forked from NixOS/nixpkgs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request NixOS#329517 from risicle/ris-maxima-CVE-2024-34490-…
…r24.05 [24.05] maxima: add patch for CVE-2024-34490
- Loading branch information
Showing
2 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
86 changes: 86 additions & 0 deletions
86
pkgs/applications/science/math/maxima/5.47.0-CVE-2024-34490.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,86 @@ | ||
| Based on upstream https://sourceforge.net/p/maxima/code/ci/51704ccb090f6f971b641e4e0b7c1c22c4828bf7/ | ||
| adjusted to apply to 5.47.0 | ||
|
|
||
| diff --git a/src/gnuplot_def.lisp b/src/gnuplot_def.lisp | ||
| index 80c174bd5..6fdc8da6d 100644 | ||
| --- a/src/gnuplot_def.lisp | ||
| +++ b/src/gnuplot_def.lisp | ||
| @@ -286,7 +286,7 @@ | ||
| (format nil "set term postscript eps color solid lw 2 size 16.4 cm, 12.3 cm font \",24\" ~a" gstrings))) | ||
| (if (getf plot-options :gnuplot_out_file) | ||
| (setq out-file (getf plot-options :gnuplot_out_file)) | ||
| - (setq out-file "maxplot.ps"))) | ||
| + (setq out-file (format nil "~a.ps" (random-name 16))))) | ||
| ((eq (getf plot-options :gnuplot_term) '$dumb) | ||
| (if (getf plot-options :gnuplot_dumb_term_command) | ||
| (setq terminal-command | ||
| @@ -294,7 +294,7 @@ | ||
| (setq terminal-command "set term dumb 79 22")) | ||
| (if (getf plot-options :gnuplot_out_file) | ||
| (setq out-file (getf plot-options :gnuplot_out_file)) | ||
| - (setq out-file "maxplot.txt"))) | ||
| + (setq out-file (format nil "~a.txt" (random-name 16))))) | ||
| ((eq (getf plot-options :gnuplot_term) '$default) | ||
| (if (getf plot-options :gnuplot_default_term_command) | ||
| (setq terminal-command | ||
| diff --git a/src/plot.lisp b/src/plot.lisp | ||
| index fb2b3136b..8877f7025 100644 | ||
| --- a/src/plot.lisp | ||
| +++ b/src/plot.lisp | ||
| @@ -1755,16 +1755,24 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(10.0+6*cos(x)),-6*sin(x)], | ||
|
|
||
| (defvar $xmaxima_plot_command "xmaxima") | ||
|
|
||
| +;; random-file-name | ||
| +;; Creates a random word of 'count' alphanumeric characters | ||
| +(defun random-name (count) | ||
| + (let ((chars "0123456789abcdefghijklmnopqrstuvwxyz") (name "")) | ||
| + (setf *random-state* (make-random-state t)) | ||
| + (dotimes (i count) | ||
| + (setq name (format nil "~a~a" name (aref chars (random 36))))) | ||
| + name)) | ||
| + | ||
| (defun plot-set-gnuplot-script-file-name (options) | ||
| (let ((gnuplot-term (getf options :gnuplot_term)) | ||
| (gnuplot-out-file (getf options :gnuplot_out_file))) | ||
| (if (and (find (getf options :plot_format) '($gnuplot_pipes $gnuplot)) | ||
| (eq gnuplot-term '$default) gnuplot-out-file) | ||
| (plot-file-path gnuplot-out-file t options) | ||
| - (plot-file-path | ||
| - (format nil "maxout~d.~(~a~)" | ||
| - (getpid) | ||
| - (ensure-string (getf options :plot_format))) nil options)))) | ||
| + (plot-file-path (format nil "~a.~a" (random-name 16) | ||
| + (ensure-string (getf options :plot_format))) | ||
| + nil options)))) | ||
|
|
||
| (defun plot-temp-file0 (file &optional (preserve-file nil)) | ||
| (let ((filename | ||
| @@ -2577,9 +2585,13 @@ plot2d ( x^2+y^2 = 1, [x, -2, 2], [y, -2 ,2]); | ||
| (format dest "}~%")) | ||
| (format dest "}~%")) | ||
|
|
||
| +; TODO: Check whether this function is still being used (villate 20240325) | ||
| (defun show-open-plot (ans file) | ||
| (cond ($show_openplot | ||
| - (with-open-file (st1 (plot-temp-file (format nil "maxout~d.xmaxima" (getpid))) :direction :output :if-exists :supersede) | ||
| + (with-open-file | ||
| + (st1 (plot-temp-file | ||
| + (format nil "~a.xmaxima" (random-name 16))) | ||
| + :direction :output :if-exists :supersede) | ||
| (princ ans st1)) | ||
| ($system (concatenate 'string *maxima-prefix* | ||
| (if (string= *autoconf-windows* "true") "\\bin\\" "/bin/") | ||
| diff --git a/src/xmaxima_def.lisp b/src/xmaxima_def.lisp | ||
| index b6513b564..5a13b6141 100644 | ||
| --- a/src/xmaxima_def.lisp | ||
| +++ b/src/xmaxima_def.lisp | ||
| @@ -431,7 +431,7 @@ | ||
| (format $pstream "}~%")))))) | ||
|
|
||
| (defmethod plot-shipout ((plot xmaxima-plot) options &optional output-file) | ||
| - (let ((file (plot-file-path (format nil "maxout~d.xmaxima" (getpid))))) | ||
| + (let ((file (plot-file-path (format nil "~a.xmaxima" (random-name 16))))) | ||
| (cond ($show_openplot | ||
| (with-open-file (fl | ||
| #+sbcl (sb-ext:native-namestring file) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters