Skip to content

Commit

Permalink
Pullup ticket #5850 - requested by bsiegert
Browse files Browse the repository at this point in the history
lang/chicken: security update

Revisions pulled up:
- lang/chicken/Makefile                                         1.59-1.60
- lang/chicken/distinfo                                         1.43

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Sun Oct 14 09:07:25 UTC 2018

   Modified Files:
           pkgsrc/lang/chicken: Makefile distinfo

   Log Message:
   chicken: Update lang/chicken to 4.13.0

   Patch provided by dziltener via PR pkg/52929, thanks!

   Changes:
   4.13.0

   - Security fixes
     - CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
       when allocating in non-GC memory, resulting in potential 1-word
       buffer overrun and/or segfault (thanks to Lemonboy).
     - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
       #1375, thanks to "megane").
     - CVE-2017-11343: The randomization factor of the symbol table was
       set before the random seed was set, causing it to have a fixed value
       on many platforms.

   - Core Libraries
     - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
       interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
     - char-ready? on string ports now also returns #t at EOF, as per R5RS;
       in other words, it always returns #t (thanks to Moritz Heidkamp)
     - Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
       on s8vectors (thanks to Kristian Lein-Mathisen).
     - Large literals no longer crash with "invalid encoded numeric literal"
       on mingw-64 (#1344, thanks to Lemonboy).
     - Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
       from being matched correctly (Thanks to Lemonboy and Chunyang Xu).

   - Runtime system:
     - The profiler no longer uses malloc from a signal handler which may
       cause deadlocks (#1414, thanks to Lemonboy).
     - The scheduler no longer indirectly hangs on to the old thread
       when switching to a new one, which caused excessive memory
       consumption (#1367, thanks to "megane").
     - C++ programs no longer fail with a symbol lookup error when
       compiled with debugger support (-d3 or -debug-info).

   - Syntax expander
     - Renaming an identifier twice no longer results in an undo of the
       rename (fixes #1362, thanks to "megane").

   - Build system
     - Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
     - Fixed compilation on DragonflyBSD due to no feature macro support
       in its standard C library (thanks to Markus Pfeiffer).

   - Compiler
     - The scrutinizer no longer uses 'fixnum as the type for fixnums
       that might not fit into a fixnum on 32-bit architectures.

   - Foreign function interface
     - Correctly calculate memory requirements of Scheme objects produced
       from foreign types with "const" qualifiers, avoiding memory
       corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
     - Do not read beyond temporary stack buffer, which could lead to
       a crash when returning from a foreign callback (#1428).

   4.12.0

   - Security fixes
     - CVE-2016-6830: Fix buffer overrun due to excessively long argument
       or environment lists in process-execute and process-spawn (#1308).
       This also removes unnecessary limitations on the length of
       these lists (thanks to Vasilij Schneidermann).
     - CVE-2016-6831: Fix memory leak in process-execute and
       process-spawn.  If, during argument and environment list
       processing, a list item isn't a string, an exception is thrown,
       in which case previously malloc()ed strings weren't freed.
     - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
       an exponential explosion in compilation of nested "+" patterns.

   - Compiler:
     - define-constant now correctly keeps symbol values quoted.
     - Warnings are now emitted when using vector-{ref,set!} or one
       of take, drop, list-ref or list-tail with an out of range index
       for vectors and proper lists of a definitely known length.
     - The scrutinizer will no longer drop knowledge of the length of a
       vector.  It still drops types of its contents (which may be mutated).
     - Fixed incorrect argvector restoration after GC in directly
       recursive functions (#1317).
     - "Direct" procedure invocations now also maintain debug info (#894).

   - Syntax expander
     - DSSSL lambda lists have improved hygiene, so they don't need
       the chicken or scheme modules to be imported in full (#806).
     - The let-optionals* macro no longer needs "quote", "car" and "cdr"
       to be imported and bound to their default values (#806).

   - Runtime system:
     - C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
       which is faster because it is inlined (#1260, thanks to Kooda).
     - The default error handler now truncates very long condition
       messages (thanks to Lemonboy).
     - Weak symbol GC (-:w) no longer drops random symbols (#1173).
     - The number of arguments to procedures, both via "apply" and direct
       invocation, are now limited only by the C stack size (#1098).
     - "time" macro now shows peak memory usage (#1318, thanks to Kooda).
     - Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).

