File: insecure-tmp-fix

package info (click to toggle)
maxima 5.47.0-7
  • links: PTS
  • area: main
  • in suites: trixie
  • size: 189,764 kB
  • sloc: lisp: 434,678; fortran: 14,665; tcl: 10,990; sh: 4,577; makefile: 2,763; ansic: 447; java: 328; python: 262; perl: 201; xml: 60; awk: 28; sed: 15
file content (98 lines) | stat: -rw-r--r-- 4,452 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 maxima (5.47.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Bug fix: "CVE-2024-34490", thanks to Moritz Mühlenhoff (Closes:
     #1071630).
Author: Camm Maguire <camm@debian.org>
Bug-Debian: https://bugs.debian.org/1071630

---
The information above should follow the Patch Tagging Guidelines, please
checkout https://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: (upstream|backport|vendor|other), (<patch-url>|commit:<commit-id>)
Bug: <upstream-bugtracker-url>
Bug-Debian: https://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: (no|not-needed|<patch-forwarded-url>)
Applied-Upstream: <version>, (<commit-url>|commit:<commid-id>)
Reviewed-By: <name and email of someone who approved/reviewed the patch>
Last-Update: 2024-05-23

--- maxima-5.47.0.orig/src/gnuplot_def.lisp
+++ maxima-5.47.0/src/gnuplot_def.lisp
@@ -286,7 +286,7 @@
                (format nil "set term postscript eps color solid lw 2 size 16.4 cm, 12.3 cm font \",24\" ~a" gstrings)))
      (if (getf plot-options :gnuplot_out_file)
          (setq out-file (getf plot-options :gnuplot_out_file))
-         (setq out-file "maxplot.ps")))
+         (setq out-file (format nil "~a.ps" (random-name 16)))))
     ((eq (getf plot-options :gnuplot_term) '$dumb)
      (if (getf plot-options :gnuplot_dumb_term_command)
          (setq terminal-command
@@ -294,7 +294,7 @@
          (setq terminal-command "set term dumb 79 22"))
      (if (getf plot-options :gnuplot_out_file)
          (setq out-file (getf plot-options :gnuplot_out_file))
-         (setq out-file "maxplot.txt")))
+         (setq out-file (format nil "~a.txt" (random-name 16)))))
     ((eq (getf plot-options :gnuplot_term) '$default)
      (if (getf plot-options :gnuplot_default_term_command)
          (setq terminal-command
--- maxima-5.47.0.orig/src/plot.lisp
+++ maxima-5.47.0/src/plot.lisp
@@ -1755,6 +1755,13 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(
 
 (defvar $xmaxima_plot_command "xmaxima")
 
+(defun random-name (count)
+  (let ((chars "0123456789abcdefghijklmnopqrstuvwxyz") (name ""))
+    (setf *random-state* (make-random-state t))
+    (dotimes (i count)
+      (setq name (format nil "~a~a" name (aref chars (random 36)))))
+    name))
+
 (defun plot-set-gnuplot-script-file-name (options)
   (let ((gnuplot-term (getf options :gnuplot_term))
 	(gnuplot-out-file (getf options :gnuplot_out_file)))
@@ -1762,9 +1769,9 @@ plot3d([cos(y)*(10.0+6*cos(x)), sin(y)*(
              (eq gnuplot-term '$default) gnuplot-out-file)
 	(plot-file-path gnuplot-out-file t options)
       (plot-file-path
-       (format nil "maxout~d.~(~a~)"
-	       (getpid)
-               (ensure-string (getf options :plot_format))) nil options))))
+       (format nil "~a.~a" (random-name 16)
+               (ensure-string (getf options :plot_format)))
+       nil options))))
 
 (defun plot-temp-file0 (file &optional (preserve-file nil))
   (let ((filename 
@@ -2579,7 +2586,7 @@ plot2d ( x^2+y^2 = 1, [x, -2, 2], [y, -2
 
 (defun show-open-plot (ans file)
   (cond ($show_openplot
-         (with-open-file (st1 (plot-temp-file (format nil "maxout~d.xmaxima" (getpid))) :direction :output :if-exists :supersede)
+         (with-open-file (st1 (plot-temp-file (format nil "~a.xmaxima" (random-name 16))) :direction :output :if-exists :supersede)
            (princ  ans st1))
          ($system (concatenate 'string *maxima-prefix* 
                                (if (string= *autoconf-windows* "true") "\\bin\\" "/bin/") 
--- maxima-5.47.0.orig/src/xmaxima_def.lisp
+++ maxima-5.47.0/src/xmaxima_def.lisp
@@ -431,7 +431,7 @@
         (format $pstream "}~%"))))))
 
 (defmethod plot-shipout ((plot xmaxima-plot) options &optional output-file)
-  (let ((file (plot-file-path (format nil "maxout~d.xmaxima" (getpid)))))
+  (let ((file (plot-file-path (format nil "~a.xmaxima" (random-name 16)))))
     (cond ($show_openplot
            (with-open-file (fl
                             #+sbcl (sb-ext:native-namestring file)