Path to this page:
Subject: CVS commit: [pkgsrc-2008Q1] pkgsrc/devel/m4
From: S.P.Zeidler
Date: 2008-04-13 13:45:17
Message id: 20080413114517.36312175D0@cvs.netbsd.org
Log Message:
Pullup ticket 2331 - requested by wiz
security update for m4
Revisions pulled up:
- pkgsrc/devel/m4/Makefile 1.53
- pkgsrc/devel/m4/PLIST 1.10
- pkgsrc/devel/m4/distinfo 1.21
- pkgsrc/devel/m4/patches/patch-aa removed
- pkgsrc/devel/m4/patches/patch-ab removed
- pkgsrc/devel/m4/patches/patch-ac removed
Module Name: pkgsrc
Committed By: wiz
Date: Fri Apr 11 06:08:43 UTC 2008
Modified Files:
pkgsrc/devel/m4: Makefile PLIST distinfo
Removed Files:
pkgsrc/devel/m4/patches: patch-aa patch-ab patch-ac
Log Message:
Update to 1.4.11:
* Noteworthy changes in Version 1.4.11 (2008-04-02) [stable]
Released by Eric Blake, based on git version 1.4.10a
** Security fixes for the -F option, for bugs present since -F was
introduced in 1.3: Avoid core dump with 'm4 -F file -t undefined', and
avoid arbitrary code execution with certain file names.
** Fix regression introduced in 1.4.9b in the `divert' builtin when more
than 512 kibibytes are saved in diversions on platforms like NetBSD
or darwin where fopen(name,"a+") seeks to the end of the file.
** The output of the `maketemp' and `mkstemp' builtins is now quoted if a
file was created. This is a minor security fix, because it was possible
(although rather unlikely) that an unquoted string could match an
existing macro name, such that use of the `mkstemp' output would trigger
inadvertent macro expansion and operate on the wrong file name.
** Enhance the `defn' builtin to support concatenation of multiple text
arguments, as required by POSIX. However, at this time, it is not
possible to concatenate a builtin macro with anything else; a warning is
now issued if this is attempted, although a future version of M4 may
lift this restriction to match other implementations.
** Enhance the `format' builtin to parse all C99 floating point numbers,
even on platforms where strtod(3) is buggy, although the replacement
function does have the known issue of rounding errors when parsing
some decimal floating point values. This fixes testsuite failures
introduced in 1.4.9b.
** Enhance the `index' builtin to guarantee linear behavior, in spite of
the surprisingly large number of systems with a brain-dead quadratic
strstr(3).
** A number of portability improvements inherited from gnulib.
Files: