Your message dated Sun, 12 Jun 2016 23:23:19 +0000
with message-id <[email protected]>
and subject line Bug#825724: fixed in chicken 4.10.0-1
has caused the Debian Bug report #825724,
regarding chicken: diff for NMU version 4.9.0.1-1.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
825724: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825724
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: chicken
Version: 4.9.0.1-1
Severity: normal
Tags: patch pending
Dear maintainer,
I've prepared an NMU for chicken (versioned as 4.9.0.1-1.1). The diff
is attached to this message.
Regards.
diff -Nru chicken-4.9.0.1/debian/changelog chicken-4.9.0.1/debian/changelog
--- chicken-4.9.0.1/debian/changelog 2014-11-23 19:28:44.000000000 +0100
+++ chicken-4.9.0.1/debian/changelog 2016-05-29 10:46:57.000000000 +0200
@@ -1,3 +1,12 @@
+chicken (4.9.0.1-1.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2015-4556: cherry pick patch from upstream repository (Closes: #788833)
+ * CVE-2014-9651: cherry pick patch from upstream repository (Closes: #775346)
+ * Add chicken-bin to B-D to prevent FTBFS.
+
+ -- Tobias Frost <[email protected]> Sat, 28 May 2016 23:17:57 +0200
+
chicken (4.9.0.1-1) unstable; urgency=high
* New upstream version;
diff -Nru chicken-4.9.0.1/debian/control chicken-4.9.0.1/debian/control
--- chicken-4.9.0.1/debian/control 2014-11-23 19:23:35.000000000 +0100
+++ chicken-4.9.0.1/debian/control 2016-05-29 10:37:54.000000000 +0200
@@ -3,7 +3,7 @@
Section: interpreters
Priority: optional
Maintainer: Davide Puricelli (evo) <[email protected]>
-Build-Depends: debhelper (>> 5.0.0), texinfo, chrpath
+Build-Depends: debhelper (>> 5.0.0), texinfo, chrpath, chicken-bin
Standards-Version: 3.8.4.0
Package: chicken-bin
diff -Nru chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch
chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch
--- chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch 1970-01-01
01:00:00.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/CVE-2014-9651.patch 2016-05-28
23:20:41.000000000 +0200
@@ -0,0 +1,73 @@
+From 230eed2745ea2b57de3c9073e8596892b1da2d8c Mon Sep 17 00:00:00 2001
+From: Moritz Heidkamp <address@hidden>
+Date: Sun, 14 Dec 2014 23:33:52 +0100
+Subject: [PATCH] Fix buffer overrun in substring-index[-ci]
+
+When passing a start index greater than 0, substring-index[-ci] would
+scan past the end of the subject string, leading to bogus results in
+case the substring is accidentally run into beyond the end of the
+subject. This patch fixes the issue and also adds a range check for the
+start index.
+---
+ data-structures.scm | 22 ++++++++++++++--------
+ tests/data-structures-tests.scm | 11 ++++++++++-
+ 2 files changed, 24 insertions(+), 9 deletions(-)
+
+--- a/data-structures.scm
++++ b/data-structures.scm
+@@ -303,15 +303,21 @@
+ (define (traverse which where start test loc)
+ (##sys#check-string which loc)
+ (##sys#check-string where loc)
+- (let ([wherelen (##sys#size where)]
+- [whichlen (##sys#size which)] )
++ (let* ((wherelen (##sys#size where))
++ (whichlen (##sys#size which))
++ (end (fx- wherelen whichlen)))
+ (##sys#check-exact start loc)
+- (let loop ([istart start] [iend whichlen])
+- (cond [(fx> iend wherelen) #f]
+- [(test istart whichlen) istart]
+- [else
+- (loop (fx+ istart 1)
+- (fx+ iend 1) ) ] ) ) ) )
++ (if (and (fx>= start 0)
++ (fx> wherelen start))
++ (let loop ((istart start))
++ (cond ((fx> istart end) #f)
++ ((test istart whichlen) istart)
++ (else (loop (fx+ istart 1)))))
++ (##sys#error-hook (foreign-value "C_OUT_OF_RANGE_ERROR" int)
++ loc
++ start
++ wherelen))))
++
+ (set! ##sys#substring-index
+ (lambda (which where start)
+ (traverse
+--- a/tests/data-structures-tests.scm
++++ b/tests/data-structures-tests.scm
+@@ -1,6 +1,6 @@
+ ;;;; data-structures-tests.scm
+
+-(use data-structures)
++(use data-structures lolevel)
+
+ (define-syntax assert-error
+ (syntax-rules ()
+@@ -54,6 +54,15 @@
+ (assert (string=? "x" (string-translate* "ab" '(("ab" . "x")))))
+ (assert (string=? "xy" (string-translate* "xyz" '(("z" . "")))))
+
++
++;; This used to fail because substring-index and co. used to search
++;; beyond the end of the subject string when a start index > 0 was
++;; provided. We use object-evict to ensure that the strings are placed
++;; in adjacent memory ranges so we can detect this error.
++(let* ((foo (object-evict (make-string 32 #\x)))
++ (bar (object-evict "y")))
++ (assert (not (substring-index "y" foo 30))))
++
+ ;; topological-sort
+
+ (assert (equal? '() (topological-sort '() eq?)))
diff -Nru chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch
chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch
--- chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch 1970-01-01
01:00:00.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/CVE-2015-4556.patch 2016-05-29
11:00:13.000000000 +0200
@@ -0,0 +1,72 @@
+commit 8a460209d78ed532c0b92e32c21625c4952bde3c
+Author: Peter Bex <[email protected]>
+Date: Sun Jun 14 19:52:26 2015 +0200
+
+ Fix potential buffer overrun error in string-translate*
+
+ string-translate* would scan from every position in the target string
+ for each source string in the map, even if that would mean scanning
+ past the end. The out-of-bounds read would be limited to the size of
+ the overlapping prefix in the trailing garbage beyond the string,
+ because memcmp will stop scanning as soon as there is a different
+ byte in either of the memory areas.
+
+ This also adds a few basic tests for string-translate*
+
+ Signed-off-by: Evan Hanson <[email protected]>
+
+--- a/data-structures.scm
++++ b/data-structures.scm
+@@ -504,7 +504,7 @@
+ (define (string-translate* str smap)
+ (##sys#check-string str 'string-translate*)
+ (##sys#check-list smap 'string-translate*)
+- (let ([len (##sys#size str)])
++ (let ((len (##sys#size str)))
+ (define (collect i from total fs)
+ (if (fx>= i len)
+ (##sys#fragments->string
+@@ -513,15 +513,16 @@
+ (if (fx> i from)
+ (cons (##sys#substring str from i) fs)
+ fs) ) )
+- (let loop ([smap smap])
++ (let loop ((smap smap))
+ (if (null? smap)
+ (collect (fx+ i 1) from (fx+ total 1) fs)
+- (let* ([p (car smap)]
+- [sm (car p)]
+- [smlen (string-length sm)]
+- [st (cdr p)] )
+- (if (##core#inline "C_substring_compare" str sm i 0 smlen)
+- (let ([i2 (fx+ i smlen)])
++ (let* ((p (car smap))
++ (sm (car p))
++ (smlen (string-length sm))
++ (st (cdr p)) )
++ (if (and (fx<= (fx+ i smlen) len)
++ (##core#inline "C_substring_compare" str sm i 0
smlen))
++ (let ((i2 (fx+ i smlen)))
+ (when (fx> i from)
+ (set! fs (cons (##sys#substring str from i) fs)) )
+ (collect
+--- a/tests/data-structures-tests.scm
++++ b/tests/data-structures-tests.scm
+@@ -43,6 +43,17 @@
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00a")))
+ (assert (< 0 (string-compare3-ci "foo\x00b" "foo\x00A")))
+
++(assert (string=? "bde" (string-translate* "abcd"
++ '(("a" . "b")
++ ("b" . "")
++ ("c" . "d")
++ ("d" . "e")))))
++(assert (string=? "bc" (string-translate* "abc"
++ '(("ab" . "b")
++ ("bc" . "WRONG")))))
++(assert (string=? "x" (string-translate* "ab" '(("ab" . "x")))))
++(assert (string=? "xy" (string-translate* "xyz" '(("z" . "")))))
++
+ ;; topological-sort
+
+ (assert (equal? '() (topological-sort '() eq?)))
diff -Nru chicken-4.9.0.1/debian/patches/fix-manpages.patch
chicken-4.9.0.1/debian/patches/fix-manpages.patch
--- chicken-4.9.0.1/debian/patches/fix-manpages.patch 2014-11-23
19:23:35.000000000 +0100
+++ chicken-4.9.0.1/debian/patches/fix-manpages.patch 2016-05-28
23:16:49.000000000 +0200
@@ -1,8 +1,6 @@
-Index: chicken-4.9.0/chicken-install.1
-===================================================================
---- chicken-4.9.0.orig/chicken-install.1
-+++ chicken-4.9.0/chicken-install.1
-@@ -42,7 +42,7 @@ installation paths if specified.
+--- a/chicken-install.1
++++ b/chicken-install.1
+@@ -42,7 +42,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -11,11 +9,9 @@
)
.SH DOCUMENTATION
-Index: chicken-4.9.0/chicken-status.1
-===================================================================
---- chicken-4.9.0.orig/chicken-status.1
-+++ chicken-4.9.0/chicken-status.1
-@@ -35,7 +35,7 @@ when configuring the system.
+--- a/chicken-status.1
++++ b/chicken-status.1
+@@ -35,7 +35,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -24,11 +20,9 @@
)
-Index: chicken-4.9.0/chicken-uninstall.1
-===================================================================
---- chicken-4.9.0.orig/chicken-uninstall.1
-+++ chicken-4.9.0/chicken-uninstall.1
-@@ -41,7 +41,7 @@ installation paths if specified.
+--- a/chicken-uninstall.1
++++ b/chicken-uninstall.1
+@@ -41,7 +41,7 @@
.B CHICKEN_REPOSITORY
The path where extension libraries are installed. Defaults to the
package-library
path selected during configuration (usually
@@ -37,11 +31,9 @@
)
-Index: chicken-4.9.0/chicken.1
-===================================================================
---- chicken-4.9.0.orig/chicken.1
-+++ chicken-4.9.0/chicken.1
-@@ -21,10 +21,6 @@ is a compiler and interpreter for the pr
+--- a/chicken.1
++++ b/chicken.1
+@@ -21,10 +21,6 @@
supporting most of the features as described in the
.I Revised^5 Report on
.I the Algorithmic Language Scheme
@@ -52,10 +44,8 @@
For a more convenient interface, see the manual page for csc(1).
.SH OPTIONS
-Index: chicken-4.9.0/csi.1
-===================================================================
---- chicken-4.9.0.orig/csi.1
-+++ chicken-4.9.0/csi.1
+--- a/csi.1
++++ b/csi.1
@@ -3,9 +3,7 @@
.SH NAME
diff -Nru chicken-4.9.0.1/debian/patches/series
chicken-4.9.0.1/debian/patches/series
--- chicken-4.9.0.1/debian/patches/series 2014-11-23 19:23:35.000000000
+0100
+++ chicken-4.9.0.1/debian/patches/series 2016-05-29 10:44:14.000000000
+0200
@@ -1 +1,3 @@
fix-manpages.patch
+CVE-2015-4556.patch
+CVE-2014-9651.patch
--- End Message ---
--- Begin Message ---
Source: chicken
Source-Version: 4.10.0-1
We believe that the bug you reported is fixed in the latest version of
chicken, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Davide Puricelli (evo) <[email protected]> (supplier of updated chicken package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 12 Jun 2016 17:33:30 +0200
Source: chicken
Binary: chicken-bin libchicken7 libchicken-dev
Architecture: source amd64
Version: 4.10.0-1
Distribution: unstable
Urgency: high
Maintainer: Davide Puricelli (evo) <[email protected]>
Changed-By: Davide Puricelli (evo) <[email protected]>
Description:
chicken-bin - Practical and portable Scheme system - compiler
libchicken-dev - Practical and portable Scheme system - development
libchicken7 - Practical and portable Scheme system - runtime
Closes: 775346 788833 825724
Changes:
chicken (4.10.0-1) unstable; urgency=high
.
* New upstream version, fixing CVE-2014-9651 and CVE-2015-4556.
closes: #775346, #788833.
* ACK to Tobias Frost's NMU, thanks! closes: #825724.