   - Core libraries:
     - Irregex has been updated to 0.9.5, which fixes matching of all "bow"
       occurrances beyond the first with irregex-fold (upstream issue #14).
     - Keywords are more consistently read/written, like symbols (#1332).
     - SRFI-39: When jumping out of a parameterized dynamic extent,
       "parameterize" now remember the actual values, so when jumping back
       in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
       This was a regression caused by the fix for #1227.

   - Tools:
     - "chicken-install"
       - When installing eggs in deploy mode with "-keep-installed", eggs
         under the prefix won't unnecessarily be reinstalled (#1144).
       - Added new option "-no-install-deps" which inhibits automatic
         installation of dependencies, useful with "-prefix" (#1298).


   To generate a diff of this commit:
   cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   jperkin
   Date:           Thu Oct 18 14:32:43 UTC 2018

   Modified Files:
           pkgsrc/lang/chicken: Makefile

   Log Message:
   chicken: Set INSTALL_PROGRAM, fixes install on SunOS.


   To generate a diff of this commit:
   cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile
  • Loading branch information
spzeidler committed Oct 20, 2018
1 parent fdde3eb commit 1c92dd8
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 7 deletions.
5 changes: 3 additions & 2 deletions lang/chicken/Makefile
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.58 2018/01/01 18:16:36 rillig Exp $
# $NetBSD: Makefile,v 1.58.6.1 2018/10/20 16:31:01 spz Exp $

DISTNAME= chicken-4.11.0
DISTNAME= chicken-4.13.0
CATEGORIES= lang
MASTER_SITES= http://code.call-cc.org/releases/${PKGVERSION_NOREV}/
MASTER_SITES+= http://code.call-cc.org/releases/${PKGVERSION_NOREV:R}/
Expand Down Expand Up @@ -49,6 +49,7 @@ MAKE_FLAGS+= PLATFORM=${PLATFORM:Q} PREFIX=${PREFIX:Q} DESTDIR=${DESTDIR:Q}
MAKE_FLAGS+= MANDIR=${PREFIX:Q}/${PKGMANDIR}
MAKE_FLAGS+= INFODIR=${PREFIX:Q}/${PKGINFODIR:Q}
MAKE_FLAGS+= DOCDIR=${PREFIX:Q}/share/doc/${PKGNAME_NOREV}
MAKE_FLAGS+= INSTALL_PROGRAM=${INSTALL:Q}

TEST_TARGET= check

Expand Down
10 changes: 5 additions & 5 deletions lang/chicken/distinfo
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.42 2016/06/08 14:44:54 asau Exp $
$NetBSD: distinfo,v 1.42.22.1 2018/10/20 16:31:01 spz Exp $

SHA1 (chicken-4.11.0.tar.gz) = b8b1e8b741a5ea5b318c449c3bf8a42f8de8ba69
RMD160 (chicken-4.11.0.tar.gz) = 3207bdd9e5b7d8f454d7612634c1da5bb3b820c7
SHA512 (chicken-4.11.0.tar.gz) = 130d9f35ccecda3aefe4790fcb186eef321947013b681f3f978e3b666a45102ed9bc455c9452fe8b0b81c92cd571138c38365dff5bb7382ea2046a8bf3d188ad
Size (chicken-4.11.0.tar.gz) = 4201815 bytes
SHA1 (chicken-4.13.0.tar.gz) = ebbef7206f7f2faa3ac430a8c1e50f841d5db23e
RMD160 (chicken-4.13.0.tar.gz) = aff50d0949bb753002c01fbe50906735f4330abf
SHA512 (chicken-4.13.0.tar.gz) = 02c2035b4f81da6f4af2d246361ce8debdc9d9c663c3f43b7afb9abbf1ff591a2bb8fa144511b4d747a373dea4dcd9c10cac48466bf97032db76f3830c08709d
Size (chicken-4.13.0.tar.gz) = 4244358 bytes

0 comments on commit 1c92dd8

Please sign in to comment.