jreznik pushed to arts (epel7). "fix security issues in libltdl (CVE-2009-3736)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Thu Apr 2 15:11:57 UTC 2015
>From bb3e08db84926dc4ab6995418b794fccf8414bc5 Mon Sep 17 00:00:00 2001
From: Than Ngo <than at fedoraproject.org>
Date: Tue, 8 Dec 2009 15:27:31 +0000
Subject: fix security issues in libltdl (CVE-2009-3736)
diff --git a/libltdl-CVE-2009-3736.patch b/libltdl-CVE-2009-3736.patch
index d49c117..b0713d3 100644
--- a/libltdl-CVE-2009-3736.patch
+++ b/libltdl-CVE-2009-3736.patch
@@ -1,22 +1,90 @@
-diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
---- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
-+++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
-@@ -1544,7 +1544,8 @@
+diff -up arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736 arts-1.5.10/libltdl/ltdl.c
+--- arts-1.5.10/libltdl/ltdl.c.CVE-2009-3736 2008-08-19 22:18:38.000000000 +0200
++++ arts-1.5.10/libltdl/ltdl.c 2009-12-08 16:02:38.000000000 +0100
+@@ -1454,9 +1454,10 @@ lt_dlexit ()
+ }
+
+ static int
+-tryall_dlopen (handle, filename)
++tryall_dlopen (handle, filename, useloader)
+ lt_dlhandle *handle;
+ const char *filename;
++ const char *useloader;
+ {
+ lt_dlhandle cur;
+ lt_dlloader *loader;
+@@ -1514,6 +1515,11 @@ tryall_dlopen (handle, filename)
+
+ while (loader)
+ {
++ if (useloader && strcmp(loader->loader_name, useloader))
++ {
++ loader = loader->next;
++ continue;
++ }
+ lt_user_data data = loader->dlloader_data;
+
+ cur->module = loader->module_open (data, filename);
+@@ -1556,7 +1562,7 @@ find_module (handle, dir, libdir, dlname
/* try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available */
- if (old_name && tryall_dlopen(handle, old_name) == 0)
-+ if (old_name && tryall_dlopen(handle, old_name,
-+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
++ if (old_name && tryall_dlopen(handle, old_name, "dlpreload") == 0)
{
return 0;
}
-@@ -2158,7 +2159,7 @@
+@@ -1579,7 +1585,7 @@ find_module (handle, dir, libdir, dlname
+ }
+
+ sprintf (filename, "%s/%s", libdir, dlname);
+- error = (tryall_dlopen (handle, filename) != 0);
++ error = (tryall_dlopen (handle, filename, NULL) != 0);
+ LT_DLFREE (filename);
+
+ if (!error)
+@@ -1611,7 +1617,7 @@ find_module (handle, dir, libdir, dlname
+ strcat(filename, objdir);
+ strcat(filename, dlname);
+
+- error = tryall_dlopen (handle, filename) != 0;
++ error = tryall_dlopen (handle, filename, NULL) != 0;
+ LT_DLFREE (filename);
+ if (!error)
+ {
+@@ -1634,7 +1640,7 @@ find_module (handle, dir, libdir, dlname
}
+ strcat(filename, dlname);
+
+- error = (tryall_dlopen (handle, filename) != 0);
++ error = (tryall_dlopen (handle, filename, NULL) != 0);
+ LT_DLFREE (filename);
+ if (!error)
+ {
+@@ -1749,7 +1755,7 @@ find_file (basename, search_path, pdir,
+ strcpy(filename+lendir, basename);
+ if (handle)
+ {
+- if (tryall_dlopen (handle, filename) == 0)
++ if (tryall_dlopen (handle, filename, NULL) == 0)
+ {
+ result = (lt_ptr) handle;
+ goto cleanup;
+@@ -2063,7 +2069,7 @@ lt_dlopen (filename)
+ /* lt_dlclose()ing yourself is very bad! Disallow it. */
+ LT_DLSET_FLAG (handle, LT_DLRESIDENT_FLAG);
+
+- if (tryall_dlopen (&newhandle, 0) != 0)
++ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
+ {
+ LT_DLFREE (handle);
+ return 0;
+@@ -2368,7 +2374,7 @@ lt_dlopen (filename)
+ #ifdef LTDL_SYSSEARCHPATH
+ && !find_file (basename, sys_search_path, 0, &newhandle)
#endif
- }
-- if (!file)
-+ else
- {
- file = fopen (filename, LT_READTEXT_MODE);
- }
+- )) && tryall_dlopen (&newhandle, filename))
++ )) && tryall_dlopen (&newhandle, filename, NULL))
+ {
+ LT_DLFREE (handle);
+ goto cleanup;
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/arts.git/commit/?h=epel7&id=bb3e08db84926dc4ab6995418b794fccf8414bc5
More information about the scm-commits
mailing list