3 files changed, 60 insertions(+), 1 deletions(-)

M gnu/local.mk
A gnu/packages/patches/chicken-CVE-2017-11343.patch
M gnu/packages/scheme.scm

@@ 536,6 536,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chicken-CVE-2017-6949.patch		\
+  %D%/packages/patches/chicken-CVE-2017-11343.patch		\
   %D%/packages/patches/chmlib-inttypes.patch			\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\

@@ 0,0 1,57 @@
+Fix CVE-2017-11343:
+
+https://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11343
+
+Patch copied from upstream mailing list:
+
+http://lists.gnu.org/archive/html/chicken-hackers/2017-06/txtod8Pa1wGU0.txt
+
+From ae2633195cc5f4f61c9da4ac90f0c14c010dcc3d Mon Sep 17 00:00:00 2001
+From: Peter Bex <address@hidden>
+Date: Fri, 30 Jun 2017 15:39:45 +0200
+Subject: [PATCH 2/2] Initialize symbol table after setting up randomization
+
+Otherwise, the symbol table wouldn't be correctly randomized.
+---
+ NEWS      | 3 +++
+ runtime.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+#diff --git a/NEWS b/NEWS
+#index f4b0e041..6588b30e 100644
+#--- a/NEWS
+#+++ b/NEWS
+#@@ -96,6 +96,9 @@
+#     buffer overrun and/or segfault (thanks to Lemonboy).
+#   - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
+#     #1375, thanks to "megane").
+#+  - The randomization factor of the symbol table was set before
+#+    the random seed was set, causing it to have a fixed value on many
+#+    platforms.
+# 
+# - Core Libraries
+#   - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
+diff --git a/runtime.c b/runtime.c
+index 81c54dd2..a4580abc 100644
+--- a/runtime.c
++++ b/runtime.c
+@@ -799,7 +799,6 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   C_initial_timer_interrupt_period = INITIAL_TIMER_INTERRUPT_PERIOD;
+   C_timer_interrupt_counter = INITIAL_TIMER_INTERRUPT_PERIOD;
+   memset(signal_mapping_table, 0, sizeof(int) * NSIG);
+-  initialize_symbol_table();
+   C_dlerror = "cannot load compiled code dynamically - this is a statically linked executable";
+   error_location = C_SCHEME_FALSE;
+   C_pre_gc_hook = NULL;
+@@ -816,6 +815,7 @@ int CHICKEN_initialize(int heap, int stack, int symbols, void *toplevel)
+   callback_continuation_level = 0;
+   gc_ms = 0;
+   (void)C_randomize(C_fix(time(NULL)));
++  initialize_symbol_table();
+ 
+   if (profiling) {
+ #ifndef C_NONUNIX
+-- 
+2.11.0
+

@@ 345,7 345,8 @@ mashups, office (web agendas, mail clients, ...), etc.")
                (base32
                 "12b9gaa9lqh39lj1v4wm48f6z8ww3jdkvc5bh9gqqvn6kd2wwnk0"))
               (patches
-               (search-patches "chicken-CVE-2017-6949.patch"))))
+               (search-patches "chicken-CVE-2017-6949.patch"
+                               "chicken-CVE-2017-11343.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:modules ((guix build gnu-build-system)