From patchwork Tue Sep 2 07:44:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69415 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BC97ECA1005 for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.71718.1756799089459925300 for ; Tue, 02 Sep 2025 00:44:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=Xff9DWmj; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5826vWXP1223092 for ; Tue, 2 Sep 2025 07:44:48 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=PPS06212021; bh=jA06/e91jaQisd1ptOK0 NHFAlQuYiL81VA6OvgRX2Us=; b=Xff9DWmjBVtvWp821xR3i1KxDEivHEoSW5Dr LgYs9hTNRzd73R9AmsTIIvEOM6OsKVxnXbJ9kmWixXHqHGEce4w0cYKA+8oRaSiA FJKEoDCTV+PNPlT2EVJAe7+B3ON5QPZSq1VzICmIHemfEJXHj7fHDYO3gFjIITHV 4yFvlGccUuBBRT2mUN/hgKIWRMNJSjPZwbEs3lOQa1OWAaQlbl7aTnvkxrynHKJ8 wrbUAliz36FqxFQY+9O1Xl6sZitmIUDPb5IBg+bRhGahsYQV0vwfprISMsLmEfeM pzbTau2nqtg5rFn6wJ/Uzgsn8KajKth68KukwB+2ghnm3y1grQ== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2072.outbound.protection.outlook.com [40.107.212.72]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48ur99tckq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 07:44:48 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HB4H/TDsRNeS128OmWvBulndI+YoB8FERmt7y4m4FJjOgeT2YAFuHwfSCjmFZunO+DW1yiqJomChqtAij9KO0lziNLI0qf1MDj+bByhZp0YFql5PIMvchwO5o7LyEb7qzgUKfk3qPOeHfRwh3P8TuHGD2n4xJQqzfrbIqhJ8s0nT0LwtDrhcsyIlJI2AvIuKebSpiPZZtL3wnHl5RKQiFKqVJAfZeuBcZQYqiClCmnBzvxZ1JTlCidnfomW1Lm+d1EjO0VF70U3rJdGnQRWSiLuJ1+fZBtODRHLtSkxpT44DqvXdjDl7L26m2wOVWcP4zaKafMq5bCOizxbJTKbeQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jA06/e91jaQisd1ptOK0NHFAlQuYiL81VA6OvgRX2Us=; b=jMvw9PleDnwmo6nkoLTl0Yg4IUEbkCdwMWDg2IKL1BJYoiF2PtF8mpyJ5MJz4kGWne+3lykQaOOZC67wuhdjLgD2eMUu9eBuyPpe7Wawa2Sbal0R0BQsDKWBpH4jUvY2hQdzT+1zudo1m3sEYNdnd2pSRZsfEy9uQCgfBpL7tx9bSEkAhsLrIXri+fMqYRVlWvNxTScyC6DAovluA8u50ewju1XF0AZT2wvDX7I7ewdFArNdxTbMD/x4Z8DKneFW/15aQckYA/YInbp3SVHtB5MEHtthvsQ/TVq2Y6aME3VW7TUDAWsn42n4PpQFfB9XVe4GJiM6EJP5oFK5kVTGBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:46 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:46 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 1/7] gnuplot: fix CVE-2025-3359 Date: Tue, 2 Sep 2025 15:44:26 +0800 Message-ID: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: f9781031-6e2d-4d0f-b5eb-08dde9f4963b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: 5C/KoCj/NTJ978X21vn/VZFmgrxTeaHDy/eDtCDWvGpsQIJ5A6r97mIcVnEwkSEi0jzYhNQbKVHPq2mRlgfFHNfeZyfX8RSvlxKEjacxaYDLFMPHD6sVeAh1W5AF671nsMawD4L75OCH8ZCxsKF7F/0NsknVsB8b82w6q/cZ3lY7C6cs6//EyufyiBuF0bf+hoHEnCzOomzEC56SjdMOD0UMy2kxrEgpO7MKbjZAB6VSQ2TiyaCOJgcibZc88X7uwFoo2jjTieSc3OXccG764GpjxHfjxwlnVtq8RutKQGuHA7RSIWcC+nAkZkbxbSjgxeqEA+SE+2/Wq1bK2dHdUPzp7xGBWlkZWxOilJIDlioVBlNY//zdCCqtesHAkJO5RQ9YZj5b6iVlaiO6I2F5UUguU+fO58Yq+erMYyhGMcTCcYQilVG2d+xBgOmshlzshy6TBt/wntfYuTRl4m7ZWjRCZN9hhKa3ijx5241UTKSQGpL7yJZSnrYDKQtNV+KfBvOxqOkJvlbYPJbbUbaSnquCt7zb7r5yQlX0V+KoTVWOpVmeNL8yru6S8SPl8elzUAyHnlZ4p0euvVyMFyBvgRnPahULJhOBe0qsSmnmLhyE8F36nkVUBjoVx8SzMolPMqmnVRd7DBlajLp/0hP7EcwTX52Zp+zm6tVv83Sey8qHAG/+LWgUO+U83NTco8wRhEoa0B1YCbjyHt0r691j/kvq/iIJOmLIcn1IW0C7N1pZykqcd3tcSBaLzOpr1uryK+lFZb1nuewgwt8mOOrBuvllEZaD0tU/csp1xnHboBey8WaIBh2yZyLkrUSVYIU/IZR5BsGjH5BJLYR85oxSoOWwJ06J/oc8ld1a/+IIN8pq3SaBaTJTO0EHhOLfT3OWno/xqYC7y4U9upJVJbvWNECvRRo36+Zji+yqKOClnrBNYJYgT/BwK2UptMQCJynpSmyC+JWF58Ks150PoNjJ9rqU9d2smkgGYgTsF/bwFjna1BiMqzrBOCUPOmilHGFWstZsdOMpbAaP/5wHraU1lRnu09GNH8fMU8uyOSmrVd3evRVuwJBrwrkJINxsy39zazTClK3utY+3WASrRdL6Uq3m31Wt+fsBEu2PLSR5NL9uOcTWPrRhyW3+NX7ezwQh2imR4Lit0kOjGCDasHZbLHDFXIe3JqozJhHRDVSjYUgoLYFNJHM9Rm8o+E5tw3AJ1IEBGaNpcAmWZxxLWOGLcMn+V+isceNr6XcWqClAsVn6vo5xboHCUop3VnTEAaicKNPyIDnMIfXLt/EcObfNoj3wJkARcak9pn1z38itaahh5JvVALFlemJx10kGYV0NJaYn7RQaNIQr70DiLgFrgb2nfhv4X6lDlY52xANChPARoaDWaJgFzaazVs9H7eQesF8raphRUU0uPs6tsJfy7BbNAs6SaURLzbpDZfv64q4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 42dpSmUmZl1dhD1wnYaBUrGz7DecraLjx/fP+7TSc+gt8IUoTcnGdGpm/2NEs4U/TqNF3DRXFiPNqgqiKSvVBR7ZrSWVvcyWrFwwU7sIy/uKYYwCYnmksWN4U22cWP5dztKBYXqdfz0CS0gNW9EJwwv4oCsTDWs+oNMCbK3mA2zBb2HRvNOzwPYqkN3wt8if69jEfYRmmWTrtqADu0FmE0CWTdJZiCnkdabsZ/5mgUnR3YrAMugWaxlBuWYJPgcQDeub5qLECThErNnIDBsAuzEzwuJsIOS7OWmJ4cndNKQzEyxDnfampPwogGnZZ2hSfQcoPKDJn7l0PX34ymRR3XJCOySEhPaEk72AlfMWmRMm3iXyBFgzNh+Dd1ffLfp9pDlnwuL+qD8icZMrU8KlcvXrDyRZqkWLDu0gcdtbM8DeUQWDzgtkF+r51wHSqJpMogUHzO/X23KaDsV8XiLUx8LDz0wRjDxC8Qurgs/WnKV+s8fl3Wq4jgZq+kAATU503m8Cy8Kxhog8jmzHesN+2O6YBB5ZjGdaokP3eE7f6MjZqGWKl/AbgJBd3bUY27HjRvgQXkTSBxfKsb5v9cWohSBQrzBD74iZZYnz079+h+SkBPyyOPneoubT1MFuLl6R3I0nbiqkQdK2fhf2PmDDToiq4GyhemP3RK6zuFh03RuAaf/QSjWpMEXshiQ4S0uNASjHkbpq0RHlmVUvVwBlGjrILiiJ67IRgx/mJBRWbdYNoUIHaKuzNmIm11oQKWxhZ/RwUz9+5aQQwuO1olDv86NcU7J8lUrQ+jj9la/fORi6aTGkcgJfl82uXvWJzB9ViEB5o0krcJROCP3Xn0lt+ReFWFxm9NhLk3GSI1iYymokX9irhFHFJ837yJNDQzzRE1wi7/IhnP+OI8ItAy6/GhiW9XYfmNoYvObvfVmZgnR7B5XKWgcrmW659z0nppF0O7YUr066Mt66kXTL17su821YNn3XabNiJcvvSRSoOQnBOKcddw3nDztXpKmUCv9Ozj61DEgYcZ5dTaQSKI9iepFG2kapTZEx2eS1h26/5tD5Wv4pZukoCT8H707eJFfa5J5rx7Oj2P5uWxC93nvC0YQZDnuJrLROI7YEunXAVseVwdcmHm4psEtANd8Kc4VJkKC6VV48YEzr8wP0jtpfleY42H4ECVVUHw8It+RgfwElv/yU9GqvAmSnAd/ih3OEdXTPdm1XJrZzs3+llTWk7mcTenA1zzCfszehrFa2eprfdpuMmEBF0AmCtmfMGfdbXAy7/mb0g9nw4ydaGXbDLyLQHkDCJV8K6Wjw4mr5r8vtIm64/o6vyaWCve7ULWLXFovjs47gefzT3d9sOa2cGQaH+4orK6F3dQBaF4QlNasEWzO2H6ia4ynu6GXUqYibQiiXREd3JX+No7rz+yxZ7Jp0EnHSfINBNKEzd0woE7dADAryC4tYrbQp68Dp4mEy/8arXWnS41jZVJxjBMZJfJslLU1hANpQpzuzGFZTMTjJMFgmXIRqbZNu+bDXcuvcnZ6uLgKTqIcUKqZcukOt+9WPWsm35H9VrkMsnTfh/nITCbPP2SuN0de+3XNmRutTb3xR/edmAMKnzUSvJaqEJA== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: f9781031-6e2d-4d0f-b5eb-08dde9f4963b X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:46.1121 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: H69d07EgjNEJxg0eJLk3VFKquoc9Sr9iQX00Uy5X+S0Zu/jrGlLWL1r8jyA9sdIjP9/veasxbyz7q6v0daJ2IuIhWFMGD5ADkjWpei2but4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Authority-Analysis: v=2.4 cv=FqYF/3rq c=1 sm=1 tr=0 ts=68b6a070 cx=c_pps a=clEwq8AbTxs6UVDo5+t0mQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=efV5ao4sAAAA:8 a=t7CeM3EgAAAA:8 a=-6N0tzXvYAPP5OpoGb4A:9 a=-Ie3GqMprXkrkPNEQgfm:22 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: cRTOeKtMb9YTfUQg2vM2RQ5PICOaq3lh X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfXxuoJJ7aos6E5 Ed8860t3DfMjttuDhStmNawiMgTtsXDBMUFc/gofBRJlxV7tWOsgsVfUuYYPSTaYZPE7Cbh7Agn TdaPo/vBPSDqk4O9CbFeDUOuW/hAwnvVAhjjpoQWNWXli6zDTTPBVohNIU5unXmQCMbD3vLv8vl 5M7Z3YuliPKCk51FO7+Jqk5H9kjUrmMBRSQIAMYtW0WaniQC7/tgl639G714era1S9K3MOvZ2tL QvW1y9/a92wXK/HREXix0ftdj7TjLBEvpnKBr+4GgVAUXUsD/5FW7+k8F6mnj0Z7FRLGvHF4/Vl hWlnwgAsxRCRudReVW0uLCtysp7dBwtliDDoGhBsSgAHZZiPIVsWADVadb9qlo= X-Proofpoint-ORIG-GUID: cRTOeKtMb9YTfUQg2vM2RQ5PICOaq3lh X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 phishscore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119169 From: Zhang Peng CVE-2025-3359: A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-3359] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-3359.patch | 67 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 68 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch new file mode 100644 index 0000000000..d2de00ec6d --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-3359.patch @@ -0,0 +1,67 @@ +From 997b4ee68275664b94e0c881ace5121d79c0c29c Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 25 Mar 2025 22:51:54 -0700 +Subject: [PATCH] hpgl: font name parsing overruns the string by one char + +if no comma is present in the font name. +E.g. + set term pcl + set title "Title" font "sans" # no comma in font name + plot x + +Bug 2781 + +CVE: CVE-2025-3359 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/] +Signed-off-by: Zhang Peng +--- + term/hpgl.trm | 28 +++++++++++----------------- + 1 file changed, 11 insertions(+), 17 deletions(-) + +diff --git a/term/hpgl.trm b/term/hpgl.trm +index 04088977d..fdb4c7083 100644 +--- a/term/hpgl.trm ++++ b/term/hpgl.trm +@@ -1650,28 +1650,22 @@ TERM_PUBLIC int + HPGL2_set_font(const char *font) + { + char name[MAX_ID_LEN + 1]; +- int sep; +- int int_size; +- double size; ++ char *sep; ++ double size = HPGL2_point_size; + + if (font == NULL) + font = ""; + +- sep = strcspn(font, ","); +- strncpy(name, font, sizeof(name)); +- +- if (sep < sizeof(name)) +- name[sep] = NUL; +- +-/* determine font size, use default from options if invalid */ +- int_size = 0; +- /* FIXME: use strtod instead */ +- sscanf(&(font[sep + 1]), "%d", &int_size); +- if (int_size > 0) +- size = int_size; +- else +- size = HPGL2_point_size; ++ safe_strncpy(name, font, sizeof(name)); + ++ /* determine font size, use default from options if invalid */ ++ sep = strchr(font, ','); ++ if (sep) { ++ double req_size = strtod(sep+1, NULL); ++ if (req_size > 0) ++ size = req_size; ++ *sep = '\0'; ++ } + return HPGL2_set_font_size(name, size); + } + +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index fe5e5c067d..eff2ccc98c 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a http://www.mneuroth.de/privat/zaurus/qtplot-0.2.tar.gz;name=qtplot \ file://gnuplot.desktop \ file://gnuplot.png \ + file://CVE-2025-3359.