Checksums-Sha1:
043cecaac5e1e22a4ece770f861ea8362453aeab 1835 chicken_4.10.0-1.dsc
bbb532abc6f7df306b4868218036c5188738d772 4020442 chicken_4.10.0.orig.tar.gz
19a9deef4e5be1f5b92a99381c6dcc4f7b093a3b 6372 chicken_4.10.0-1.debian.tar.xz
f65ea472990349753dfdf7c3a15e650b6fb6600c 2442428
chicken-bin-dbgsym_4.10.0-1_amd64.deb
3f185b512731b66a1086b9b1c63ffd082b76e7e5 1031360 chicken-bin_4.10.0-1_amd64.deb
1b7f31032be2bee5c80e23762586e49c34816bc5 1046760
libchicken-dev_4.10.0-1_amd64.deb
fb681a5319427abffe731f1926f3db98700e50a0 3154652
libchicken7-dbgsym_4.10.0-1_amd64.deb
ea2237ec42a39c322effef93f02440233c588a1c 932460 libchicken7_4.10.0-1_amd64.deb
Checksums-Sha256:
f2669d5f06a524c38bc76f376851cca28710a4c87c271fa305a417b42f60f779 1835
chicken_4.10.0-1.dsc
0e07f5abcd11961986950dbeaa5a40db415f8a1b65daff9c300e9b05b334899b 4020442
chicken_4.10.0.orig.tar.gz
3054d23999ae80c307a9ec710968cdb0b2f2b57a0ab0747eefe4486891d95ed2 6372
chicken_4.10.0-1.debian.tar.xz
b9037357c20caae35ebfef6f0792607dac04fb7c73c4f552d402499049e0fbe8 2442428
chicken-bin-dbgsym_4.10.0-1_amd64.deb
99d584ab67733a83d2eeba4de5646eb076cf9bdeca91aa0bc9f2bfc66249ed2d 1031360
chicken-bin_4.10.0-1_amd64.deb
96e9de88ed9565fd74a142fe8e664bbee64f75ab2259ff02fa57825bacde1470 1046760
libchicken-dev_4.10.0-1_amd64.deb
ae83de91fc7255d12a0f555309e296267e200c8b4a602cec544e8c759a50382f 3154652
libchicken7-dbgsym_4.10.0-1_amd64.deb
d35d9aa8b635c5dde2d4fae5a377265e30d9410c28289efa5503f6ebafd4cac6 932460
libchicken7_4.10.0-1_amd64.deb
Files:
ac76a18f89d2ab3ad9277a03c4978355 1835 interpreters optional
chicken_4.10.0-1.dsc
5585edb369eb2a49f1f92775419852e7 4020442 interpreters optional
chicken_4.10.0.orig.tar.gz
d65db476b4b89cf1be3529c0ed1dea01 6372 interpreters optional
chicken_4.10.0-1.debian.tar.xz
864323bed3e719a360f19a808e46fffd 2442428 debug extra
chicken-bin-dbgsym_4.10.0-1_amd64.deb
760418fcc30fe97b6e2e9e2c8bc48b54 1031360 lisp optional
chicken-bin_4.10.0-1_amd64.deb
0ca72b595742393a1a22c67c1aa0ac7b 1046760 libdevel optional
libchicken-dev_4.10.0-1_amd64.deb
e5b7fa0bdadc6251bbe89a6062aeac88 3154652 debug extra
libchicken7-dbgsym_4.10.0-1_amd64.deb
e8a7a1945d640b15c3a0d3029ee02e82 932460 libs optional
libchicken7_4.10.0-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXXeeHAAoJEOZlB46OavE+2xQQAIzpvl7tM6RZyaL23quox12O
qhchaE3S/cIYPANpqFReu9lkc/8fSOd3I0gsYIGkY6sp0xFOw8f+EJc98ANt3y5u
rLg8zCUnA/UCnotEJ8Qiz/MccqZKCXWZcvbiuaDO8UV1+/vAUeAB8GE0mn5VYC26
064zn0+3o7Rn19X2W8BFRbNrnh/eUYefrHxhPc9yXwa1LSusmg0OnE9ALZO9acYR
nv7AwOYTmbmv+96Ffg85XGnWFzIWBZ+nGSPXUfcOS8Y3Hn8LlNQjSWOOGJnmWzfG
aiOnC0L3fvIEwRXWB07MCqkugZKrC4T6f0xjlCw7vijY9bLvFIBoBjkoVGmzAb7e
4xqq5N2tNAErEpbl7DJaz+h/SGEp4nI1jQBZc2GK9lbMS5wzi0YBiaNV+ERcFhia
umXvkOs98/6RmaqEd9WWmn/FjPlvih7WOk/ai/jY1bL5ROKiQbqTn957VCnGFPgj
1GwGFQ3NkrQZIPHxTKyV2KPPO0qrift/7P0wcR4q1KNnIZSi5dOYlBP/LJM8HXSN
PlRbtNDTHWxKUhdia5F5x2gBxJMT3suLplbWtDvHP+dFvZPYzCHthGHc3zlxDBKE
5MQMBz/3OcnkTx33IyNfTBbMQk9m2dJjl3BmIYs7kxhN2/+IfP0r09nBUVb6/P0A
u5MEJUZI8c22P034iZUd
=5qCb
-----END PGP SIGNATURE-----
--- End Message ---
