Package: chicken
Version: 4.9.0.1-1
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU for chicken (versioned as 4.9.0.1-1.1). The diff
is attached to this message.
Regards.
diff -Nru chicken-4.9.0.1/debian/changelog chicken-4.9.0.1/debian/changelog
--- chicken-4.9.0.1/debian/changelog 2014-11-23 19:28:44.000000000 +0100
+++ chicken-4.9.0.1/debian/changelog 2016-05-29 10:46:57.000000000 +0200
@@ -1,3 +1,12 @@
+chicken (4.9.0.1-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2015-4556: cherry pick patch from upstream repository (Closes: #788833)
+ * CVE-2014-9651: cherry pick patch from upstream repository (Closes: #775346)
+ * Add chicken-bin to B-D to prevent FTBFS.
+
+ -- Tobias Frost <t...@debian.org> Sat, 28 May 2016 23:17:57 +0200
+
chicken (4.9.0.1-1) unstable; urgency=high
* New upstream version;
diff -Nru chicken-4.9.0.1/debian/control chicken-4.9.0.1/debian/control
--- chicken-4.9.0.1/debian/control 2014-11-23 19:23:35.000000000 +0100
+++ chicken-4.9.0.1/debian/control 2016-05-29 10:37:54.000000000 +0200
@@ -3,7 +3,7 @@
Section: interpreters
Priority: optional
Maintainer: Davide Puricelli (evo) <e...@debian.org>
-Build-Depends: debhelper (>> 5.0.0), texinfo, chrpath
+Build-Depends: debhelper (>> 5.0.0), texinfo, chrpath, chicken-bin
Standards-Version: 3.8.4.0
Package: chicken-bin
diff -Nru chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch
chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch
--- chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch 1970-01-01
01:00:00.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch 2016-05-28
23:20:41.000000000 +0200
@@ -0,0 +1,73 @@
+From 230eed2745ea2b57de3c9073e8596892b1da2d8c Mon Sep 17 00:00:00 2001
+From: Moritz Heidkamp <address@hidden>
+Date: Sun, 14 Dec 2014 23:33:52 +0100
+Subject: [PATCH] Fix buffer overrun in substring-index[-ci]
+
+When passing a start index greater than 0, substring-index[-ci] would
+scan past the end of the subject string, leading to bogus results in
+case the substring is accidentally run into beyond the end of the
+subject. This patch fixes the issue and also adds a range check for the
+start index.
+---
+ data-structures.scm | 22 ++++++++++++++--------
+ tests/data-structures-tests.scm | 11 ++++++++++-
+ 2 files changed, 24 insertions(+), 9 deletions(-)
+
+--- a/data-structures.scm
++++ b/data-structures.scm
+@@ -303,15 +303,21 @@
+ (define (traverse which where start test loc)
+ (##sys#check-string which loc)
+ (##sys#check-string where loc)
+- (let ([wherelen (##sys#size where)]
+- [whichlen (##sys#size which)] )
++ (let* ((wherelen (##sys#size where))
++ (whichlen (##sys#size which))
++ (end (fx- wherelen whichlen)))
+ (##sys#check-exact start loc)
+- (let loop ([istart start] [iend whichlen])
+- (cond [(fx> iend wherelen) #f]
+- [(test istart whichlen) istart]
+- [else
+- (loop (fx+ istart 1)
+- (fx+ iend 1) ) ] ) ) ) )
++ (if (and (fx>= start 0)
++ (fx> wherelen start))
++ (let loop ((istart start))
++ (cond ((fx> istart end) #f)
++ ((test istart whichlen) istart)
++ (else (loop (fx+ istart 1)))))
++ (##sys#error-hook (foreign-value "C_OUT_OF_RANGE_ERROR" int)
++ loc
++ start
++ wherelen))))
++
+ (set! ##sys#substring-index
+ (lambda (which where start)
+ (traverse
+--- a/tests/data-structures-tests.scm
++++ b/tests/data-structures-tests.scm
+@@ -1,6 +1,6 @@
+ ;;;; data-structures-tests.scm
+
+-(use data-structures)
++(use data-structures lolevel)
+
+ (define-syntax assert-error
+ (syntax-rules ()
+@@ -54,6 +54,15 @@
+ (assert (string=? "x" (string-translate* "ab" '(("ab" . "x")))))
+ (assert (string=? "xy" (string-translate* "xyz" '(("z" . "")))))
+
++
++;; This used to fail because substring-index and co. used to search
++;; beyond the end of the subject string when a start index > 0 was
++;; provided. We use object-evict to ensure that the strings are placed
++;; in adjacent memory ranges so we can detect this error.
++(let* ((foo (object-evict (make-string 32 #\x)))
++ (bar (object-evict "y")))
++ (assert (not (substring-index "y" foo 30))))
++
+ ;; topological-sort
+
+ (assert (equal? '() (topological-sort '() eq?)))
diff -Nru chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch
chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch
--- chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch 1970-01-01
01:00:00.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch 2016-05-29
11:00:13.000000000 +0200
@@ -0,0 +1,72 @@
+commit 8a460209d78ed532c0b92e32c21625c4952bde3c
+Author: Peter Bex <pe...@more-magic.net>
+Date: Sun Jun 14 19:52:26 2015 +0200
+
+ Fix potential buffer overrun error in string-translate*
+
+ string-translate* would scan from every position in the target string
+ for each source string in the map, even if that would mean scanning
+ past the end. The out-of-bounds read would be limited to the size of
+ the overlapping prefix in the trailing garbage beyond the string,
+ because memcmp will stop scanning as soon as there is a different
+ byte in either of the memory areas.
