rpms/mingw32-libltdl/F-11 libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch, 1.1, 1.2 mingw32-libltdl.spec, 1.3, 1.4

Hans Ulrich Niedermann ndim at fedoraproject.org
Thu Feb 11 20:18:20 UTC 2010 

Author: ndim

Update of /cvs/pkgs/rpms/mingw32-libltdl/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10072

Modified Files:
	libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch 
	mingw32-libltdl.spec 
Log Message:
* Thu Feb 11 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-17
- Unfuzz the CVE-2009-3736 patch


libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch:
 ChangeLog      |    5 +++++
 libltdl/ltdl.c |   23 +++++++++++++++--------
 2 files changed, 20 insertions(+), 8 deletions(-)

Index: libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libltdl/F-11/libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch	11 Feb 2010 19:18:24 -0000	1.1
+++ libtool-1.5.26-Backport-of-libltdl-changes-from-the-2.26b-release.patch	11 Feb 2010 20:18:19 -0000	1.2
@@ -1,32 +1,19 @@
-From 29b48580df75f0c5baa2962548a4c101ec7ed7ec Mon Sep 17 00:00:00 2001
-From: Peter O'Gorman <peter at pogma.com>
-Date: Tue, 24 Nov 2009 11:27:45 -0600
-Subject: [PATCH] Backport of libltdl changes from the 2.26b release.
-
-* libltdl/,tdl.c: Backport changes.
----
- ChangeLog      |    5 +++++
- libltdl/ltdl.c |   23 +++++++++++++++--------
- 2 files changed, 20 insertions(+), 8 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index e164eda..98bed36 100644
---- a/ChangeLog
-+++ b/ChangeLog
+diff -rup libtool-1.5.26/ChangeLog libtool-1.5.26-patched/ChangeLog
+--- libtool-1.5.26/ChangeLog	2008-02-01 17:58:18.000000000 +0100
++++ libtool-1.5.26-patched/ChangeLog	2010-02-11 20:53:36.000000000 +0100
 @@ -1,3 +1,8 @@
 +2009-11-24  Peter O'Gorman  <peter at pogma.com>
 +
 +	Backport of libltdl changes from the 2.26b release.
 +	* libltdl/,tdl.c: Backport changes.
 +
- 2008-02-27  Peter O'Gorman  <peter at pogma.com>
+ 2008-02-01  Peter O'Gorman  <peter at pogma.com>
  
- 	* libtool.m4 [darwin]: Really use _lt_dar_allow_undefined for
-diff --git a/libltdl/ltdl.c b/libltdl/ltdl.c
-index b747b70..2ef8e0e 100644
---- a/libltdl/ltdl.c
-+++ b/libltdl/ltdl.c
-@@ -2192,7 +2192,8 @@ static	int	trim		      LT_PARAMS((char **dest,
+ 	Release GNU libtool 1.5.26.
+diff -rup libtool-1.5.26/libltdl/ltdl.c libtool-1.5.26-patched/libltdl/ltdl.c
+--- libtool-1.5.26/libltdl/ltdl.c	2010-02-11 20:51:31.000000000 +0100
++++ libtool-1.5.26-patched/libltdl/ltdl.c	2010-02-11 20:53:00.000000000 +0100
+@@ -2192,7 +2192,8 @@ static	int	trim		      LT_PARAMS((char *
  static	int	try_dlopen	      LT_PARAMS((lt_dlhandle *handle,
  						 const char *filename));
  static	int	tryall_dlopen	      LT_PARAMS((lt_dlhandle *handle,
@@ -60,7 +47,7 @@ index b747b70..2ef8e0e 100644
        lt_user_data data = loader->dlloader_data;
  
        cur->module = loader->module_open (data, filename);
-@@ -2528,7 +2535,7 @@ tryall_dlopen_module (handle, prefix, dirname, dlname)
+@@ -2528,7 +2535,7 @@ tryall_dlopen_module (handle, prefix, di
        error += tryall_dlopen_module (handle,
  				     (const char *) 0, prefix, filename);
      }
@@ -69,7 +56,7 @@ index b747b70..2ef8e0e 100644
      {
        ++error;
      }
-@@ -2549,7 +2556,7 @@ find_module (handle, dir, libdir, dlname, old_name, installed)
+@@ -2549,7 +2556,7 @@ find_module (handle, dir, libdir, dlname
    /* Try to open the old library first; if it was dlpreopened,
       we want the preopened version of it, even if a dlopenable
       module is available.  */
@@ -78,7 +65,7 @@ index b747b70..2ef8e0e 100644
      {
        return 0;
      }
-@@ -2813,7 +2820,7 @@ find_handle_callback (filename, data, ignored)
+@@ -2813,7 +2820,7 @@ find_handle_callback (filename, data, ig
  
    /* Try to dlopen the file, but do not continue searching in any
       case.  */
@@ -103,9 +90,9 @@ index b747b70..2ef8e0e 100644
 -      if (!file)
 +      else
  	{
- 	  file = fopen (filename, LT_READTEXT_MODE);
- 	}
-@@ -3412,7 +3419,7 @@ try_dlopen (phandle, filename)
+ 	  /* don't open .la files in current directory, root might get tricked to run a binary in a prepared directory */
+ 	  if(!strncmp((filename + strlen(filename) - 3), LTDL_ARCHIVE_EXT,3) || strstr(filename,"/"))
+@@ -3414,7 +3421,7 @@ try_dlopen (phandle, filename)
  #endif
  		   )))
  	{
@@ -114,6 +101,3 @@ index b747b70..2ef8e0e 100644
              {
                newhandle = NULL;
              }
--- 
-1.6.2.5
-


Index: mingw32-libltdl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mingw32-libltdl/F-11/mingw32-libltdl.spec,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- mingw32-libltdl.spec	11 Feb 2010 19:18:24 -0000	1.3
+++ mingw32-libltdl.spec	11 Feb 2010 20:18:19 -0000	1.4
@@ -11,7 +11,7 @@
 Summary:  Runtime libraries for GNU Libtool Dynamic Module Loader
 Name:     mingw32-libltdl
 Version:  1.5.26
-Release:  16%{?dist}
+Release:  17%{?dist}
 Group:    System Environment/Libraries
 # Even though the source package contains files under
 # "GPLv2+ and LGPLv2+ and GFDL", the binary RPM only ships LGPLv2+ code.
@@ -101,6 +101,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Thu Feb 11 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-17
+- Unfuzz the CVE-2009-3736 patch
+
 * Thu Feb 11 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 1.5.26-16
 - Fix CVE-2009-3736 (#563980, #537941)
 - Change define macros into global macros

More information about the scm-commits mailing list