From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: Chicken security bugs [was Re: [peter@more-magic.net: Irregex packages should be updated to 0.9.6]] Date: Sun, 25 Dec 2016 00:38:18 -0500 Message-ID: <87fulcy3ed.fsf@openmailbox.org> References: <20161216193319.GA12690@jasmine> <20161216193659.GA26067@jasmine> <87lgv7zs6y.fsf@openmailbox.org> <20161224063251.GA30959@jasmine> <87pokhxha8.fsf@openmailbox.org> <20161224210440.GA7145@jasmine> <87lgv4ydi8.fsf@openmailbox.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55636) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cL1W7-00046I-GC for guix-devel@gnu.org; Sun, 25 Dec 2016 00:38:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cL1W3-0000yF-W7 for guix-devel@gnu.org; Sun, 25 Dec 2016 00:38:43 -0500 Received: from mail2.openmailbox.org ([62.4.1.33]:60749) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cL1W3-0000y6-Gp for guix-devel@gnu.org; Sun, 25 Dec 2016 00:38:39 -0500 In-Reply-To: <87lgv4ydi8.fsf@openmailbox.org> (Kei Kebreau's message of "Sat, 24 Dec 2016 20:59:59 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Kei Kebreau writes: > Leo Famulari writes: > >> On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote: >>> Leo Famulari writes: >>> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote: >>> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}. >>> >>=20 >>> >> * >>> >> gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: >>> >> New file. >>> >> * gnu/local.mk (dist_patch_DATA): Use it. >>> >> * gnu/packages/scheme.scm (chicken)[source]: Use it. >>> > >>> > Thank you for looking into this! >>> > >>> > Something like this patch is in CHICKEN 4.11.1: >>> > >>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3D= commitdiff;h=3D0d20426c6da0f116606574dadadaa878b96a68ea >>> > >>> > And there is a patch for the IrRegex bug after the latest tag: >>> > >>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3D= commitdiff;h=3D2c419f18138c17767754b36d3b706cd71a55350a >>> > >>> > Can you try updating CHICKEN and applying that IrRegex patch? >>>=20 >>> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN >>> binary due to its build system requirements. Do we have any objection to >>> bootstrapping CHICKEN 4.11.1 from version 4.11.0? >> >> Interesting! >> >> I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1. >> >> Changing the build system like that seems unusual for a minor point >> release, and I don't see it documented in the 4.11.1 NEWS file: >> >> https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3Dblo= b;f=3DNEWS;h=3D545d68583c8375bd5243ec07a53faff9ec1685a3;hb=3D116f42e7a3eab2= a02b853fd038af3cb3aadad5c3 >> > > I must have phrased that too vaguely. It's just a "building from release > tarball vs from git checkout" thing, documented in the README file of > both releases. I've been having trouble with the seemingly identical > test suite using the attached WIP patch. Perhaps the dreary wheather is > clouding my thoughts. > Update! I found a file "types.db" that is unwritable. However, changing access permissions in the (hackish) way I've done in the patch makes the build's hash time-dependent. >> One way or another, we should fix these bugs in our package. Thanks for >> taking care of it :) > > You're welcome! Merry Grav-Mass, BTW. :) --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-chicken-Update-to-4.11.1.patch Content-Transfer-Encoding: quoted-printable From=200f55ac1274b30f714b9454d623d860ef6f710da6 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sun, 25 Dec 2016 00:31:53 -0500 Subject: [PATCH] gnu: chicken: Update to 4.11.1. * gnu/packages/scheme.scm (chicken): Update to 4.11.1. =2D-- gnu/packages/scheme.scm | 52 +++++++++++++++++++++++++++++++++++++++++++++= ++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 78f387faf..0ad449ae2 100644 =2D-- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -320,9 +320,9 @@ applications in many fields such as multimedia (web gal= leries, music players, mashups, office (web agendas, mail clients, ...), etc.") (license gpl2+))) =20 =2D(define-public chicken +(define chicken-4.11.0 (package =2D (name "chicken") + (name "chicken-4.11.0") (version "4.11.0") (source (origin (method url-fetch) @@ -374,6 +374,54 @@ produces portable and efficient C, supports almost all= of the R5RS Scheme language standard, and includes many enhancements and extensions.") (license bsd-3))) =20 +(define-public chicken + (package + (inherit chicken-4.11.0) + (name "chicken") + (version "4.11.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://code.call-cc.org/git/chicken-core.git") + (commit version))) + (sha256 + (base32 + "1a0jxi5k2n2dx7zn9blynd9lg45v2w4jnh24d67lqazasricgs1k")))) + (arguments + `(;; No `configure' script; run "make check" after "make install" as + ;; prescribed by README. + #:phases + (modify-phases %standard-phases + (delete 'configure) + (delete 'check) + (add-after 'install 'check + (assoc-ref %standard-phases 'check)) + (add-after 'unpack 'disable-broken-tests + (lambda _ + ;; The port tests fail with this error: + ;; Error: (line 294) invalid escape-sequence '\x o' + (substitute* "tests/runtests.sh" + (("\\$interpret -s port-tests\\.scm") "") + (("mkdir -p test-repository") + (string-append "mkdir -p test-repository\n" + "chmod 644 ../types.db"))) + #t))) + + #:make-flags (let ((out (assoc-ref %outputs "out")) + (chicken-binary + (string-append + (assoc-ref %build-inputs "chicken-4.11.0") + "/bin/chicken"))) + (list "PLATFORM=3Dlinux" + (string-append "PREFIX=3D" out) + (string-append "VARDIR=3D" out "/var/lib") + (string-append "CHICKEN=3D" chicken-binary))) + + ;; Parallel builds are not supported, as noted in README. + #:parallel-build? #f)) + (inputs + `(("chicken-4.11.0" ,chicken-4.11.0))))) ; necessary for building fro= m git + (define-public scheme48 (package (name "scheme48") =2D-=20 2.11.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlhfW0sACgkQ5qXuPBlG eg2K7w//diYxPFXJ+lO6YhoOZ66b2Ef87NsA2H48dQDfh5evHq4wMM4WI4nfRQXV VSXbV7XvLWN771j4rOkLIPpW3+kuA5gwJco0HuJCs0bWyzw+Bt0/Jewvmymz9Uan RMo7wz2XCMrzj9U1MEfLndM6oczWhuWIpwo6jpRmqxVx9xePtqdKfkMalLVOa411 HBdFsplSyD4y8cxgL5aaKEt2G37eMdoriMqZH7QubFH37WW9TvaaGYJevL7auSNC PlzdLSH8shB7IcK7qWAGhDV1+YncDrd5MqCCzpVi/G71eUODAeFCJ1JiKotdquNc DaIv52VhT4HN2FxVJgJW8ij+xHvnOWz0+JjUPDpjaZOLqQO97uwiqxpnETL9kWKq 6/ePjsPc6ggAKJMmfVQ/h1nha54dy3ZIKyM2k5OZiCo6QGG1Rtx89YsvYyIjYYBg +IoGJnoPZg9LVLZk4rCJBkUndHOQ2f2QbdVn/zoLQ9UT/CuBIJH4BJ8sr85dYIz0 ug/SJgLjRv07SO+XwrhTaJbNc6mt4BCuCQJNryT1OJT1BJMf9QclsPMtNx6b3fCV OYBHpuhWv33E4xiVIaJd4hn9vMdnsE1h/kK7YNlhTO03A4KvQYSQAK4HdPHZVpfU W/Td+82gxOxvTE68fCjOe3mZ84ixQwnFstTc6lY6/aQCgTwh+Yc= =ZfOg -----END PGP SIGNATURE----- --==-=-=--