[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: autoconf-2.62 doesn't build on RHEL4
|
From: |
Ralf Corsepius |
|
Subject: |
Re: autoconf-2.62 doesn't build on RHEL4 |
|
Date: |
Tue, 22 Apr 2008 14:36:22 +0200 |
On Tue, 2008-04-22 at 06:18 -0600, Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> According to Ralf Corsepius on 4/21/2008 11:49 PM:
> | I am not upgrading the distro. I want to enable to developers to work on
> | my sources. Therefore, I am shipping autoconf+automake add-on packages
> | (Installed to /opt/...).
> |
> | ... now, autoconf is forcing me to also ship gm4.
> |
> | To me, this is a massive regression on autoconf's part.
>
> I'm sorry you feel this is a regression, but autoconf has required gm4 for
> ages, and only now are we enforcing that gm4 is new enough to not silently
> generate broken configure files.
I know - But I feel you have shot autoconf into its foot by doing.
> |
> | What will be next - bash-X, gawk-Y?
>
> No. The resulting configure scripts do not depend on a particular bash
Well, they spend a significant amount of effort in working around shell
portability issues and shell bugs.
Requiring (or even bundling) one particular flavor of a shell would
likely significantly simply configure scripts :()
> | These distros are ultra-conservative, ... security fixes only, and
> | hardly any upgrades ever.
>
> And m4 1.4.4 and earlier have KNOWN security bugs. Your distro is doing
> you a disservice by not upgrading it.
I am not working for RedHat, I am not even using RHEL.
> Even m4 1.4.10 has a known stack
> overrun/arbitrary code execution bug when abusing the -F option that was
> only fixed in 1.4.11.
OK, so running autoconf is a SECURITY risk on almost all existing Linux
distributions?
It's time autoconf dumps using m4 in favor something more stable!
> And guess what - autoconf uses the -F option (at
> least autoconf doesn't tickle the m4 bug in the normal use case of
> portable file names).
>
> - --
> Don't work too hard, make some time for fun as well!
>
> Eric Blake address@hidden
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
I guess you know how old and broken Cygwin's GCC is?
I guess, I'll start to require gcc-4.3.x for my sources, such that
Cygwin users will have to upgrade their GCC.
Ralf
- autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/21
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/21
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/21
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/21
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/21
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4,
Ralf Corsepius <=
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Wildenhues, 2008/04/22
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/23
- Re: autoconf-2.62 doesn't build on RHEL4, Eric Blake, 2008/04/23
- Re: autoconf-2.62 doesn't build on RHEL4, Ralf Corsepius, 2008/04/23