about summary refs log tree commit diff
path: root/pkgs/tools/text
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/tools/text')
-rw-r--r--pkgs/tools/text/gnupatch/CVE-2019-13636.patch108
-rw-r--r--pkgs/tools/text/gnupatch/CVE-2019-13638.patch38
-rw-r--r--pkgs/tools/text/gnupatch/default.nix12
-rw-r--r--pkgs/tools/text/highlight/default.nix6
-rw-r--r--pkgs/tools/text/mdbook/default.nix8
-rw-r--r--pkgs/tools/text/ripgrep-all/default.nix39
-rw-r--r--pkgs/tools/text/ripgrep/default.nix6
-rw-r--r--pkgs/tools/text/xml/xmloscopy/default.nix15
8 files changed, 213 insertions, 19 deletions
diff --git a/pkgs/tools/text/gnupatch/CVE-2019-13636.patch b/pkgs/tools/text/gnupatch/CVE-2019-13636.patch
new file mode 100644
index 000000000000..e62c3d41753c
--- /dev/null
+++ b/pkgs/tools/text/gnupatch/CVE-2019-13636.patch
@@ -0,0 +1,108 @@
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 16:21:48 +0200
+Subject: Don't follow symlinks unless --follow-symlinks is given
+
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+append_to_file): Unless the --follow-symlinks option is given, open files with
+the O_NOFOLLOW flag to avoid following symlinks.  So far, we were only doing
+that consistently for input files.
+* src/util.c (create_backup): When creating empty backup files, (re)create them
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+---
+ src/inp.c  | 12 ++++++++++--
+ src/util.c | 14 +++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+     {
+       if (S_ISREG (instat.st_mode))
+         {
+-	  int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++	  int flags = O_RDONLY | binary_transput;
+ 	  size_t buffered = 0, n;
++	  int ifd;
++
++	  if (! follow_symlinks)
++	    flags |= O_NOFOLLOW;
++	  ifd = safe_open (filename, flags, 0);
+ 	  if (ifd < 0)
+ 	    pfatal ("can't open file %s", quotearg (filename));
+ 
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++  int flags = O_RDONLY | binary_transput;
+   int ifd;
+   FILE *ifp;
+   int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+ 
+   if (instat.st_size == 0)
+     filename = NULL_DEVICE;
+-  if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++  if (! follow_symlinks)
++    flags |= O_NOFOLLOW;
++  if ((ifd = safe_open (filename, flags, 0)) < 0
+       || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+     pfatal ("Can't open file %s", quotearg (filename));
+   if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+ 
+ 	  try_makedirs_errno = ENOENT;
+ 	  safe_unlink (bakname);
+-	  while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++	  while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ 	    {
+ 	      if (errno != try_makedirs_errno)
+ 		pfatal ("Can't create file %s", quotearg (bakname));
+@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++  int from_flags = O_RDONLY | O_BINARY;
+   int fromfd;
+   ssize_t i;
+ 
+-  if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++  if (! follow_symlinks)
++    from_flags |= O_NOFOLLOW;
++  if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+     pfatal ("Can't reopen file %s", quotearg (from));
+   while ((i = read (fromfd, buf, bufsize)) != 0)
+     {
+@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+   else
+     {
+       assert (S_ISREG (mode));
++      if (! follow_symlinks)
++	to_flags |= O_NOFOLLOW;
+       tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ 			  to_dir_known_to_exist);
+       copy_to_fd (from, tofd);
+@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++  int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+   int tofd;
+ 
+-  if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++  if (! follow_symlinks)
++    to_flags |= O_NOFOLLOW;
++  if ((tofd = safe_open (to, to_flags, 0)) < 0)
+     pfatal ("Can't reopen file %s", quotearg (to));
+   copy_to_fd (from, tofd);
+   if (close (tofd) != 0)
+-- 
+cgit v1.0-41-gc330
+
diff --git a/pkgs/tools/text/gnupatch/CVE-2019-13638.patch b/pkgs/tools/text/gnupatch/CVE-2019-13638.patch
new file mode 100644
index 000000000000..38caff628aaf
--- /dev/null
+++ b/pkgs/tools/text/gnupatch/CVE-2019-13638.patch
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ 	    *outname_needs_removal = true;
+ 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ 	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+ 	fflush (stdout);
+ 
+ 	pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ 	else if (pid == 0)
+ 	  {
+ 	    dup2 (tmpfd, 0);
+-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    assert (outname[0] != '!' && outname[0] != '-');
++	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+ 	    _exit (2);
+ 	  }
+ 	else
+-- 
+cgit v1.0-41-gc330
+
diff --git a/pkgs/tools/text/gnupatch/default.nix b/pkgs/tools/text/gnupatch/default.nix
index 1a5cda5799dc..a046c5911157 100644
--- a/pkgs/tools/text/gnupatch/default.nix
+++ b/pkgs/tools/text/gnupatch/default.nix
@@ -14,15 +14,23 @@ stdenv.mkDerivation rec {
     # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=f290f48a621867084884bfff87f8093c15195e6a
     ./CVE-2018-6951.patch
     (fetchurl {
-      url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Allow_input_files_to_be_missing_for_ed-style_patches.patch;
+      url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=b5a91a01e5d0897facdd0f49d64b76b0f02b43e1;
+      name = "Allow_input_files_to_be_missing_for_ed-style_patches.patch";
       sha256 = "0iw0lk0yhnhvfjzal48ij6zdr92mgb84jq7fwryy1hdhi47hhq64";
     })
     (fetchurl { # CVE-2018-1000156
-      url = https://sources.debian.org/data/main/p/patch/2.7.6-2/debian/patches/Fix_arbitrary_command_execution_in_ed-style_patches.patch;
+      url = https://git.savannah.gnu.org/cgit/patch.git/patch/?id=123eaff0d5d1aebe128295959435b9ca5909c26d;
+      name = "Fix_arbitrary_command_execution_in_ed-style_patches.patch";
       sha256 = "1bpy16n3hm5nv9xkrn6c4wglzsdzj3ss1biq16w9kfv48p4hx2vg";
     })
     # https://git.savannah.gnu.org/cgit/patch.git/commit/?id=9c986353e420ead6e706262bf204d6e03322c300
     ./CVE-2018-6952.patch
+
+    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a
+    ./CVE-2019-13636.patch
+
+    # https://git.savannah.gnu.org/cgit/patch.git/patch/?id=3fcd042d26d70856e826a42b5f93dc4854d80bf0
+    ./CVE-2019-13638.patch
   ];
 
