[sblim-sfcb/el5] Fix insecure LD_LIBRARY_PATH usage

vcrhonek vcrhonek at fedoraproject.org
Thu Nov 6 14:28:14 UTC 2014 

commit 59a1017e07aee9d093efeea6e8c4ecabf573ffc0
Author: Vitezslav Crhonek <vcrhonek at redhat.com>
Date:   Thu Nov 6 15:28:00 2014 +0100

    Fix insecure LD_LIBRARY_PATH usage

 ...b-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch |   63 ++++++++++++++++++++
 sblim-sfcb.spec                                    |    8 ++-
 2 files changed, 70 insertions(+), 1 deletions(-)
---
diff --git a/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch b/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
new file mode 100644
index 0000000..5356633
--- /dev/null
+++ b/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
@@ -0,0 +1,63 @@
+Index: sfcb.init-none.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-none.in,v
+retrieving revision 1.2
+diff -a -u -p -r1.2 sfcb.init-none.in
+--- sfcb.init-none.in	13 Jun 2005 12:50:33 -0000	1.2
++++ sfcb.init-none.in	29 Jul 2012 22:25:50 -0000
+@@ -6,10 +6,10 @@
+ 
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+ 
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+-    LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+-    export LD_LIBRARY_PATH
++	LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++	export LD_LIBRARY_PATH
+ fi
+ 
+ start() {
+Index: sfcb.init-redhat.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-redhat.in,v
+retrieving revision 1.2
+diff -a -u -p -r1.2 sfcb.init-redhat.in
+--- sfcb.init-redhat.in	13 Jun 2005 12:50:33 -0000	1.2
++++ sfcb.init-redhat.in	29 Jul 2012 22:25:50 -0000
+@@ -15,10 +15,10 @@
+ 
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+ 
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+-    LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+-    export LD_LIBRARY_PATH
++	LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++	export LD_LIBRARY_PATH
+ fi
+ 
+ start() {
+Index: sfcb.init-suse.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-suse.in,v
+retrieving revision 1.3
+diff -a -u -p -r1.3 sfcb.init-suse.in
+--- sfcb.init-suse.in	28 Jul 2005 08:09:38 -0000	1.3
++++ sfcb.init-suse.in	29 Jul 2012 22:25:50 -0000
+@@ -15,10 +15,10 @@
+ 
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+ 
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+-    LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+-    export LD_LIBRARY_PATH
++	LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++	export LD_LIBRARY_PATH
+ fi
+ 
+ start() {
diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec
index e5982c2..58e6e65 100644
--- a/sblim-sfcb.spec
+++ b/sblim-sfcb.spec
@@ -8,7 +8,7 @@ Name: sblim-sfcb
 Summary: Small Footprint CIM Broker
 URL: http://www.sblim.org
 Version: 1.3.8
-Release: 1%{dist}
+Release: 2%{dist}
 Group: Applications/System
 License: EPL
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}
@@ -16,6 +16,7 @@ Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2
 patch0:	%{name}-disable_auto_service_start.patch
 patch1: %{name}-1.3.8-initscript.patch
 patch2: %{name}-1.3.8-close_logging.patch
+patch3: %{name}-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
 Provides: cim-server
 Requires: cim-schema
 %if 0%{?rhel}
@@ -49,6 +50,7 @@ Programming Interface (CMPI).
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p0
 
 %build
 %configure --enable-debug --enable-ssl --enable-pam --enable-ipv6 CFLAGS="$CFLAGS -D_GNU_SOURCE"
@@ -115,6 +117,10 @@ fi
 #%doc COPYING README
 
 %changelog
+* Thu Nov 06 2014 Vitezslav Crhonek <vcrhonek at redhat.com> - 1.3.8-2
+- Fix insecure LD_LIBRARY_PATH usage
+  Resolves: #838162
+
 * Fri Aug 13 2010 <praveen_praveen at dell.com> - 1.3.8-1
 - updated the sources and added patches in response to 
 -   BZ 605345 and BZ 559904

More information about the scm-commits mailing list