Merge pull request #204873 from LeSuisse/lout-3.42.2

--- a/externs.h

+++ b/externs.h

@@ -260,6 +260,9 @@ If you're compiling this, you've got the

 /*                      that can appear correctly on one page.  Can be       */

 /*                      increased to any small positive integer.             */

 /*                                                                           */

+/*  MAX_FORMAT          The maximum number of characters for sscanf formats  */

+/*                      for splitting strings with tab-delimited fields.     */

+/*                                                                           */

 /*****************************************************************************/

 #define	MAX_FULL_LENGTH	8388607	/* 2**23 - 1, about 148 metres */

@@ -275,6 +278,7 @@ If you're compiling this, you've got the

 #define	MAX_LEX_STACK	20

 #define	MAX_CHARS	256

 #define MAX_HCOPIES	3

+#define MAX_FORMAT	100

 /*****************************************************************************/

 /*                                                                           */

--- a/z02.c

+++ b/z02.c

@@ -378,7 +378,7 @@ static void srcnext(void)

   if( blksize != 0 && chpt < limit )

   { debugcond0(DLA, DD, stack_free <= 1, "srcnext: transferring.");

     col = buf;

-    while( chtbl[(*--col = *--limit)] != NEWLINE );

+    while( col > mem_block && chtbl[(*--col = *--limit)] != NEWLINE );

     frst = col + 1;  limit++;  blksize = 0;

   }

--- a/z33.c

+++ b/z33.c

@@ -847,6 +847,7 @@ BOOLEAN DbRetrieve(OBJECT db, BOOLEAN ga

 BOOLEAN DbRetrieveNext(OBJECT db, BOOLEAN *gall, OBJECT *sym, FULL_CHAR *tag,

   FULL_CHAR *seq, FILE_NUM *dfnum, long *dfpos, int *dlnum, long *cont)

 { FULL_CHAR line[MAX_BUFF], *cline, fname[MAX_BUFF]; int symnum;

+  char format[MAX_FORMAT];

   ifdebug(DPP, D, ProfileOn("DbRetrieveNext"));

   debug2(DBS, DD, "DbRetrieveNext( %s, %ld )", string(db), *cont);

   assert(reading(db), "DbRetrieveNext: not reading");

@@ -858,6 +859,8 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA

     return FALSE;

   }

+  sprintf(format, "%%d&%%%d[^\t]\t%%%d[^\t]\t%%*[^\t]\t%%ld\t%%d\t%%%d[^\n\f]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1);

+

   if( in_memory(db) )

   {

     /* get next entry from internal database */

@@ -868,7 +871,7 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA

     }

     cline = (FULL_CHAR *) db_lines(db)[*cont];

     *gall = (cline[0] == '0' ? 1 : 0);

-    sscanf((char *)&cline[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]",

+    sscanf((char *)&cline[*gall], format,

       &symnum, tag, seq, dfpos, dlnum, fname);

     *cont = *cont + 1;

   }

@@ -882,7 +885,7 @@ BOOLEAN DbRetrieveNext(OBJECT db, BOOLEA

       return FALSE;

     }

     *gall = (line[0] == '0' ? 1 : 0);

-    sscanf((char *)&line[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]",

+    sscanf((char *)&line[*gall], format,

       &symnum, tag, seq, dfpos, dlnum, fname);

     *cont = ftell(db_filep(db));

   }

--- a/z39.c

+++ b/z39.c

@@ -79,11 +79,13 @@ int strcollcmp(char *a, char *b)

 int strcollcmp(char *a, char *b)

 { char a1[MAX_BUFF], a2[MAX_BUFF], a3[MAX_BUFF];

   char b1[MAX_BUFF], b2[MAX_BUFF], b3[MAX_BUFF];

+  char format[MAX_FORMAT];

   int order;

+  sprintf(format, "%%%d[^\t]\t%%%d[^\t]\t%%%d[^\t]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1);

   a1[0] = a2[0] = a3[0] = '\0';

-  sscanf(a, "%[^\t]\t%[^\t]\t%[^\t]", a1, a2, a3);

+  sscanf(a, format, a1, a2, a3);

   b1[0] = b2[0] = b3[0] = '\0';

-  sscanf(b, "%[^\t]\t%[^\t]\t%[^\t]", b1, b2, b3);

