Bug 230535

Summary: lang/chicken: Update to 5.0.0rc1
Product: Ports & Packages Reporter: Tobias Kortkamp <tobik>
Component: Individual Port(s)Assignee: Tobias Kortkamp <tobik>
Status: Closed FIXED    
Severity: Affects Only Me CC: vmagerya
Priority: --- Keywords: patch
Version: LatestFlags: tobik: maintainer-feedback+
Hardware: Any   
OS: Any   
URL: http://lists.nongnu.org/archive/html/chicken-users/2018-08/msg00004.html
Attachments:
Description Flags
chicken.diff tobik: maintainer-approval? (vmagerya)

Description Tobias Kortkamp freebsd_committer freebsd_triage 2018-08-11 15:39:39 UTC
Created attachment 196088 [details]
chicken.diff

Hi,

this

- updates Chicken to the first release candidate of 5.0.0
- cleans up some old cruft that is no longer necessary
- makes sure the build respects LDFLAGS set by the framework
- builds fine on 10.4/i386, 11.1/amd64, 12.0/amd64

We unfortunately skipped the update to 4.13.0 which fixed multiple
security vulnerabilities [1].  Are you still interested in maintaining
lang/chicken?  If not I'd like to offer to take over maintainership.

Since chicken 4 is not fully compatible with chicken 5 [2], should
we preserve the current lang/chicken as lang/chicken4 for a while?

[1] https://code.call-cc.org/dev-snapshots/2018/08/11/NEWS
[2] https://wiki.call-cc.org/porting-c4-to-c5
Comment 1 Vitaly Magerya 2018-08-13 11:57:44 UTC
The patch seems to work fine (I didn't test the FEATHERS option though), but there are two problems:
1) Generally updating to an RC version is frowned upon; unless there are special circumstances, it's better to wait a few weeks and update to the final release (in some cases it's even better to wait for the first point release, but this is not the case for Chicken).
2) Setting LICENSE to BSD3CLAUSE is something I find misleading: Chicken's
LICENSE file [2] says that it's actually a mixture of BSD3 files, public domain files, custom permissive license files, and even GPL2+ files in the test suite. A blanket "BSD3CLAUSE" doesn't describe that well. Maybe setting the LICENSE_FILE to the location of Chicken's LICENSE would be better, if you really want it (personally, I find our LICENSE framework vague and pointless).

Generally the way forward would be to:
1) update lang/chicken to 4.13.0;
2) add CVE-2017-6949, CVE-2017-9334 and CVE-2017-11343 to our vuxml database;
3) wait for 5.0.0 release;
4) copy lang/chicken to lang/chicken4 (possibly look into renaming the installation paths, so it wouldn't conflict with lang/chicken), and update lang/chicken to 5.0.0;
5) delete lang/chicken4 in a year or two.

If you want to undertake this sort of work, then I gladly cede maintainer position to you. As you've noticed, I have been slacking.

[1] http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=blob;f=LICENSE;h=6ef11e82ab1835ccddc3aceb323760a0ec00b915;hb=9d480412edf8a95aeafa31c3c32830c210ce83b7
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-08-15 15:27:00 UTC
A commit references this bug:

Author: tobik
Date: Wed Aug 15 15:26:14 UTC 2018
New revision: 477236
URL: https://svnweb.freebsd.org/changeset/ports/477236

Log:
  lang/chicken: Update to 4.13.0

  - Respect LDFLAGS
  - Take maintainership

  Changes:	https://code.call-cc.org/releases/4.13.0/NEWS
  PR:		230535
  Approved by:	maintainer
  Security:	5a771686-9e33-11e8-8b2d-9cf7a8059466
  MFH:		2018Q3

Changes:
  head/lang/chicken/Makefile
  head/lang/chicken/distinfo
  head/lang/chicken/pkg-message
Comment 3 Tobias Kortkamp freebsd_committer freebsd_triage 2018-08-15 15:28:44 UTC
(In reply to Vitaly Magerya from comment #1)
> 2) Setting LICENSE to BSD3CLAUSE is something I find misleading:
> Chicken's LICENSE file [2] says that it's actually a mixture of
> BSD3 files, public domain files, custom permissive license files,
> and even GPL2+ files in the test suite.  A blanket "BSD3CLAUSE"
> doesn't describe that well.

