* [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes]
@ 2024-10-19 22:58 Nicolas Graves via Guix-patches via
2024-10-20 12:20 ` Zheng Junjie
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-19 22:58 UTC (permalink / raw)
To: 73894; +Cc: Nicolas Graves
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
---
gnu/packages/chicken.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..a499c5d9ee 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,14 +32,14 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
--
2.46.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes]
2024-10-19 22:58 [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
@ 2024-10-20 12:20 ` Zheng Junjie
2024-10-20 21:30 ` Ludovic Courtès
2024-10-20 13:54 ` [bug#73894] [PATCH v2 1/2] " Nicolas Graves via Guix-patches via
2024-10-20 15:38 ` [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2 siblings, 1 reply; 7+ messages in thread
From: Zheng Junjie @ 2024-10-20 12:20 UTC (permalink / raw)
To: 73894; +Cc: ngraves
[-- Attachment #1: Type: text/plain, Size: 1747 bytes --]
Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
> This fixes CVE-2022-45145.
>
> * gnu/packages/chicken.scm (chicken): Update to 5.4.0.
> ---
> gnu/packages/chicken.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
> index 3743ae3e2a..a499c5d9ee 100644
> --- a/gnu/packages/chicken.scm
> +++ b/gnu/packages/chicken.scm
> @@ -32,14 +32,14 @@ (define-module (gnu packages chicken)
> (define-public chicken
> (package
> (name "chicken")
> - (version "5.3.0")
> + (version "5.4.0")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://code.call-cc.org/releases/"
> version "/chicken-" version ".tar.gz"))
> (sha256
> (base32
> - "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
> + "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
> (build-system gnu-build-system)
> (arguments
> `(#:modules ((guix build gnu-build-system)
on apply this patch, chicken-compile-file build fail, can you check it?
starting phase `build'
Error: extension or version not found: "compile-file"
fetching compile-file
TCP connect timeout
TCP connect timeout
error: in phase 'build': uncaught exception:
%exception #<&invoke-error program: "chicken-install" arguments: ("-cached" "-no-install" "compile-file") exit-status: 70 term-signal: #f stop-signal: #f>
phase `build' failed after 0.0 seconds
command "chicken-install" "-cached" "-no-install" "compile-file" failed with status 70
build process 18 exited with status 256
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH v2 1/2] gnu: chicken: Update to 5.4.0. [security fixes]
2024-10-19 22:58 [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-20 12:20 ` Zheng Junjie
@ 2024-10-20 13:54 ` Nicolas Graves via Guix-patches via
2024-10-20 13:54 ` [bug#73894] [PATCH v2 2/2] guix: chicken-build-system: Fix the build-system Nicolas Graves via Guix-patches via
2024-10-20 15:38 ` [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2 siblings, 1 reply; 7+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-20 13:54 UTC (permalink / raw)
To: 73894; +Cc: Nicolas Graves, zhengjunjie
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[arguments]<#:modules>: Add (ice-9 textual-ports).
<#:phases>: Add 'install-STATUS phase, which adds a file in
/share/chicken/STATUS that has become mandatory in the
chicken-build-system.
---
gnu/packages/chicken.scm | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..7f6d0afcc6 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,18 +32,19 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
+ (ice-9 textual-ports)
(srfi srfi-1))
;; No `configure' script; run "make check" after "make install" as
@@ -51,6 +52,21 @@ (define-public chicken
#:phases
(modify-phases %standard-phases
(delete 'configure)
+ ;; This file allows to avoid using -force in the chicken-build-system
+ ;; by pinning the upstream subversion revision.
+ (add-after 'install 'install-STATUS
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dest (string-append out "/share/chicken/STATUS")))
+ (call-with-input-file "buildid"
+ (lambda (input-port)
+ (call-with-output-file dest
+ (lambda (output-port)
+ (format output-port
+ "(~s ~s #f #f #f #f #f)"
+ (string-delete #\newline
+ (get-string-all input-port))
+ out))))))))
(delete 'check)
(add-after 'install 'check
(assoc-ref %standard-phases 'check)))
--
2.46.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH v2 2/2] guix: chicken-build-system: Fix the build-system.
2024-10-20 13:54 ` [bug#73894] [PATCH v2 1/2] " Nicolas Graves via Guix-patches via
@ 2024-10-20 13:54 ` Nicolas Graves via Guix-patches via
0 siblings, 0 replies; 7+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-20 13:54 UTC (permalink / raw)
To: 73894; +Cc: Nicolas Graves, zhengjunjie
* guix/build/chicken-build-system.scm (stamp-egg-version): Modify
phase to create the new mandatory
$CHICKEN_EGG_CACHE/.cache-metadata/STATUS
and $CHICKEN_EGG_CACHE/.cache-metadata/VERSION.
