sci-mathematics/pspp: new revision to fix a few security and QA issues.

We fix CVE-2022-39831 and CVE-2022-39832 the same way upstream did, by
refusing to install the vulnerable program (which was mainly only used
for debugging anyway). We now also use a more accurate LICENSE, and add
a patch to fix underlinking visible with lld/mold.

Bug: https://bugs.gentoo.org/868618
Closes: https://bugs.gentoo.org/732048
Closes: https://bugs.gentoo.org/877751
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

2 files changed, 115 insertions, 0 deletions

diff --git a/sci-mathematics/pspp/files/pspp-1.6.2-underlinking.patch b/sci-mathematics/pspp/files/pspp-1.6.2-underlinking.patch
new file mode 100644
index 000000000000..c4f3672d6716
--- /dev/null
+++ b/sci-mathematics/pspp/files/pspp-1.6.2-underlinking.patch
@@ -0,0 +1,27 @@
+From 27f3d4cf2a92a91c078e54d9e67af441df140edc Mon Sep 17 00:00:00 2001
+From: Michael Orlitzky <michael@orlitzky.com>
+Date: Sat, 31 Dec 2022 22:08:11 -0500
+Subject: [PATCH 1/1] Makefile.in: fix underlinking of liboutput.
+
+This library uses cairo/pango, and needs to be linked with $CAIRO_LIBS
+when using --as-needed and a linker that knows what it's doing.
+---
+ Makefile.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.in b/Makefile.in
+index d836b65..217798c 100644
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -1837,7 +1837,7 @@ am_src_math_libpspp_math_la_OBJECTS = src/math/chart-geometry.lo \
+ 	src/math/wilcoxon-sig.lo
+ src_math_libpspp_math_la_OBJECTS =  \
+ 	$(am_src_math_libpspp_math_la_OBJECTS)
+-src_output_liboutput_la_LIBADD =
++src_output_liboutput_la_LIBADD = $(CAIRO_LIBS)
+ am_src_output_liboutput_la_OBJECTS = src/output/liboutput_la-ascii.lo \
+ 	src/output/liboutput_la-cairo-chart.lo \
+ 	src/output/liboutput_la-cairo-fsm.lo \
+-- 
+2.38.2
+
diff --git a/sci-mathematics/pspp/pspp-1.6.2-r2.ebuild b/sci-mathematics/pspp/pspp-1.6.2-r2.ebuild
new file mode 100644
index 000000000000..c6a645b2be9d
--- /dev/null
+++ b/sci-mathematics/pspp/pspp-1.6.2-r2.ebuild
@@ -0,0 +1,88 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..11} )
+
+inherit python-any-r1 xdg
+
+DESCRIPTION="Program for statistical analysis of sampled data"
+HOMEPAGE="https://www.gnu.org/software/pspp/pspp.html"
+SRC_URI="mirror://gnu/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-3+ FDL-1.3+"
+SLOT="0/${PV}"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+IUSE="doc examples gtk ncurses nls perl postgres"
+
+RDEPEND="
+	dev-libs/libxml2:2
+	sci-libs/gsl:0=
+	sys-devel/gettext
+	sys-libs/ncurses:0=
+	sys-libs/readline:0=
+	sys-libs/zlib
+	virtual/libiconv
+	x11-libs/cairo[svg(+)]
+	x11-libs/pango
+	gtk? (
+		dev-util/glib-utils
+		x11-libs/gtk+:3
+		x11-libs/gtksourceview:4=
+		>=x11-libs/spread-sheet-widget-0.7
+	)
+	postgres? ( dev-db/postgresql:=[server] )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	${PYTHON_DEPS}
+	sys-devel/gettext
+	virtual/pkgconfig
+	doc? ( virtual/latex-base )"
+
+PATCHES=( "${FILESDIR}/pspp-1.6.2-underlinking.patch" )
+
+pkg_pretend() {
+	ewarn "Starting with pspp-1.4.0 the pspp-mode emacs package is no longer"
+	ewarn "shipped with pspp itself, and should instead be fetched from ELPA:"
+	ewarn "https://elpa.gnu.org/packages/pspp-mode.html"
+}
+
+src_prepare() {
+	default
+
+	sed -i '/appdata$/s/appdata$/metainfo/' Makefile.in || die
+}
+
+src_configure() {
+	econf \
+		$(use_enable nls) \
+		$(use_with gtk gui) \
+		$(use_with perl perl-module) \
+		$(use_with postgres libpq)
+}
+
+src_compile() {
+	default
+
+	if use doc; then
+		emake html pdf
+		HTML_DOCS=( doc/pspp{,-dev}.html )
+	fi
+}
+
+src_install() {
+	default
+
+	# Mimic the upstream fix for bug 868618. Obsolete when v1.6.3 is
+	# released.
+	rm "${ED}/usr/bin/pspp-dump-sav" || die
+
+	use doc && dodoc doc/pspp{,-dev}.pdf
+	if use examples; then
+		dodoc -r examples
+		docompress -x /usr/share/doc/${PF}/examples
+	fi
+
+	find "${ED}" -name '*.la' -type f -delete || die
+}