Date: Saturday, November 12, 2022 @ 21:39:29
Author: blakkheim
Revision: 1347099
archrelease: copy trunk to community-x86_64
Added:
chicken/repos/community-x86_64/CVE-2022-45145.patch
(from rev 1347098, chicken/trunk/CVE-2022-45145.patch)
chicken/repos/community-x86_64/PKGBUILD
(from rev 1347098, chicken/trunk/PKGBUILD)
Deleted:
chicken/repos/community-x86_64/PKGBUILD
----------------------+
CVE-2022-45145.patch | 77 +++++++++++++++++++++++++++++++++++++++++++
PKGBUILD | 86 ++++++++++++++++++++++++++-----------------------
2 files changed, 123 insertions(+), 40 deletions(-)
Copied: chicken/repos/community-x86_64/CVE-2022-45145.patch (from rev 1347098,
chicken/trunk/CVE-2022-45145.patch)
===================================================================
--- CVE-2022-45145.patch (rev 0)
+++ CVE-2022-45145.patch 2022-11-12 21:39:29 UTC (rev 1347099)
@@ -0,0 +1,77 @@
+From a08f8f548d772ef410c672ba33a27108d8d434f3 Mon Sep 17 00:00:00 2001
+From: Vasilij Schneidermann <[email protected]>
+Date: Sat, 5 Nov 2022 13:49:25 +0100
+Subject: [PATCH 1/1] Split up potentially long echo invocation on win32
+
+Eggs with a very long infostr may trigger the maximum command line
+invocation length of 8191 chars. To avoid running into this
+limitation, the generated install script now creates an empty file,
+then echoes each line into it.
+
+Closes #1800
+
+This patch further addresses some security issues reported by Vasilij
+and applied by Felix Winkelmann:
+
+- disable variable/command expansion in script-fragments
+ that produce egg-info files.
+- limit the maximum line length of shell commands in for
+ Windows in the latter.
+
+Signed-off-by: felix <[email protected]>
+Signed-off-by: Peter Bex <[email protected]>
+---
+ egg-compile.scm | 24 ++++++++++++++++++++----
+ 1 file changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/egg-compile.scm b/egg-compile.scm
+index c1f2ceb0..9ba45681 100644
+--- a/egg-compile.scm
++++ b/egg-compile.scm
+@@ -1129,7 +1129,7 @@ EOF
+
+ ~a ~a~a
+ ~a ~a~a
+-cat >~a~a <<ENDINFO
++cat >~a~a <<'ENDINFO'
+ ~aENDINFO~%
+ EOF
+ mkdir ddir qdir
+@@ -1139,11 +1139,18 @@ EOF
+ (printf #<<EOF
+
+ ~a ~a~a
+-echo ~a >~a~a~%
++copy /y nul ~a~a~%
++~a
+ EOF
+ mkdir ddir qdir
+- (string-intersperse (string-split infostr "\n") "^\n\n")
+- ddir dest)))))
++ ddir dest
++ (string-intersperse (map (lambda (line)
++ (ensure-line-limit
++ (caretize (format "echo ~a
>>~a~a"
++ line ddir
dest))
++ 8191 ))
++ (string-split infostr "\n"))
++ "\n"))))))
+
+ ;;; some utilities for mangling + quoting
+
+@@ -1227,3 +1234,12 @@ EOF
+ (substring fname (add1 plen))))
+
+ (define (maybe f x) (if f (list x) '()))
++
++(define (caretize str)
++ (string-translate* str '(("&" . "^&") ("^" . "^^") ("|" . "^|")
++ ("<" . "^<") (">" . "^>"))))
++
++(define (ensure-line-limit str lim)
++ (when (>= (string-length str) lim)
