rpms/libprelude/F-12 libprelude-0.9.24.1-CVE-2009-3736.patch, NONE, 1.1 libprelude.spec, 1.50, 1.51

Steve Grubb sgrubb at fedoraproject.org
Tue May 18 17:50:38 UTC 2010 

Author: sgrubb

Update of /cvs/pkgs/rpms/libprelude/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv6312

Modified Files:
	libprelude.spec 
Added Files:
	libprelude-0.9.24.1-CVE-2009-3736.patch 
Log Message:
* Tue May 18 2010 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-2
- Fix CVE-2009-3736 in ltdl. bz #563978


libprelude-0.9.24.1-CVE-2009-3736.patch:
 ltdl.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- NEW FILE libprelude-0.9.24.1-CVE-2009-3736.patch ---
diff -urp libprelude-0.9.24.1.orig/libltdl/ltdl.c libprelude-0.9.24.1/libltdl/ltdl.c
--- libprelude-0.9.24.1.orig/libltdl/ltdl.c	2010-05-18 13:41:48.000000000 -0400
+++ libprelude-0.9.24.1/libltdl/ltdl.c	2010-05-18 13:44:09.000000000 -0400
@@ -529,7 +529,8 @@ find_module (lt_dlhandle *handle, const 
   /* Try to open the old library first; if it was dlpreopened,
      we want the preopened version of it, even if a dlopenable
      module is available.  */
-  if (old_name && tryall_dlopen (handle, old_name, advise, 0) == 0)
+  if (old_name && tryall_dlopen (handle, old_name,
+				advise, lt_dlloader_find ("lt_preopen") ) == 0)
     {
       return 0;
     }
@@ -1345,7 +1346,7 @@ try_dlopen (lt_dlhandle *phandle, const 
 	    }
 #endif
 	}
-      if (!file)
+      else
 	{
 	  file = fopen (attempt, LT_READTEXT_MODE);
 	}


Index: libprelude.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libprelude/F-12/libprelude.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- libprelude.spec	29 Sep 2009 19:51:48 -0000	1.50
+++ libprelude.spec	18 May 2010 17:50:38 -0000	1.51
@@ -5,12 +5,13 @@
 
 Name:		libprelude
 Version:	0.9.24.1
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	The prelude library        
 Group:		System Environment/Libraries 
 License:	GPLv2+
 URL:		http://prelude-ids.org/
 Source0:	http://www.prelude-ids.org/download/releases/%{name}/%{name}-%{version}.tar.gz
+Patch1:		libprelude-0.9.24.1-CVE-2009-3736.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	gnutls-devel, python-devel, ruby, ruby-devel, lua-devel
@@ -67,6 +68,7 @@ Ruby bindings for libprelude.
 
 %prep
 %setup -q
+%patch1 -p1
 
 %build
 %configure	--disable-static \
@@ -141,6 +143,9 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/PreludeEasy.so
 
 %changelog
+* Tue May 18 2010 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-2
+- Fix CVE-2009-3736 in ltdl. bz #563978
+
 * Tue Sep 29 2009 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-1
 - New upstream release

More information about the scm-commits mailing list