Merge pull request #329007 from risicle/ris-maxima-5.47.0

maxima: 5.46.0 -> 5.47.0, add patch for CVE-2024-34490
This commit is contained in:
Doron Behar 2024-07-23 10:47:55 +03:00 committed by GitHub
commit 2376e9a12b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 90 additions and 2 deletions

View File

@ -0,0 +1,86 @@
Based on upstream https://sourceforge.net/p/maxima/code/ci/51704ccb090f6f971b641e4e0b7c1c22c4828bf7/
adjusted to apply to 5.47.0
diff --git a/src/gnuplot_def.lisp b/src/gnuplot_def.lisp
index 80c174bd5..6fdc8da6d 100644
--- a/src/gnuplot_def.lisp
+++ b/src/gnuplot_def.lisp
@@ -286,7 +286,7 @@
(format nil "set term postscript eps color solid lw 2 size 16.4 cm, 12.3 cm font \",24\" ~a" gstrings)))
(if (getf plot-options :gnuplot_out_file)
(setq out-file (getf plot-options :gnuplot_out_file))
- (setq out-file "maxplot.ps")))
+ (setq out-file (format nil "~a.ps" (random-name 16)))))
((eq (getf plot-options :gnuplot_term) '$dumb)
(if (getf plot-options :gnuplot_dumb_term_command)
(setq terminal-command
@@ -294,7 +294,7 @@
(setq terminal-command "set term dumb 79 22"))
(if (getf plot-options :gnuplot_out_file)
(setq out-file (getf plot-options :gnuplot_out_file))
- (setq out-file "maxplot.txt")))
+ (setq out-file (format nil "~a.txt" (random-name 16)))))
((eq (getf plot-options :gnuplot_term) '$default)
(if (getf plot-options :gnuplot_default_term_command)
(setq terminal-command
diff --git a/src/plot.lisp b/src/plot.lisp
index fb2b3136b..8877f7025 100644
--- a/src/plot.lisp
+++ b/src/plot.lisp
@@ -1755,16 +1755,24 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(10.0+6*cos(x)),-6*sin(x)],
(defvar $xmaxima_plot_command "xmaxima")
+;; random-file-name
+;; Creates a random word of 'count' alphanumeric characters
+(defun random-name (count)
+ (let ((chars "0123456789abcdefghijklmnopqrstuvwxyz") (name ""))
+ (setf *random-state* (make-random-state t))
+ (dotimes (i count)
+ (setq name (format nil "~a~a" name (aref chars (random 36)))))
+ name))
+
(defun plot-set-gnuplot-script-file-name (options)
(let ((gnuplot-term (getf options :gnuplot_term))
(gnuplot-out-file (getf options :gnuplot_out_file)))
(if (and (find (getf options :plot_format) '($gnuplot_pipes $gnuplot))
(eq gnuplot-term '$default) gnuplot-out-file)
(plot-file-path gnuplot-out-file t options)
- (plot-file-path
- (format nil "maxout~d.~(~a~)"
- (getpid)
- (ensure-string (getf options :plot_format))) nil options))))
+ (plot-file-path (format nil "~a.~a" (random-name 16)
+ (ensure-string (getf options :plot_format)))
+ nil options))))
(defun plot-temp-file0 (file &optional (preserve-file nil))
(let ((filename
@@ -2577,9 +2585,13 @@ plot2d ( x^2+y^2 = 1, [x, -2, 2], [y, -2 ,2]);
(format dest "}~%"))
(format dest "}~%"))
+; TODO: Check whether this function is still being used (villate 20240325)
(defun show-open-plot (ans file)
(cond ($show_openplot
- (with-open-file (st1 (plot-temp-file (format nil "maxout~d.xmaxima" (getpid))) :direction :output :if-exists :supersede)
+ (with-open-file
+ (st1 (plot-temp-file
+ (format nil "~a.xmaxima" (random-name 16)))
+ :direction :output :if-exists :supersede)
(princ ans st1))
($system (concatenate 'string *maxima-prefix*
(if (string= *autoconf-windows* "true") "\\bin\\" "/bin/")
diff --git a/src/xmaxima_def.lisp b/src/xmaxima_def.lisp
index b6513b564..5a13b6141 100644
--- a/src/xmaxima_def.lisp
+++ b/src/xmaxima_def.lisp
@@ -431,7 +431,7 @@
(format $pstream "}~%"))))))
(defmethod plot-shipout ((plot xmaxima-plot) options &optional output-file)
- (let ((file (plot-file-path (format nil "maxout~d.xmaxima" (getpid)))))
+ (let ((file (plot-file-path (format nil "~a.xmaxima" (random-name 16)))))
(cond ($show_openplot
(with-open-file (fl
#+sbcl (sb-ext:native-namestring file)

View File

@ -20,11 +20,11 @@ let
in
stdenv.mkDerivation (finalAttrs: {
pname = "maxima";
version = "5.46.0";
version = "5.47.0";
src = fetchurl {
url = "mirror://sourceforge/maxima/maxima-${finalAttrs.version}.tar.gz";
sha256 = "sha256-c5Dwa0jaZckDPosvYpuXi5AFZFSlQCLbfecOIiWqiwc=";
sha256 = "sha256-kQQCGyT9U+jAOpg1CctC6TepJejAyFwzXXcJoU/UD3o=";
};
nativeBuildInputs = [
@ -79,6 +79,8 @@ stdenv.mkDerivation (finalAttrs: {
url = "https://raw.githubusercontent.com/sagemath/sage/07d6c37d18811e2b377a9689790a7c5e24da16ba/build/pkgs/maxima/patches/undoing_true_false_printing_patch.patch";
sha256 = "0fvi3rcjv6743sqsbgdzazy9jb6r1p1yq63zyj9fx42wd1hgf7yx";
})
./5.47.0-CVE-2024-34490.patch
];
# The test suite is disabled since 5.42.2 because of the following issues: