Update NEWS

* NEWS: Update 2.0.x NEWS.  Fold 2.1.7 NEWS into main 2.2 body.

1 files changed, 86 insertions, 86 deletions

diff --git a/NEWS b/NEWS
index 5d5221ec8..4d8a56380 100644
--- a/NEWS
+++ b/NEWS
@@ -6,85 +6,7 @@ Please send Guile bug reports to bug-guile@gnu.org.
 
 
 
-Changes in 2.1.7 (changes since the 2.1.6 alpha release):
-
-* Notable changes
-
-** Web server now suspendable
-
-The web server's implementation has been slightly modified in order to
-allow coroutines to suspend and resume around it when it would block on
-input or output.  See "Non-Blocking IO" in the manual for more.
-
-** Add support for arrays in `truncated-print'.
-
-See "Pretty Printing" in the manual.  Thanks to Daniel Llorens.
-
-** Gnulib update
-
-Gnulib has been updated to v0.1-1157-gb03f418.
-
-* Performance improvements
-
-** Stringbufs immutable by default
-
-Stringbufs are backing buffers for strings, and are not user-visible.
-Calling "substring" on a base string will result in a new string that
-shares state with the base string's stringbuf.  A subsequent attempt to
-mutate the substring will first copy a fresh stringbuf; that is, Guile's
-strings are copy-on-write.  There is also "substring/shared" which
-allows mutations to be shared between substring and base string; in that
-case the stringbuf is modified directly.
-
-It used to be that mutating a string would have to take a global lock,
-to ensure that no one was concurrently taking a copy-on-write substring
-of that string.  That is, stringbufs were mutable by default and
-transitioning to immutable could happen at any time.
-
-This situation has been reversed: stringbufs are now immutable by
-default and attempts to mutate an immutable stringbuf will copy a fresh
-stringbuf and mark it as mutable.  This way we can avoid the global
-lock.  This change likely speeds up common "substring" workloads, though
-it make make the first in-place mutation on an immutable string take
-more time because it has to copy a fresh backing stringbuf.
-
-** Speed up number->string
-
-** `accept' now takes optional flags argument
-
-These flags can include `SOCK_NONBLOCK' and `SOCK_CLOEXEC', indicating
-options to apply to the returned socket, potentially removing the need
-for additional system calls to set these options.  See "Network Sockets
-and Communication" in the manual, for more.
-
-* New deprecations
-
-** `SCM_FDES_RANDOM_P'
-
-Instead, use `lseek (fd, 0, SEEK_CUR)' directly.
-
-* Bug fixes
-
-** Fix too-broad capture of dynamic stack by delimited continuations
-
-Guile was using explicit stacks to represent, for example, the chain of
-current exception handlers.  This means that a delimited continuation
-that captured a "catch" expression would capture the whole stack of
-exception handlers, not just the exception handler added by the "catch".
-This led to strangeness when resuming the continuation in some other
-context like other threads; "throw" could see an invalid stack of
-exception handlers.  This has been fixed by the addition of the new
-"fluid-ref*" procedure that can access older values of fluids; in this
-way the exception handler stack is now implicit.  See "Fluids and
-Dynamic States" in the manual, for more on fluid-ref*.
-
-** Fix bug comparing unboxed floating-point values (#25492)
-
-Thanks to Daniel Llorens.
-
-** Fix crasher bugs for multiple threads writing to same port
-
-** Fix bug resuming partial continuations that contain prompts
+Changes in 2.1.8 (changes since the 2.1.7 alpha release):
 
 
 Previous changes in 2.1.x (changes since the 2.0.x series):
@@ -339,6 +261,13 @@ See "Custom Ports" in the manual.
 
 See "R6RS Transcoders" in the manual.
 
+** `accept' now takes optional flags argument
+
+These flags can include `SOCK_NONBLOCK' and `SOCK_CLOEXEC', indicating
+options to apply to the returned socket, potentially removing the need
+for additional system calls to set these options.  See "Network Sockets
+and Communication" in the manual, for more.
+
 ** Thread-safe atomic boxes (references)
 
 See "Atomics" in the manual.
@@ -728,6 +657,19 @@ specifies #:duplicates, of course we use that.  The
 `default-duplicate-binding-handlers' parameter now simply accesses the
 handlers of the current module, instead of some global value.
 
