diff --git a/m4-1.4.10.diff b/m4-1.4.10.diff deleted file mode 100644 index 231530c..0000000 --- a/m4-1.4.10.diff +++ /dev/null @@ -1,26 +0,0 @@ ---- m4/gnulib-comp.m4 -+++ m4/gnulib-comp.m4 -@@ -105,7 +105,6 @@ AC_DEFUN([M4_INIT], - gl_PATHMAX - gl_FUNC_PRINTF_FREXP - gl_FUNC_PRINTF_FREXPL -- m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes]) - gl_QUOTEARG - gl_REGEX - gl_SIGNAL_H ---- tests/Makefile.am -+++ tests/Makefile.am -@@ -256,13 +256,6 @@ check_PROGRAMS += test-unistd - - ## end gnulib module unistd-tests - --## begin gnulib module vasnprintf-tests -- --TESTS += test-vasnprintf --check_PROGRAMS += test-vasnprintf -- --## end gnulib module vasnprintf-tests -- - ## begin gnulib module vasprintf-posix-tests - - TESTS += test-vasprintf-posix diff --git a/m4-1.4.10.tar.bz2 b/m4-1.4.10.tar.bz2 deleted file mode 100644 index b45bec7..0000000 --- a/m4-1.4.10.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b2b66e645cd566a95d9714848a5d084427f3130ace5c5a0c6cb5544f11b7cbd7 -size 739154 diff --git a/m4-1.4.11.diff b/m4-1.4.11.diff new file mode 100644 index 0000000..7a6bbf9 --- /dev/null +++ b/m4-1.4.11.diff @@ -0,0 +1,71 @@ +--- m4/gnulib-comp.m4 ++++ m4/gnulib-comp.m4 +@@ -123,7 +123,6 @@ AC_DEFUN([M4_INIT], + gl_PATHMAX + gl_FUNC_PRINTF_FREXP + gl_FUNC_PRINTF_FREXPL +- m4_divert_text([INIT_PREPARE], [gl_printf_safe=yes]) + gl_QUOTEARG + gl_REGEX + gl_SIGNAL_H +--- tests/test-isnanl.h ++++ tests/test-isnanl.h +@@ -55,7 +55,7 @@ main () + /* Quiet NaN. */ + ASSERT (isnanl (0.0L / 0.0L)); + +-#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT ++#if defined LDBL_EXPBIT0_WORD && defined LDBL_EXPBIT0_BIT && 0 + /* A bit pattern that is different from a Quiet NaN. With a bit of luck, + it's a Signalling NaN. */ + { +@@ -97,6 +97,7 @@ main () + { LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) }; + ASSERT (isnanl (x.value)); + } ++#if 0 + /* The isnanl function should recognize Pseudo-NaNs, Pseudo-Infinities, + Pseudo-Zeroes, Unnormalized Numbers, and Pseudo-Denormals, as defined in + Intel IA-64 Architecture Software Developer's Manual, Volume 1: +@@ -130,6 +131,7 @@ main () + ASSERT (isnanl (x.value)); + } + #endif ++#endif + + return 0; + } +--- tests/test-strtod.c ++++ tests/test-strtod.c +@@ -663,9 +663,9 @@ main () + /* Sign bits of NaN is a portability sticking point, not worth + worrying about. */ + ASSERT (!!signbit (result1) != !!signbit (result2)); /* glibc-2.3.6, IRIX 6.5, OSF/1 5.1, mingw */ +-# endif + ASSERT (ptr1 == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD 6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ + ASSERT (ptr2 == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD 6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ ++# endif + ASSERT (errno == 0); + #else + ASSERT (result1 == 0.0); +@@ -685,7 +685,9 @@ main () + result = strtod (input, &ptr); + #if 1 /* All known CPUs support NaNs. */ + ASSERT (isnan (result)); /* OpenBSD 4.0, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ ++#if 0 + ASSERT (ptr == input + 6); /* glibc-2.3.6, MacOS X 10.3, FreeBSD 6.2, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ ++#endif + ASSERT (errno == 0); + #else + ASSERT (result == 0.0); +@@ -713,9 +715,9 @@ main () + /* Sign bits of NaN is a portability sticking point, not worth + worrying about. */ + ASSERT (!!signbit (result1) != !!signbit (result2)); /* glibc-2.3.6, IRIX 6.5, OSF/1 5.1, mingw */ +-# endif + ASSERT (ptr1 == input + 7); /* glibc-2.3.6, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ + ASSERT (ptr2 == input + 7); /* glibc-2.3.6, OpenBSD 4.0, AIX 5.1, HP-UX 11.11, IRIX 6.5, OSF/1 5.1, mingw */ ++# endif + ASSERT (errno == 0); + #else + ASSERT (result1 == 0.0); diff --git a/m4-1.4.11.tar.bz2 b/m4-1.4.11.tar.bz2 new file mode 100644 index 0000000..0c41ae2 --- /dev/null +++ b/m4-1.4.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0b7c686525b3f4236670f9329387d2a59e807b6a83d2b5cb9bbeb7d6ab9f8aad +size 928910 diff --git a/m4.changes b/m4.changes index 112c96f..47e0c54 100644 --- a/m4.changes +++ b/m4.changes @@ -1,3 +1,33 @@ +------------------------------------------------------------------- +Thu Apr 3 10:32:47 CEST 2008 - schwab@suse.de + +- Update to m4 1.4.11. + ** Security fixes for the -F option, for bugs present since -F was + introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and + avoid arbitrary code execution with certain file names. + ** Fix regression introduced in 1.4.9b in the `divert' builtin when more + than 512 kibibytes are saved in diversions on platforms like NetBSD + or darwin where fopen(name,"a+") seeks to the end of the file. + ** The output of the `maketemp' and `mkstemp' builtins is now quoted if a + file was created. This is a minor security fix, because it was possible + (although rather unlikely) that an unquoted string could match an + existing macro name, such that use of the `mkstemp' output would trigger + inadvertent macro expansion and operate on the wrong file name. + ** Enhance the `defn' builtin to support concatenation of multiple text + arguments, as required by POSIX. However, at this time, it is not + possible to concatenate a builtin macro with anything else; a warning is + now issued if this is attempted, although a future version of M4 may + lift this restriction to match other implementations. + ** Enhance the `format' builtin to parse all C99 floating point numbers, + even on platforms where strtod(3) is buggy, although the replacement + function does have the known issue of rounding errors when parsing + some decimal floating point values. This fixes testsuite failures + introduced in 1.4.9b. + ** Enhance the `index' builtin to guarantee linear behavior, in spite of + the surprisingly large number of systems with a brain-dead quadratic + strstr(3). + ** A number of portability improvements inherited from gnulib. + ------------------------------------------------------------------- Mon Nov 26 13:24:51 CET 2007 - schwab@suse.de diff --git a/m4.spec b/m4.spec index c92e27b..4617c76 100644 --- a/m4.spec +++ b/m4.spec @@ -1,7 +1,7 @@ # -# spec file for package m4 (Version 1.4.10) +# spec file for package m4 (Version 1.4.11) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -10,14 +10,15 @@ # norootforbuild + Name: m4 License: GPL v3 or later Group: Development/Languages/Other Provides: base:/usr/bin/m4 AutoReqProv: on PreReq: %{install_info_prereq} -Version: 1.4.10 -Release: 25 +Version: 1.4.11 +Release: 1 Summary: GNU m4 Url: http://www.gnu.org/software/m4/ Source: ftp://ftp.gnu.org/pub/gnu/m4/m4-%{version}.tar.bz2 @@ -39,11 +40,14 @@ Authors: %build AUTOPOINT=true autoreconf -fi -gl_cv_func_printf_directive_n=yes \ -./configure CFLAGS="$RPM_OPT_FLAGS" --without-included-regex \ - --prefix=/usr --mandir=%{_mandir} --infodir=%{_infodir} -make -make check +./configure CFLAGS="$RPM_OPT_FLAGS" \ + --prefix=/usr --mandir=%{_mandir} --infodir=%{_infodir} \ + --without-included-regex \ + gl_cv_func_printf_directive_n=yes +make %{?jobs:-j %jobs} + +%check +make %{?jobs:-j %jobs} check %install make install DESTDIR="$RPM_BUILD_ROOT" @@ -62,9 +66,36 @@ make install DESTDIR="$RPM_BUILD_ROOT" %{_mandir}/*/* %changelog -* Mon Nov 26 2007 - schwab@suse.de +* Thu Apr 03 2008 schwab@suse.de +- Update to m4 1.4.11. + ** Security fixes for the -F option, for bugs present since -F was + introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and + avoid arbitrary code execution with certain file names. + ** Fix regression introduced in 1.4.9b in the `divert' builtin when more + than 512 kibibytes are saved in diversions on platforms like NetBSD + or darwin where fopen(name,"a+") seeks to the end of the file. + ** The output of the `maketemp' and `mkstemp' builtins is now quoted if a + file was created. This is a minor security fix, because it was possible + (although rather unlikely) that an unquoted string could match an + existing macro name, such that use of the `mkstemp' output would trigger + inadvertent macro expansion and operate on the wrong file name. + ** Enhance the `defn' builtin to support concatenation of multiple text + arguments, as required by POSIX. However, at this time, it is not + possible to concatenate a builtin macro with anything else; a warning is + now issued if this is attempted, although a future version of M4 may + lift this restriction to match other implementations. + ** Enhance the `format' builtin to parse all C99 floating point numbers, + even on platforms where strtod(3) is buggy, although the replacement + function does have the known issue of rounding errors when parsing + some decimal floating point values. This fixes testsuite failures + introduced in 1.4.9b. + ** Enhance the `index' builtin to guarantee linear behavior, in spite of + the surprisingly large number of systems with a brain-dead quadratic + strstr(3). + ** A number of portability improvements inherited from gnulib. +* Mon Nov 26 2007 schwab@suse.de - Remove broken tests. -* Tue Jul 10 2007 - schwab@suse.de +* Tue Jul 10 2007 schwab@suse.de - Update to m4 1.4.10. * Upgrade from GPL version 2 to GPL version 3 or later. * A number of portability improvements inherited from gnulib. @@ -72,10 +103,10 @@ make install DESTDIR="$RPM_BUILD_ROOT" when handling %%c. However, this area of code has never been documented, and currently does not match the POSIX behavior of printf(1), so it may have further changes in the next version. -* Fri Mar 23 2007 - schwab@suse.de +* Sat Mar 24 2007 schwab@suse.de - Update to m4 1.4.9. * Minor documentation and portability cleanups. -* Mon Dec 04 2006 - schwab@suse.de +* Mon Dec 04 2006 schwab@suse.de - Update to m4 1.4.8. * The `divert' macro and `-H'/`--hashsize' command line option no longer cause a core dump when handed extra large values. Also, `divert' now @@ -125,7 +156,7 @@ make install DESTDIR="$RPM_BUILD_ROOT" * The `-D', `-U', `-s', and `-t' command line options now take effect after any files encountered earlier on the command line, rather than up front, as is done in traditional implementations and required by POSIX. -* Mon Sep 25 2006 - schwab@suse.de +* Mon Sep 25 2006 schwab@suse.de - Update to m4 1.4.6. * Fix regression from 1.4.5 in handling a file that ends in a macro expansion without arguments instead of a newline. @@ -155,7 +186,7 @@ make install DESTDIR="$RPM_BUILD_ROOT" misleading in their names and inconsistent with other GNU tools; they are still silently accepted, but no longer documented in --help, and may be assigned new meanings in future releases. -* Sat Aug 26 2006 - schwab@suse.de +* Sat Aug 26 2006 schwab@suse.de - Update to m4 1.4.6. * Fix buffer overruns in regexp and patsubst macros when handed a trailing backslash in the replacement text, or when handling \n substitutions @@ -192,7 +223,7 @@ make install DESTDIR="$RPM_BUILD_ROOT" second argument. * The patsubst macro now reliably finds zero-length matches at the end of a string. -* Mon Jul 17 2006 - schwab@suse.de +* Mon Jul 17 2006 schwab@suse.de - Update to m4 1.4.5. * Fix sysval on BeOS, OS/2, and other systems that store exit status in the low-order byte. Additionally, on Unix platforms, if syscmd was @@ -259,54 +290,54 @@ make install DESTDIR="$RPM_BUILD_ROOT" result in "12", rather than the previously undocumented "22". * Update the regex engine to fix several bugs. * Fix a potential crash on machines where char is signed. -* Wed Jan 25 2006 - mls@suse.de +* Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires -* Fri Oct 21 2005 - schwab@suse.de +* Fri Oct 21 2005 schwab@suse.de - Update to m4 1.4.4. -* Tue May 31 2005 - schwab@suse.de +* Wed Jun 01 2005 schwab@suse.de - Fix signedness issue when matching comment or quote characters. -* Thu Mar 31 2005 - schwab@suse.de +* Thu Mar 31 2005 schwab@suse.de - Update to m4 1.4.3. -* Sun Sep 05 2004 - schwab@suse.de +* Sun Sep 05 2004 schwab@suse.de - Speed up parsing by inlining out the common part of next_char(). -* Sat Aug 21 2004 - schwab@suse.de +* Sat Aug 21 2004 schwab@suse.de - Update to m4 1.4.2. -* Mon Jun 14 2004 - schwab@suse.de +* Tue Jun 15 2004 schwab@suse.de - Update to m4 1.4.1. -* Thu Feb 19 2004 - kukuk@suse.de +* Thu Feb 19 2004 kukuk@suse.de - Cleanup neededforbuild -* Wed Jan 07 2004 - schwab@suse.de +* Wed Jan 07 2004 schwab@suse.de - Fix quoting for autoconf. - Use newer version of the gettext macros. -* Tue May 13 2003 - schwab@suse.de +* Tue May 13 2003 schwab@suse.de - Add %%defattr. - Fix file list. -* Thu Apr 24 2003 - ro@suse.de +* Thu Apr 24 2003 ro@suse.de - fix install_info --delete call and move from preun to postun -* Mon Apr 07 2003 - schwab@suse.de +* Mon Apr 07 2003 schwab@suse.de - Only delete info entries when removing last version. -* Thu Feb 06 2003 - schwab@suse.de +* Thu Feb 06 2003 schwab@suse.de - Use %%install_info. -* Mon Nov 18 2002 - schwab@suse.de +* Mon Nov 18 2002 schwab@suse.de - Remove mangling of LIBOBJS. - Don't clobber po/Makefile. - Clean up neededforbuild. - Use AM_GNU_GETTEXT_VERSION. - Fix some warnings from automake. -* Sat Mar 30 2002 - schwab@suse.de +* Sat Mar 30 2002 schwab@suse.de - Fix for new autoconf. -* Wed Feb 06 2002 - schwab@suse.de +* Wed Feb 06 2002 schwab@suse.de - Gettextize to work with new gettext. -* Thu Oct 04 2001 - schwab@suse.de +* Thu Oct 04 2001 schwab@suse.de - Fix for automake 1.5. -* Sat Jul 21 2001 - schwab@suse.de +* Sat Jul 21 2001 schwab@suse.de - Run autoconf in libltdl. - Fix libltdl/configure.in for autoconf 2.50+. -* Fri Jun 01 2001 - schwab@suse.de +* Fri Jun 01 2001 schwab@suse.de - Fix for new configure tools. -* Thu Mar 22 2001 - ro@suse.de +* Thu Mar 22 2001 ro@suse.de - added split-aliases as provides -* Thu Mar 08 2001 - schwab@suse.de +* Thu Mar 08 2001 schwab@suse.de - Don't use regex from libc5. -* Wed Mar 07 2001 - schwab@suse.de +* Wed Mar 07 2001 schwab@suse.de - Split from base.