* module/ice-9/arrays.scm (array-print-prefix): New private function.
* libguile/arrays.c (scm_i_print_array): Reuse (array-print-prefix) from
(ice-9 arrays). Make sure to release the array handle.
* module/ice-9/pretty-print.scm (truncated-print): Support
bitvectors.
Don't try to guess the array prefix but call array-print-prefix from
(ice-9 arrays) instead.
Fix call to print-sequence to support non-zero lower bound arrays.
* test-suite/tests/arrays.test: Test that arrays print properly.
* test-suite/tests/print.test: Test truncated-print with bitvectors,
non-zero lower bound arrays.
* module/ice-9/arrays.scm (array-copy): New function, export.
* module/Makefile.am: Install (ice-9 arrays).
* doc/ref/api-data.texi: Add documentation for (ice-9 arrays).
* libguile/quicksort.i.c: Use signed bounds throughout.
* libguile/sort.c (scm_restricted_vector_sort_x): Fix error calls. Fix
calls to quicksort.
* test-suite/tests/sort.test: Actually test that the sorted results
match the original data. Test cases for non-zero base index arrays for
sort, sort!, and stable-sort!.
This fixes a bug when using ",break":
system/vm/traps.scm:127:31: system/vm/traps.scm:127:31: In procedure <: Wrong type: #f
* module/system/vm/traps.scm (frame-matcher): Check whether END is
true.
* module/oop/goops.scm (opaque-slot?, read-only-slot?): New helpers.
(allocate-slots): Protect opaque and read-only slots by wrapping the
slot accessors instead of relying on struct permissions.
(%compute-layout): Remove opaque-slot case.
* libguile/struct.c: Replace uses of scm_make_struct with
scm_make_struct_no_tail or scm_c_make_struct.
(scm_make_struct_no_tail): Move this function to C instead of Scheme
to be able to deprecate scm_make_struct.
* libguile/struct.h (scm_make_struct_no_tail): New public declaration.
* libguile/deprecated.h:
* libguile/deprecated.c (scm_make_struct): Deprecate.
* libguile/print.c:
* libguile/procs.c:
* libguile/stacks.c: Replace uses of scm_make_struct with
scm_make_struct_no_tail.
* test-suite/tests/coverage.test:
* test-suite/tests/structs.test: Use make-struct/no-tail instead of
make-struct.
* NEWS: Add entry.
Based on a patch by Daniel Hartwig <mandyke@gmail.com>.
* NEWS: Update.
* doc/ref/web.texi (URIs): Fragments are properly part of a URI, so
remove the incorrect note. Add documentation on URI subtypes.
* module/web/uri.scm (uri-reference?): New base type predicate.
(uri?, relative-ref?): Specific predicates.
(validate-uri-reference): Strict validation.
(validate-uri, validate-relative-ref): Specific validators.
(build-uri-reference, build-relative-ref): New constructors.
(string->uri-reference): Rename from string->uri.
(string->uri, string->relative-ref): Specific constructors.
(uri->string): Add #:include-fragment? keyword argument.
* module/web/http.scm (parse-request-uri): Use `build-uri-reference',
and result is a URI-reference, not URI, object. No longer infer an
absent `uri-scheme' is `http'.
(write-uri): Just use `uri->string'.
(declare-uri-header!): Remove unused function.
(declare-uri-reference-header!): Update. Rename from
`declare-relative-uri-header!'.
* test-suite/tests/web-uri.test ("build-uri-reference"):
("string->uri-reference"): Add.
("uri->string"): Also tests for relative-refs.
* test-suite/tests/web-http.test ("read-request-line"):
("write-request-line"): Update for no scheme in some URIs.
("entity headers", "request headers"): Content-location, Referer, and
Location should also parse relative-URIs.
* test-suite/tests/web-request.test ("example-1"): Expect URI-reference
with no scheme.
* module/web/client.scm (tls-wrap): Use get-bytevector-some instead of
get-bytevector-n, to prevent Guile from attempting to read more bytes
than are available. Normally trying to read data on a shut-down
socket is fine, but but gnutls issues an error if you attempt to read
data from a shut-down socket, and that appears to be a security
property. Fixes HTTPS requests whose responses are smaller than the
port buffer.
