Kei Kebreau <k...@openmailbox.org> writes: > Leo Famulari <l...@famulari.name> writes: > >> On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote: >>> Leo Famulari <l...@famulari.name> writes: >>> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote: >>> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}. >>> >> >>> >> * >>> >> gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: >>> >> New file. >>> >> * gnu/local.mk (dist_patch_DATA): Use it. >>> >> * gnu/packages/scheme.scm (chicken)[source]: Use it. >>> > >>> > Thank you for looking into this! >>> > >>> > Something like this patch is in CHICKEN 4.11.1: >>> > >>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=0d20426c6da0f116606574dadadaa878b96a68ea >>> > >>> > And there is a patch for the IrRegex bug after the latest tag: >>> > >>> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=2c419f18138c17767754b36d3b706cd71a55350a >>> > >>> > Can you try updating CHICKEN and applying that IrRegex patch? >>> >>> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN >>> binary due to its build system requirements. Do we have any objection to >>> bootstrapping CHICKEN 4.11.1 from version 4.11.0? >> >> Interesting! >> >> I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1. >> >> Changing the build system like that seems unusual for a minor point >> release, and I don't see it documented in the 4.11.1 NEWS file: >> >> https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=545d68583c8375bd5243ec07a53faff9ec1685a3;hb=116f42e7a3eab2a02b853fd038af3cb3aadad5c3 >> > > I must have phrased that too vaguely. It's just a "building from release > tarball vs from git checkout" thing, documented in the README file of > both releases. I've been having trouble with the seemingly identical > test suite using the attached WIP patch. Perhaps the dreary wheather is > clouding my thoughts. >
Update! I found a file "types.db" that is unwritable. However, changing access permissions in the (hackish) way I've done in the patch makes the build's hash time-dependent. >> One way or another, we should fix these bugs in our package. Thanks for >> taking care of it :) > > You're welcome! Merry Grav-Mass, BTW. :)
From 0f55ac1274b30f714b9454d623d860ef6f710da6 Mon Sep 17 00:00:00 2001 From: Kei Kebreau <k...@openmailbox.org> Date: Sun, 25 Dec 2016 00:31:53 -0500 Subject: [PATCH] gnu: chicken: Update to 4.11.1. * gnu/packages/scheme.scm (chicken): Update to 4.11.1. --- gnu/packages/scheme.scm | 52 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 78f387faf..0ad449ae2 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -320,9 +320,9 @@ applications in many fields such as multimedia (web galleries, music players, mashups, office (web agendas, mail clients, ...), etc.") (license gpl2+))) -(define-public chicken +(define chicken-4.11.0 (package - (name "chicken") + (name "chicken-4.11.0") (version "4.11.0") (source (origin (method url-fetch) @@ -374,6 +374,54 @@ produces portable and efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions.") (license bsd-3))) +(define-public chicken + (package + (inherit chicken-4.11.0) + (name "chicken") + (version "4.11.1") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://code.call-cc.org/git/chicken-core.git") + (commit version))) + (sha256 + (base32 + "1a0jxi5k2n2dx7zn9blynd9lg45v2w4jnh24d67lqazasricgs1k")))) + (arguments + `(;; No `configure' script; run "make check" after "make install" as + ;; prescribed by README. + #:phases + (modify-phases %standard-phases + (delete 'configure) + (delete 'check) + (add-after 'install 'check + (assoc-ref %standard-phases 'check)) + (add-after 'unpack 'disable-broken-tests + (lambda _ + ;; The port tests fail with this error: + ;; Error: (line 294) invalid escape-sequence '\x o' + (substitute* "tests/runtests.sh" + (("\\$interpret -s port-tests\\.scm") "") + (("mkdir -p test-repository") + (string-append "mkdir -p test-repository\n" + "chmod 644 ../types.db"))) + #t))) + + #:make-flags (let ((out (assoc-ref %outputs "out")) + (chicken-binary + (string-append + (assoc-ref %build-inputs "chicken-4.11.0") + "/bin/chicken"))) + (list "PLATFORM=linux" + (string-append "PREFIX=" out) + (string-append "VARDIR=" out "/var/lib") + (string-append "CHICKEN=" chicken-binary))) + + ;; Parallel builds are not supported, as noted in README. + #:parallel-build? #f)) + (inputs + `(("chicken-4.11.0" ,chicken-4.11.0))))) ; necessary for building from git + (define-public scheme48 (package (name "scheme48") -- 2.11.0
signature.asc
Description: PGP signature