diff options
author | Kei Kebreau <kkebreau@posteo.net> | 2017-12-23 09:03:50 -0500 |
---|---|---|
committer | Kei Kebreau <kkebreau@posteo.net> | 2017-12-23 09:18:43 -0500 |
commit | 79bffa3ec8c1a3783c9b0f12b948b6a076ec17f6 (patch) | |
tree | 2cb552cac7720077451f8e939dc402350c05b090 | |
parent | 28c03b4555e99da9524c697f5eba3783916050c7 (diff) | |
download | guix-79bffa3ec8c1a3783c9b0f12b948b6a076ec17f6.tar.gz guix-79bffa3ec8c1a3783c9b0f12b948b6a076ec17f6.zip |
gnu: chicken: Update to 4.13.0.
* gnu/packages/scheme.scm (chicken): Update to 4.13.0.
[source]: Remove obsolete patches.
* gnu/packages/patches/chicken-CVE-2017-6949.patch,
gnu/packages/patches/chicken-CVE-2017-11343.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
-rw-r--r-- | gnu/local.mk | 2 | ||||
-rw-r--r-- | gnu/packages/patches/chicken-CVE-2017-11343.patch | 57 | ||||
-rw-r--r-- | gnu/packages/patches/chicken-CVE-2017-6949.patch | 132 | ||||
-rw-r--r-- | gnu/packages/scheme.scm | 7 |
4 files changed, 2 insertions, 196 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index b1cf3c3de5..3dae58f82f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -570,8 +570,6 @@ dist_patch_DATA = \ %D%/packages/patches/ceph-disable-unittest-throttle.patch \ %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ - %D%/packages/patches/chicken-CVE-2017-6949.patch \ - %D%/packages/patches/chicken-CVE-2017-11343.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch deleted file mode 100644 index 1d46ad50d9..0000000000 --- a/gnu/packages/patches/chicken-CVE-2017-11343.patch +++ /dev/null @@ -1,57 +0,0 @@ -Fix CVE-2017-11343: - -https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 - -Patch copied from upstream mailing list: - -http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt - -From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 -From: Peter Bex <address@hidden> -Date: Fri, 30 Jun 2017 15:39:45 +0200 -Subject: [PATCH 2/2] Initialize symbol table after setting up randomization - -Otherwise, the symbol table wouldn't be correctly randomized. ---- - NEWS | 3 +++ - runtime.c | 2 +- - 2 files changed, 4 insertions(+), 1 deletion(-) - -#diff --git a/NEWS b/NEWS -#index f4b0e041..6588b30e 100644 -#--- a/NEWS -#+++ b/NEWS -#@@ -96,6 +96,9 @@ -# buffer overrun and/or segfault (thanks to Lemonboy). -# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes -# #1375, thanks to "megane"). -#+ - The randomization factor of the symbol table was set before -#+ the random seed was set, causing it to have a fixed value on many -#+ platforms. -# -# - Core Libraries -# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are -diff --git a/runtime.c b/runtime.c -index 81c54dd2..a4580abc 100644 ---- a/runtime.c -+++ b/runtime.c -@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) - C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; - C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; - memset(signal_mapping_table, 0, sizeof(int) * NSIG); -- initialize_symbol_table(); - C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; - error_location = C_SCHEME_FALSE; - C_pre_gc_hook = NULL; -@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) - callback_continuation_level = 0; - gc_ms = 0; - (void)C_randomize(C_fix(time(NULL))); -+ initialize_symbol_table(); - - if (profiling) { - #ifndef C_NONUNIX --- -2.11.0 - diff --git a/gnu/packages/patches/chicken-CVE-2017-6949.patch b/gnu/packages/patches/chicken-CVE-2017-6949.patch deleted file mode 100644 index 00552eec76..0000000000 --- a/gnu/packages/patches/chicken-CVE-2017-6949.patch +++ /dev/null @@ -1,132 +0,0 @@ -From: LemonBoy <thatlemon@gmail.com> -Date: Fri, 10 Mar 2017 16:29:47 +0100 -Subject: [PATCH] Add bound checking to all srfi-4 vector allocations. - -Do what C_allocate_vector already does and prevent the creation of a -vector that's too big or too small. -We should be very careful to avoid the latter case because the -allocation size is directly fed into `malloc' as 'x + sizeof(C_header)' -thus making possible to successfully allocate a vector smaller than the -C_header structure and get C_block_header_init to write over -uninitialized memory. - -To reduce code duplication, type checking is moved from each of the -make-*vector procedures to the common "alloc" helper procedure. - -Signed-off-by: Peter Bex <peter@more-magic.net> -Signed-off-by: Kooda <kooda@upyum.com> ---- - srfi-4.scm | 34 +++++++++++++++------------------- - 1 file changed, 15 insertions(+), 19 deletions(-) - -diff --git a/srfi-4.scm b/srfi-4.scm -index 7f5412b..69f58ba 100644 ---- a/srfi-4.scm -+++ b/srfi-4.scm -@@ -255,24 +255,28 @@ EOF - - ;;; Basic constructors: - --(let* ([ext-alloc -- (foreign-lambda* scheme-object ([int bytes]) -- "C_word *buf = (C_word *)C_malloc(bytes + sizeof(C_header));" -+(let* ((ext-alloc -+ (foreign-lambda* scheme-object ((size_t bytes)) -+ "C_word *buf;" -+ "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);" -+ "buf = (C_word *)C_malloc(bytes + sizeof(C_header));" - "if(buf == NULL) C_return(C_SCHEME_FALSE);" - "C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));" -- "C_return(buf);") ] -- [ext-free -- (foreign-lambda* void ([scheme-object bv]) -- "C_free((void *)C_block_item(bv, 1));") ] -- [alloc -+ "C_return(buf);") ) -+ (ext-free -+ (foreign-lambda* void ((scheme-object bv)) -+ "C_free((void *)C_block_item(bv, 1));") ) -+ (alloc - (lambda (loc len ext?) -+ (##sys#check-exact len loc) -+ (when (fx< len 0) (##sys#error loc "size is negative" len)) - (if ext? -- (let ([bv (ext-alloc len)]) -+ (let ((bv (ext-alloc len))) - (or bv - (##sys#error loc "not enough memory - cannot allocate external number vector" len)) ) -- (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be made better... -+ (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be made better... - (##core#inline "C_string_to_bytevector" bv) -- bv) ) ) ] ) -+ bv) ) ) ) ) - - (set! release-number-vector - (lambda (v) -@@ -282,7 +286,6 @@ EOF - - (set! make-u8vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-u8vector) - (let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector len ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -295,7 +298,6 @@ EOF - - (set! make-s8vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-s8vector) - (let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector len ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -308,7 +310,6 @@ EOF - - (set! make-u16vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-u16vector) - (let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector (##core#inline "C_fixnum_shift_left" len 1) ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -321,7 +322,6 @@ EOF - - (set! make-s16vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-s16vector) - (let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector (##core#inline "C_fixnum_shift_left" len 1) ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -334,7 +334,6 @@ EOF - - (set! make-u32vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-u32vector) - (let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector (##core#inline "C_fixnum_shift_left" len 2) ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -347,7 +346,6 @@ EOF - - (set! make-s32vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-s32vector) - (let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector (##core#inline "C_fixnum_shift_left" len 2) ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -360,7 +358,6 @@ EOF - - (set! make-f32vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-f32vector) - (let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector (##core#inline "C_fixnum_shift_left" len 2) ext?)))) - (when (and ext? fin?) (set-finalizer! v ext-free)) - (if (not init) -@@ -375,7 +372,6 @@ EOF - - (set! make-f64vector - (lambda (len #!optional (init #f) (ext? #f) (fin? #t)) -- (##sys#check-exact len 'make-f64vector) - (let ((v (##sys#make-structure - 'f64vector - (alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ext?)))) --- -2.1.4 - diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index bafc3da332..f1d73c2a7d 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -336,17 +336,14 @@ mashups, office (web agendas, mail clients, ...), etc.") (define-public chicken (package (name "chicken") - (version "4.12.0") + (version "4.13.0") (source (origin (method url-fetch) (uri (string-append "https://code.call-cc.org/releases/" version "/chicken-" version ".tar.gz")) (sha256 (base32 - "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0")) - (patches - (search-patches "chicken-CVE-2017-6949.patch" - "chicken-CVE-2017-11343.patch")))) + "0hvckhi5gfny3mlva6d7y9pmx7cbwvq0r7mk11k3sdiik9hlkmdd")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) |