Accepting request 1277115 from Publishing

- Add patches
  * fix4bug1240325.patch - boo#1240325: CVE-2025-31176: segmentation fault on plot3d_points
  * fix4bug1240326.patch - boo#1240326: CVE-2025-31177: heap-buffer overflow on utf8_copy_one
  * fix4bug1240327.patch - boo#1240327: CVE-2025-31178: segmentation fault on GetAnnotateString
  * fix4bug1240328.patch - boo#1240328: CVE-2025-31179: segmentation fault on xstrftime
  * fix4bug1240329.patch - boo#1240329: CVE-2025-31180: segmentation fault on CANVAS_text
  * fix4bug1240330.patch - boo#1240330: CVE-2025-31181: segmentation fault on X11_graphics
  * fix4bug1241684.patch - boo#1241684: CVE-2025-3359: segmentation fault via IO_str_init_static_internal function
- Add a check section and we use a dump terminal

- Use openspecfun only for opensuse builds

- Add patches
  * fix4bug1240325.patch - boo#1240325: CVE-2025-31176: segmentation fault on plot3d_points
  * fix4bug1240326.patch - boo#1240326: CVE-2025-31177: heap-buffer overflow on utf8_copy_one
  * fix4bug1240327.patch - boo#1240327: CVE-2025-31178: segmentation fault on GetAnnotateString
  * fix4bug1240328.patch - boo#1240328: CVE-2025-31179: segmentation fault on xstrftime
  * fix4bug1240329.patch - boo#1240329: CVE-2025-31180: segmentation fault on CANVAS_text
  * fix4bug1240330.patch - boo#1240330: CVE-2025-31181: segmentation fault on X11_graphics
  * fix4bug1241684.patch - boo#1241684: CVE-2025-3359: segmentation fault via IO_str_init_static_internal function
- Add a check section and we use a dump terminal

OBS-URL: https://build.opensuse.org/request/show/1277115
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gnuplot?expand=0&rev=98

fix4bug1240325.patch

@@ -0,0 +1,75 @@
+commit b456a3ef618f55a20b3071d336cb20514274f1d4
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Mar 11 12:31:54 2025 -0700
+
+    guard against invalid read from plot->labels
+    
+    If a plot style uses points and the point chosen has PT_CHARACTER
+    then the program looks for a possible font in plot->labels->font.
+    These plot styles contain a flag bit HAS_POINT (gp_types.h).
+    The program makes sure to initialize plot->labels for these styles.
+    However a problem arises when a plot style that doesn't use points
+    nevertheless triggers this same attempted font lookup by using a
+    linetype that happens to use pointtype PT_CHARACTER.
+    I think this is only possible with 'splot' but I added parallel
+    checks for 'plot' as well.
+    
+    Bug 2776
+
+diff --git src/boundary.c src/boundary.c
+index e787de3f1..941635f7a 100644
+--- src/boundary.c
++++ src/boundary.c
+@@ -1468,7 +1468,7 @@ do_key_sample_point(
+ 	    (*t->pointsize)(pointsize);
+ 	if (on_page(xl + key_point_offset, yl)) {
+ 	    if (this_plot->lp_properties.p_type == PT_CHARACTER) {
+-		if (this_plot->labels->textcolor.type != TC_DEFAULT)
++		if (this_plot->labels && this_plot->labels->textcolor.type != TC_DEFAULT)
+ 		    apply_pm3dcolor(&(this_plot->labels->textcolor));
+ 		(*t->put_text) (xl + key_point_offset, yl, 
+ 				this_plot->lp_properties.p_char);
+diff --git src/graph3d.c src/graph3d.c
+index bda614b7a..74ae8d558 100644
+--- src/graph3d.c
++++ src/graph3d.c
+@@ -2164,7 +2164,7 @@ plot3d_points(struct surface_points *plot)
+     /* Set whatever we can that applies to every point in the loop */
+     if (plot->lp_properties.p_type == PT_CHARACTER) {
+ 	ignore_enhanced(TRUE);
+-	if (plot->labels->font && plot->labels->font[0])
++	if (plot->labels && plot->labels->font && plot->labels->font[0])
+ 	    (*t->set_font) (plot->labels->font);
+ 	(*t->justify_text) (CENTRE);
+     }
+@@ -2260,7 +2260,7 @@ plot3d_points(struct surface_points *plot)
+ 
+     /* Return to initial state */
+     if (plot->lp_properties.p_type == PT_CHARACTER) {
+-	if (plot->labels->font && plot->labels->font[0])
++	if (plot->labels && plot->labels->font && plot->labels->font[0])
+ 	    (*t->set_font) ("");
+ 	ignore_enhanced(FALSE);
+     }
+diff --git src/graphics.c src/graphics.c
+index 083cb61f4..f68ef7096 100644
+--- src/graphics.c
++++ src/graphics.c
+@@ -2649,7 +2649,7 @@ plot_points(struct curve_points *plot)
+     /* Set whatever we can that applies to every point in the loop */
+     if (plot->lp_properties.p_type == PT_CHARACTER) {
+ 	ignore_enhanced(TRUE);
+-	if (plot->labels->font && plot->labels->font[0])
++	if (plot->labels && plot->labels->font && plot->labels->font[0])
+ 	    (*t->set_font) (plot->labels->font);
+ 	(*t->justify_text) (CENTRE);
+     }
+@@ -2781,7 +2781,7 @@ plot_points(struct curve_points *plot)
+ 
+     /* Return to initial state */
+     if (plot->lp_properties.p_type == PT_CHARACTER) {
+-	if (plot->labels->font && plot->labels->font[0])
++	if (plot->labels && plot->labels->font && plot->labels->font[0])
+ 	    (*t->set_font) ("");
+ 	ignore_enhanced(FALSE);
+     }

