rpms/libprelude/F-12 libprelude-0.9.24.1-CVE-2009-3736.patch, NONE, 1.1 libprelude.spec, 1.50, 1.51
Steve Grubb
sgrubb at fedoraproject.org
Tue May 18 17:50:38 UTC 2010
Author: sgrubb
Update of /cvs/pkgs/rpms/libprelude/F-12
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv6312
Modified Files:
libprelude.spec
Added Files:
libprelude-0.9.24.1-CVE-2009-3736.patch
Log Message:
* Tue May 18 2010 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-2
- Fix CVE-2009-3736 in ltdl. bz #563978
libprelude-0.9.24.1-CVE-2009-3736.patch:
ltdl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE libprelude-0.9.24.1-CVE-2009-3736.patch ---
diff -urp libprelude-0.9.24.1.orig/libltdl/ltdl.c libprelude-0.9.24.1/libltdl/ltdl.c
--- libprelude-0.9.24.1.orig/libltdl/ltdl.c 2010-05-18 13:41:48.000000000 -0400
+++ libprelude-0.9.24.1/libltdl/ltdl.c 2010-05-18 13:44:09.000000000 -0400
@@ -529,7 +529,8 @@ find_module (lt_dlhandle *handle, const
/* Try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available. */
- if (old_name && tryall_dlopen (handle, old_name, advise, 0) == 0)
+ if (old_name && tryall_dlopen (handle, old_name,
+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
{
return 0;
}
@@ -1345,7 +1346,7 @@ try_dlopen (lt_dlhandle *phandle, const
}
#endif
}
- if (!file)
+ else
{
file = fopen (attempt, LT_READTEXT_MODE);
}
Index: libprelude.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libprelude/F-12/libprelude.spec,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -p -r1.50 -r1.51
--- libprelude.spec 29 Sep 2009 19:51:48 -0000 1.50
+++ libprelude.spec 18 May 2010 17:50:38 -0000 1.51
@@ -5,12 +5,13 @@
Name: libprelude
Version: 0.9.24.1
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: The prelude library
Group: System Environment/Libraries
License: GPLv2+
URL: http://prelude-ids.org/
Source0: http://www.prelude-ids.org/download/releases/%{name}/%{name}-%{version}.tar.gz
+Patch1: libprelude-0.9.24.1-CVE-2009-3736.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gnutls-devel, python-devel, ruby, ruby-devel, lua-devel
@@ -67,6 +68,7 @@ Ruby bindings for libprelude.
%prep
%setup -q
+%patch1 -p1
%build
%configure --disable-static \
@@ -141,6 +143,9 @@ rm -rf %{buildroot}
%{ruby_sitearch}/PreludeEasy.so
%changelog
+* Tue May 18 2010 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-2
+- Fix CVE-2009-3736 in ltdl. bz #563978
+
* Tue Sep 29 2009 Steve Grubb <sgrubb at redhat.com> - 0.9.24.1-1
- New upstream release
More information about the scm-commits
mailing list