We are pleased to announce the Automake 1.12.2 maintenance release. This release FIXES A SECURITY VULNERABILITY (CVE-2012-3386; see the NEWS excerpt below for details), so you are strongly encouraged to upgrade your existing Automake installation ASAP.
See below for the detailed list of changes since Automake 1.12.1, as summarized by the NEWS file. Download here: ftp://ftp.gnu.org/gnu/automake/automake-1.12.2.tar.gz ftp://ftp.gnu.org/gnu/automake/automake-1.12.2.tar.xz Please report bugs and problems to <bug-autom...@gnu.org>, and send general comments and feedback to <autom...@gnu.org>. Thanks to everyone who has reported problems, contributed patches, and helped testing Automake! -*-*-*- New in 1.12.2: * Warnings and deprecations: - Automake now issues a warning (in the 'portability' category) if 'configure.in' is used instead of 'configure.ac' as the Autoconf input file. Such a warning will also be present in the next Autoconf version (2.70). * Cleaning rules: - Recursive cleaning rules descends into the $(SUBDIRS) in the natural order (as done by the other recursive rules), rather than in the inverse order. They used to do that in order to work a round a limitation in an older implementation of the automatic dependency tracking support, but that limitation had been lifted years ago already, when the automatic dependency tracking based on side-effects of compilation had been introduced. - Cleaning rules for compiled objects (both "plain" and libtool) work better when subdir objects are involved, not triggering a distinct 'rm' invocation for each such object. They do so by removing *any* compiled object file that is in the same directory of a subdir object. See automake bug#10697. * Silent rules support: - A new predefined $(AM_V_P) make variable is provided; it expands to a shell conditional that can be used in recipes to know whether make is being run in silent or verbose mode. Bugs fixed in 1.12.2: * SECURITY VULNERABILITIES! - The recipe of the 'distcheck' no longer grants anymore temporary world-wide write permissions on the extracted distdir. Even if such rights were only granted for a vanishingly small time window, the implied race condition proved to be enough to allow a local attacker to run arbitrary code with the privileges of the user running "make distcheck". This is CVE-2012-3386. * Long-standing bugs: - The "recheck" targets behaves better in the face of build failures related to previously failed tests. For example, if a test is a compiled program that must be rerun by "make recheck", and its compilation fails, it will still be rerun by further "make recheck" invocations. See automake bug#11791. * Bugs introduced by 1.12.1: - Automake provides once again the '$(mkdir_p)' make variable and the '@mkdir_p@' substitution (both as simple aliases for '$(MKDIR_P)'), for better backward-compatibility. -*-*-*- * WARNING: Future backward-incompatibilities! - Future versions of Automake will likely drop support for the long-deprecated 'configure.in' name for the Autoconf input file. You are advised to use the recommended name 'configure.ac' instead. - The long-obsolete (since automake 1.10) AM_PROG_MKDIR m4 macro will be removed in Automake 1.13. The $(mkdir_p) make variable and the @mkdir_p@ substitution will still remain available (as aliases of $(MKDIR_P)) for the moment, for better backward compatibility. - Autoconf 2.65 or later will be required by the next major Automake version (1.13). Until now, Automake has required Autoconf version 2.62 or later. - Starting from the next major Automake version (1.13), the rules to build pdf, ps and dvi output from Texinfo input will use the '--build-dir' option by default. Since such an option was only introduced in Texinfo 4.9, this means that Makefiles generated by future Automake versions will require at least that version of Texinfo. - Starting from the next major Automake version (1.13), the parallel testsuite harness (previously only enabled by the 'parallel-tests' option) will become the default one; the older serial testsuite harness will still be available through the use of the 'serial-tests' option. - The following long-obsolete m4 macros will be removed in the next major Automake version (1.13): AM_PROG_CC_STDC: superseded by AC_PROG_CC since October 2002 fp_PROG_CC_STDC: broken alias for AM_PROG_CC_STDC fp_WITH_DMALLOC: old alias for AM_WITH_DMALLOC AM_CONFIG_HEADER: superseded by AC_CONFIG_HEADERS since July 2002 ud_PATH_LISPDIR: old alias for AM_PATH_LISPDIR jm_MAINTAINER_MODE: old alias for AM_MAINTAINER_MODE ud_GNU_GETTEXT: old alias for AM_GNU_GETTEXT gm_PROG_LIBTOOL: old alias for AC_PROG_LIBTOOL fp_C_PROTOTYPES: old alias for AM_C_PROTOTYPES (which was part of the now-removed automatic de-ANSI-fication support of Automake) - All the "old alias" macros in 'm4/obsolete.m4' will be removed in the next major Automake version (1.13). - Support for the two- and three-arguments invocation forms of the AM_INIT_AUTOMAKE macro is deprecated, and will be removed in the next major Automake version (1.13). - The '--acdir' option of aclocal is deprecated, and will probably be removed in the next major Automake release (1.13). You should use the options '--automake-acdir' and '--system-acdir' instead (which have been introduced in Automake 1.11.2). - The exact order in which the directories in the aclocal macro search path are looked up is probably going to be changed in the next Automake release (1.13). - The 'missing' script will not try anymore to update the timestamp of out-of-date files that require a maintainer-specific tool to be remade, in case the user lacks such a tool (or has a too-old version of it). In fact, starting from Automake 1.13, all it'll do will be giving more useful warnings than a bare "command not found" from a make recipe would.
