rpms/arts/F-12 libltdl-CVE-2009-3736.patch,1.2,1.3
Than Ngo
than at fedoraproject.org
Tue Dec 8 15:21:30 UTC 2009
Author: than
Update of /cvs/extras/rpms/arts/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5740
Modified Files:
libltdl-CVE-2009-3736.patch
Log Message:
fix security issues in libltdl (CVE-2009-3736)
libltdl-CVE-2009-3736.patch:
ltdl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
Index: libltdl-CVE-2009-3736.patch
===================================================================
RCS file: /cvs/extras/rpms/arts/F-12/libltdl-CVE-2009-3736.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- libltdl-CVE-2009-3736.patch 8 Dec 2009 15:20:42 -0000 1.2
+++ libltdl-CVE-2009-3736.patch 8 Dec 2009 15:21:30 -0000 1.3
@@ -1,90 +1,22 @@
-diff -up arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736 arts-1.5.10/libltdl/ltdl.c
---- arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736 2008-08-19 22:18:38.000000000 +0200
-+++ arts-1.5.10/libltdl/ltdl.c 2009-12-08 16:02:38.000000000 +0100
-@@ -1454,9 +1454,10 @@ lt_dlexit ()
- }
-
- static int
--tryall_dlopen (handle, filename)
-+tryall_dlopen (handle, filename, useloader)
- lt_dlhandle *handle;
- const char *filename;
-+ const char *useloader;
- {
- lt_dlhandle cur;
- lt_dlloader *loader;
-@@ -1514,6 +1515,11 @@ tryall_dlopen (handle, filename)
-
- while (loader)
- {
-+ if (useloader && strcmp(loader->loader_name, useloader))
-+ {
-+ loader = loader->next;
-+ continue;
-+ }
- lt_user_data data = loader->dlloader_data;
-
- cur->module = loader->module_open (data, filename);
-@@ -1556,7 +1562,7 @@ find_module (handle, dir, libdir, dlname
+diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
+--- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
++++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
+@@ -1544,7 +1544,8 @@
/* try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available */
- if (old_name && tryall_dlopen(handle, old_name) == 0)
-+ if (old_name && tryall_dlopen(handle, old_name, "dlpreload") == 0)
++ if (old_name && tryall_dlopen(handle, old_name,
++ advise, lt_dlloader_find ("lt_preopen") ) == 0)
{
return 0;
}
-@@ -1579,7 +1585,7 @@ find_module (handle, dir, libdir, dlname
- }
-
- sprintf (filename, "%s/%s", libdir, dlname);
-- error = (tryall_dlopen (handle, filename) != 0);
-+ error = (tryall_dlopen (handle, filename, NULL) != 0);
- LT_DLFREE (filename);
-
- if (!error)
-@@ -1611,7 +1617,7 @@ find_module (handle, dir, libdir, dlname
- strcat(filename, objdir);
- strcat(filename, dlname);
-
-- error = tryall_dlopen (handle, filename) != 0;
-+ error = tryall_dlopen (handle, filename, NULL) != 0;
- LT_DLFREE (filename);
- if (!error)
- {
-@@ -1634,7 +1640,7 @@ find_module (handle, dir, libdir, dlname
+@@ -2158,7 +2159,7 @@
}
- strcat(filename, dlname);
-
-- error = (tryall_dlopen (handle, filename) != 0);
-+ error = (tryall_dlopen (handle, filename, NULL) != 0);
- LT_DLFREE (filename);
- if (!error)
- {
-@@ -1749,7 +1755,7 @@ find_file (basename, search_path, pdir,
- strcpy(filename+lendir, basename);
- if (handle)
- {
-- if (tryall_dlopen (handle, filename) == 0)
-+ if (tryall_dlopen (handle, filename, NULL) == 0)
- {
- result = (lt_ptr) handle;
- goto cleanup;
-@@ -2063,7 +2069,7 @@ lt_dlopen (filename)
- /* lt_dlclose()ing yourself is very bad! Disallow it. */
- LT_DLSET_FLAG (handle, LT_DLRESIDENT_FLAG);
-
-- if (tryall_dlopen (&newhandle, 0) != 0)
-+ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
- {
- LT_DLFREE (handle);
- return 0;
-@@ -2368,7 +2374,7 @@ lt_dlopen (filename)
- #ifdef LTDL_SYSSEARCHPATH
- && !find_file (basename, sys_search_path, 0, &newhandle)
#endif
-- )) && tryall_dlopen (&newhandle, filename))
-+ )) && tryall_dlopen (&newhandle, filename, NULL))
- {
- LT_DLFREE (handle);
- goto cleanup;
+ }
+- if (!file)
++ else
+ {
+ file = fopen (filename, LT_READTEXT_MODE);
+ }
More information about the scm-commits
mailing list