Attachment 157947 Details for Bug 200980 – chicken-4.10.0r1.diff

[patch] chicken-4.10.0r1.diff

chicken-4.10.0r1.diff (text/plain), 3.53 KB, created by Vitaly Magerya on 2015-06-21 17:23:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Vitaly Magerya

Created: 2015-06-21 17:23:53 UTC

Size: 3.53 KB

patch

obsolete

>Index: lang/chicken/Makefile
>===================================================================
>--- lang/chicken/Makefile	(revision 390260)
>+++ lang/chicken/Makefile	(working copy)
>@@ -2,10 +2,10 @@
> # $FreeBSD$
> 
> PORTNAME=	chicken
>-PORTVERSION=	4.9.0.1
>-PORTREVISION=	1
>+PORTVERSION=	4.10.0r1
> CATEGORIES=	lang scheme
>-MASTER_SITES=	http://code.call-cc.org/releases/4.9.0/
>+MASTER_SITES=	http://code.call-cc.org/dev-snapshots/2015/06/07/
>+DISTNAME=	${PORTNAME}-${PORTVERSION:r1=rc1}
> 
> MAINTAINER=	vmagerya@gmail.com
> COMMENT=	Scheme-to-C compiler
>@@ -14,12 +14,15 @@
> CPE_VENDOR=	call-cc
> MAKEFILE=	GNUmakefile
> USE_LDCONFIG=	yes
>-MAKE_ARGS+=	PLATFORM=bsd PREFIX=${PREFIX} \
>-		TOPMANDIR=${PREFIX}/man ARCH=${NEW_ARCH} \
>+MAKE_ARGS+=	PLATFORM=bsd \
>+		PREFIX=${PREFIX} \
>+		MANDIR=${PREFIX}/man \
>+		LIBDIR="${PREFIX}/lib" \
>+		DOCDIR="${DOCSDIR}" \
>+		ARCH=${NEW_ARCH} \
> 		C_COMPILER="${CC}" \
> 		CXX_COMPILER="${CXX}" \
> 		LIBRARIAN="${AR}" \
>-		DOCDIR="${DOCSDIR}" \
> 		C_COMPILER_OPTIMIZATION_OPTIONS="${CFLAGS}"
> 
> NEW_ARCH=	${ARCH:S/i386/x86/:S/amd64/x86-64/}
>@@ -34,6 +37,9 @@
> 
> post-install:
> 	${INSTALL_DATA} ${WRKSRC}/NEWS ${STAGEDIR}${DOCSDIR}
>+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/*
>+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/chicken/7/*.so
>+	${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libchicken*
> 
> # This only works *after* chicken is installed.
> regression-test: build
>Index: lang/chicken/distinfo
>===================================================================
>--- lang/chicken/distinfo	(revision 390260)
>+++ lang/chicken/distinfo	(working copy)
>@@ -1,2 +1,2 @@
>-SHA256 (chicken-4.9.0.1.tar.gz) = 04df7c439c36fc16446bdfa186e7a70258f911d2d826b5216a8e6b1cb2aa2815
>-SIZE (chicken-4.9.0.1.tar.gz) = 4023371
>+SHA256 (chicken-4.10.0rc1.tar.gz) = b5cc7c2d270d11f56a52da1b78950ada27d9bce2496b8ba230542d104b5477f0
>+SIZE (chicken-4.10.0rc1.tar.gz) = 4033834
>Index: security/vuxml/vuln.xml
>===================================================================
>--- security/vuxml/vuln.xml	(revision 390260)
>+++ security/vuxml/vuln.xml	(working copy)
>@@ -57,6 +57,39 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="e7b7f2b5-177a-11e5-ad33-f8d111029e6a">
>+ <topic>chicken -- Potential buffer overrun in string-translate*</topic>
>+ <affects>
>+ <package>
>+	<name>chicken</name>
>+	<range><lt>4.10.0r1</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	chicken developer Peter Bex reports:
>+	<blockquote cite="http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html">
>+	 Using gcc's Address Sanitizer, it was discovered that the string-translate*
>+	 procedure from the data-structures unit can scan beyond the input string's
>+	 length up to the length of the source strings in the map that's passed to
>+	 string-translate*.	This issue was fixed in master 8a46020, and it will
>+	 make its way into CHICKEN 4.10.
>+
>+	 This bug is present in all released versions of CHICKEN.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2015-4556</cvename>
>+ <mlist>http://lists.nongnu.org/archive/html/chicken-announce/2015-06/msg00010.html</mlist>
>+ <mlist>http://lists.nongnu.org/archive/html/chicken-hackers/2015-06/msg00037.html</mlist>
>+ </references>
>+ <dates>
>+ <discovery>2010-09-15</discovery>
>+ <entry>2015-06-20</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
> <topic>p5-Dancer -- possible to abuse session cookie values</topic>
> <affects>

Flags:

vmagerya: maintainer-approval+

Actions: View | Diff

Attachments on bug 200980: 157898 | 157947 | 157966 | 157968 | 157976 | 158375 | 158401 | 159285 | 159286 | 159287