Re: Chicken security bugs [was Re: address@hidden: Irregex packages shou

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chicken security bugs [was Re: address@hidden: Irregex packages shou

From:	Leo Famulari
Subject:	Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]]
Date:	Sun, 1 Jan 2017 17:18:59 -0500
User-agent:	Mutt/1.7.2 (2016-11-26)

On Sat, Dec 24, 2016 at 08:59:59PM -0500, Kei Kebreau wrote:
> Leo Famulari <address@hidden> writes:
> 
> > On Sat, Dec 24, 2016 at 02:23:43PM -0500, Kei Kebreau wrote:
> >> Leo Famulari <address@hidden> writes:
> >> > On Thu, Dec 22, 2016 at 02:20:37PM -0500, Kei Kebreau wrote:
> >> >> Subject: [PATCH] gnu: chicken: Fix CVE-2016-{6830,6831}.
> >> >> 
> >> >> * gnu/packages/patches/chicken-CVE-2016-6830+CVE-2016-6831.patch: New 
> >> >> file.
> >> >> * gnu/local.mk (dist_patch_DATA): Use it.
> >> >> * gnu/packages/scheme.scm (chicken)[source]: Use it.
> >> >
> >> > Thank you for looking into this!
> >> >
> >> > Something like this patch is in CHICKEN 4.11.1:
> >> >
> >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=0d20426c6da0f116606574dadadaa878b96a68ea
> >> >
> >> > And there is a patch for the IrRegex bug after the latest tag:
> >> >
> >> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=2c419f18138c17767754b36d3b706cd71a55350a
> >> >
> >> > Can you try updating CHICKEN and applying that IrRegex patch?
> >> 
> >> I can try, but updating to CHICKEN 4.11.1 requires a recent CHICKEN
> >> binary due to its build system requirements. Do we have any objection to
> >> bootstrapping CHICKEN 4.11.1 from version 4.11.0?
> >
> > Interesting!
> >
> > I don't see why we shouldn't use 4.11.0 to bootstrap 4.11.1.
> >
> > Changing the build system like that seems unusual for a minor point
> > release, and I don't see it documented in the 4.11.1 NEWS file:
> >
> > https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=NEWS;h=545d68583c8375bd5243ec07a53faff9ec1685a3;hb=116f42e7a3eab2a02b853fd038af3cb3aadad5c3
> >
> 
> I must have phrased that too vaguely. It's just a "building from release
> tarball vs from git checkout" thing, documented in the README file of
> both releases. I've been having trouble with the seemingly identical
> test suite using the attached WIP patch. Perhaps the dreary wheather is
> clouding my thoughts.

How about using a development snapshot?

http://code.call-cc.org/dev-snapshots/

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Leo Famulari <=
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2017/01/01
  - Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Leo Famulari, 2017/01/03
    - Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2017/01/03
- Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]], Kei Kebreau, 2017/01/01

Prev by Date: [PATCH] gnu: Add cmst.
Next by Date: Re: [PATCH 1/4] gnu: Add python-pyte.
Previous by thread: [PATCH] gnu: Add cmst.
Next by thread: Re: Chicken security bugs [was Re: address@hidden: Irregex packages should be updated to 0.9.6]]
Index(es):
- Date
- Thread