-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The GNU M4 Team is pleased to announce the release of GNU M4 1.4.8. GNU `m4' is an implementation of the traditional Unix macro processor. It is mostly SVR4 compatible, although it has some extensions (for example, handling more than 9 positional parameters to macros). `m4' also has built-in functions for including files, running shell commands, doing arithmetic, etc. Autoconf needs GNU `m4' for generating `configure' scripts, but not for running them. This release fixes a memory allocation overflow bug that could potentially be exploited for arbitrary code execution on 32-bit platforms. It has several command line improvements, and adds a new macro `mkstemp'. It also improves error reporting of multi-line macro invocations to track the line where the macro name appears. The changes in this version trigger spurious testsuite failures in the Autoconf 2.60 testsuite; if you use GNU Autoconf, it is suggested that you upgrade to Autoconf 2.61 after upgrading to M4 1.4.8. New in 1.4.8: 20 Nov 2006 * The `divert' macro and `-H'/`--hashsize' command line option no longer cause a core dump when handed extra large values. Also, `divert' now uses memory proportional to the number of diversions in use, rather than to the maximum diversion number encountered, so that large diversion numbers are less likely to exhaust system memory; and is no longer limited by the maximum number of file descriptors. * The `--help' and `--version' command line options now consistently override all earlier options. For example, `m4 --debugfile=trace --help' now no longer accidentally creates an empty file `trace'. * The `-L'/`--nesting-limit' command line option can now be set to 0 to remove the default limit of 1024. However, it is still possible that heavily nested input can cause abrupt program termination due to stack overflow. * Problems encountered when writing to standard error, such as with the `errprint' macro, now always cause a non-zero exit status. * Warnings and errors issued during macro expansion are now consistently reported at the line where the macro name was detected, rather than where the close parenthesis resides. Text wrapped by `m4wrap' now remembers the location that was in effect when m4wrap was invoked, rather than changing to line 0 and the empty string for a file. The macros `__line__' and `__file__' now work correctly even as the last token in an included file. * The `builtin' and `indir' macros now transparently handle builtin tokens generated by `defn'. * When diversions created by the `divert' macro collect enough text that M4 must use temporary files, the environment variable $TMPDIR is now consulted, and a better effort is made to clean up those files in the event of a fatal signal. * The `mkstemp' builtin is added with the same GNU semantics as `maketemp', based on the recommendation of POSIX to deprecate the POSIX semantics of `maketemp' as inherently insecure. In GNU mode (no -G supplied on the command line), `maketemp' silently retains the secure GNU semantics, but a future release of M4 will change this to emit a warning. In traditional mode (m4 -G), `maketemp' now uses the POSIX-mandated insecure semantics, and issues a warning that you should convert your script to use `mkstemp' instead. Additionally, `mkstemp' and `maketemp' are now well-defined even if the template argument does not end in six `X' characters. * The manual has been improved, including a new section on a composite macro `foreach'. * The `changecom' and `changequote' macros now treat an empty second argument the same as if it were missing, rather than using the empty string and making it impossible to end a comment or quote. * The `translit' macro now operates in linear instead of quadratic time, and is now eight-bit clean. * The `-D', `-U', `-s', and `-t' command line options now take effect after any files encountered earlier on the command line, rather than up front, as is done in traditional implementations and required by POSIX. m4-1.4.8 is available now from ftp.gnu.org, along with diffs and xdeltas against m4-1.4.7 that are also available from ftp.gnu.org. Please use a mirror to reduce stress on the main gnu machine: http://www.gnu.org/order/ftp.html Here are the compressed sources: ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.gz [708 kB] ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.bz2 [567 kB] Here are the xdeltas and diffs against m4-1.4.7: ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.diff.gz [247 kB] ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.xdelta [151 kB] Here are the gpg detached signatures: ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.gz.sig ftp://ftp.gnu.org/gnu/m4/m4-1.4.8.tar.bz2.sig ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.diff.gz.sig ftp://ftp.gnu.org/gnu/m4/m4-1.4.7-1.4.8.xdelta.sig You should download the signature named after any tarball you download, and then verify its integrity with, for example: gpg --verify m4-1.4.8.tar.gz.sig If that command fails because you don't have the required public key, then run this command to import it: gpg --keyserver wwwkeys.pgp.net --recv-keys F4850180 Here are the MD5 and SHA1 checksums: 66542b27c0ffa7513b52aed0ce5d784c m4-1.4.8.tar.gz 6bbf917e5d8fab20b38d43868c3944d3 m4-1.4.8.tar.bz2 89481e5d534cffa053e3b6269a841a63 m4-1.4.7-1.4.8.diff.gz a2ea9d7bcab8edffb61ba9ca0a061ae1 m4-1.4.7-1.4.8.xdelta 32b5bb526de9315d1a319c2ca8eb881d9b835506 m4-1.4.8.tar.gz 31589415022c2842f62f3b91186bc9e0a9a8e1a1 m4-1.4.8.tar.bz2 7bf252456cb2c645c03de9036e24106bc4363d73 m4-1.4.7-1.4.8.diff.gz cca8208b1e875737c8bdc9bb0fedb50cdcd4c80a m4-1.4.7-1.4.8.xdelta This release was bootstrapped with Autoconf 2.61, Automake 1.10, and CVS Gnulib from Nov 20, 2006. Alternatively, you can fetch the unbootstrapped sourcecode from anonymous cvs by using the following commands: $ export CVS_RSH=ssh $ cvs -z3 -d :pserver:anonymous@xxxxxxxxxxxxxx:/sources/m4 \ co -r m4-1_4_8 m4 You will then need to have recent release versions of Automake (at least 1.9.x) and Autoconf (at least 2.60) installed to bootstrap the checked out sources yourself. Please report bugs to <bug-m4@xxxxxxx>, along with the output of 'make check' and any other information that might be useful in resolving the issue. - -- Eric Blake -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFYoWs84KuGfSFAYARAu+hAKCo1srTMhUvGVIlsV6HDgVnD6JP9gCcCC/Z za5JbxqESEULLFEHBj7E9Ew= =fHq6 -----END PGP SIGNATURE----- _______________________________________________ Autoconf mailing list Autoconf@xxxxxxx http://lists.gnu.org/mailman/listinfo/autoconf
