GMP 5.1.0 finally available at

Niels Möller nisse at
Thu Feb 7 20:53:33 CET 2013

Last December, the GMP team released a new major release of the GNU
Multiple Precision Arithmetic Library (GMP), identified as 5.1.0. This
message is an update to that announcement.

* At long last, this release is now also available at, after
  a minor tweak of the release files, see below.

* About the new release files

  The release files from December were affected by an automake bug,
  where the distcheck target creates an insecure world-writable
  directory. This bug did *not* affect the GMP release process, and we
  consider it a minor security problem. Nevertheless, it could be
  dangerous to users under some circumstances, and new packages with
  this problem have been deemed unsuitable for distribution via
  Since older versions of GMP, as well as many other packages, have the
  same problem, our general advice is to never invoke the distcheck
  target in packages using automake unless you are confident that either
  (i) the was generated using a recent automake version, or
  (ii) you have no untrusted users or processes with access on the same
  New files, fixing this problem (and only this problem) have been
  prepared. To distinguish them from the earlier release files, the new
  files carry the version string "5.1.0a" in their names. Available both
  at and (and its mirrors):
  The *only* difference to the 5.1.0 release files is a small patch to
  the top-level, included below. Unless you're using the
  distcheck make target, there is no reason to upgrade.

* Problems with the new mini-gmp package

  One new feature in GMP-5.1.0 was mini-gmp, a small, portable, but less
  efficient, implementation of a subset of GMP's mpn and mpz interfaces.

  Unfortunately, this new package was not quite of release quality. Of
  the functions not used in the GMP bootstrap, several were untested and
  they contained a number of bugs. The 5.1.0a files do *not* address
  these problems; a properly tested mini-gmp will be included with
  gmp-5.1.1. Don't use mini-gmp as included in 5.1.0(a). If you would
  like to try out mini-gmp, you are encouraged to instead get the
  current version from the GMP repository.

* The signing key used for the 5.1.0 and earlier releases is being
  retired. The 5.1.0a files are the first to be signed with the new key,
  ID 28C67298.

* For more information about GMP, including known issues with the
  current release, see

On behalf of the GMP team,
/Niels Möller

diff -ur gmp-5.1.0-orig/ gmp-5.1.0/
--- gmp-5.1.0-orig/ 2012-12-18 20:05:16.000000000 +0100
+++ gmp-5.1.0/       2013-01-06 18:13:44.000000000 +0100
@@ -1047,7 +1047,7 @@
        *.zip*) \
          unzip $(distdir).zip ;;\
-       chmod -R a-w $(distdir); chmod a+w $(distdir)
+       chmod -R a-w $(distdir); chmod u+w $(distdir)
        mkdir $(distdir)/_build
        mkdir $(distdir)/_inst
        chmod a-w $(distdir)

Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

More information about the gmp-announce mailing list