From 144c8db9bd91bf5470be7a2c747885f9325f96bc Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 17 Jul 2017 20:14:15 -0400 Subject: gnu: chicken: Fix CVE-2017-11343. * gnu/packages/patches/chicken-CVE-2017-11343.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/scheme.scm (chicken)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/patches/chicken-CVE-2017-11343.patch | 57 +++++++++++++++++++++++ gnu/packages/scheme.scm | 3 +- 3 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/chicken-CVE-2017-11343.patch (limited to 'gnu') diff --git a/gnu/local.mk b/gnu/local.mk index 54dd2f2380..e7395292f8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -536,6 +536,7 @@ dist_patch_DATA = \ %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \ %D%/packages/patches/ceph-skip-unittest_blockdev.patch \ %D%/packages/patches/chicken-CVE-2017-6949.patch \ + %D%/packages/patches/chicken-CVE-2017-11343.patch \ %D%/packages/patches/chmlib-inttypes.patch \ %D%/packages/patches/clang-libc-search-path.patch \ %D%/packages/patches/clang-3.8-libc-search-path.patch \ diff --git a/gnu/packages/patches/chicken-CVE-2017-11343.patch b/gnu/packages/patches/chicken-CVE-2017-11343.patch new file mode 100644 index 0000000000..1d46ad50d9 --- /dev/null +++ b/gnu/packages/patches/chicken-CVE-2017-11343.patch @@ -0,0 +1,57 @@ +Fix CVE-2017-11343: + +https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343 + +Patch copied from upstream mailing list: + +http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt + +From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001 +From: Peter Bex +Date: Fri, 30 Jun 2017 15:39:45 +0200 +Subject: [PATCH 2/2] Initialize symbol table after setting up randomization + +Otherwise, the symbol table wouldn't be correctly randomized. +--- + NEWS | 3 +++ + runtime.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +#diff --git a/NEWS b/NEWS +#index f4b0e041..6588b30e 100644 +#--- a/NEWS +#+++ b/NEWS +#@@ -96,6 +96,9 @@ +# buffer overrun and/or segfault (thanks to Lemonboy). +# - CVE-2017-9334: `length' no longer crashes on improper lists (fixes +# #1375, thanks to "megane"). +#+ - The randomization factor of the symbol table was set before +#+ the random seed was set, causing it to have a fixed value on many +#+ platforms. +# +# - Core Libraries +# - Unit "posix": If file-lock, file-lock/blocking or file-unlock are +diff --git a/runtime.c b/runtime.c +index 81c54dd2..a4580abc 100644 +--- a/runtime.c ++++ b/runtime.c +@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD; + C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD; + memset(signal_mapping_table, 0, sizeof(int) * NSIG); +- initialize_symbol_table(); + C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable"; + error_location = C_SCHEME_FALSE; + C_pre_gc_hook = NULL; +@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel) + callback_continuation_level = 0; + gc_ms = 0; + (void)C_randomize(C_fix(time(NULL))); ++ initialize_symbol_table(); + + if (profiling) { + #ifndef C_NONUNIX +-- +2.11.0 + diff --git a/gnu/packages/scheme.scm b/gnu/packages/scheme.scm index 92c0170205..161138285e 100644 --- a/gnu/packages/scheme.scm +++ b/gnu/packages/scheme.scm @@ -345,7 +345,8 @@ (define-public chicken (base32 "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0")) (patches - (search-patches "chicken-CVE-2017-6949.patch")))) + (search-patches "chicken-CVE-2017-6949.patch" + "chicken-CVE-2017-11343.patch")))) (build-system gnu-build-system) (arguments `(#:modules ((guix build gnu-build-system) -- cgit v1.2.3