gnu: chicken: Update to 4.13.0.

* gnu/packages/scheme.scm (chicken): Update to 4.13.0.
[source]: Remove obsolete patches.
* gnu/packages/patches/chicken-CVE-2017-6949.patch,
gnu/packages/patches/chicken-CVE-2017-11343.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
Kei Kebreau 2017-12-23 09:03:50 -05:00
parent 28c03b4555
commit 79bffa3ec8
No known key found for this signature in database
GPG Key ID: E6A5EE3C19467A0D
4 changed files with 2 additions and 196 deletions

View File

@ -570,8 +570,6 @@ dist_patch_DATA = \
%D%/packages/patches/ceph-disable-unittest-throttle.patch \ %D%/packages/patches/ceph-disable-unittest-throttle.patch \
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \ %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
%D%/packages/patches/chicken-CVE-2017-6949.patch \
%D%/packages/patches/chicken-CVE-2017-11343.patch \
%D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/chmlib-inttypes.patch \
%D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-libc-search-path.patch \
%D%/packages/patches/clang-3.8-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \

View File

@ -1,57 +0,0 @@
Fix CVE-2017-11343:
https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
Patch copied from upstream mailing list:
http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
From: Peter Bex <address@hidden>
Date: Fri, 30 Jun 2017 15:39:45 +0200
Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
Otherwise, the symbol table wouldn't be correctly randomized.
---
NEWS | 3 +++
runtime.c | 2 +-
2 files changed, 4 insertions(+), 1 deletion(-)
#diff --git a/NEWS b/NEWS
#index f4b0e041..6588b30e 100644
#--- a/NEWS
#+++ b/NEWS
#@@ -96,6 +96,9 @@
# buffer overrun and/or segfault (thanks to Lemonboy).
# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
# #1375, thanks to "megane").
#+ - The randomization factor of the symbol table was set before
#+ the random seed was set, causing it to have a fixed value on many
#+ platforms.
#
# - Core Libraries
# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
diff --git a/runtime.c b/runtime.c
index 81c54dd2..a4580abc 100644
--- a/runtime.c
+++ b/runtime.c
@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
memset(signal_mapping_table, 0, sizeof(int) * NSIG);
- initialize_symbol_table();
C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
error_location = C_SCHEME_FALSE;
C_pre_gc_hook = NULL;
@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
callback_continuation_level = 0;
gc_ms = 0;
(void)C_randomize(C_fix(time(NULL)));
+ initialize_symbol_table();
if (profiling) {
#ifndef C_NONUNIX
--
2.11.0

View File

@ -1,132 +0,0 @@
From: LemonBoy <thatlemon@gmail.com>
Date: Fri, 10 Mar 2017 16:29:47 +0100
Subject: [PATCH] Add bound checking to all srfi-4 vector allocations.
Do what C_allocate_vector already does and prevent the creation of a
vector that's too big or too small.
We should be very careful to avoid the latter case because the
allocation size is directly fed into `malloc' as 'x + sizeof(C_header)'
thus making possible to successfully allocate a vector smaller than the
C_header structure and get C_block_header_init to write over
uninitialized memory.
To reduce code duplication, type checking is moved from each of the
make-*vector procedures to the common "alloc" helper procedure.
Signed-off-by: Peter Bex <peter@more-magic.net>
Signed-off-by: Kooda <kooda@upyum.com>
---
srfi-4.scm | 34 +++++++++++++++-------------------
1 file changed, 15 insertions(+), 19 deletions(-)
diff --git a/srfi-4.scm b/srfi-4.scm
index 7f5412b..69f58ba 100644
--- a/srfi-4.scm
+++ b/srfi-4.scm
@@ -255,24 +255,28 @@ EOF
;;; Basic constructors:
-(let* ([ext-alloc
- (foreign-lambda* scheme-object ([int bytes])
- "C_word *buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
+(let* ((ext-alloc
+ (foreign-lambda* scheme-object ((size_t bytes))
+ "C_word *buf;"
+ "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);"
+ "buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
"if(buf == NULL) C_return(C_SCHEME_FALSE);"
"C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));"
- "C_return(buf);") ]
- [ext-free
- (foreign-lambda* void ([scheme-object bv])
- "C_free((void *)C_block_item(bv, 1));") ]
- [alloc
+ "C_return(buf);") )
+ (ext-free
+ (foreign-lambda* void ((scheme-object bv))
+ "C_free((void *)C_block_item(bv, 1));") )
+ (alloc
(lambda (loc len ext?)
+ (##sys#check-exact len loc)
+ (when (fx< len 0) (##sys#error loc "size is negative" len))
(if ext?
- (let ([bv (ext-alloc len)])
+ (let ((bv (ext-alloc len)))
(or bv
(##sys#error loc "not enough memory - cannot allocate external number vector" len)) )
- (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be made better...
+ (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be made better...
(##core#inline "C_string_to_bytevector" bv)
- bv) ) ) ] )
+ bv) ) ) ) )
(set! release-number-vector
(lambda (v)
@@ -282,7 +286,6 @@ EOF
(set! make-u8vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-u8vector)
(let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector len ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -295,7 +298,6 @@ EOF
(set! make-s8vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-s8vector)
(let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector len ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -308,7 +310,6 @@ EOF
(set! make-u16vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-u16vector)
(let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -321,7 +322,6 @@ EOF
(set! make-s16vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-s16vector)
(let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -334,7 +334,6 @@ EOF
(set! make-u32vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-u32vector)
(let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -347,7 +346,6 @@ EOF
(set! make-s32vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-s32vector)
(let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -360,7 +358,6 @@ EOF
(set! make-f32vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-f32vector)
(let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
(when (and ext? fin?) (set-finalizer! v ext-free))
(if (not init)
@@ -375,7 +372,6 @@ EOF
(set! make-f64vector
(lambda (len #!optional (init #f) (ext? #f) (fin? #t))
- (##sys#check-exact len 'make-f64vector)
(let ((v (##sys#make-structure
'f64vector
(alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ext?))))
--
2.1.4

View File

@ -336,17 +336,14 @@ mashups, office (web agendas, mail clients, ...), etc.")
(define-public chicken (define-public chicken
(package (package
(name "chicken") (name "chicken")
(version "4.12.0") (version "4.13.0")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/" (uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz")) version "/chicken-" version ".tar.gz"))
(sha256 (sha256
(base32 (base32
"12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0")) "0hvckhi5gfny3mlva6d7y9pmx7cbwvq0r7mk11k3sdiik9hlkmdd"))))
(patches
(search-patches "chicken-CVE-2017-6949.patch"
"chicken-CVE-2017-11343.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:modules ((guix build gnu-build-system) `(#:modules ((guix build gnu-build-system)