Subject: CVS commit: pkgsrc/lang/chicken
From: Leonardo Taccari
Date: 2018-10-14 11:07:25
Message id:

Log Message:
chicken: Update lang/chicken to 4.13.0

Patch provided by dziltener via PR pkg/52929, thanks!


- Security fixes
  - CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
    when allocating in non-GC memory, resulting in potential 1-word
    buffer overrun and/or segfault (thanks to Lemonboy).
  - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
    #1375, thanks to "megane").
  - CVE-2017-11343: The randomization factor of the symbol table was
    set before the random seed was set, causing it to have a fixed value
    on many platforms.

- Core Libraries
  - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
    interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
  - char-ready? on string ports now also returns #t at EOF, as per R5RS;
    in other words, it always returns #t (thanks to Moritz Heidkamp)
  - Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
    on s8vectors (thanks to Kristian Lein-Mathisen).
  - Large literals no longer crash with "invalid encoded numeric literal"
    on mingw-64 (#1344, thanks to Lemonboy).
  - Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
    from being matched correctly (Thanks to Lemonboy and Chunyang Xu).

- Runtime system:
  - The profiler no longer uses malloc from a signal handler which may
    cause deadlocks (#1414, thanks to Lemonboy).
  - The scheduler no longer indirectly hangs on to the old thread
    when switching to a new one, which caused excessive memory
    consumption (#1367, thanks to "megane").
  - C++ programs no longer fail with a symbol lookup error when
    compiled with debugger support (-d3 or -debug-info).

- Syntax expander
  - Renaming an identifier twice no longer results in an undo of the
    rename (fixes #1362, thanks to "megane").

- Build system
  - Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
  - Fixed compilation on DragonflyBSD due to no feature macro support
    in its standard C library (thanks to Markus Pfeiffer).

- Compiler
  - The scrutinizer no longer uses 'fixnum as the type for fixnums
    that might not fit into a fixnum on 32-bit architectures.

- Foreign function interface
  - Correctly calculate memory requirements of Scheme objects produced
    from foreign types with "const" qualifiers, avoiding memory
    corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
  - Do not read beyond temporary stack buffer, which could lead to
    a crash when returning from a foreign callback (#1428).


- Security fixes
  - CVE-2016-6830: Fix buffer overrun due to excessively long argument
    or environment lists in process-execute and process-spawn (#1308).
    This also removes unnecessary limitations on the length of
    these lists (thanks to Vasilij Schneidermann).
  - CVE-2016-6831: Fix memory leak in process-execute and
    process-spawn.  If, during argument and environment list
    processing, a list item isn't a string, an exception is thrown,
    in which case previously malloc()ed strings weren't freed.
  - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
    an exponential explosion in compilation of nested "+" patterns.

- Compiler:
  - define-constant now correctly keeps symbol values quoted.
  - Warnings are now emitted when using vector-{ref,set!} or one
    of take, drop, list-ref or list-tail with an out of range index
    for vectors and proper lists of a definitely known length.
  - The scrutinizer will no longer drop knowledge of the length of a
    vector.  It still drops types of its contents (which may be mutated).
  - Fixed incorrect argvector restoration after GC in directly
    recursive functions (#1317).
  - "Direct" procedure invocations now also maintain debug info (#894).

- Syntax expander
  - DSSSL lambda lists have improved hygiene, so they don't need
    the chicken or scheme modules to be imported in full (#806).
  - The let-optionals* macro no longer needs "quote", "car" \ 
and "cdr"
    to be imported and bound to their default values (#806).

- Runtime system:
  - C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
    which is faster because it is inlined (#1260, thanks to Kooda).
  - The default error handler now truncates very long condition
    messages (thanks to Lemonboy).
  - Weak symbol GC (-:w) no longer drops random symbols (#1173).
  - The number of arguments to procedures, both via "apply" and direct
    invocation, are now limited only by the C stack size (#1098).
  - "time" macro now shows peak memory usage (#1318, thanks to Kooda).
  - Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).

- Core libraries:
  - Irregex has been updated to 0.9.5, which fixes matching of all "bow"
    occurrances beyond the first with irregex-fold (upstream issue #14).
  - Keywords are more consistently read/written, like symbols (#1332).
  - SRFI-39: When jumping out of a parameterized dynamic extent,
    "parameterize" now remember the actual values, so when jumping back
    in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
    This was a regression caused by the fix for #1227.

- Tools:
  - "chicken-install"
    - When installing eggs in deploy mode with "-keep-installed", eggs
      under the prefix won't unnecessarily be reinstalled (#1144).
    - Added new option "-no-install-deps" which inhibits automatic
      installation of dependencies, useful with "-prefix" (#1298).