GNU Automake 1.10.3 released

[Ralf Wildenhues]

We're pleased to announce the release of Automake 1.10.3.

Automake is a tool for automatically generating `Makefile.in's
suitable for use with Autoconf, compliant with the GNU Makefile
standards, and portable to various make implementations.

This is a bugfix release over 1.10.2.  All of these bugfixes are
contained in 1.11.1 as well, so you should be updating to 1.11.1
unless there is some incompatibility that forces you not to; in
the latter case, please report to <address@hidden>.

This bugfix release is done to propagate a fix for a security-related
issue: the `dist' and `distcheck' rules do not allow an untrusted user
to modify files that end up in the package tarball any more.  See the
separate security announcement for details.

A big thanks to all people who have been testing pre-release, reporting
bugs, contributing code, suggesting enhancements, and answering user
questions on the mailing lists!

You can find the new release here:

    ftp://ftp.gnu.org/gnu/automake/automake-1.10.3.tar.gz
    ftp://ftp.gnu.org/gnu/automake/automake-1.10.3.tar.gz.sig
    ftp://ftp.gnu.org/gnu/automake/automake-1.10.3.tar.bz2
    ftp://ftp.gnu.org/gnu/automake/automake-1.10.3.tar.bz2.sig

Soon it will also appear on the GNU mirrors which are listed here:

    http://www.gnu.org/order/ftp.html

and you might also reach a mirror near you through:

    http://ftpmirror.gnu.org/automake/

Finally, here are the MD5 checksums:

    b8e67fb458da396bc35555af7ef2b49f  automake-1.10.3.tar.bz2
    03bc9ebfa805f9ee5635f1f53fa1fa5f  automake-1.10.3.tar.gz

Please report bugs by mail to <address@hidden>.

New in 1.10.3:

  - The `gnupload' script has been revamped.

  - The `depcomp' and `compile' scripts now work with MSVC under MSYS.

Bugs fixed in 1.10.3:

* Long standing bugs:

  - The `missing' script works better with versioned tool names.

  - Semantics for `missing help2man' have been revamped:

    Previously, if `help2man' was not present, `missing help2man' would have
    the following semantics: if some man page was out of date but present, then
    a warning would be printed, but the exit status was 0.  If the man page was
    not present at all, then `missing' would create a replacement man page
    containing an error message, and exit with a status of 2.  This does not 
play
    well with `make': the next run will see this particular man page as being up
    to date, and will only error out on the next generated man page, if any;
    repeat until all pages are done.  This was not desirable.

    These are the new semantics: if some man page is not present, and help2man
    is not either, then `missing' will warn and generate the replacement page
    containing the error message, but exit successfully.  However, `make dist'
    will ensure that no such bogus man pages are packaged into a tarball.

  - `config.status Makefile... depfiles' works fine again in the presence of
    disabled dependency tracking.

  - The default no-op recursive rules for these targets also work with BSD make
    now: html, install-html, install-dvi, install-pdf, install-pdf, 
install-info.

  - `automake' now correctly complains about variable assignments which are
    preceded by a comment, extend over multiple lines with backslash-escaped
    newlines, and end in a comment sign.  Previous versions would silently
    and wrongly ignore such assignments completely.

  - The testsuite does not try to change the mode of `ltmain.sh' files from
    a Libtool installation (symlinked to test directories) any more.

  - AM_PROG_GCJ uses AC_CHECK_TOOLS to look for `gcj' now, so that prefixed
    tools are preferred in a cross-compile setup.

  - The distribution is tarred up with mode 755 now by the `dist*' targets.
    This fixes a race condition where untrusted users could modify files
    in the $(PACKAGE)-$(VERSION) distdir before packing if the toplevel
    build directory was world-searchable.  This is CVE-2009-4029.

* Bugs introduced by 1.10.2:

  - The manual wrongly contained portions of the 1.11a manual.