---
guix/build/chicken-build-system.scm | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/guix/build/chicken-build-system.scm b/guix/build/chicken-build-system.scm
index 8f9f59cc25..92bccae619 100644
--- a/guix/build/chicken-build-system.scm
+++ b/guix/build/chicken-build-system.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 raingloom <raingloom@riseup.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -88,8 +89,7 @@ (define (unpack-maybe-strip source dest)
(mkdir-p dest)
(if (file-is-directory? source)
(copy-recursively source dest #:keep-mtime? #t)
- (unpack-maybe-strip source dest)))
- #t)
+ (unpack-maybe-strip source dest))))
(define* (build #:key egg-name #:allow-other-keys)
"Build the Chicken egg named by EGG-NAME"
@@ -111,15 +111,25 @@ (define* (check #:key egg-name tests? #:allow-other-keys)
(when tests?
(invoke "chicken-install" "-cached" "-test" "-no-install" egg-name)))
-(define* (stamp-egg-version #:key egg-name name #:allow-other-keys)
- "Check if EGG-NAME.egg contains version information and add some if not."
- (let* ((filename (string-append egg-name "/" egg-name ".egg"))
- (egg-info (call-with-input-file filename read))
+(define* (stamp-egg-version #:key egg-name name inputs #:allow-other-keys)
+ "Check if EGG-NAME.egg contains version information and add some if not.
+Since chicken@5.4.0, also create the STATUS and VERSION files in
+$CHICKEN_EGG_CACHE/.cache-metadata."
+ (let* ((egg (string-append egg-name "/" egg-name ".egg"))
+ (metadatadir (string-append (getenv "CHICKEN_EGG_CACHE")
+ "/.cache-metadata/" egg-name))
+ (egg-info (call-with-input-file egg read))
(ver? (find (lambda (i) (eqv? (car i) 'version)) egg-info))
(ver (substring name (1+ (string-rindex name #\-)))))
- (when (not ver?)
- (make-file-writable filename)
- (call-with-output-file filename
+ (mkdir-p metadatadir)
+ (install-file (search-input-file inputs "/share/chicken/STATUS")
+ metadatadir)
+ (call-with-output-file
+ (string-append metadatadir "/VERSION")
+ (lambda (p) (format p "~a" ver)))
+ (unless ver?
+ (make-file-writable egg)
+ (call-with-output-file egg
(lambda (f) (write (cons `(version ,ver) egg-info) f))))))
;; It doesn't look like Chicken generates any unnecessary references.
--
2.46.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes]
2024-10-19 22:58 [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-20 12:20 ` Zheng Junjie
2024-10-20 13:54 ` [bug#73894] [PATCH v2 1/2] " Nicolas Graves via Guix-patches via
@ 2024-10-20 15:38 ` Nicolas Graves via Guix-patches via
2024-10-20 15:38 ` [bug#73894] [PATCH v3 2/2] guix: chicken-build-system: Fix the build-system Nicolas Graves via Guix-patches via
2 siblings, 1 reply; 7+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-20 15:38 UTC (permalink / raw)
To: 73894; +Cc: Nicolas Graves, zhengjunjie
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[arguments]<#:modules>: Add (ice-9 textual-ports).
<#:phases>: Add 'install-STATUS phase, which adds a file in
/share/chicken/STATUS that has become mandatory in the
chicken-build-system.
---
gnu/packages/chicken.scm | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..a268e63bf2 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,18 +32,19 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
+ (ice-9 textual-ports)
(srfi srfi-1))
;; No `configure' script; run "make check" after "make install" as
@@ -51,6 +52,20 @@ (define-public chicken
#:phases
(modify-phases %standard-phases
(delete 'configure)
+ ;; This file allows to avoid using -force in the chicken-build-system
+ ;; by pinning the upstream subversion revision.
+ (add-after 'install 'install-STATUS
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dest (string-append out "/share/chicken/STATUS")))
+ (call-with-input-file "buildid"
+ (lambda (input-port)
+ (call-with-output-file dest
+ (lambda (output-port)
+ (format output-port
+ "(~s ~s #f #f #f #f #f)"
+ (get-line input-port)
+ out))))))))
(delete 'check)
(add-after 'install 'check
(assoc-ref %standard-phases 'check)))
--
2.46.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH v3 2/2] guix: chicken-build-system: Fix the build-system.
