GMP 5.1.0 finally available at ftp.gnu.org
nisse at lysator.liu.se
Thu Feb 7 20:53:33 CET 2013
Last December, the GMP team released a new major release of the GNU
Multiple Precision Arithmetic Library (GMP), identified as 5.1.0. This
message is an update to that announcement.
* At long last, this release is now also available at ftp.gnu.org, after
a minor tweak of the release files, see below.
* About the new release files
The release files from December were affected by an automake bug,
where the distcheck target creates an insecure world-writable
directory. This bug did *not* affect the GMP release process, and we
consider it a minor security problem. Nevertheless, it could be
dangerous to users under some circumstances, and new packages with
this problem have been deemed unsuitable for distribution via
Since older versions of GMP, as well as many other packages, have the
same problem, our general advice is to never invoke the distcheck
target in packages using automake unless you are confident that either
(i) the Makefile.in was generated using a recent automake version, or
(ii) you have no untrusted users or processes with access on the same
New files, fixing this problem (and only this problem) have been
prepared. To distinguish them from the earlier release files, the new
files carry the version string "5.1.0a" in their names. Available both
at gmplib.org and gnu.org (and its mirrors):
The *only* difference to the 5.1.0 release files is a small patch to
the top-level Makefile.in, included below. Unless you're using the
distcheck make target, there is no reason to upgrade.
* Problems with the new mini-gmp package
One new feature in GMP-5.1.0 was mini-gmp, a small, portable, but less
efficient, implementation of a subset of GMP's mpn and mpz interfaces.
Unfortunately, this new package was not quite of release quality. Of
the functions not used in the GMP bootstrap, several were untested and
they contained a number of bugs. The 5.1.0a files do *not* address
these problems; a properly tested mini-gmp will be included with
gmp-5.1.1. Don't use mini-gmp as included in 5.1.0(a). If you would
like to try out mini-gmp, you are encouraged to instead get the
current version from the GMP repository.
* The signing key used for the 5.1.0 and earlier releases is being
retired. The 5.1.0a files are the first to be signed with the new key,
* For more information about GMP, including known issues with the
current release, see http://gmplib.org/.
On behalf of the GMP team,
diff -ur gmp-5.1.0-orig/Makefile.in gmp-5.1.0/Makefile.in
--- gmp-5.1.0-orig/Makefile.in 2012-12-18 20:05:16.000000000 +0100
+++ gmp-5.1.0/Makefile.in 2013-01-06 18:13:44.000000000 +0100
@@ -1047,7 +1047,7 @@
unzip $(distdir).zip ;;\
- chmod -R a-w $(distdir); chmod a+w $(distdir)
+ chmod -R a-w $(distdir); chmod u+w $(distdir)
chmod a-w $(distdir)
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the gmp-announce