[pkgsrc/trunk]: pkgsrc/graphics/gnuplot gnuplot: fix CVE-2020-25412 and CVE-2...

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/1656d48b62a0
branches:  trunk
changeset: 439630:1656d48b62a0
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Tue Sep 22 19:08:55 2020 +0000

description:
gnuplot: fix CVE-2020-25412 and CVE-2020-255519

Bump revision. Patches painfully pulled out of upstream's git.

diffstat:

 graphics/gnuplot/Makefile                 |   4 +-
 graphics/gnuplot/distinfo                 |   3 +-
 graphics/gnuplot/patches/patch-src_term.c |  33 +++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r d59671a8c5fd -r 1656d48b62a0 graphics/gnuplot/Makefile
--- a/graphics/gnuplot/Makefile Tue Sep 22 18:22:59 2020 +0000
+++ b/graphics/gnuplot/Makefile Tue Sep 22 19:08:55 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.145 2020/08/18 17:58:01 leot Exp $
+# $NetBSD: Makefile,v 1.146 2020/09/22 19:08:55 bsiegert Exp $
 
 DISTNAME=      gnuplot-5.2.8
-PKGREVISION=   9
+PKGREVISION=   10
 CATEGORIES+=   graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=gnuplot/}
 
diff -r d59671a8c5fd -r 1656d48b62a0 graphics/gnuplot/distinfo
--- a/graphics/gnuplot/distinfo Tue Sep 22 18:22:59 2020 +0000
+++ b/graphics/gnuplot/distinfo Tue Sep 22 19:08:55 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.42 2019/12/05 18:42:05 adam Exp $
+$NetBSD: distinfo,v 1.43 2020/09/22 19:08:55 bsiegert Exp $
 
 SHA1 (gnuplot-5.2.8.tar.gz) = dc018b1e0a31b770d4635958badff13498babc4d
 RMD160 (gnuplot-5.2.8.tar.gz) = 1048f333f14be3f27bd8a6fa866371c6308f4f5d
@@ -8,4 +8,5 @@
 SHA1 (patch-src_gp__hist.h) = b1549572ba1bacad5ae76e7a5a6b632e693b74a7
 SHA1 (patch-src_plot.c) = a91ef7ff92917c54e37f3cca765e92d9857a47a5
 SHA1 (patch-src_readline.h) = ae138bb783a5a5e68f89850cdd861cc545399aaf
+SHA1 (patch-src_term.c) = 5bf2d0fad2100aded705c7a17a9cf321a3b9946d
 SHA1 (patch-src_variable.c) = 90a9372c715791efe42bc019025aa61fb5ece80c
diff -r d59671a8c5fd -r 1656d48b62a0 graphics/gnuplot/patches/patch-src_term.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/gnuplot/patches/patch-src_term.c Tue Sep 22 19:08:55 2020 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-src_term.c,v 1.1 2020/09/22 19:08:55 bsiegert Exp $
+
+Fix for CVE-2020-25559 and CVE-2020-25412, from upstream
+
+--- src/term.c.orig    2019-11-19 21:57:18.000000000 +0000
++++ src/term.c
+@@ -191,6 +191,7 @@ char *enhanced_cur_text = NULL;
+ double enhanced_fontscale = 1.0;
+ char enhanced_escape_format[16] = "";
+ double enhanced_max_height = 0.0, enhanced_min_height = 0.0;
++#define ENHANCED_TEXT_MAX (&enhanced_text[MAX_LINE_LEN])
+ /* flag variable to disable enhanced output of filenames, mainly. */
+ TBOOLEAN ignore_enhanced_text = FALSE;
+ 
+@@ -2207,6 +2208,9 @@ fflush_binary()
+ void
+ do_enh_writec(int c)
+ {
++    /* Guard against buffer overflow */
++    if (enhanced_cur_text >= ENHANCED_TEXT_MAX)
++      return;
+     /* note: c is meant to hold a char, but is actually an int, for
+      * the same reasons applying to putc() and friends */
+     *enhanced_cur_text++ = c;
+@@ -2361,7 +2365,7 @@ enhanced_recursion(
+                           ++p;
+                       if (*p != *start_of_fontname) {
+                           int_warn(NO_CARET, "cannot interpret font name %s", start_of_fontname);
+-                          p = start_of_fontname;
++                          break;
+                       }
+                       start_of_fontname++;
+                       end_of_fontname = p++;