fix4bug1240326.patch

@@ -0,0 +1,30 @@
+commit 226809aebb345e74d371bb43a2b434b490be527a
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Wed Jan 15 11:56:13 2025 -0800
+
+    dumb:  more stringent tests against y bound of dumb terminal charcell array
+    
+    Bug 2756
+
+diff --git term/dumb.trm term/dumb.trm
+index 498e27fc6..fdc94fbf5 100644
+--- term/dumb.trm
++++ term/dumb.trm
+@@ -801,7 +801,7 @@ DUMB_put_text(unsigned int x, unsigned int y, const char *str)
+ {
+     int i, length;
+ 
+-    if (y > dumb_ymax)
++    if (y < 0 || y > dumb_ymax)
+ 	return;
+ 
+     length = gp_strlen(str);
+@@ -949,7 +949,7 @@ ENHdumb_FLUSH()
+ 	y += i;
+ 
+ 	/* print the string fragment, perhaps invisibly */
+-	if (ENHdumb_show && y < dumb_ymax) {
++	if (ENHdumb_show && (0 <= y && y < dumb_ymax)) {
+ 	    for (i = 0; i < len && x < dumb_xmax; i++, x++) {
+ 		utf8_copy_one( (char *)(&DUMB_PIXEL(x, y)), gp_strchrn(str,i));
+ #ifndef NO_DUMB_COLOR_SUPPORT

