From b83edbd73ca345df4afa411cb307ea5b66d0cc14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 14:05:03 +0800 Subject: [PATCH 1/2] Fix CVE-2025-31176 CVE-2025-31179 CVE-2025-31180 CVE-2025-31181 CVE-2025-3359 --- CVE-2025-31176.patch | 58 +++++++++++++++++++++++++++++++++++++++++++ CVE-2025-31179.patch | 30 ++++++++++++++++++++++ CVE-2025-31180.patch | 35 ++++++++++++++++++++++++++ CVE-2025-31181.patch | 39 +++++++++++++++++++++++++++++ CVE-2025-3359.patch | 59 ++++++++++++++++++++++++++++++++++++++++++++ gnuplot.spec | 10 +++++++- 6 files changed, 230 insertions(+), 1 deletion(-) create mode 100644 CVE-2025-31176.patch create mode 100644 CVE-2025-31179.patch create mode 100644 CVE-2025-31180.patch create mode 100644 CVE-2025-31181.patch create mode 100644 CVE-2025-3359.patch diff --git a/CVE-2025-31176.patch b/CVE-2025-31176.patch new file mode 100644 index 0000000..b0db372 --- /dev/null +++ b/CVE-2025-31176.patch @@ -0,0 +1,58 @@ +From 9d192bf71bdf5c8aa78252a985b24d3348ccc751 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= + +Date: Fri, 22 Aug 2025 12:52:54 +0800 +Subject: [PATCH] CVE-2025-31176 + +--- + src/graph3d.c | 4 ++-- + src/graphics.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/graph3d.c b/src/graph3d.c +index c58d9df..a382059 100644 +--- a/src/graph3d.c ++++ b/src/graph3d.c +@@ -1766,7 +1766,7 @@ plot3d_points(struct surface_points *plot) + /* Set whatever we can that applies to every point in the loop */ + if (plot->lp_properties.p_type == PT_CHARACTER) { + ignore_enhanced(TRUE); +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (plot->labels->font); + (*t->justify_text) (CENTRE); + } +@@ -1829,7 +1829,7 @@ plot3d_points(struct surface_points *plot) + + /* Return to initial state */ + if (plot->lp_properties.p_type == PT_CHARACTER) { +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (""); + ignore_enhanced(FALSE); + } +diff --git a/src/graphics.c b/src/graphics.c +index ef58d80..81b6909 100644 +--- a/src/graphics.c ++++ b/src/graphics.c +@@ -2047,7 +2047,7 @@ plot_points(struct curve_points *plot) + /* Set whatever we can that applies to every point in the loop */ + if (plot->lp_properties.p_type == PT_CHARACTER) { + ignore_enhanced(TRUE); +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (plot->labels->font); + (*t->justify_text) (CENTRE); + } +@@ -2104,7 +2104,7 @@ plot_points(struct curve_points *plot) + + /* Return to initial state */ + if (plot->lp_properties.p_type == PT_CHARACTER) { +- if (plot->labels->font && plot->labels->font[0]) ++ if (plot->labels && plot->labels->font && plot->labels->font[0]) + (*t->set_font) (""); + ignore_enhanced(FALSE); + } +-- +2.43.5 + diff --git a/CVE-2025-31179.patch b/CVE-2025-31179.patch new file mode 100644 index 0000000..21b9f65 --- /dev/null +++ b/CVE-2025-31179.patch @@ -0,0 +1,30 @@ +From ca83b273f979cbe7074831c8466d7196a04a30b9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= + +Date: Fri, 22 Aug 2025 13:16:25 +0800 +Subject: [PATCH] CVE-2025-31179 + +--- + src/mouse.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/mouse.c b/src/mouse.c +index 5c8a4ac..829af96 100644 +--- a/src/mouse.c ++++ b/src/mouse.c +@@ -490,6 +490,12 @@ xDateTimeFormat(double x, char *b, int mode) + { + struct tm tm; + ++ if (fabs(x) > 1.e12) { /* Some time in the year 33688 */ ++ int_warn(NO_CARET, "time value out of range"); ++ *b = '\0'; ++ return b; ++ } ++ + switch (mode) { + case MOUSE_COORDINATES_XDATE: + ggmtime(&tm, x); +-- +2.43.5 + diff --git a/CVE-2025-31180.patch b/CVE-2025-31180.patch new file mode 100644 index 0000000..3c14383 --- /dev/null +++ b/CVE-2025-31180.patch @@ -0,0 +1,35 @@ +From 3d551934b3cfcdb25a9cef806811c7f2d51fdc30 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= + +Date: Fri, 22 Aug 2025 13:23:42 +0800 +Subject: [PATCH] CVE-2025-31180 + +--- + term/canvas.trm | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/term/canvas.trm b/term/canvas.trm +index 5b5c960..efdbbf4 100644 +--- a/term/canvas.trm ++++ b/term/canvas.trm +@@ -647,7 +647,7 @@ CANVAS_text() + } else + fprintf(gpoutfile, "gnuplot.plot_axis_x2min = \"none\"\n"); + if (axis_array[SECOND_X_AXIS].linked_to_primary +- && axis_array[FIRST_X_AXIS].link_udf->at) { ++ && axis_array[FIRST_X_AXIS].link_udf && axis_array[FIRST_X_AXIS].link_udf->at) { + fprintf(gpoutfile, "gnuplot.x2_mapping = function(x) { return x; };"); + fprintf(gpoutfile, " // replace returned value with %s\n", + axis_array[FIRST_X_AXIS].link_udf->definition); +@@ -658,7 +658,7 @@ CANVAS_text() + } else + fprintf(gpoutfile, "gnuplot.plot_axis_y2min = \"none\"\n"); + if (axis_array[SECOND_Y_AXIS].linked_to_primary +- && axis_array[FIRST_Y_AXIS].link_udf->at) { ++ && axis_array[FIRST_Y_AXIS].link_udf && axis_array[FIRST_Y_AXIS].link_udf->at) { + fprintf(gpoutfile, "gnuplot.y2_mapping = function(y) { return y; };"); + fprintf(gpoutfile, " // replace returned value with %s\n", + axis_array[FIRST_Y_AXIS].link_udf->definition); +-- +2.43.5 + diff --git a/CVE-2025-31181.patch b/CVE-2025-31181.patch new file mode 100644 index 0000000..de3bbfd --- /dev/null +++ b/CVE-2025-31181.patch @@ -0,0 +1,39 @@ +From 1eed1ff9993792175514a7e35de2bb9d25e2adb7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= + +Date: Fri, 22 Aug 2025 13:27:10 +0800 +Subject: [PATCH] CVE-2025-31181 + +--- + term/x11.trm | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/term/x11.trm b/term/x11.trm +index 9e552b6..594a839 100644 +--- a/term/x11.trm ++++ b/term/x11.trm +@@ -861,8 +861,9 @@ X11_atexit() + /* dont wait(), since they might be -persist */ + X11_ipc = NULL; + #ifdef PIPE_IPC +- close(ipc_back_fd); +- ipc_back_fd = -1; ++ if (ipc_back_fd >= 0) ++ close(ipc_back_fd); ++ ipc_back_fd = IPC_BACK_CLOSED; + #endif + } + } +@@ -1388,7 +1389,8 @@ X11_graphics() + #ifdef PIPE_IPC + /* if we know the outboard driver has stopped, restart it */ + if (ipc_back_fd == IPC_BACK_CLOSED) { +- fclose(X11_ipc); ++ if (X11_ipc > 0) ++ fclose(X11_ipc); + X11_ipc = NULL; + X11_init(); + } +-- +2.43.5 + diff --git a/CVE-2025-3359.patch b/CVE-2025-3359.patch new file mode 100644 index 0000000..0d1355e --- /dev/null +++ b/CVE-2025-3359.patch @@ -0,0 +1,59 @@ +From 928adec16ed68b7ef6aede8a4b4c22cb42ea01e4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= + +Date: Fri, 22 Aug 2025 13:31:35 +0800 +Subject: [PATCH] CVE-2025-3359 + +--- + term/hpgl.trm | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/term/hpgl.trm b/term/hpgl.trm +index 8723f50..17bc018 100644 +--- a/term/hpgl.trm ++++ b/term/hpgl.trm +@@ -1321,8 +1321,9 @@ HPGL2_set_font(const char *font) + { + struct termentry *t = term; + char name[MAX_ID_LEN + 1]; +- int i, sep, int_size, sep2; +- double size; ++ int i, sep2; ++ char *sep; ++ double size = HPGL2_point_size; + /* + * If in Polyline Encoded command, leave Polyline Encoded command + */ +@@ -1331,9 +1332,7 @@ HPGL2_set_font(const char *font) + HPGL2_in_pe = 0; + } + /* determine font, use default from options if invalid */ +- sep = strcspn(font, ","); + strncpy(name, font, sep); +- name[sep] = NUL; + for (i = 0; i < HPGL2_FONTS; i++) { + sep2 = strcspn(HPGL2_font_table[i].compare, "$"); + if (strncmp(name, HPGL2_font_table[i].compare, sep2) == 0) +@@ -1342,12 +1341,13 @@ HPGL2_set_font(const char *font) + if (i >= HPGL2_FONTS) + i = HPGL2_font_num; + /* determine font size, use default from options if invalid */ +- int_size = 0; +- sscanf(&(font[sep + 1]), "%d", &int_size); +- if (int_size > 0) { +- size = int_size; +- } else +- size = HPGL2_point_size; ++ sep = strchr(font, ','); ++ if (sep) { ++ double req_size = strtod(sep+1, NULL); ++ if (req_size > 0) ++ size = req_size; ++ *sep = '\0'; ++ } + /* apply font changes only if necessary */ + if (size == HPGL2_point_size_current && i == HPGL2_font_num_current) + return FALSE; +-- +2.43.5 + diff --git a/gnuplot.spec b/gnuplot.spec index 707a66a..4e368ad 100644 --- a/gnuplot.spec +++ b/gnuplot.spec @@ -2,7 +2,7 @@ Name: gnuplot Summary: a portable command-line driven graphing utility Version: %{major_minor}.6 -Release: 14 +Release: 15 License: gnuplot and MIT URL: http://www.gnuplot.info/ @@ -15,6 +15,11 @@ Patch3: gnuplot-4.6.4-singlethread.patch Patch4: gnuplot-5.0.6-no-lena.patch Patch5: gnuplot-5.0.6-add-lib-gobject-when-config.patch Patch6: CVE-2020-25969.patch +Patch7: CVE-2025-31176.patch +Patch9: CVE-2025-31179.patch +Patch10: CVE-2025-31180.patch +Patch11: CVE-2025-31181.patch +Patch12: CVE-2025-3359.patch BuildRequires: cairo-devel latex2html emacs gd-devel giflib-devel libotf libpng-devel BuildRequires: librsvg2 texinfo libX11-devel libXt-devel lua-devel m17n-lib tex-tex4ht @@ -162,6 +167,9 @@ fi %exclude %{_mandir}/man1/%{name}-ja.1* %changelog +* Fri Aug 22 2025 Chaochao Bai - 5.0.6-15 +- Fix CVE-2025-31176、CVE-2025-31179、CVE-2025-31180、CVE-2025-31181、CVE-2025-3359 + * Thu Jul 13 2023 yaoxin - 5.0.6-14 - Fix CVE-2020-25969 -- Gitee From b53c10eb47ef6041fa9d3e05afe58edcfc59e0ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 29 Aug 2025 17:12:00 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=9C=A8=E8=A1=A5=E4=B8=81=E4=B8=AD?= =?UTF-8?q?=E6=B7=BB=E5=8A=A0issue=E4=BF=A1=E6=81=AF=E4=BB=A5=E5=8F=8A?= =?UTF-8?q?=E4=B8=8A=E6=B8=B8=E6=8F=90=E4=BA=A4=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CVE-2025-31176.patch | 4 ++++ CVE-2025-31179.patch | 4 ++++ CVE-2025-31180.patch | 4 ++++ CVE-2025-31181.patch | 4 ++++ CVE-2025-3359.patch | 4 ++++ 5 files changed, 20 insertions(+) diff --git a/CVE-2025-31176.patch b/CVE-2025-31176.patch index b0db372..5ef682f 100644 --- a/CVE-2025-31176.patch +++ b/CVE-2025-31176.patch @@ -3,6 +3,10 @@ From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 12:52:54 +0800 Subject: [PATCH] CVE-2025-31176 +issue link: +https://gitee.com/src-openeuler/gnuplot/issues/IBWVU3?from=project-issue +patch link: +https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b456a3ef618f55a20b3071d336cb20514274f1d4/ --- src/graph3d.c | 4 ++-- diff --git a/CVE-2025-31179.patch b/CVE-2025-31179.patch index 21b9f65..7d7d3a2 100644 --- a/CVE-2025-31179.patch +++ b/CVE-2025-31179.patch @@ -3,6 +3,10 @@ From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 13:16:25 +0800 Subject: [PATCH] CVE-2025-31179 +issue link: +https://gitee.com/src-openeuler/gnuplot/issues/IBWVU8?from=project-issue +patch link: +https://sourceforge.net/p/gnuplot/gnuplot-main/ci/ed647df512786b3c94429dd5c864715301e03ea5/ --- src/mouse.c | 6 ++++++ diff --git a/CVE-2025-31180.patch b/CVE-2025-31180.patch index 3c14383..c8c6063 100644 --- a/CVE-2025-31180.patch +++ b/CVE-2025-31180.patch @@ -3,6 +3,10 @@ From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 13:23:42 +0800 Subject: [PATCH] CVE-2025-31180 +issue link: +https://gitee.com/src-openeuler/gnuplot/issues/IBWVUB?from=project-issue +patch link: +https://sourceforge.net/p/gnuplot/gnuplot-main/ci/b2343fd02c4fff94957f0151b73daa0a1f7fec49/ --- term/canvas.trm | 4 ++-- diff --git a/CVE-2025-31181.patch b/CVE-2025-31181.patch index de3bbfd..762c534 100644 --- a/CVE-2025-31181.patch +++ b/CVE-2025-31181.patch @@ -3,6 +3,10 @@ From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 13:27:10 +0800 Subject: [PATCH] CVE-2025-31181 +issue link: +https://gitee.com/src-openeuler/gnuplot/issues/IBWVUD?from=project-issue +patch link: +https://sourceforge.net/p/gnuplot/gnuplot-main/ci/af96c2c1b20383684b1ec2084dab7936f7053031/ --- term/x11.trm | 8 +++++--- diff --git a/CVE-2025-3359.patch b/CVE-2025-3359.patch index 0d1355e..c688465 100644 --- a/CVE-2025-3359.patch +++ b/CVE-2025-3359.patch @@ -3,6 +3,10 @@ From: =?UTF-8?q?=E7=99=BD=E8=B6=85=E8=B6=85?= Date: Fri, 22 Aug 2025 13:31:35 +0800 Subject: [PATCH] CVE-2025-3359 +issue link: +https://gitee.com/src-openeuler/gnuplot/issues/IBZ760?from=project-issue +patch link: +https://sourceforge.net/p/gnuplot/gnuplot-main/ci/a5897feadc4be73b0ffd8458556c47117bd24d03/ --- term/hpgl.trm | 20 ++++++++++---------- -- Gitee