commit 08215d1b8886fb14a5092d8a572a9128b4e7e2db · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

maxima: add patch for CVE-2024-34490

Robert Scott 2 years ago 08215d1b f6c03847

+88

2 changed files

expand all

unified split

pkgs

applications

science

math

maxima

5.47.0-CVE-2024-34490.patch

default.nix

+86

pkgs/applications/science/math/maxima/5.47.0-CVE-2024-34490.patch

···

··· 1 + Based on upstream https://sourceforge.net/p/maxima/code/ci/51704ccb090f6f971b641e4e0b7c1c22c4828bf7/ 2 + adjusted to apply to 5.47.0 3 + 4 + diff --git a/src/gnuplot_def.lisp b/src/gnuplot_def.lisp 5 + index 80c174bd5..6fdc8da6d 100644 6 + --- a/src/gnuplot_def.lisp 7 + +++ b/src/gnuplot_def.lisp 8 + @@ -286,7 +286,7 @@ 9 + (format nil "set term postscript eps color solid lw 2 size 16.4 cm, 12.3 cm font \",24\" ~a" gstrings))) 10 + (if (getf plot-options :gnuplot_out_file) 11 + (setq out-file (getf plot-options :gnuplot_out_file)) 12 + - (setq out-file "maxplot.ps"))) 13 + + (setq out-file (format nil "~a.ps" (random-name 16))))) 14 + ((eq (getf plot-options :gnuplot_term) '$dumb) 15 + (if (getf plot-options :gnuplot_dumb_term_command) 16 + (setq terminal-command 17 + @@ -294,7 +294,7 @@ 18 + (setq terminal-command "set term dumb 79 22")) 19 + (if (getf plot-options :gnuplot_out_file) 20 + (setq out-file (getf plot-options :gnuplot_out_file)) 21 + - (setq out-file "maxplot.txt"))) 22 + + (setq out-file (format nil "~a.txt" (random-name 16))))) 23 + ((eq (getf plot-options :gnuplot_term) '$default) 24 + (if (getf plot-options :gnuplot_default_term_command) 25 + (setq terminal-command 26 + diff --git a/src/plot.lisp b/src/plot.lisp 27 + index fb2b3136b..8877f7025 100644 28 + --- a/src/plot.lisp 29 + +++ b/src/plot.lisp 30 + @@ -1755,16 +1755,24 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(10.0+6*cos(x)),-6*sin(x)], 31 + 32 + (defvar $xmaxima_plot_command "xmaxima") 33 + 34 + +;; random-file-name 35 + +;; Creates a random word of 'count' alphanumeric characters 36 + +(defun random-name (count) 37 + + (let ((chars "0123456789abcdefghijklmnopqrstuvwxyz") (name "")) 38 + + (setf *random-state* (make-random-state t)) 39 + + (dotimes (i count) 40 + + (setq name (format nil "~a~a" name (aref chars (random 36))))) 41 + + name)) 42 + + 43 + (defun plot-set-gnuplot-script-file-name (options) 44 + (let ((gnuplot-term (getf options :gnuplot_term)) 45 + (gnuplot-out-file (getf options :gnuplot_out_file))) 46 + (if (and (find (getf options :plot_format) '($gnuplot_pipes $gnuplot)) 47 + (eq gnuplot-term '$default) gnuplot-out-file) 48 + (plot-file-path gnuplot-out-file t options) 49 + - (plot-file-path 50 + - (format nil "maxout~d.~(~a~)" 51 + - (getpid) 52 + - (ensure-string (getf options :plot_format))) nil options)))) 53 + + (plot-file-path (format nil "~a.~a" (random-name 16) 54 + + (ensure-string (getf options :plot_format))) 55 + + nil options)))) 56 + 57 + (defun plot-temp-file0 (file &optional (preserve-file nil)) 58 + (let ((filename 59 + @@ -2577,9 +2585,13 @@ plot2d ( x^2+y^2 = 1, [x, -2, 2], [y, -2 ,2]); 60 + (format dest "}~%")) 61 + (format dest "}~%")) 62 + 63 + +; TODO: Check whether this function is still being used (villate 20240325) 64 + (defun show-open-plot (ans file) 65 + (cond ($show_openplot 66 + - (with-open-file (st1 (plot-temp-file (format nil "maxout~d.xmaxima" (getpid))) :direction :output :if-exists :supersede) 67 + + (with-open-file 68 + + (st1 (plot-temp-file 69 + + (format nil "~a.xmaxima" (random-name 16))) 70 + + :direction :output :if-exists :supersede) 71 + (princ ans st1)) 72 + ($system (concatenate 'string *maxima-prefix* 73 + (if (string= *autoconf-windows* "true") "\\bin\\" "/bin/") 74 + diff --git a/src/xmaxima_def.lisp b/src/xmaxima_def.lisp 75 + index b6513b564..5a13b6141 100644 76 + --- a/src/xmaxima_def.lisp 77 + +++ b/src/xmaxima_def.lisp 78 + @@ -431,7 +431,7 @@ 79 + (format $pstream "}~%")))))) 80 + 81 + (defmethod plot-shipout ((plot xmaxima-plot) options &optional output-file) 82 + - (let ((file (plot-file-path (format nil "maxout~d.xmaxima" (getpid))))) 83 + + (let ((file (plot-file-path (format nil "~a.xmaxima" (random-name 16))))) 84 + (cond ($show_openplot 85 + (with-open-file (fl 86 + #+sbcl (sb-ext:native-namestring file)

pkgs/applications/science/math/maxima/default.nix

··· 79 url = "https://raw.githubusercontent.com/sagemath/sage/07d6c37d18811e2b377a9689790a7c5e24da16ba/build/pkgs/maxima/patches/undoing_true_false_printing_patch.patch"; 80 sha256 = "0fvi3rcjv6743sqsbgdzazy9jb6r1p1yq63zyj9fx42wd1hgf7yx"; 81 }) 82 ]; 83 84 # The test suite is disabled since 5.42.2 because of the following issues:

··· 79 url = "https://raw.githubusercontent.com/sagemath/sage/07d6c37d18811e2b377a9689790a7c5e24da16ba/build/pkgs/maxima/patches/undoing_true_false_printing_patch.patch"; 80 sha256 = "0fvi3rcjv6743sqsbgdzazy9jb6r1p1yq63zyj9fx42wd1hgf7yx"; 81 }) 82 + 83 + ./5.47.0-CVE-2024-34490.patch 84 ]; 85 86 # The test suite is disabled since 5.42.2 because of the following issues: