depot/third_party/nixpkgs/pkgs/applications/science/math/maxima/5.47.0-CVE-2024-34490.patch

86 lines
3.8 KiB
Diff

Based on upstream https://sourceforge.net/p/maxima/code/ci/51704ccb090f6f971b641e4e0b7c1c22c4828bf7/
adjusted to apply to 5.47.0
diff --git a/src/gnuplot_def.lisp b/src/gnuplot_def.lisp
index 80c174bd5..6fdc8da6d 100644
--- a/src/gnuplot_def.lisp
+++ b/src/gnuplot_def.lisp
@@ -286,7 +286,7 @@
(format nil "set term postscript eps color solid lw 2 size 16.4 cm, 12.3 cm font \",24\" ~a" gstrings)))
(if (getf plot-options :gnuplot_out_file)
(setq out-file (getf plot-options :gnuplot_out_file))
- (setq out-file "maxplot.ps")))
+ (setq out-file (format nil "~a.ps" (random-name 16)))))
((eq (getf plot-options :gnuplot_term) '$dumb)
(if (getf plot-options :gnuplot_dumb_term_command)
(setq terminal-command
@@ -294,7 +294,7 @@
(setq terminal-command "set term dumb 79 22"))
(if (getf plot-options :gnuplot_out_file)
(setq out-file (getf plot-options :gnuplot_out_file))
- (setq out-file "maxplot.txt")))
+ (setq out-file (format nil "~a.txt" (random-name 16)))))
((eq (getf plot-options :gnuplot_term) '$default)
(if (getf plot-options :gnuplot_default_term_command)
(setq terminal-command
diff --git a/src/plot.lisp b/src/plot.lisp
index fb2b3136b..8877f7025 100644
--- a/src/plot.lisp
+++ b/src/plot.lisp
@@ -1755,16 +1755,24 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(10.0+6*cos(x)),-6*sin(x)],
(defvar $xmaxima_plot_command "xmaxima")
+;; random-file-name
+;; Creates a random word of 'count' alphanumeric characters
+(defun random-name (count)
+ (let ((chars "0123456789abcdefghijklmnopqrstuvwxyz") (name ""))
+ (setf *random-state* (make-random-state t))
+ (dotimes (i count)
+ (setq name (format nil "~a~a" name (aref chars (random 36)))))
+ name))
+
(defun plot-set-gnuplot-script-file-name (options)
(let ((gnuplot-term (getf options :gnuplot_term))
(gnuplot-out-file (getf options :gnuplot_out_file)))
(if (and (find (getf options :plot_format) '($gnuplot_pipes $gnuplot))
(eq gnuplot-term '$default) gnuplot-out-file)
(plot-file-path gnuplot-out-file t options)
- (plot-file-path
- (format nil "maxout~d.~(~a~)"
- (getpid)
- (ensure-string (getf options :plot_format))) nil options))))
+ (plot-file-path (format nil "~a.~a" (random-name 16)
+ (ensure-string (getf options :plot_format)))
+ nil options))))
(defun plot-temp-file0 (file &optional (preserve-file nil))
(let ((filename
@@ -2577,9 +2585,13 @@ plot2d ( x^2+y^2 = 1, [x, -2, 2], [y, -2 ,2]);
(format dest "}~%"))
(format dest "}~%"))
+; TODO: Check whether this function is still being used (villate 20240325)
(defun show-open-plot (ans file)
(cond ($show_openplot
- (with-open-file (st1 (plot-temp-file (format nil "maxout~d.xmaxima" (getpid))) :direction :output :if-exists :supersede)
+ (with-open-file
+ (st1 (plot-temp-file
+ (format nil "~a.xmaxima" (random-name 16)))
+ :direction :output :if-exists :supersede)
(princ ans st1))
($system (concatenate 'string *maxima-prefix*
(if (string= *autoconf-windows* "true") "\\bin\\" "/bin/")
diff --git a/src/xmaxima_def.lisp b/src/xmaxima_def.lisp
index b6513b564..5a13b6141 100644
--- a/src/xmaxima_def.lisp
+++ b/src/xmaxima_def.lisp
@@ -431,7 +431,7 @@
(format $pstream "}~%"))))))
(defmethod plot-shipout ((plot xmaxima-plot) options &optional output-file)
- (let ((file (plot-file-path (format nil "maxout~d.xmaxima" (getpid)))))
+ (let ((file (plot-file-path (format nil "~a.xmaxima" (random-name 16)))))
(cond ($show_openplot
(with-open-file (fl
#+sbcl (sb-ext:native-namestring file)