Fixes <http://bugs.gnu.org/20272>.
* module/ice-9/boot-9.scm (module-generate-unique-id!)
(module-gensym): New procedures.
(module): Add 'next-unique-id' field.
(the-root-module): Inherit 'next-unique-id' value from early stub.
(make-module, make-autoload-interface): Adjust calls to
module-constructor.
* module/ice-9/psyntax.scm (gen-label, new-mark): Generate unique
identifiers from the module name and the per-module unique-id.
(build-lexical-var, generate-temporaries): Use
'module-gensym' instead of 'gensym'.
* module/ice-9/psyntax-pp.scm: Regenerate.
* module/language/tree-il/fix-letrec.scm (fix-letrec!): Use
'module-gensym' instead of 'gensym'.
* module/system/base/syntax.scm (define-record): Likewise.
(transform-record): Likewise.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Fixes <http://bugs.gnu.org/24769>.
Reported by Rob Browning <rlb@defaultvalue.org>.
* test-suite/tests/00-repl-server.test ("simple expression"): Add call
to 'select' before 'display'.
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
* test-suite/tests/i18n.test (%french-locale-name)
(%french-utf8-locale-name, %turkish-utf8-locale-name)
(%german-utf8-locale-name, %greek-utf8-locale-name): Use the normalized
codeset for ISO-8859-1 and UTF-8.
* libguile/posix.c (scm_system_star): Cast 'SIG_IGN' to
'scm_t_uintptr_t' and use 'scm_from_uintptr_t'. This fixes an
'int-conversion' warning with GCC 6.2.
Fixes <http://bugs.gnu.org/24659>.
* libguile/filesys.c (SCM_DEFINE): Remove calls to 'umask' when MODE is
unbound; instead, use 0777 as the mode. Update docstring to clarify
this.
* doc/ref/posix.texi (File System): Adjust accordingly.
* NEWS: Mention it.
* libguile/simpos.c: Trim includes.
(scm_system_star): Move to posix.c.
* libguile/simpos.h (scm_system_star): Remove.
* libguile/posix.h (scm_system_star): Add.
* libguile/posix.c (scm_system_star): Move here and implement in terms
of open-process. This lets system* work on Windows. Inspired by a
patch by Eli Zaretskii.
(start_child): Exit with 127 if the command isn't found.
Fixes <https://bugs.gentoo.org/show_bug.cgi?id=590528>.
* libguile/Makefile.am (BUILT_INCLUDES): New variable.
(BUILT_SOURCES): Put .i and other generated .h to BUILT_INCLUDES.
(DOT_X_FILES, EXTRA_DOT_X_FILES, DOT_DOC_FILES, EXTRA_DOT_DOC_FILES):
Depend on $(BUILT_INCLUDES), in place of scmconfig.h which is included
in $(BUILT_INCLUDES).
This reverts commit edd6d6e280.
As reported at <https://bugs.gentoo.org/show_bug.cgi?id=590528#c10>,
that commit failed to fix the bug.
That commit was based on the mistaken belief that the make rule syntax
".c.x: $(BUILT_INCLUDES)" means the same as ".c.x:" but with the added
prerequisites "$(BUILT_INCLUDES)". However, as explained in section
10.7 (Old-Fashioned Suffix Rules) of the GNU Make manual:
Suffix rules cannot have any prerequisites of their own. If they
have any, they are treated as normal files with funny names, not as
suffix rules. Thus, the rule:
.c.o: foo.h
$(CC) -c $(CFLAGS) $(CPPFLAGS) -o $@ $<
tells how to make the file '.c.o' from the prerequisite file 'foo.h',
and is not at all like the pattern rule:
%.o: %.c foo.h
$(CC) -c $(CFLAGS) $(CPPFLAGS) -o $@ $<
which tells how to make '.o' files from '.c' files, and makes all
'.o' files using this pattern rule also depend on 'foo.h'.
* libguile/print.c (display_string_using_iconv): If the encoding the
full utf8 buffer would overflow the output buffer, just keep trucking
instead of erroring. Fixes#22667.
* test-suite/tests/iconv.test ("round-trip"): Add some tests.
* libguile/Makefile.am (BUILT_INCLUDES): New variable.
(BUILT_SOURCES): Put .i and other generated .h to BUILT_INCLUDES.
(.c.x, .c.doc): Depend on BUILT_INCLUDES. Fixes
https://bugs.gentoo.org/show_bug.cgi?id=590528.
* libguile/null-threads.h: Reimplement null-threads stubs for pthread
data types, initializers, and functions in terms of types and inline
functions instead of CPP macros. Fixes unused-value warnings, and
tightens things up in general.
(scm_i_pthread_cleanup_push, scm_i_pthread_cleanup_pop): Remove these,
as they were unused and incorrect -- they would never run the cleanup
handler even if 1 was passed to pop.
Suggested by Vincent Legoll <vincent.legoll@gmail.com>.
* doc/ref/api-evaluation.texi (Expression Syntax): Add an unquote and an
unquote-splicing example.
* libguile/posix-w32.c: Include gc.h and threads.h.
(proc_record): New structure tag.
<procs, proc_size>: New static variables.
(find_proc, proc_handle, record_proc, delete_proc): New utility
functions.
(start_child): Return value is now pid_t, as it is on Posix
platforms. Record the new process and returns its PID, instead of
returning a handle. Fix the recursive call.
(waitpid, kill, getpriority, setpriority, sched_getaffinity)
(sched_setaffinity): Look up the PID in the recorded subprocesses
before trying to open a process that is not our subprocess. Make
sure any open handle is closed before returning, unless it's our
subprocess.
* m4/mkstemp.m4: Remove.
* lib/mkstemp.c: Remove.
* lib/mkostemp.c: New file.
* m4/mkostemp.m4: New file.
* lib/Makefile.am:
* m4/gnulib-cache.m4:
* m4/gnulib-comp.m4: Remove mkstemp module, replace with mkostemp.
* libguile/fports.h:
* libguile/fports.c (scm_i_mode_to_open_flags): Factor out helper to
parse mode string to open flags.
(scm_open_file_with_encoding): Use the new helper.
* libguile/filesys.c:
(scm_i_mkstemp): Adapt to take optional second argument, being a mode
string. Use mkostemp.
(scm_mkstemp): Backwards compatible shim that calls scm_i_mkstemp.
* doc/ref/posix.texi:
* NEWS: Update.
* module/system/base/compile.scm (call-with-output-file/atomic): Pass
"wb" as mode, to cause O_BINARY to be added on MinGW.
* module/language/tree-il/peval.scm (<operand>): Rename "alias-value"
field to "alias", which is now an operand and not an expression.
This allows the operand to capture its environment; before, the
alias was being visited in its use environment instead of its
definition environment.
(peval): Adapt to operand change.
* test-suite/tests/peval.test ("partial evaluation"): New test.
* libguile/net_db.c (SCM_DEFINE_CONSTANT): New helper. Use it to
define constants and avoid the unneeded static variables that were
used before, named "sym_" but actually holding variables. Thanks to
Eli Zaretskii for the report.