fix4bug1240327.patch

@@ -0,0 +1,84 @@
+commit b78cc829a18e9436daaa859c96f3970157f3171e
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Jan 14 21:23:19 2025 -0800
+
+    use snprintf to protect against garbage user-supplied mouse format
+    
+    Bug 2754
+
+diff --git src/mouse.c src/mouse.c
+index 4d1362130..95266738b 100644
+--- src/mouse.c
++++ src/mouse.c
+@@ -270,7 +270,7 @@ static void alert(void);
+ static void MousePosToGraphPosReal(int xx, int yy, double *x, double *y, double *x2, double *y2);
+ static char *xy_format(void);
+ static char *zoombox_format(void);
+-static char *GetAnnotateString(char *s, double x, double y, int mode, char *fmt);
++static char *GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt);
+ static char *xDateTimeFormat(double x, char *b, int mode);
+ static void GetRulerString(char *p, double x, double y);
+ static void apply_zoom(struct t_zoom * z);
+@@ -524,7 +524,7 @@ zoombox_format()
+ /* formats the information for an annotation (middle mouse button clicked)
+  */
+ static char *
+-GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
++GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt)
+ {
+     if (axis_array[FIRST_X_AXIS].datatype == DT_DMS
+     ||  axis_array[FIRST_Y_AXIS].datatype == DT_DMS) {
+@@ -579,11 +579,11 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
+ 	    r = rmin + x/cos(phi);
+ 
+ 	if (fmt)
+-	    sprintf(s, fmt, theta, r);
++	    snprintf(s, len, fmt, theta, r);
+ 	else
+ 	    sprintf(s, "theta: %.1f%s  r: %g", theta, degree_sign, r);
+     } else if ((mode == MOUSE_COORDINATES_ALT) && fmt) {
+-	sprintf(s, fmt, x, y);	/* user defined format */
++	snprintf(s, len, fmt, x, y);	/* user defined format */
+     } else if (mode == MOUSE_COORDINATES_FUNCTION) {
+ 	/* EXPERIMENTAL !!! */
+ 	t_value original_x, original_y;
+@@ -606,7 +606,7 @@ GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
+ 	gpfree_string(&readout);
+     } else {
+ 	/* Default format ("set mouse mouseformat" is not active) */
+-	sprintf(s, xy_format(), x, y);	/* usual x,y values */
++	snprintf(s, len, xy_format(), x, y);	/* usual x,y values */
+     }
+     return s + strlen(s);
+ }
+@@ -1020,10 +1020,10 @@ UpdateStatuslineWithMouseSetting(mouse_setting_t * ms)
+ 	strcat(format, ms->fmt);
+ 	strcat(format, ", ");
+ 	strcat(format, ms->fmt);
+-	sprintf(s0, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
++	snprintf(s0, 255, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
+     } else if (!TICS_ON(axis_array[SECOND_X_AXIS].ticmode) && !TICS_ON(axis_array[SECOND_Y_AXIS].ticmode)) {
+ 	/* only first X and Y axis are in use */
+-	sp = GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
++	sp = GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
+ 	if (ruler.on)
+ 	    GetRulerString(sp, real_x, real_y);
+     } else {
+@@ -2286,7 +2286,7 @@ event_buttonrelease(struct gp_event_t *ge)
+ 	     * only place, if the user didn't drag (rotate) the plot */
+ 
+ 	    if (!is_3d_plot || !motion) {
+-		GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
++		GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
+ 		term->set_clipboard(s0);
+ 		if (display_ipc_commands()) {
+ 		    fprintf(stderr, "put `%s' to clipboard.\n", s0);
+@@ -2302,7 +2302,7 @@ event_buttonrelease(struct gp_event_t *ge)
+ 	    /* draw temporary annotation or label. For 3d plots this is
+ 	     * only done if the user didn't drag (scale) the plot */
+ 	    if (!is_3d_plot || !motion) {
+-		GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
++		GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
+ 		if (mouse_setting.label) {
+ 		    if (modifier_mask & Mod_Ctrl) {
+ 			remove_label(mouse_x, mouse_y);

fix4bug1240328.patch

@@ -0,0 +1,107 @@
+commit ed647df512786b3c94429dd5c864715301e03ea5
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Mar 11 16:31:23 2025 -0700
+
+    guard against trying to format a huge number as a time
+    
+    The time formatting code does not handle time_in_seconds > 1.e12
+    (sometime in the year 33658).
+    
+    Bug 2779
+
+diff --git src/mouse.c src/mouse.c
+index ba0609290..a6110f5ff 100644
+--- src/mouse.c
++++ src/mouse.c
+@@ -619,6 +619,11 @@ static char *
+ xDateTimeFormat(double x, char *b, int mode)
+ {
+     struct tm tm;
++    if (fabs(x) > 1.e12) {  /* Some time in the year 33688 */
++	int_warn(NO_CARET, "time value out of range");
++	*b = '\0';
++	return b;
++    }
+ 
+     switch (mode) {
+     case MOUSE_COORDINATES_XDATE:
+commit 3270021820ff6ac7a6d77b77fe69777129937994
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Wed Mar 12 19:56:13 2025 -0700
+
+    check valid range on time value before trying to format it
+    
+    Absurdly large time values (number of seconds) cause failures in the
+    routines that populate a time structure and format the result.
+    The program does complain about an invalid time value but only
+    after the failures have already occurred.
+    E.g.
+            print strftime("%Y", 1.e14)
+    
+    Now a check for fabs(time) > 1.e12 is the first thing in f_strftime().
+    
+    Bug 2779
+
+diff --git src/internal.c src/internal.c
+index 53be8d409..2d8812e49 100644
+--- src/internal.c
++++ src/internal.c
+@@ -1905,30 +1905,37 @@ f_strftime(union argument *arg)
+ 	int_error(NO_CARET,
+ 		  "First parameter to strftime must be a format string");
+ 
+-    /* Prepare format string.
+-     * Make sure the resulting string not empty by adding a space.
+-     * Otherwise, the return value of gstrftime doesn't give enough
+-     * information.
+-     */
+-    fmtlen = strlen(fmt.v.string_val) + 1;
+-    fmtstr = gp_alloc(fmtlen + 1, "f_strftime: fmt");
+-    strncpy(fmtstr, fmt.v.string_val, fmtlen);
+-    strncat(fmtstr, " ", fmtlen);
+-    buflen = 80 + 2*fmtlen;
+-    buffer = gp_alloc(buflen, "f_strftime: buffer");
+-
+-    /* Get time_str */
+-    length = gstrftime(buffer, buflen, fmtstr, real(&val));
+-    if (length == 0 || length >= buflen)
+-	int_error(NO_CARET, "String produced by time format is too long");
+-
+-    /* Remove trailing space */
+-    assert(buffer[length-1] == ' ');
+-    buffer[length-1] = NUL;
++    /* Range check */
++    if (!(fabs(real(&val)) < 1.e12)) {
++	int_warn(NO_CARET, "time value out of range");
++	buffer = strdup("    ");
++
++    } else {
++	/* Prepare format string.
++	 * Make sure the resulting string not empty by adding a space.
++	 * Otherwise, the return value of gstrftime doesn't give enough
++	 * information.
++	 */
++	fmtlen = strlen(fmt.v.string_val) + 1;
++	fmtstr = gp_alloc(fmtlen + 1, "f_strftime: fmt");
++	strncpy(fmtstr, fmt.v.string_val, fmtlen);
++	strncat(fmtstr, " ", fmtlen);
++	buflen = 80 + 2*fmtlen;
++	buffer = gp_alloc(buflen, "f_strftime: buffer");
++
++	/* Get time_str */
++	length = gstrftime(buffer, buflen, fmtstr, real(&val));
++	if (length == 0 || length >= buflen)
++	    int_error(NO_CARET, "String produced by time format is too long");
++
++	/* Remove trailing space */
++	assert(buffer[length-1] == ' ');
++	buffer[length-1] = NUL;
++	free(fmtstr);
++    }
+ 
+     gpfree_string(&val);
+     gpfree_string(&fmt);
+-    free(fmtstr);
+ 
+     push(Gstring(&val, buffer));
+     free(buffer);

