diff options
| author |   Ulrich Müller <ulm@gentoo.org> | 2020-12-16 09:41:13 +0100 |
|---|---|---|
| committer | Ulrich Müller <ulm@gentoo.org> | 2020-12-16 09:47:10 +0100 |
| commit | c7fe851fe3634cd5485acf66107f8646bcaf0dcd (patch) | |
| tree | 7da7f57715978d6d48a2012a3416017b2407d783 /sci-visualization | |
| parent | sci-visualization/gnuplot: Version bump to 5.4.1. (diff) | |
| download | gentoo-c7fe851fe3634cd5485acf66107f8646bcaf0dcd.tar.gz gentoo-c7fe851fe3634cd5485acf66107f8646bcaf0dcd.tar.bz2 gentoo-c7fe851fe3634cd5485acf66107f8646bcaf0dcd.zip | |
sci-visualization/gnuplot: Backport security fixes to version 5.2.8.
Bug: https://bugs.gentoo.org/746419
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
Diffstat (limited to 'sci-visualization')
3 files changed, 274 insertions, 0 deletions
diff --git a/sci-visualization/gnuplot/files/gnuplot-5.2.8-double-free.patch b/sci-visualization/gnuplot/files/gnuplot-5.2.8-double-free.patch new file mode 100644 index 000000000000..e3da8fc40577 --- /dev/null +++ b/sci-visualization/gnuplot/files/gnuplot-5.2.8-double-free.patch @@ -0,0 +1,21 @@ +https://bugs.gentoo.org/746419 + +This backports the following commit from upstream git: + +commit 591c0f804b5a78421d28edf2adcd429c914bbca1 +Author: Ethan A Merritt <merritt@u.washington.edu> +Date: Wed Sep 9 11:00:59 2020 -0700 + + successive failures of "set print <foo>" could cause double-free + Bug #2312 + +--- gnuplot-5.2.8-orig/src/command.c ++++ gnuplot-5.2.8/src/command.c +@@ -1867,6 +1867,7 @@ + #endif + if (0 > fclose(print_out)) + perror(print_out_name); ++ print_out = stderr; + } + + free(print_out_name); diff --git a/sci-visualization/gnuplot/files/gnuplot-5.2.8-font-syntax.patch b/sci-visualization/gnuplot/files/gnuplot-5.2.8-font-syntax.patch new file mode 100644 index 000000000000..a1df2ae49952 --- /dev/null +++ b/sci-visualization/gnuplot/files/gnuplot-5.2.8-font-syntax.patch @@ -0,0 +1,36 @@ +https://bugs.gentoo.org/746419 + +This backports and consolidates the following commits from upstream git: + +commit a7205eda482948a0408b0ed29cdde89593feedc7 +Author: Ethan A Merritt <merritt@u.washington.edu> +Date: Sat Sep 12 10:18:10 2020 -0700 + + Better error handling for faulty font syntax + + Commit 660e2fbd failed to deal with an error detected at the final character + of a text string. + + Bugs #2303 #2308 + +commit 660e2fbd681cb47acd42595f050fb2f938194b0e +Author: Ethan A Merritt <merritt@u.washington.edu> +Date: Tue Sep 1 17:57:37 2020 -0700 + + Better error handling for faulty font syntax + + A missing close-quote in an enhanced text font specification could + cause a segfault. + Bug #2303 + +--- gnuplot-5.2.8-orig/src/term.c ++++ gnuplot-5.2.8/src/term.c +@@ -2361,7 +2361,7 @@ + ++p; + if (*p != *start_of_fontname) { + int_warn(NO_CARET, "cannot interpret font name %s", start_of_fontname); +- p = start_of_fontname; ++ break; + } + start_of_fontname++; + end_of_fontname = p++; diff --git a/sci-visualization/gnuplot/gnuplot-5.2.8-r1.ebuild b/sci-visualization/gnuplot/gnuplot-5.2.8-r1.ebuild