++ (error "line length exceeds platform limit: " str))
++ str)
+--
+2.20.1
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2022-11-12 21:39:01 UTC (rev 1347098)
+++ PKGBUILD 2022-11-12 21:39:29 UTC (rev 1347099)
@@ -1,40 +0,0 @@
-# Maintainer: Alexander F. Rødseth <[email protected]>
-# Contributor: Vesa Kaihlavirta <[email protected]>
-# Contributor: David <[email protected]>
-
-pkgname=chicken
-pkgver=5.3.0
-pkgrel=3
-pkgdesc='Feature rich R5RS Scheme compiler and interpreter'
-arch=(x86_64)
-url='https://call-cc.org/'
-license=(BSD)
-makedepends=(chicken)
-optdepends=('tk: for the tcl/tk egg')
-options=(staticlibs)
-source=("https://code.call-cc.org/releases/$pkgver/$pkgname-$pkgver.tar.gz";)
-b2sums=('7e1fb8c844542927eec53df751014f718b8c96fb6cf390d6464d7d55467c7320346be9ed05202b9c5c96548f274243ae52fead488981d7c207bec2c001db7cd7')
-
-build() {
- export CFLAGS+=' -ffat-lto-objects'
- export CXXFLAGS+=' -ffat-lto-objects'
- make -j1 -C $pkgname-$pkgver \
- CSC_PROGRAM=chicken-csc \
- CSI_PROGRAM=chicken-csi \
- PLATFORM=linux \
- PREFIX=/usr
-}
-
-package() {
- cd $pkgname-$pkgver
- make -j1 \
- CSC_PROGRAM=chicken-csc \
- CSI_PROGRAM=chicken-csi \
- DESTDIR="$pkgdir" \
- PLATFORM=linux \
- PREFIX=/usr \
- install
- install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
-}
-
-# getver: code.call-cc.org/releases/current/NEWS
Copied: chicken/repos/community-x86_64/PKGBUILD (from rev 1347098,
chicken/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2022-11-12 21:39:29 UTC (rev 1347099)
@@ -0,0 +1,46 @@
+# Maintainer: Alexander F. Rødseth <[email protected]>
+# Contributor: Vesa Kaihlavirta <[email protected]>
+# Contributor: David <[email protected]>
+
+pkgname=chicken
+pkgver=5.3.0
+pkgrel=4
+pkgdesc='Feature rich R5RS Scheme compiler and interpreter'
+arch=(x86_64)
+url='https://call-cc.org/'
+license=(BSD)
+makedepends=(chicken)
+optdepends=('tk: for the tcl/tk egg')
+options=(staticlibs)
+source=("https://code.call-cc.org/releases/$pkgver/$pkgname-$pkgver.tar.gz";
+ "CVE-2022-45145.patch")
+b2sums=('7e1fb8c844542927eec53df751014f718b8c96fb6cf390d6464d7d55467c7320346be9ed05202b9c5c96548f274243ae52fead488981d7c207bec2c001db7cd7'
+
'0b07d7935da0619eb2dfba4d0944c45bb5aa6d46e904125f9ee5b55ef6592d5619b7b6aa8a3136b76d8de4f3d768c6831b386a872bd6518f8b3fa04bb9f767d4')
+
+prepare() {
+ patch -Np1 -i ../CVE-2022-45145.patch -d $pkgname-$pkgver
+}
+
+build() {
+ export CFLAGS+=' -ffat-lto-objects'
+ export CXXFLAGS+=' -ffat-lto-objects'
+ make -j1 -C $pkgname-$pkgver \
+ CSC_PROGRAM=chicken-csc \
+ CSI_PROGRAM=chicken-csi \
+ PLATFORM=linux \
+ PREFIX=/usr
+}
+
+package() {
+ cd $pkgname-$pkgver
+ make -j1 \
+ CSC_PROGRAM=chicken-csc \
+ CSI_PROGRAM=chicken-csi \
+ DESTDIR="$pkgdir" \
+ PLATFORM=linux \
+ PREFIX=/usr \
+ install
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+}
+
+# getver: code.call-cc.org/releases/current/NEWS
