GMP 5.1.0 finally available at ftp.gnu.org

[Niels Möller]

Last December, the GMP team released a new major release of the GNU
Multiple Precision Arithmetic Library (GMP), identified as 5.1.0. This
message is an update to that announcement.


* At long last, this release is now also available at ftp.gnu.org, after
  a minor tweak of the release files, see below.

  
* About the new release files

  The release files from December were affected by an automake bug,
  where the distcheck target creates an insecure world-writable
  directory. This bug did *not* affect the GMP release process, and we
  consider it a minor security problem. Nevertheless, it could be
  dangerous to users under some circumstances, and new packages with
  this problem have been deemed unsuitable for distribution via
  ftp.gnu.org.
  
  Since older versions of GMP, as well as many other packages, have the
  same problem, our general advice is to never invoke the distcheck
  target in packages using automake unless you are confident that either
  (i) the Makefile.in was generated using a recent automake version, or
  (ii) you have no untrusted users or processes with access on the same
  machine.
  
  New files, fixing this problem (and only this problem) have been
  prepared. To distinguish them from the earlier release files, the new
  files carry the version string "5.1.0a" in their names. Available both
  at gmplib.org and gnu.org (and its mirrors):
  
    ftp://ftp.gnu.org/gnu/gmp/gmp-5.1.0a.tar.xz
    ftp://ftp.gnu.org/gnu/gmp/gmp-5.1.0a.tar.bz2
    ftp://ftp.gmplib.org/pub/gmp-5.1.0/gmp-5.1.0a.tar.xz
    ftp://ftp.gmplib.org/pub/gmp-5.1.0/gmp-5.1.0a.tar.bz2
  
  The *only* difference to the 5.1.0 release files is a small patch to
  the top-level Makefile.in, included below. Unless you're using the
  distcheck make target, there is no reason to upgrade.


* Problems with the new mini-gmp package

  One new feature in GMP-5.1.0 was mini-gmp, a small, portable, but less
  efficient, implementation of a subset of GMP's mpn and mpz interfaces.

  Unfortunately, this new package was not quite of release quality. Of
  the functions not used in the GMP bootstrap, several were untested and
  they contained a number of bugs. The 5.1.0a files do *not* address
  these problems; a properly tested mini-gmp will be included with
  gmp-5.1.1. Don't use mini-gmp as included in 5.1.0(a). If you would
  like to try out mini-gmp, you are encouraged to instead get the
  current version from the GMP repository.


* The signing key used for the 5.1.0 and earlier releases is being
  retired. The 5.1.0a files are the first to be signed with the new key,
  ID 28C67298.


* For more information about GMP, including known issues with the
  current release, see http://gmplib.org/.

On behalf of the GMP team,
/Niels Möller


diff -ur gmp-5.1.0-orig/Makefile.in gmp-5.1.0/Makefile.in
--- gmp-5.1.0-orig/Makefile.in 2012-12-18 20:05:16.000000000 +0100
+++ gmp-5.1.0/Makefile.in       2013-01-06 18:13:44.000000000 +0100
@@ -1047,7 +1047,7 @@
        *.zip*) \
          unzip $(distdir).zip ;;\
        esac
-       chmod -R a-w $(distdir); chmod a+w $(distdir)
+       chmod -R a-w $(distdir); chmod u+w $(distdir)
        mkdir $(distdir)/_build
        mkdir $(distdir)/_inst
        chmod a-w $(distdir)

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.