CVS commit: pkgsrc/graphics/gnuplot

["Benny Siegert" <bsiegert%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Tue Sep 22 19:08:55 UTC 2020

Modified Files:
        pkgsrc/graphics/gnuplot: Makefile distinfo
Added Files:
        pkgsrc/graphics/gnuplot/patches: patch-src_term.c

Log Message:
gnuplot: fix CVE-2020-25412 and CVE-2020-255519

Bump revision. Patches painfully pulled out of upstream's git.


To generate a diff of this commit:
cvs rdiff -u -r1.145 -r1.146 pkgsrc/graphics/gnuplot/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/graphics/gnuplot/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/graphics/gnuplot/patches/patch-src_term.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/gnuplot/Makefile
diff -u pkgsrc/graphics/gnuplot/Makefile:1.145 pkgsrc/graphics/gnuplot/Makefile:1.146
--- pkgsrc/graphics/gnuplot/Makefile:1.145      Tue Aug 18 17:58:01 2020
+++ pkgsrc/graphics/gnuplot/Makefile    Tue Sep 22 19:08:55 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.145 2020/08/18 17:58:01 leot Exp $
+# $NetBSD: Makefile,v 1.146 2020/09/22 19:08:55 bsiegert Exp $
 
 DISTNAME=      gnuplot-5.2.8
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES+=   graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=gnuplot/}
 

Index: pkgsrc/graphics/gnuplot/distinfo
diff -u pkgsrc/graphics/gnuplot/distinfo:1.42 pkgsrc/graphics/gnuplot/distinfo:1.43
--- pkgsrc/graphics/gnuplot/distinfo:1.42       Thu Dec  5 18:42:05 2019
+++ pkgsrc/graphics/gnuplot/distinfo    Tue Sep 22 19:08:55 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2019/12/05 18:42:05 adam Exp $
+$NetBSD: distinfo,v 1.43 2020/09/22 19:08:55 bsiegert Exp $
 
 SHA1 (gnuplot-5.2.8.tar.gz) = dc018b1e0a31b770d4635958badff13498babc4d
 RMD160 (gnuplot-5.2.8.tar.gz) = 1048f333f14be3f27bd8a6fa866371c6308f4f5d
@@ -8,4 +8,5 @@ SHA1 (patch-configure) = 0881a50206c9796
 SHA1 (patch-src_gp__hist.h) = b1549572ba1bacad5ae76e7a5a6b632e693b74a7
 SHA1 (patch-src_plot.c) = a91ef7ff92917c54e37f3cca765e92d9857a47a5
 SHA1 (patch-src_readline.h) = ae138bb783a5a5e68f89850cdd861cc545399aaf
+SHA1 (patch-src_term.c) = 5bf2d0fad2100aded705c7a17a9cf321a3b9946d
 SHA1 (patch-src_variable.c) = 90a9372c715791efe42bc019025aa61fb5ece80c

Added files:

Index: pkgsrc/graphics/gnuplot/patches/patch-src_term.c
diff -u /dev/null pkgsrc/graphics/gnuplot/patches/patch-src_term.c:1.1
--- /dev/null   Tue Sep 22 19:08:55 2020
+++ pkgsrc/graphics/gnuplot/patches/patch-src_term.c    Tue Sep 22 19:08:55 2020
@@ -0,0 +1,33 @@
+$NetBSD: patch-src_term.c,v 1.1 2020/09/22 19:08:55 bsiegert Exp $
+
+Fix for CVE-2020-25559 and CVE-2020-25412, from upstream
+
+--- src/term.c.orig    2019-11-19 21:57:18.000000000 +0000
++++ src/term.c
+@@ -191,6 +191,7 @@ char *enhanced_cur_text = NULL;
+ double enhanced_fontscale = 1.0;
+ char enhanced_escape_format[16] = "";
+ double enhanced_max_height = 0.0, enhanced_min_height = 0.0;
++#define ENHANCED_TEXT_MAX (&enhanced_text[MAX_LINE_LEN])
+ /* flag variable to disable enhanced output of filenames, mainly. */
+ TBOOLEAN ignore_enhanced_text = FALSE;
+ 
+@@ -2207,6 +2208,9 @@ fflush_binary()
+ void
+ do_enh_writec(int c)
+ {
++    /* Guard against buffer overflow */
++    if (enhanced_cur_text >= ENHANCED_TEXT_MAX)
++      return;
+     /* note: c is meant to hold a char, but is actually an int, for
+      * the same reasons applying to putc() and friends */
+     *enhanced_cur_text++ = c;
+@@ -2361,7 +2365,7 @@ enhanced_recursion(
+                           ++p;
+                       if (*p != *start_of_fontname) {
+                           int_warn(NO_CARET, "cannot interpret font name %s", start_of_fontname);
+-                          p = start_of_fontname;
++                          break;
+                       }
+                       start_of_fontname++;
+                       end_of_fontname = p++;