From unknown Sun Jun 22 11:36:54 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#26212 <26212@debbugs.gnu.org>
To: bug#26212 <26212@debbugs.gnu.org>
Subject: Status: [PATCH] gnu: chicken: Update to 4.12.0.
Reply-To: bug#26212 <26212@debbugs.gnu.org>
Date: Sun, 22 Jun 2025 18:36:54 +0000

retitle 26212 [PATCH] gnu: chicken: Update to 4.12.0.
reassign 26212 guix-patches
submitter 26212 Kei Kebreau <kei@openmailbox.org>
severity 26212 normal
tag 26212 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 21 16:52:08 2017
Received: (at submit) by debbugs.gnu.org; 21 Mar 2017 20:52:08 +0000
Received: from localhost ([127.0.0.1]:38371 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cqQlB-0006cM-43
	for submit@debbugs.gnu.org; Tue, 21 Mar 2017 16:52:08 -0400
Received: from eggs.gnu.org ([208.118.235.92]:44546)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kei@openmailbox.org>) id 1cqQl9-0006bl-Ax
 for submit@debbugs.gnu.org; Tue, 21 Mar 2017 16:52:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <kei@openmailbox.org>) id 1cqQl1-0005C0-PH
 for submit@debbugs.gnu.org; Tue, 21 Mar 2017 16:51:57 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID
 autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:60799)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <kei@openmailbox.org>) id 1cqQl1-0005Bu-LY
 for submit@debbugs.gnu.org; Tue, 21 Mar 2017 16:51:55 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35496)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <kei@openmailbox.org>) id 1cqQkz-0008W0-Di
 for guix-patches@gnu.org; Tue, 21 Mar 2017 16:51:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <kei@openmailbox.org>) id 1cqQkv-0005Au-Iu
 for guix-patches@gnu.org; Tue, 21 Mar 2017 16:51:53 -0400
Received: from lb1.openmailbox.org ([5.79.108.160]:37850
 helo=mail.openmailbox.org)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <kei@openmailbox.org>) id 1cqQkv-0005Ah-4C
 for guix-patches@gnu.org; Tue, 21 Mar 2017 16:51:49 -0400
Received: by mail.openmailbox.org (Postfix, from userid 20002)
 id 263E1502CE6; Tue, 21 Mar 2017 21:51:46 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1490129507;
 bh=XpNV3hXkXRVVuPt9Wk5a0LjIy7gDVEOpYJncJ8nHT1Y=;
 h=From:To:Cc:Subject:Date:From;
 b=M1dXY6/lTTp+mpkBnOtiLSF84YDpqICnH016pZRmnZ0imphAYXuVq8EHQSh4pnoLe
 omKGSxAiikCBpoJLON2wPw8XIR4mxpLwuQ9MI8gpEXArD/Pp7WMhm0FFzgSFwJ0SRd
 zJl9dG238onKBZfIsuzJaULU1/uXmBwVxwpjb2nM=
From: Kei Kebreau <kei@openmailbox.org>
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1490129505;
 bh=XpNV3hXkXRVVuPt9Wk5a0LjIy7gDVEOpYJncJ8nHT1Y=;
 h=From:To:Cc:Subject:Date:From;
 b=c3r7ULCgcP6XpWKgS2hcnaaTAm5C2wIj74iwjAkeXD8CMi6jWXkpzStJAtvhjwol8
 fRMxAWs7QgIpTiTHpgr+ptVJnEDp4NncRBirYWFR8s1fO6sODaPmTta+TS/BiXBAnG
 MLX9Wz5upaReUsqjxSEvc5FR+jUBJIsi1cgU7m3o=
To: 26209@debbugs.gnu.org,
	guix-patches@gnu.org
Subject: [PATCH] gnu: chicken: Update to 4.12.0.
Date: Tue, 21 Mar 2017 16:51:35 -0400
Message-Id: <20170321205135.10637-1-kei@openmailbox.org>
X-Mailer: git-send-email 2.12.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
Cc: Kei Kebreau <kei@openmailbox.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.0 (----)

* gnu/packages/scheme.scm (chicken): Update to 4.12.0.
---
 .../chicken-CVE-2016-6830+CVE-2016-6831.patch      |  81 -------------
 gnu/packages/patches/chicken-CVE-2017-6949.patch   | 132 +++++++++++++++++++++
 gnu/packages/scheme.scm                            |  16 +--
 3 files changed, 136 insertions(+), 93 deletions(-)
 delete mode 100644 gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
 create mode 100644 gnu/packages/patches/chicken-CVE-2017-6949.patch

diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
deleted file mode 100644
index 59decde0e..000000000
--- a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-diff -ur a/irregex-core.scm b/irregex-core.scm
---- a/irregex-core.scm	2016-09-11 19:03:00.000000000 -0400
-+++ b/irregex-core.scm	2017-01-01 22:24:08.000000000 -0500
-@@ -30,6 +30,8 @@
- 
- ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
- ;;;; History
-+;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
-+;;                     of backtracking matcher.
- ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
- ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
- ;; 0.9.3: 2014/07/01 - R7RS library
-@@ -3170,16 +3172,7 @@
-               ((sre-empty? (sre-sequence (cdr sre)))
-                (error "invalid sre: empty *" sre))
-               (else
--               (letrec
--                   ((body
--                     (lp (sre-sequence (cdr sre))
--                         n
--                         flags
--                         (lambda (cnk init src str i end matches fail)
--                           (body cnk init src str i end matches
--                                 (lambda ()
--                                   (next cnk init src str i end matches fail)
--                                   ))))))
-+               (let ((body (rec (list '+ (sre-sequence (cdr sre))))))
-                  (lambda (cnk init src str i end matches fail)
-                    (body cnk init src str i end matches
-                          (lambda ()
-@@ -3204,10 +3197,21 @@
-                          (lambda ()
-                            (body cnk init src str i end matches fail))))))))
-             ((+)
--             (lp (sre-sequence (cdr sre))
--                 n
--                 flags
--                 (rec (list '* (sre-sequence (cdr sre))))))
-+             (cond
-+              ((sre-empty? (sre-sequence (cdr sre)))
-+               (error "invalid sre: empty +" sre))
-+              (else
-+               (letrec
-+                   ((body
-+                     (lp (sre-sequence (cdr sre))
-+                         n
-+                         flags
-+                         (lambda (cnk init src str i end matches fail)
-+                           (body cnk init src str i end matches
-+                                 (lambda ()
-+                                   (next cnk init src str i end matches fail)
-+                                   ))))))
-+                 body))))
-             ((=)
-              (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre))))
-             ((>=)
-diff -ur a/irregex-utils.scm b/irregex-utils.scm
---- a/irregex-utils.scm	2016-09-11 19:03:00.000000000 -0400
-+++ b/irregex-utils.scm	2017-01-01 22:25:25.000000000 -0500
-@@ -89,7 +89,7 @@
-         (case (car x)
-           ((: seq)
-            (cond
--            ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj)))
-+            ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj)))
-              (display "(?:" out) (for-each lp (cdr x)) (display ")" out))
-             (else (for-each lp (cdr x)))))
-           ((submatch)
-diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.html"
---- "a/manual-html/Unit irregex.html"	2016-09-11 19:10:47.000000000 -0400
-+++ "b/manual-html/Unit irregex.html"	2017-01-01 22:26:05.000000000 -0500
-@@ -353,6 +353,6 @@
- <dd class="defsig"><p>Returns an optimized SRE matching any of the literal strings in the list, like Emacs' <tt>regexp-opt</tt>.  Note this optimization doesn't help when irregex is able to build a DFA.</p></dd>
- </dl>
- <h5 id="sec:sre-.3estring"><a href="#sec:sre-.3estring">sre-&gt;string</a></h5><dl class="defsig"><dt class="defsig" id="def:sre-.3estring"><span class="sig"><tt>(sre-&gt;string &lt;sre&gt;)</tt></span> <span class="type">procedure</span></dt>
--<dd class="defsig"><p>Convert an SRE to a POSIX-style regular expression string, if possible.</p></dd>
-+<dd class="defsig"><p>Convert an SRE to a PCRE-style regular expression string, if possible.</p></dd>
- </dl>
--<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
-\ No newline at end of file
-+<hr /><p>Previous: <a href="Unit%20extras.html">Unit extras</a></p><p>Next: <a href="Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
diff --git a/gnu/packages/patches/chicken-CVE-2017-6949.patch b/gnu/packages/patches/chicken-CVE-2017-6949.patch
new file mode 100644
index 000000000..00552eec7
--- /dev/null
+++ b/gnu/packages/patches/chicken-CVE-2017-6949.patch
@@ -0,0 +1,132 @@
+From: LemonBoy <thatlemon@gmail.com>
+Date: Fri, 10 Mar 2017 16:29:47 +0100
+Subject: [PATCH] Add bound checking to all srfi-4 vector allocations.
+
+Do what C_allocate_vector already does and prevent the creation of a
+vector that's too big or too small.
+We should be very careful to avoid the latter case because the
+allocation size is directly fed into `malloc' as 'x + sizeof(C_header)'
+thus making possible to successfully allocate a vector smaller than the
+C_header structure and get C_block_header_init to write over
+uninitialized memory.
+
+To reduce code duplication, type checking is moved from each of the
+make-*vector procedures to the common "alloc" helper procedure.
+
+Signed-off-by: Peter Bex <peter@more-magic.net>
+Signed-off-by: Kooda <kooda@upyum.com>
+---
+ srfi-4.scm | 34 +++++++++++++++-------------------
+ 1 file changed, 15 insertions(+), 19 deletions(-)
+
+diff --git a/srfi-4.scm b/srfi-4.scm
+index 7f5412b..69f58ba 100644
+--- a/srfi-4.scm
++++ b/srfi-4.scm
+@@ -255,24 +255,28 @@ EOF
+ 
+ ;;; Basic constructors:
+ 
+-(let* ([ext-alloc
+-	(foreign-lambda* scheme-object ([int bytes])
+-	  "C_word *buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
++(let* ((ext-alloc
++	(foreign-lambda* scheme-object ((size_t bytes))
++	  "C_word *buf;"
++	  "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);"
++	  "buf = (C_word *)C_malloc(bytes + sizeof(C_header));"
+ 	  "if(buf == NULL) C_return(C_SCHEME_FALSE);"
+ 	  "C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));"
+-	  "C_return(buf);") ]
+-       [ext-free
+-	(foreign-lambda* void ([scheme-object bv])
+-	  "C_free((void *)C_block_item(bv, 1));") ]
+-       [alloc
++	  "C_return(buf);") )
++       (ext-free
++	(foreign-lambda* void ((scheme-object bv))
++	  "C_free((void *)C_block_item(bv, 1));") )
++       (alloc
+ 	(lambda (loc len ext?)
++	  (##sys#check-exact len loc)
++	  (when (fx< len 0) (##sys#error loc "size is negative" len))
+ 	  (if ext?
+-	      (let ([bv (ext-alloc len)])
++	      (let ((bv (ext-alloc len)))
+ 		(or bv
+ 		    (##sys#error loc "not enough memory - cannot allocate external number vector" len)) )
+-	      (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be made better...
++	      (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be made better...
+ 		(##core#inline "C_string_to_bytevector" bv)
+-		bv) ) ) ] )
++		bv) ) ) ) )
+ 
+   (set! release-number-vector
+     (lambda (v)
+@@ -282,7 +286,6 @@ EOF
+ 
+   (set! make-u8vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u8vector)
+       (let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector len ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -295,7 +298,6 @@ EOF
+ 
+   (set! make-s8vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s8vector)
+       (let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector len ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -308,7 +310,6 @@ EOF
+ 
+   (set! make-u16vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u16vector)
+       (let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -321,7 +322,6 @@ EOF
+ 
+   (set! make-s16vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s16vector)
+       (let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector (##core#inline "C_fixnum_shift_left" len 1) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -334,7 +334,6 @@ EOF
+ 
+   (set! make-u32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-u32vector)
+       (let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -347,7 +346,6 @@ EOF
+ 
+   (set! make-s32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-s32vector)
+       (let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -360,7 +358,6 @@ EOF
+ 
+   (set! make-f32vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-f32vector)
+       (let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector (##core#inline "C_fixnum_shift_left" len 2) ext?))))
