app-text/texlive-core: patch CVE-2023-32700

This does not fix CVE-2023-32668 which changes behaviour so must be handled
in a new version (>= 2023).

Bug: https://bugs.gentoo.org/836779
Bug: https://bugs.gentoo.org/906712
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 393 insertions, 0 deletions

diff --git a/app-text/texlive-core/Manifest b/app-text/texlive-core/Manifest
index 8dbfede79199..2508e9692dbd 100644
--- a/app-text/texlive-core/Manifest
+++ b/app-text/texlive-core/Manifest
@@ -1,4 +1,5 @@
 DIST texlive-20210325-source.tar.xz 54837368 BLAKE2B 66bd4bdd43ff53513004b9b9b90ababa0ab5efcf183a27864a3d39cde9cf90721456bda90c49ad6014f4b12d2e6293feaf9a8b152b85a89ffaa96bf5056347df SHA512 afd6eb24efaeac7c58d43ff24162aece919079a9ae02934509f068c7a3828223c33c14d9db11ff7fea3560b08a06f352446ba7f845eefb4a56a87b96f088f213
+DIST texlive-core-2021-CVE-2023-32700.patch.xz 8824 BLAKE2B 5df988abb12626210b372618cc0a623ed2f6f42cf2f03dca143f94b928fc0fd2e28e53574c9ca23295f55fb56cd908a3e8603161fa3f13c37b9397163479aa9f SHA512 16d34b5b0cc1b85ec412798caa582f71b15c2d57bb486064c5fb48304eea32a13f69677c228c82c88e026ba5885acd201449ec69bc6c7bf9396eebb3d1358717
 DIST texlive-core-patches-2021-1.tar.xz 4820 BLAKE2B 1316cdc65c8f0a7164169fc6a795c50f7fccc99cea7a80290c18189f931b002e47b081de593c47d8da9650498a279f7d0473f115f02b37993859fcd475dbebed SHA512 4267934427265995c2a0c00d837399ec9670ba5c7df5c4599a486a2098de9a05640ff77f29bd7390070f3c973e5cc067356cfdd6b2c9415b7a56b96de789fb82
 DIST texlive-tlpdb-2021.tar.xz 1335040 BLAKE2B a5608b329666ad55032fb9dbf7fc6da9b8b2c94c03aed838cf8575742a23294f3319ad8e45fd6b4f65cc59f673c78b9d96b4f24e2ad07a8a08aa313822eea137 SHA512 ca9d5f2231246984ec489b4dfffb93c8b9540b8479a521aa91658fba3ce452c814e9e24e28d9ab6a0124d8eaf4cf7c14fefb379e84b3495752a9a2b8a2add3db
 DIST tl-a2ping-2021.tar.xz 30652 BLAKE2B 63e857ba7142751828669bc00d9689f000effddecc221a03943f508e69a28bdc675707527b47a5444ac9881268b1d9abe372d0bbcde78007aaf81c69b15421dd SHA512 4008c18f93a7d378c8da20bad7c1fdf19c3e6befccdcc804326168854fcd35bb89fe414b30a26dbddeaf81a11c0d404bf5b5459bd3d8adce49dc30279e3bd420
diff --git a/app-text/texlive-core/texlive-core-2021-r7.ebuild b/app-text/texlive-core/texlive-core-2021-r7.ebuild
new file mode 100644
index 000000000000..7b78ecb0b21e
--- /dev/null
+++ b/app-text/texlive-core/texlive-core-2021-r7.ebuild
@@ -0,0 +1,392 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+TL_SOURCE_VERSION=20210325
+
+# autotools/reautoconf in src_prepare only needed for Cairo patch
+inherit autotools flag-o-matic toolchain-funcs libtool texlive-common
+
+MY_P=${PN%-core}-${TL_SOURCE_VERSION}-source
+
+PATCHLEVEL=1
+
+DESCRIPTION="A complete TeX distribution"
+HOMEPAGE="https://tug.org/texlive/"
+SLOT="0"
+LICENSE="GPL-2 LPPL-1.3c TeX"
+
+SRC_URI="
+	https://dev.gentoo.org/~sam/distfiles/texlive/${MY_P}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/texlive/texlive-tlpdb-${PV}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/texlive/${PN}-patches-${PV}-${PATCHLEVEL}.tar.xz
