NetBSD Problem Report #52929
From root@lyrion.ch Tue Jan 16 12:47:09 2018
Return-Path: <root@lyrion.ch>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 7FE9C7A176
for <gnats-bugs@gnats.NetBSD.org>; Tue, 16 Jan 2018 12:47:09 +0000 (UTC)
Message-Id: <20180116124659.2DBE621AFE50@lyrion.ch>
Date: Tue, 16 Jan 2018 13:46:59 +0100 (CET)
From: dziltener@lyrion.ch
Reply-To: dziltener@lyrion.ch
To: gnats-bugs@NetBSD.org
Subject: package update: lang/chicken
X-Send-Pr-Version: 3.95
>Number: 52929
>Category: pkg
>Synopsis: package update: lang/chicken
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: leot
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Jan 16 12:50:00 +0000 2018
>Closed-Date: Sun Oct 14 09:09:18 +0000 2018
>Last-Modified: Sat Oct 20 16:35:00 +0000 2018
>Originator: dziltener@lyrion.ch
>Release: NetBSD 7.1
>Organization:
>Environment:
System: NetBSD lyrion.ch 7.1 NetBSD 7.1 (GENERIC.201703111743Z) amd64
Architecture: x86_64
Machine: amd64
>Description:
Bugfix release for chicken scheme.
>How-To-Repeat:
Does not apply.
>Fix:
Package patch:
diff -ENwbur /usr/pkgsrc/lang/chicken/Makefile /usr/pkgsrc/lang/chicken/Makefile
--- /usr/pkgsrc/lang/chicken/Makefile 2017-12-26 03:03:58.000000000 +0100
+++ /usr/pkgsrc/lang/chicken/Makefile 2018-01-16 13:42:50.000000000 +0100
@@ -1,6 +1,6 @@
# $NetBSD: Makefile,v 1.57 2017/01/19 18:52:13 agc Exp $
-DISTNAME= chicken-4.11.0
+DISTNAME= chicken-4.13.0
CATEGORIES= lang
MASTER_SITES= http://code.call-cc.org/releases/$(PKGVERSION_NOREV)/
MASTER_SITES+= http://code.call-cc.org/releases/$(PKGVERSION_NOREV:R)/
diff -ENwbur /usr/pkgsrc/lang/chicken/distinfo /usr/pkgsrc/lang/chicken/distinfo
--- /usr/pkgsrc/lang/chicken/distinfo 2017-12-26 03:04:01.000000000 +0100
+++ /usr/pkgsrc/lang/chicken/distinfo 2018-01-16 13:43:10.000000000 +0100
@@ -1,6 +1,6 @@
$NetBSD: distinfo,v 1.42 2016/06/08 14:44:54 asau Exp $
-SHA1 (chicken-4.11.0.tar.gz) = b8b1e8b741a5ea5b318c449c3bf8a42f8de8ba69
-RMD160 (chicken-4.11.0.tar.gz) = 3207bdd9e5b7d8f454d7612634c1da5bb3b820c7
-SHA512 (chicken-4.11.0.tar.gz) = 130d9f35ccecda3aefe4790fcb186eef321947013b681f3f978e3b666a45102ed9bc455c9452fe8b0b81c92cd571138c38365dff5bb7382ea2046a8bf3d188ad
-Size (chicken-4.11.0.tar.gz) = 4201815 bytes
+SHA1 (chicken-4.13.0.tar.gz) = ebbef7206f7f2faa3ac430a8c1e50f841d5db23e
+RMD160 (chicken-4.13.0.tar.gz) = aff50d0949bb753002c01fbe50906735f4330abf
+SHA512 (chicken-4.13.0.tar.gz) = 02c2035b4f81da6f4af2d246361ce8debdc9d9c663c3f43b7afb9abbf1ff591a2bb8fa144511b4d747a373dea4dcd9c10cac48466bf97032db76f3830c08709d
+Size (chicken-4.13.0.tar.gz) = 4244358 bytes
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->asau
Responsible-Changed-By: wiz@NetBSD.org
Responsible-Changed-When: Tue, 16 Jan 2018 13:20:42 +0000
Responsible-Changed-Why:
Over to maintainer
Responsible-Changed-From-To: asau->leot
Responsible-Changed-By: leot@NetBSD.org
Responsible-Changed-When: Sun, 14 Oct 2018 09:09:18 +0000
Responsible-Changed-Why:
I have committed proposed patch, make myself responsible for any
possible regression.
State-Changed-From-To: open->closed
State-Changed-By: leot@NetBSD.org
State-Changed-When: Sun, 14 Oct 2018 09:09:18 +0000
State-Changed-Why:
Patch committed, thank you!
From: "Leonardo Taccari" <leot@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52929 CVS commit: pkgsrc/lang/chicken
Date: Sun, 14 Oct 2018 09:07:25 +0000
Module Name: pkgsrc
Committed By: leot
Date: Sun Oct 14 09:07:25 UTC 2018
Modified Files:
pkgsrc/lang/chicken: Makefile distinfo
Log Message:
chicken: Update lang/chicken to 4.13.0
Patch provided by dziltener via PR pkg/52929, thanks!
