From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kei Kebreau Subject: Re: Chicken security bugs [was Re: [peter@more-magic.net: Irregex packages should be updated to 0.9.6]] Date: Sat, 24 Dec 2016 20:59:59 -0500 Message-ID: <87lgv4ydi8.fsf@openmailbox.org> References: <20161216193319.GA12690@jasmine> <20161216193659.GA26067@jasmine> <87lgv7zs6y.fsf@openmailbox.org> <20161224063251.GA30959@jasmine> <87pokhxha8.fsf@openmailbox.org> <20161224210440.GA7145@jasmine> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39164) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cKy6u-0006a5-P1 for guix-devel@gnu.org; Sat, 24 Dec 2016 21:00:30 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cKy6q-0003Xc-SG for guix-devel@gnu.org; Sat, 24 Dec 2016 21:00:28 -0500 Received: from mail2.openmailbox.org ([62.4.1.33]:33069) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cKy6q-0003XY-Dl for guix-devel@gnu.org; Sat, 24 Dec 2016 21:00:24 -0500 In-Reply-To: <20161224210440.GA7145@jasmine> (Leo Famulari's message of "Sat, 24 Dec 2016 16:04:40 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Leo Famulari writes: > On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote: >> Leo Famulari writes: >> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote: >> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}. >> >>=20 >> >> * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New= file. >> >> * gnu/local.mk (dist_patch_DATA): Use it. >> >> * gnu/packages/scheme.scm (chicken)[source]: Use it. >> > >> > Thank you for looking into this! >> > >> > Something like this patch is in CHICKEN 4.11.1: >> > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3Dc= ommitdiff;h=3D0d20426c6da0f116606574dadadaa878b96a68ea >> > >> > And there is a patch for the IrRegex bug after the latest tag: >> > >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3Dc= ommitdiff;h=3D2c419f18138c17767754b36d3b706cd71a55350a >> > >> > Can you try updating CHICKEN and applying that IrRegex patch? >>=20 >> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN >> binary due to its build system requirements. Do we have any objection to >> bootstrapping CHICKEN 4.11.1 from version 4.11.0? > > Interesting! > > I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1. > > Changing the build system like that seems unusual for a minor point > release, and I don't see it documented in the 4.11.1 NEWS file: > > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=3Dchicken-core.git;a=3Dblob= ;f=3DNEWS;h=3D545d68583c8375bd5243ec07a53faff9ec1685a3;hb=3D116f42e7a3eab2a= 02b853fd038af3cb3aadad5c3 > I must have phrased that too vaguely. It's just a "building from release tarball vs from git checkout" thing, documented in the README file of both releases. I've been having trouble with the seemingly identical test suite using the attached WIP patch. Perhaps the dreary wheather is clouding my thoughts. > One way or another, we should fix these bugs in our package. Thanks for > taking care of it :) You're welcome! --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=0001-gnu-chicken-Update-to-4.11.1.patch Content-Transfer-Encoding: quoted-printable From=2061803beae802f626e85e9fe089982c18837aaa08 Mon Sep 17 00:00:00 2001 From: Kei Kebreau Date: Sat, 24 Dec 2016 20:52:45 -0500 Subject: [PATCH] gnu: chicken: Update to 4.11.1. * gnu/packages/scheme.scm (chicken): Update to 4.11.1. =2D-- gnu/packages/scheme.scm | 49 +++++++++++++++++++++++++++++++++++++++++++++= ++-- 1 file changed, 47 insertions(+), 2 deletions(-) diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 78f387faf..4f9718ae7 100644 =2D-- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -320,9 +320,9 @@ applications in many fields such as multimedia (web gal= leries, music players, mashups, office (web agendas, mail clients, ...), etc.") (license gpl2+))) =20 =2D(define-public chicken +(define chicken-4.11.0 (package =2D (name "chicken") + (name "chicken-4.11.0") (version "4.11.0") (source (origin (method url-fetch) @@ -374,6 +374,51 @@ produces portable and efficient C, supports almost all= of the R5RS Scheme language standard, and includes many enhancements and extensions.") (license bsd-3))) =20 +(define-public chicken + (package + (inherit chicken-4.11.0) + (name "chicken") + (version "4.11.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://code.call-cc.org/git/chicken-core.git") + (commit version))) + (sha256 + (base32 + "1a0jxi5k2n2dx7zn9blynd9lg45v2w4jnh24d67lqazasricgs1k")))) + (arguments + `(;; No `configure' script; run "make check" after "make install" as + ;; prescribed by README. + #:phases + (modify-phases %standard-phases + (delete 'configure) + (delete 'check) + (add-after 'install 'check + (assoc-ref %standard-phases 'check)) + (add-after 'unpack 'disable-broken-tests + (lambda _ + ;; The port tests fail with this error: + ;; Error: (line 294) invalid escape-sequence '\x o' + (substitute* "tests/runtests.sh" + (("\\$interpret -s port-tests\\.scm") "")) + #t))) + + #:make-flags (let ((out (assoc-ref %outputs "out")) + (chicken-binary + (string-append + (assoc-ref %build-inputs "chicken-4.11.0") + "/bin/chicken"))) + (list "PLATFORM=3Dlinux" + (string-append "PREFIX=3D" out) + (string-append "VARDIR=3D" out "/var/lib") + (string-append "CHICKEN=3D" chicken-binary))) + + ;; Parallel builds are not supported, as noted in README. + #:parallel-build? #f)) + (inputs + `(("chicken-4.11.0" ,chicken-4.11.0))))) ; necessary for building fro= m git + (define-public scheme48 (package (name "scheme48") =2D-=20 2.11.0 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAlhfKB8ACgkQ5qXuPBlG eg2h+Q//dXCHkDUK3nEgk++ig/39kEAt3nsOshIw/6zeyMCibMFaBfw8L4tMpC81 C0hKfwm6LWmBE+ovHK5PChve2wWdgxzKaP9gvSun83nAxnRVLy0f7pHujnay7hzn n+i+z8mn9tgZO+K+dvUEt23Ct/IwjSI3XflqSXNHTlXTJgimtj4KAGSnsZ1j9KFA LuAy14c9iKkOdGQCOAg9cgthhGAE9DP57tDkw4p0TLnPQyyUXy3uVScJutHZ09EE O02BVc/Usf04x8AQIiqshL2NplCVWOdxe3WA6sxr8E3EYoxKt2wsrDOEOiwmBAZ1 Y3EYMuXEX2hIjeI1En7Nqm57fU1mbI0AYZtamoVHQpgeQ/5RzjztCqkmGt557icy ygi035N8/3uA8L4W9rrWKAqtnfd5SBYao07x4gK49vSsrLinNu72dL/2c8JjLT9N l6bRl28B9/6Ji0/+2k/2ssANIkx4DdIfCK2evoCHNvvvORRra+ynGz7KmUGv5zRK pZJHbxw3kRKHURGnB7K4zX7scXIJNRWFfIBU/PVAA4H5+8oUQbM9pawBWrTbMkVF VFkaHuMa86nRHgEbj79SFLhFG41Kdx1HFthsYb3igkpQ1awP+Gfpa5HKwhYWdKYG XRWrlY/P9RF4X3p0rwUtny1aldSfejSDwR7enZa0cc1r3rayDwQ= =SYf1 -----END PGP SIGNATURE----- --==-=-=--