On Sat, Sep 02, 2023 at 09:59:23PM -0400, Philip McGrath wrote: > tags 65482 + security > quit > > On 8/23/23 20:05, Philip McGrath wrote: > > Hi, > > > > In addition to updating Racket to 8.10, this patch series backports fixes > > merged upstream for rktboot on architectures other than x86_64 and removes > > a corresponding workaround from the Guix packaging. > > > > Efraim and Tim, I'm CC'ing you because of your recent patches for rktboot on > > aarch64 and riscv64: it would be great if you could confirm that this series > > works on those architectures. It would also be useful to test powerpc64le, > > especially since it is supported via 'pbarch', which takes some different > > branches. > > > > Apparently Racket 8.10 fixes a notable security vulnerability related to > module path parsing. There's an initial post at > , but they're not publishing > the details of how to exploit the vulnerability until more people have had a > chance to upgrade. (I don't think I fully understand the implications of the > issue myself.) > > Also, Tim, thanks for testing! I seem not to have gotten your mail, but I > saw it on the tracker just now. Sorry for just getting to this now. As far as it working on riscv64, the test suite for racket didn't pass before, so there's no real possibility of regression on Guix's end. Currently it fails while building chez-scheme-for-racket-9.9.9-pre-release.17, but if upstream didn't notice then that's something else. starting phase `configure' source directory: "/tmp/guix-build-chez-scheme-for-racket-9.9.9-pre-release.17.drv-0/source/racket/src/ChezScheme" (relative from build: "../ChezScheme") build directory: "/tmp/guix-build-chez-scheme-for-racket-9.9.9-pre-release.17.drv-0/source/racket/src/build" configure flags: ("--disable-x11" "--threads" "-m=trv64le" "--installcsug=/gnu/store/c66pkyb1kvbi0jn1shanxrzbjvfqjmqf-chez-scheme-for-racket-9.9.9-pre-release.17-doc/share/doc/chez-scheme-for-racket-9.9.9-pre-release.17/csug" "--installreleasenotes=/gnu/store/c66pkyb1kvbi0jn1shanxrzbjvfqjmqf-chez-scheme-for-racket-9.9.9-pre-release.17-doc/share/doc/chez-scheme-for-racket-9.9.9-pre-release.17/release_notes" "--installprefix=/gnu/store/bqjwn04ix8xd9bwdni861244yza75qrf-chez-scheme-for-racket-9.9.9-pre-release.17" "ZLIB=-lz" "LZ4=-llz4" "--libkernel" "--nogzip-man-pages") No suitable machine type found in "../ChezScheme/boot". Available machine types: tpb64l See "../ChezScheme/BUILDING" for ways of getting boot files. I'll see about fixing the missing files or configure options. Don't let it not building on riscv64 delay this update though. -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted