Updated: automake1.11-1.11.6-1

Charles Wilson cygwin@cwilson.fastmail.fm
Sat Sep 1 18:14:00 GMT 2012

Automake is a tool for automatically generating `Makefile.in's
suitable for use with Autoconf, compliant with the GNU Makefile
standards, and portable to various make implementations. This is
the first release in the automake-1.11 release series, and contains
the latest version of automake system, automake-1.11.

This is a security update to the latest upstream version.

This cygwin package, automake1.11, can be installed without conflict
alongside the existing automake1.10, automake1.9, automake1.8,
automake1.7, automake1.6, automake1.5, and automake1.4 cygwin packages.

Changes (automake1.11-1.11.3-1 to automake1.11-1.11.6-1)
* Update to latest upstream release in the automake-1.11.x series.
* Fixes security issue
  + CVE-2012-3386: make distcheck vs. o+w permissions
* Use new cygport(1) capabilities to automatically generate the setup.hint

CHANGES (excerpts from upstream announcement):
1.11.6: This message announces the Automake 1.11.6 bug-fixing
1.11.6: release.
1.11.6: This release FIXES A SECURITY VULNERABILITY (CVE-2012-3386),
1.11.6: so you are strongly encouraged to upgrade your existing
1.11.6: Automake installation ASAP.
1.11.6: With this release, the recipe of the 'distcheck' target no
1.11.6: longer grants temporary world-wide write permissions on the
1.11.6: extracted distdir.  Even if such rights were only granted for
1.11.6: a vanishingly small time window, the implied race condition
1.11.6: proved to be enough to allow a local attacker to run arbitrary
1.11.6: code with the privilegesof the user running "make distcheck".
1.11.6: The fix of this security vulnerability is the only change
1.11.6: between the earlier 1.11.5 release and the present 1.11.6 one.
1.11.6: See the original release announcement for details.
1.11.6: http://lists.gnu.org/archive/html/automake/2012-07/msg00021.html

1.11.5: We are pleased to announce the Automake 1.11.5 maintenance
1.11.5: release.
1.11.5: This is a bugfix release, fixing a couple of serious regressions
1.11.5: in Vala support (regressions introduced in automake 1.11.4):
1.11.5:   - Vala files with '.vapi' extension are now recognized and
1.11.5:     handled correctly again.  See automake bug#11222.
1.11.5:   - Vala support work again for projects that contain some
1.11.5:     program built from '.vala' (and possibly '.c') sources and
1.11.5:     some other program built from '.c' sources *only*.  See
1.11.5:     automake bug#11229.
1.11.5: Thanks to Marc-Antoine Perennou for pointing out these bugs and
1.11.5: providing a fix for them.
1.11.5: See the original release announcement for details.
1.11.5: http://lists.gnu.org/archive/html/automake/2012-04/msg00036.html

1.11.4: We are pleased to announce the Automake 1.11.4 maintenance
1.11.4: release.
1.11.4: This is mostly a bugfix release, fixing few recent and long-
1.11.4: standing bugs.
1.11.4: It also contains minor enhancements to the 'ar-lib' and
1.11.4: 'compile' script (thanks to Peter Rosin), and adds support for
1.11.4: automatic dependency tracking with the IBM XL C/C++ compiler
1.11.4: (thanks to Michael Hofmann) and the Tiny C Compiler (thanks to
1.11.4: prodding by Vincent Lefevre, see automake bug#11007).
1.11.4: The most important change is surely the fact that the install
1.11.4: rules do not create an empty '$(foodir)' directory anymore when
1.11.4: an empty "foo_PRIMARY" is declared (conditionally or
1.11.4: unconditionally) in Makefile.am.  See automake bugs #11030 and
1.11.4: #10997:
1.11.4:   <http://debbugs.gnu.org/10997>
1.11.4:   <http://debbugs.gnu.org/11030>
1.11.4: See the original release announcement for details.
1.11.4: http://lists.gnu.org/archive/html/automake/2012-04/msg00005.html

Testsuite results:
1 of 910 tests failed
(41 tests were not run)

Testsuite Details:
FAIL: cond32.test
+ This was a fork/rebase error. Rerunning the test passed.

Charles Wilson
volunteer automake maintainer for cygwin


