From: "Erik Falor" <ewfalor@gmail.com>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/lisp:master commit in: dev-scheme/chicken/files/, dev-scheme/chicken/
Date: Wed, 10 Apr 2013 20:59:35 +0000 (UTC) [thread overview]
Message-ID: <1365627551.38247a08290dd404a96152c032db9e0167d3d8b7.erik_falor@gentoo> (raw)
commit: 38247a08290dd404a96152c032db9e0167d3d8b7
Author: Erik Falor (fadein) <ewfalor <AT> gmail <DOT> com>
AuthorDate: Wed Apr 10 20:43:29 2013 +0000
Commit: Erik Falor <ewfalor <AT> gmail <DOT> com>
CommitDate: Wed Apr 10 20:59:11 2013 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/lisp.git;a=commit;h=38247a08
dev-scheme/chicken: add a patch to fix bug #462458
---
dev-scheme/chicken/chicken-4.8.0.3.ebuild | 80 ++++++++++++++++++++
.../chicken-4.8.0.3-csirc-inclusion-vuln.patch | 53 +++++++++++++
.../files/chicken-4.8.0.3-parallel-build.patch | 74 ++++++++++++++++++
3 files changed, 207 insertions(+), 0 deletions(-)
diff --git a/dev-scheme/chicken/chicken-4.8.0.3.ebuild b/dev-scheme/chicken/chicken-4.8.0.3.ebuild
new file mode 100644
index 0000000..6b343d4
--- /dev/null
+++ b/dev-scheme/chicken/chicken-4.8.0.3.ebuild
@@ -0,0 +1,80 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-scheme/chicken/chicken-4.8.0.1.ebuild,v 1.1 2013/02/05 23:51:45 pchrist Exp $
+
+EAPI="3"
+
+inherit eutils multilib versionator
+
+MY_PV=$(get_version_component_range 1-3)
+DESCRIPTION="Chicken is a Scheme interpreter and native Scheme to C compiler"
+HOMEPAGE="http://www.call-cc.org/"
+SRC_URI="http://code.call-cc.org/releases/${MY_PV}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~x86"
+IUSE="emacs parallel-build doc"
+
+DEPEND="sys-apps/texinfo
+ emacs? ( virtual/emacs )"
+RDEPEND="emacs? ( virtual/emacs app-emacs/scheme-complete )"
+
+src_prepare() {
+ if use "parallel-build"
+ then
+ epatch "${FILESDIR}"/${P}-parallel-build.patch
+ fi
+
+ #Fix Bug #462458
+ epatch "${FILESDIR}"/${P}-csirc-inclusion-vuln.patch
+
+ #Because chicken's Upstream is in the habit of using variables that
+ #portage also uses :( eg. $ARCH and $A
+ sed 's,A\(\s?=\|)\),chicken&,' -i Makefile.cross-linux-mingw \
+ defaults.make rules.make \
+ || die "sed failed"
+
+ sed "s,ARCH,zARCH," -i Makefile.bsd Makefile.cross-linux-mingw \
+ Makefile.cygwin Makefile.haiku Makefile.linux Makefile.macosx \
+ Makefile.mingw Makefile.mingw-msys Makefile.solaris \
+ defaults.make rules.make \
+ || die "sed failed"
+
+ sed "s,\$(PREFIX)/lib,\$(PREFIX)/$(get_libdir)," -i defaults.make || die "sed failed"
+ sed "s,\$(DATADIR)/doc,\$(SHAREDIR)/doc/${P}," -i defaults.make || die "sed failed"
+}
+
+src_compile() {
+ OPTIONS="PLATFORM=linux PREFIX=/usr"
+ if use "parallel-build"
+ then
+ emake ${OPTIONS} C_COMPILER_OPTIMIZATION_OPTIONS="${CFLAGS}" \
+ LINKER_OPTIONS="${LDFLAGS}" \
+ HOSTSYSTEM="${CBUILD}" || die "emake failed"
+ else
+ emake -j1 ${OPTIONS} C_COMPILER_OPTIMIZATION_OPTIONS="${CFLAGS}" \
+ LINKER_OPTIONS="${LDFLAGS}" \
+ HOSTSYSTEM="${CBUILD}" || die "emake failed"
+ fi
+}
+
+# chicken's testsuite is not runnable before install
+# upstream has been notified of the issue
+RESTRICT=test
+
+src_install() {
+ # still can't run make in parallel for the install target
+ emake -j1 ${OPTIONS} DESTDIR="${D}" HOSTSYSTEM="${CBUILD}" \
+ LINKER_OPTIONS="${LDFLAGS}" \
+ install || die
+
+ rm "${D}"/usr/share/doc/${P}/LICENSE || die
+ dodoc NEWS || die
+
+ # remove HTML documentation if the user doesn't USE=doc
+ if ! use "doc"
+ then
+ rm -rf "${D}"/usr/share/doc/${P}/manual || die
+ fi
+}
diff --git a/dev-scheme/chicken/files/chicken-4.8.0.3-csirc-inclusion-vuln.patch b/dev-scheme/chicken/files/chicken-4.8.0.3-csirc-inclusion-vuln.patch
new file mode 100644
index 0000000..1566948
--- /dev/null
+++ b/dev-scheme/chicken/files/chicken-4.8.0.3-csirc-inclusion-vuln.patch
@@ -0,0 +1,53 @@
+>From 526db30546d45f71591043b884b8d3ea25c673db Mon Sep 17 00:00:00 2001
+From: Florian Zumbiehl <address@hidden>
+Date: Fri, 15 Mar 2013 06:58:42 +0100
+Subject: [PATCH] csi: fix untrusted code execution by (load)ing ./.csirc
+
+Remove (load)ing of ./.csirc on csi startup as it can lead to execution of
+untrusted code.
