Permalink
Commits on Oct 12, 2016
  1. build: Compress with lzip too.

    civodul committed Oct 12, 2016
    * configure.ac: Add 'dist-lzip' Automake option.
  2. build: Check for /gnu/store file names upon "make dist".

    civodul committed Oct 12, 2016
    * Makefile.am (assert-no-store-file-names): New rule, taken from Guix.
    (dist-hook): Depend on it.
  3. Bump version number to 2.0.13.

    civodul committed Oct 12, 2016
    * GUILE-VERSION (GUILE_MICRO_VERSION): Increment.
    (LIBGUILE_INTERFACE_REVISION): Increment.
  4. Update 'NEWS'.

    civodul committed Oct 12, 2016
  5. build: Avoid use of Bash's $(...) construct in 'configure'.

    civodul committed Oct 12, 2016
    This is a followup to be8be77.
    
    * acinclude.m4 (GUILE_CHECK_GUILE_FOR_BUILD): Use backquotes instead of
    $(...).
  6. tests: Add REPL server test for CVE-2016-8606.

    civodul committed Oct 12, 2016
    This is a followup to 08c0219.
    
    * test-suite/tests/00-repl-server.test: New file.
    * test-suite/Makefile.am (SCM_TESTS): Add it.
Commits on Oct 11, 2016
  1. REPL Server: Guard against HTTP inter-protocol exploitation attacks.

    Mark H Weaver authored and civodul committed Sep 9, 2016
    Reported by Christopher Allan Webber <cwebber@dustycloud.org>
    Co-authored-by: Ludovic Courtès <ludo@gnu.org>
    
    This commit adds protection to Guile's REPL servers against HTTP
    inter-protocol exploitation attacks, a scenario whereby an attacker can,
    via an HTML page, cause a web browser to send data to TCP servers
    listening on a loopback interface or private network.  See
    <https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
    <https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
    Attack (2001) by Tochen Topf <jochen@remote.org>.
    
    Here we add a procedure to 'before-read-hook' that looks for a possible
    HTTP request-line in the first line of input from the client socket.  If
    present, the socket is drained and closed, and a loud warning is written
    to stderr (POSIX file descriptor 2).
    
    * module/system/repl/server.scm: Add 'maybe-check-for-http-request'
    to 'before-read-hook' when this module is loaded.
    (with-temporary-port-encoding, with-saved-port-line+column)
    (drain-input-and-close, permissive-http-request-line?)
    (check-for-http-request, guard-against-http-request)
    (maybe-check-for-http-request): New procedures.
    (serve-client): Use 'guard-against-http-request'.
    * module/system/repl/coop-server.scm (start-repl-client): Use
    'guard-against-http-request'.
    * doc/ref/guile-invoke.texi (Command-line Options): In the description
    of the --listen option, make the security warning more prominent.
    Mention the new protection added here.  Recommend using UNIX domain
    sockets for REPL servers.  "a path to" => "the file name of".
  2. tests: Use the "normalized codeset" in locale names.

    civodul committed Oct 11, 2016
    * test-suite/tests/i18n.test (%french-locale-name)
    (%french-utf8-locale-name, %turkish-utf8-locale-name)
    (%german-utf8-locale-name, %greek-utf8-locale-name): Use the normalized
    codeset for ISO-8859-1 and UTF-8.
  3. Treat 'SIG_IGN' as a pointer.

    civodul committed Oct 11, 2016
    * libguile/posix.c (scm_system_star): Cast 'SIG_IGN' to
    'scm_t_uintptr_t' and use 'scm_from_uintptr_t'.  This fixes an
    'int-conversion' warning with GCC 6.2.
  4. Add 'scm_to_uintptr_t' and 'scm_from_uintptr_t'.

    civodul committed Oct 11, 2016
    * libguile/numbers.h (scm_to_uintptr_t, scm_from_uintptr_t): New
    macros.
    * doc/ref/api-data.texi (Integers): Document them.
    * NEWS: Mention it.
  5. Remove 'umask' calls from 'mkdir'.

    civodul committed Oct 11, 2016
    Fixes <http://bugs.gnu.org/24659>.
    
    * libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
    unbound; instead, use 0777 as the mode.  Update docstring to clarify
    this.
    * doc/ref/posix.texi (File System): Adjust accordingly.
    * NEWS: Mention it.
Commits on Sep 9, 2016
  1. Check for closed port in 'port-encoding' and 'set-port-encoding!'.

    Mark H Weaver
    Mark H Weaver committed Sep 9, 2016
    * libguile/ports.c (scm_port_encoding, scm_set_port_encoding_x): Use
    SCM_VALIDATE_OPPORT.
  2. http: Do not use 'eq?' to compare characters in parse-request-uri.

    Mark H Weaver
    Mark H Weaver committed Sep 9, 2016
    * module/web/http.scm (parse-request-uri): Use 'eqv?' to compare
    characters.
Commits on Aug 31, 2016
  1. Move system* to posix.c, impl on open-process

    wingo committed Aug 31, 2016
    * libguile/simpos.c: Trim includes.
      (scm_system_star): Move to posix.c.
    * libguile/simpos.h (scm_system_star): Remove.
    * libguile/posix.h (scm_system_star): Add.
    * libguile/posix.c (scm_system_star): Move here and implement in terms
      of open-process.  This lets system* work on Windows.  Inspired by a
      patch by Eli Zaretskii.
      (start_child): Exit with 127 if the command isn't found.
Commits on Aug 11, 2016
  1. build: .x and .doc files depend on generated includes.

    Mark H Weaver
    Mark H Weaver committed Aug 11, 2016
    Fixes <https://bugs.gentoo.org/show_bug.cgi?id=590528>.
    
    * libguile/Makefile.am (BUILT_INCLUDES): New variable.
    (BUILT_SOURCES): Put .i and other generated .h to BUILT_INCLUDES.
    (DOT_X_FILES, EXTRA_DOT_X_FILES, DOT_DOC_FILES, EXTRA_DOT_DOC_FILES):
    Depend on $(BUILT_INCLUDES), in place of scmconfig.h which is included
    in $(BUILT_INCLUDES).
  2. Revert "Snarfing .x depends on built headers"

    Mark H Weaver
    Mark H Weaver committed Aug 11, 2016
    This reverts commit edd6d6e.
    
    As reported at <https://bugs.gentoo.org/show_bug.cgi?id=590528#c10>,
    that commit failed to fix the bug.
    
    That commit was based on the mistaken belief that the make rule syntax
    ".c.x: $(BUILT_INCLUDES)" means the same as ".c.x:" but with the added
    prerequisites "$(BUILT_INCLUDES)".  However, as explained in section
    10.7 (Old-Fashioned Suffix Rules) of the GNU Make manual:
    
          Suffix rules cannot have any prerequisites of their own.  If they
       have any, they are treated as normal files with funny names, not as
       suffix rules.  Thus, the rule:
    
            .c.o: foo.h
                    $(CC) -c $(CFLAGS) $(CPPFLAGS) -o $@ $<
    
       tells how to make the file '.c.o' from the prerequisite file 'foo.h',
       and is not at all like the pattern rule:
    
            %.o: %.c foo.h
                    $(CC) -c $(CFLAGS) $(CPPFLAGS) -o $@ $<
    
       which tells how to make '.o' files from '.c' files, and makes all
       '.o' files using this pattern rule also depend on 'foo.h'.
Commits on Aug 8, 2016
  1. Recognize alpha as compilation target

    jrtc27 authored and wingo committed Aug 7, 2016
    * module/system/base/target.scm (cpu-endianness): Add case for "alpha".
    (triplet-pointer-size): Likewise.
  2. Fix typo about variable definitions

    sirgazil authored and wingo committed Aug 7, 2016
    * doc/ref/api-binding.texi (Top Level Variable Definitions): Fix typo.
  3. Documentation fixes

    Ethan Stefan Day authored and wingo committed Aug 7, 2016
    * doc/ref/api-compound.texi:
    * doc/ref/api-control.texi:
    * doc/ref/api-data.texi: Fix typos and clarify.
Commits on Aug 7, 2016
  1. Let assv/assoc shortcircuit to assq where feasible

    David Kastrup authored and wingo committed Feb 11, 2016
    * libguile/alist.c (scm_sloppy_assv, scm_sloppy_assoc):
      (scm_assv, scm_assoc): Shortcircuit to scm_assq where feasible.
  2. Fix iconv encoding of long strings

    wingo committed Aug 7, 2016
    * libguile/print.c (display_string_using_iconv): If the encoding the
      full utf8 buffer would overflow the output buffer, just keep trucking
      instead of erroring.  Fixes #22667.
    * test-suite/tests/iconv.test ("round-trip"): Add some tests.
  3. Recognize nios2 as compilation target

    Marek Vasut authored and wingo committed Jan 28, 2016
    Add support for the nios2 architecture.
    
    Signed-off-by: Marek Vasut <marex@denx.de>
  4. Capture full path to GUILE_FOR_BUILD.

    wingo committed Aug 7, 2016
    * acinclude.m4: Capture full path to GUILE_FOR_BUILD.  Fixes #22342.
  5. Fix grammar in api-compound.texi

    clheim3 authored and wingo committed Aug 7, 2016
    * doc/ref/api-compound.texi: Fix grammar.
  6. Fix typo about pattern variables

    sirgazil authored and wingo committed Aug 6, 2016
    * doc/ref/sxml-match.texi (Matching XML Elements): Fix typo.
  7. Manual recommends against SRFI-10

    wingo committed Aug 7, 2016
    * doc/ref/srfi-modules.texi (SRFI-10): Deprecate, or at least recommend
      against.
  8. Snarfing .x depends on built headers

    wingo committed Aug 7, 2016
    * libguile/Makefile.am (BUILT_INCLUDES): New variable.
      (BUILT_SOURCES): Put .i and other generated .h to BUILT_INCLUDES.
      (.c.x, .c.doc): Depend on BUILT_INCLUDES.  Fixes
      https://bugs.gentoo.org/show_bug.cgi?id=590528.
Commits on Aug 4, 2016
  1. texinfo: Remove unnecessary (oop goops) dependency.

    civodul committed Aug 4, 2016
    * module/texinfo/string-utils.scm: Remove #:use-module (oop goops).
Commits on Jul 24, 2016
  1. Avoid compilation warnings about alloca in read.c

    Eli-Zaretskii committed Jul 24, 2016
    * libguile/read.c: Include alloca.h.
  2. Fix --without-threads against threaded BDW-GC

    wingo committed Jul 24, 2016
    * libguile/gc.c (scm_storage_prehistory): Prevent BDW-GC from spawning
      marker threads if Guile was built without threading support.
  3. Reimplement null-threads as inline functions

    wingo committed Jul 24, 2016
    * libguile/null-threads.h: Reimplement null-threads stubs for pthread
      data types, initializers, and functions in terms of types and inline
      functions instead of CPP macros.  Fixes unused-value warnings, and
      tightens things up in general.
      (scm_i_pthread_cleanup_push, scm_i_pthread_cleanup_pop): Remove these,
      as they were unused and incorrect -- they would never run the cleanup
      handler even if 1 was passed to pop.
Commits on Jul 23, 2016
  1. Use non-deprecated HAVE_STRUCT_TM_TM_ZONE

    wingo committed Jul 23, 2016
    * libguile/stime.c: Change uses of the deprecated HAVE_TM_ZONE to the
      new HAVE_STRUCT_TM_TM_ZONE.
  2. Use gnulib for basename / dirname

    wingo committed Jul 17, 2016
    * libguile/filesys.c (scm_dirname, scm_basename): Rewrite to use
      gnulib's dirname-lgpl.
  3. Gnulib: Add dirname-lgpl.

    wingo committed Jul 16, 2016
    * lib/Makefile.am:
    * m4/gnulib-cache.m4:
    * m4/gnulib-comp.m4: Add dirname-lgpl.
Commits on Jul 22, 2016
  1. doc: Add unquote and unquote-splicing examples.

    civodul committed Jul 22, 2016
    Suggested by Vincent Legoll <vincent.legoll@gmail.com>.
    
    * doc/ref/api-evaluation.texi (Expression Syntax): Add an unquote and an
    unquote-splicing example.