fix4bug1240329.patch

@@ -0,0 +1,33 @@
+commit b2343fd02c4fff94957f0151b73daa0a1f7fec49
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Jan 14 21:54:14 2025 -0800
+
+    canvas:  handle nonlinear x2 or y2 axis with an incomplete definition
+    
+    Actually "handle" means "ignore".
+    But now it doesn't segfault trying to probe a non-existant link function.
+    
+    Bug 2755
+
+diff --git term/canvas.trm term/canvas.trm
+index a919b09bd..bfe567832 100644
+--- term/canvas.trm
++++ term/canvas.trm
+@@ -646,7 +646,7 @@ CANVAS_text()
+ 	} else
+ 	    fprintf(gpoutfile, "gnuplot.plot_axis_x2min = \"none\"\n");
+ 	if (axis_array[SECOND_X_AXIS].linked_to_primary
+-	&&  axis_array[FIRST_X_AXIS].link_udf->at) {
++	&&  axis_array[FIRST_X_AXIS].link_udf && axis_array[FIRST_X_AXIS].link_udf->at) {
+ 	    fprintf(gpoutfile, "gnuplot.x2_mapping = function(x) { return x; };");
+ 	    fprintf(gpoutfile, "  // replace returned value with %s\n",
+ 			axis_array[FIRST_X_AXIS].link_udf->definition);
+@@ -657,7 +657,7 @@ CANVAS_text()
+ 	} else
+ 	    fprintf(gpoutfile, "gnuplot.plot_axis_y2min = \"none\"\n");
+ 	if (axis_array[SECOND_Y_AXIS].linked_to_primary
+-	&&  axis_array[FIRST_Y_AXIS].link_udf->at) {
++	&&  axis_array[FIRST_Y_AXIS].link_udf && axis_array[FIRST_Y_AXIS].link_udf->at) {
+ 	    fprintf(gpoutfile, "gnuplot.y2_mapping = function(y) { return y; };");
+ 	    fprintf(gpoutfile, "  // replace returned value with %s\n",
+ 			axis_array[FIRST_Y_AXIS].link_udf->definition);

fix4bug1240330.patch

@@ -0,0 +1,34 @@
+commit af96c2c1b20383684b1ec2084dab7936f7053031
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Jan 14 20:56:37 2025 -0800
+
+    x11: protect against double fclose() if two errors in a row
+    
+    Bug 2753
+
+diff --git term/x11.trm term/x11.trm
+index 18ad4ad85..cbe01dd0e 100644
+--- term/x11.trm
++++ term/x11.trm
+@@ -854,8 +854,9 @@ X11_atexit()
+ 	/* dont wait(), since they might be -persist */
+ 	X11_ipc = NULL;
+ #ifdef PIPE_IPC
+-	close(ipc_back_fd);
+-	ipc_back_fd = -1;
++	if (ipc_back_fd >= 0)
++	    close(ipc_back_fd);
++	ipc_back_fd = IPC_BACK_CLOSED;
+ #endif
+     }
+ }
+@@ -1374,7 +1375,8 @@ X11_graphics()
+ #ifdef PIPE_IPC
+     /* if we know the outboard driver has stopped, restart it */
+     if (ipc_back_fd == IPC_BACK_CLOSED) {
+-	fclose(X11_ipc);
++	if (X11_ipc > 0)
++	    fclose(X11_ipc);
+ 	X11_ipc = NULL;
+ 	X11_init();
+     }