+  sscanf(b, format, b1, b2, b3);

   order = strcoll(a1, b1);

   if( order == 0 )

   {

@@ -251,7 +253,7 @@ FULL_CHAR *StringQuotedWord(OBJECT x)

   *q++ = CH_QUOTE;

   for( p = string(x);  *p != '\0';  p++ )

   { 

-    for( r = (FULL_CHAR *) quoted_string[*p];  *r != '\0';  *q++ = *r++ );

+    for( r = (FULL_CHAR *) quoted_string[*p];  *r != '\0' && q < &buff[MAX_BUFF-2];  *q++ = *r++ );

   }

   *q++ = CH_QUOTE;

   *q++ = '\0';

# Prepare a makefile specifying the appropriate output directories.

#

# Written by Ludovic Courtès <ludo@gnu.org>.

if [ -e .attrs.sh ]; then source .attrs.sh; fi

source "$stdenv/setup" || exit 1

nixMakefile="nix-makefile"

# Build and install documentation, PS and PDF.

installDoc ()

{

  echo "building and installing documentation..."

  for doc in design expert slides user

  do

    echo "building \`$doc' document..."

    if [ ! -f "doc/$doc/outfile.ps" ]

    then

      ( PATH="$PWD:$PATH" ; \

        cd "doc/$doc" && lout -r4 -o outfile.ps all ) \

      || return 1

    fi

    cp "doc/$doc/outfile.ps" "$out/doc/lout/$doc.ps" && \

    ps2pdf -dPDFSETTINGS=/prepress -sPAPERSIZE=a4 \

           "doc/$doc/outfile.ps" "$out/doc/lout/$doc.pdf"

  done

  return 0

}

unpackPhase && \

cd lout-*.* && \

cat makefile | \

  sed -e "s|^PREFIX[[:blank:]]*=.*\$|PREFIX = $out|g ; \

    s|^LOUTLIBDIR[[:blank:]]*=.*$|LOUTLIBDIR = \$(PREFIX)/lib/lout|g ; \

    s|^LOUTDOCDIR[[:blank:]]*=.*$|LOUTDOCDIR = \$(PREFIX)/doc/lout|g ; \

    s|^MANDIR[[:blank:]]*=.*$|MANDIR = \$(PREFIX)/man|g" \

  > "$nixMakefile" && \

mkdir -p "$out/bin" && mkdir -p "$out/lib" \

mkdir -p "$out/man" && mkdir -p "$out/doc/lout" && \

make -f "$nixMakefile" CC=cc install installman && \

installDoc && \

fixupPhase

{lib, stdenv, fetchurl, ghostscript}:

{lib, stdenv, fetchFromGitHub, ghostscript}:

stdenv.mkDerivation rec {

  pname = "lout";

  version = "3.40";

  src = fetchurl {

    urls = [

      "ftp://ftp.cs.usyd.edu.au/jeff/lout/${pname}-${version}.tar.gz"

      "mirror://savannah/lout/${pname}-${version}.tar.gz"      # new!

      "mirror://sourceforge/lout/${pname}-${version}.tar.gz"   # to be phased out

      # XXX: We could add the CTAN mirrors

      # (see https://www.ctan.org/tex-archive/support/lout/).

    ];

    sha256 = "1gb8vb1wl7ikn269dd1c7ihqhkyrwk19jwx5kd0rdvbk6g7g25ix";

  };

  version = "3.42.2";

  patches = [

    # https://build.opensuse.org/request/show/843612

    ./CVE-2019-19917-and-CVE-2019-19918.patch

  ];

  src = fetchFromGitHub {

    owner = "william8000";

    repo = pname;

    rev = version;

    hash = "sha256-rzCRxmwppBno6o4RM2GjE0pe/5yvyzyo375XdfX04As=";

  };

  buildInputs = [ ghostscript ];

  builder = ./builder.sh;

  makeFlags = [ "PREFIX=$(out)/" "CC=${stdenv.cc.targetPrefix}cc" ];

  meta = {

    description = "Document layout system similar in style to LaTeX";

      went back to the beginning.

    '';

    # Author's page: http://jeffreykingston.id.au/lout/

    # Wiki: https://sourceforge.net/p/lout/wiki/

    homepage = "https://savannah.nongnu.org/projects/lout/";

    homepage = "https://github.com/william8000/lout";

    license = lib.licenses.gpl3Plus;