Leo Famulari writes: > On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote: >> Leo Famulari writes: >> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote: >> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}. >> >> >> >> * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file. >> >> * gnu/local.mk (dist_patch_DATA): Use it. >> >> * gnu/packages/scheme.scm (chicken)[source]: Use it. >> > >> > Thank you for looking into this! >> > >> > Something like this patch is in CHICKEN 4.11.1: >> > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=0d20426c6da0f116606574dadadaa878b96a68ea >> > >> > And there is a patch for the IrRegex bug after the latest tag: >> > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=2c419f18138c17767754b36d3b706cd71a55350a >> > >> > Can you try updating CHICKEN and applying that IrRegex patch? >> >> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN >> binary due to its build system requirements. Do we have any objection to >> bootstrapping CHICKEN 4.11.1 from version 4.11.0? > > Interesting! > > I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1. > > Changing the build system like that seems unusual for a minor point > release, and I don't see it documented in the 4.11.1 NEWS file: > > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=545d68583c8375bd5243ec07a53faff9ec1685a3;hb=116f42e7a3eab2a02b853fd038af3cb3aadad5c3 > I must have phrased that too vaguely. It's just a "building from release tarball vs from git checkout" thing, documented in the README file of both releases. I've been having trouble with the seemingly identical test suite using the attached WIP patch. Perhaps the dreary wheather is clouding my thoughts. > One way or another, we should fix these bugs in our package. Thanks for > taking care of it :) You're welcome!