GNU bug report logs - #21309
libtool should not use the dangerous, undocumented AC_TRY_EVAL macro, currently broken

Previous Next

Package: libtool;

Reported by: Vincent Lefevre <vincent <at> vinc17.net>

Date: Fri, 21 Aug 2015 01:58:02 UTC

Severity: normal

Done: Ileana Dumitrescu <ileanadumitrescu95 <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Vincent Lefevre <vincent <at> vinc17.net>
To: 21309 <at> debbugs.gnu.org
Subject: bug#21309: libtool generates binary data in config.log due to buggy escaping
Date: Tue, 2 Oct 2018 15:46:21 +0200

[Message part 1 (text/plain, inline)]
On 2018-10-02 12:58:04 +0200, Vincent Lefevre wrote:
> I've seen in the autoconf source that AC_TRY_EVAL should not be used:
> 
> # AC_TRY_EVAL(VARIABLE)
> # ---------------------
> # Evaluate $VARIABLE, which should be a valid shell command.
> # The purpose of this macro is to write "configure:123: command line"
> # into config.log for every test run.
> #
> # The AC_TRY_EVAL and AC_TRY_COMMAND macros are dangerous and
> # undocumented, and should not be used.
> # They may be removed or their API changed in a future release.
> # Autoconf itself no longer uses these two macros; they are present
> # only for backward compatibility with previous versions of Autoconf.
> # Not every shell command will work due to problems with eval
> # and quoting, and the rules for exactly what does work are tricky.
> # Worse, due to double-expansion during evaluation, arbitrary unintended
> # shell commands could be executed in some situations.

I've attached a patch that replaces the AC_TRY_EVAL occurrence that
generated the binary data. This is a patch against the Debian package
(libtool 2.4.6-4). I've tested it with MPFR and it seems to work fine.

The other AC_TRY_EVAL occurrences do not cause any problem here,
but should also be replaced in the future.

For the reference, my Debian bug report (clone of 796180, which is
now about autoconf):

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910076

-- 
Vincent Lefèvre <vincent <at> vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

[libtool-eval-nm.patch (text/plain, attachment)]
This bug report was last modified 219 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.