On Sat, Dec 24, 2016 at 08:59:59PM -0500, Kei Kebreau wrote: > Leo Famulari writes: > > > On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote: > >> Leo Famulari writes: > >> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote: > >> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}. > >> >> > >> >> * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file. > >> >> * gnu/local.mk (dist_patch_DATA): Use it. > >> >> * gnu/packages/scheme.scm (chicken)[source]: Use it. > >> > > >> > Thank you for looking into this! > >> > > >> > Something like this patch is in CHICKEN 4.11.1: > >> > > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=0d20426c6da0f116606574dadadaa878b96a68ea > >> > > >> > And there is a patch for the IrRegex bug after the latest tag: > >> > > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=2c419f18138c17767754b36d3b706cd71a55350a > >> > > >> > Can you try updating CHICKEN and applying that IrRegex patch? > >> > >> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN > >> binary due to its build system requirements. Do we have any objection to > >> bootstrapping CHICKEN 4.11.1 from version 4.11.0? > > > > Interesting! > > > > I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1. > > > > Changing the build system like that seems unusual for a minor point > > release, and I don't see it documented in the 4.11.1 NEWS file: > > > > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=545d68583c8375bd5243ec07a53faff9ec1685a3;hb=116f42e7a3eab2a02b853fd038af3cb3aadad5c3 > > > > I must have phrased that too vaguely. It's just a "building from release > tarball vs from git checkout" thing, documented in the README file of > both releases. I've been having trouble with the seemingly identical > test suite using the attached WIP patch. Perhaps the dreary wheather is > clouding my thoughts. How about using a development snapshot? http://code.call-cc.org/dev-snapshots/