+	https://dev.gentoo.org/~sam/distfiles/${CATEGORY}/${PN}/texlive-core-2021-CVE-2023-32700.patch.xz
+"
+
+# We ship binextra collection alongside
+TL_CORE_BINEXTRA_MODULES="
+	a2ping adhocfilelist arara asymptote bundledoc checklistings chklref ctan_chk
+	clojure-pamphlet cluttex ctanify ctan-o-mat ctanbib ctanupload ctie cweb de-macro
+	dtl dtxgen dvi2tty dviasm dvicopy dvidvi dviinfox dviout-util dviljk dvipos findhyph
+	fragmaster hook-pre-commit-pkg installfont ketcindy lacheck latex-git-log latex-papersize
+	latex2man latex2nemeth latexfileversion latexpand latexindent ltxfileinfo ltximg
+	listings-ext make4ht match_parens mflua mkjobtexmf patgen pdfbook2 pdfcrop pdfjam
+	pdflatexpicscale pdftex-quiet pdfxup pdftosrc pfarrei pkfix pkfix-helper purifyeps
+	seetexk spix srcredact sty2dtx synctex tex4ebook texcount texdef texdiff texdirflatten
+	texdoc texfot texliveonfly texlive-scripts-extra texloganalyser texosquery texplate
+	texware tie tlcockpit tpic2pdftex typeoutfileinfo web xindy xindex xpdfopen collection-binextra
+	"
+TL_CORE_BINEXTRA_DOC_MODULES="
+	a2ping.doc adhocfilelist.doc arara.doc asymptote.doc bundledoc.doc
+	checklistings.doc chklref.doc ctan_chk.doc clojure-pamphlet.doc cluttex.doc
+	ctanify.doc ctan-o-mat.doc ctanbib.doc ctanupload.doc ctie.doc cweb.doc de-macro.doc
+	dtl.doc dtxgen.doc dvi2tty.doc dviasm.doc dvicopy.doc dvidvi.doc dviinfox.doc dviljk.doc
+	dvipos.doc dviout-util.doc findhyph.doc fragmaster.doc hook-pre-commit-pkg.doc installfont.doc
+	ketcindy.doc lacheck.doc latex-git-log.doc latex-papersize.doc latex2man.doc latex2nemeth.doc
+	latexfileversion.doc latexpand.doc latexindent.doc ltxfileinfo.doc ltximg.doc listings-ext.doc
+	make4ht.doc match_parens.doc mkjobtexmf.doc patgen.doc pdfbook2.doc pdfcrop.doc pdfjam.doc
+	pdflatexpicscale.doc pdftex-quiet.doc pdfxup.doc pdftosrc.doc pfarrei.doc pkfix.doc
+	pkfix-helper.doc purifyeps.doc pythontex.doc seetexk.doc spix.doc srcredact.doc
+	sty2dtx.doc synctex.doc tex4ebook.doc texcount.doc texdef.doc texdiff.doc
+	texdirflatten.doc texdoc.doc texfot.doc texliveonfly.doc texlive-scripts-extra.doc
+	texloganalyser.doc texosquery.doc texware.doc tie.doc tlcockpit.doc tpic2pdftex.doc
+	typeoutfileinfo.doc texplate.doc web.doc xindy.doc xindex.doc xpdfopen.doc
+"
+TL_CORE_BINEXTRA_SRC_MODULES="
+	adhocfilelist.source arara.source checklistings.source clojure-pamphlet.source
+	listings-ext.source mkjobtexmf.source pfarrei.source pythontex.source
+	texdef.source texosquery.source texplate.source tlcockpit.source
+"
+# Macros that are not a part of texlive-sources or collection-binextra but still needed
+# for other packages during installation
+TL_CORE_EXTRA_MODULES="hyphen-base gsftopk texlive.infra texlive-scripts ${TL_CORE_BINEXTRA_MODULES}"
