Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Pullup ticket #5850 - requested by bsiegert
lang/chicken: security update Revisions pulled up: - lang/chicken/Makefile 1.59-1.60 - lang/chicken/distinfo 1.43 ------------------------------------------------------------------- Module Name: pkgsrc Committed By: leot Date: Sun Oct 14 09:07:25 UTC 2018 Modified Files: pkgsrc/lang/chicken: Makefile distinfo Log Message: chicken: Update lang/chicken to 4.13.0 Patch provided by dziltener via PR pkg/52929, thanks! Changes: 4.13.0 - Security fixes - CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors when allocating in non-GC memory, resulting in potential 1-word buffer overrun and/or segfault (thanks to Lemonboy). - CVE-2017-9334: `length' no longer crashes on improper lists (fixes #1375, thanks to "megane"). - CVE-2017-11343: The randomization factor of the symbol table was set before the random seed was set, causing it to have a fixed value on many platforms. - Core Libraries - Unit "posix": If file-lock, file-lock/blocking or file-unlock are interrupted by a signal, we now retry (thanks to Joerg Wittenberger). - char-ready? on string ports now also returns #t at EOF, as per R5RS; in other words, it always returns #t (thanks to Moritz Heidkamp) - Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax on s8vectors (thanks to Kristian Lein-Mathisen). - Large literals no longer crash with "invalid encoded numeric literal" on mingw-64 (#1344, thanks to Lemonboy). - Unit irregex: Fix bug that prevented multibyte UTF-8 character sets from being matched correctly (Thanks to Lemonboy and Chunyang Xu). - Runtime system: - The profiler no longer uses malloc from a signal handler which may cause deadlocks (#1414, thanks to Lemonboy). - The scheduler no longer indirectly hangs on to the old thread when switching to a new one, which caused excessive memory consumption (#1367, thanks to "megane"). - C++ programs no longer fail with a symbol lookup error when compiled with debugger support (-d3 or -debug-info). - Syntax expander - Renaming an identifier twice no longer results in an undo of the rename (fixes #1362, thanks to "megane"). - Build system - Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE. - Fixed compilation on DragonflyBSD due to no feature macro support in its standard C library (thanks to Markus Pfeiffer). - Compiler - The scrutinizer no longer uses 'fixnum as the type for fixnums that might not fit into a fixnum on 32-bit architectures. - Foreign function interface - Correctly calculate memory requirements of Scheme objects produced from foreign types with "const" qualifiers, avoiding memory corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy) - Do not read beyond temporary stack buffer, which could lead to a crash when returning from a foreign callback (#1428). 4.12.0 - Security fixes - CVE-2016-6830: Fix buffer overrun due to excessively long argument or environment lists in process-execute and process-spawn (#1308). This also removes unnecessary limitations on the length of these lists (thanks to Vasilij Schneidermann). - CVE-2016-6831: Fix memory leak in process-execute and process-spawn. If, during argument and environment list processing, a list item isn't a string, an exception is thrown, in which case previously malloc()ed strings weren't freed. - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes an exponential explosion in compilation of nested "+" patterns. - Compiler: - define-constant now correctly keeps symbol values quoted. - Warnings are now emitted when using vector-{ref,set!} or one of take, drop, list-ref or list-tail with an out of range index for vectors and proper lists of a definitely known length. - The scrutinizer will no longer drop knowledge of the length of a vector. It still drops types of its contents (which may be mutated). - Fixed incorrect argvector restoration after GC in directly recursive functions (#1317). - "Direct" procedure invocations now also maintain debug info (#894). - Syntax expander - DSSSL lambda lists have improved hygiene, so they don't need the chicken or scheme modules to be imported in full (#806). - The let-optionals* macro no longer needs "quote", "car" and "cdr" to be imported and bound to their default values (#806). - Runtime system: - C_locative_ref has been deprecated in favor of C_a_i_locative_ref, which is faster because it is inlined (#1260, thanks to Kooda). - The default error handler now truncates very long condition messages (thanks to Lemonboy). - Weak symbol GC (-:w) no longer drops random symbols (#1173). - The number of arguments to procedures, both via "apply" and direct invocation, are now limited only by the C stack size (#1098). - "time" macro now shows peak memory usage (#1318, thanks to Kooda). - Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara). - Core libraries: - Irregex has been updated to 0.9.5, which fixes matching of all "bow" occurrances beyond the first with irregex-fold (upstream issue #14). - Keywords are more consistently read/written, like symbols (#1332). - SRFI-39: When jumping out of a parameterized dynamic extent, "parameterize" now remember the actual values, so when jumping back in, they are restored (fixes #1336, thanks to Joo ChurlSoo). This was a regression caused by the fix for #1227. - Tools: - "chicken-install" - When installing eggs in deploy mode with "-keep-installed", eggs under the prefix won't unnecessarily be reinstalled (#1144). - Added new option "-no-install-deps" which inhibits automatic installation of dependencies, useful with "-prefix" (#1298). To generate a diff of this commit: cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo ------------------------------------------------------------------- Module Name: pkgsrc Committed By: jperkin Date: Thu Oct 18 14:32:43 UTC 2018 Modified Files: pkgsrc/lang/chicken: Makefile Log Message: chicken: Set INSTALL_PROGRAM, fixes install on SunOS. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile
- Loading branch information