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69412 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE11ECA100D for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web10.71867.1756799089790867574 for ; Tue, 02 Sep 2025 00:44:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=ST3XU8Vw; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5826vWXQ1223092 for ; Tue, 2 Sep 2025 07:44:49 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=a/X3H9XFOyXcCtNpOebUKvWzG5zWSkxXovdCo3o4ceU=; b=ST3XU8VwXZdK mtYhcVE17/zHuebql9pQr0kztSi+qppPR9+t1LV8MvwBhks2Q88bb+PEG76C0asf CMD5vvbC4fBo1Kgu0m3MUkG06w5VZNAluz4DQnnm1T/LDYw78OzncCGCg+qpZS+Q Er/aS/ykSueakqZ2zuue7tEXrWD9IRVXcxgCugGlq0lHdPfxoYY9wfIOs8FuNBwQ D9QPiyaoZ8R80hKRd6/T2bl4ug05WybhF18Je8sU5CKKpLhP0rvrDZqvhsobi/Jk CvUv2Do+D0wyjKalkjCz4/AQBFuWnBWOepsXBZiFjv+eQxX75eZICSEs8XSuMRXb 0fBU9qaBFg== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2072.outbound.protection.outlook.com [40.107.212.72]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48ur99tckq-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 07:44:48 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=qE+57h+YUMZnB9Vhxaft8LR0Cav4+tl6r6m1Yxs+QikshsO4VKIP4s5Mjs+8MR67/F0H4Wa1UO5i4URsErD9dR3z1xb2Bp8RI1hPKpjNnsistt5cQa+xqhE0ZEfRwv5fWjfJZnBFf8ue5VoTulB9aH3ABrPmnPvI8omr52nHNzZeBamxPZZ8SsqfKIp0wLkwZtB3EQ/XTW9S2/cWxa1yg3JbJIBkeeyzES3InbArzJlarigk5eSA3t1dljOvK/YuARfINdEaJtxh+vt+qAKHxzezDgK8xcBjsIz18hDeR3fbazbt9SWbPZ61Z496z/yb4Eo0JFBil8Iug6g0qYk+KQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=a/X3H9XFOyXcCtNpOebUKvWzG5zWSkxXovdCo3o4ceU=; b=tbXKNhTz+zvlGm4Ho1XNklZR2NRQbIcuwce5l6kzSLCB14MyBblMtoRj1zGkhg9GYNELFGukdNiolWP0LlkRo6cnQZGYmw5nawpgMn8rlc/x/8ayd0u9/+OnLpGuwwAB4b3dhzQhHir5GCmHzfTcH+AQksJM46GaaFr5AgXtUFEmpW21tJ3Jl0aZAM2fYRzgzeTmgaE4kJBV87SdbZYpcsQijB/ACkBvJCA8+VhgBmPArzKsi//ZMUMXxCAhFXpZDPkjr3/7R0i82GY4f4JuRT1NUBHJS7x71UipuSwYPQcO9BlrgDQTO8UTHIopZzs8dkBme0NqY3QHFyvfboTddA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:47 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:47 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 2/7] gnuplot: fix CVE-2025-31176 Date: Tue, 2 Sep 2025 15:44:27 +0800 Message-ID: <20250902074432.1068537-2-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: dbcd3b2e-f527-4f58-9eb5-08dde9f49707 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: OaVuVzbMpyJOb7YlUY0oZnJQijb1BSj8mG6XJGtz3mKgAiMj1odnJrzrQI/aeFLKyLnOBif6sQQJEZmlz40CkUamA5iyEr+h78UtfoTVc1tOWj/dHB9+de7+nuarIm7FXA+AmpgANjptjEvyTHqvGIzKtD9onQ/viKaNiwcXN8zMljsVJ/mFcoyq9sx22g0rWfVqX0cNoHb5rwfHbdraiY26sZz9FtjzY6+OqEGutDth/63c+m8ThSKFc/r0BnFNjnZ0zSHiF/SL9fKRFGo5ic299Hle7wR1Ts+PxtQDOKaXRzBqd6WCnWvc96AC4lB+H5TiGUPuO3/CX6gYbA223Mjy/VST0deKq1CPLaws+m1ye9leHLOcA4/na5kFUZaniF4ThfG+xyLZay9lTwdzxnjy3XL2QZKU0CoqQ7x00+JXNogO2XT1vYXAjy5GhFG7Rooe+mYJxOcr9D7Xnc3zr4EQGgHiKQf3P75IHYCbiMEuKcBHU8c+cv5YGyCfKP63OSw0d6mPsAGoaZZGiAO6S3poYYTkn4RuP14dfvWtzKWbNNOAQ8HERmE0LO6XhnzYTRPdFMQ5juQoQymtrykDHQOHMdrj4wNiRb5z/wqTU7ycUooTJVggXYEBdlp5hDbjs9cVwr25rFPkUcppwtj0h7Aapx03DBVBw4JqhjkWojcHZpBcToNEUpgIqs7EeIiVvC8lwoW5chsW9PlN3NMWlDwVVIDWuEwghSxB8ioqJ8/LsJHaa+YXZTHwTXUy9WXxx7R9wpkN1vpCUyMuRWMydbdE3GQyNctV1a8uZOBNTiy4Kv/15q/cUr/Y+ReWEUsuFTC4CYURJom7UglyPy6JJsJgP7+VBYnQtHt68i3TEQOeHoVIIVFSq7QDILcKbMByRXXBzY+Sk77KHv+21wTURjLwzuCRfHlztHNvuSAYlQm34BcIyvRAxB0bJv7T3l1h62V8LQD7GXvpz8Qnf2EMsi3Qai/zrUBtLI4dT9DaUb2iT2RqG9JS9Mr2jDWbtZGVKpwsyUapY8kMKtcdOCzpNlFz5SRhZPaFHlKddB23RIzFp5HAq9tNzfH1182rBPAOcRPKG0capYR67imfX8kuzabqUDpaBDWq7Smm67USLxyqi/a2w4dYNcrV7TNK08iwnqOJvAAl1mkr4c5GswskFTRQROovvHRIA/cFLZQGvBY/plJtWMv/SAEavdXJD3xrDOJ1LsVbnRgMpNdtDv9uhlC8wskHbJMFkByqutkrOtitJa3LdJh4HByNC9LjfKqM1yvbkxSzUUSa1gCdM2yyMzBQr039MjFE4xjnSNEUI7+VDx3Hix1i9n8FzbjRtQrqDzkUhPEJJGBoVyLx22VjJonKm5JTydHtfbIS367PKXSeUSfQtLjr8cYqy0EZzZL3I3AsUZiaAEpA3DhPII2wx9Rc90Noj9G9TxBp8nITqI4ogxmpQtV1VRRbu0WwN/RY X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: zTk8odP67MXPWv56FqFUmmbxvimzB3YkRdAGN71dBChDF/X93ti1ZCmLkemOpnY/3gVfH+MXsbzeJkwxIiitroAnLl1/ZDSRJQcwv2lLUGwFFsEP746nhtstyTmg0no6GHMJEFN1R831HCRFMkxSncNmHfheWk9em8IACDXYCvhfYzhwpqQL/6lNcWRjipCnkhFpWckPNJQqSFfpaaQQnAnJC+hZoyUXKERJZqPrXuaAsdCmNlTmzQ0GiuMmOiuGKZHh4A9FVCaBL8+i9HrzSGBRN8Y/0MD141B0EkuKvg2nfYvCQ8crSu9zO9IZrKxHIr7Ay4L/skW+o+xiVRPxQxUOtVNRObkCtY5YOL5mlOTVT+CKOiMynCM6h7ZYGIUbK0eS+Z8E4eASIKOYXxu6ZkHglo6SyIpr+6W3nNBSDAZZbOsK/qzFxJOj6myXde+l+SKDtyjnWzIrAfyZu/B6DZek0RI0o5iQq4bKwWKJkKAzwgh1rOcI5D+ItBnMwQL/QH/zRX9nsIb/SfA/EiMSmAEMAuasJA7hOTQmPkpjM4vnJPS38YCfMmPLu4Yik1rLGEQEZB7DS+FceqziqrFxR3KqF+cB56NMySOoHr/Tj/J0MbzveCuxzkhARUWTz2u4UAYylUrNehRw1yLZkBQA0oBtyPkTBkWaAvuAF8hLvr46fy8E/XJ7nUTSisudoJXkgoEjlHUrHvj7FjRo4QQ1oQBSGF8mV+pxb3JFXKZEA7/p6Uj+UGkGNYYFjPXD5J3eAiXYp1dFtUEjmgYW4l+SLHTshnfYUg9U/9gnZGPcJRIT1F3o9rUizV3WticQBZnRNRnImVPCEl+tK/0SMm/fjoZy5383/f3IYkXLsp56yKucBkflEIkor126KZNJsi9/NubAvleTBTJ6p8+YoFMAFFp6tYNJQdzSvxJ02pyAIDJSYl+Je3gxtkTKsfF/qY4v03Pi413XzhdsC2v5Klr6bX25ZOZgICGpZo7iGr/OEwMZyDA2OODcf8ppD7PF1H3+6nRRflJGor6Vn8FEEaAaeJCROXg71EQhWq9QGxnrTsPQzvjrUivBp67Kg9cMg5/d1iwYMdd/VaGd2Ht/e1Vy7mP5LingU32Fcb7Bb+u9E8Lf4rYc1AJzEju0iKm7rppqhu7qT9KfGawCcpZKv8M28PhSagYLRlpU4pXa6x/VnbTmh2HEO515/qz5MH68OpMe+dW1ALp/v8hPB5T2xnFFMwkqfy/DcDEQCp3QmNyRvj7Z3U+rhahy11PP6/aXwaAq3dN8SV7V0zkFb9cc7x/aoebS2MRysrYMr6O2dfhxzGJFDLexQyYTd7f4ZqeGSv08J8Bg83fk/EuL3tk07NaVfSYMqMPB9UT7RPbuQnVNF5wxpl8xyYKBJw45Me9Vv4nuU/VIHrrv6RpViSjALh1fTePCPd+exuSZeTI7Q2qAywVFghOxjjkkeBiFQ43Zda3JDR78FVlCNeMBqxYguNEh9j/mTIHqWDr6xNtCA1SAPlpeLIdht3Kiurii6K4Fhu4gQnmpLHaNCZ9tVU4SI600iuoJiMNK21QDS+JNcY/Klu+t0VQ/AyZ/wDAxaiap9Tfsx3bhUS4VuhyDIz4zQD1KWg== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: dbcd3b2e-f527-4f58-9eb5-08dde9f49707 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:47.3975 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: O5J9w39OAjfGmdj9p8uI0gPYSOlKZdwWh2VPjNumdJUI2lLtkm2WKXc+jb5i785eeMGea6cb++lg5BHdB0ttKPMQtl5fIyBnvFoBvQ8Lpvk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Authority-Analysis: v=2.4 cv=FqYF/3rq c=1 sm=1 tr=0 ts=68b6a070 cx=c_pps a=clEwq8AbTxs6UVDo5+t0mQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=ivK4z66iH9veIhaI27MA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: BI9DsRHWJH6i0s1reFatvhqkLE0R2Sb4 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfX2B3XiTtobulm TNafpsV+UlVEdEZO31cllY5nuL1P1lfPC21yCtUDn4/xIKzgHtsvFGN9lALAPjw9dVufUaG3Qfj /C9BrgyhBM2cFIIIHe6N1SgW2kKf8xQ9byE+6pp8c3TceF2vsocHwDIif8ka0hOWMHgYTJucluF 6YqbE8cH2tRgom8h7EFw/ctE4r0y2Af1700vjqr/pBaFXk2qI2WAVymNv3UXydq6cB+zg5pmTLz f4hUe9QUe55bnnIPI2zl4ep/pkdx1vBp9hxHoPF+Enm3J4olgUsc0WMwuYG/gViqXFoo/4Rnu1x YYVdNZWeWUZ6Sy3JCKi0q7FH3Nb37DYNpmV6K+kJHu63WdGAxiV0weFL4Vswgo= X-Proofpoint-ORIG-GUID: BI9DsRHWJH6i0s1reFatvhqkLE0R2Sb4 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 phishscore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119170 From: Zhang Peng CVE-2025-31176: A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31176] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31176.patch | 86 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 87 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch new file mode 100644 index 0000000000..7fdabff476 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31176.patch @@ -0,0 +1,86 @@ +From d0664704daa46d2e4440c0c50057d0dfa47467ea Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 11 Mar 2025 12:31:54 -0700 +Subject: [PATCH] guard against invalid read from plot->labels + +If a plot style uses points and the point chosen has PT_CHARACTER +then the program looks for a possible font in plot->labels->font. +These plot styles contain a flag bit HAS_POINT (gp_types.h). +The program makes sure to initialize plot->labels for these styles. +However a problem arises when a plot style that doesn't use points +nevertheless triggers this same attempted font lookup by using a +linetype that happens to use pointtype PT_CHARACTER. +I think this is only possible with 'splot' but I added parallel +checks for 'plot' as well. + +Bug 2776 + +CVE: CVE-2025-31176 