+
+ This also adds a few basic tests for string-translate*
+
+ Signed-off-by: Evan Hanson <ev...@foldling.org>
+
+--- a/data-structures.scm
++++ b/data-structures.scm
+@@ -504,7 +504,7 @@
+ (define (string-translate* str smap)
+ (##sys#check-string str 'string-translate*)
+ (##sys#check-list smap 'string-translate*)
+- (let ([len (##sys#size str)])
++ (let ((len (##sys#size str)))
+ (define (collect i from total fs)
+ (if (fx>= i len)
+ (##sys#fragments->string
+@@ -513,15 +513,16 @@
+ (if (fx> i from)
+ (cons (##sys#substring str from i) fs)
+ fs) ) )
+- (let loop ([smap smap])
++ (let loop ((smap smap))
+ (if (null? smap)
+ (collect (fx+ i 1) from (fx+ total 1) fs)
+- (let* ([p (car smap)]
+- [sm (car p)]
+- [smlen (string-length sm)]
+- [st (cdr p)] )
+- (if (##core#inline "C_substring_compare" str sm i 0 smlen)
+- (let ([i2 (fx+ i smlen)])
++ (let* ((p (car smap))
++ (sm (car p))
++ (smlen (string-length sm))
++ (st (cdr p)) )
++ (if (and (fx<= (fx+ i smlen) len)
++ (##core#inline "C_substring_compare" str sm i 0
smlen))
++ (let ((i2 (fx+ i smlen)))
+ (when (fx> i from)
+ (set! fs (cons (##sys#substring str from i) fs)) )
+ (collect
+--- a/tests/data-structures-tests.scm
++++ b/tests/data-structures-tests.scm
+@@ -43,6 +43,17 @@
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00a")))
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00A")))
+
++(assert (string=? "bde" (string-translate* "abcd"
++ '(("a" . "b")
++ ("b" . "")
++ ("c" . "d")
++ ("d" . "e")))))
++(assert (string=? "bc" (string-translate* "abc"
++ '(("ab" . "b")
++ ("bc" . "WRONG")))))
++(assert (string=? "x" (string-translate* "ab" '(("ab" . "x")))))
++(assert (string=? "xy" (string-translate* "xyz" '(("z" . "")))))
++
+ ;; topological-sort
+
+ (assert (equal? '() (topological-sort '() eq?)))
diff -Nru chicken-4.9.0.1/debian/patches/fix-manpages.patch
chicken-4.9.0.1/debian/patches/fix-manpages.patch
--- chicken-4.9.0.1/debian/patches/fix-manpages.patch 2014-11-23
19:23:35.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/fix-manpages.patch 2016-05-28
23:16:49.000000000 +0200
@@ -1,8 +1,6 @@
-Index: chicken-4.9.0/chicken-install.1
-===================================================================
---- chicken-4.9.0.orig/chicken-install.1
-+++ chicken-4.9.0/chicken-install.1
-@@ -42,7 +42,7 @@ installation paths if specified.
+--- a/chicken-install.1
++++ b/chicken-install.1
+@@ -42,7 +42,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -11,11 +9,9 @@
)
.SH DOCUMENTATION
-Index: chicken-4.9.0/chicken-status.1
-===================================================================
---- chicken-4.9.0.orig/chicken-status.1
-+++ chicken-4.9.0/chicken-status.1
-@@ -35,7 +35,7 @@ when configuring the system.
+--- a/chicken-status.1
++++ b/chicken-status.1
+@@ -35,7 +35,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -24,11 +20,9 @@
)
-Index: chicken-4.9.0/chicken-uninstall.1
-===================================================================
---- chicken-4.9.0.orig/chicken-uninstall.1
-+++ chicken-4.9.0/chicken-uninstall.1
-@@ -41,7 +41,7 @@ installation paths if specified.
+--- a/chicken-uninstall.1
++++ b/chicken-uninstall.1
+@@ -41,7 +41,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -37,11 +31,9 @@
)
-Index: chicken-4.9.0/chicken.1
-===================================================================
---- chicken-4.9.0.orig/chicken.1
-+++ chicken-4.9.0/chicken.1
-@@ -21,10 +21,6 @@ is a compiler and interpreter for the pr
+--- a/chicken.1
++++ b/chicken.1
+@@ -21,10 +21,6 @@
supporting most of the features as described in the
.I Revised^5 Report on
.I the Algorithmic Language Scheme
@@ -52,10 +44,8 @@
For a more convenient interface, see the manual page for csc(1).
.SH OPTIONS
-Index: chicken-4.9.0/csi.1
-===================================================================
---- chicken-4.9.0.orig/csi.1
-+++ chicken-4.9.0/csi.1
+--- a/csi.1
++++ b/csi.1
@@ -3,9 +3,7 @@
.SH NAME
diff -Nru chicken-4.9.0.1/debian/patches/series
chicken-4.9.0.1/debian/patches/series
--- chicken-4.9.0.1/debian/patches/series 2014-11-23 19:23:35.000000000
+0100
+++ chicken-4.9.0.1/debian/patches/series 2016-05-29 10:44:14.000000000
+0200
@@ -1 +1,3 @@
fix-manpages.patch
+CVE-2015-4556.patch
+CVE-2014-9651.patch