+ 	(when (and ext? fin?) (set-finalizer! v ext-free))
+ 	(if (not init)
+@@ -375,7 +372,6 @@ EOF
+ 
+   (set! make-f64vector
+     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
+-      (##sys#check-exact len 'make-f64vector)
+       (let ((v (##sys#make-structure
+ 		'f64vector
+ 		(alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ext?))))
+--
+2.1.4
+
diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
index e1dba9bed..fec872f5f 100644
--- a/gnu/packages/scheme.scm
+++ b/gnu/packages/scheme.scm
@@ -325,18 +325,16 @@ mashups, office (web agendas, mail clients, ...), etc.")
 (define-public chicken
   (package
     (name "chicken")
-    (version "4.11.1")
+    (version "4.12.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "http://code.call-cc.org/releases/"
+              (uri (string-append "https://code.call-cc.org/releases/"
                                   version "/chicken-" version ".tar.gz"))
-              (uri (string-append "http://code.call-cc.org/dev-snapshots/"
-                                  "2016/09/12/chicken-" version ".tar.gz"))
               (sha256
                (base32
-                "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga"))
+                "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
               (patches
-               (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patch"))))
+               (search-patches "chicken-CVE-2017-6949.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)
@@ -359,12 +357,6 @@ mashups, office (web agendas, mail clients, ...), etc.")
 
        ;; Parallel builds are not supported, as noted in README.
        #:parallel-build? #f))
-    ;; One of the tests ("testing direct invocation can detect calls of too
-    ;; many arguments...") times out when building with a more recent GCC.
-    ;; The problem was reported here:
-    ;; https://lists.gnu.org/archive/html/chicken-hackers/2015-04/msg00059.html
-    (native-inputs
-     `(("gcc" ,gcc-4.8)))
     (home-page "http://www.call-cc.org/")
     (synopsis "R5RS Scheme implementation that compiles native code via C")
     (description
-- 
2.12.0





From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 21 18:22:47 2017
Received: (at 26212-done) by debbugs.gnu.org; 21 Mar 2017 22:22:47 +0000
Received: from localhost ([127.0.0.1]:38426 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cqSAx-0002AT-8X
	for submit@debbugs.gnu.org; Tue, 21 Mar 2017 18:22:47 -0400
Received: from lb1.openmailbox.org ([5.79.108.160]:44229
 helo=mail.openmailbox.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kei@openmailbox.org>) id 1cqSAv-0002AK-BM
 for 26212-done@debbugs.gnu.org; Tue, 21 Mar 2017 18:22:46 -0400
Received: by mail.openmailbox.org (Postfix, from userid 20002)
 id 0A80F51E519; Tue, 21 Mar 2017 23:22:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1490134964;
 bh=Ojk78alDEYIi0GPDFvzvMzz8FY+N0J4loNyD8m3ZrIQ=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=Rv9/6ExTUMx+b1y+rqMpJbyuXKthvZ5p1KcRy2UEXtbGK+YepaLylH3a+meLV7o7A
 VykIqmr0hu53ByXvt26D20lK7+vYE+DXDT8uAU4ZjlNVog5UHsTggpn7EzvGPAm39r
 BzCxp36354L6J1G+4+awG5CILD0THyuCBzf/lSnI=
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ZDZR002
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=NO_RECEIVED,NO_RELAYS,
 T_DKIM_INVALID,URIBL_BLOCKED autolearn=disabled version=3.4.0
From: Kei Kebreau <kei@openmailbox.org>
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=openmailbox.org;
 s=openmailbox; t=1490134962;
 bh=Ojk78alDEYIi0GPDFvzvMzz8FY+N0J4loNyD8m3ZrIQ=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=Phmjy4u08KCUnBEseYgFsC8XtF0F2zOd+HDMAj3K2OanKT2goCpFhj7F7SWZDD6hx
 cqO/c1P8tgYv2cKBUVWSkbCperyVzWo9VwaftrB7Q7SgD+XbRSYS/FdCFUHnzIiFUu
 87CMD+VbMXqPdP+N/M8kBwaYzuGIgfGdoIMhUtkY=
To: 26212-done@debbugs.gnu.org
Subject: Re: bug#26212: [PATCH] gnu: chicken: Update to 4.12.0.