+TL_CORE_EXTRA_DOC_MODULES="gsftopk.doc texlive.infra.doc texlive-scripts.doc ${TL_CORE_BINEXTRA_DOC_MODULES}"
+TL_CORE_EXTRA_SRC_MODULES="${TL_CORE_BINEXTRA_SRC_MODULES}"
+
+for i in ${TL_CORE_EXTRA_MODULES}; do
+	SRC_URI="${SRC_URI} https://dev.gentoo.org/~sam/distfiles/texlive/tl-${i}-${PV}.tar.xz"
+done
+
+SRC_URI="${SRC_URI} doc? ( "
+for i in ${TL_CORE_EXTRA_DOC_MODULES}; do
+	SRC_URI="${SRC_URI} https://dev.gentoo.org/~sam/distfiles/texlive/tl-${i}-${PV}.tar.xz"
+done
+SRC_URI="${SRC_URI} )"
+SRC_URI="${SRC_URI} source? ( "
+for i in ${TL_CORE_EXTRA_SRC_MODULES}; do
+	SRC_URI="${SRC_URI} https://dev.gentoo.org/~sam/distfiles/texlive/tl-${i}-${PV}.tar.xz"
+done
+SRC_URI="${SRC_URI} )"
+
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~sparc-solaris ~sparc64-solaris"
+IUSE="cjk X doc source tk +luajittex xetex xindy"
+
+TEXMF_PATH=/usr/share/texmf-dist
+
+MODULAR_X_DEPEND="X? (
+				x11-libs/libX11
+				x11-libs/libXmu
+	)"
+
+COMMON_DEPEND="${MODULAR_X_DEPEND}
+	!app-text/epspdf
+	!app-text/pdfjam
+	sys-libs/zlib
+	>=media-libs/harfbuzz-1.4.5:=[icu,graphite]
+	>=media-libs/libpng-1.2.43-r2:0=
+	media-libs/gd[png]
+	media-gfx/graphite2
+	>=x11-libs/cairo-1.12
+	>=x11-libs/pixman-0.18
+	dev-libs/zziplib:=
+	app-text/libpaper:=
+	dev-libs/gmp:=
+	dev-libs/mpfr:=
+	>=dev-libs/ptexenc-1.3.8
+	xetex? (
+		>=app-text/teckit-2.5.3
+		media-libs/fontconfig
+	)
+	xindy? ( dev-lisp/clisp:= )
+	media-libs/freetype:2
+	>=dev-libs/icu-50:=
+	>=dev-libs/kpathsea-6.3.2:="
+
+BDEPEND="sys-apps/ed
+	sys-devel/flex
+	virtual/pkgconfig"
+
+DEPEND="${COMMON_DEPEND}"
+
+RDEPEND="${COMMON_DEPEND}
+	>=app-text/ps2pkm-1.8_p20170524
+	>=app-text/dvipsk-5.997
+	>=dev-tex/bibtexu-3.71_p20170524
+	virtual/perl-Getopt-Long
+	dev-perl/File-HomeDir
+	dev-perl/Log-Dispatch
+	dev-perl/Unicode-LineBreak
+	dev-perl/YAML-Tiny
+	tk? (
+	dev-lang/tk
+	dev-perl/Tk
+	)"
+
+S="${WORKDIR}/${P}_build"
+B="${WORKDIR}/${MY_P}"
+
+src_unpack() {
+	unpack ${A}
+	mkdir -p "${S}" || die "failed to create build dir"
+}
+
+RELOC_TARGET=texmf-dist
+
+src_prepare() {
+	cd "${WORKDIR}" || die
+
+	mv texlive.tlpdb tlpkg/ || die "failed to move texlive.tlpdb"
+
+	# From texlive-module.eclass.
+	sed -n -e 's:\s*RELOC/::p' tlpkg/tlpobj/* > "${T}/reloclist" || die
+	sed -e 's/\/[^/]*$//' -e "s:^:${RELOC_TARGET}/:" "${T}/reloclist" |
+		sort -u |
+		xargs mkdir -p || die
+	local i
+	while read i; do
+		mv "${i}" "${RELOC_TARGET}/${i%/*}" || die
+	done < "${T}/reloclist"
+
+	mv "${WORKDIR}"/texmf* "${B}" || die "failed to move texmf files"
+
+	cd "${B}" || die
+
+	sed -i \
+		-e "s,/usr/include /usr/local/include.*echo \$KPATHSEA_INCLUDES.*,${EPREFIX}/usr/include\"," \
+		texk/web2c/configure || die
+
+	eapply "${WORKDIR}"/patches
+	eapply "${FILESDIR}"/${P}-cairo-strings.patch
+	eapply "${FILESDIR}"/${P}-slibtool.patch
+	eapply "${FILESDIR}"/${P}-clang-16.patch
+	eapply "${WORKDIR}"/${P}-CVE-2023-32700.patch
+
+	default
+
+	elibtoolize
+
+	# Drop this on 2022 bump!
+	"${B}"/reautoconf libs/cairo || die
+}
+
+src_configure() {
+	# It fails on alpha without this
+	use alpha && append-ldflags "-Wl,--no-relax"
+
+	# Too many regexps use A-Z a-z constructs, what causes problems with locales
+	# that don't have the same alphabetical order than ascii. Bug #242430
+	# So we set LC_ALL to C in order to avoid problems.
+	export LC_ALL=C
+
+	# Disable freetype-config as this is considered obsolete.
+	# Also only pkg-config works for prefix as described in bug #690094
+	export ac_cv_prog_ac_ct_FT2_CONFIG=no
+
+	# revisit/upstream once we bupm to 2022, bug #882245
+	append-cppflags -D_GNU_SOURCE
+
+	tc-export CC CXX AR RANLIB
+	ECONF_SOURCE="${B}" \
+		econf -C \
+		--bindir="${EPREFIX}"/usr/bin \
+		--datadir="${S}" \
+		--with-system-freetype2 \
+		--with-system-zlib \
+		--with-system-libpng \
+		--with-system-teckit \
+		--with-teckit-includes="${EPREFIX}"/usr/include/teckit \
+		--with-system-kpathsea \
+		--with-kpathsea-includes="${EPREFIX}"/usr/include \
+		--with-system-icu \
+		--with-system-ptexenc \
+		--with-system-harfbuzz \
+		--with-system-icu \
+		--with-system-graphite2 \
+		--with-system-cairo \
+		--with-system-pixman \
+		--with-system-zziplib \
+		--with-system-libpaper \
+		--with-system-gmp \
+		--with-system-gd \
+		--with-system-mpfr \
+		--without-texinfo \
+		--disable-dialog \
+		--disable-multiplatform \
+		--enable-chktex \
+		--enable-epsfwin \
+		--enable-detex \
+		--enable-dvi2tty \
+		--enable-mftalkwin \
+		--enable-regiswin \
+		--enable-shared \
+		--enable-tektronixwin \
+		--enable-unitermwin \
+		--enable-vlna \
+		--with-ps=gs \
+		--disable-psutils \
+		--disable-t1utils \
+		--enable-ipc \
+		--disable-biber \
+		--disable-bibtex-x \
+		--disable-dvipng \
+		--disable-dvipsk \
+		--disable-lcdf-typetools \
+		--disable-ps2pk \
+		--disable-ttf2pk2 \
+		--disable-tex4htk \
+		--disable-cjkutils \
+		--disable-xdvik \
+		--enable-luatex \
+		--disable-dvisvgm \
+		--disable-ps2eps \
+		--disable-static \
+		--disable-native-texlive-build \
+		--disable-largefile \
+		--disable-build-in-source-tree \
+		--disable-xindy-docs \
+		--disable-xindy-rules \
+		--with-banner-add=" Gentoo Linux" \
+		$(use_enable luajittex) \
+		$(use_enable luajittex luajithbtex) \
+		$(use_enable luajittex mfluajit) \
+		$(use_enable xetex) \
+		$(use_enable cjk dviout-util) \
+		$(use_enable cjk ptex) \
+		$(use_enable cjk eptex) \
+		$(use_enable cjk uptex) \
+		$(use_enable cjk euptex) \
+		$(use_enable cjk mendexk) \
+		$(use_enable cjk makejvf) \
+		$(use_enable cjk pmp) \
+		$(use_enable cjk upmp) \
+		$(use_enable tk texdoctk) \
+		$(use_with X x) \
+		$(use_enable xindy)
+}
+
+src_compile() {
+	tc-export CC CXX AR RANLIB
+
+	emake AR="$(tc-getAR)" SHELL="${EPREFIX}"/bin/sh texmf="${EPREFIX}"${TEXMF_PATH:-/usr/share/texmf-dist}
+
+	cd "${B}" || die
+	# Mimic updmap --syncwithtrees to enable only fonts installed
+	# Code copied from updmap script
+	for i in `grep -E '^(Mixed|Kanji)?Map' "texmf-dist/web2c/updmap.cfg" | sed 's@.* @@'`; do
+		texlive-common_is_file_present_in_texmf "${i}" || echo "${i}"
+	done > "${T}/updmap_update"
+	{
+		sed 's@/@\\/@g; s@^@/^MixedMap[     ]*@; s@$@$/s/^/#! /@' <"${T}/updmap_update"
+		sed 's@/@\\/@g; s@^@/^Map[  ]*@; s@$@$/s/^/#! /@' <"${T}/updmap_update"
+		sed 's@/@\\/@g; s@^@/^KanjiMap[     ]*@; s@$@$/s/^/#! /@' <"${T}/updmap_update"
+	} > "${T}/updmap_update2"
+	sed -f "${T}/updmap_update2" "texmf-dist/web2c/updmap.cfg" >	"${T}/updmap_update3"\
+		&& cat "${T}/updmap_update3" > "texmf-dist/web2c/updmap.cfg"
+}
+
+src_install() {
+	dodir ${TEXMF_PATH:-/usr/share/texmf-dist}/web2c
+
+	emake DESTDIR="${D}" texmf="${ED}${TEXMF_PATH:-/usr/share/texmf-dist}" run_texlinks="true" run_mktexlsr="true" install
+
+	cd "${B}" || die
+	dodir /usr/share # just in case
+	cp -pR texmf-dist "${ED}/usr/share/" || die "failed to install texmf trees"
+	cp -pR "${WORKDIR}"/tlpkg "${ED}/usr/share/" || die "failed to install tlpkg files"
+
+	# When X is disabled mf-nowin doesn't exist but some scripts expect it to
+	# exist. Instead, it is called mf, so we symlink it to please everything.
