diff options
-rw-r--r-- | main/graphviz/APKBUILD | 14 | ||||
-rw-r--r-- | main/graphviz/CVE-2020-18032.patch | 40 |
2 files changed, 51 insertions, 3 deletions
diff --git a/main/graphviz/APKBUILD b/main/graphviz/APKBUILD index ad12e8322dc..d70226b2b75 100644 --- a/main/graphviz/APKBUILD +++ b/main/graphviz/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=graphviz pkgver=2.44.0 -pkgrel=1 +pkgrel=2 pkgdesc="Graph Visualization Tools" url="https://www.graphviz.org/" arch="all" @@ -20,8 +20,13 @@ subpackages="$pkgname-dev $pkgname-doc py3-gv:_py3 lua$_luaver-$pkgname:_lua $pkgname-graphs::noarch" source="https://gitlab.com/graphviz/graphviz/-/archive/$pkgver/graphviz-$pkgver.tar.gz 0001-clone-nameclash.patch + CVE-2020-18032.patch " +# secfixes: +# 2.44.0-r2: +# - CVE-2020-18032 + prepare() { default_prepare ./autogen.sh NOCONFIG @@ -112,5 +117,8 @@ graphs() { "$subpkgdir"/usr/share/graphviz/ } -sha512sums="07e9776fc2fc3b8e17cd4ed6e6f2cd69330d4aa6592a77a39b7b55c4402440096c5eec2918a335c29f32c9f93c6d569b706bf1e503df5914607637bf71c47397 graphviz-2.44.0.tar.gz -aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch" +sha512sums=" +07e9776fc2fc3b8e17cd4ed6e6f2cd69330d4aa6592a77a39b7b55c4402440096c5eec2918a335c29f32c9f93c6d569b706bf1e503df5914607637bf71c47397 graphviz-2.44.0.tar.gz +aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch +d4b818a3349a1c733177db0d4455004d47670ef1f07a670428d7c025edd6604e8342ff6906faa48abdd8e4abc0c42feb58cb1fdf116ae98fade5dbcb965d0843 CVE-2020-18032.patch +" diff --git a/main/graphviz/CVE-2020-18032.patch b/main/graphviz/CVE-2020-18032.patch new file mode 100644 index 00000000000..b3b0ab98892 --- /dev/null +++ b/main/graphviz/CVE-2020-18032.patch @@ -0,0 +1,40 @@ +From 784411ca3655c80da0f6025ab20634b2a6ff696b Mon Sep 17 00:00:00 2001 +From: Matthew Fernandez <matthew.fernandez@gmail.com> +Date: Sat, 25 Jul 2020 19:31:01 -0700 +Subject: [PATCH] fix: out-of-bounds write on invalid label + +When the label for a node cannot be parsed (due to it being malformed), it falls +back on the symbol name of the node itself. I.e. the default label the node +would have had if it had no label attribute at all. However, this is applied by +dynamically altering the node's label to "\N", a shortcut for the symbol name of +the node. All of this is fine, however if the hand written label itself is +shorter than the literal string "\N", not enough memory would have been +allocated to write "\N" into the label text. + +Here we account for the possibility of error during label parsing, and assume +that the label text may need to be overwritten with "\N" after the fact. Fixes +issue #1700. +--- + lib/common/shapes.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/lib/common/shapes.c b/lib/common/shapes.c +index 0a0635fc3..9dca9ba6e 100644 +--- a/lib/common/shapes.c ++++ b/lib/common/shapes.c +@@ -3546,9 +3546,10 @@ static void record_init(node_t * n) + reclblp = ND_label(n)->text; + len = strlen(reclblp); + /* For some forgotten reason, an empty label is parsed into a space, so +- * we need at least two bytes in textbuf. ++ * we need at least two bytes in textbuf, as well as accounting for the ++ * error path involving "\\N" below. + */ +- len = MAX(len, 1); ++ len = MAX(MAX(len, 1), (int)strlen("\\N")); + textbuf = N_NEW(len + 1, char); + if (!(info = parse_reclbl(n, flip, TRUE, textbuf))) { + agerr(AGERR, "bad label format %s\n", ND_label(n)->text); +-- +GitLab + |