   nativeBuildInputs = [ autoreconfHook ];
diff --git a/pkgs/tools/text/highlight/default.nix b/pkgs/tools/text/highlight/default.nix
index 34dacc80d926..46fe9ab1cd72 100644
--- a/pkgs/tools/text/highlight/default.nix
+++ b/pkgs/tools/text/highlight/default.nix
@@ -4,13 +4,13 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "highlight-${version}";
-  version = "3.52";
+  version = "3.53";
 
   src = fetchFromGitLab {
     owner = "saalen";
     repo = "highlight";
     rev = "v${version}";
-    sha256 = "0zhn1k70ck82ks7ckzsy1yiz686ym2ps7c28wjmkgxfpyjanilrq";
+    sha256 = "11szws4q6qyffq2fsvh1vksh1d0kcwg6smyyba9yr61hzx6zmzgr";
   };
 
   enableParallelBuilding = true;
@@ -30,7 +30,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     description = "Source code highlighting tool";
-    homepage = http://www.andre-simon.de/doku/highlight/en/highlight.php;
+    homepage = "http://www.andre-simon.de/doku/highlight/en/highlight.php";
     platforms = platforms.unix;
     maintainers = with maintainers; [ ndowens willibutz ];
   };
diff --git a/pkgs/tools/text/mdbook/default.nix b/pkgs/tools/text/mdbook/default.nix
index 52d197759eae..de395f183d18 100644
--- a/pkgs/tools/text/mdbook/default.nix
+++ b/pkgs/tools/text/mdbook/default.nix
@@ -2,23 +2,23 @@
 
 rustPlatform.buildRustPackage rec {
   name = "mdbook-${version}";
-  version = "0.1.8";
+  version = "0.3.1";
 
   src = fetchFromGitHub {
     owner = "rust-lang-nursery";
     repo = "mdBook";
     rev = "v${version}";
-    sha256 = "1xmw4v19ff6mvimwk5l437wslzw5npy60zdb8r4319bjf32pw9pn";
+    sha256 = "0py69267jbs6b7zw191hcs011cm1v58jz8mglqx3ajkffdfl3ghw";
   };
 
