Mailinglist Archive: opensuse-commit (2125 mails)

< Previous

Next >

Hello community,

here is the log from the commit of package m4
checked in at Sun Apr 6 06:35:21 CEST 2008.

--------
--- m4/m4.changes 2007-11-26 13:24:57.000000000 +0100
+++ m4/m4.changes 2008-04-03 10:33:41.000000000 +0200
@@ -1,0 +2,30 @@
+Thu Apr 3 10:32:47 CEST 2008 - schwab@xxxxxxx
+
+- Update to m4 1.4.11.
+ ** Security fixes for the -F option, for bugs present since -F was
+ introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and
+ avoid arbitrary code execution with certain file names.
+ ** Fix regression introduced in 1.4.9b in the `divert' builtin when more
+ than 512 kibibytes are saved in diversions on platforms like NetBSD
+ or darwin where fopen(name,"a+") seeks to the end of the file.
+ ** The output of the `maketemp' and `mkstemp' builtins is now quoted if a
+ file was created. This is a minor security fix, because it was possible
+ (although rather unlikely) that an unquoted string could match an
+ existing macro name, such that use of the `mkstemp' output would trigger
+ inadvertent macro expansion and operate on the wrong file name.
+ ** Enhance the `defn' builtin to support concatenation of multiple text
+ arguments, as required by POSIX. However, at this time, it is not
+ possible to concatenate a builtin macro with anything else; a warning is
+ now issued if this is attempted, although a future version of M4 may
+ lift this restriction to match other implementations.
+ ** Enhance the `format' builtin to parse all C99 floating point numbers,
+ even on platforms where strtod(3) is buggy, although the replacement
+ function does have the known issue of rounding errors when parsing
+ some decimal floating point values. This fixes testsuite failures
+ introduced in 1.4.9b.
+ ** Enhance the `index' builtin to guarantee linear behavior, in spite of
+ the surprisingly large number of systems with a brain-dead quadratic
+ strstr(3).
+ ** A number of portability improvements inherited from gnulib.
+
+-------------------------------------------------------------------

Old:
----
m4-1.4.10.diff
m4-1.4.10.tar.bz2

New:
----
m4-1.4.11.diff
m4-1.4.11.tar.bz2

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ m4.spec ++++++
--- /var/tmp/diff_new_pack.Y23253/_old 2008-04-06 06:21:50.000000000 +0200
+++ /var/tmp/diff_new_pack.Y23253/_new 2008-04-06 06:21:50.000000000 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package m4 (Version 1.4.10)
+# spec file for package m4 (Version 1.4.11)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -10,14 +10,15 @@

# norootforbuild

+
Name: m4
License: GPL v3 or later
Group: Development/Languages/Other
Provides: base:/usr/bin/m4
AutoReqProv: on
PreReq: %{install_info_prereq}
-Version: 1.4.10
-Release: 25
+Version: 1.4.11
+Release: 1
Summary: GNU m4
Url: http://www.gnu.org/software/m4/
Source: ftp://ftp.gnu.org/pub/gnu/m4/m4-%{version}.tar.bz2
@@ -39,11 +40,14 @@

%build
AUTOPOINT=true autoreconf -fi
-gl_cv_func_printf_directive_n=yes \
-./configure CFLAGS="$RPM_OPT_FLAGS" --without-included-regex \
- --prefix=/usr --mandir=%{_mandir} --infodir=%{_infodir}
-make
-make check
+./configure CFLAGS="$RPM_OPT_FLAGS" \
+ --prefix=/usr --mandir=%{_mandir} --infodir=%{_infodir} \
+ --without-included-regex \
+ gl_cv_func_printf_directive_n=yes
+make %{?jobs:-j %jobs}
+
+%check
+make %{?jobs:-j %jobs} check

%install
make install DESTDIR="$RPM_BUILD_ROOT"
@@ -62,9 +66,36 @@
%{_mandir}/*/*

%changelog
-* Mon Nov 26 2007 - schwab@xxxxxxx
+* Thu Apr 03 2008 schwab@xxxxxxx
+- Update to m4 1.4.11.
+ ** Security fixes for the -F option, for bugs present since -F was
+ introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and
+ avoid arbitrary code execution with certain file names.
+ ** Fix regression introduced in 1.4.9b in the `divert' builtin when more
+ than 512 kibibytes are saved in diversions on platforms like NetBSD
+ or darwin where fopen(name,"a+") seeks to the end of the file.
+ ** The output of the `maketemp' and `mkstemp' builtins is now quoted if a
+ file was created. This is a minor security fix, because it was possible
+ (although rather unlikely) that an unquoted string could match an
+ existing macro name, such that use of the `mkstemp' output would trigger
+ inadvertent macro expansion and operate on the wrong file name.
+ ** Enhance the `defn' builtin to support concatenation of multiple text
+ arguments, as required by POSIX. However, at this time, it is not
+ possible to concatenate a builtin macro with anything else; a warning is
+ now issued if this is attempted, although a future version of M4 may
+ lift this restriction to match other implementations.
+ ** Enhance the `format' builtin to parse all C99 floating point numbers,
+ even on platforms where strtod(3) is buggy, although the replacement
+ function does have the known issue of rounding errors when parsing
+ some decimal floating point values. This fixes testsuite failures
+ introduced in 1.4.9b.
+ ** Enhance the `index' builtin to guarantee linear behavior, in spite of
+ the surprisingly large number of systems with a brain-dead quadratic
+ strstr(3).
+ ** A number of portability improvements inherited from gnulib.
+* Mon Nov 26 2007 schwab@xxxxxxx
- Remove broken tests.
-* Tue Jul 10 2007 - schwab@xxxxxxx
+* Tue Jul 10 2007 schwab@xxxxxxx
- Update to m4 1.4.10.
* Upgrade from GPL version 2 to GPL version 3 or later.
* A number of portability improvements inherited from gnulib.
@@ -72,10 +103,10 @@
when handling %%c. However, this area of code has never been documented,
and currently does not match the POSIX behavior of printf(1), so it may
have further changes in the next version.
-* Fri Mar 23 2007 - schwab@xxxxxxx
+* Sat Mar 24 2007 schwab@xxxxxxx
- Update to m4 1.4.9.
* Minor documentation and portability cleanups.
-* Mon Dec 04 2006 - schwab@xxxxxxx
+* Mon Dec 04 2006 schwab@xxxxxxx
- Update to m4 1.4.8.
* The `divert' macro and `-H'/`--hashsize' command line option no longer
cause a core dump when handed extra large values. Also, `divert' now
@@ -125,7 +156,7 @@
* The `-D', `-U', `-s', and `-t' command line options now take effect
after any files encountered earlier on the command line, rather than up
front, as is done in traditional implementations and required by POSIX.
-* Mon Sep 25 2006 - schwab@xxxxxxx
+* Mon Sep 25 2006 schwab@xxxxxxx
- Update to m4 1.4.6.
* Fix regression from 1.4.5 in handling a file that ends in a macro
expansion without arguments instead of a newline.
@@ -155,7 +186,7 @@
misleading in their names and inconsistent with other GNU tools; they are
still silently accepted, but no longer documented in --help, and may be
assigned new meanings in future releases.
-* Sat Aug 26 2006 - schwab@xxxxxxx
+* Sat Aug 26 2006 schwab@xxxxxxx
- Update to m4 1.4.6.
* Fix buffer overruns in regexp and patsubst macros when handed a trailing
backslash in the replacement text, or when handling \n substitutions
@@ -192,7 +223,7 @@
second argument.
* The patsubst macro now reliably finds zero-length matches at the end
of a string.
-* Mon Jul 17 2006 - schwab@xxxxxxx
+* Mon Jul 17 2006 schwab@xxxxxxx
- Update to m4 1.4.5.
* Fix sysval on BeOS, OS/2, and other systems that store exit status
in the low-order byte. Additionally, on Unix platforms, if syscmd was
@@ -259,54 +290,54 @@
result in "12", rather than the previously undocumented "22".
* Update the regex engine to fix several bugs.
* Fix a potential crash on machines where char is signed.
-* Wed Jan 25 2006 - mls@xxxxxxx
+* Wed Jan 25 2006 mls@xxxxxxx
- converted neededforbuild to BuildRequires
-* Fri Oct 21 2005 - schwab@xxxxxxx
+* Fri Oct 21 2005 schwab@xxxxxxx
- Update to m4 1.4.4.
-* Tue May 31 2005 - schwab@xxxxxxx
+* Wed Jun 01 2005 schwab@xxxxxxx
- Fix signedness issue when matching comment or quote characters.
-* Thu Mar 31 2005 - schwab@xxxxxxx
+* Thu Mar 31 2005 schwab@xxxxxxx
- Update to m4 1.4.3.
-* Sun Sep 05 2004 - schwab@xxxxxxx
+* Sun Sep 05 2004 schwab@xxxxxxx
- Speed up parsing by inlining out the common part of next_char().
-* Sat Aug 21 2004 - schwab@xxxxxxx
+* Sat Aug 21 2004 schwab@xxxxxxx
- Update to m4 1.4.2.
-* Mon Jun 14 2004 - schwab@xxxxxxx
+* Tue Jun 15 2004 schwab@xxxxxxx
- Update to m4 1.4.1.
-* Thu Feb 19 2004 - kukuk@xxxxxxx
+* Thu Feb 19 2004 kukuk@xxxxxxx
- Cleanup neededforbuild
-* Wed Jan 07 2004 - schwab@xxxxxxx
+* Wed Jan 07 2004 schwab@xxxxxxx
- Fix quoting for autoconf.
- Use newer version of the gettext macros.
-* Tue May 13 2003 - schwab@xxxxxxx
+* Tue May 13 2003 schwab@xxxxxxx
- Add %%defattr.
- Fix file list.
-* Thu Apr 24 2003 - ro@xxxxxxx
+* Thu Apr 24 2003 ro@xxxxxxx
- fix install_info --delete call and move from preun to postun
-* Mon Apr 07 2003 - schwab@xxxxxxx
+* Mon Apr 07 2003 schwab@xxxxxxx
- Only delete info entries when removing last version.
-* Thu Feb 06 2003 - schwab@xxxxxxx
+* Thu Feb 06 2003 schwab@xxxxxxx
- Use %%install_info.
-* Mon Nov 18 2002 - schwab@xxxxxxx
+* Mon Nov 18 2002 schwab@xxxxxxx
- Remove mangling of LIBOBJS.
- Don't clobber po/Makefile.
- Clean up neededforbuild.
- Use AM_GNU_GETTEXT_VERSION.
- Fix some warnings from automake.
-* Sat Mar 30 2002 - schwab@xxxxxxx
+* Sat Mar 30 2002 schwab@xxxxxxx
- Fix for new autoconf.
-* Wed Feb 06 2002 - schwab@xxxxxxx
+* Wed Feb 06 2002 schwab@xxxxxxx
- Gettextize to work with new gettext.
-* Thu Oct 04 2001 - schwab@xxxxxxx
+* Thu Oct 04 2001 schwab@xxxxxxx
- Fix for automake 1.5.
-* Sat Jul 21 2001 - schwab@xxxxxxx
+* Sat Jul 21 2001 schwab@xxxxxxx
- Run autoconf in libltdl.
- Fix libltdl/configure.in for autoconf 2.50+.
-* Fri Jun 01 2001 - schwab@xxxxxxx
+* Fri Jun 01 2001 schwab@xxxxxxx
- Fix for new configure tools.
-* Thu Mar 22 2001 - ro@xxxxxxx
+* Thu Mar 22 2001 ro@xxxxxxx
- added split-aliases as provides
-* Thu Mar 08 2001 - schwab@xxxxxxx
+* Thu Mar 08 2001 schwab@xxxxxxx
- Don't use regex from libc5.
-* Wed Mar 07 2001 - schwab@xxxxxxx
+* Wed Mar 07 2001 schwab@xxxxxxx
- Split from base.