References: <20170321205135.10637-1-kei@openmailbox.org>
Date: Tue, 21 Mar 2017 18:22:32 -0400
In-Reply-To: <20170321205135.10637-1-kei@openmailbox.org> (Kei Kebreau's
 message of "Tue, 21 Mar 2017 16:51:35 -0400")
Message-ID: <874lym46dz.fsf@openmailbox.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 26212-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


Duplicate of report 26209.

Kei Kebreau <kei@openmailbox.org> writes:

> * gnu/packages/scheme.scm (chicken): Update to 4.12.0.
> ---
>  .../chicken-CVE-2016-6830+CVE-2016-6831.patch      |  81 -------------
>  gnu/packages/patches/chicken-CVE-2017-6949.patch   | 132 +++++++++++++++=
++++++
>  gnu/packages/scheme.scm                            |  16 +--
>  3 files changed, 136 insertions(+), 93 deletions(-)
>  delete mode 100644 gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6=
831.patch
>  create mode 100644 gnu/packages/patches/chicken-CVE-2017-6949.patch
>
> diff --git a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.pat=
ch b/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
> deleted file mode 100644
> index 59decde0e..000000000
> --- a/gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch
> +++ /dev/null
> @@ -1,81 +0,0 @@
> -diff -ur a/irregex-core.scm b/irregex-core.scm
> ---- a/irregex-core.scm	2016-09-11 19:03:00.000000000 -0400
> -+++ b/irregex-core.scm	2017-01-01 22:24:08.000000000 -0500
> -@@ -30,6 +30,8 @@
> -=20
> - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
> - ;;;; History
> -+;; 0.9.6: 2016/12/05 - fixed exponential memory use of + in compilation
> -+;;                     of backtracking matcher.
> - ;; 0.9.5: 2016/09/10 - fixed a bug in irregex-fold handling of bow
> - ;; 0.9.4: 2015/12/14 - performance improvement for {n,m} matches
> - ;; 0.9.3: 2014/07/01 - R7RS library
> -@@ -3170,16 +3172,7 @@
> -               ((sre-empty? (sre-sequence (cdr sre)))
> -                (error "invalid sre: empty *" sre))
> -               (else
> --               (letrec
> --                   ((body
> --                     (lp (sre-sequence (cdr sre))
> --                         n
> --                         flags
> --                         (lambda (cnk init src str i end matches fail)
> --                           (body cnk init src str i end matches
> --                                 (lambda ()
> --                                   (next cnk init src str i end matches=
 fail)
> --                                   ))))))
> -+               (let ((body (rec (list '+ (sre-sequence (cdr sre))))))
> -                  (lambda (cnk init src str i end matches fail)
> -                    (body cnk init src str i end matches
> -                          (lambda ()
> -@@ -3204,10 +3197,21 @@
> -                          (lambda ()
> -                            (body cnk init src str i end matches fail)))=
)))))
> -             ((+)
> --             (lp (sre-sequence (cdr sre))
> --                 n
> --                 flags
> --                 (rec (list '* (sre-sequence (cdr sre))))))
> -+             (cond
> -+              ((sre-empty? (sre-sequence (cdr sre)))
> -+               (error "invalid sre: empty +" sre))
> -+              (else
> -+               (letrec
> -+                   ((body
> -+                     (lp (sre-sequence (cdr sre))
> -+                         n
