[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Chicken security bugs [was Re: address@hidden: Irregex packages shou
|
From: |
Kei Kebreau |
|
Subject: |
Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]] |
|
Date: |
Sat, 24 Dec 2016 20:59:59 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote:
>> Leo Famulari <address@hidden> writes:
>> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote:
>> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}.
>> >>
>> >> * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New
>> >> file.
>> >> * gnu/local.mk (dist_patch_DATA): Use it.
>> >> * gnu/packages/scheme.scm (chicken)[source]: Use it.
>> >
>> > Thank you for looking into this!
>> >
>> > Something like this patch is in CHICKEN 4.11.1:
>> >
>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=0d20426c6da0f116606574dadadaa878b96a68ea
>> >
>> > And there is a patch for the IrRegex bug after the latest tag:
>> >
>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=2c419f18138c17767754b36d3b706cd71a55350a
>> >
>> > Can you try updating CHICKEN and applying that IrRegex patch?
>>
>> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN
>> binary due to its build system requirements. Do we have any objection to
>> bootstrapping CHICKEN 4.11.1 from version 4.11.0?
>
> Interesting!
>
> I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1.
>
> Changing the build system like that seems unusual for a minor point
> release, and I don't see it documented in the 4.11.1 NEWS file:
>
> https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=545d68583c8375bd5243ec07a53faff9ec1685a3;hb=116f42e7a3eab2a02b853fd038af3cb3aadad5c3
>
I must have phrased that too vaguely. It's just a "building from release
tarball vs from git checkout" thing, documented in the README file of
both releases. I've been having trouble with the seemingly identical
test suite using the attached WIP patch. Perhaps the dreary wheather is
clouding my thoughts.
> One way or another, we should fix these bugs in our package. Thanks for
> taking care of it :)
You're welcome!
0001-gnu-chicken-Update-to-4.11.1.patch
Description: Text document
signature.asc
Description: PGP signature
- address@hidden: Irregex packages should be updated to 0.9.6], Leo Famulari, 2016/12/16
- Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Leo Famulari, 2016/12/16
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2016/12/22
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Leo Famulari, 2016/12/24
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2016/12/24
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Leo Famulari, 2016/12/24
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]],
Kei Kebreau <=
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2016/12/25
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2016/12/28