GNU bug report logs -
#73894
[PATCH] gnu: chicken: Update to 5.4.0. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Sat, 19 Oct 2024 23:00:03 UTC
Severity: normal
Tags: patch
Done: Nicolas Graves <ngraves <at> ngraves.fr>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 73894 in the body.
You can then email your comments to 73894 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sat, 19 Oct 2024 23:00:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Nicolas Graves <ngraves <at> ngraves.fr>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Sat, 19 Oct 2024 23:00:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
---
gnu/packages/chicken.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..a499c5d9ee 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,14 +32,14 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 12:22:01 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
> This fixes CVE-2022-45145.
>
> * gnu/packages/chicken.scm (chicken): Update to 5.4.0.
> ---
> gnu/packages/chicken.scm | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
> index 3743ae3e2a..a499c5d9ee 100644
> --- a/gnu/packages/chicken.scm
> +++ b/gnu/packages/chicken.scm
> @@ -32,14 +32,14 @@ (define-module (gnu packages chicken)
> (define-public chicken
> (package
> (name "chicken")
> - (version "5.3.0")
> + (version "5.4.0")
> (source (origin
> (method url-fetch)
> (uri (string-append "https://code.call-cc.org/releases/"
> version "/chicken-" version ".tar.gz"))
> (sha256
> (base32
> - "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
> + "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
> (build-system gnu-build-system)
> (arguments
> `(#:modules ((guix build gnu-build-system)
on apply this patch, chicken-compile-file build fail, can you check it?
starting phase `build'
Error: extension or version not found: "compile-file"
fetching compile-file
TCP connect timeout
TCP connect timeout
error: in phase 'build': uncaught exception:
%exception #<&invoke-error program: "chicken-install" arguments: ("-cached" "-no-install" "compile-file") exit-status: 70 term-signal: #f stop-signal: #f>
phase `build' failed after 0.0 seconds
command "chicken-install" "-cached" "-no-install" "compile-file" failed with status 70
build process 18 exited with status 256
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 12:22:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 13:56:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 73894 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[arguments]<#:modules>: Add (ice-9 textual-ports).
<#:phases>: Add 'install-STATUS phase, which adds a file in
/share/chicken/STATUS that has become mandatory in the
chicken-build-system.
---
gnu/packages/chicken.scm | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..7f6d0afcc6 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,18 +32,19 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
+ (ice-9 textual-ports)
(srfi srfi-1))
;; No `configure' script; run "make check" after "make install" as
@@ -51,6 +52,21 @@ (define-public chicken
#:phases
(modify-phases %standard-phases
(delete 'configure)
+ ;; This file allows to avoid using -force in the chicken-build-system
+ ;; by pinning the upstream subversion revision.
+ (add-after 'install 'install-STATUS
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dest (string-append out "/share/chicken/STATUS")))
+ (call-with-input-file "buildid"
+ (lambda (input-port)
+ (call-with-output-file dest
+ (lambda (output-port)
+ (format output-port
+ "(~s ~s #f #f #f #f #f)"
+ (string-delete #\newline
+ (get-string-all input-port))
+ out))))))))
(delete 'check)
(add-after 'install 'check
(assoc-ref %standard-phases 'check)))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 13:56:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 73894 <at> debbugs.gnu.org (full text, mbox):
* guix/build/chicken-build-system.scm (stamp-egg-version): Modify
phase to create the new mandatory
$CHICKEN_EGG_CACHE/.cache-metadata/STATUS
and $CHICKEN_EGG_CACHE/.cache-metadata/VERSION.
---
guix/build/chicken-build-system.scm | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/guix/build/chicken-build-system.scm b/guix/build/chicken-build-system.scm
index 8f9f59cc25..92bccae619 100644
--- a/guix/build/chicken-build-system.scm
+++ b/guix/build/chicken-build-system.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 raingloom <raingloom <at> riseup.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -88,8 +89,7 @@ (define (unpack-maybe-strip source dest)
(mkdir-p dest)
(if (file-is-directory? source)
(copy-recursively source dest #:keep-mtime? #t)
- (unpack-maybe-strip source dest)))
- #t)
+ (unpack-maybe-strip source dest))))
(define* (build #:key egg-name #:allow-other-keys)
"Build the Chicken egg named by EGG-NAME"
@@ -111,15 +111,25 @@ (define* (check #:key egg-name tests? #:allow-other-keys)
(when tests?
(invoke "chicken-install" "-cached" "-test" "-no-install" egg-name)))
-(define* (stamp-egg-version #:key egg-name name #:allow-other-keys)
- "Check if EGG-NAME.egg contains version information and add some if not."
- (let* ((filename (string-append egg-name "/" egg-name ".egg"))
- (egg-info (call-with-input-file filename read))
+(define* (stamp-egg-version #:key egg-name name inputs #:allow-other-keys)
+ "Check if EGG-NAME.egg contains version information and add some if not.
+Since chicken <at> 5.4.0, also create the STATUS and VERSION files in
+$CHICKEN_EGG_CACHE/.cache-metadata."
+ (let* ((egg (string-append egg-name "/" egg-name ".egg"))
+ (metadatadir (string-append (getenv "CHICKEN_EGG_CACHE")
+ "/.cache-metadata/" egg-name))
+ (egg-info (call-with-input-file egg read))
(ver? (find (lambda (i) (eqv? (car i) 'version)) egg-info))
(ver (substring name (1+ (string-rindex name #\-)))))
- (when (not ver?)
- (make-file-writable filename)
- (call-with-output-file filename
+ (mkdir-p metadatadir)
+ (install-file (search-input-file inputs "/share/chicken/STATUS")
+ metadatadir)
+ (call-with-output-file
+ (string-append metadatadir "/VERSION")
+ (lambda (p) (format p "~a" ver)))
+ (unless ver?
+ (make-file-writable egg)
+ (call-with-output-file egg
(lambda (f) (write (cons `(version ,ver) egg-info) f))))))
;; It doesn't look like Chicken generates any unnecessary references.
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 15:39:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 73894 <at> debbugs.gnu.org (full text, mbox):
This fixes CVE-2022-45145.
* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[arguments]<#:modules>: Add (ice-9 textual-ports).
<#:phases>: Add 'install-STATUS phase, which adds a file in
/share/chicken/STATUS that has become mandatory in the
chicken-build-system.
---
gnu/packages/chicken.scm | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..a268e63bf2 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,18 +32,19 @@ (define-module (gnu packages chicken)
(define-public chicken
(package
(name "chicken")
- (version "5.3.0")
+ (version "5.4.0")
(source (origin
(method url-fetch)
(uri (string-append "https://code.call-cc.org/releases/"
version "/chicken-" version ".tar.gz"))
(sha256
(base32
- "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+ "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
(build-system gnu-build-system)
(arguments
`(#:modules ((guix build gnu-build-system)
(guix build utils)
+ (ice-9 textual-ports)
(srfi srfi-1))
;; No `configure' script; run "make check" after "make install" as
@@ -51,6 +52,20 @@ (define-public chicken
#:phases
(modify-phases %standard-phases
(delete 'configure)
+ ;; This file allows to avoid using -force in the chicken-build-system
+ ;; by pinning the upstream subversion revision.
+ (add-after 'install 'install-STATUS
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (dest (string-append out "/share/chicken/STATUS")))
+ (call-with-input-file "buildid"
+ (lambda (input-port)
+ (call-with-output-file dest
+ (lambda (output-port)
+ (format output-port
+ "(~s ~s #f #f #f #f #f)"
+ (get-line input-port)
+ out))))))))
(delete 'check)
(add-after 'install 'check
(assoc-ref %standard-phases 'check)))
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 15:39:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 73894 <at> debbugs.gnu.org (full text, mbox):
* guix/build/chicken-build-system.scm (stamp-egg-version): Modify
phase to create the new mandatory
$CHICKEN_EGG_CACHE/.cache-metadata/STATUS
and $CHICKEN_EGG_CACHE/.cache-metadata/VERSION.
---
guix/build/chicken-build-system.scm | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/guix/build/chicken-build-system.scm b/guix/build/chicken-build-system.scm
index 8f9f59cc25..92bccae619 100644
--- a/guix/build/chicken-build-system.scm
+++ b/guix/build/chicken-build-system.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2020 raingloom <raingloom <at> riseup.net>
+;;; Copyright © 2024 Nicolas Graves <ngraves <at> ngraves.fr>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -88,8 +89,7 @@ (define (unpack-maybe-strip source dest)
(mkdir-p dest)
(if (file-is-directory? source)
(copy-recursively source dest #:keep-mtime? #t)
- (unpack-maybe-strip source dest)))
- #t)
+ (unpack-maybe-strip source dest))))
(define* (build #:key egg-name #:allow-other-keys)
"Build the Chicken egg named by EGG-NAME"
@@ -111,15 +111,25 @@ (define* (check #:key egg-name tests? #:allow-other-keys)
(when tests?
(invoke "chicken-install" "-cached" "-test" "-no-install" egg-name)))
-(define* (stamp-egg-version #:key egg-name name #:allow-other-keys)
- "Check if EGG-NAME.egg contains version information and add some if not."
- (let* ((filename (string-append egg-name "/" egg-name ".egg"))
- (egg-info (call-with-input-file filename read))
+(define* (stamp-egg-version #:key egg-name name inputs #:allow-other-keys)
+ "Check if EGG-NAME.egg contains version information and add some if not.
+Since chicken <at> 5.4.0, also create the STATUS and VERSION files in
+$CHICKEN_EGG_CACHE/.cache-metadata."
+ (let* ((egg (string-append egg-name "/" egg-name ".egg"))
+ (metadatadir (string-append (getenv "CHICKEN_EGG_CACHE")
+ "/.cache-metadata/" egg-name))
+ (egg-info (call-with-input-file egg read))
(ver? (find (lambda (i) (eqv? (car i) 'version)) egg-info))
(ver (substring name (1+ (string-rindex name #\-)))))
- (when (not ver?)
- (make-file-writable filename)
- (call-with-output-file filename
+ (mkdir-p metadatadir)
+ (install-file (search-input-file inputs "/share/chicken/STATUS")
+ metadatadir)
+ (call-with-output-file
+ (string-append metadatadir "/VERSION")
+ (lambda (p) (format p "~a" ver)))
+ (unless ver?
+ (make-file-writable egg)
+ (call-with-output-file egg
(lambda (f) (write (cons `(version ,ver) egg-info) f))))))
;; It doesn't look like Chicken generates any unnecessary references.
--
2.46.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#73894; Package
guix-patches.
(Sun, 20 Oct 2024 21:31:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 73894 <at> debbugs.gnu.org (full text, mbox):
Zheng Junjie <zhengjunjie <at> iscas.ac.cn> skribis:
> Nicolas Graves via Guix-patches via <guix-patches <at> gnu.org> writes:
>
>> This fixes CVE-2022-45145.
>>
>> * gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[...]
> on apply this patch, chicken-compile-file build fail, can you check it?
Nicolas, see also <https://issues.guix.gnu.org/72173>.
Ludo’.
bug closed, send any further explanations to
73894 <at> debbugs.gnu.org and Nicolas Graves <ngraves <at> ngraves.fr>
Request was from
Nicolas Graves <ngraves <at> ngraves.fr>
to
control <at> debbugs.gnu.org.
(Mon, 21 Oct 2024 08:45:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 18 Nov 2024 12:24:16 GMT)
Full text and
rfc822 format available.
This bug report was last modified 263 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.