> -+                         flags
> -+                         (lambda (cnk init src str i end matches fail)
> -+                           (body cnk init src str i end matches
> -+                                 (lambda ()
> -+                                   (next cnk init src str i end matches=
 fail)
> -+                                   ))))))
> -+                 body))))
> -             ((=3D)
> -              (rec `(** ,(cadr sre) ,(cadr sre) ,@(cddr sre))))
> -             ((>=3D)
> -diff -ur a/irregex-utils.scm b/irregex-utils.scm
> ---- a/irregex-utils.scm	2016-09-11 19:03:00.000000000 -0400
> -+++ b/irregex-utils.scm	2017-01-01 22:25:25.000000000 -0500
> -@@ -89,7 +89,7 @@
> -         (case (car x)
> -           ((: seq)
> -            (cond
> --            ((and (pair? (cddr x)) (pair? (cddr x)) (not (eq? x obj)))
> -+            ((and (pair? (cdr x)) (pair? (cddr x)) (not (eq? x obj)))
> -              (display "(?:" out) (for-each lp (cdr x)) (display ")" out=
))
> -             (else (for-each lp (cdr x)))))
> -           ((submatch)
> -diff -ur "a/manual-html/Unit irregex.html" "b/manual-html/Unit irregex.h=
tml"
> ---- "a/manual-html/Unit irregex.html"	2016-09-11 19:10:47.000000000 -0400
> -+++ "b/manual-html/Unit irregex.html"	2017-01-01 22:26:05.000000000 -0500
> -@@ -353,6 +353,6 @@
> - <dd class=3D"defsig"><p>Returns an optimized SRE matching any of the li=
teral strings in the list, like Emacs' <tt>regexp-opt</tt>.  Note this opti=
mization doesn't help when irregex is able to build a DFA.</p></dd>
> - </dl>
> - <h5 id=3D"sec:sre-.3estring"><a href=3D"#sec:sre-.3estring">sre-&gt;str=
ing</a></h5><dl class=3D"defsig"><dt class=3D"defsig" id=3D"def:sre-.3estri=
ng"><span class=3D"sig"><tt>(sre-&gt;string &lt;sre&gt;)</tt></span> <span =
class=3D"type">procedure</span></dt>
> --<dd class=3D"defsig"><p>Convert an SRE to a POSIX-style regular express=
ion string, if possible.</p></dd>
> -+<dd class=3D"defsig"><p>Convert an SRE to a PCRE-style regular expressi=
on string, if possible.</p></dd>
> - </dl>
> --<hr /><p>Previous: <a href=3D"Unit%20extras.html">Unit extras</a></p><p=
>Next: <a href=3D"Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
> -\ No newline at end of file
> -+<hr /><p>Previous: <a href=3D"Unit%20extras.html">Unit extras</a></p><p=
>Next: <a href=3D"Unit%20srfi-1.html">Unit srfi-1</a></p></div></div></body>
> diff --git a/gnu/packages/patches/chicken-CVE-2017-6949.patch b/gnu/packa=
ges/patches/chicken-CVE-2017-6949.patch
> new file mode 100644
> index 000000000..00552eec7
> --- /dev/null
> +++ b/gnu/packages/patches/chicken-CVE-2017-6949.patch
> @@ -0,0 +1,132 @@
> +From: LemonBoy <thatlemon@gmail.com>
> +Date: Fri, 10 Mar 2017 16:29:47 +0100
> +Subject: [PATCH] Add bound checking to all srfi-4 vector allocations.
> +
> +Do what C_allocate_vector already does and prevent the creation of a
> +vector that's too big or too small.
> +We should be very careful to avoid the latter case because the
> +allocation size is directly fed into `malloc' as 'x + sizeof(C_header)'
> +thus making possible to successfully allocate a vector smaller than the
> +C_header structure and get C_block_header_init to write over
> +uninitialized memory.
> +
> +To reduce code duplication, type checking is moved from each of the
> +make-*vector procedures to the common "alloc" helper procedure.