+	use X || dosym mf /usr/bin/mf-nowin
+
+	docinto texk
+	cd "${B}/texk" || die
+	dodoc ChangeLog README
+
+	docinto dviljk
+	cd "${B}/texk/dviljk" || die
+	dodoc ChangeLog README NEWS
+
+	docinto makeindexk
+	cd "${B}/texk/makeindexk" || die
+	dodoc ChangeLog NOTES README
+
+	docinto web2c
+	cd "${B}/texk/web2c" || die
+	dodoc ChangeLog NEWS PROJECTS README
+
+	use doc || rm -rf "${ED}/usr/share/texmf-dist/doc"
+
+	dodir /etc/env.d
+	echo 'CONFIG_PROTECT_MASK="/etc/texmf/web2c /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d"' > "${ED}/etc/env.d/98texlive"
+	# populate /etc/texmf
+	keepdir /etc/texmf/web2c
+
+	# take care of updmap.cfg and language.d files
+	keepdir /etc/texmf/{updmap.d,language.dat.d,language.def.d,language.dat.lua.d}
+
+	mv "${ED}${TEXMF_PATH}/web2c/updmap.cfg" "${ED}/etc/texmf/updmap.d/00updmap.cfg" || die "moving updmap.cfg failed"
+
+	# Remove fmtutil.cnf, it will be regenerated from /etc/texmf/fmtutil.d files
+	# by texmf-update
+	rm -f "${ED}${TEXMF_PATH}/web2c/fmtutil.cnf" || die
+	# Remove bundled and invalid updmap.cfg
+	rm -f "${ED}/usr/share/texmf-dist/web2c/updmap.cfg" || die
+
+	texlive-common_handle_config_files
+
+	keepdir /usr/share/texmf-site
+
+	# the virtex symlink is not installed
+	# The links has to be relative, since the targets
+	# is not present at this stage and MacOS doesn't
+	# like non-existing targets
+	dosym tex /usr/bin/virtex
+	dosym pdftex /usr/bin/pdfvirtex
+
+	find "${ED}" -name '*.la' -delete || die
+}
+
+pkg_postinst() {
+	etexmf-update
+
+	einfo "Regenerating TeX formats"
+	fmtutil-sys --all &> /dev/null
+
+	elog
+	elog "If you have configuration files in ${EPREFIX}/etc/texmf to merge,"
+	elog "please update them and run ${EPREFIX}/usr/sbin/texmf-update."
+	elog
+
+	local display_migration_hint=false
+	if [[ -n ${REPLACING_VERSIONS} ]]; then
+		local new_texlive_ver=$(ver_cut 1)
+		local replaced_version
+		for replaced_version in ${REPLACING_VERSIONS}; do
+			replaced_version=$(ver_cut 1 ${replaced_version})
+			if (( replaced_version < new_texlive_version )); then
+				display_migration_hint=true
+				break
+			fi
+		done
+	fi
+
+	if ! ${display_migration_hint}; then
+		return
+	fi
+
+	ewarn "If you are migrating from an older TeX distribution"
+	ewarn "Please make sure you have read:"
+	ewarn "https://wiki.gentoo.org/wiki/Project:TeX/Tex_Live_Migration_Guide"
+	ewarn "in order to avoid possible problems"
+}