Changes:
4.13.0
- Security fixes
- CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
when allocating in non-GC memory, resulting in potential 1-word
buffer overrun and/or segfault (thanks to Lemonboy).
- CVE-2017-9334: `length' no longer crashes on improper lists (fixes
#1375, thanks to "megane").
- CVE-2017-11343: The randomization factor of the symbol table was
set before the random seed was set, causing it to have a fixed value
on many platforms.
- Core Libraries
- Unit "posix": If file-lock, file-lock/blocking or file-unlock are
interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
- char-ready? on string ports now also returns #t at EOF, as per R5RS;
in other words, it always returns #t (thanks to Moritz Heidkamp)
- Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
on s8vectors (thanks to Kristian Lein-Mathisen).
- Large literals no longer crash with "invalid encoded numeric literal"
on mingw-64 (#1344, thanks to Lemonboy).
- Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
from being matched correctly (Thanks to Lemonboy and Chunyang Xu).
- Runtime system:
- The profiler no longer uses malloc from a signal handler which may
cause deadlocks (#1414, thanks to Lemonboy).
- The scheduler no longer indirectly hangs on to the old thread
when switching to a new one, which caused excessive memory
consumption (#1367, thanks to "megane").
- C++ programs no longer fail with a symbol lookup error when
compiled with debugger support (-d3 or -debug-info).
- Syntax expander
- Renaming an identifier twice no longer results in an undo of the
rename (fixes #1362, thanks to "megane").
- Build system
- Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
- Fixed compilation on DragonflyBSD due to no feature macro support
in its standard C library (thanks to Markus Pfeiffer).
- Compiler
- The scrutinizer no longer uses 'fixnum as the type for fixnums
that might not fit into a fixnum on 32-bit architectures.
- Foreign function interface
- Correctly calculate memory requirements of Scheme objects produced
from foreign types with "const" qualifiers, avoiding memory
corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
- Do not read beyond temporary stack buffer, which could lead to
a crash when returning from a foreign callback (#1428).
4.12.0
- Security fixes
- CVE-2016-6830: Fix buffer overrun due to excessively long argument
or environment lists in process-execute and process-spawn (#1308).
This also removes unnecessary limitations on the length of
these lists (thanks to Vasilij Schneidermann).
- CVE-2016-6831: Fix memory leak in process-execute and
process-spawn. If, during argument and environment list
processing, a list item isn't a string, an exception is thrown,
in which case previously malloc()ed strings weren't freed.
- CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
an exponential explosion in compilation of nested "+" patterns.
- Compiler:
- define-constant now correctly keeps symbol values quoted.
- Warnings are now emitted when using vector-{ref,set!} or one
of take, drop, list-ref or list-tail with an out of range index
for vectors and proper lists of a definitely known length.
- The scrutinizer will no longer drop knowledge of the length of a
vector. It still drops types of its contents (which may be mutated).
- Fixed incorrect argvector restoration after GC in directly
recursive functions (#1317).
- "Direct" procedure invocations now also maintain debug info (#894).
- Syntax expander
- DSSSL lambda lists have improved hygiene, so they don't need
the chicken or scheme modules to be imported in full (#806).
- The let-optionals* macro no longer needs "quote", "car" and "cdr"
to be imported and bound to their default values (#806).
- Runtime system:
- C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
which is faster because it is inlined (#1260, thanks to Kooda).
- The default error handler now truncates very long condition
messages (thanks to Lemonboy).
- Weak symbol GC (-:w) no longer drops random symbols (#1173).
- The number of arguments to procedures, both via "apply" and direct
invocation, are now limited only by the C stack size (#1098).
- "time" macro now shows peak memory usage (#1318, thanks to Kooda).
- Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).
- Core libraries:
- Irregex has been updated to 0.9.5, which fixes matching of all "bow"
occurrances beyond the first with irregex-fold (upstream issue #14).
- Keywords are more consistently read/written, like symbols (#1332).
- SRFI-39: When jumping out of a parameterized dynamic extent,
"parameterize" now remember the actual values, so when jumping back
in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
This was a regression caused by the fix for #1227.
- Tools:
- "chicken-install"
- When installing eggs in deploy mode with "-keep-installed", eggs
under the prefix won't unnecessarily be reinstalled (#1144).
- Added new option "-no-install-deps" which inhibits automatic
installation of dependencies, useful with "-prefix" (#1298).
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "S.P.Zeidler" <spz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52929 CVS commit: [pkgsrc-2018Q3] pkgsrc/lang/chicken
Date: Sat, 20 Oct 2018 16:31:01 +0000
Module Name: pkgsrc
Committed By: spz
Date: Sat Oct 20 16:31:01 UTC 2018
Modified Files:
pkgsrc/lang/chicken [pkgsrc-2018Q3]: Makefile distinfo
Log Message:
Pullup ticket #5850 - requested by bsiegert
lang/chicken: security update
Revisions pulled up:
- lang/chicken/Makefile 1.59-1.60
- lang/chicken/distinfo 1.43
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: leot
Date: Sun Oct 14 09:07:25 UTC 2018
Modified Files:
pkgsrc/lang/chicken: Makefile distinfo
Log Message:
chicken: Update lang/chicken to 4.13.0
Patch provided by dziltener via PR pkg/52929, thanks!
Changes:
4.13.0
- Security fixes
- CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
when allocating in non-GC memory, resulting in potential 1-word
buffer overrun and/or segfault (thanks to Lemonboy).
- CVE-2017-9334: `length' no longer crashes on improper lists (fixes
#1375, thanks to "megane").
- CVE-2017-11343: The randomization factor of the symbol table was
set before the random seed was set, causing it to have a fixed value
on many platforms.
- Core Libraries
- Unit "posix": If file-lock, file-lock/blocking or file-unlock are
interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
- char-ready? on string ports now also returns #t at EOF, as per R5RS;
in other words, it always returns #t (thanks to Moritz Heidkamp)
- Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
on s8vectors (thanks to Kristian Lein-Mathisen).
- Large literals no longer crash with "invalid encoded numeric literal"
on mingw-64 (#1344, thanks to Lemonboy).
- Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
from being matched correctly (Thanks to Lemonboy and Chunyang Xu).
- Runtime system:
- The profiler no longer uses malloc from a signal handler which may
cause deadlocks (#1414, thanks to Lemonboy).
- The scheduler no longer indirectly hangs on to the old thread
when switching to a new one, which caused excessive memory
consumption (#1367, thanks to "megane").
- C++ programs no longer fail with a symbol lookup error when
compiled with debugger support (-d3 or -debug-info).
- Syntax expander
- Renaming an identifier twice no longer results in an undo of the
rename (fixes #1362, thanks to "megane").
- Build system
- Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
- Fixed compilation on DragonflyBSD due to no feature macro support
in its standard C library (thanks to Markus Pfeiffer).
- Compiler
- The scrutinizer no longer uses 'fixnum as the type for fixnums
that might not fit into a fixnum on 32-bit architectures.
- Foreign function interface
- Correctly calculate memory requirements of Scheme objects produced
from foreign types with "const" qualifiers, avoiding memory
corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
- Do not read beyond temporary stack buffer, which could lead to
a crash when returning from a foreign callback (#1428).
4.12.0
- Security fixes
- CVE-2016-6830: Fix buffer overrun due to excessively long argument
or environment lists in process-execute and process-spawn (#1308).
This also removes unnecessary limitations on the length of
these lists (thanks to Vasilij Schneidermann).
- CVE-2016-6831: Fix memory leak in process-execute and
process-spawn. If, during argument and environment list
processing, a list item isn't a string, an exception is thrown,
in which case previously malloc()ed strings weren't freed.
- CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
an exponential explosion in compilation of nested "+" patterns.
- Compiler:
- define-constant now correctly keeps symbol values quoted.
- Warnings are now emitted when using vector-{ref,set!} or one
of take, drop, list-ref or list-tail with an out of range index
for vectors and proper lists of a definitely known length.
- The scrutinizer will no longer drop knowledge of the length of a
vector. It still drops types of its contents (which may be mutated).
- Fixed incorrect argvector restoration after GC in directly
recursive functions (#1317).
- "Direct" procedure invocations now also maintain debug info (#894).
- Syntax expander
- DSSSL lambda lists have improved hygiene, so they don't need
the chicken or scheme modules to be imported in full (#806).
- The let-optionals* macro no longer needs "quote", "car" and "cdr"
to be imported and bound to their default values (#806).
- Runtime system:
- C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
which is faster because it is inlined (#1260, thanks to Kooda).
- The default error handler now truncates very long condition
messages (thanks to Lemonboy).
- Weak symbol GC (-:w) no longer drops random symbols (#1173).
- The number of arguments to procedures, both via "apply" and direct
invocation, are now limited only by the C stack size (#1098).
- "time" macro now shows peak memory usage (#1318, thanks to Kooda).
- Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).
- Core libraries:
- Irregex has been updated to 0.9.5, which fixes matching of all "bow"
occurrances beyond the first with irregex-fold (upstream issue #14).
- Keywords are more consistently read/written, like symbols (#1332).
- SRFI-39: When jumping out of a parameterized dynamic extent,
"parameterize" now remember the actual values, so when jumping back
in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
This was a regression caused by the fix for #1227.
- Tools:
- "chicken-install"
- When installing eggs in deploy mode with "-keep-installed", eggs
under the prefix won't unnecessarily be reinstalled (#1144).
- Added new option "-no-install-deps" which inhibits automatic
installation of dependencies, useful with "-prefix" (#1298).
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: jperkin
Date: Thu Oct 18 14:32:43 UTC 2018
Modified Files:
pkgsrc/lang/chicken: Makefile
Log Message:
chicken: Set INSTALL_PROGRAM, fixes install on SunOS.
To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile
To generate a diff of this commit:
cvs rdiff -u -r1.58 -r1.58.6.1 pkgsrc/lang/chicken/Makefile
cvs rdiff -u -r1.42 -r1.42.22.1 pkgsrc/lang/chicken/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.