[AUTO-CHERRYPICK] graphviz: address CVE-2023-46045 & CVE-2020-18032 - branch main (#9129)
Co-authored-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
This commit is contained in:
CBL-Mariner-Bot
GitHub
Родитель
e86c9c1d13
Коммит
ac45317296
|
|
@ -0,0 +1,34 @@
|
|||
From 197f3149a5753d6bc994a21b98a70c7f76f548b5 Mon Sep 17 00:00:00 2001
|
||||
From: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
Date: Tue, 14 May 2024 10:47:34 +0530
|
||||
Subject: [PATCH] gvc: detect plugin installation failure and display an error
|
||||
|
||||
Gitlab: fixes #2441
|
||||
Reported-by: GJDuck
|
||||
|
||||
Backported to v2.42.4 by @mfrw
|
||||
|
||||
Signed-off-by: Matthew Fernandez <matthew.fernandez@gmail.com>
|
||||
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
|
||||
---
|
||||
lib/gvc/gvconfig.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/lib/gvc/gvconfig.c b/lib/gvc/gvconfig.c
|
||||
index 59c4614..35c1b60 100644
|
||||
--- a/lib/gvc/gvconfig.c
|
||||
+++ b/lib/gvc/gvconfig.c
|
||||
@@ -186,6 +186,10 @@ static int gvconfig_plugin_install_from_config(GVC_t * gvc, char *s)
|
||||
do {
|
||||
api = token(&nest, &s);
|
||||
gv_api = gvplugin_api(api);
|
||||
+ if (gv_api == (api_t)-1) {
|
||||
+ agerr(AGERR, "config error: %s %s not found\n", path, api);
|
||||
+ return 0;
|
||||
+ }
|
||||
do {
|
||||
if (nest == 2) {
|
||||
type = token(&nest, &s);
|
||||
--
|
||||
2.40.1
|
||||
|
||||
|
|
@ -45,7 +45,7 @@
|
|||
Summary: Graph Visualization Tools
|
||||
Name: graphviz
|
||||
Version: 2.42.4
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: EPL-1.0
|
||||
Vendor: Microsoft Corporation
|
||||
Distribution: Mariner
|
||||
|
|
@ -55,6 +55,7 @@ Source0: https://gitlab.com/%{name}/%{name}/-/archive/%{version}/%{name}-
|
|||
Patch0: graphviz-2.42.2-dotty-menu-fix.patch
|
||||
Patch1: graphviz-2.42.2-coverity-scan-fixes.patch
|
||||
Patch2: CVE-2020-18032.patch
|
||||
Patch3: CVE-2023-46045.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: bison
|
||||
|
|
@ -250,9 +251,7 @@ Requires: tcl >= 8.3
|
|||
Various tcl packages (extensions) for the graphviz tools.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .dotty-menu-fix
|
||||
%patch1 -p1 -b .coverity-scan-fixes
|
||||
%autosetup -p1
|
||||
|
||||
# Attempt to fix rpmlint warnings about executable sources
|
||||
find -type f -regex '.*\.\(c\|h\)$' -exec chmod a-x {} ';'
|
||||
|
|
@ -518,6 +517,10 @@ php --no-php-ini \
|
|||
%{_mandir}/man3/*.3tcl*
|
||||
|
||||
%changelog
|
||||
* Tue May 14 2024 Muhammad Falak <mwani@microsoft.com> - 2.42.4-10
|
||||
- Switch to autosetup to actually address CVE-2020-18032
|
||||
- Address CVE-2023-46045
|
||||
|
||||
* Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.42.4-9
|
||||
- Recompile with stack-protection fixed gcc version (CVE-2023-4039)
|
||||
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
Summary: Python documentation generator
|
||||
Name: python-sphinx
|
||||
Version: 4.4.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
# Unless otherwise noted, the license for code is BSD
|
||||
# sphinx/util/inspect.py has bits licensed with PSF license v2 (Python)
|
||||
# sphinx/themes/haiku/static/haiku.css_t has bits licensed with MIT
|
||||
|
|
@ -37,10 +37,27 @@ BuildRequires: gettext
|
|||
BuildRequires: graphviz
|
||||
BuildRequires: python3-atomicwrites
|
||||
BuildRequires: python3-attrs
|
||||
BuildRequires: python3-babel
|
||||
BuildRequires: python3-docutils
|
||||
BuildRequires: python3-html5lib
|
||||
BuildRequires: python3-imagesize
|
||||
BuildRequires: python3-importlib-metadata
|
||||
BuildRequires: python3-jinja2
|
||||
BuildRequires: python3-more-itertools
|
||||
BuildRequires: python3-packaging
|
||||
BuildRequires: python3-pluggy
|
||||
BuildRequires: python3-pygments
|
||||
BuildRequires: python3-pytest
|
||||
BuildRequires: python3-requests
|
||||
BuildRequires: python3-six
|
||||
BuildRequires: python3-snowballstemmer
|
||||
BuildRequires: python3-sphinx-theme-alabaster
|
||||
BuildRequires: python3-sphinxcontrib-applehelp
|
||||
BuildRequires: python3-sphinxcontrib-devhelp
|
||||
BuildRequires: python3-sphinxcontrib-htmlhelp
|
||||
BuildRequires: python3-sphinxcontrib-jsmath
|
||||
BuildRequires: python3-sphinxcontrib-qthelp
|
||||
BuildRequires: python3-sphinxcontrib-serializinghtml
|
||||
BuildRequires: python3-test
|
||||
BuildRequires: texinfo
|
||||
|
||||
|
|
@ -237,7 +254,7 @@ mkdir %{buildroot}%{python3_sitelib}/sphinxcontrib
|
|||
>> sphinx.lang
|
||||
|
||||
%check
|
||||
pip3 install more-itertools
|
||||
pip3 install webencodings
|
||||
%pytest
|
||||
|
||||
%files -n python%{python3_pkgversion}-sphinx -f sphinx.lang
|
||||
|
|
@ -252,6 +269,9 @@ pip3 install more-itertools
|
|||
%dir %{_datadir}/sphinx/locale/*
|
||||
|
||||
%changelog
|
||||
* Tue May 14 2024 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.4.0-3
|
||||
- Added test-time dependencies to unblock tests.
|
||||
|
||||
* Fri Mar 25 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 4.4.0-2
|
||||
- Initial CBL-Mariner import from Fedora 36 (license: MIT).
|
||||
- Removing epoch.
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче