packages/graphviz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!43 Fix CVE-2023-46045

Browse Source 
From: @starlet-dx 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
This commit is contained in:
openeuler-ci-bot 2024-02-06 02:49:50 +00:00 committed by Gitee
commit 973802d1fb
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 56 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2023-46045.patch Normal file
View File

@ -0,0 +1,50 @@
From 4becebe422e167358f4e57679d845932cc9f3a8a Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Fri, 2 Feb 2024 10:24:35 +0800
Subject: [PATCH 1/1] Merge branch 'smattr/gitlab-2441' into 'main'
gvc: detect plugin installation failure and display an error
Closes #2441
Origin:
https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb
https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a
https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e
---
lib/gvc/gvconfig.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
index d03de09..1eccc70 100644
--- a/lib/gvc/gvconfig.c
+++ b/lib/gvc/gvconfig.c
@@ -172,9 +172,8 @@ static char *token(int *nest, char **tokens)
static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
{
- char *package_path, *name, *api;
+ char *package_path, *name;
const char *type;
- api_t gv_api;
int quality;
int nest = 0;
gvplugin_package_t *package;
@@ -188,8 +187,12 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
name = "x";
package = gvplugin_package_record(gvc, package_path, name);
do {
- api = token(&nest, &s);
- gv_api = gvplugin_api(api);
+ const char *api = token(&nest, &s);
+ const api_t gv_api = gvplugin_api(api);
+ if (gv_api == (api_t)-1) {
+ agerr(AGERR, "config error: %s %s not found\n", package_path, api);
+ return 0;
+ }
do {
if (nest == 2) {
type = token(&nest, &s);
--
2.33.0

7
graphviz.spec
View File

@ -18,13 +18,15 @@
Name: graphviz Name: graphviz
Version: 8.1.0 Version: 8.1.0
Release: 1 Release: 2
Summary: Graph Visualization Tools Summary: Graph Visualization Tools
License: EPL-1.0 License: EPL-1.0
URL: http://www.graphviz.org/ URL: http://www.graphviz.org/
Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz Source0: https://gitlab.com/graphviz/graphviz/-/archive/%{version}/graphviz-%{version}.tar.gz
Patch6000: backport-graphviz-4.0.0-gvpack-neato-static.patch Patch6000: backport-graphviz-4.0.0-gvpack-neato-static.patch
# https://gitlab.com/graphviz/graphviz/-/commit/5d09f70d7f6b81eb891749895c2e6b81365ac234
Patch6001: CVE-2023-46045.patch
BuildRequires: gcc-g++ BuildRequires: gcc-g++
BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33 BuildRequires: ksh bison m4 flex ruby automake perl-Carp autoconf libtool qpdf urw-base35-fonts, perl-ExtUtils-Embed, perl-generators, librsvg2-devel swig >= 1.3.33
@ -312,6 +314,9 @@ php --no-php-ini --define extension_dir=$RPM_BUILD_ROOT%{_libdir}/graphviz/php/
%endif %endif
%changelog %changelog
* Tue Feb 06 2024 yaoxin <yao_xin001@hoperun.com> - 8.1.0-2
- Fix CVE-2023-46045
* Thu Sep 07 2023 yaoxin <yao_xin001@hoperun.com> - 8.1.0-1 * Thu Sep 07 2023 yaoxin <yao_xin001@hoperun.com> - 8.1.0-1
- Update to 8.1.0 - Update to 8.1.0