2012年7月10日

[installer 3279] automake-1.11.6, 1.12.2

automake-1.11.6, 1.12.2 出ています。

セキュリティホールの修正が含まれています。

☆ automake-1.11.6
http://www.gnu.org/software/automake/
http://ftp.gnu.org/gnu/automake/automake-1.11.6.tar.gz
ftp://ftp.gnu.org/gnu/automake/automake-1.11.6.tar.gz


Bugs fixed in 1.11.6:

* SECURITY VULNERABILITY! (Long-standing).

- The 'distcheck' recipe no longer grants temporary world-wide write
permissions on the extracted distdir. Even if such rights were
only granted for a vanishingly small time window, the implied race
condition proved to be enough to allow a local attacker to run
arbitrary code with the privileges of the user that was running
"make distcheck". This is CVE-2012-3386.


☆ automake-1.12.2
http://www.gnu.org/software/automake/
http://ftp.gnu.org/gnu/automake/automake-1.12.2.tar.gz
ftp://ftp.gnu.org/gnu/automake/automake-1.12.2.tar.gz

New in 1.12.2:

* WARNING: Future backward-incompatibilities!

- Future versions of Automake will likely drop support for the
long-deprecated 'configure.in' name for the Autoconf input file.
You are advised to use the recommended name 'configure.ac' instead.

- The long-obsolete (since automake 1.10) AM_PROG_MKDIR m4 macro will
be removed in Automake 1.13. The $(mkdir_p) make variable and the
@mkdir_p@ substitution will still remain available (as aliases of
$(MKDIR_P)) for the moment, for better backward compatibility.

- Autoconf 2.65 or later will be required by the next major Automake
version (1.13). Until now, Automake has required Autoconf version
2.62 or later.

- Starting from the next major Automake version (1.13), the rules
to build pdf, ps and dvi output from Texinfo input will use the
'--build-dir' option by default. Since such an option was only
introduced in Texinfo 4.9, this means that Makefiles generated by
future Automake versions will require at least that version of
Texinfo.

- Starting from the next major Automake version (1.13), the parallel
testsuite harness (previously only enabled by the 'parallel-tests'
option) will become the default one; the older serial testsuite
harness will still be available through the use of the 'serial-tests'
option.

- The following long-obsolete m4 macros will be removed in the
next major Automake version (1.13):

AM_PROG_CC_STDC: superseded by AC_PROG_CC since October 2002
fp_PROG_CC_STDC: broken alias for AM_PROG_CC_STDC
fp_WITH_DMALLOC: old alias for AM_WITH_DMALLOC
AM_CONFIG_HEADER: superseded by AC_CONFIG_HEADERS since July 2002
ud_PATH_LISPDIR: old alias for AM_PATH_LISPDIR
jm_MAINTAINER_MODE: old alias for AM_MAINTAINER_MODE
ud_GNU_GETTEXT: old alias for AM_GNU_GETTEXT
gm_PROG_LIBTOOL: old alias for AC_PROG_LIBTOOL
fp_C_PROTOTYPES: old alias for AM_C_PROTOTYPES (which was part
of the now-removed automatic de-ANSI-fication
support of Automake)

- All the "old alias" macros in 'm4/obsolete.m4' will be removed in
the next major Automake version (1.13).

- Support for the two- and three-arguments invocation forms of the
AM_INIT_AUTOMAKE macro is deprecated, and will be removed in the
next major Automake version (1.13).

- The '--acdir' option of aclocal is deprecated, and will probably
be removed in the next major Automake release (1.13). You should
use the options '--automake-acdir' and '--system-acdir' instead
(which have been introduced in Automake 1.11.2).

- The exact order in which the directories in the aclocal macro
search path are looked up is probably going to be changed in the
next Automake release (1.13).

- The 'missing' script will not try anymore to update the timestamp
of out-of-date files that require a maintainer-specific tool to be
remade, in case the user lacks such a tool (or has a too-old version
of it). In fact, starting from Automake 1.13, all it'll do will be
giving more useful warnings than a bare "command not found" from a
make recipe would.

* Warnings and deprecations:

- Automake now issues a warning (in the 'portability' category) if
'configure.in' is used instead of 'configure.ac' as the Autoconf
input file. Such a warning will also be present in the next
Autoconf version (2.70).

* Cleaning rules:

- Recursive cleaning rules descends into the $(SUBDIRS) in the natural
order (as done by the other recursive rules), rather than in the
inverse order. They used to do that in order to work a round a
limitation in an older implementation of the automatic dependency
tracking support, but that limitation had been lifted years ago
already, when the automatic dependency tracking based on side-effects
of compilation had been introduced.

- Cleaning rules for compiled objects (both "plain" and libtool) work
better when subdir objects are involved, not triggering a distinct
'rm' invocation for each such object. They do so by removing *any*
compiled object file that is in the same directory of a subdir
object. See automake bug#10697.

* Silent rules support:

- A new predefined $(AM_V_P) make variable is provided; it expands
to a shell conditional that can be used in recipes to know whether
make is being run in silent or verbose mode.

Bugs fixed in 1.12.2:

* SECURITY VULNERABILITIES!

- The recipe of the 'distcheck' no longer grants anymore temporary
world-wide write permissions on the extracted distdir. Even if such
rights were only granted for a vanishingly small time window, the
implied race condition proved to be enough to allow a local attacker
to run arbitrary code with the privileges of the user running "make
distcheck". This is CVE-2012-3386.

* Long-standing bugs:

- The "recheck" targets behaves better in the face of build failures
related to previously failed tests. For example, if a test is a
compiled program that must be rerun by "make recheck", and its
compilation fails, it will still be rerun by further "make recheck"
invocations. See automake bug#11791.

* Bugs introduced by 1.12.1:

- Automake provides once again the '$(mkdir_p)' make variable and the
'@mkdir_p@' substitution (both as simple aliases for '$(MKDIR_P)'),
for better backward-compatibility.

----
こがよういちろう


投稿者 xml-rpc : 2012年7月10日 10:52
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/111225
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。