diff options
author | Kei Kebreau <kei@openmailbox.org> | 2017-01-03 08:11:15 -0500 |
---|---|---|
committer | Kei Kebreau <kei@openmailbox.org> | 2017-01-03 08:35:02 -0500 |
commit | 6a37872cd2c132371ef2cb5344e004c63fdeb927 (patch) | |
tree | 6b94dee9745b73159347fce50718ca71020cd5b3 | |
parent | b9b6db45e84a7c9677f1b69040efadd0665139bb (diff) | |
download | guix-6a37872cd2c132371ef2cb5344e004c63fdeb927.tar.gz |
gnu: chicken: Fix CVE-2016-{6830,6831}.
* gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New file. * gnu/local.mk (dist_patch_DATA): Use it. * gnu/packages/scheme.scm (chicken)[source]: Use it.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch | 81 | ||||
-rw-r--r-- | gnu/packages/scheme.scm | 4 |
3 files changed, 85 insertions, 1 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 6ab1c1c488..0c42f9f442 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -497,6 +497,7 @@ dist_patch_DATA = \ %D%/packages/patches/calibre-drop-unrar.patch \ %D%/packages/patches/calibre-no-updates-dialog.patch \ %D%/packages/patches/cdparanoia-fpic.patch \ + %D%/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch new file mode 100644 index 0000000000..59decde0e9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch @@ -0,0 +1,81 @@ +diff -ur a/irregex-core.scm b/irregex-core.scm +--- a/irregex-core.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-core.scm 2017-01-01 22:24:08.000000000 -0500 +@@ -30,6 +30,8 @@ + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ;;;; History ++;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation ++;; of backtracking matcher. + ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow + ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches + ;; 0.9.3: 2014/07/01 - R7RS library +@@ -3170,16 +3172,7 @@ + ((sre-empty? (sre-sequence (cdr sre))) + (error "invalid sre: empty *" sre)) + (else +- (letrec +- ((body +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (lambda (cnk init src str i end matches fail) +- (body cnk init src str i end matches +- (lambda () +- (next cnk init src str i end matches fail) +- )))))) ++ (let ((body (rec (list '+ (sre-sequence (cdr sre)))))) + (lambda (cnk init src str i end matches fail) + (body cnk init src str i end matches + (lambda () +@@ -3204,10 +3197,21 @@ + (lambda () + (body cnk init src str i end matches fail)))))))) + ((+) +- (lp (sre-sequence (cdr sre)) +- n +- flags +- (rec (list '* (sre-sequence (cdr sre)))))) ++ (cond ++ ((sre-empty? (sre-sequence (cdr sre))) ++ (error "invalid sre: empty +" sre)) ++ (else ++ (letrec ++ ((body ++ (lp (sre-sequence (cdr sre)) ++ n ++ flags ++ (lambda (cnk init src str i end matches fail) ++ (body cnk init src str i end matches ++ (lambda () ++ (next cnk init src str i end matches fail) ++ )))))) ++ body)))) + ((=) + (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre)))) + ((>=) +diff -ur a/irregex-utils.scm b/irregex-utils.scm +--- a/irregex-utils.scm 2016-09-11 19:03:00.000000000 -0400 ++++ b/irregex-utils.scm 2017-01-01 22:25:25.000000000 -0500 +@@ -89,7 +89,7 @@ + (case (car x) + ((: seq) + (cond +- ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj))) ++ ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj))) + (display "(?:" out) (for-each lp (cdr x)) (display ")" out)) + (else (for-each lp (cdr x))))) + ((submatch) +diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html" +--- "a/manual-html/Unit irregex.html" 2016-09-11 19:10:47.000000000 -0400 ++++ "b/manual-html/Unit irregex.html" 2017-01-01 22:26:05.000000000 -0500 +@@ -353,6 +353,6 @@ + <dd class="defsig"><p>Returns an optimized SRE matching any of the literal strings in the list, like Emacs' <tt>regexp-opt</tt>. Note this optimization doesn't help when irregex is able to build a DFA.</p></dd> + </dl> + <h5 id="sec:sre-.3estring"><a href="#sec:sre-.3estring">sre->string</a></h5><dl class="defsig"><dt class="defsig" id="def:sre-.3estring"><span class="sig"><tt>(sre->string <sre>)</tt></span> <span class="type">procedure</span></dt> +-<dd class="defsig"><p>Convert an SRE to a POSIX-style regular expression string, if possible.</p></dd> ++<dd class="defsig"><p>Convert an SRE to a PCRE-style regular expression string, if possible.</p></dd> + </dl> +-<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body> +\ No newline at end of file ++<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body> diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 08bb89cefb..2756805f3d 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -332,7 +332,9 @@ mashups, office (web agendas, mail clients, ...), etc.") "2016/09/12/chicken-" version ".tar.gz")) (sha256 (base32 - "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")))) + "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga")) + (patches + (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patch")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) |