+** Fix too-broad capture of dynamic stack by delimited continuations
+
+Guile was using explicit stacks to represent, for example, the chain of
+current exception handlers.  This means that a delimited continuation
+that captured a "catch" expression would capture the whole stack of
+exception handlers, not just the exception handler added by the "catch".
+This led to strangeness when resuming the continuation in some other
+context like other threads; "throw" could see an invalid stack of
+exception handlers.  This has been fixed by the addition of the new
+"fluid-ref*" procedure that can access older values of fluids; in this
+way the exception handler stack is now implicit.  See "Fluids and
+Dynamic States" in the manual, for more on fluid-ref*.
+
 ** `dynamic-wind' doesn't check that guards are thunks
 
 Checking that the dynamic-wind out-guard procedure was actually a thunk
@@ -849,6 +791,10 @@ scm_t_debug_info', `scm_pure_generic_p', `SCM_PUREGENERICP',
 
 * New deprecations
 
+** `SCM_FDES_RANDOM_P'
+
+Instead, use `lseek (fd, 0, SEEK_CUR)' directly.
+
 ** `_IONBF', `_IOLBF', and `_IOFBF'
 
 Instead, use the symbol values `none', `line', or `block', respectively,
@@ -987,19 +933,60 @@ users, but packagers may be interested.
 
 
 
+Changes in 2.0.14 (since 2.0.13):
+
+* Bug fixes
+
+** Builds of .go files and of Guile itself are now bit-reproducible
+   (<http://bugs.gnu.org/20272>)
+
+** 'number->locale-string' and 'monetary-amount->locale-string' fixes
+   (<http://bugs.gnu.org/24990>)
+
+** (system base target) now recognizes "sh3" as a cross-compilation target
+
+** Fix race condition in '00-repl-server.test'
+   (<http://bugs.gnu.org/24769>)
+
+** 'scandir' from (ice-9 ftw) no longer calls 'stat' for each entry
+
+** Several documentation improvements
+
+
 Changes in 2.0.13 (since 2.0.12):
 
-* Notable changes
-* New interfaces
-** mkstemp! takes optional "mode" argument
+* Security fixes
 
-See "File System" in the manual, for more.
+** CVE-2016-8606: REPL server now protects against HTTP inter-protocol
+   attacks
 
-** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions
+Guile 2.x provides a "REPL server" started by the '--listen'
+command-line option or equivalent API (see "REPL Servers" in the
+manual).
 
-* Bug fixes
+The REPL server is vulnerable to the HTTP inter-protocol attack as
+described at
+<https://en.wikipedia.org/wiki/Inter-protocol_exploitation>, notably the
+HTML form protocol attack described at
+<https://www.jochentopf.com/hfpa/hfpa.pdf>.  A "DNS rebinding attack"
+can be combined with this attack and allow an attacker to send arbitrary
+Guile code to the REPL server through web pages accessed by the
+developer, even though the REPL server is listening to a loopback device
+("localhost").  This was demonstrated in an article entitled "How to
+steal any developer's local database" available at
+<http://bouk.co/blog/hacking-developers/>.
+
+The REPL server in Guile 2.0.13 now detects attempts to exploit this
+vulnerability.  It immediately closes the connection when it receives a
+line that looks like an HTTP request.
 
-** 'mkdir' procedure no longer calls umask(2) (<http://bugs.gnu.org/24659>)
+Nevertheless, we recommend binding the REPL server to a Unix-domain
+socket, for instance by running:
+
+  guile --listen=/tmp/guile-socket
+
+** CVE-2016-8605: 'mkdir' procedure no longer calls umask(2)
+   (<http://bugs.gnu.org/24659>)
 
 When the second argument to the 'mkdir' procedure was omitted, it would
 call umask(0) followed by umask(previous_umask) and apply the umask to
@@ -1010,9 +997,22 @@ applications: during a small window the process' umask was set to zero,
 so other threads calling mkdir(2) or open(2) could end up creating
 world-readable/writable/executable directories or files.
 
+* New interfaces
+
+** mkstemp! takes optional "mode" argument
+
+See "File System" in the manual, for more.
+
+** New 'scm_to_uintptr_t' and 'scm_from_uintptr_t' C functions
+
+* Bug fixes
+
 ** Fix optimizer bug when compiling fixpoint operator
 ** Fix build error on MinGW
 ** Update 'uname' implementation on MinGW
+** 'port-encoding' and 'set-port-encoding!' ensure they are passed an
+   open port
+** (system base target) now recognizes Alpha as a cross-compilation target
 
 
 Changes in 2.0.12 (since 2.0.11):