2024-10-20 15:38 ` [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
@ 2024-10-20 15:38 ` Nicolas Graves via Guix-patches via
0 siblings, 0 replies; 7+ messages in thread
From: Nicolas Graves via Guix-patches via @ 2024-10-20 15:38 UTC (permalink / raw)
To: 73894; +Cc: Nicolas Graves, zhengjunjie
* guix/build/chicken-build-system.scm (stamp-egg-version): Modify
phase to create the new mandatory
$CHICKEN_EGG_CACHE/.cache-metadata/STATUS
and $CHICKEN_EGG_CACHE/.cache-metadata/VERSION.
---
guix/build/chicken-build-system.scm | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/guix/build/chicken-build-system.scm b/guix/build/chicken-build-system.scm
index 8f9f59cc25..92bccae619 100644
--- a/guix/build/chicken-build-system.scm
+++ b/guix/build/chicken-build-system.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 raingloom <raingloom@riseup.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -88,8 +89,7 @@ (define (unpack-maybe-strip source dest)
(mkdir-p dest)
(if (file-is-directory? source)
(copy-recursively source dest #:keep-mtime? #t)
- (unpack-maybe-strip source dest)))
- #t)
+ (unpack-maybe-strip source dest))))
(define* (build #:key egg-name #:allow-other-keys)
"Build the Chicken egg named by EGG-NAME"
@@ -111,15 +111,25 @@ (define* (check #:key egg-name tests? #:allow-other-keys)
(when tests?
(invoke "chicken-install" "-cached" "-test" "-no-install" egg-name)))
-(define* (stamp-egg-version #:key egg-name name #:allow-other-keys)
- "Check if EGG-NAME.egg contains version information and add some if not."
- (let* ((filename (string-append egg-name "/" egg-name ".egg"))
- (egg-info (call-with-input-file filename read))
+(define* (stamp-egg-version #:key egg-name name inputs #:allow-other-keys)
+ "Check if EGG-NAME.egg contains version information and add some if not.
+Since chicken@5.4.0, also create the STATUS and VERSION files in
+$CHICKEN_EGG_CACHE/.cache-metadata."
+ (let* ((egg (string-append egg-name "/" egg-name ".egg"))
+ (metadatadir (string-append (getenv "CHICKEN_EGG_CACHE")
+ "/.cache-metadata/" egg-name))
+ (egg-info (call-with-input-file egg read))
(ver? (find (lambda (i) (eqv? (car i) 'version)) egg-info))
(ver (substring name (1+ (string-rindex name #\-)))))
- (when (not ver?)
- (make-file-writable filename)
- (call-with-output-file filename
+ (mkdir-p metadatadir)
+ (install-file (search-input-file inputs "/share/chicken/STATUS")
+ metadatadir)
+ (call-with-output-file
+ (string-append metadatadir "/VERSION")
+ (lambda (p) (format p "~a" ver)))
+ (unless ver?
+ (make-file-writable egg)
+ (call-with-output-file egg
(lambda (f) (write (cons `(version ,ver) egg-info) f))))))
;; It doesn't look like Chicken generates any unnecessary references.
--
2.46.0
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes]
2024-10-20 12:20 ` Zheng Junjie
@ 2024-10-20 21:30 ` Ludovic Courtès
0 siblings, 0 replies; 7+ messages in thread
From: Ludovic Courtès @ 2024-10-20 21:30 UTC (permalink / raw)
To: Zheng Junjie; +Cc: ngraves, 73894
Zheng Junjie <zhengjunjie@iscas.ac.cn> skribis:
> Nicolas Graves via Guix-patches via <guix-patches@gnu.org> writes:
>
>> This fixes CVE-2022-45145.
>>
>> * gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[...]
> on apply this patch, chicken-compile-file build fail, can you check it?
Nicolas, see also <https://issues.guix.gnu.org/72173>.
Ludo’.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2024-10-20 21:31 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-19 22:58 [bug#73894] [PATCH] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-20 12:20 ` Zheng Junjie
2024-10-20 21:30 ` Ludovic Courtès
2024-10-20 13:54 ` [bug#73894] [PATCH v2 1/2] " Nicolas Graves via Guix-patches via
2024-10-20 13:54 ` [bug#73894] [PATCH v2 2/2] guix: chicken-build-system: Fix the build-system Nicolas Graves via Guix-patches via
2024-10-20 15:38 ` [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes] Nicolas Graves via Guix-patches via
2024-10-20 15:38 ` [bug#73894] [PATCH v3 2/2] guix: chicken-build-system: Fix the build-system Nicolas Graves via Guix-patches via
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).