Fix CVE-2017-11343: https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 Patch copied from upstream mailing list: http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Fri, 30 Jun 2017 15:39:45 +0200 Subject: [PATCH 2/2] Initialize symbol table after setting up randomization Otherwise, the symbol table wouldn't be correctly randomized. --- NEWS | 3 +++ runtime.c | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) #diff --git a/NEWS b/NEWS #index f4b0e041..6588b30e 100644 #--- a/NEWS #+++ b/NEWS #@@ -96,6 +96,9 @@ # buffer overrun and/or segfault (thanks to Lemonboy). # - CVE-2017-9334: `length' no longer crashes on improper lists (fixes # #1375, thanks to "megane"). #+ - The randomization factor of the symbol table was set before #+ the random seed was set, causing it to have a fixed value on many #+ platforms. # # - Core Libraries # - Unit "posix": If file-lock, file-lock/blocking or file-unlock are diff --git a/runtime.c b/runtime.c index 81c54dd2..a4580abc 100644 --- a/runtime.c +++ b/runtime.c @@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; memset(signal_mapping_table, 0, sizeof(int) * NSIG); - initialize_symbol_table(); C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; error_location = C_SCHEME_FALSE; C_pre_gc_hook = NULL; @@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) callback_continuation_level = 0; gc_ms = 0; (void)C_randomize(C_fix(time(NULL))); + initialize_symbol_table(); if (profiling) { #ifndef C_NONUNIX -- 2.11.0 : root/gnu/packages/c.scm
AgeCommit message (Expand)Author
2019-01-31gnu: tcc: Fix building on armhf-linux....* gnu/packages/c.scm (tcc)[arguments]: Add 'configure-flag to set the triplet when building for armhf-linux. Efraim Flashner
2019-01-31gnu: tcc: Mark aarch64-linux as supported....* gnu/packages/c.scm (tcc)[supported-systems]: Remove aarch64. Efraim Flashner
2018-11-21gnu: libbytesize: Make .mo file builds reproducible....* gnu/packages/c.scm (libbytesize)[sources](modules, snippet): New fields. [arguments]: Add #:configure-flags and #:phases. Ludovic Courtès
2018-11-08gnu: pcc: Use INVOKE....* gnu/packages/c.scm (pcc)[arguments]: Use INVOKE and return #T unconditionally. Ricardo Wurmus
2018-10-24gnu: libbytesize: Update to 1.4....* gnu/packages/c.scm (libbytesize): Update to 1.4. [source]: Parametrise. Tobias Geerinckx-Rice
2018-08-27Update email for Pierre Neidhardt....* .mailmap: Add name and email for Pierre Neidhardt. * gnu/packages/c.scm, gnu/packages/code.scm, gnu/packages/compression.scm, gnu/packages/disk.scm, gnu/packages/emacs.scm, gnu/packages/freedesktop.scm, gnu/packages/golang.scm, gnu/packages/image.scm, gnu/packages/music.scm, gnu/packages/networking.scm, gnu/packages/password-utils.scm, gnu/packages/perl-check.scm, gnu/packages/perl.scm, gnu/packages/textutils.scm, gnu/packages/video.scm, gnu/packages/xdisorg.scm: Update email for Pierre Neidhardt. Pierre Neidhardt
2018-07-30gnu: Add libbytesize....* gnu/package/c.scm (libbytesize): New variable. Pierre Neidhardt
2018-04-30gnu: tcc-wrapper: Use Guile 2.2....* gnu/packages/c.scm (tcc-wrapper)[inputs]: Switch to GUILE-2.2. Ludovic Courtès
2018-01-19gnu: tcc: Update to 0.9.27....* gnu/packages/c.scm (tcc): Update to 0.9.27. [license]: Add a comment about attempted Expat re-licencing. Tobias Geerinckx-Rice