head	1.2;
access;
symbols
	pkgsrc-2024Q2:1.1.0.10
	pkgsrc-2024Q2-base:1.1
	pkgsrc-2024Q1:1.1.0.8
	pkgsrc-2024Q1-base:1.1
	pkgsrc-2023Q4:1.1.0.6
	pkgsrc-2023Q4-base:1.1
	pkgsrc-2023Q3:1.1.0.4
	pkgsrc-2023Q3-base:1.1
	pkgsrc-2023Q2:1.1.0.2
	pkgsrc-2023Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2024.07.29.17.46.37;	author ktnb;	state dead;
branches;
next	1.1;
commitid	8Z913KokqBgrbLjF;

1.1
date	2023.04.26.18.09.54;	author nikita;	state Exp;
branches;
next	;
commitid	mz97wmPutxuR5EmE;


desc
@@


1.2
log
@chicken5-boot: update to 5.4.0

Packaging Changes:
- removed patch-egg-compile.scm since upstream has fixed this.

Upstream Updates:
- Security fixes
  - CVE-2022-45145: Neutralize possible escape characters in egg metadata
    to avoid arbitrary OS command injection during egg installation,
    reported by Vasilij Schneidermann who also provided the necessary
    patches to mitigate this problem.
  - The runtime option "-:b" has been removed, as it was deemed too
    insecure to be able to drop to a REPL from the CLI of any program.
  - Runtime option processing has been hardened: processing now stops on
    the first non-runtime option or after "-:", whichever comes first.

- Core libraries
  - Fix type declarations for `file-select` (reported by Anton Idukov).
  - Change `create-temporary-{file,directory}` fallback code on Windows to
    use %USERPROFILE%/AppData/Local/Temp if that environment variable is set.
  - Added new thread-safe API for POSIX signals ("make-signal-handler",
    "signal-ignore" and "signal-default") and deprecated the existing one.
  - Added "make-finalizer" to execute finalizers in a thread-safe
    manner.
  - Added weak pairs to (chicken base), with similar behaviour to Chez Scheme.
  - Added "locative-index", kindly contributed by John Croisant.
  - Added "fp*+" (fused multiply-add) to "chicken.flonum" module
    (suggested by Christian Himpe).
  - Added flonum-specific hyperbolic functions and their inverse to
    "chicken.flonum" module (suggested by Christian Himpe).
  - The `process-execute` procedure now sets argv[0] to the unmodified
    filename. Previously, the directory part would be stripped.
  - Added support for embedded strings and characters in SRFI-4 vector
    literals.
  - read-with-source-info is now documented and officially supported,
    from the (chicken syntax) module.  read/source-info is still exported
    from the undocumented internal (chicken compiler support) module, but
    using it from there is deprecated.
  - Added "export/rename" to (chicken module) for renaming identifiers on
    export.
  - The values of the TMPDIR, TMP and TEMP environment variables are no
    longer memoized (fixes #1830).
  - Condition objects produced by procedures that change errno now have
    an `errno' property.
  - Deprecated "chicken-home" and added "include-path" in the
    chicken.platform module.
  - Irregex has been updated to upstream 0.9.11 plus an additional fix
    for sre->string.  The 0.9.11 release fixes a few problems related to
    utf-8 handling (which should not affect CHICKEN) and expands the
    definition for the 'whitespace character set to include vertical tab,
    carriage return and form feed.

- Tools
  - Fix scripts generated by `chicken-install` on Windows to not quote `>>`
    when echoing into files which would result in empty egg-info files
    (reported and fixed by Jani Hakala).
  - The -R option for csi and csc now accepts list-notation like
    e.g. (srfi 1).  Fixes #1809, reported by Wolfgang Corcoran-Mathe.
  - Fix shell quotation in options passed from csc to other tools.
    Fixes #1302, reported by Xin Wang.
  - The -prelude and -postlude options for csc work properly again.
  - chicken-install now retrieves the latest egg version when
    instructed to install an egg that's already installed (#1802).
  - When `location' is specified in setup.defaults, chicken-install
    will consider two location layouts when looking for eggs:
    <location>/<egg> and <location>/<egg>/<version>.
  - chicken-install: Fix #1684 (programs that specify
    component-dependencies should build-depend on their import
    libraries).
  - chicken-install now caches eggs installed from local locations.
  - chicken-install now accepts the -location command line option
    (short: -l) to specify local directories where to get egg sources
    from.
  - chicken-install now gives a warning on unexpected properties (#1492).
  - chicken-install now uses a directory specific for cache metadata
    (VERSION, STATUS and TIMESTAMP files) to avoid collisions with source
    files on case-insensitive file systems like on MacOS (#1753, reported
    by Kon Lovett).

- Syntax expander
  - When passing a module as an environment to eval, correctly resolve
    identifiers in macro expansions (#1295 reported by Caolan McMahon).
  - Internal definitions honor rebindings of core special forms (#1132).
  - Globally defining an identifier previously bound to a macro now fully
    shadows the macro (#1166, reported by Michele La Monaca).

- Compiler
  - When emitting types files, the output list is now sorted, to ensure
    deterministic build output (fixes #1783, reported by "ss2").

- Build system
  - Fix compiler warnings about zero-sized `memset` (reported by Claude Marinier).
  - Disable broken test-create-temporary-file on Windows (reported by "jjhoo").
  - Drop use of XCODE_... environment variables on MacOS.
  - Add build directory to rpath on MacOS so that the test suite picks up correct
    libchicken, even if CHICKEN is already installed (thanks to Christian Himpe).
  - Default "cc" on BSD systems for building CHICKEN to avoid ABI problems
    when linking with C++ code.

- Runtime system
  - Make line numbers available for error output and during syntax expansion
    in the interpreter as well as the compiler.
@
text
@$NetBSD: patch-egg-compile.scm,v 1.1 2023/04/26 18:09:54 nikita Exp $

Fix CVE-2022-45145 by backporting commit a08f8f548d772ef410c672ba33a27108d8d434f3.

See: https://lists.nongnu.org/archive/html/chicken-announce/2022-11/msg00000.html

Taken from OpenBSD ports.

Index: egg-compile.scm
--- egg-compile.scm.orig
+++ egg-compile.scm
@@@@ -1191,7 +1191,7 @@@@ EOF
 
 ~a ~a~a
 ~a ~a~a
-cat >~a~a <<ENDINFO
+cat >~a~a <<'ENDINFO'
 ~aENDINFO~%
 EOF
                mkdir ddir qdir
@@@@ -1201,11 +1201,18 @@@@ EOF
        (printf #<<EOF
 
 ~a ~a~a
-echo ~a >~a~a~%
+copy /y nul ~a~a~%
+~a
 EOF
                mkdir ddir qdir
-               (string-intersperse (string-split infostr "\n") "^\n\n")
-               ddir dest)))))
+	       ddir dest
+	       (string-intersperse (map (lambda (line)
+					  (ensure-line-limit
+                                             (caretize (format "echo ~a >>~a~a"
+                                                               line ddir dest))
+                                             8191 ))
+					(string-split infostr "\n"))
+				   "\n"))))))
 
 ;;; some utilities for mangling + quoting
 
@@@@ -1277,3 +1284,12 @@@@ EOF
 (define (joins strs) (string-intersperse strs " "))
 
 (define (maybe f x) (if f (list x) '()))
+
+(define (caretize str)
+  (string-translate* str '(("&" . "^&") ("^" . "^^") ("|" . "^|")
+			   ("<" . "^<") (">" . "^>"))))
+
+(define (ensure-line-limit str lim)
+  (when (>= (string-length str) lim)
+    (error "line length exceeds platform limit: " str))
+  str)
@


1.1
log
@chicken5-boot: import chicken5-boot version 5.3.0

import package for bootstrap of chicken5.
@
text
@d1 1
a1 1
$NetBSD$
@