> +
> +Signed-off-by: Peter Bex <peter@more-magic.net>
> +Signed-off-by: Kooda <kooda@upyum.com>
> +---
> + srfi-4.scm | 34 +++++++++++++++-------------------
> + 1 file changed, 15 insertions(+), 19 deletions(-)
> +
> +diff --git a/srfi-4.scm b/srfi-4.scm
> +index 7f5412b..69f58ba 100644
> +--- a/srfi-4.scm
> ++++ b/srfi-4.scm
> +@@ -255,24 +255,28 @@ EOF
> +=20
> + ;;; Basic constructors:
> +=20
> +-(let* ([ext-alloc
> +-	(foreign-lambda* scheme-object ([int bytes])
> +-	  "C_word *buf =3D (C_word *)C_malloc(bytes + sizeof(C_header));"
> ++(let* ((ext-alloc
> ++	(foreign-lambda* scheme-object ((size_t bytes))
> ++	  "C_word *buf;"
> ++	  "if (bytes > C_HEADER_SIZE_MASK) C_return(C_SCHEME_FALSE);"
> ++	  "buf =3D (C_word *)C_malloc(bytes + sizeof(C_header));"
> + 	  "if(buf =3D=3D NULL) C_return(C_SCHEME_FALSE);"
> + 	  "C_block_header_init(buf, C_make_header(C_BYTEVECTOR_TYPE, bytes));"
> +-	  "C_return(buf);") ]
> +-       [ext-free
> +-	(foreign-lambda* void ([scheme-object bv])
> +-	  "C_free((void *)C_block_item(bv, 1));") ]
> +-       [alloc
> ++	  "C_return(buf);") )
> ++       (ext-free
> ++	(foreign-lambda* void ((scheme-object bv))
> ++	  "C_free((void *)C_block_item(bv, 1));") )
> ++       (alloc
> + 	(lambda (loc len ext?)
> ++	  (##sys#check-exact len loc)
> ++	  (when (fx< len 0) (##sys#error loc "size is negative" len))
> + 	  (if ext?
> +-	      (let ([bv (ext-alloc len)])
> ++	      (let ((bv (ext-alloc len)))
> + 		(or bv
> + 		    (##sys#error loc "not enough memory - cannot allocate external nu=
mber vector" len)) )
> +-	      (let ([bv (##sys#allocate-vector len #t #f #t)]) ; this could be=
 made better...
> ++	      (let ((bv (##sys#allocate-vector len #t #f #t))) ; this could be=
 made better...
> + 		(##core#inline "C_string_to_bytevector" bv)
> +-		bv) ) ) ] )
> ++		bv) ) ) ) )
> +=20
> +   (set! release-number-vector
> +     (lambda (v)
> +@@ -282,7 +286,6 @@ EOF
> +=20
> +   (set! make-u8vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-u8vector)
> +       (let ((v (##sys#make-structure 'u8vector (alloc 'make-u8vector le=
n ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -295,7 +298,6 @@ EOF
> +=20
> +   (set! make-s8vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-s8vector)
> +       (let ((v (##sys#make-structure 's8vector (alloc 'make-s8vector le=
n ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -308,7 +310,6 @@ EOF
> +=20
> +   (set! make-u16vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-u16vector)
> +       (let ((v (##sys#make-structure 'u16vector (alloc 'make-u16vector =
(##core#inline "C_fixnum_shift_left" len 1) ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -321,7 +322,6 @@ EOF
> +=20
> +   (set! make-s16vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-s16vector)
> +       (let ((v (##sys#make-structure 's16vector (alloc 'make-s16vector =
(##core#inline "C_fixnum_shift_left" len 1) ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -334,7 +334,6 @@ EOF
> +=20
> +   (set! make-u32vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-u32vector)
> +       (let ((v (##sys#make-structure 'u32vector (alloc 'make-u32vector =
(##core#inline "C_fixnum_shift_left" len 2) ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -347,7 +346,6 @@ EOF
> +=20
> +   (set! make-s32vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-s32vector)
> +       (let ((v (##sys#make-structure 's32vector (alloc 'make-s32vector =
(##core#inline "C_fixnum_shift_left" len 2) ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -360,7 +358,6 @@ EOF
> +=20
> +   (set! make-f32vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-f32vector)
> +       (let ((v (##sys#make-structure 'f32vector (alloc 'make-f32vector =
(##core#inline "C_fixnum_shift_left" len 2) ext?))))
> + 	(when (and ext? fin?) (set-finalizer! v ext-free))
> + 	(if (not init)
> +@@ -375,7 +372,6 @@ EOF
> +=20
> +   (set! make-f64vector
> +     (lambda (len #!optional (init #f)  (ext? #f) (fin? #t))
> +-      (##sys#check-exact len 'make-f64vector)
> +       (let ((v (##sys#make-structure
> + 		'f64vector
> + 		(alloc 'make-f64vector (##core#inline "C_fixnum_shift_left" len 3) ex=
t?))))
