
@@ -21,6 +21,7 @@  SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a
            file://CVE-2025-31178.patch \
            file://CVE-2025-31179.patch \
            file://CVE-2025-31180.patch \
+           file://CVE-2025-31181.patch \
            "
 SRC_URI:append:class-target = " \
     file://0002-do-not-build-demos.patch \