From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: [PATCH 1/1] gnu: tcsh: Fix out of bounds read.
Date: Wed, 7 Dec 2016 19:40:57 -0500
Message-ID: <20161208004057.GA26321@jasmine>
References: <cfb28c1c96a849bfc5e8bdb4cf00b001154f2373.1481091735.git.leo@famulari.name>
	<20161207080947.GA26434@macbook42.flashner.co.il>
	<87a8c89fgo.fsf@gnu.org>
	<87fulznbjg.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="NDin8bjvE/0mNLFQ"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41731)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cEmln-0005DC-Rz
	for guix-devel@gnu.org; Wed, 07 Dec 2016 19:41:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cEmlj-00046P-RJ
	for guix-devel@gnu.org; Wed, 07 Dec 2016 19:41:07 -0500
Content-Disposition: inline
In-Reply-To: <87fulznbjg.fsf@kirby.i-did-not-set--mail-host-address--so-tickle-me>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Marius Bakke <mbakke@fastmail.com>
Cc: guix-devel@gnu.org


--NDin8bjvE/0mNLFQ
Content-Type: multipart/mixed; boundary="4Ckj6UjgE2iN1+kY"
Content-Disposition: inline


--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 07, 2016 at 01:55:47PM +0100, Marius Bakke wrote:
> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>=20
> > That could go to the next =E2=80=98staging=E2=80=99 branch or =E2=80=98=
core-updates=E2=80=99, which
> > might be merged first.  (How come this many packages depend on tcsh?)
>=20
> tcsh is used by the 'boost' and 'texlive' packages.

Tcsh is a native-input of boost.

I think that using a graft, as in the attached patch, should work.

However, when applying this patch on top of a69bc7071ec (hydra: Fix
wrong-num-args error when computing the cross jobs.) and building boost
with this patch, the same derivation is built:

$ ./pre-inst-env guix build boost && ./pre-inst-env guix build --no-grafts =
boost
/gnu/store/nfg59rims86f87q5hasj8ngad3cd9dpa-boost-1.61.0
/gnu/store/nfg59rims86f87q5hasj8ngad3cd9dpa-boost-1.61.0

I'd expect it to change. Am I missing something?

--4Ckj6UjgE2iN1+kY
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="0001-gnu-tcsh-Fix-out-of-bounds-read.patch"
Content-Transfer-Encoding: quoted-printable

=46rom 7d84262b28a9a6d823d57ba25c316888ab044595 Mon Sep 17 00:00:00 2001
=46rom: Leo Famulari <leo@famulari.name>
Date: Wed, 7 Dec 2016 18:51:27 -0500
Subject: [PATCH] gnu: tcsh: Fix out of bounds read.

* gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/shells.scm (tcsh)[replacement]: New field.
(tcsh/fixed): New variable.
---
 gnu/local.mk                                       |  1 +
 .../patches/tcsh-fix-out-of-bounds-read.patch      | 31 ++++++++++++++++++=
++++
 gnu/packages/shells.scm                            | 10 +++++++
 3 files changed, 42 insertions(+)
 create mode 100644 gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index eec0e018b..72b64a6cc 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -884,6 +884,7 @@ dist_patch_DATA =3D						\
   %D%/packages/patches/tclxml-3.2-install.patch			\
   %D%/packages/patches/tcsh-do-not-define-BSDWAIT.patch		\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
+  %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
   %D%/packages/patches/texi2html-document-encoding.patch	\
   %D%/packages/patches/texi2html-i18n.patch			\
diff --git a/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch b/gnu/p=
ackages/patches/tcsh-fix-out-of-bounds-read.patch
new file mode 100644
index 000000000..48c294f78
--- /dev/null
+++ b/gnu/packages/patches/tcsh-fix-out-of-bounds-read.patch
@@ -0,0 +1,31 @@
+Fix out-of-bounds read in c_substitute():
+
+http://seclists.org/oss-sec/2016/q4/612
+
+Patch copied from upstream source repository:
+
+https://github.com/tcsh-org/tcsh/commit/6a542dc4fb2ba26518a47e9b3a9bcd6a91=
b94596
+
+From 6a542dc4fb2ba26518a47e9b3a9bcd6a91b94596 Mon Sep 17 00:00:00 2001
+From: christos <christos>
+Date: Fri, 2 Dec 2016 16:59:28 +0000
+Subject: [PATCH] Fix out of bounds read (Brooks Davis) (reproduce by start=
ing
+ tcsh and hitting tab at the prompt)
+
+---
+ ed.chared.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ed.chared.c b/ed.chared.c
+index 1277e53..310393e 100644
+--- ed.chared.c
++++ ed.chared.c
+@@ -750,7 +750,7 @@ c_substitute(void)
+     /*
+      * If we found a history character, go expand it.
+      */
+-    if (HIST !=3D '\0' && *p =3D=3D HIST)
++    if (p >=3D InputBuf && HIST !=3D '\0' && *p =3D=3D HIST)
+ 	nr_exp =3D c_excl(p);
+     else
+         nr_exp =3D 0;
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index f3350ef50..193160975 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -174,6 +174,7 @@ has a small feature set similar to a traditional Bourne=
 shell.")
 (define-public tcsh
   (package
     (name "tcsh")
+    (replacement tcsh/fixed)
     (version "6.18.01")
     (source (origin
               (method url-fetch)
@@ -231,6 +232,15 @@ command-line editor, programmable word completion, spe=
lling correction, a
 history mechanism, job control and a C-like syntax.")
     (license bsd-4)))
=20
+(define tcsh/fixed
+  (package
+    (inherit tcsh)
+    (name "tcsh")
+    (source (origin
+              (inherit (package-source tcsh))
+              (patches (cons (search-patch "tcsh-fix-out-of-bounds-read.pa=
tch")
+                             (origin-patches (package-source tcsh))))))))
+
 (define-public zsh
   (package
     (name "zsh")
--=20
2.11.0


--4Ckj6UjgE2iN1+kY--

--NDin8bjvE/0mNLFQ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlhIrBUACgkQJkb6MLrK
fwicFRAA4zP651+Pvk0GQXQfxwtsx8pK/4MVBCeQCva+b+wa1cdt/1euCiwGn3Gc
ZQWLv4pcFHMcWt04QkIynQoBeoGiurpOUB0PjcngQeB/7zr6n1zdqJDpy5csTr1V
8v8gAlWP+tv2VyiAL/KQB914h+LlOwcGiNGD9h8KBK8JpV1lZh5gaCRScKC1S6Ci
qMncZiMtlzYR+oG6rxnmgBYxHmfPfL/0CKDZMQhqJXZsNwZdK5L+qIwWaqiOZ2FI
c/ZArwGRDCxEAqXo7F/de/yl7E48LrzTi+yQpz0uUuqsqAhhY/BPGnFFzj7YL4xE
h1y3a+So/AR7W4eFBvZY6E6/2o4tCkeTmsxOrvolEj5s0v7dzVmeo8WeuHdZPbDo
XMwKeWFVBX7pkE+yPAKrxfEnyrhfQQamoNDgTTljXdlfO/hsFIIO8UppebkjcTCa
LYbmVIxie962zrk5VjzsMoejNGfYQa1+tvg5ASxLYvjdxHPt23GhkJePqCTateXP
5CFb1G/86rdIAS1I0yJbqN6+1OWGuq2yVbQL6iUxXtWngJ1eN3qdnqDF9oxzw+ty
9flmZ8zHhPuZJ+gNZlaEASb9vF8Yw1CJ9sxtCsqhc2ThcToWAUlZdAV7sGzI8vmD
R+egZPjl9rXx2x1ykUMiLo4Iy2NAjdOvVrdbEqIYyVOz01NK99g=
=Lgww
-----END PGP SIGNATURE-----

--NDin8bjvE/0mNLFQ--