+
+Signed-off-by: Peter Bex <address@hidden>
+---
+ NEWS | 4 ++++
+ csi.scm | 12 +++++-------
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 4023338..c21c7cf 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,5 +1,9 @@
+ 4.8.2
+
++- Security fixes
++ - ./.csirc is no longer loaded from the current directory upon startup of csi,
++ which could lead to untrusted code execution. (thanks to Florian Zumbiehl)
++
+ - Tools
+ - csc: added "-oi"/"-ot" options as alternatives to "-emit-inline-file"
+ and "-emit-type-file", respectively; "-n" has been deprecated.
+diff --git a/csi.scm b/csi.scm
+index b2b9f24..55a2ce8 100644
+--- a/csi.scm
++++ b/csi.scm
+@@ -1019,13 +1019,11 @@ EOF
+ (cons (cadr p) (loop (cddr p)))) ) ]
+ [else '()] ) ) )
+ (define (loadinit)
+- (let ([fn (##sys#string-append "./" init-file)])
+- (if (file-exists? fn)
+- (load fn)
+- (let* ([prefix (chop-separator (or (get-environment-variable "HOME") "."))]
+- [fn (string-append prefix "/" init-file)] )
+- (when (file-exists? fn)
+- (load fn) ) ) ) ) )
++ (and-let* ((home (get-environment-variable "HOME"))
++ ((not (string=? home ""))))
++ (let ((fn (string-append (chop-separator home) "/" init-file)))
++ (when (file-exists? fn)
++ (load fn) ) ) ) )
+ (define (evalstring str #!optional (rec (lambda _ (void))))
+ (let ((in (open-input-string str)))
+ (do ([x (read in) (read in)])
+--
+1.7.12
diff --git a/dev-scheme/chicken/files/chicken-4.8.0.3-parallel-build.patch b/dev-scheme/chicken/files/chicken-4.8.0.3-parallel-build.patch
new file mode 100644
index 0000000..a42dd2e
--- /dev/null
+++ b/dev-scheme/chicken/files/chicken-4.8.0.3-parallel-build.patch
@@ -0,0 +1,74 @@
+diff --git a/GNUmakefile b/GNUmakefile
+index 9bc40ca..c697f14 100644
+--- a/GNUmakefile
++++ b/GNUmakefile
+@@ -49,6 +49,9 @@ STANDARD_TARGETS \
+ fullcheck libs install-target install-dev bench
+
+ .PHONY: $(STANDARD_TARGETS) dist boot-chicken
++# Build this file's targets sequentially. This avoids executing overlapping
++# makes if the user specifies multiple targets.
++.NOTPARALLEL:
+
+ $(STANDARD_TARGETS):
+ $(MAKE) -f $(SRCDIR)/Makefile.$(PLATFORM) CONFIG=$(CONFIG) $@
+diff --git a/README b/README
+index 8d0d067..551b716 100644
+--- a/README
++++ b/README
+@@ -72,7 +72,7 @@
+ platforms.
+
+ Note that parallel builds (using the "-j" make(1) option) are
+- *not* supported.
++ also supported. Beware that parallel install will not work though.