> +--
> +2.1.4
> +
> diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm
> index e1dba9bed..fec872f5f 100644
> --- a/gnu/packages/scheme.scm
> +++ b/gnu/packages/scheme.scm
> @@ -325,18 +325,16 @@ mashups, office (web agendas, mail clients, ...), e=
tc.")
>  (define-public chicken
>    (package
>      (name "chicken")
> -    (version "4.11.1")
> +    (version "4.12.0")
>      (source (origin
>                (method url-fetch)
> -              (uri (string-append "http://code.call-cc.org/releases/"
> +              (uri (string-append "https://code.call-cc.org/releases/"
>                                    version "/chicken-" version ".tar.gz"))
> -              (uri (string-append "http://code.call-cc.org/dev-snapshots=
/"
> -                                  "2016/09/12/chicken-" version ".tar.gz=
"))
>                (sha256
>                 (base32
> -                "1rwymbbmnwdyhdzilv9w75an989xw9kjf3x52iqdng3nphpflcga"))
> +                "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
>                (patches
> -               (search-patches "chicken-CVE-2016-6830+CVE-2016-6831.patc=
h"))))
> +               (search-patches "chicken-CVE-2017-6949.patch"))))
>      (build-system gnu-build-system)
>      (arguments
>       `(#:modules ((guix build gnu-build-system)
> @@ -359,12 +357,6 @@ mashups, office (web agendas, mail clients, ...), et=
c.")
>=20=20
>         ;; Parallel builds are not supported, as noted in README.
>         #:parallel-build? #f))
> -    ;; One of the tests ("testing direct invocation can detect calls of =
too
> -    ;; many arguments...") times out when building with a more recent GC=
C.
> -    ;; The problem was reported here:
> -    ;; https://lists.gnu.org/archive/html/chicken-hackers/2015-04/msg000=
59.html
> -    (native-inputs
> -     `(("gcc" ,gcc-4.8)))
>      (home-page "http://www.call-cc.org/")
>      (synopsis "R5RS Scheme implementation that compiles native code via =
C")
>      (description

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEg7ZwOtzKO2lLzi2m5qXuPBlGeg0FAljRp6gACgkQ5qXuPBlG
eg2YtQ/9GOY94oJn4Kic5nSD+EHK76K8nyidXjBb1qEv7cNySAuDMGBPe1fW1WLD
N6orfnOoQd3lSNRCH0QK0O18dwcyaWtuxcdN1AckaneA1xEx0tZIJSrpQmIR0Ahd
+d2jJz77zHMJrGnrBR3+Dg19qfX8TTg9mL5st3K/D4YK/atjBH5ipNEMZKdXHdnC
IBNNufs+GUbjdzM2yCvk87St6con/rfA5fIDlFXp35AIXijd2YvbeiyGV896un1V
klkjHnx+ZYdBfmHFZybfw6QkaDn7vPozgDC9pnujgGZm3nm2nhT/XqxbKDdhszGS
Q5nkpL2hBRwn8w1hAfnZEg/uHSqPle3zEqO4Z0il8ba0+9sYkMBe4+XJCxm3uMaN
JP6ZOW6MChR6NWWv53X+mII/8bHyxe9s52vabgit+8JNFy4EMJlHLycHSQM+GFvB
jJ3rDSWQA/vYYQX1OYvScIzud/iKYYjx57ElgJL6JaMUm1CAmr4yjhWqOg0nKMiH
uZx/lyyV5nJeuLzh3pegOS+9f+/HBx8qN3HuF9fsePmV9tyPK6uF+pHy4x9DfnXo
u6SaL8WFbkHutyTJ1ayeplwyTIRnIkVjGLqoCJ360KC3XsZZ6Cu+tw9Tnj9IXnVl
cm7RUrCXfsXqKVfYnZyLLlkux75eKIBrUkZcHX6grIUMpEdQOG0=
=6FRG
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Sun Jun 22 11:36:54 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Wed, 19 Apr 2017 11:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator