* test-suite/tests/00-repl-server.test (call-with-repl-server): The REPL
server needs threads so don't bother testing if we have no threads.
Also, prevent SIGPIPE from killing the parent process.
Fixes <http://bugs.gnu.org/24769>.
Reported by Rob Browning <rlb@defaultvalue.org>.
* test-suite/tests/00-repl-server.test ("simple expression"): Add call
to 'select' before 'display'.
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
* test-suite/tests/i18n.test (%french-locale-name)
(%french-utf8-locale-name, %turkish-utf8-locale-name)
(%german-utf8-locale-name, %greek-utf8-locale-name): Use the normalized
codeset for ISO-8859-1 and UTF-8.
* libguile/posix.c (scm_system_star): Cast 'SIG_IGN' to
'scm_t_uintptr_t' and use 'scm_from_uintptr_t'. This fixes an
'int-conversion' warning with GCC 6.2.
Fixes <http://bugs.gnu.org/24659>.
* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
unbound; instead, use 0777 as the mode. Update docstring to clarify
this.
* doc/ref/posix.texi (File System): Adjust accordingly.
* NEWS: Mention it.
Fixes <https://bugs.gentoo.org/show_bug.cgi?id=590528>.
* libguile/Makefile.am (BUILT_INCLUDES): New variable.
(BUILT_SOURCES): Put generated .h to BUILT_INCLUDES.
(DOT_X_FILES, EXTRA_DOT_X_FILES, DOT_DOC_FILES, EXTRA_DOT_DOC_FILES):
Depend on $(BUILT_INCLUDES), in place of scmconfig.h which is included
in $(BUILT_INCLUDES).
This assumption does not hold on systems that use the LLP64 data model.
Partially fixes <https://debbugs.gnu.org/22406>.
Reported by Peter TB Brett <peter@peter-b.co.uk>.
* libguile/numbers.h (scm_t_inum): Move here from numbers.c, and change
to be equivalent to 'long' (formerly 'scm_t_signed_bits').
(SCM_MOST_POSITIVE_FIXNUM, SCM_MOST_NEGATIVE_FIXNUM): Define based on
SCM_I_FIXNUM_BIT instead of SCM_T_SIGNED_BITS_MAX.
(SCM_I_INUM): Adjust definitions to return a 'scm_t_inum', and avoiding
the assumption that SCM_UNPACK returns a 'long'.
* libguile/numbers.c (scm_t_inum): Move definition to numbers.h.
Verify that 'scm_t_inum' fits within a SCM value.
(scm_i_inum2big): Remove preprocessor code that forced a compile error
unless sizeof (long) == sizeof (void *).
* doc/ref/posix.texi (Ports and File Descriptors): Update.
* libguile/filesys.c (scm_select): Use scm_std_select so that pending
interrupts can be delivered. On EINTR or EAGAIN, just return directly
so that calling Scheme code can run asyncs.
* module/oop/goops.scm (%compute-layout): Fix class slot layout.
Before, a #:class that was an argument to #:allocation was getting
interpreted as a keyword with a value.
* test-suite/tests/goops.test ("#:class slot allocation"): Add test.
* libguile/filesys.c (scm_i_mkstemp): Validate "mode" argument as a
string, and validate writability of template string early too. Thanks
to Jean Louis for the bug report.
* module/rnrs/io/ports.scm (open-string-output-port): Calling the
get-string proc should flush the buffer and reset the file position.
* test-suite/tests/r6rs-ports.test ("8.2.10 Output ports"): Add tests.
Thanks to Freja Nordsiek for the report.
* libguile/vm-engine.c (bind-kwargs):
* libguile/vm.c (vm_error_kwargs_missing_value):
* libguile/eval.c (error_missing_value)
(prepare_boot_closure_env_for_apply): Adapt to mirror VM behavior.
* libguile/keywords.c (scm_c_bind_keyword_arguments): Likewise.
* module/ice-9/eval.scm (primitive-eval): Update to error on (foo #:kw)
with a "Keyword argument has no value" instead of the horrible "odd
argument list length". Also adapts to the expected args format for
the keyword-argument-error exception printer in all cases. Matches
1.8 optargs behavior also.
* test-suite/standalone/test-scm-c-bind-keyword-arguments.c (test_missing_value):
(missing_value_error_handler): Update test.
* test-suite/tests/optargs.test: Add tests.
* libguile/bytevectors.c (sym_big, sym_little): Rename from scm_sym_big
and scm_sym_little, and don't use the snarf mechanism as we need to
initialize this value eagerly in case the C API is used before the
Scheme module is loaded.
(scm_bootstrap_bytevectors): Initialize the endianness symbols here.
* libguile/r6rs-ports.c (scm_register_r6rs_ports): Register the R6RS
port kinds here, for the same reason.
* libguile/threads.h (scm_i_thread): Add bool tracking whether the
thread needs to be unregistered from libgc.
* libguile/threads.c (guilify_self_1): Add needs_unregister arg.
(on_thread_exit): Only unregister thread if the thread needs it.
(scm_i_init_thread_for_guile): A thread needs unregistering if
GC_register_my_thread succeeded.
(scm_threads_prehistory): Don't unregister initial thread.
Fixes#19523. Thanks to Anthonin Bonnefoy for the report.
* module/ice-9/boot-9.scm (define-module*): Process module imports after
module exports. Allows for an additional kind of circular module
imports (see https://bugs.gnu.org/15540).
* test-suite/tests/modules.test ("circular imports"): Add test.
* libguile/numbers.c (scm_product): Only reduce (* x -1) to (- x) when X
is a bignum. Fixes weirdness when X is not a number and instead
multiplication should dispatch to GOOPS. Thanks to Alejandro Sanchez
for the report.
* meta/guile.m4 (GUILE_PROGS): Search for guile with suffixes
first ('-X.Y' and 'X.Y' where X.Y denotes the version) before
searching for guile with no suffix. Patch co-authored by Andy Wingo.
* module/oop/goops.scm (multiple-arity-dispatcher): Fix dispatch for
max-arity+1 when a generic is already in multiple-arity dispatch.
Fixes#24454.
* test-suite/tests/goops.test ("dispatch"): Add test.
* configure.ac: Check for __sincos.
* libguile/numbers.c (scm_c_make_polar): Fall back to __sincos if
possible. Fixes zero signedness of make-polar on macOS.
* module/language/cps/types.scm (define-binary-result!): Arithmetic
where one argument is a flonum may produce a complex.
* test-suite/tests/compiler.test: Add test.