++++++ m4-1.4.10.diff -> m4-1.4.11.diff ++++++
--- m4/m4-1.4.10.diff 2007-11-26 13:24:40.000000000 +0100
+++ m4/m4-1.4.11.diff 2008-04-03 10:28:04.000000000 +0200
@@ -1,6 +1,6 @@
--- m4/gnulib-comp.m4
+++ m4/gnulib-comp.m4
-@@ -105,7 +105,6 @@ AC_DEFUN([M4_INIT],
+@@ -123,7 +123,6 @@ AC_DEFUN([M4_INIT],
gl_PATHMAX
gl_FUNC_PRINTF_FREXP
gl_FUNC_PRINTF_FREXPL
@@ -8,19 +8,64 @@
gl_QUOTEARG
gl_REGEX
gl_SIGNAL_H
---- tests/Makefile.am
-+++ tests/Makefile.am
-@@ -256,13 +256,6 @@ check_PROGRAMS += test-unistd
+--- tests/test-isnanl.h
++++ tests/test-isnanl.h
+@@ -55,7 +55,7 @@ main ()
+ /* Quiet NaN. */
+ ASSERT (isnanl (0.0L / 0.0L));

- ## end gnulib module unistd-tests
+-#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT
++#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0
+ /* A bit pattern that is different from a Quiet NaN. With a bit of luck,
+ it's a Signalling NaN. */
+ {
+@@ -97,6 +97,7 @@ main ()
+ { LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) };
+ ASSERT (isnanl (x.value));
+ }
++#if 0
+ /* The isnanl function should recognize Pseudo-NaNs, Pseudo-Infinities,
+ Pseudo-Zeroes, Unnormalized Numbers, and Pseudo-Denormals, as defined in
+ Intel IA-64 Architecture Software Developer's Manual, Volume 1:
+@@ -130,6 +131,7 @@ main ()
+ ASSERT (isnanl (x.value));
+ }
+ #endif
++#endif

--## begin gnulib module vasnprintf-tests
--
--TESTS += test-vasnprintf
--check_PROGRAMS += test-vasnprintf
--
--## end gnulib module vasnprintf-tests
--
- ## begin gnulib module vasprintf-posix-tests
-
- TESTS += test-vasprintf-posix
+ return 0;
+ }
+--- tests/test-strtod.c
++++ tests/test-strtod.c
+@@ -663,9 +663,9 @@ main ()
+ /* Sign bits of NaN is a portability sticking point, not worth
+ worrying about. */
+ ASSERT (!!signbit (result1) != !!signbit (result2)); /* glibc-2.3.6, IRIX
6.5, OSF/1 5.1, mingw */
+-# endif
+ ASSERT (ptr1 == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD
6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */
+ ASSERT (ptr2 == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD
6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */
++# endif
+ ASSERT (errno == 0);
+ #else
+ ASSERT (result1 == 0.0);
+@@ -685,7 +685,9 @@ main ()
+ result = strtod (input, &ptr);
+ #if 1 /* All known CPUs support NaNs. */
+ ASSERT (isnan (result)); /* OpenBSD 4.0, HP-UX 11.11, IRIX
6.5, OSF/1 5.1, mingw */
++#if 0
+ ASSERT (ptr == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD
6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */
++#endif
+ ASSERT (errno == 0);
+ #else
+ ASSERT (result == 0.0);
+@@ -713,9 +715,9 @@ main ()
+ /* Sign bits of NaN is a portability sticking point, not worth
+ worrying about. */
+ ASSERT (!!signbit (result1) != !!signbit (result2)); /* glibc-2.3.6, IRIX
6.5, OSF/1 5.1, mingw */
+-# endif
+ ASSERT (ptr1 == input + 7); /* glibc-2.3.6, OpenBSD 4.0, AIX 5.1,
HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */
+ ASSERT (ptr2 == input + 7); /* glibc-2.3.6, OpenBSD 4.0, AIX 5.1,
HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */
++# endif
+ ASSERT (errno == 0);
+ #else
+ ASSERT (result1 == 0.0);

++++++ m4-1.4.10.tar.bz2 -> m4-1.4.11.tar.bz2 ++++++
++++ 94119 lines of diff (skipped)

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Remember to have fun...

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-commit+help@xxxxxxxxxxxx

< Previous

Next >

Mailinglist Archive: opensuse-commit (2125 mails)

commit m4

Search this list

List Navigation

This Thread