aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAriadne Conill <ariadne@dereferenced.org>2021-05-31 19:56:50 -0600
committerAriadne Conill <ariadne@dereferenced.org>2021-05-31 20:02:51 -0600
commite6ce8b0c63e8f5c4d886d332e8c5c1a82415ac73 (patch)
treeb0d1553106c387435be924cdfbc5bebf47894b01
parentdadd3452c7e411cff401b150215ba6f7f11e6ab0 (diff)
downloadaports-e6ce8b0c63e8f5c4d886d332e8c5c1a82415ac73.tar.gz
aports-e6ce8b0c63e8f5c4d886d332e8c5c1a82415ac73.tar.bz2
aports-e6ce8b0c63e8f5c4d886d332e8c5c1a82415ac73.tar.xz
main/graphviz: add mitigation for CVE-2020-18032
-rw-r--r--main/graphviz/APKBUILD14
-rw-r--r--main/graphviz/CVE-2020-18032.patch40
2 files changed, 51 insertions, 3 deletions
diff --git a/main/graphviz/APKBUILD b/main/graphviz/APKBUILD
index c27fae0d03..1c10464fe1 100644
--- a/main/graphviz/APKBUILD
+++ b/main/graphviz/APKBUILD
@@ -3,7 +3,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=graphviz
pkgver=2.42.3
-pkgrel=0
+pkgrel=1
pkgdesc="Graph Visualization Tools"
url="https://www.graphviz.org/"
arch="all"
@@ -20,8 +20,13 @@ subpackages="$pkgname-dev $pkgname-doc py3-gv:_py3 lua$_luaver-$pkgname:_lua
$pkgname-graphs::noarch"
source="https://www2.graphviz.org/Packages/stable/portable_source/graphviz-$pkgver.tar.gz
0001-clone-nameclash.patch
+ CVE-2020-18032.patch
"
+# secfixes:
+# 2.42.3-r1:
+# - CVE-2020-18032
+
prepare() {
default_prepare
./autogen.sh NOCONFIG
@@ -112,5 +117,8 @@ graphs() {
"$subpkgdir"/usr/share/graphviz/
}
-sha512sums="e03ca6da0ddb1162bd179d159d7dbb379d55012d63bb922aa800260fce52b65beb1a9b5ca1a5199ad3537201b0b4841efc9facee6e03065c6bd02e840f8a29c9 graphviz-2.42.3.tar.gz
-aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch"
+sha512sums="
+e03ca6da0ddb1162bd179d159d7dbb379d55012d63bb922aa800260fce52b65beb1a9b5ca1a5199ad3537201b0b4841efc9facee6e03065c6bd02e840f8a29c9 graphviz-2.42.3.tar.gz
+aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch
+d4b818a3349a1c733177db0d4455004d47670ef1f07a670428d7c025edd6604e8342ff6906faa48abdd8e4abc0c42feb58cb1fdf116ae98fade5dbcb965d0843 CVE-2020-18032.patch
+"
diff --git a/main/graphviz/CVE-2020-18032.patch b/main/graphviz/CVE-2020-18032.patch
new file mode 100644
index 0000000000..b3b0ab9889
--- /dev/null
+++ b/main/graphviz/CVE-2020-18032.patch
@@ -0,0 +1,40 @@
+From 784411ca3655c80da0f6025ab20634b2a6ff696b Mon Sep 17 00:00:00 2001
+From: Matthew Fernandez <matthew.fernandez@gmail.com>
+Date: Sat, 25 Jul 2020 19:31:01 -0700
+Subject: [PATCH] fix: out-of-bounds write on invalid label
+
+When the label for a node cannot be parsed (due to it being malformed), it falls
+back on the symbol name of the node itself. I.e. the default label the node
+would have had if it had no label attribute at all. However, this is applied by
+dynamically altering the node's label to "\N", a shortcut for the symbol name of
+the node. All of this is fine, however if the hand written label itself is
+shorter than the literal string "\N", not enough memory would have been
+allocated to write "\N" into the label text.
+
+Here we account for the possibility of error during label parsing, and assume
+that the label text may need to be overwritten with "\N" after the fact. Fixes
+issue #1700.
+---
+ lib/common/shapes.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/lib/common/shapes.c b/lib/common/shapes.c
+index 0a0635fc3..9dca9ba6e 100644
+--- a/lib/common/shapes.c
++++ b/lib/common/shapes.c
+@@ -3546,9 +3546,10 @@ static void record_init(node_t * n)
+ reclblp = ND_label(n)->text;
+ len = strlen(reclblp);
+ /* For some forgotten reason, an empty label is parsed into a space, so
+- * we need at least two bytes in textbuf.
++ * we need at least two bytes in textbuf, as well as accounting for the
++ * error path involving "\\N" below.
+ */
+- len = MAX(len, 1);
++ len = MAX(MAX(len, 1), (int)strlen("\\N"));
+ textbuf = N_NEW(len + 1, char);
+ if (!(info = parse_reclbl(n, flip, TRUE, textbuf))) {
+ agerr(AGERR, "bad label format %s\n", ND_label(n)->text);
+--
+GitLab
+