new file mode 100644 index 000000000000..4b0aee82945b --- /dev/null +++ b/sci-visualization/gnuplot/gnuplot-5.2.8-r1.ebuild @@ -0,0 +1,217 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic readme.gentoo-r1 toolchain-funcs wxwidgets + +DESCRIPTION="Command-line driven interactive plotting program" +HOMEPAGE="http://www.gnuplot.info/" + +if [[ -z ${PV%%*9999} ]]; then + inherit git-r3 + EGIT_REPO_URI="https://git.code.sf.net/p/gnuplot/gnuplot-main" + EGIT_BRANCH="branch-5-2-stable" + MY_P="${PN}" + EGIT_CHECKOUT_DIR="${WORKDIR}/${MY_P}" +else + MY_P="${P/_/.}" + SRC_URI="mirror://sourceforge/gnuplot/${MY_P}.tar.gz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~s390 ~sparc ~x86 ~ppc-aix ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +fi + +LICENSE="gnuplot" +SLOT="0" +IUSE="aqua bitmap cairo compat doc examples +gd ggi latex libcaca libcerf lua qt5 readline regis svga wxwidgets X" + +RDEPEND=" + cairo? ( + x11-libs/cairo + x11-libs/pango ) + gd? ( >=media-libs/gd-2.0.35-r3:2=[png] ) + ggi? ( media-libs/libggi ) + latex? ( + virtual/latex-base + lua? ( + dev-tex/pgf + >=dev-texlive/texlive-latexrecommended-2008-r2 ) ) + libcaca? ( media-libs/libcaca ) + lua? ( dev-lang/lua:0 ) + qt5? ( + dev-qt/qtcore:5= + dev-qt/qtgui:5= + dev-qt/qtnetwork:5= + dev-qt/qtprintsupport:5= + dev-qt/qtsvg:5= + dev-qt/qtwidgets:5= ) + readline? ( sys-libs/readline:0= ) + libcerf? ( sci-libs/libcerf ) + svga? ( media-libs/svgalib ) + wxwidgets? ( + x11-libs/wxGTK:3.0[X] + x11-libs/cairo + x11-libs/pango + x11-libs/gtk+:2 ) + X? ( x11-libs/libXaw )" + +DEPEND="${RDEPEND}" + +BDEPEND=" + virtual/pkgconfig + doc? ( + virtual/latex-base + dev-texlive/texlive-latexextra + app-text/ghostscript-gpl ) + qt5? ( dev-qt/linguist-tools:5 )" + +S="${WORKDIR}/${MY_P}" + +GP_VERSION="${PV%.*}" +E_SITEFILE="lisp/50${PN}-gentoo.el" +TEXMF="${EPREFIX}/usr/share/texmf-site" + +src_prepare() { + eapply "${FILESDIR}"/${PN}-5.0.1-fix-underlinking.patch + eapply "${FILESDIR}"/${PN}-5.0.6-no-picins.patch + eapply "${FILESDIR}"/${PN}-5.2.2-regis.patch + eapply "${FILESDIR}"/${PN}-5.2.8-caca.patch + eapply "${FILESDIR}"/${PN}-5.2.8-double-free.patch + eapply "${FILESDIR}"/${PN}-5.2.8-font-syntax.patch + eapply_user + + if [[ -z ${PV%%*9999} ]]; then + local dir + for dir in config demo m4 term tutorial; do + emake -C "$dir" -f Makefile.am.in Makefile.am + done + fi + + # Add special version identification as required by provision 2 + # of the gnuplot license + sed -i -e "1s/.*/& (Gentoo revision ${PR})/" PATCHLEVEL || die + + DOC_CONTENTS='Gnuplot no longer links against pdflib, see the ChangeLog + for details. You can use the "pdfcairo" terminal for PDF output.' + use cairo || DOC_CONTENTS+=' It is available with USE="cairo".' + use svga && DOC_CONTENTS+='\n\nIn order to enable ordinary users to use + SVGA console graphics, gnuplot needs to be set up as setuid root. + Please note that this is usually considered to be a security hazard. + As root, manually "chmod u+s /usr/bin/gnuplot".' + use gd && DOC_CONTENTS+="\n\nFor font support in png/jpeg/gif output, + you may have to set the GDFONTPATH and GNUPLOT_DEFAULT_GDFONT + environment variables. See the FAQ file in /usr/share/doc/${PF}/ + for more information." + + eautoreconf + + # Make sure we don't mix build & host flags. + sed -i \ + -e 's:@CPPFLAGS@:$(BUILD_CPPFLAGS):' \ + -e 's:@CFLAGS@:$(BUILD_CFLAGS):' \ + -e 's:@LDFLAGS@:$(BUILD_LDFLAGS):' \ + -e 's:@CC@:$(CC_FOR_BUILD):' \ + docs/Makefile.in || die +} + +src_configure() { + if ! use latex; then + sed -i -e '/SUBDIRS/s/LaTeX//' share/Makefile.in || die + fi + + if use wxwidgets; then + WX_GTK_VER="3.0" + setup-wxwidgets + fi + + tc-export CC CXX #453174 + tc-export_build_env BUILD_CC + export CC_FOR_BUILD=${BUILD_CC} + + use qt5 && append-cxxflags -std=c++11 + + econf \ + --with-texdir="${TEXMF}/tex/latex/${PN}" \ + --with-readline=$(usex readline gnu builtin) \ + $(use_with bitmap bitmap-terminals) \ + $(use_with cairo) \ + $(use_enable compat backwards-compatibility) \ + $(use_with doc tutorial) \ + $(use_with gd) \ + "$(use_with ggi ggi "${EPREFIX}/usr/$(get_libdir)")" \ + "$(use_with ggi xmi "${EPREFIX}/usr/$(get_libdir)")" \ + "$(use_with libcaca caca "${EPREFIX}/usr/$(get_libdir)")" \ + $(use_with libcerf) \ + $(use_with lua) \ + $(use_with regis) \ + $(use_with svga linux-vga) \ + $(use_with X x) \ + --enable-stats \ + $(use_with qt5 qt qt5) \ + $(use_enable wxwidgets) \ + DIST_CONTACT="https://bugs.gentoo.org/" \ + EMACS=no +} + +src_compile() { + # Prevent access violations, see bug 201871 + export VARTEXFONTS="${T}/fonts" + + # We believe that the following line is no longer needed. + # In case of problems file a bug report at bugs.gentoo.org. + #addwrite /dev/svga:/dev/mouse:/dev/tts/0 + + emake all + + if use doc; then + # Avoid sandbox violation in epstopdf/ghostscript + addpredict /var/cache/fontconfig + if use cairo && use gd; then + emake -C docs pdf + else + ewarn "Cannot build figures unless cairo and gd are enabled." + ewarn "Building documentation without figures." + emake -C docs pdf_nofig + mv docs/nofigures.pdf docs/gnuplot.pdf || die + fi + emake -C tutorial pdf + fi +} + +src_install() { + emake DESTDIR="${D}" install + + dodoc BUGS ChangeLog NEWS PGPKEYS README* RELEASE_NOTES TODO + newdoc term/PostScript/README README-ps + newdoc term/js/README README-js + use lua && newdoc term/lua/README README-lua + readme.gentoo_create_doc + + if use examples; then + # Demo files + insinto /usr/share/${PN}/${GP_VERSION} + doins -r demo + rm -f "${ED}"/usr/share/${PN}/${GP_VERSION}/demo/Makefile* + rm -f "${ED}"/usr/share/${PN}/${GP_VERSION}/demo/binary* + fi + + if use doc; then + # Manual, tutorial, FAQ + dodoc docs/gnuplot.pdf tutorial/{tutorial.dvi,tutorial.pdf} FAQ.pdf + # Documentation for making PostScript files + docinto psdoc + dodoc docs/psdoc/{*.doc,*.tex,*.ps,*.gpi,README} + fi +} + +src_test() { + GNUTERM="unknown" default_src_test +} + +pkg_postinst() { + use latex && texmf-update + readme.gentoo_print_elog +} + +pkg_postrm() { + use latex && texmf-update +} |