[sblim-sfcb/el5] Fix insecure LD_LIBRARY_PATH usage
vcrhonek
vcrhonek at fedoraproject.org
Thu Nov 6 14:28:14 UTC 2014
commit 59a1017e07aee9d093efeea6e8c4ecabf573ffc0
Author: Vitezslav Crhonek <vcrhonek at redhat.com>
Date: Thu Nov 6 15:28:00 2014 +0100
Fix insecure LD_LIBRARY_PATH usage
...b-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch | 63 ++++++++++++++++++++
sblim-sfcb.spec | 8 ++-
2 files changed, 70 insertions(+), 1 deletions(-)
---
diff --git a/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch b/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
new file mode 100644
index 0000000..5356633
--- /dev/null
+++ b/sblim-sfcb-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
@@ -0,0 +1,63 @@
+Index: sfcb.init-none.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-none.in,v
+retrieving revision 1.2
+diff -a -u -p -r1.2 sfcb.init-none.in
+--- sfcb.init-none.in 13 Jun 2005 12:50:33 -0000 1.2
++++ sfcb.init-none.in 29 Jul 2012 22:25:50 -0000
+@@ -6,10 +6,10 @@
+
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+- LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+- export LD_LIBRARY_PATH
++ LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++ export LD_LIBRARY_PATH
+ fi
+
+ start() {
+Index: sfcb.init-redhat.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-redhat.in,v
+retrieving revision 1.2
+diff -a -u -p -r1.2 sfcb.init-redhat.in
+--- sfcb.init-redhat.in 13 Jun 2005 12:50:33 -0000 1.2
++++ sfcb.init-redhat.in 29 Jul 2012 22:25:50 -0000
+@@ -15,10 +15,10 @@
+
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+- LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+- export LD_LIBRARY_PATH
++ LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++ export LD_LIBRARY_PATH
+ fi
+
+ start() {
+Index: sfcb.init-suse.in
+===================================================================
+RCS file: /cvsroot/sblim/sfcb/sfcb.init-suse.in,v
+retrieving revision 1.3
+diff -a -u -p -r1.3 sfcb.init-suse.in
+--- sfcb.init-suse.in 28 Jul 2005 08:09:38 -0000 1.3
++++ sfcb.init-suse.in 29 Jul 2012 22:25:50 -0000
+@@ -15,10 +15,10 @@
+
+ echo $PATH | grep -q @sbindir@ ||PATH=@sbindir@:$PATH
+
+-if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv @libdir@
++if [ -z "$LD_LIBRARY_PATH" ] || echo $LD_LIBRARY_PATH | grep -qv '@libdir@[/]*\($\|[:]\)'
+ then
+- LD_LIBRARY_PATH=@libdir@:$LD_LIBRARY_PATH
+- export LD_LIBRARY_PATH
++ LD_LIBRARY_PATH=@libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
++ export LD_LIBRARY_PATH
+ fi
+
+ start() {
diff --git a/sblim-sfcb.spec b/sblim-sfcb.spec
index e5982c2..58e6e65 100644
--- a/sblim-sfcb.spec
+++ b/sblim-sfcb.spec
@@ -8,7 +8,7 @@ Name: sblim-sfcb
Summary: Small Footprint CIM Broker
URL: http://www.sblim.org
Version: 1.3.8
-Release: 1%{dist}
+Release: 2%{dist}
Group: Applications/System
License: EPL
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}
@@ -16,6 +16,7 @@ Source0: http://downloads.sourceforge.net/sblim/%{name}-%{version}.tar.bz2
patch0: %{name}-disable_auto_service_start.patch
patch1: %{name}-1.3.8-initscript.patch
patch2: %{name}-1.3.8-close_logging.patch
+patch3: %{name}-1.3.8-LD_LIBRARY_PATH-no-trailing-colon.patch
Provides: cim-server
Requires: cim-schema
%if 0%{?rhel}
@@ -49,6 +50,7 @@ Programming Interface (CMPI).
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p0
%build
%configure --enable-debug --enable-ssl --enable-pam --enable-ipv6 CFLAGS="$CFLAGS -D_GNU_SOURCE"
@@ -115,6 +117,10 @@ fi
#%doc COPYING README
%changelog
+* Thu Nov 06 2014 Vitezslav Crhonek <vcrhonek at redhat.com> - 1.3.8-2
+- Fix insecure LD_LIBRARY_PATH usage
+ Resolves: #838162
+
* Fri Aug 13 2010 <praveen_praveen at dell.com> - 1.3.8-1
- updated the sources and added patches in response to
- BZ 605345 and BZ 559904
More information about the scm-commits
mailing list