mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-07 15:36:20 -05:00
gnu: chicken: Fix CVE-2017-11343.
* gnu/packages/patches/chicken-CVE-2017-11343.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/scheme.scm (chicken)[source]: Use it.
This commit is contained in:
parent
27305769de
commit
144c8db9bd
3 changed files with 60 additions and 1 deletions
|
@ -536,6 +536,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
|
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
|
||||||
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
|
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
|
||||||
%D%/packages/patches/chicken-CVE-2017-6949.patch \
|
%D%/packages/patches/chicken-CVE-2017-6949.patch \
|
||||||
|
%D%/packages/patches/chicken-CVE-2017-11343.patch \
|
||||||
%D%/packages/patches/chmlib-inttypes.patch \
|
%D%/packages/patches/chmlib-inttypes.patch \
|
||||||
%D%/packages/patches/clang-libc-search-path.patch \
|
%D%/packages/patches/clang-libc-search-path.patch \
|
||||||
%D%/packages/patches/clang-3.8-libc-search-path.patch \
|
%D%/packages/patches/clang-3.8-libc-search-path.patch \
|
||||||
|
|
57
gnu/packages/patches/chicken-CVE-2017-11343.patch
Normal file
57
gnu/packages/patches/chicken-CVE-2017-11343.patch
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
Fix CVE-2017-11343:
|
||||||
|
|
||||||
|
https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
|
||||||
|
|
||||||
|
Patch copied from upstream mailing list:
|
||||||
|
|
||||||
|
http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
|
||||||
|
|
||||||
|
From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Peter Bex <address@hidden>
|
||||||
|
Date: Fri, 30 Jun 2017 15:39:45 +0200
|
||||||
|
Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
|
||||||
|
|
||||||
|
Otherwise, the symbol table wouldn't be correctly randomized.
|
||||||
|
---
|
||||||
|
NEWS | 3 +++
|
||||||
|
runtime.c | 2 +-
|
||||||
|
2 files changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
#diff --git a/NEWS b/NEWS
|
||||||
|
#index f4b0e041..6588b30e 100644
|
||||||
|
#--- a/NEWS
|
||||||
|
#+++ b/NEWS
|
||||||
|
#@@ -96,6 +96,9 @@
|
||||||
|
# buffer overrun and/or segfault (thanks to Lemonboy).
|
||||||
|
# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
|
||||||
|
# #1375, thanks to "megane").
|
||||||
|
#+ - The randomization factor of the symbol table was set before
|
||||||
|
#+ the random seed was set, causing it to have a fixed value on many
|
||||||
|
#+ platforms.
|
||||||
|
#
|
||||||
|
# - Core Libraries
|
||||||
|
# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
|
||||||
|
diff --git a/runtime.c b/runtime.c
|
||||||
|
index 81c54dd2..a4580abc 100644
|
||||||
|
--- a/runtime.c
|
||||||
|
+++ b/runtime.c
|
||||||
|
@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
|
||||||
|
C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
|
||||||
|
C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
|
||||||
|
memset(signal_mapping_table, 0, sizeof(int) * NSIG);
|
||||||
|
- initialize_symbol_table();
|
||||||
|
C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
|
||||||
|
error_location = C_SCHEME_FALSE;
|
||||||
|
C_pre_gc_hook = NULL;
|
||||||
|
@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
|
||||||
|
callback_continuation_level = 0;
|
||||||
|
gc_ms = 0;
|
||||||
|
(void)C_randomize(C_fix(time(NULL)));
|
||||||
|
+ initialize_symbol_table();
|
||||||
|
|
||||||
|
if (profiling) {
|
||||||
|
#ifndef C_NONUNIX
|
||||||
|
--
|
||||||
|
2.11.0
|
||||||
|
|
|
@ -345,7 +345,8 @@ (define-public chicken
|
||||||
(base32
|
(base32
|
||||||
"12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
|
"12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
|
||||||
(patches
|
(patches
|
||||||
(search-patches "chicken-CVE-2017-6949.patch"))))
|
(search-patches "chicken-CVE-2017-6949.patch"
|
||||||
|
"chicken-CVE-2017-11343.patch"))))
|
||||||
(build-system gnu-build-system)
|
(build-system gnu-build-system)
|
||||||
(arguments
|
(arguments
|
||||||
`(#:modules ((guix build gnu-build-system)
|
`(#:modules ((guix build gnu-build-system)
|
||||||
|
|
Loading…
Reference in a new issue