PR/52929 CVS commit: [pkgsrc-2018Q3] pkgsrc/lang/chicken

["S.P.Zeidler" <spz%netbsd.org@localhost>]

The following reply was made to PR pkg/52929; it has been noted by GNATS.

From: "S.P.Zeidler" <spz%netbsd.org@localhost>
To: gnats-bugs%gnats.NetBSD.org@localhost
Cc: 
Subject: PR/52929 CVS commit: [pkgsrc-2018Q3] pkgsrc/lang/chicken
Date: Sat, 20 Oct 2018 16:31:01 +0000

 Module Name:	pkgsrc
 Committed By:	spz
 Date:		Sat Oct 20 16:31:01 UTC 2018
 
 Modified Files:
 	pkgsrc/lang/chicken [pkgsrc-2018Q3]: Makefile distinfo
 
 Log Message:
 Pullup ticket #5850 - requested by bsiegert
 lang/chicken: security update
 
 Revisions pulled up:
 - lang/chicken/Makefile                                         1.59-1.60
 - lang/chicken/distinfo                                         1.43
 
 -------------------------------------------------------------------
    Module Name:    pkgsrc
    Committed By:   leot
    Date:           Sun Oct 14 09:07:25 UTC 2018
 
    Modified Files:
            pkgsrc/lang/chicken: Makefile distinfo
 
    Log Message:
    chicken: Update lang/chicken to 4.13.0
 
    Patch provided by dziltener via PR pkg/52929, thanks!
 
    Changes:
    4.13.0
 
    - Security fixes
      - CVE-2017-6949: Remove unchecked malloc() call in SRFI-4 constructors
        when allocating in non-GC memory, resulting in potential 1-word
        buffer overrun and/or segfault (thanks to Lemonboy).
      - CVE-2017-9334: `length' no longer crashes on improper lists (fixes
        #1375, thanks to "megane").
      - CVE-2017-11343: The randomization factor of the symbol table was
        set before the random seed was set, causing it to have a fixed value
        on many platforms.
 
    - Core Libraries
      - Unit "posix": If file-lock, file-lock/blocking or file-unlock are
        interrupted by a signal, we now retry (thanks to Joerg Wittenberger).
      - char-ready? on string ports now also returns #t at EOF, as per R5RS;
        in other words, it always returns #t (thanks to Moritz Heidkamp)
      - Unit srfi-4: Fixed typo that broke SRFI-17 generalised set! syntax
        on s8vectors (thanks to Kristian Lein-Mathisen).
      - Large literals no longer crash with "invalid encoded numeric literal"
        on mingw-64 (#1344, thanks to Lemonboy).
      - Unit irregex: Fix bug that prevented multibyte UTF-8 character sets
        from being matched correctly (Thanks to Lemonboy and Chunyang Xu).
 
    - Runtime system:
      - The profiler no longer uses malloc from a signal handler which may
        cause deadlocks (#1414, thanks to Lemonboy).
      - The scheduler no longer indirectly hangs on to the old thread
        when switching to a new one, which caused excessive memory
        consumption (#1367, thanks to "megane").
      - C++ programs no longer fail with a symbol lookup error when
        compiled with debugger support (-d3 or -debug-info).
 
    - Syntax expander
      - Renaming an identifier twice no longer results in an undo of the
        rename (fixes #1362, thanks to "megane").
 
    - Build system
      - Fixed broken compilation on NetBSD, due to missing _NETBSD_SOURCE.
      - Fixed compilation on DragonflyBSD due to no feature macro support
        in its standard C library (thanks to Markus Pfeiffer).
 
    - Compiler
      - The scrutinizer no longer uses 'fixnum as the type for fixnums
        that might not fit into a fixnum on 32-bit architectures.
 
    - Foreign function interface
      - Correctly calculate memory requirements of Scheme objects produced
        from foreign types with "const" qualifiers, avoiding memory
        corruption (#1424, thanks to Vasilij Schneidermann and Lemonboy)
      - Do not read beyond temporary stack buffer, which could lead to
        a crash when returning from a foreign callback (#1428).
 
    4.12.0
 
    - Security fixes
      - CVE-2016-6830: Fix buffer overrun due to excessively long argument
        or environment lists in process-execute and process-spawn (#1308).
        This also removes unnecessary limitations on the length of
        these lists (thanks to Vasilij Schneidermann).
      - CVE-2016-6831: Fix memory leak in process-execute and
        process-spawn.  If, during argument and environment list
        processing, a list item isn't a string, an exception is thrown,
        in which case previously malloc()ed strings weren't freed.
      - CVE-2016-9954: Irregex has been updated to 0.9.6, which fixes
        an exponential explosion in compilation of nested "+" patterns.
 
    - Compiler:
      - define-constant now correctly keeps symbol values quoted.
      - Warnings are now emitted when using vector-{ref,set!} or one
        of take, drop, list-ref or list-tail with an out of range index
        for vectors and proper lists of a definitely known length.
      - The scrutinizer will no longer drop knowledge of the length of a
        vector.  It still drops types of its contents (which may be mutated).
      - Fixed incorrect argvector restoration after GC in directly
        recursive functions (#1317).
      - "Direct" procedure invocations now also maintain debug info (#894).
 
    - Syntax expander
      - DSSSL lambda lists have improved hygiene, so they don't need
        the chicken or scheme modules to be imported in full (#806).
      - The let-optionals* macro no longer needs "quote", "car" and "cdr"
        to be imported and bound to their default values (#806).
 
    - Runtime system:
      - C_locative_ref has been deprecated in favor of C_a_i_locative_ref,
        which is faster because it is inlined (#1260, thanks to Kooda).
      - The default error handler now truncates very long condition
        messages (thanks to Lemonboy).
      - Weak symbol GC (-:w) no longer drops random symbols (#1173).
      - The number of arguments to procedures, both via "apply" and direct
        invocation, are now limited only by the C stack size (#1098).
      - "time" macro now shows peak memory usage (#1318, thanks to Kooda).
      - Avoid crashes in ffi callbacks after GC (#1337, thanks to cosarara).
 
    - Core libraries:
      - Irregex has been updated to 0.9.5, which fixes matching of all "bow"
        occurrances beyond the first with irregex-fold (upstream issue #14).
      - Keywords are more consistently read/written, like symbols (#1332).
      - SRFI-39: When jumping out of a parameterized dynamic extent,
        "parameterize" now remember the actual values, so when jumping back
        in, they are restored (fixes #1336, thanks to Joo ChurlSoo).
        This was a regression caused by the fix for #1227.
 
    - Tools:
      - "chicken-install"
        - When installing eggs in deploy mode with "-keep-installed", eggs
          under the prefix won't unnecessarily be reinstalled (#1144).
        - Added new option "-no-install-deps" which inhibits automatic
          installation of dependencies, useful with "-prefix" (#1298).
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.58 -r1.59 pkgsrc/lang/chicken/Makefile
    cvs rdiff -u -r1.42 -r1.43 pkgsrc/lang/chicken/distinfo
 
 -------------------------------------------------------------------
    Module Name:    pkgsrc
    Committed By:   jperkin
    Date:           Thu Oct 18 14:32:43 UTC 2018
 
    Modified Files:
            pkgsrc/lang/chicken: Makefile
 
    Log Message:
    chicken: Set INSTALL_PROGRAM, fixes install on SunOS.
 
    To generate a diff of this commit:
    cvs rdiff -u -r1.59 -r1.60 pkgsrc/lang/chicken/Makefile
 
 
 To generate a diff of this commit:
 cvs rdiff -u -r1.58 -r1.58.6.1 pkgsrc/lang/chicken/Makefile
 cvs rdiff -u -r1.42 -r1.42.22.1 pkgsrc/lang/chicken/distinfo
 
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.