fix4bug1241684.patch

@@ -0,0 +1,57 @@
+commit a5897feadc4be73b0ffd8458556c47117bd24d03
+Author: Ethan A Merritt <merritt@u.washington.edu>
+Date:   Tue Mar 25 22:51:54 2025 -0700
+
+    hpgl: font name parsing overruns the string by one char
+    
+    if no comma is present in the font name.
+    E.g.
+       set term pcl
+       set title "Title" font "sans"    # no comma in font name
+       plot x
+    
+    Bug 2781
+
+diff --git term/hpgl.trm term/hpgl.trm
+index 8e763d174..d432f7e39 100644
+--- term/hpgl.trm
++++ term/hpgl.trm
+@@ -1653,28 +1653,22 @@ TERM_PUBLIC int
+ HPGL2_set_font(const char *font)
+ {
+     char name[MAX_ID_LEN + 1];
+-    int sep;
+-    int int_size;
+-    double size;
++    char *sep;
++    double size = HPGL2_point_size;
+ 
+     if (font == NULL)
+ 	font = "";
+ 
+-    sep = strcspn(font, ",");
+     strncpy(name, font, sizeof(name)-1);
+ 
+-    if (sep < sizeof(name))
+-	name[sep] = NUL;
+-
+-/* determine font size, use default from options if invalid */
+-    int_size = 0;
+-    /* FIXME: use strtod instead */
+-    sscanf(&(font[sep + 1]), "%d", &int_size);
+-    if (int_size > 0)
+-	size = int_size;
+-    else
+-	size = HPGL2_point_size;
+-
++    /* determine font size, use default from options if invalid */
++    sep = strchr(font, ',');
++    if (sep) {
++	double req_size = strtod(sep+1, NULL);
++	if (req_size > 0)
++	    size = req_size;
++	*sep = '\0';
++    }
+     return HPGL2_set_font_size(name, size);
+ }
+ 

gnuplot-4.6.0-demo.diff

@@ -115,7 +115,7 @@
      envptr = loadpath;
 --- src/show.c
 +++ src/show.c	2020-07-17 07:25:00.022670914 +0000
-@@ -1140,6 +1140,15 @@ show_version(FILE *fp)
+@@ -1139,6 +1139,15 @@ show_version(FILE *fp)
  	    p 			/* type "help seeking-assistance" */
  	    );
  

gnuplot-4.6.0-fonts.diff

@@ -48,7 +48,7 @@
  
  #define Nwidths 10
  static unsigned int widths[Nwidths] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
-@@ -2294,6 +2301,8 @@ exec_cmd(plot_struct *plot, char *comman
+@@ -2290,6 +2297,8 @@ exec_cmd(plot_struct *plot, char *comman
  		/* Save the request default font */
  		c = &(buffer[strlen(buffer)-1]);
  		while (*c <= ' ') *c-- = '\0';
@@ -57,7 +57,7 @@
  		strncpy(default_font, &buffer[2], sizeof(default_font)-1);
  		FPRINTF((stderr, "gnuplot_x11: exec_cmd() set default_font to \"%s\"\n", default_font));
  		break;
-@@ -5820,7 +5829,7 @@ XFontStruct *gpXLoadQueryFont (Display *
+@@ -5810,7 +5819,7 @@ XFontStruct *gpXLoadQueryFont (Display *
  	    }
  #else
  	    if (first_time) {
@@ -66,7 +66,7 @@
  		first_time = FALSE;
  	    }
  	    while (n_miss-- > 0)
-@@ -5972,6 +5981,18 @@ char *fontname;
+@@ -5962,6 +5971,18 @@ char *fontname;
      }
  
  #ifdef USE_X11_MULTIBYTE

gnuplot-4.6.0.dif

@@ -29,16 +29,16 @@
  gihdir = @GIHDIR@
  
  noinst_PROGRAMS = checkdoc doc2ipf doc2tex doc2gih doc2hlp \
-@@ -111,7 +111,7 @@ wxhelp_figures wxhelp/*.html wxhelp/wgnu
- wxhelp/wgnuplot.htc wxhelp/doc2html$(EXEEXT) windows/wgnuplot.htk	\
- svg_figures html/*.html html/*.svg html/*.hhc html/*.hhk                \
+@@ -113,7 +113,7 @@ svg_figures html/*.html html/*.svg html/
  webp_figures html/*.webp html/figure_mask.png                           \
+ psdoc/*.aux psdoc/*.dvi psdoc/*.log                                     \
+ psdoc/ps_fontfile_doc.pdf psdoc/ps_fontfile_doc.ps psdoc/ps_symbols.ps  \
 -windows/*.png gnuplot.htb gnuplot.texi gnuplot-eldoc.el $(ELCS)
 +windows/*.png gnuplot.htb gnuplot.texi gnuplot-eldoc.el $(ELCS) gnuplot-fr.gih
  
  DISTFILES = $(DIST_COMMON) $(SOURCES) $(DOCHEADERS) $(EXTRA_DIST)
  
-@@ -271,17 +271,21 @@ gnuplot.hlp: doc2hlp$(EXEEXT) $(srcdir)/
+@@ -273,17 +273,21 @@ gnuplot.hlp: doc2hlp$(EXEEXT) $(srcdir)/
  doc2hlp_SOURCES = doc2hlp.c termdoc.c
  
  ### gnuplot interactive help format
@@ -64,7 +64,7 @@
  alldoc2gih_CPPFLAGS = -DALL_TERM_DOC $(AM_CPPFLAGS)
 --- gnuplot-6.0.0/src/gadgets.h
 +++ gnuplot-6.0.0/src/gadgets.h	2024-01-08 09:16:58.124450437 +0000
-@@ -524,7 +524,7 @@ extern TBOOLEAN	clip_lines2;
+@@ -533,7 +533,7 @@ extern TBOOLEAN	clip_lines2;
  extern TBOOLEAN	clip_points;
  extern TBOOLEAN	clip_radial;
  
@@ -75,7 +75,7 @@
  
 --- gnuplot-6.0.0/src/gplt_x11.c
 +++ gnuplot-6.0.0/src/gplt_x11.c	2024-01-08 09:16:58.124450437 +0000
-@@ -2518,9 +2518,12 @@ exec_cmd(plot_struct *plot, char *comman
+@@ -2514,9 +2514,12 @@ exec_cmd(plot_struct *plot, char *comman
  	}
      }
      /*   X11_justify_text(mode) - set text justification mode  */
@@ -93,7 +93,7 @@
  
 --- gnuplot-6.0.0/src/plot.c
 +++ gnuplot-6.0.0/src/plot.c	2024-01-08 09:16:58.124450437 +0000
-@@ -296,6 +296,22 @@ main(int argc_orig, char **argv)
+@@ -298,6 +298,22 @@ main(int argc_orig, char **argv)
      rl_getc_function = getc_wrapper;
  #endif
  
@@ -113,7 +113,7 @@
 +    }
 +#endif
 +
- #if defined(HAVE_LIBREADLINE) || defined(HAVE_LIBEDITLINE)
+ #if defined(HAVE_LIBREADLINE)
      /* T.Walter 1999-06-24: 'rl_readline_name' must be this fix name.
       * It is used to parse a 'gnuplot' specific section in '~/.inputrc'
 --- gnuplot-6.0.0/src/term.h

gnuplot-6.0.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e85a660c1a2a1808ff24f7e69981ffcbac66a45c9dcf711b65610b26ea71379a
-size 7528936

gnuplot-doc.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Mon May 12 12:14:33 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Add patches
+  * fix4bug1240325.patch - boo#1240325: CVE-2025-31176: segmentation fault on plot3d_points
+  * fix4bug1240326.patch - boo#1240326: CVE-2025-31177: heap-buffer overflow on utf8_copy_one
+  * fix4bug1240327.patch - boo#1240327: CVE-2025-31178: segmentation fault on GetAnnotateString
+  * fix4bug1240328.patch - boo#1240328: CVE-2025-31179: segmentation fault on xstrftime
+  * fix4bug1240329.patch - boo#1240329: CVE-2025-31180: segmentation fault on CANVAS_text
+  * fix4bug1240330.patch - boo#1240330: CVE-2025-31181: segmentation fault on X11_graphics
+  * fix4bug1241684.patch - boo#1241684: CVE-2025-3359: segmentation fault via IO_str_init_static_internal function
+- Add a check section and we use a dump terminal
+
+-------------------------------------------------------------------
+Tue Feb 18 13:09:58 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Use openspecfun only for opensuse builds
+
+-------------------------------------------------------------------
+Tue Jan  7 09:57:13 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Update to gnuplot 6.0.2
+  * NEW backport plot style "with hsteps"
+  * NEW backport plot style "splot with filledcurves" (waterfall plots)
+  * NEW general binary keyword option "blank=NaN"
+        - faciliates binary input to plot styles sensitive to blank lines
+  * NEW polygons in splot can use pm3d coloring
+        - facilitates use of triangular tessellated 3D pm3d surfaces
+  * NEW - UTF-8 terminal input now works when linked against BSD editline
+          ./configure --with-readline=bsd
+  * CHANGE backport reimplementation of local variables
+        - faster function block evaluation, better-defined scope
+  * CHANGE apply jitter to the horizontal spread of boxplot outliers
+  * CHANGE dump $GPVAL_LAST_MULTIPLOT at the end of a "save" file
+  * FIX backport reworked generation of logscale axis tic marks        Bug 2372 2717
+  * FIX Do not save extraneous commands to $GPVAL_LAST_MULTIPLOT       Bug 2714
+  * FIX svg: modify gnuplot_svg.js to work in local standalone mode    Bug 2715
+  * FIX "set table": honor "nosurface" keyword in splot
+  * FIX "set table": honor "set format z" when z is printed from plot
+  * FIX better contouring near the edge of a z-clipped surface
+  * FIX x11: handle mousing of logscale axes in inactive plot window   Bug 2723
+  * FIX qt: handle mousing of logscale axes in inactive plot window    Bug 2723
+  * FIX wxt: handle mousing of logscale axes in inactive plot window   Bug 2723
+  * FIX wxt: release per-thread font data before entering "persist"    Bug 2693
+  * FIX "set tics scale" should not change other axis tick properties  Bug 2724
+  * FIX fill properties can be given as part of "splot with circles"
+  * FIX some properties of the key title not shown by "show" or "save" Bug 2729
+  * FIX points with variable color value NaN should not be drawn       Bug 2737
+  * FIX "set term tikz nostandalone" should suppress the latex wrapper Bug 2740
+  * FIX handle unusual case of intersecting pm3d surfaces              Bug 2744
+  * FIX prevent use-after-free if a function block has no "return"     Bug 2745
+- Port patches
+  * gnuplot-4.6.0-demo.diff
+  * gnuplot-4.6.0-fonts.diff
+  * gnuplot-4.6.0.dif
+
 -------------------------------------------------------------------
 Mon Jun  3 06:04:48 UTC 2024 - Dr. Werner Fink <werner@suse.de>
 

gnuplot.changes

@@ -1,3 +1,59 @@
+-------------------------------------------------------------------
+Mon May 12 12:14:33 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Add patches
+  * fix4bug1240325.patch - boo#1240325: CVE-2025-31176: segmentation fault on plot3d_points
+  * fix4bug1240326.patch - boo#1240326: CVE-2025-31177: heap-buffer overflow on utf8_copy_one
+  * fix4bug1240327.patch - boo#1240327: CVE-2025-31178: segmentation fault on GetAnnotateString
+  * fix4bug1240328.patch - boo#1240328: CVE-2025-31179: segmentation fault on xstrftime
+  * fix4bug1240329.patch - boo#1240329: CVE-2025-31180: segmentation fault on CANVAS_text
+  * fix4bug1240330.patch - boo#1240330: CVE-2025-31181: segmentation fault on X11_graphics
+  * fix4bug1241684.patch - boo#1241684: CVE-2025-3359: segmentation fault via IO_str_init_static_internal function
+- Add a check section and we use a dump terminal
+
+-------------------------------------------------------------------
+Tue Feb 18 13:09:58 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Use openspecfun only for opensuse builds
+
+-------------------------------------------------------------------
+Tue Jan  7 09:57:13 UTC 2025 - Dr. Werner Fink <werner@suse.de>
+
+- Update to gnuplot 6.0.2
+  * NEW backport plot style "with hsteps"
+  * NEW backport plot style "splot with filledcurves" (waterfall plots)
+  * NEW general binary keyword option "blank=NaN"
+        - faciliates binary input to plot styles sensitive to blank lines
+  * NEW polygons in splot can use pm3d coloring
+        - facilitates use of triangular tessellated 3D pm3d surfaces
+  * NEW - UTF-8 terminal input now works when linked against BSD editline
+          ./configure --with-readline=bsd
+  * CHANGE backport reimplementation of local variables
+        - faster function block evaluation, better-defined scope
+  * CHANGE apply jitter to the horizontal spread of boxplot outliers
+  * CHANGE dump $GPVAL_LAST_MULTIPLOT at the end of a "save" file
+  * FIX backport reworked generation of logscale axis tic marks        Bug 2372 2717
+  * FIX Do not save extraneous commands to $GPVAL_LAST_MULTIPLOT       Bug 2714
+  * FIX svg: modify gnuplot_svg.js to work in local standalone mode    Bug 2715
+  * FIX "set table": honor "nosurface" keyword in splot
+  * FIX "set table": honor "set format z" when z is printed from plot
+  * FIX better contouring near the edge of a z-clipped surface
+  * FIX x11: handle mousing of logscale axes in inactive plot window   Bug 2723
+  * FIX qt: handle mousing of logscale axes in inactive plot window    Bug 2723
+  * FIX wxt: handle mousing of logscale axes in inactive plot window   Bug 2723
+  * FIX wxt: release per-thread font data before entering "persist"    Bug 2693
+  * FIX "set tics scale" should not change other axis tick properties  Bug 2724
+  * FIX fill properties can be given as part of "splot with circles"
+  * FIX some properties of the key title not shown by "show" or "save" Bug 2729
+  * FIX points with variable color value NaN should not be drawn       Bug 2737
+  * FIX "set term tikz nostandalone" should suppress the latex wrapper Bug 2740
+  * FIX handle unusual case of intersecting pm3d surfaces              Bug 2744
+  * FIX prevent use-after-free if a function block has no "return"     Bug 2745
+- Port patches
+  * gnuplot-4.6.0-demo.diff
+  * gnuplot-4.6.0-fonts.diff
+  * gnuplot-4.6.0.dif
+
 -------------------------------------------------------------------
 Mon Jun  3 06:04:48 UTC 2024 - Dr. Werner Fink <werner@suse.de>
 

