rpms/mingw32-libltdl/F-12 libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch, NONE, 1.1 mingw32-libltdl.spec, 1.4, 1.5
Hans Ulrich Niedermann
ndim at fedoraproject.org
Thu Feb 11 19:18:27 UTC 2010
Author: ndim
Update of /cvs/pkgs/rpms/mingw32-libltdl/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv923
Modified Files:
mingw32-libltdl.spec
Added Files:
libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch
Log Message:
* Thu Feb 11 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-16
- Fix CVE-2009-3736 (#563980, #537941)
- Change define macros into global macros
libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch:
ChangeLog | 5 +++++
libltdl/ltdl.c | 24 +++++++++++++++---------
2 files changed, 20 insertions(+), 9 deletions(-)
--- NEW FILE libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch ---
>From 29b48580df75f0c5baa2962548a4c101ec7ed7ec Mon Sep 17 00:00:00 2001
From: Peter O'Gorman <peter at pogma.com>
Date: Tue, 24 Nov 2009 11:27:45 -0600
Subject: [PATCH] Backport of libltdl changes from the 2.26b release.
* libltdl/,tdl.c: Backport changes.
---
ChangeLog | 5 +++++
libltdl/ltdl.c | 23 +++++++++++++++--------
2 files changed, 20 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index e164eda..98bed36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-11-24 Peter O'Gorman <peter at pogma.com>
+
+ Backport of libltdl changes from the 2.26b release.
+ * libltdl/,tdl.c: Backport changes.
+
2008-02-27 Peter O'Gorman <peter at pogma.com>
* libtool.m4 [darwin]: Really use _lt_dar_allow_undefined for
diff --git a/libltdl/ltdl.c b/libltdl/ltdl.c
index b747b70..2ef8e0e 100644
--- a/libltdl/ltdl.c
+++ b/libltdl/ltdl.c
@@ -2192,7 +2192,8 @@ static int trim LT_PARAMS((char **dest,
static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
const char *filename));
static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
- const char *filename));
+ const char *filename,
+ const char * useloader));
static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
static int lt_argz_insert LT_PARAMS((char **pargz,
size_t *pargz_len,
@@ -2390,9 +2391,10 @@ lt_dlexit ()
}
static int
-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
lt_dlhandle *handle;
const char *filename;
+ const char *useloader;
{
lt_dlhandle cur;
lt_dlloader *loader;
@@ -2459,6 +2461,11 @@ tryall_dlopen (handle, filename)
while (loader)
{
+ if (useloader && strcmp(loader->loader_name, useloader))
+ {
+ loader = loader->next;
+ continue;
+ }
lt_user_data data = loader->dlloader_data;
cur->module = loader->module_open (data, filename);
@@ -2528,7 +2535,7 @@ tryall_dlopen_module (handle, prefix, dirname, dlname)
error += tryall_dlopen_module (handle,
(const char *) 0, prefix, filename);
}
- else if (tryall_dlopen (handle, filename) != 0)
+ else if (tryall_dlopen (handle, filename, NULL) != 0)
{
++error;
}
@@ -2549,7 +2556,7 @@ find_module (handle, dir, libdir, dlname, old_name, installed)
/* Try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available. */
- if (old_name && tryall_dlopen (handle, old_name) == 0)
+ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
{
return 0;
}
@@ -2813,7 +2820,7 @@ find_handle_callback (filename, data, ignored)
/* Try to dlopen the file, but do not continue searching in any
case. */
- if (tryall_dlopen (handle, filename) != 0)
+ if (tryall_dlopen (handle, filename,NULL) != 0)
*handle = 0;
return 1;
@@ -3103,7 +3110,7 @@ try_dlopen (phandle, filename)
/* lt_dlclose()ing yourself is very bad! Disallow it. */
LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
- if (tryall_dlopen (&newhandle, 0) != 0)
+ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
{
LT_DLFREE (*phandle);
return 1;
@@ -3225,7 +3232,7 @@ try_dlopen (phandle, filename)
}
#endif
}
- if (!file)
+ else
{
file = fopen (filename, LT_READTEXT_MODE);
}
@@ -3412,7 +3419,7 @@ try_dlopen (phandle, filename)
#endif
)))
{
- if (tryall_dlopen (&newhandle, filename) != 0)
+ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
{
newhandle = NULL;
}
--
1.6.2.5
Index: mingw32-libltdl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libltdl/F-12/mingw32-libltdl.spec,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- mingw32-libltdl.spec 2 Jan 2010 16:48:08 -0000 1.4
+++ mingw32-libltdl.spec 11 Feb 2010 19:18:27 -0000 1.5
@@ -1,19 +1,19 @@
-%define __strip %{_mingw32_strip}
-%define __objdump %{_mingw32_objdump}
-%define _use_internal_dependency_generator 0
-%define __find_requires %{_mingw32_findrequires}
-%define __find_provides %{_mingw32_findprovides}
-%define __debug_install_post %{_mingw32_debug_install_post}
+%global __strip %{_mingw32_strip}
+%global __objdump %{_mingw32_objdump}
+%global _use_internal_dependency_generator 0
+%global __find_requires %{_mingw32_findrequires}
+%global __find_provides %{_mingw32_findprovides}
+%global __debug_install_post %{_mingw32_debug_install_post}
# Define this to run tests (requires Wine, and won't work inside mock or Koji).
# Note: As of libtool-1.5.26, libltdl does not contain any tests at all.
-%define run_tests 0
+%global run_tests 0
Summary: Runtime libraries for GNU Libtool Dynamic Module Loader
Name: mingw32-libltdl
Version: 1.5.26
-Release: 15%{?dist}
+Release: 16%{?dist}
Group: System Environment/Libraries
# Even though the source package contains files under
# "GPLv2+ and LGPLv2+ and GFDL", the binary RPM only ships LGPLv2+ code.
@@ -28,6 +28,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version
# into running a prepared binary in that directory:
Patch2: libtool-1.5.24-relativepath.patch
+# CVE-2009-3736 (may load & exec code from current dir)
+Patch3: libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch
+
BuildRequires: mingw32-filesystem >= 53
BuildRequires: mingw32-binutils
BuildRequires: mingw32-gcc
@@ -58,7 +61,8 @@ the rest of the GNU Autotools (including
%prep
%setup -n libtool-%{version} -q
-%patch2 -p1
+%patch2 -p1 -b .relativepath
+%patch3 -p1 -b .CVE-2009-3736
%build
export PATH=%{_mingw32_bindir}:$PATH
@@ -105,6 +109,10 @@ rm -rf %{buildroot}
%changelog
+* Thu Feb 11 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-16
+- Fix CVE-2009-3736 (#563980, #537941)
+- Change define macros into global macros
+
* Sat Jan 2 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-15
- Automatically generate debuginfo subpackage
More information about the scm-commits
mailing list