+
+ If you invoke "make" later with different configuration parameters,
+ it is advisable to run:
+diff --git a/rules.make b/rules.make
+index 929b0a3..a8cb9b0 100644
+--- a/rules.make
++++ b/rules.make
+@@ -243,8 +243,8 @@ lib$(PROGRAM_PREFIX)chicken$(PROGRAM_SUFFIX)$(A): $(APPLY_HACK_OBJECT) $(LIBCHIC
+
+ # import libraries and extensions
+
+-%.so: %.o
+- $(LINKER) $(LINKER_OPTIONS) $(LINKER_LINK_SHARED_DLOADABLE_OPTIONS) $^ $(LINKER_OUTPUT_OPTION) $@ \
++%.so: %.o $(PRIMARY_LIBCHICKEN)
++ $(LINKER) $(LINKER_OPTIONS) $(LINKER_LINK_SHARED_DLOADABLE_OPTIONS) $< $(LINKER_OUTPUT_OPTION) $@ \
+ $(LINKER_LIBRARY_PREFIX)$(PROGRAM_PREFIX)chicken$(PROGRAM_SUFFIX)$(LINKER_LIBRARY_SUFFIX) \
+ $(LIBRARIES)
+
+@@ -582,9 +582,9 @@ chicken-profile.c: $(SRCDIR)chicken-profile.scm
+ $(CHICKEN) $< $(CHICKEN_PROGRAM_OPTIONS) -output-file $@
+ chicken-install.c: $(SRCDIR)chicken-install.scm setup-download.c setup-api.c
+ $(CHICKEN) $< $(CHICKEN_PROGRAM_OPTIONS) -output-file $@
+-chicken-uninstall.c: $(SRCDIR)chicken-uninstall.scm
++chicken-uninstall.c: $(SRCDIR)chicken-uninstall.scm setup-api.c
+ $(CHICKEN) $< $(CHICKEN_PROGRAM_OPTIONS) -output-file $@
+-chicken-status.c: $(SRCDIR)chicken-status.scm
++chicken-status.c: $(SRCDIR)chicken-status.scm setup-api.c
+ $(CHICKEN) $< $(CHICKEN_PROGRAM_OPTIONS) -output-file $@
+ csc.c: $(SRCDIR)csc.scm
+ $(CHICKEN) $< $(CHICKEN_PROGRAM_OPTIONS) -output-file $@
+@@ -675,14 +675,17 @@ bench: $(CHICKEN_SHARED_EXECUTABLE) $(CSI_SHARED_EXECUTABLE) $(CSC_PROGRAM)$(EXE
+ .PHONY: boot-chicken
+
+ boot-chicken:
++ $(MAKE) -f Makefile.$(PLATFORM) PLATFORM=$(PLATFORM) CONFIG= confclean
+ $(MAKE) -f Makefile.$(PLATFORM) PLATFORM=$(PLATFORM) PREFIX=/nowhere CONFIG= \
+ CHICKEN=$(CHICKEN) PROGRAM_SUFFIX=-boot-stage1 STATICBUILD=1 \
+ C_COMPILER_OPTIMIZATION_OPTIONS= C_HACKED_APPLY= BUILDING_CHICKEN_BOOT=1 \
+- confclean chicken-boot-stage1$(EXE)
++ chicken-boot-stage1$(EXE)
++ $(MAKE) -f Makefile.$(PLATFORM) PLATFORM=$(PLATFORM) CONFIG= touchfiles
+ $(MAKE) -f Makefile.$(PLATFORM) PLATFORM=$(PLATFORM) PREFIX=/nowhere CONFIG= \
+ CHICKEN=.$(SEP)chicken-boot-stage1$(EXE) PROGRAM_SUFFIX=-boot \
+ STATICBUILD=1 C_COMPILER_OPTIMIZATION_OPTIONS= \
+- touchfiles chicken-boot$(EXE) confclean
++ chicken-boot$(EXE)
++ $(MAKE) -f Makefile.$(PLATFORM) PLATFORM=$(PLATFORM) CONFIG= confclean
+
+ .PHONY: touchfiles
+
next reply other threads:[~2013-04-10 20:59 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-10 20:59 Erik Falor [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-06-07 6:32 [gentoo-commits] proj/lisp:master commit in: dev-scheme/chicken/files/, dev-scheme/chicken/ Erik Falor
2013-04-11 22:47 Erik Falor
2013-04-08 21:14 Panagiotis Christopoulos
2013-04-08 17:03 Erik Falor
2013-04-07 23:38 Panagiotis Christopoulos
2013-02-21 18:31 Erik Falor
2013-02-05 23:57 Panagiotis Christopoulos
2012-09-24 22:16 Erik Falor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1365627551.38247a08290dd404a96152c032db9e0167d3d8b7.erik_falor@gentoo \
--to=ewfalor@gmail.com \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox