GNU bug report logs - #73894
[PATCH] gnu: chicken: Update to 5.4.0. [security fixes]

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Sat, 19 Oct 2024 23:00:03 UTC

Severity: normal

Tags: patch

Done: Nicolas Graves <ngraves <at> ngraves.fr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: 73894 <at> debbugs.gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>, zhengjunjie <at> iscas.ac.cn
Subject: [bug#73894] [PATCH v3 1/2] gnu: chicken: Update to 5.4.0. [security fixes]
Date: Sun, 20 Oct 2024 17:38:10 +0200

This fixes CVE-2022-45145.

* gnu/packages/chicken.scm (chicken): Update to 5.4.0.
[arguments]<#:modules>: Add (ice-9 textual-ports).
<#:phases>: Add 'install-STATUS phase, which adds a file in
/share/chicken/STATUS that has become mandatory in the
chicken-build-system.
---
 gnu/packages/chicken.scm | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/chicken.scm b/gnu/packages/chicken.scm
index 3743ae3e2a..a268e63bf2 100644
--- a/gnu/packages/chicken.scm
+++ b/gnu/packages/chicken.scm
@@ -32,18 +32,19 @@ (define-module (gnu packages chicken)
 (define-public chicken
   (package
     (name "chicken")
-    (version "5.3.0")
+    (version "5.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://code.call-cc.org/releases/"
                                   version "/chicken-" version ".tar.gz"))
               (sha256
                (base32
-                "0xhdvcdwlv9vbhxh7k0fzd32ybhc7fn83y9fj48dhzp1z7c9kbf3"))))
+                "0pzcrnzkjw2sa44vy59wbygvlc3nva8zisprkdnvyrqi3jk4lp9w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)
                   (guix build utils)
+                  (ice-9 textual-ports)
                   (srfi srfi-1))
 
        ;; No `configure' script; run "make check" after "make install" as
@@ -51,6 +52,20 @@ (define-public chicken
        #:phases
        (modify-phases %standard-phases
          (delete 'configure)
+         ;; This file allows to avoid using -force in the chicken-build-system
+         ;; by pinning the upstream subversion revision.
+         (add-after 'install 'install-STATUS
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (dest (string-append out "/share/chicken/STATUS")))
+               (call-with-input-file "buildid"
+                 (lambda (input-port)
+                   (call-with-output-file dest
+                     (lambda (output-port)
+                       (format output-port
+                               "(~s ~s #f #f #f #f #f)"
+                               (get-line input-port)
+                               out))))))))
          (delete 'check)
          (add-after 'install 'check
            (assoc-ref %standard-phases 'check)))
-- 
2.46.0
This bug report was last modified 264 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.