We do not install the test files so I don't think we need to mention
the license of them.  Anyway I'm leaving this alone for now and
will ask for review from other port committers later, it shouldn't
block any update.

> Generally the way forward would be to:
> 1) update lang/chicken to 4.13.0;
> 2) add CVE-2017-6949, CVE-2017-9334 and CVE-2017-11343 to our vuxml database;
> 3) wait for 5.0.0 release;
> 4) copy lang/chicken to lang/chicken4 (possibly look into renaming the installation paths, so it wouldn't conflict with lang/chicken), and update lang/chicken to 5.0.0;
> 5) delete lang/chicken4 in a year or two.

My game plan is

0) Add vuxml entry (done last Sunday in ports r476991)
1) Update lang/chicken to 4.13.0 and merge it to the quarterly branch
   (in progress now)
2) Add 5.0.0rc1 as lang/chicken5 now with PROGRAM_SUFFIX=5,
   so we have csi5, csc5, libchicken5.so, etc. and no conflict with
   lang/chicken
3) Once 5.0.0 is released add a deprecation notice in 12 months to
   lang/chicken; maybe swap the PROGRAM_SUFFIX around 

> If you want to undertake this sort of work, then I gladly cede
> maintainer position to you.  As you've noticed, I have been slacking.

Thank you.
Comment 4 commit-hook freebsd_committer freebsd_triage 2018-08-15 18:26:43 UTC
A commit references this bug:

Author: tobik
Date: Wed Aug 15 18:25:47 UTC 2018
New revision: 477250
URL: https://svnweb.freebsd.org/changeset/ports/477250

Log:
  MFH: r477236

  lang/chicken: Update to 4.13.0

  - Respect LDFLAGS
  - Take maintainership

  Changes:	https://code.call-cc.org/releases/4.13.0/NEWS
  PR:		230535
  Approved by:	maintainer
  Security:	5a771686-9e33-11e8-8b2d-9cf7a8059466

  Approved by:	ports-secteam (miwi)

Changes:
_U  branches/2018Q3/
  branches/2018Q3/lang/chicken/Makefile
  branches/2018Q3/lang/chicken/distinfo
  branches/2018Q3/lang/chicken/pkg-message
Comment 5 Vitaly Magerya 2018-08-15 19:17:09 UTC
Your plan looks good. In addition to PROGRAM_SUFFIX you'll need to see if the eggs will work and won't conflict. Other than that, thanks for your work, and have fun!
Comment 6 commit-hook freebsd_committer freebsd_triage 2018-08-22 17:46:43 UTC
A commit references this bug:

Author: tobik
Date: Wed Aug 22 17:46:22 UTC 2018
New revision: 477802
URL: https://svnweb.freebsd.org/changeset/ports/477802

Log:
  New port: lang/chicken5

  CHICKEN is a compiler for the Scheme programming language. CHICKEN
  produces portable, efficient C, supports almost all of the R5RS
  Scheme language standard, and includes many enhancements and
  extensions.

  WWW: http://www.call-cc.org/

  CHICKEN 4 and 5 are not fully compatible.  Import the upcoming
  CHICKEN 5.0.0 as a new port.  Binaries and libraries are suffixed
  with a 5 to avoid conflicts with lang/chicken.

  Changes:	https://code.call-cc.org/dev-snapshots/2018/08/11/NEWS
  PR:		230535

Changes:
  head/lang/Makefile
  head/lang/chicken5/
  head/lang/chicken5/Makefile
  head/lang/chicken5/distinfo
  head/lang/chicken5/files/
  head/lang/chicken5/pkg-plist
Comment 7 Tobias Kortkamp freebsd_committer freebsd_triage 2018-08-22 17:48:10 UTC
(In reply to Vitaly Magerya from comment #5)
> you'll need to see if the eggs will work and won't conflict

Seems ok AFAICT. Thanks!
Comment 8 commit-hook freebsd_committer freebsd_triage 2018-11-08 12:52:52 UTC
A commit references this bug:

Author: tobik
Date: Thu Nov  8 12:52:23 UTC 2018
New revision: 484449
URL: https://svnweb.freebsd.org/changeset/ports/484449

Log:
  Deprecate lang/chicken

  Now that CHICKEN 5.0.0 is out, as discussed with the previous
  maintainer, users should slowly migrate to lang/chicken5.  Give a
  1-year notice.

  PR:		230535

Changes:
  head/lang/chicken/Makefile