[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-hackers] multiple issues in embedded PCRE
|
From: |
Marijn Schouten (hkBst) |
|
Subject: |
Re: [Chicken-hackers] multiple issues in embedded PCRE |
|
Date: |
Wed, 21 Nov 2007 17:44:48 +0100 |
|
User-agent: |
Thunderbird 2.0.0.9 (X11/20071115) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kon Lovett wrote:
>> chicken ships its own copy of libpcre which has multiple vulnerabilities
>> <http://secunia.com/advisories/27543/>.
>
> Chicken ships w/ PCRE 7.4
No it doesn't. There are some nightly snapshots which contain this version,
but no release.
The 2.731 snapshot, (which I think is the latest that doesn't change anymore),
fails make with:
makeinfo --no-split chicken.texi
echo "# define C_INSTALL_CC \"gcc\"" >>chicken-defaults.h
Assembler messages:
Fatal error: can't create
apply-hack.x86-64/home/marijn/cvs/gentoo-x86/dev-scheme/chicken: No such file
or directory
This goes away if I don't build paralelly, but a similar error occurs a bit
further down:
echo "#define C_HACKED_APPLY" >>chicken-config.h
cat chicken-defaults.h >>chicken-config.h
gcc -fno-strict-aliasing -DHAVE_CHICKEN_CONFIG_H -DC_ENABLE_PTABLES -I. \
-c -O2 -pipe -ggdb \
-DC_BUILDING_LIBCHICKEN library.c -o
library-static/home/marijn/cvs/gentoo-x86/dev-scheme/chicken
Assembler messages:
Fatal error: can't create
library-static/home/marijn/cvs/gentoo-x86/dev-scheme/chicken: No such file or
directory
library.c:36849: fatal error: error writing to -: Broken pipe
compilation terminated.
The bug is not reproducible, so it is likely a hardware or OS problem.
And its snarky comment is a lie. This is very reproducible. Apparently it has
some issues with directories. Using
http://chicken.wiki.br/dev-snapshots/2007/11/21/chicken-2.732.tar.gz
does nothing to improve the situation.
I'll be talking to our security staff what to do, but you're making it very
hard for me here, with only vulnerable releases and unusable snapshots.
Marijn
- --
Marijn Schouten (hkBst), Gentoo Lisp project, Gentoo ML
<http://www.gentoo.org/proj/en/lisp/>, #gentoo-{lisp,ml} on FreeNode
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHRGCAp/VmCx0OL2wRAngDAJ4wf+CYDOjVLdiBf0osjtLVJSvbVgCgtTmY
Dsb7lXjYDsIE84nncAUN2SY=
=ZbZf
-----END PGP SIGNATURE-----
- [Chicken-hackers] multiple issues in embedded PCRE, Marijn Schouten (hkBst), 2007/11/13
- Re: [Chicken-hackers] multiple issues in embedded PCRE, John Cowan, 2007/11/13
- Message not available
- Re: [Chicken-hackers] multiple issues in embedded PCRE,
Marijn Schouten (hkBst) <=
- Re: [Chicken-hackers] multiple issues in embedded PCRE, Mario Domenech Goulart, 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, Marijn Schouten (hkBst), 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, John Cowan, 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, Zbigniew, 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, Marijn Schouten (hkBst), 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, John Cowan, 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, Mario Domenech Goulart, 2007/11/21
- Re: [Chicken-hackers] multiple issues in embedded PCRE, John Cowan, 2007/11/22
- Re: ***SPAM*** Re: [Chicken-hackers] multiple issues in embedded PCRE, Mario Domenech Goulart, 2007/11/22
- Re: ***SPAM*** Re: [Chicken-hackers] multiple issues in embedded PCRE, John Cowan, 2007/11/23