Only Windows version is affected.
If you ran .bat
or .cmd
via sys-exec
(or other higher-level
APIs such as run-process
), certain crafted command-line argument
could invoke external commands: https://kb.cert.org/vuls/id/123335
In Gauche, the effect is limited because the user need to give .bat
or
.cmd
extensions explicitly to run those files, so the user code
can check unsafe arguments as well. Nevertheless, it is better not to have holes.
Now, if you're trying to run a .bat
or .cmd
file and the argument
contains one of "unsafe" characters, an error is thrown.
(Issue:1017)
build-standalone
was broken
You couldn't build a standalone binary with 0.9.14, for it introduced an unintended dependency on private header files (which is only available when you have a source tree). It is addressed. Issue:1013.
When you tried to use TLS server socket with newer MbedTLS, clients failed to connect with TLS handshake error. It is fixed.
Besides, if you configure with --with-tls=mbedtls-internal
, it
now uses MbedTLS 3.5.2. Issue:1018,Issue:1021.
size-of
method
The size-of
method returns a size of a collection. Since the
minimal requirement of collection protocol is an iterator,
the default method of size-of
iterates over all elements to
count them. It happened that built-in hashtables and treemaps didn't
specialize size-of
, it caused O(n) instead of O(1).
Now those methods are specialized, and documentation warns
this fallback behavior. Issue:987.
define-cproc
At the beginning, C interface (define-cproc
) used CL-style
lambda keywords such as &optional
. We switched to keywords
:optional
loooong time ago, but we've supported the old style.
We plan to drop it. If you see this warning, please update the source.
#<undef>
is used in boolean context'
This warning is off by default, but we recommend you to turn it on
by setting the environment variable GAUCHE_CHECK_UNDEFINED_TEST
.
This warning is issued when #<undef>
appears as the result
of a test expression of conditional branch.
This feature has been in for a while, but we plan to turn the warning on by default in the next release or so, thus we bring this up again.
See Nasty undefined, for the details.
gauche-package
populate
subcommand can be used in the existing module
directory to copy missing files for packaging.
compile
command now processes *.scm
files with precomp
.
This eliminates the need of *.stub
files from C interface.
compile
command also accepts --srcdir
option
to allow out-of-tree build.
Examples are rewritten accordingly. Issues:990?.
assoc-*
procedures. Issue:985.
-l
and -e
command-line
options, now gosh
shows more information about error, rather than
a single-line summary.
new
and delete
operators. This is for
C++, but currently we don't distinguish C/C++ as targets, so the code
targetting C is also affected.
asm
CiSE directive.
make install
uses install-info
if it's available, which
updates system's dir
file if necessary. Issue:988.
#f
as a path component; it is interpreted as .
.
#<unbound>
when applied to an incomplete string.
gauche/priv/arith.h
that could trigger an undefined behavior.