gnuplot.spec

@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package gnuplot
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -38,7 +38,9 @@ BuildRequires:  glib2-devel
 BuildRequires:  libqt5-linguist-devel
 BuildRequires:  lua-devel
 BuildRequires:  netpbm
+%if 0%{?is_opensuse}
 BuildRequires:  openspecfun-devel
+%endif
 BuildRequires:  pango-devel
 BuildRequires:  plotutils-devel
 BuildRequires:  readline-devel
@@ -83,7 +85,7 @@ BuildRequires:  tex(textgreek.sty)
 BuildRequires:  tex(upquote.sty)
 %endif
 URL:            https://www.gnuplot.info/
-Version:        6.0.1
+Version:        6.0.2
 Release:        0
 %global         underscore 6
 %if "%{flavor}" == ""
@@ -113,6 +115,13 @@ Patch4:         gnuplot-4.6.0-demo.diff
 Patch5:         gnuplot-wx3.diff
 Patch6:         gnuplot-QtCore-PIC.dif
 Patch7:         gnuplot-PIE.patch
+Patch25:        fix4bug1240325.patch
+Patch26:        fix4bug1240326.patch
+Patch27:        fix4bug1240327.patch
+Patch28:        fix4bug1240328.patch
+Patch29:        fix4bug1240329.patch
+Patch30:        fix4bug1240330.patch
+Patch84:        fix4bug1241684.patch
 %define _x11lib     %{_libdir}
 %define _x11data    %{_datadir}/X11
 %define _x11inc     %{_includedir}/X11
@@ -121,7 +130,7 @@ Patch7:         gnuplot-PIE.patch
 %if "%{flavor}" == "doc"
 Requires:       %{sname}
 Requires(post): %install_info_prereq
-Requires(preun):%install_info_prereq
+Requires(preun): %install_info_prereq
 BuildArch:      noarch
 %endif
 
@@ -148,6 +157,13 @@ cp %{_sourcedir}/picins.sty docs
 %patch -P5 -p1 -b .w3x
 %patch -P6 -p0 -b .pic
 %patch -P7 -p1 -b .pie
+%patch -P25 -p0 -b .p25
+%patch -P26 -p0 -b .p26
+%patch -P27 -p0 -b .p27
+%patch -P28 -p0 -b .p28
+%patch -P29 -p0 -b .p29
+%patch -P30 -p0 -b .p30
+%patch -P84 -p0 -b .p84
 
 %build
 autoreconf -fi
@@ -273,6 +289,11 @@ autoreconf -fi
     %fdupes %{buildroot}/%{_docdir}
 %endif
 
+%if "%{flavor}" == ""
+%check
+GNUTERM=dumb make check
+%endif
+
 %if "%{flavor}" == "doc"
 %post
 %install_info --info-dir=.%{_infodir} .%{_infodir}/%{sname}.info.gz