-  cargoSha256 = "1xpsc4qff2lrq15mz1gvmw6n5vl88sfwpjbsnp5ja5k1im156lam";
+  cargoSha256 = "0qwhc42a86jpvjcaysmfcw8kmwa150lmz01flmlg74g6qnimff5m";
 
   buildInputs = stdenv.lib.optionals stdenv.isDarwin [ CoreServices ];
 
   meta = with stdenv.lib; {
     description = "Create books from MarkDown";
     homepage = https://github.com/rust-lang-nursery/mdbook;
-    license = [ licenses.asl20 licenses.mit ];
+    license = [ licenses.mpl20 ];
     maintainers = [ maintainers.havvy ];
     platforms = platforms.all;
   };
diff --git a/pkgs/tools/text/ripgrep-all/default.nix b/pkgs/tools/text/ripgrep-all/default.nix
new file mode 100644
index 000000000000..a9253b02ddd9
--- /dev/null
+++ b/pkgs/tools/text/ripgrep-all/default.nix
@@ -0,0 +1,39 @@
+{ stdenv, lib, fetchFromGitHub, rustPlatform, makeWrapper, ffmpeg
+, pandoc, poppler_utils, ripgrep, Security
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "ripgrep-all";
+  version = "0.9.2";
+
+  src = fetchFromGitHub {
+    owner = "phiresky";
+    repo = pname;
+    rev = version;
+    sha256 = "1knv0gpanrid9i9mxg7zwqh9igdksp1623wl9iwmysiyaajlbif2";
+  };
+
+  cargoSha256 = "0xwsx0x9n766bxamhnpzibrnvnqsxz3wh1f0rj29kbl32xl8yyfg";
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = lib.optional stdenv.isDarwin Security;
+
+  postInstall = ''
+    wrapProgram $out/bin/rga \
+      --prefix PATH ":" "${lib.makeBinPath [ ffmpeg pandoc poppler_utils ripgrep ]}"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, and more";
+    longDescription = ''
+      Ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.
+
+      rga is a line-oriented search tool that allows you to look for a regex in
+      a multitude of file types. rga wraps the awesome ripgrep and enables it
+      to search in pdf, docx, sqlite, jpg, movie subtitles (mkv, mp4), etc.
+    '';
+    homepage = https://github.com/phiresky/ripgrep-all;
+    license = with licenses; [ agpl3Plus ];
+    maintainers = with maintainers; [ zaninime ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/tools/text/ripgrep/default.nix b/pkgs/tools/text/ripgrep/default.nix
index 311767a786fc..4fa90441bdbe 100644
--- a/pkgs/tools/text/ripgrep/default.nix
+++ b/pkgs/tools/text/ripgrep/default.nix
@@ -5,16 +5,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "ripgrep";
-  version = "11.0.1";
+  version = "11.0.2";
 
   src = fetchFromGitHub {
     owner = "BurntSushi";
     repo = pname;
     rev = version;
-    sha256 = "0vak82d4vyw0w8agswbyxa6g3zs2h9mxm2xjw0xs9qccvmi7whbb";
+    sha256 = "1iga3320mgi7m853la55xip514a3chqsdi1a1rwv25lr9b1p7vd3";
   };
 
-  cargoSha256 = "1k1wg27p7w8b3cgygnkr6yhsc4hpnvrpa227s612vy2zfcmgb1kx";
+  cargoSha256 = "11477l4l1y55klw5dp2kbsnv989vdz1547ml346hcfbkzv7m450v";
 
   cargoBuildFlags = stdenv.lib.optional withPCRE2 "--features pcre2";
 
diff --git a/pkgs/tools/text/xml/xmloscopy/default.nix b/pkgs/tools/text/xml/xmloscopy/default.nix
index 9703bd1ecea5..5d085e411963 100644
--- a/pkgs/tools/text/xml/xmloscopy/default.nix
+++ b/pkgs/tools/text/xml/xmloscopy/default.nix
@@ -5,10 +5,10 @@ fzf, coreutils, libxml2, libxslt, jing, findutils, gnugrep, gnused,
 docbook5
 }:
 stdenv.mkDerivation rec {
-  name = "xmloscopy-${version}";
-  version = "0.1.2";
+  pname = "xmloscopy";
+  version = "0.1.3";
 
-  buildInputs = [
+  nativeBuildInputs = [
     makeWrapper
     dev_only_shellcheck
   ];
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     owner = "grahamc";
     repo = "xmloscopy";
     rev = "v${version}";
-    sha256 = "07fcnf1vv0x72lksl1v0frmlh73gca199ldqqbgdjpybjdffz456";
+    sha256 = "06y5bckrmnq7b5ny2hfvlmdws910jw3xbw5nzy3bcpqsccqnjxrc";
   };
 
   installPhase = ''
@@ -43,10 +43,11 @@ stdenv.mkDerivation rec {
       --set PATH "${spath}"
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "wtf is my docbook broken?";
     homepage = https://github.com/grahamc/xmloscopy;
-    license = stdenv.lib.licenses.mit;
-    platforms = stdenv.lib.platforms.all;
+    license = licenses.mit;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ grahamc ];
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 06:17:28 +0000