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/] +Signed-off-by: Zhang Peng +--- + src/boundary.c | 2 +- + src/graph3d.c | 4 ++-- + src/graphics.c | 4 ++-- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/boundary.c b/src/boundary.c +index fd2ac86f4..60dbce042 100644 +--- a/src/boundary.c ++++ b/src/boundary.c +@@ -1440,7 +1440,7 @@ do_key_sample_point( + (*t->pointsize)(pointsize); + if (on_page(xl + key_point_offset, yl)) { + if (this_plot->lp_properties.p_type == PT_CHARACTER) { +- if (this_plot->labels->textcolor.type != TC_DEFAULT) ++ if (this_plot->labels && this_plot->labels->textcolor.type != TC_DEFAULT) + apply_pm3dcolor(&(this_plot->labels->textcolor)); + (*t->put_text) (xl + key_point_offset, yl, + this_plot->lp_properties.p_char); +diff --git a/src/graph3d.c b/src/graph3d.c +index 0d3ca7221..48b02f580 100644 +--- a/src/graph3d.c ++++ b/src/graph3d.c +@@ -2016,7 +2016,7 @@ plot3d_points(struct surface_points *plot) + /* Set whatever we can that applies to every point in the loop */ + if (plot->lp_properties.p_type == PT_CHARACTER) { + ignore_enhanced(TRUE); +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (plot->labels->font); + (*t->justify_text) (CENTRE); + } +@@ -2111,7 +2111,7 @@ plot3d_points(struct surface_points *plot) + + /* Return to initial state */ + if (plot->lp_properties.p_type == PT_CHARACTER) { +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (""); + ignore_enhanced(FALSE); + } +diff --git a/src/graphics.c b/src/graphics.c +index bdbebe92a..2b500b12b 100644 +--- a/src/graphics.c ++++ b/src/graphics.c +@@ -2353,7 +2353,7 @@ plot_points(struct curve_points *plot) + /* Set whatever we can that applies to every point in the loop */ + if (plot->lp_properties.p_type == PT_CHARACTER) { + ignore_enhanced(TRUE); +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (plot->labels->font); + (*t->justify_text) (CENTRE); + } +@@ -2475,7 +2475,7 @@ plot_points(struct curve_points *plot) + + /* Return to initial state */ + if (plot->lp_properties.p_type == PT_CHARACTER) { +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (""); + ignore_enhanced(FALSE); + } +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index eff2ccc98c..18722b3641 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -16,6 +16,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://gnuplot.desktop \ file://gnuplot.png \ file://CVE-2025-3359.patch \ + file://CVE-2025-31176.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69413 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7EF5CA100B for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.71720.1756799091488932780 for ; Tue, 02 Sep 2025 00:44:51 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=fctvD8v9; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250811.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5824bFs41268186 for ; Tue, 2 Sep 2025 07:44:50 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=Y8/wZbCHmpxOG2JlbWJlk/2Zl+ZLwo+nZFosGHL55hU=; b=fctvD8v9Ch1k 65v+BHtk832oT30jtohpZlC2m4UL9ToP3rB2CjovUlZQpXPXE2BT/Q364+2DAL5i KnwxR8WNJF8gfpiCp3YTnk6eLHaALEhxAjECnCSpI1MQzK/Pn4Lt0aSYLi0g0rLs y0r9gMMEf0pFWVCMcxTZHJDW2E7/oQE/3ZCQ6RbElgxpLNzQmZndOv6iIvbJ/JzN nzEshPOyRzuxLYSjDWkpUl8QKbsKIZXilVo3CvgjQhBIidrC13vED8/22KZmMMM7 SosVpRnj9nzg2HnYJLhaBUPHYNaFpRmAx7Mu2KfhONZ+Tm0nks2MWJGae+XUaMJn ie+QTZEPZA== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2081.outbound.protection.outlook.com [40.107.212.81]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48upgyjdsk-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 07:44:50 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=A1cTXs/+Z9lHDYS1D6oaL21mY19MY11sfoK8fZqhQ5j3FiCwwgr1F5OXUTz/E83dc+RCIlNRKyWlSiZjf4FsM5h3rTFRtF8FMyw6QY1MjwjDi3Itc7oSUGhApTHSs0pcK1tENFIbDZYR9lbPPozvWAScAP5+S8yIOa6J9QbnK7Jy8pvG30ihlFwBDEEVDLLq7UTe8ARIus6XpMpodlTMhieKnVgA8pX/Xe8aSKAvLfa/4iiZQDDx8st0oMvYP8U0u2mM5sFxb6DHkD8tncAR/BoxOgNly9/SsAVFLa8kn+tHyPpFJv4Ouc/eHAG9PUt63rKvo3irkvNDev5rzk5gyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y8/wZbCHmpxOG2JlbWJlk/2Zl+ZLwo+nZFosGHL55hU=; b=gdi4rIvODxE2Tg+lMjfHcv/qi4bwrOE5qTd1+Zp3jNXgi+77ey7cmxXtDpjyvvB7i0VL1eW18Y7up9LuK9TCtAM0MWgEWq2DiBZnT1km6775d2kFsCKeuSvKAFo7lSh2CQc7QeWaev5NStR04MbXZXNweHpZAADTWQJK0d4XYySkWL7S4wRjkYlR82p6iiTsrqOCWGoViyIYRSys4a9oVbPcnYg5ZOHZ7dLEHRfSZ+Au/N4asIeS1FW/S561Mo7ihSyS/VNZuqXhuHdQHH6Ko2m1rspJ91ZAurMTsC/jVF1wuchpMo1Yob6B5U3dAEWPkmRalFIpcwhJC42tCHMeAg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:48 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:48 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 3/7] gnuplot: fix CVE-2025-31177 Date: Tue, 2 Sep 2025 15:44:28 +0800 Message-ID: <20250902074432.1068537-3-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: 23f048de-365d-41b5-76c1-08dde9f497d5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: Ado1J+KP+h/x0zZHUhH23YzOBfety0n6P3UdPc1awSU5UfVhino4IBGERcwxAHIUlBXXqk0eL3b1J+cCWg8BrcXZg6zMCb673C171/8ARJNXWLytI9poLmFwBjvQA0XnGzQcUuUUbI65C2P6kxhz0uVe0cV73IvffAZa2LG/xL9soVW2L5nlUcrtE5LDDb/jPKJcKGSxYxCXvnH5pCwqYlZjI10emVzzRIgTHVHtb+9q88Z0XDTz7on/GFmSXSWGtOvitEwo1TUUNEQFZAe0HMVKrZrXZKaZqt+KYQoHAvLV+yGclOivc68MEhcr9a1wuknZ0/tf0IBWcJ05lezWPT0ZPDUgTmRxA0QM4nqfr4HCrELg4fA5IuLhTYkM8AWnwXLSQjyb7/lWAbqI63BThHwnNRELm1TgSYiSGOnZFxwfE79AupVe1DZW6j4pX49Yu94Yb8qN0IMtbLYz5q6rvRoO8DMSu5mggswLkJepQRh4CLvWX1MLtx++JhesXoLBth8dL+SD5g1AmzJvPgUWUo1ZH9jUcI1wMy2Mdt/kQDJmo4pth+zAnDaTGirOidG+0CIT2bfGafHDK4rB8YABqUHQcgCyseD1Yy78VFxVYcZ5Bbwe8VW0kRTre2eBueecrsOfjhneS95nbnDRYkcyTHFEO6Py6AinTmyajZgJPEdF1QIyhDmyF4KV+ai646dOjGg/VzuGezXn7CyAxvrwExciQV3mw3ApgaDMOA7HCOooFypdNz8YVvzMbXN4InxVAHM18KYSwPTfqKMvv3gTyN7Omuzb6x9M31s3pw7/LBYm7L8NhGbWqgLVxxOAe4vxJ8DSrSrRez8PsXKydSy9v3itUyMTqJCDflPryMBF/3j7J9yP1NwuGu0qxCF09+KIqfNuvtDogwGsj3Vh0RZIFgtkK4V4Pv3O8LhEMPPa8WtW7lOR4bZYpFEoIlS1XAGGdEydq+CZUmUpKFJBB1OcHWf7rD3GJWor/+MTb4hUSkXkso0Aq/CMAjeYyVKyw3nHyCZU7iwXM0BEYV+NA07VTjPBddhqzVsFhkRLzYpGV9FNUfTN+3HpFLvL5sd5h8aB5eBp+T3fL6tMwcvnKnxJfXyWGdgB0/RHYDHNfl4td4zmu53kBquNIWYhe8Q1vXt1Uh85/46O6HJZThhxAWvG9DCmJ/V6/hjrZdkbTqjovE3o/168BmkrUs+ThQPlzQ82K1M1rEoGlf2GkB7pC0GpN7Va++SieYVyMqty6jASqLcaXgE+xcnMnOvPZ6bLydOhFjVAvYlGvOvuODnT/DxZu75dHu4cwxQa9aL7aTIcs5ZFp7sotanYC2IsMgexIMUWHYpSLDmvdfNZQC3Z07AqjwM7IJqUuCLCsabfBnIIm2aft01tU9LEj/oYOECSXdyvHpfIKAUx9tFXpFjAc7sSwkiV9d89w91uaYvhz7CGQmEK0KoMF55kI4B/gs9O5a1W X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jvP5ID0g66LFSVy5vr53TzV4AiVxEHGB2SOOpQrp4tT04QYZ6yt8NMBXccrebQk851wYsRfA95aM756pUrWswtE0eKBma68Uoyz19eHeVsn8vdccF4JUwObgom+eyEAT8y73YUjnREROgKQpkQGjrWQZFZLFioeSfOVZOYL8t/XdeTneXZmDQC8sLcodJ4gNZnE9tJ6OHtdAGsZ5Tc5qtYYyHu2zLqaOgXWXqNY6Gyp6ksWJKsWYF0Gy9PfmR5APkrQopuOfpbx1plElbmyHMTHaI4U0Y02+Ub6bEx992EM2AMyJz95um6AWfO0ichxubLmCfwg18T0HyjcLgOaNtwNN1dHElSEmO6ZctaZetjTDKLd+J40uuT19WKxo0udBTKLkZT+nMsSP4VQhgNc2BYC9Ge9v/PP7RqWg23jMghnJ0GoIwF2q+bvRbg05c8m2EEmNM+HVwyBSYxgbw05n3dUlXLJnOVMYTxRc5sEBtg0+g6j4PfNrf7R/BmXjRKz+LHTjhr6KxO/60IQCZN8CQrfW8xcwYJ66dPPeYleNRToJfFUIl5W0GB6X+4ZeVir+sceUySk2jOvOXyFgzSZmufR50b5ESqjVQifTfs+wxybWS0fjG6D1b41wyk+/WTFJNNMuEmfLYs0vK4qZDOuNVRw1ws4MVs5ZxmQSc1R4H1o+Ozn+ONNID90fxfw9W3WqcCOXGAeJqn7LQHqmYM9pqRP5R20gFzOjRUAw4IjiGvr331HmgGycIyPr4l50J8udR+AsRVdXYCYMO6FS5nCPgRmBFEvVRur1Vh209ijnAaJN61453UkkzXOO2yi8I7jYZbGhdmPKVTvYestv1Cf1WJv8btvb0a9LOAqQW4GkpqX/SdWkI/2jwIRQ41M2Z7wwzh8kNrNrcrg/DUSIoc59UXw3eJ5FHQKOmWgNaZVPxWYjy1OCCTdKzQr1NvhhXgkFUikvV/EPf6BiWN+x4AVSEOePMXpyOWKBDamNsiRFn0mgyg5deX7KuHOfcqEewA6GzIP2foNDgFdxAC8vNKwQKUqMffM174NGbS72HaB/G2VqeDTH+HzAGakAcQ8jlPSS8hh3EYruTXOqvGbNeQ4vO1fZEIe+PGL+bYuYJ6cwJQTW8bm/yz36a3WBGglWm9XlwudcJBnFeYyolI1+91gGs0LYpCTUS4Yk1ieTV1c7d8dZDRBwDN6NSzrYwLEzFt0AxL2U8zrjznNZV6P29SgrZt8+WBOFQSYpKrJatheTHWs5MGDpFS+K03THO5r79B5RRadtSe5aOsJNPrELDN3L9HgIU+5LXZP5lkXgWzeRXI4GXYUGsRsjUKkhvF0Vtqkl177e7MDD5eFX8sDoC8bWu6HMmfqlkFYyRHFYHvbJegm50W8V64Y1VQVJqq4oY96/i2Q5QxwftH4BcM4FXHW4gc3WTDS2tZ/+/kx/AzDXF66w2W/aMfTU70zrS+U1R9wCUjfA0lRje+LQgBnKoLs4XfZlyBfznr5zcw5iTse/GUKJ8r9DUmRTStYmzz9A1AGBJOHln6gqr7sv3MvwO0TFe+aOS/ICCgBgUYHPsUwaPRbcaF8puY4TzR4nORSU4hvl7S3qxm+WnHke36rjAnCEgQ== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 23f048de-365d-41b5-76c1-08dde9f497d5 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:48.8376 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Bdc9dfUr+xGGEehzqo5KbBG3BFDMK5hdqH33l7+qZ2JjeutKWWtWh6x3zoMF1cjLJ73TJdGyJFf5A1Gogwe3XyipQcZEFKvZCx/QyHNo6u4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfX2iT71KHIK57P BYQIxrfjn2TQZsx6lkbCGuIvkZ6gOLWKENnvhmul5S6EAeYBe1oYREQfX9Bsjmkbr0a/xP6bzG+ 9DOiVyFnpeXnhpWH8rx7hiq6jGo8aOZ74T/GfhK4OgEtaGrFZ+qLzR1cjH8dKkURnLygEzKFkaI r1fWY/GNxR7xBm5s64fpnCEityADyF+eIwIU/X1OeH9b2jjEPn0Tz6J0bTiNskHM2VfMYxx517j +QjrYWkZOLDMJJMAYc1XP7DLy5NsP32uN+8tQmh/igj2ZTphfxitgdDeW3toPs3in7mVLJph1sd mwrZklW5fIxwswo8lCQjgS87oiQkxlTQWItSWY0kcOY2nhL93o3j7b9eMk74uE= X-Authority-Analysis: v=2.4 cv=eubfzppX c=1 sm=1 tr=0 ts=68b6a072 cx=c_pps a=cgbmBu2E7d3MJV5ACatOOQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=NUDn1NH1TUvyvbo-074A:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: r5NiReLs4Hs0qMwnq3sGflFxUrS9OkP0 X-Proofpoint-ORIG-GUID: r5NiReLs4Hs0qMwnq3sGflFxUrS9OkP0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 phishscore=0 priorityscore=1501 clxscore=1015 impostorscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119171 From: Zhang Peng CVE-2025-31177: gnuplot is affected by a heap buffer overflow at function utf8_copy_one. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31177] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31177.patch | 40 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch new file mode 100644 index 0000000000..dcacf538b2 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31177.patch @@ -0,0 +1,40 @@ +From 36a4355010a81a78cf9df03d3c76dcd599ed994b Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Wed, 15 Jan 2025 11:56:13 -0800 +Subject: [PATCH] dumb: more stringent tests against y bound of dumb terminal + charcell array + +Bug 2756 + +CVE: CVE-2025-31177 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/226809aebb345e74d371bb43a2b434b490be527a/] +Signed-off-by: Zhang Peng +--- + term/dumb.trm | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/term/dumb.trm b/term/dumb.trm +index c93afb94e..bb22ca25f 100644 +--- a/term/dumb.trm ++++ b/term/dumb.trm +@@ -637,7 +637,7 @@ DUMB_put_text(unsigned int x, unsigned int y, const char *str) + { + int i, length; + +- if (y > dumb_ymax) ++ if (y < 0 || y > dumb_ymax) + return; + + length = gp_strlen(str); +@@ -784,7 +784,7 @@ ENHdumb_FLUSH() + y += i; + + /* print the string fragment, perhaps invisibly */ +- if (ENHdumb_show && y < dumb_ymax) { ++ if (ENHdumb_show && (0 <= y && y < dumb_ymax)) { + #ifdef DUMB_UTF8 + for (i = 0; i < len && x < dumb_xmax; i++, x++) { + utf8_copy_one( (char *)(&DUMB_PIXEL(x, y)), gp_strchrn(str,i)); +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index 18722b3641..18f98aa503 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -17,6 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://gnuplot.png \ file://CVE-2025-3359.patch \ file://CVE-2025-31176.patch \ + file://CVE-2025-31177.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69414 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7FE0CA100F for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.71870.1756799092719225231 for ; Tue, 02 Sep 2025 00:44:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=INxL2tRc; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5826N1YE2421652 for ; Tue, 2 Sep 2025 00:44:52 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=cllSdQpD+cwC7NFWi1kGchpDBBrcvZ+1vh35ts/sKwE=; b=INxL2tRcwluG r3CWcXojkMV3s2g+ENqUnP2Y+MpYcqFqAtpJH/jbYXB2l1+2Wz7FbmEf5Lr5f0b0 TeXSTc+dxeW2s5XLRd30uSnhG13XxzuDmy/3TCpMrmSLdXk8JUNtP39DxqZ/j7QB coKq4Nvv+zo2ch21NQBBWUBEfyxSFaxRBv3Djn2Jvo4jYqmt5BAVnqj80hBIr7qj CcLWEEfz3XCh0SsVOcEEU0HVX/x29eGwPKrTHibkPsOIW3zkbTf9JmMs5YrdY0M7 p2B51jkGFmyWx7BE2Qr4hcH872daXGkqiPYe4CNio2n5M8rbYGkBWKMW9jkt0QkQ NM65TAI+Ow== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2063.outbound.protection.outlook.com [40.107.212.63]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48uvjyt92e-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 00:44:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=VbGBhSYoPNcyzEoYcjytU6kO0+m4fVTRpnKsMSoAlMTyc39Qf+BteRI22rjx4Flk3tXbm6cpY3JHG1UszfRZHiFONtZOegSYe7AFD08B5SU1OnlsByfkDzwZpvaj5HSr1brHL+Ij9UycOA5a0WmSAwEAJRO7skjdtExq+ulG8V4qaUwnlynQ2MjUsPa6EzA4w+gHlxQGDdmutwe6041HvHFsUIjO+6VmlsPWJ+Sn0rO6hzVEzrt6zRRkvLJENoaR9VYOQoI/AR8XlkyA/QcEcT6psXRZ2O9EF13OCIbCZnGGYrproZH61xiZx9ER+nUm4Y9eG2ZNgEV3dr7BAsdxew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=cllSdQpD+cwC7NFWi1kGchpDBBrcvZ+1vh35ts/sKwE=; b=P4d4gtY1u/zeMBR1DRMHS1XpIAwLrmwOnzRH/N/NerfGB6WA7EMeNm2GT5tLYmQBqsqryldl/MTXothuQJFvVjEhqkQVSE2iSc3Af2+L7LzBqbJfcVkDPDcJIelR/R8ZxSjt/u/lYg/Fg5sNPNiV/Ee7V9Dc2QDOBYCSawJXsKshI7m4Hzsxu9A1Tt3xTu+YljyJNu/SQyifGLqYTacX7gtx9WHw1NcdAm1oYtSB+koDaBtN4RH/0oVSJQlRkF2QP3wJ5lyJjeBFUkFkzPP+m+nQAlC/T8RIICqqF6JYvjMN8J80ekCP0yVXWzQdigYWfj7EInw+zGrJEOtzQc/9zw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:50 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:50 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 4/7] gnuplot: fix CVE-2025-31178 Date: Tue, 2 Sep 2025 15:44:29 +0800 Message-ID: <20250902074432.1068537-4-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: eaa6be15-267f-4c8a-a49c-08dde9f498a8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: 7BK0vdqatASImxYCdnu+1X2GN2l46raSZcl3KO9NseaBcTl8f0dcGCXB/OxVGzM9w3Hqi8sTruN1b7nsnpv5vn6/AM7PnlT36XpsLgwqaM1YScZhCmCsMRZdMWGGBoRkFGeW9hOEjD9V4FmsOVMzUlaC5J2KYdshnnMBckIIC1j/SXWZcWwhIiRcRzL/oIebHUAN3xl3XD+aPpy0KiTovhwx71PSCvr5eRJIcRsybdltGjMQY4F6qulOy1EKdHiJERm126lTBDUbaqZvVXWm/Pm2v0nTudD6KnfT9u10fT+r2qF7jFtQ4BiDmsivSJc2ftUUlSsJX8U1NTmznzrhnDJkxlE7GEQMey/LUu1x/EppUuV3lFFz160xxx//4a4C1HSG3uvDKHLzKPxn49azsBcMjomamsUF9AhOKqt6ZBijAl4wjoYAjL3PjJd+ZnsU/TT7vF3PP3xxsQbqLsUbM4XmoYSAY8q6IT2lPm5dh3NC4UcxsHg6Pf1g4My69lGny+Rm03rAVhy8GC1+GOAlMMx4nN4iRp6g1YPqXcfzCq91Es/8u9xQlm1KY+QbSHyCsVw0+FXCetwJh5B7wD3DVDAGTUZgjWfCSRkpjTvDhBIEv4XJn7hhC9RZKFVzUPOqAQVA+IJ/FLeJH4dKF5XyDxQfSdgK2eapcssg/QvXwFyAujHP7TwTcFopsVqT8SxTfQGhLZErr+EFlxeLEQu+JG9XtIP24+bk3Oz/hnv+q3pUc3L0Vw9ZxaCqwdKK+PNk6seX+4oEW02n2R5JwyARM9lgabxj1A84XFCc1h1k5aCZsHu0GrPkRY07ucugWHWst2po1zbZXIRaDQRMPlOkdyKcwAWAd43CimqPINVLW06DFGZvnyTo9TtnwgbY+238WIAepXwTUs76zcHgLy15hNv3xXgdAvsPvUImzaO71scLXsdw2agWCkevGH+Yf27pG6BXPydczzmb0GqvGGYKFvfiiCBy8mxO+sXLuBa6abxWu+0VrY2ClOqNQ2Hftg0YLcxLt7SCiTXU8SZLhvPhophx2owg5Ed/baSpFE0A1URCj52mrok/qe2opZaAlpuSew6ZNXy9m5nLjnfiYItN3/Gk4vlJ9nbjhWBMmC+fr7xVMoUzLGusp3pn5A/6mBdz4f6gtBH+7bMHmfDOzSqAB3loW94C8dvsBIo2jIbL+1K8huTPtIe+2y7RmjeAfAa8jVujhyHxrJfn06VP7d6Z9csbO4xTTyMNcMyGL7hLQRqvdrfVldADMYftf0yJUif6SlRYedXzXtOREdH+N9273DPiPK9yCrJRz7KtIAGcz+EdSKCEgolPHqReXcDTDtk3NhunDFXNPPn467u1JxqTHP48jiYHWExSpLlnbGFevkylDGsZ5Bim7VaTmgfrzAlctYv2WprIhOxPO8ca07OTffQ5KH7jfvggfKKUd5tR5dkaxuEF/uz4pxtdcoA74XqV X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6OKcqNFdAl7380J6UnZoyt9gZXed1mMAPKzjKWXZKTJCL8xq1JP6lvp8A+uK7mksIKV62Hk2t6VMaBBdOP/yXeBEyda7TNR1I4dMETghVlwOeUcK7KUXU/G16YMZetVLOGywDn2F+KebYx8iUqcfVMDZ52PErSDs+7GHK+SF7wWiV86afIMy8Zt95SdTQIC8szWOP4vhDzVr8y+zR2qxVpVVCgzxZDKC19TBpR6NDxD70JhIej+cEhm1iIiByAulhYgxZr2yROyTufH+5a/bXq/eyD9w54kBDSsrCS6VR1pI4avYSfPpeNJqBrR24Jtib1yJc6bzRKjm3DWPObRXkQEq/hiDILbZAS4oTv+t2qrbL04b0RwDGDLjVuM4jpf+YvLZcYLoq0xY1YkvbiCVNdmKmd6UlHRAVGmnQh2eeNmE2UYyGOhE3bOo2Y5o/D9XsOjmCSlQj0DmpPfo7rSPzmc4xxsX9/GXWc+i2xDJ9OQ3VDTa0RnK8V7VpJpVtOUbIZYvZ9NPQ8OrQXFa5l11kT9UY7Tz/Zmy+y6pBakUWjhfX6bu7EEPsZBRA3Yx5EzbZp0al5XIj/Z/OPrmi/rXIcjJeRqw6seYSGnIllSaPN1PgVtzbBfYVPEoMFKLowx8uTO5lKyTwA5PsaFWMowamQMhfIs36mg42PKk7Jor5TGBKMF5pFzByLZWAPrDuv1BFTT1MPO24QfWfi6qWex23uNafg1oZrEmgIKvhuddCLWjuT6k2OdX5ztzJMEX4h74s9wAdc7xXjn8fMMLHqqJ3O26V9yweHU3YCBRhR5bggb6ay9yzOB+gT9oWTnIXFuWRGw4EqeTQwH0qTIXDvz+ZJuRv4je4+0LUNaJb2/QmNCx/ctjqIE/8JwFxMtReZpN2vBw8hDnsEuGPqw/mIn1+AJluXWgxR/9b+6r1yeRJBEdfIOALKZslIIGsY6eeYvgOj4PoUz5ljSAKMw6DAdLnFZzwi2KHZOrC4zZ/EDl7HvO+yCcNWIefCGnywbfIwe93kLj0gmhFjSa+4wnkmAoGN9UxGg2HV2UFopTk57Ze2IYNbpWq+n9l5uDmUeOldUwfr+hDAj9izTSC38syGiFK9hAtMSCRZb5thZ8wQmrpFv5eHdFBdi+FT5BOb95NjkCX0kDS6syTwxorF+K3WkfUDpxs2vPu9DW275jwU9lXv1eGvT9f647HphwExHEqdRfE1cwtENKE4gNr8bxT68tYl2nEk435raH8EPeRSDPWw/uHuZToH1LIkTbLZQJp0x+htTq2P00QzxBfeMNHiSWgdLrpOpXGFTirDxc0XEcfwWaYbI3U2v12eViJ6W0v9tVm8Nt1h+dSasHPJTzlyPS9ZQ8gP0IZybyknzMra5QgPCYk9X+wacI4oAbpgr90PSEcYliF2aAhdVPiTm/SsuvJE+B27LdhcvoRhR8ipLtZhGDa+mEJJmjLk5TiAGWgakJ0PnuF0Q8ZQRik/iQQoHOz4M8jCYgsoHLjG9U8LcbdGklZvV83reTiXrNrrkkCiVnNuBNq49el7e/HnqztJDj1r0weVjZdYTwH9LhTY1hGr7kBvWE7vGT0ClR7KhkKKWATmlDowmBP1laYQbPFvNQ6A== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: eaa6be15-267f-4c8a-a49c-08dde9f498a8 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:50.1292 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: JgrmWJZmH7TUeBec1V5J5kxjv4OMP7kSCVUaTzCnpydA0nH/fhGTKzNDaHI6AmDritbQW3L/vjjCQ1O+f5E+f0C8z/JuRrG1Ri+bEOUd89w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Authority-Analysis: v=2.4 cv=K8wiHzWI c=1 sm=1 tr=0 ts=68b6a074 cx=c_pps a=B1juiKOSPdvfexZtvkw8XQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=CEfKEDxt_uDj1WFZ_n0A:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: TlUyxevrbO18Ukud_tbsUOB_JY0PXv1i X-Proofpoint-ORIG-GUID: TlUyxevrbO18Ukud_tbsUOB_JY0PXv1i X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfXxqLQ2iKKaSOE JejABSZml2AdK+2YXhsnrPA5gURNSPye52tDuW8VIPPGPYt3JwFyXApprBnDKTpkc6gE5VETAaj 5+ycQNbAC4TLii8+fiyPvJKVyyPYH2YJmpDlHsidh7ZRXfAgQ2lvMhvmLUPhGFFKHEasFHYQAUn 9iH5mc7uI10lMoIBIlTZdFB0a/bBUqnIcFrFS91DkAuoI5iq/EgInqQ5YIeZhpDyYCYPB98pvVu b7eNv5Vmd6/4eVHu2/yWaR06TfcIlorQb9ktWDG6gKoOihMBQtnaaguSHJFNo77xEYv3cCStgys 5oaL9JUy3/cHBxQjiIb6Dv+2tfIRVRWWL0vxygrYXerTRiV9zUi8f8vZ9dM5AA= X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119172 From: Zhang Peng CVE-2025-31178: A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31178] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31178.patch | 95 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 96 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch new file mode 100644 index 0000000000..c783d75180 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31178.patch @@ -0,0 +1,95 @@ +From c625576a4e086f8e3ad6f23559052494465722c6 Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 14 Jan 2025 21:23:19 -0800 +Subject: [PATCH] use snprintf to protect against garbage user-supplied mouse + format + +Bug 2754 + +CVE: CVE-2025-31178 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b78cc829a18e9436daaa859c96f3970157f3171e/] +Signed-off-by: Zhang Peng +--- + src/mouse.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +diff --git a/src/mouse.c b/src/mouse.c +index ef8f14d71..1571144ce 100644 +--- a/src/mouse.c ++++ b/src/mouse.c +@@ -168,7 +168,7 @@ static void alert(void); + static void MousePosToGraphPosReal(int xx, int yy, double *x, double *y, double *x2, double *y2); + static char *xy_format(void); + static char *zoombox_format(void); +-static char *GetAnnotateString(char *s, double x, double y, int mode, char *fmt); ++static char *GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt); + static char *xDateTimeFormat(double x, char *b, int mode); + static void GetRulerString(char *p, double x, double y); + static void apply_zoom(struct t_zoom * z); +@@ -418,7 +418,7 @@ zoombox_format() + /* formats the information for an annotation (middle mouse button clicked) + */ + static char * +-GetAnnotateString(char *s, double x, double y, int mode, char *fmt) ++GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt) + { + if (axis_array[FIRST_X_AXIS].datatype == DT_DMS + || axis_array[FIRST_Y_AXIS].datatype == DT_DMS) { +@@ -473,11 +473,11 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt) + r = rmin + x/cos(phi); + + if (fmt) +- sprintf(s, fmt, theta, r); ++ snprintf(s, len, fmt, theta, r); + else + sprintf(s, "theta: %.1f%s r: %g", theta, degree_sign, r); + } else if ((mode == MOUSE_COORDINATES_ALT) && fmt) { +- sprintf(s, fmt, x, y); /* user defined format */ ++ snprintf(s, len, fmt, x, y); /* user defined format */ + } else if (mode == MOUSE_COORDINATES_FUNCTION) { + /* EXPERIMENTAL !!! */ + t_value original_x, original_y; +@@ -500,7 +500,7 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt) + gpfree_string(&readout); + } else { + /* Default format ("set mouse mouseformat" is not active) */ +- sprintf(s, xy_format(), x, y); /* usual x,y values */ ++ snprintf(s, len, xy_format(), x, y); /* usual x,y values */ + } + return s + strlen(s); + } +@@ -886,10 +886,10 @@ UpdateStatuslineWithMouseSetting(mouse_setting_t * ms) + strcat(format, ms->fmt); + strcat(format, ", "); + strcat(format, ms->fmt); +- sprintf(s0, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale); ++ snprintf(s0, 255, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale); + } else if (!TICS_ON(axis_array[SECOND_X_AXIS].ticmode) && !TICS_ON(axis_array[SECOND_Y_AXIS].ticmode)) { + /* only first X and Y axis are in use */ +- sp = GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string); ++ sp = GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string); + if (ruler.on) + GetRulerString(sp, real_x, real_y); + } else { +@@ -2116,7 +2116,7 @@ event_buttonrelease(struct gp_event_t *ge) + * only place, if the user didn't drag (rotate) the plot */ + + if (!is_3d_plot || !motion) { +- GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string); ++ GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string); + term->set_clipboard(s0); + if (display_ipc_commands()) { + fprintf(stderr, "put `%s' to clipboard.\n", s0); +@@ -2129,8 +2129,7 @@ event_buttonrelease(struct gp_event_t *ge) + * only done if the user didn't drag (scale) the plot */ + + if (!is_3d_plot || !motion) { +- +- GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string); ++ GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string); + if (mouse_setting.label) { + if (modifier_mask & Mod_Ctrl) { + remove_label(mouse_x, mouse_y); +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index 18f98aa503..7dfe4b6657 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -18,6 +18,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://CVE-2025-3359.patch \ file://CVE-2025-31176.patch \ file://CVE-2025-31177.patch \ + file://CVE-2025-31178.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69411 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAA1CCA0FFE for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.71871.1756799093317904150 for ; Tue, 02 Sep 2025 00:44:53 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=ZEuNkXcO; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5826N1YF2421652 for ; Tue, 2 Sep 2025 00:44:53 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=snaceVLeZ9wg7XjH2uPi+B7G17cw53DnzARIyABh9tE=; b=ZEuNkXcO+ss/ a/BPFlHTgHl20FSp2G23wIiHgrO/z5hMK6yGJCeWQEHrks2gk7dKK0HtnQrOnaSm yfIRz4i5HvZYbimzBrrLg2b/bb0ZLJTA5HcoN4zgp2fUOrIKhHwQIq3XOUHPLbRK sVatCJ75KtlyFKfPMWdbVhZjj8FWKTr2o91Mu3JUbmQ2m3r8MALdU8Kdy13wrpbH C1a3PQ5gucnIwAz9eugQmEvIy9+AEbWBuV/H/T4FrWGB52nBook4UfwbVc5ewpRW s1FrN/YvJ6CykNhonVM908dHYnqAVzEKGT5ShHv3PnPH7bSoZcluTCnOq0WisLR1 Lt2bJSQMSQ== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2063.outbound.protection.outlook.com [40.107.212.63]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48uvjyt92e-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 00:44:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=veZ21JGrAOkvk+mo9wU4Ytk7X1xag9tc0W1Ldd7MhLqmjc9yHigMqdm1PGFFRR0iTyo2T5Pqhk2yaf1PB1FtfEzOXPag2/ZeBtJwdhVAgGR3Uwmns1/gAgWM77YrsHvUa5l5SKP/wdknk5dJ2WCk/QvqJ2yy/W2EUK3usyoiuM6868FJ6A4QbCduSDKNB9prJT5QQ2njBnBBIXAwnqy7udlDZNocuae6xGFnP5mcBq6jVFLmdVGSbIBEiTiDPdYZJiYkfxtFHkFc9JjLdjQAhXS/iDDS8VwrV+kTpTAVMLXcfgd2fXr5UYfwh6d+XJlmpeCWZutidHwb2oeeKjXnRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=snaceVLeZ9wg7XjH2uPi+B7G17cw53DnzARIyABh9tE=; b=GzaDVQHU23zy58z+5gFvE7LhNtY7/7J1U74gjQOjmMtCFf12DIwLRbs77qF8xVsyqp9OP9hQe573JdLRb/l+IH6fa2DrvSXgJ/Q+zrweuuuyxkpkGPEUV9ajOYDE8WQlu1klKMEOsaf0c5yJHUNguqA3XuL5EPXazi9xMGHA6K6peoK4Q5N0LoE3IBlpjADkmlsU+BGtolhZEUkbSWu2h+ssxH928C+wMWq8MHkF8ISTKse1w7l9cBND2p5Z23BSLpNxKhOsiz62dNgR5e4h/Uc4OTVey3BTDSN/SI2G6aLgAiat9JPfY7XDWLf42ew1vAgAmY7eidiFLXceheLFTw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:51 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:51 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 5/7] gnuplot: fix CVE-2025-31179 Date: Tue, 2 Sep 2025 15:44:30 +0800 Message-ID: <20250902074432.1068537-5-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: 78262db6-d2e3-46fb-fef3-08dde9f4996c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: H+B/Qx3+akc/hXru6V+FYsIp4W+ga1yuGyyL9nfIB3bM2VVl3jyy8tN32JoTUIp/EZUyR3U/GqtoJN2rUo0jYBo+bJZIRwi7z4h5yUN4+LcVcBjqsi7aqgjUJ0G8gMSjuF1xg45I9IY83unSBqnq95IHPrmfQ2vgkflKhhdf/zlM7hHiK/dg8PfbbWNeXytAym6z8/XqSwOcdhmNXjFpsOj2iA63Dnf+Fcxx56rf1iQ4MXGs5lnyiKefQyQGdexWHTleB3MAd0ddc/ZjwpCyyJZ2jqVxvf8/ORG0JsOdPNYj2LCraEp892NUaxfiQVDhFlKsNntrFuq1FagZ5W7ltRZaCGEV59bVBizFISsJd4VQ+ZQF2/TVBqqQKd44U+Gx8caJUiGAY9wh8IfQva9hgb2Eq+gwsKJQZkMyRT7kjObghEby7gbDaKbxUfvBpefYb2wNPIO91yMW5KbUQrJXS/r0As4N17GJeUrgTWDAGy3WCMlyAE+dwK5tTS3394O21orApfEeL/tMMhtDlvsI/uAsETj/m1ePi46V4UWczkCd+BtAL0MgnJ7hHIO3Y4qhvxiAIzGWlP+kBUtkLkYC0Nb2seVtXMUtQRHdd0j1XfVZf5fMhq9cHHvz0AsiTp9rqKsrbuPKljsYLDQfnxxfW2YlI+1nNnQdijyrHrcfc/MT1HTyVBx1paE/LleWoETQv5hmnsturOXDkdQ8hkyvxTfrKmU6OLRt5vLagGoXYj/XYs8TRnUSXkV0wIxUGKI0xNPPg5T0wI4kqgk4wnUe9InXcWafbKWIrVjce3ooSVKOAmpaJTUGp5PEgH/ymOX+15MufykZzfGoGJ7QEvqB1uj2JmPmMh5E7n6DOCR2jqfIXW+lsajugEMsAX1QxXkwTRtJOo7AbkWZqoT2u6ntPSlkLuNZkm7/P+d3Qo2Ozl+eiyhdWTXlUTu8lHW/wNpVtjRRc6fjXEviAIYKEx6d63AV66lSGSo0GsvfSONTH5AIe5jUQvM9vM2tBjifvrpWIh/sHAr0nDIaxqRGdBzFLucGWrA/+WczuGk/V1aQ7YZAAdUgyq1ZlSDLg+agOQ3p35WdgBYI/xz9eQDIywpqOKoslZo3VUnphYp8f+iaOB+lF1HN048HTjnG8TEL3Dcx8HUqka1NoxeNqPcwu3qbMmL0105Nf4RQgCY/GrcSMuzgLQxoVmcHBm09TGLUi0UGkPAqkcFdx+7v1CCUiKN7d27FSlIko4PRKFWRlTxxplKeRRLAGTKWyXnWLuahKfgoJqpIFB/z868QS1GYjnWLY6J5eqsgir6brAkXGU90BkS0ODGQx/0rS1qbmD79MUnMUZXF++SkAH5NyAVvNoNFqblk8+cQjeSXfRojd+g53HGtEV/PX3M4GUSZbFSi9XL9BLHglOISUxGHHe4XTAcZ1x34kjwMgM56F5pLi+/bbag= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: efxD8GK6regkvClYVtqFwjorfx2trr/tdSAjrsJRjYumWd04gISYQMe5sumBIHlsOMYmjNuX6uQ1fv9Kie7/iwtm3VvuS5q6YTyhT1QkSeepj/2KDlYzVhdaWh0jOg9OPItGoI/1r4at9R5xh1UyyQKnFDXvuQiz7xX51eaDaXmo9YJzXxCTPIIKf3O89sBshOjuLdKQfY4iyLB4/gM9oRWbyMwRmwS5GIlbgi4qTnWX0o7IXPFLhX9CQBaf1A8NcISF2/NErGm3UXUhjXfa3PsnF89PcgbKSNqdd2TZf+K6WxvTCXXbecFe01f/GIGNUFBgg/B9nhtBf0daFsVrlMPJ99seVGDMg0IALjpZL2WC9LLgTdc+/wa4DlQFUcbJTZyY5a2VXYOLjj/UQdxAsGVHw3tWX6q415Ygx8yVj084LruhmTIK9DlMn7m7FNLXfSXCiIo6r79UPe7sdfkgj7ZwahACw4Hv3QBhnW83FIXem9OQ2/5mxhapvaiK61C+4IqaHgFd0QkIqYtjSOuiiKOVZ7OhBn6H+Dd4CkfkJ0YtrJbrco3kgFnwvlOK1KxKco4+dqEpaBsRGl1QUlOnD9MtjrZGTAQ4WKtfk9LkAEvoAxzHAt98JomSB3HwA/f82W+7Th6PMzoKRsQR9r2EVVQMR7LXAIfStAX6Z6B0RMmSmhiCS6DDoifqJJ0epKMLimQCvFk3iD/nCTbYCZNOSTLj5DWT4f33dzk7M0nUae5zlbVrpKAtXKe8ix0+R17NLTje38tvjQP6oyq8CQUF14pb+CrVhdEkzevEqLDkAist9Rb7ITeZoMDRVdpJoAPe405Zph4GFANqdzobFZwtVZy87vsruFfay4DbDX2TSGlbbZJa/1letn+ovigcFxcB/ItcZC3K/ZIKkQCF8AvFtqdns+w9YDi7BSsVBhMueZ1Dk3LiqfBu9o+VjfhONHho6tugjmU7htZ4/0P/B1TAAUkR/ei2vr5Xxb7QXvlhVVM6gLuQ2XJk3k5uATJJQplFB5EPSSV9zZfIFt82pTcfjorPweNJaTSOR8Rx2I/LIYj3efHJ/xhwBRjmFyHutPu0vC631Bl1i4fMtq4Fv7IpayWjrpn3edfwMcDD4SfaqKlUEP/h9/r0B1lsSeh3duZvQS2fcCVz/CzV8IN9/fPXiFLjw1fwGX8iyMOq1a3xkPrrH4jSz933LgQQBxkA86wJ9VW8FiZ7foAZEKTh2Z5utt7Eh/pwIA5jSYqgzfgvzzuwCtWkMdTMXcb2S9CHm/UYs7dVW2AJZTWNdYHshcFeGD3Vi6SUWl0O2HJvaRJc7zJ00P1lVW9aZMjJXIrA55d6rfmcRBWrffOXyYO2Y7Rarumv75DFHlkv84uek4n0OD6aF9iLcuqDKMCeltupecsQ1DY7KkXJhigbblHVb2IxqRXPGqOZ26s++Rz+lrtCaZEWoxCPMURd7GM9ADnXVVoB2TkTluMqK3YWdvZNZpe+n4ZPTCKlz6nvnaw7536Zx+SUhQMwGwoPuJDRf2MR+UY67ShGJMGXll1p0Hsj6v2gXfcFAS9JiBwe5cVnOTZ7hd0Zube8A3vh3eSlsy1Y/l0gglLgiQIY5spRtZJxb1Nvmg== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 78262db6-d2e3-46fb-fef3-08dde9f4996c X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:51.4137 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ce2+QmO1xbDbfmtxKeeJoMljZz2znKYwrPVep/IEj3C9viuC2zT6ANUb/bMPAdQ/XG36cmOisnoqfUpJGLufOtVEBkkoVAfc59hrJ3gYgNs= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Authority-Analysis: v=2.4 cv=K8wiHzWI c=1 sm=1 tr=0 ts=68b6a074 cx=c_pps a=B1juiKOSPdvfexZtvkw8XQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=LANpY1tpZkuJGBhTiYIA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: WyGC3HRMKfTdVRa8NJmzItTZnIO59zK0 X-Proofpoint-ORIG-GUID: WyGC3HRMKfTdVRa8NJmzItTZnIO59zK0 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfX5XqchbExk5Zz 0ZM13+EQzrUmdEfzSoAL4E5LAMNogxoW8UOiiuC6IG5ovOUx0fy7LdiGGCVGstdzAjDOYctyQGs g2QWSwL5twHNv4DicrSBaSzMb+YkkuuNFn5LyDRMjLk2RQ6u59WhHADvI5+8uabWCFQU985N5hw FCSuf/pQW2WXWfmVNTPYkAV+FLei1JDCyd5HVjaSJ9vNpTmKrySB0UumjGrPOShrXdx4NA7qPGE XBj0lzXWhWgkNSTy0Wdpd2NxnW8mwjH3OhGEfSR5PzwjrVykvHf1Lrpd/nHECA48rVjUDV9pcv/ eHS56sVdJK69uWnARhhYuE1BCfH5vt/8KUJqktW5JWvL23kvGZdAU5m382MURI= X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 spamscore=0 clxscore=1015 phishscore=0 impostorscore=0 malwarescore=0 priorityscore=1501 bulkscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119173 From: Zhang Peng CVE-2025-31179: A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31179] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31179.patch | 35 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch new file mode 100644 index 0000000000..a7ec6e78f0 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31179.patch @@ -0,0 +1,35 @@ +From 92c147cbcb8c28e4662963b378fc31e1d58c72f2 Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 11 Mar 2025 16:31:23 -0700 +Subject: [PATCH] guard against trying to format a huge number as a time + +The time formatting code does not handle time_in_seconds > 1.e12 +(sometime in the year 33658). + +Bug 2779 +CVE: CVE-2025-31179 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/] +Signed-off-by: Zhang Peng +--- + src/mouse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/mouse.c b/src/mouse.c +index 1571144ce..86dee805c 100644 +--- a/src/mouse.c ++++ b/src/mouse.c +@@ -513,6 +513,11 @@ static char * + xDateTimeFormat(double x, char *b, int mode) + { + struct tm tm; ++ if (fabs(x) > 1.e12) { /* Some time in the year 33688 */ ++ int_warn(NO_CARET, "time value out of range"); ++ *b = '\0'; ++ return b; ++ } + + switch (mode) { + case MOUSE_COORDINATES_XDATE: +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index 7dfe4b6657..c05ecd2b95 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -19,6 +19,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://CVE-2025-31176.patch \ file://CVE-2025-31177.patch \ file://CVE-2025-31178.patch \ + file://CVE-2025-31179.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69416 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6C86CA1010 for ; Tue, 2 Sep 2025 07:44:56 +0000 (UTC) Received: from mx0b-0064b401.pphosted.com (mx0b-0064b401.pphosted.com [205.220.178.238]) by mx.groups.io with SMTP id smtpd.web11.71721.1756799095183341087 for ; Tue, 02 Sep 2025 00:44:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=Ftv5aue9; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.178.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250812.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5827isvX1300360; Tue, 2 Sep 2025 07:44:54 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=Z9FdEzmgsE/iWUV+IhrtO4ctyGQjbnJBBplFNjJs5AA=; b=Ftv5aue9jMWp Fbl6+i0IComI1P2f7lmwjo8PrrbxHKKtB7l82Y+/QA4gI5FiQJD/Ijzh5+2wJOaW KENyeSXxaOklxppG4CAuauerEUSNgfIkVL5LqAn/PPbr5j/3WHVxri4q+3wPc03s OCIVRcxPpDZ04nOvOvQO3ReqAxrOFGUSlIdpgzO+F5O958pmGOnM8Fc/BxoZbvF8 aSD646iT8/68w91tVSw1MPVxJowZ/KYG2LhFiWFWWm8i0yw23o+VMG62Xh+fSlxd kmJ6yHV6UAds8dY0iZIIggl1azGKFAuErbSphsjJS1WH8TLANpJSNshUwP6y8JrD /sDkbDDYRw== Received: from nam02-bn1-obe.outbound.protection.outlook.com (mail-bn1nam02on2073.outbound.protection.outlook.com [40.107.212.73]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48ur99tckw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 07:44:54 +0000 (GMT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wlc269RLKEGit5pJE6M1Z+7JQwR6qIJD7zwk9K7fXy3a7iMcgGN9LSk7wpw0zK8QQKIzRx30eqsrwTo+913Y7q0uk2yUFozLLlqM1DEMd1w25LHJvWzaapnUqL6tlbtuPywSmUWqCSCha9lVC1+e6Pxf26LpJGr/70DvShO4F7/Wqe65teN81kuWtdpXe9FBd3jDQKWT371KmX6mh86Qs0jHzckeXmtny1mx/cg1CjJt8BFs9LCvj1jWw/aYyMwUDmHaJZxwrNTP44lefqoZhtxjEovvrWEe4IMeTCurIJ+Bze3VoVv7YUv6vBeuJW6lKybu4HThJBzxnrteTDQYRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Z9FdEzmgsE/iWUV+IhrtO4ctyGQjbnJBBplFNjJs5AA=; b=th3fo4AKaDNBVn/BCMk9vXsV4nlRWH24DpnJO/3wfQQYgD54fZF2BNanVMyrrrjzas9PUN4uWO+JFfeGaLS4BJ0xyEy2cEG3rP3QmM/PjPvFyCfzdweYvtBovJagmPkWkFqgELMEPRVmxfKzcz1cdEsO+U4dC4UIRhsRmvSEcWAljcxOPfsuSwMdB31rfZybA1bCwsbn/Y24J+duntSK0ZzFuSkl0GJVQFuzzvxsClY99aZIsIy7KQonKd8Ti1kAydOGKCaEM3QIRVzjucrqyopCz1gnyrsFDfLamcu+kc9JKM94zPPrcDiULZP8o9lo27KvEC+UorFMrplVvCaPBg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:52 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:52 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 6/7] gnuplot: fix CVE-2025-31180 Date: Tue, 2 Sep 2025 15:44:31 +0800 Message-ID: <20250902074432.1068537-6-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_ X-MS-Office365-Filtering-Correlation-Id: 086a9166-eaa7-4035-a149-08dde9f49a30 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|1800799024|366016|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: 4V8xma+ZGLEiviXh+g1bn0g1/zNtRR0Y0Dm4KUhL0cY8KTGjFaYVlcnyMaUFwV9QvddVa5PL5H2xt9zAdvDQD7eOM33pymtqILxjFsLIZx8FavrcBpyiYvBP2aPHH4aJXDDUXuFZANKl9XvPbOnaXXfo+Yfe/b9w+n2BmlXKgTeJj++V4Kb8Bih4o+EBsx4tZCHy7DnGMtP7eP8aRXRes+OYe2Hhi/AWr2eTbyBHOuXGf5nXoMz65MAN25cXcm0xYiCKHqQYyeRkObLV4EZFQDpSKOlV97bME9foaMLFORqCEo4+7xhKKum2uLSK/XDfoLIIrlwqhoGEddkuit8fzmkTpwaeuR/wnCMlB2VX0NbE08baS1Pmpg8v+BS0cmWv2qWeCX8w8Xvdr3j9jt0xbE8AzbsiuSErb80Ajvgz82XWi9dkzhdtha246TRTHumxAqYx1/1n2Qj9v+1JIgDKcOYtQhI2/ehFR8jmBeCr1MI/nKSDJUsRWJ/rBJwujgvmwnLQv7WvIkNyzhX14tx35IYronJtZiiOsmJAeTiZyLCfRl5Iz0pPtCcZwMF9uyTX/vG4nxWB46LQb22ko0Apen5IPjh1THOqqNP3SH0dI+41chICeSXNsQNZpA7eV85kuQleLuLmre2JB/Y2lUuk7R4x4k13mHlA0FrYmL6XJoc3CF/kT0adc5frkboE5FdhLxAmG9lfrcHdO226Klqj1MM6WnTC4ySZ4NpZtE+oHVExZm0RQF65PpNKF/c8DBv6ZIh7+yyeshNgRj5fgmYwCPhpV4meWp/W7l7L4fequzfcnNNgjI0f8pXQg0QkNbHHI7jcjP28r2ATiwxTHmewimbjT9Ev+2ZEW4Ynne75zMvgdVtNJ0Buu6VgClphGnnnxQNbNc6lwIO0K+5KmsBOyh020YFItRzlpcxqvKo7NfUoWGnDLMGo9sLftNhIWQzFrwYVxQr5DiLrW3ruVz6ixCCdXaFHoeMGcAStTVmil3YgtTx+NoT56su6JLll8j+HsuLCh8I4mx4Pc8wJHTuhJnc+PrxcWqUJGgYJrad45bNW6p56Go9bxHLOICTpEWVUhd+kMoRm43f5QumXQQrEhm8QxuzURKgsVld1z/Cn2JUfTTwLBIuvMwzyKsQ8Etqa1hWZc6Mu3OwxA8KOf4pVKF74i8BGu1++a02i+DuM9k7bGRsCmlTFvdO5IiMVkHUOu86UJT8gsQFTaO+Wzm7J2Ui1K1q9HIzXu0H1ICk1AXqcApO8e9OXCWvqacHK6MuIdmqsp1eRSjpC8e0Jj3QXt5pZnJuWLAoKDEAFxAN5MYQ+MUbDdEibwQXzElm0OaZZrD7FNmS50DuvS0VvJasS9y8iAR3sjujiIX8kJMcnXBpFzKI0y15j4nLhLC2hTxs3qF6O0mSDy7kQE/UAuGj15c+33jpEp50jVoHAh/e3Ui/KVNr/OIiZdeLVQ1a+FUB0 X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(1800799024)(366016)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: uTyHtlTcq+Fob31t2I9ESxyrQQQKViSKZsQTzzFwROt6NKP5zbgVq0FFliCsu3KdYCWQdRD+0tv/gBSTwDua71yzYx4iPlbt8AaZEJGkgWSUnUFQ+/69Pf2V/AdXCvG0uq5IWp8xTYcFPinkhV+Q8pb+hUswRw0sOxG+08bXMj3qdbLKP9ANhpXJgNxRRpZ5F+Gzv2jACsPYllm4UAEkZZjkD5fw/Kqw9wbRILsCAS3i24PUQUOjO0PuSVr6jpL2bz0RTsOcBLbuxAvwjF/ZDAcn2FT0CMetbeatB3I1RxMy9AwhpwikCMNfB8rSMaSqXKruNavo6FYdNZKI6VdPEyYDb/iwsgRJRD7iQ+fnX6Ke3tt4VHzpzxSqxRqxLPqAeWitp1EbL23e6MyHw9Kd3J7KPqD4AknYHybIrBZ1x5PwP+Lif+fpkmuQ2N5ReI/Cro/IJWwE6zmGBO9MDrv+AI0VE7LkIR+GL64dcugLM0DzByCUzYrtAmvNrIgR0I1kmz8RFAcdvZfiJY4rRgD/Jr7A7SHGBUmPkGvrcr6EI+8PwkcJ55YwBgqT6PT1h7caz5Eo3EIV2QpEMsvfhq1ebuiTo4R0sfSrmRlUQSsxL4/LMHdZVE2qjraFfpvCBnmUdonrmbgz8g13ylUx9dOVmrGnaaYdo/lP/5tMuZfB7crf8TZrHTkH78dlIuOVn884vi6PByWCgFpbAb5q0F40xEFmWYFa8OOkMw5ueroz+LZV0UC6DOCDUaBNh6se85tbArgUufdr3shfM0+nrp+BvkACvEWcxjegE78/IsmAWON78v5s9silCOmCCWHNGsPbhnggXstvarPjqmrkjFV/DuBPRneBAQUQePMXvGe2KPc5sEmxDAHYUJh5BN/Sy8wgrOdeqrf6TysE4CFz6HoFqony5afXmJjjSq/DSWqD5PT1ZwvJyW1pa61I0Z+8leWmw11xxqL3vkjv5m3I7qRm7HsYcVhePTja28NefYgm+oHKePPOZgEKLiZV+EblPIN3+x/bEVtuW1ZwzqcddRzuB6wWCodR95kR9ZyV97zcr3iUkRxY+AiYJx4heyv9iAjTSlu/kGEZj13SRn2p+C0QGIZXwD3w55vuQ+Bo9Yu7fKpI5529hh0q5SB0YKKqjapBvSELqh+JoSUAnimeLkrNDOUzCN6mI4j5oYwZj3tWXScAl73bUIkF8jH55iHLNfiI7N0troFg6QzbXdC8LGzzAPgHholBzSQufZ3Gbe1S5XELCEtCdWxxRDkYMj0j+BidwpDVKn3yiTVJ4ft1s4WUd+dwZ/AFruFHmy0ZfyW4puaqYkiQgTGXomZ5+tw059bAJCX0o+E5aJ9d37Sh2UGb80G1XjnSpszfVJGM2oN6stXW/uUq44JwqpY7VuBmjX8DB6qD5gdpAeFb4RjpxOMFJmnS/UkqODf5WqSpl5o4g1zGtiKvNntAiPw1awCkRReJnonVHowo6SNQoHUKbVnd7pFraYcu4WyDiZLX4Wp/Zu+bmbptx/V9YHOUp+UMcOBbEk30sUlc/ylg1h60CR/3MYE+T1wIefhSobFkAuS4QMZydGTBEB6yyFQhm8DpvyOkJYqeRNOBJCO0t3kMOWWEsw== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 086a9166-eaa7-4035-a149-08dde9f49a30 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:52.6922 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XPwD7fAeD51asjlqnc45Vjmif3z1v/qDTqwbWr/92yai2R1a9RLsSQEHWB5oOQgZqGBdgYVOcr6KnvZp1q+UEnbqayFdikCCiiSSbPbsBQ4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8562 X-Authority-Analysis: v=2.4 cv=FqYF/3rq c=1 sm=1 tr=0 ts=68b6a076 cx=c_pps a=N5D11zy+UcSgEGJfZcBmYA==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=YRJNb4tU5TLenshja7AA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-GUID: ROGcTM6e45lDSOChRILJUJrxBakGbjQd X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfX/K+A9Vz14HSC VhWa6cgQa8BY0kVk26uytkeYodu8v7S5fyUAiRA6XyWn43HkQ7DmjkIXJF2cXnCzStTcX3DD2Qv 0dwti1V5PEhXmxw+WFwJU+UTVFmDtNwD1o7bMJUP8SEWQqTzIt5wB/glkQoLjLs5BalA1Bugj19 3WMu6t6gW8RlSEO+Oh7Mv6RO3CjjMjcusNQQt7O1iPMPTktQChVkMnwWSKig5eVoQY4Ml99cJC7 6AL0E/9epupNvoVi7x7BVf1uZO6u70gs74+t2Mxp8lOPz++g1Z5GhxSMXxSo8vnzlKBNOXEqd57 pVw1fG62dQJkn1Nf40rxiacCDN5F6uzVApG1eQi4syoR+17Y5Suh2Ok8cj4Dcw= X-Proofpoint-ORIG-GUID: ROGcTM6e45lDSOChRILJUJrxBakGbjQd X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 phishscore=0 spamscore=0 priorityscore=1501 impostorscore=0 adultscore=0 suspectscore=0 bulkscore=0 malwarescore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:44:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119174 From: Zhang Peng CVE-2025-31180: A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31180] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31180.patch | 43 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch new file mode 100644 index 0000000000..e444a87128 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31180.patch @@ -0,0 +1,43 @@ +From ec0fa6117d8e98918a030e31c2e8df32ab6e4542 Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 14 Jan 2025 21:54:14 -0800 +Subject: [PATCH] canvas: handle nonlinear x2 or y2 axis with an incomplete + definition + +Actually "handle" means "ignore". +But now it doesn't segfault trying to probe a non-existant link function. + +Bug 2755 + +CVE: CVE-2025-31180 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/] +Signed-off-by: Zhang Peng +--- + term/canvas.trm | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/term/canvas.trm b/term/canvas.trm +index fee3e5dfa..e796cec0d 100644 +--- a/term/canvas.trm ++++ b/term/canvas.trm +@@ -646,7 +646,7 @@ CANVAS_text() + } else + fprintf(gpoutfile, "gnuplot.plot_axis_x2min = \"none\"\n"); + if (axis_array[SECOND_X_AXIS].linked_to_primary +- && axis_array[FIRST_X_AXIS].link_udf->at) { ++ && axis_array[FIRST_X_AXIS].link_udf && axis_array[FIRST_X_AXIS].link_udf->at) { + fprintf(gpoutfile, "gnuplot.x2_mapping = function(x) { return x; };"); + fprintf(gpoutfile, " // replace returned value with %s\n", + axis_array[FIRST_X_AXIS].link_udf->definition); +@@ -657,7 +657,7 @@ CANVAS_text() + } else + fprintf(gpoutfile, "gnuplot.plot_axis_y2min = \"none\"\n"); + if (axis_array[SECOND_Y_AXIS].linked_to_primary +- && axis_array[FIRST_Y_AXIS].link_udf->at) { ++ && axis_array[FIRST_Y_AXIS].link_udf && axis_array[FIRST_Y_AXIS].link_udf->at) { + fprintf(gpoutfile, "gnuplot.y2_mapping = function(y) { return y; };"); + fprintf(gpoutfile, " // replace returned value with %s\n", + axis_array[FIRST_Y_AXIS].link_udf->definition); +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index c05ecd2b95..c2644eaa33 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -20,6 +20,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://CVE-2025-31177.patch \ file://CVE-2025-31178.patch \ file://CVE-2025-31179.patch \ + file://CVE-2025-31180.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \ From patchwork Tue Sep 2 07:44:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peng Zhang X-Patchwork-Id: 69417 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8B78CA0FFE for ; Tue, 2 Sep 2025 07:45:06 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web10.71872.1756799097380007369 for ; Tue, 02 Sep 2025 00:44:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@windriver.com header.s=PPS06212021 header.b=gG5mo1+m; spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=134031fe91=peng.zhang1.cn@windriver.com) Received: from pps.filterd (m0250809.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 5827aPOK1353899 for ; Tue, 2 Sep 2025 00:44:57 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=windriver.com; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to; s=PPS06212021; bh=0b3M82Ozf/tT5Qz50Velc+5XTbLP9HLRpEDH9p8JG3M=; b=gG5mo1+mCzm8 cMLX0v4wW1ltZSj5iBh6lZ3Cmft5AfO2Q5sI5YgOu3rDzoH9la1j/QK48aj5NKge Gdct15eeqSL+fXXwFaVlMKtPTb0tRcDv0C/6kv8oe0wE3zNKSIyi5o66x7UGGG/U A4DzTnqkbgyQnZWlxyVww3jRuIdMOu/j4b/2pqtvPFHyQ4X8YWFjrO+OuqIszAhB g4eXH65pVEQaNnDkr2OJYE9dhEAbMTaxC0Yrb1yajhrRuvrjYFLcJlTWvcUEsqOm UGwjg51D8xNYLDpEwXJVCQVQ36vHwRIqxjS1vQzidwlBkLzZmM1bAQZcvlZt7qTb aYw7go7Z/g== Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11on2049.outbound.protection.outlook.com [40.107.220.49]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 48v0tfj4k8-1 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT) for ; Tue, 02 Sep 2025 00:44:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=t6kxO1fhuNHlG528Y3jsa3HoNBvREJ1zP3qDhcqTV8aOew3L1a610/PjFTL3UxRYbefrglm1jxdzbcHl6s/8YTqQmnJ3BkXovaNP/EW/2HZbIKEIx8sACheRhhi0AnSGE11Xv2wxh7ejJjQFouDIy1ltjzbk405RlKqFHDxGF5SfywK7v00N3NGEGCR9o8tb8yUJWPRqVill1+SfRkYze4ODyZ4larxyxOaOiVf8K/sG63rsh3sK8MBQfYS6trs2/bYzkKFbqy4heOMuoyZKDpSDQodMsecCsU1hb1DEECq/xa04aUEPALF9KlvCRlqmkSoD+UnSDzYcImj5RGbaPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0b3M82Ozf/tT5Qz50Velc+5XTbLP9HLRpEDH9p8JG3M=; b=JJGdKkQylErgxRtuTJqb0UcwUmLlLPcGEmX0iOxzA1bFo+IPWhVBnLbQLkK4LKUyZiIdfZnNdMdGoOaqC0bCIHp0tSamdKy41jfvgm1D8ppNRcFh3ywpgompwf/Zox4An8FXexbGYmeOIu2yfQGXfHx5bORAzX9QUuQUfTxNzZImrtjlRue6EocjlgqE3KsFE3zwDasAAOtnDBx6c+6QTJ5wPfBWJDOBp1eeXGjx6hlZBrdOFQO75Z72hwTRDibvVnHRIqYfvZWDGNeNLvLnElEUBDh1u07Buuh6+32M0eq/HbzD7PT5RdNmLCTN+9MuJxETXZArSSGHCr6LMpyiSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) by MW3PR11MB4748.namprd11.prod.outlook.com (2603:10b6:303:2e::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9073.27; Tue, 2 Sep 2025 07:44:54 +0000 Received: from CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f]) by CH3PR11MB8562.namprd11.prod.outlook.com ([fe80::24c6:f8fc:1afe:179f%4]) with mapi id 15.20.9073.026; Tue, 2 Sep 2025 07:44:53 +0000 From: peng.zhang1.cn@windriver.com To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 7/7] gnuplot: fix CVE-2025-31181 Date: Tue, 2 Sep 2025 15:44:32 +0800 Message-ID: <20250902074432.1068537-7-peng.zhang1.cn@windriver.com> X-Mailer: git-send-email 2.50.0 In-Reply-To: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> References: <20250902074432.1068537-1-peng.zhang1.cn@windriver.com> X-ClientProxiedBy: TYCP286CA0222.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:3c5::9) To CH3PR11MB8562.namprd11.prod.outlook.com (2603:10b6:610:1b8::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH3PR11MB8562:EE_|MW3PR11MB4748:EE_ X-MS-Office365-Filtering-Correlation-Id: 6d4492ed-d0e9-4a78-c45b-08dde9f49af1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|366016|376014|1800799024|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: YpPyH0T03+lE4qsSlNWO9J36yti8Apw0kZdh0277kXnAB8RHCKH0TSxmM72MZvfezrBmJX8XQsrprPmXRrpeRx8UBRHDi9HdMxptcgnmw22NpyinVij6NtXs7ojDKJHriTWFCEiaOf0LGJT5Dh16ur6Xj3Y7rhgYLp82BlikY8FifdZGgXBU3N1jpNRYV5Vn8FUKfDuA5T+QF/0k3OCDORhkdn2iB+EkYzOuYn1mNA96/u6Jy6dKpC+hgbORmTZvec8hkmu9JJV8A0eglF+VVpwjS66Pw+TlB9JFVWGHExUOWMwHSu8npzvumlpJ0JJQQcFTe79Dr79OX/lCk1rcKELWr45u87G/9Je1oiKAJ70ankj15gx6kkboyZPAOuc/x5MfTL+tuRyQkRwBgZ7tmhdEfpe3Da9aiQwH/DJnZKkSTxRotqIPZI/WdCZeipyZqWGdl4be514AkxZvllSmuvppdoGpwCy8MEAjxnto+Xg0LjON1N5Qbr4X63tdBoFvjtwWvrWSpgSUtEtITJMDby1ZCaTIMxo7sAvlOrUiNV324RBvH6fclmI8HxDjL75CYl+0BgsRm8B/9e6VhH9aAE7vV3LafiXom/vLZQMfo3Z0DEJDfDXgkn+nN1WLwzSHYYhekAsfFc5JtwLyiFwWOBJ5nUWHKIOmQRCqzVhbjU0Okya/QzQLeVpM35Fr3SDJIT6F4lTbKcetTw7dSvjAtk3jJLRxPXezKoYxlEXAKmrad6B7PSdEM+3P1hp0PXBClNnVDz5VA0Kf3nBl7uhKkgrZ2cGvqK2009uRxfnLT8xzUu3wmahNX3fK6HY4VaToJq1yAI8a5dfiLa5iPqS22bS61cAq19AF//p3y7s7x9j+c1/r8Wx2gRxoE6Rd8fDQiN1A8HC4KvUG6u9rk1w4noI0V00jVXgHgI7B71oGYjB5mapSHNsCzOwYv/+oiX1UFyouUZJn+tr4ICMHwhNs8GK9ImVRF/ZE6+Mk6qNjqNNNGmzihdSnF21etYAw2+cFzkHIS9y9S6qxo+A95kA9UDCDIDpG0c0TcbtfSVN9Bi+l/sMvhl1T8pOqB/H46UdCXJbqwpKy1lEMR8hnFHJoVErJHPffBanePGQj8PmL3d7DOr5gSw1kezQcpGlh3njkEOun9LFn/5/tfYiesspeD1N7KstmU1sIimRggi4w5vqHnbDI33O4cWIZUXDhDKzWzuuqfumw4bmShrgpF/XGcWVo4uY+YbOx1cGUZcMxDYUzhL667qWCqezWAuE3YMqOy3CrfxwIkncKPV9zCq8wh1PB4fdnFiVGdEarbZ1eDe98xSS6/8wBxIl3vemY5elgkvd6kvUjvwb63VGd78O+hEOq6pvP9tjUDdXRf8CZNtvVjb5Qm438U/CkNKcsYRWatb7OREqcxBD4w9z9U7y+7yGQI9zv6aP+OwfTrLu2yZvTM4Ocor5oIjdabLW7lzVU X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH3PR11MB8562.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(366016)(376014)(1800799024)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: WcemhGXiQf/Yw3ph4WhH3NIg/s0ATwa8/uiSJNmCvLKMf8Reoacx7PZIckSGZFg279m9J7pKm035tVy0op+jxaNk2l6jofMMohdEFW/GNZo1AkchmLMklLsTAFOgkvsOQkjM67B4/74K1ds+lpEDSGsGc86aSsvCRUjtXXILdCoofAL5M7CzfdQ2EteFB0kiv9RXxDZBg8NPtZiZDYNaGYGpRiA4UOb0nz8NRnAPgw2e0Mf9zT4g9aH6jfJKdjofS5O6lpiTVFkQlAeItcf5LBuXkYplO26f9OwRS/buAcVz1uGPb8+S+6MlXQkyMQXhv8v7Pq04b1AvWosAfuKu1O9Jev95lUQlaeHT7Hw7ZwKwmkWxvErokFor1+eCfmeQAiWdAwYe7wIa1UUwadMjkO5sDBJl6AGWLdV3PYZ3Yeymyn1HWTG/52gP7sLt85zdi9INpEQiyh3LWZZKTsfn03O4gdv5gRanakj0QUscQfDHhUUbRyopumDsvB4XcMlzc+/zzBHMEmfzc/KjpDwd7UFYCJFQAML5FSrqsu0nw3w2FEaYnEoGS7mHDGHnj3fEu6KptlYYIdMOPsmZ9sdjxPB55kWCIBjIzyzzne7+R3FohusUgxYAPLZW1EL3oyCr9qqPXE4dTeVzPOLhcxz4vBfYgHyF7NXbhHXkDEwUUs6ocZbiK55xTHq0Rcov5Y6yHjcm+g5zb5w76t8hY8ojNiEkVo47ttIzd/w1U2liaxWldp2qTWkBndNMEGUWRJbUZ1gFkSO4dvY7L2G4MQDRWHZxBTLzA/fGdY62/XIrQt8YlLpe69Ur7INng/d1Or9UCODg8cY7jaa0ybW6cfdblYHlC2tpuVHQtB691IgOBMFiHbMhbK9Yi02ixBFRjGIrWWWzv7kIP587h31elUSrXQAqPE4ngYTvY/w97yTJyPAe17jFJg3EY8tBSFeiylZUzcnbXdVx9+I07EA9ttfG5FsDSRtB9FskXK2LpgoG+TjZYLYxEBtXllkdssqaStHpSAQsYZzwiyBf3shXc1ZFexvHEu0pSrGf9VKhivW45mHqc4SrcjY0S9yFXKtbGe6psFfYZA4Hm/6S4GjLx0znogcVpeq/mSupfkjv8S+LwD9Qr4g7LbWRJ47cBVDKpI2JybGsJACsIHvFLdereBCV2TgnF7c1tX6egmUdI2SaCYLysf8PML11AxgG6fDLBEoix1ctxv+8jXHYONaHqk84zVvqQ8ZoOyheVIBQseCqVt91NDgcqeFdsMO+7P1C/T1wy/BRgyKm8KPlZT3SzQhztDSYqu3zd/T7+/ZidKEewAqrsb+QQsnUJuLByxN7yx9JHjw82JwbKGPpHMjAJWAjxYuO6/+SyPyjp+I9YxYtwx7hRA+9WB3dPKDAPRgXVeHJ3ylp3Q/ybfmGWwAomQQWJ64X6mDiCv6bMOqHTyb7dYoCI1lV4JyjEKmmFGs94h9KBPu3a6ScrC53PLhDfK0UXKLGFyy6l/PTN2auc+aIrWCUHXuO29DVbB32+0Z/YXaLnOG4aBgWzCyGHLA+PcsnllWNODZIe/4btaXUXjeFg9BzT0xYgz9zpQ4InorqZMfNTYrdy41qyBdbIUWR6UItEg== X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6d4492ed-d0e9-4a78-c45b-08dde9f49af1 X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB8562.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Sep 2025 07:44:53.9588 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: b/Tmp7/HKIjHokZaw1k4R+aTpL8dq/wH1Puq0rrdc1lDM11PqaynP7ogHXZkPnqCWyCQICvY2LaoIwcPmOFHZXlEQDdXQTqBgG3X4x9qXjE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR11MB4748 X-Proofpoint-GUID: 9m_6upJwZF1AqBHOIFozXIRw2VYYLa1i X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwOTAyMDA3NiBTYWx0ZWRfX4UkiYvHlrXMT oqD3epgzFKO+ccHt9QiFVlT05gG8pYSNpDqu3pFDQCL9qxg+uEBmekcV/Tp0/xq224l699L4P2o bRuwAwIjcq7GnigOMc10C3KRQwdHhBBVAEzNwExUl1Pl+mUTSFMejM3XrPfKyFTm9tthRZKwGKc ucLsG5/3CCk8sPYavnJWV7fI3YWWxk82SFXqxCXQJNTJrPmzMtlCh1rqEKXbGmZ/h0sgf6ZKjTw G91ntvW48m72Ymu4VpzvPsPhE3Ynqj/iA5+SZKOS9bjhKVp+FU0r0nwcWSLLmYVkdBDIQ1QJ62A xtfsKl+u/w/puvhjnr4AN3dKaHhAKSFYxKQuJcu7Jsv7nZKAlJrT5dz/6RriZc= X-Authority-Analysis: v=2.4 cv=XJ0wSRhE c=1 sm=1 tr=0 ts=68b6a078 cx=c_pps a=BZcKXadMzMgoE806unv5Vw==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=z/mQ4Ysz8XfWz/Q5cLBRGdckG28=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=yJojWOMRYYMA:10 a=PYnjg3YJAAAA:8 a=FP58Ms26AAAA:8 a=t7CeM3EgAAAA:8 a=xWUQyWjik60KuX6Ug6QA:9 a=FdTzh2GWekK77mhwV6Dw:22 X-Proofpoint-ORIG-GUID: 9m_6upJwZF1AqBHOIFozXIRw2VYYLa1i X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.1.9,FMLib:17.12.80.40 definitions=2025-09-02_02,2025-08-28_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 spamscore=0 clxscore=1015 phishscore=0 malwarescore=0 bulkscore=0 impostorscore=0 adultscore=0 classifier=typeunknown authscore=0 authtc= authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.22.0-2507300000 definitions=firstrun List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 02 Sep 2025 07:45:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/119175 From: Zhang Peng CVE-2025-31181: A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-31181] Upstream patches: [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/] Signed-off-by: Zhang Peng --- .../gnuplot/gnuplot/CVE-2025-31181.patch | 43 +++++++++++++++++++ .../recipes-extended/gnuplot/gnuplot_5.4.3.bb | 1 + 2 files changed, 44 insertions(+) create mode 100644 meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch new file mode 100644 index 0000000000..2de4617ff1 --- /dev/null +++ b/meta-oe/recipes-extended/gnuplot/gnuplot/CVE-2025-31181.patch @@ -0,0 +1,43 @@ +From 2d9e68278aece7e971815d9c3ec297c5e9bc51bd Mon Sep 17 00:00:00 2001 +From: Ethan A Merritt +Date: Tue, 14 Jan 2025 20:56:37 -0800 +Subject: [PATCH] x11: protect against double fclose() if two errors in a row + +Bug 2753 + +CVE: CVE-2025-31181 +Upstream-Status: Backport [https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/] +Signed-off-by: Zhang Peng +--- + term/x11.trm | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/term/x11.trm b/term/x11.trm +index 458fcf5f9..1b51a80c8 100644 +--- a/term/x11.trm ++++ b/term/x11.trm +@@ -856,8 +856,9 @@ X11_atexit() + /* dont wait(), since they might be -persist */ + X11_ipc = NULL; + #ifdef PIPE_IPC +- close(ipc_back_fd); +- ipc_back_fd = -1; ++ if (ipc_back_fd >= 0) ++ close(ipc_back_fd); ++ ipc_back_fd = IPC_BACK_CLOSED; + #endif + } + } +@@ -1412,7 +1413,8 @@ X11_graphics() + #ifdef PIPE_IPC + /* if we know the outboard driver has stopped, restart it */ + if (ipc_back_fd == IPC_BACK_CLOSED) { +- fclose(X11_ipc); ++ if (X11_ipc > 0) ++ fclose(X11_ipc); + X11_ipc = NULL; + X11_init(); + } +-- +2.43.0 + diff --git a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb index c2644eaa33..b945cc318d 100644 --- a/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb +++ b/meta-oe/recipes-extended/gnuplot/gnuplot_5.4.3.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${PV}/${BP}.tar.gz;name=a file://CVE-2025-31178.patch \ file://CVE-2025-31179.patch \ file://CVE-2025-31180.patch \ + file://CVE-2025-31181.patch \ " SRC_URI:append:class-target = " \ file://0002-do-not-build-demos.patch \