Fixes <http://bugs.gnu.org/26261>.
Reported by Zefram <zefram@fysh.org>.
* module/srfi/srfi-19.scm ("define directives"): N padding increased from 7 to 9
* test-suite/tests/srfi-19.test ("date->string"): New test.
* libguile/_scm.h (SCM_OBJCODE_MINIMUM_MINOR_VERSION): New definition,
indicating the oldest objcode version that we support.
(SCM_OBJCODE_MINOR_VERSION): Bump.
* libguile/loader.c (process_dynamic_segment): Support a range of
versions.
* module/system/vm/assembler.scm (*bytecode-minor-version*): Bump.
* libguile/array-handle.c (initialize_vector_handle): Add mutable_p
argument. Unless the vector handle is mutable, null out its
writable_elements member.
(scm_array_get_handle): Adapt to determine mutability of the various
arrays.
(scm_array_handle_elements, scm_array_handle_writable_elements):
Reverse the sense: instead of implementing read-only in terms of
read-write, go the other way around, adding an assertion in the
read-write case that the array handle is mutable.
* libguile/array-map.c (racp): Assert that the destination is mutable.
* libguile/bitvectors.c (SCM_F_BITVECTOR_IMMUTABLE, IS_BITVECTOR):
(IS_MUTABLE_BITVECTOR): Add a flag to indicate immutability.
(scm_i_bitvector_bits): Fix indentation.
(scm_i_is_mutable_bitvector): New helper.
(scm_array_handle_bit_elements)
((scm_array_handle_bit_writable_elements): Build writable_elements in
terms of elements.
(scm_bitvector_elements, scm_bitvector_writable_elements): Likewise.
(scm_c_bitvector_set_x): Require a mutable bitvector for the
fast-path.
(scm_bitvector_to_list, scm_bit_count): Use read-only elements()
function.
* libguile/bitvectors.h (scm_i_is_mutable_bitvector): New decl.
* libguile/bytevectors.c (INTEGER_ACCESSOR_PROLOGUE):
(INTEGER_GETTER_PROLOGUE, INTEGER_SETTER_PROLOGUE):
(INTEGER_REF, INTEGER_NATIVE_REF, INTEGER_SET, INTEGER_NATIVE_SET):
(GENERIC_INTEGER_ACCESSOR_PROLOGUE):
(GENERIC_INTEGER_GETTER_PROLOGUE, GENERIC_INTEGER_SETTER_PROLOGUE):
(LARGE_INTEGER_NATIVE_REF, LARGE_INTEGER_NATIVE_SET):
(IEEE754_GETTER_PROLOGUE, IEEE754_SETTER_PROLOGUE):
(IEEE754_REF, IEEE754_NATIVE_REF, IEEE754_SET, IEEE754_NATIVE_SET):
Setters require a mutable bytevector.
(SCM_BYTEVECTOR_SET_FLAG): New helper.
(SCM_BYTEVECTOR_SET_CONTIGUOUS_P, SCM_BYTEVECTOR_SET_ELEMENT_TYPE):
Remove helpers.
(SCM_VALIDATE_MUTABLE_BYTEVECTOR): New helper.
(make_bytevector, make_bytevector_from_buffer): Use
SCM_SET_BYTEVECTOR_FLAGS.
(scm_c_bytevector_set_x, scm_bytevector_fill_x)
(scm_bytevector_copy_x): Require a mutable bytevector.
* libguile/bytevectors.h (SCM_F_BYTEVECTOR_CONTIGUOUS)
(SCM_F_BYTEVECTOR_IMMUTABLE, SCM_MUTABLE_BYTEVECTOR_P): New
definitions.
* libguile/bytevectors.h (SCM_BYTEVECTOR_CONTIGUOUS_P): Just access one
bit.
* libguile/srfi-4.c (DEFINE_SRFI_4_C_FUNCS): Implement
writable_elements() in terms of elements().
* libguile/strings.c (scm_i_string_is_mutable): New helper.
* libguile/uniform.c (scm_array_handle_uniform_elements):
(scm_array_handle_uniform_writable_elements): Implement
writable_elements in terms of elements.
* libguile/vectors.c (SCM_VALIDATE_MUTABLE_VECTOR): New helper.
(scm_vector_elements, scm_vector_writable_elements): Implement
writable_elements in terms of elements.
(scm_c_vector_set_x): Require a mutable vector.
* libguile/vectors.h (SCM_F_VECTOR_IMMUTABLE, SCM_I_IS_MUTABLE_VECTOR):
New definitions.
* libguile/vm-engine.c (VM_VALIDATE_MUTABLE_BYTEVECTOR):
(VM_VALIDATE_MUTABLE_VECTOR, vector-set!, vector-set!/immediate)
(BV_BOUNDED_SET, BV_SET): Require mutable bytevector/vector.
* libguile/vm.c (vm_error_not_a_mutable_bytevector):
(vm_error_not_a_mutable_vector): New definitions.
* module/system/vm/assembler.scm (link-data): Mark residualized vectors,
bytevectors, and bitvectors as being read-only.
* module/ice-9/psyntax.scm (syntax?): Only recognize legacy syntax
objects if the new allow-legacy-syntax-objects? parameter is true.
* module/ice-9/boot-9.scm (allow-legacy-syntax-objects?): New
parameter.
* doc/ref/api-macros.texi (Syntax Transformer Helpers): Document the
horrible situation with legacy syntax objects.
* NEWS: Add entry.
* module/ice-9/psyntax.scm (make-syntax-object): Change to make
new-style syntax objects.
* module/ice-9/psyntax-pp.scm: Regenerate.
* module/ice-9/compile-psyntax.scm (squeeze-syntax-object): Change to be
functional.
(squeeze-constant): Likewise.
(squeeze-tree-il): Likewise.
(translate-literal-syntax-objects): New pass. The compiler can embed
literal syntax objects into compiled objects, but syntax can no longer
be read/written; otherwise users could forge syntax objects. So for
the bootstrap phase, rewrite literal constants to calls to
make-syntax.
* libguile/Makefile.am (libguile_@GUILE_EFFECTIVE_VERSION@_la_SOURCES):
(DOT_X_FILES, DOT_DOC_FILES, noinst_HEADERS): Add syntax.c and
syntax.h.
* libguile/evalext.c (scm_self_evaluating_p):
* libguile/goops.c (class_syntax, scm_class_of, scm_goops_early_init):
* libguile/init.c (scm_init_guile):
* libguile/print.c (iprin1):
* libguile/tags.h (scm_tc7_syntax):
* module/oop/goops.scm (<syntax>):
* module/system/base/types.scm (%tc7-syntax, cell->object):
* module/system/vm/disassembler.scm (code-annotation): Wire up the new
data type.
* libguile/syntax.c:
* libguile/syntax.h: New files.
* module/ice-9/boot-9.scm: Move new definitions to (system syntax
internal).
* module/system/syntax.scm (print-syntax): New helper.
* module/system/vm/assembler.scm (statically-allocatable?)
(intern-constant, link-data): Arrange to be able to write syntax
objects into images.
* module/language/cps/types.scm (&syntax): New type. Remove
&hash-table; it was never detected, an internal binding, and we need
the bit to avoid going into bignum territory.
* module/ice-9/psyntax.scm (%syntax-module): Rename from syntax-module
in order to make room for a new syntax-module primitive binding.
* module/ice-9/psyntax-pp.scm: Regenerate.
* module/ice-9/boot-9.scm: Push syntax bindings into an internal
module.
* module/system/syntax.scm: New file.
* module/Makefile.am (SOURCES): Add system/syntax.scm.
* module/language/cps/effects-analysis.scm (expression-effects): Prompts
cause &all-effects. I tried to limit this change to CSE but it was
actually LICM that was borked, so better to be conservative
* test-suite/tests/control.test ("escape-only continuations"): Add
test.
* doc/ref/vm.texi (Inlined Scheme Instructions): Add string-set!.
* libguile/vm-engine.c (string-set!): New opcode.
* module/ice-9/rdelim.scm (read-string): Reimplement in terms of a
geometrically growing list of strings, to reduce total heap usage when
reading big files.
* module/language/cps/compile-bytecode.scm (compile-function): Add
string-set! support.
* module/language/cps/types.scm (string-set!): Update for &u64 index.
* module/language/tree-il/compile-cps.scm (convert): Unbox index to
string-set!.
* module/system/vm/assembler.scm (system): Export string-set!.
This bug was introduced by 35a9059250.
* module/language/cps/specialize-numbers.scm (specialize-operations):
Check that both operands are real as a condition for
specialize-f64-comparison.
* test-suite/tests/numbers.test: Add test.
* module/language/cps/compile-bytecode.scm (compile-function): Check for
fallthrough after $kclause too; possible to need to jump if clause
tails are contified.
* module/language/cps/contification.scm (compute-contification-candidates):
Enable inter-clause contification.
* module/language/cps/compile-bytecode.scm (compile-function):
* module/language/cps/slot-allocation.scm ($allocation)
(lookup-nlocals, compute-frame-size, allocate-slots): Adapt to
have one frame size per function, for all clauses.
* module/system/vm/linker.scm (*lcm-page-size*): Rename
from *page-size*, change to 64 KB.
* libguile/loader.c (load_thunk_from_memory): Only require page size
alignment, knowing that although Guile might emit ELF with 64k
alignment, it only really needs page alignment.
Fixes <http://bugs.gnu.org/20272>.
* module/ice-9/boot-9.scm (module-generate-unique-id!)
(module-gensym): New procedures.
(module): Add 'next-unique-id' field.
(the-root-module): Inherit 'next-unique-id' value from early stub.
(make-module, make-autoload-interface): Adjust calls to
module-constructor.
* module/ice-9/psyntax.scm (gen-label, new-mark): Generate unique
identifiers from the module name and the per-module unique-id.
(build-lexical-var, generate-temporaries): Use
'module-gensym' instead of 'gensym'.
* module/ice-9/psyntax-pp.scm: Regenerate.
* module/language/tree-il/fix-letrec.scm (fix-letrec!): Use
'module-gensym' instead of 'gensym'.
* module/system/base/syntax.scm (define-record): Likewise.
(transform-record): Likewise.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This feature was removed by 4aead68cdb.
* module/ice-9/i18n.scm (number-decimal-string): Rewrite the case where
DIGIT-COUNT is not an integer.
(number->locale-string): Always pass FRACTION-DIGITS to
'number-decimal-string'.
* test-suite/tests/format.test ("~h localized number")["1234.5"]
["padding", "padchar"]: Remove decimal specifier.
* test-suite/tests/i18n.test ("number->locale-string")
["fraction",
* test-suite/tests/i18n.test ("format ~h")["12 345,678"]: Remove decimal
specifier. Remove one decimal.
* doc/ref/api-i18n.texi (Number Input and Output): Update
'number->locale-string' doc to mention the number of decimals.
Fixes <http://bugs.gnu.org/24990>.
Reported by Martin Michel <dev@famic.de>.
* module/ice-9/i18n.scm (integer->string, number-decimal-string): New
procedures.
(monetary-amount->locale-string): Use them instead of 'number->string'
followed by 'string-split'.
(number->locale-string): Likewise.
* test-suite/tests/i18n.test ("number->locale-string")["fraction"]: Add
second argument to 'number->locale-string'.
["fraction, 1 digit"]: Round up.
["fraction, 10 digits", "trailing zeros", "negative integer"]: New
tests.
* test-suite/tests/i18n.test ("format ~h"): Pass the number of decimals
for ~h.
("monetary-amount->locale-string")["French"]: Always expect two decimals
after the comma.
["one cent", "very little money"]: New tests.
* test-suite/tests/format.test ("~h localized number")["1234.5"]:
Specify the number of decimals explicitly.
["padding"]: Expect zero decimals.
["padchar"]: Ask for one decimal.
["decimals", "locale"]: Adjust rounding.
* module/system/base/target.scm (cpu-endianness, triplet-pointer-size):
Add case for "sh3".
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
