fix security issues in libltdl bundle within kdelibs CVE-2009-3736
This commit is contained in:
parent
1603fda542
commit
70a8d1a23d
139
kdelibs3.spec
139
kdelibs3.spec
|
@ -4,29 +4,20 @@
|
|||
|
||||
%define distname "Fedora"
|
||||
|
||||
%if 0%{?rhel}
|
||||
%define distname "EL"
|
||||
%endif
|
||||
|
||||
%define kde_settings 1
|
||||
|
||||
%define arts 1
|
||||
%define arts_ev 8:1.5.10
|
||||
|
||||
%if 0%{?fedora} > 8
|
||||
%define qt3 qt3
|
||||
%else
|
||||
%define qt3_epoch 1:
|
||||
%define qt3 qt
|
||||
%endif
|
||||
%define qt3_version 3.3.8b
|
||||
%define qt3_ev %{?qt3_epoch}%{qt3_version}
|
||||
# unfortunately, this doesn't work for 3.3.8b which still identifies as 3.3.8
|
||||
#global qt3_ver %(pkg-config --modversion qt-mt 2>/dev/null || echo %{qt3_version})
|
||||
%define qt3_ver %{qt3_version}
|
||||
# fix this?... -- Rex
|
||||
%define qt3_docdir %{_docdir}/qt-devel-%{qt3_ver}
|
||||
%define qt3_docdir %{_docdir}/qt-devel-%{qt3_version}
|
||||
|
||||
%define kde_major_version 3
|
||||
|
||||
%define make_cvs 1
|
||||
|
||||
%define apidocs 1
|
||||
|
||||
# We always include this here now because kdeartwork 4 has moved on to
|
||||
|
@ -36,18 +27,11 @@
|
|||
|
||||
Summary: K Desktop Environment 3 - Libraries
|
||||
Version: 3.5.10
|
||||
Release: 14%{?dist}
|
||||
Release: 21%{?dist}
|
||||
|
||||
%if 0%{?fedora} > 8
|
||||
Name: kdelibs3
|
||||
Obsoletes: kdelibs < 6:%{version}-%{release}
|
||||
Provides: kdelibs = 6:%{version}-%{release}
|
||||
%else
|
||||
Name: kdelibs
|
||||
Epoch: 6
|
||||
Obsoletes: kdelibs3 < %{version}-%{release}
|
||||
Provides: kdelibs3 = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
License: LGPLv2
|
||||
Url: http://www.kde.org/
|
||||
|
@ -96,6 +80,7 @@ Patch101: kde-3.5-libtool-shlibext.patch
|
|||
# kget ignores simultaneous download limit (kde #101956)
|
||||
Patch103: kdelibs-3.5.0-101956.patch
|
||||
Patch104: kdelibs-3.5.10-gcc44.patch
|
||||
Patch105: kdelibs-3.5.10-ossl-1.x.patch
|
||||
|
||||
## security fixes
|
||||
# fix CVE-2009-2537 - select length DoS
|
||||
|
@ -112,40 +97,37 @@ Patch204: kdelibs-3.5.10-cve-2009-1698.patch
|
|||
Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
|
||||
# fix oCERT-2009-015 - unrestricted XMLHttpRequest access to local URLs
|
||||
Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
|
||||
# CVE-2009-3736, libltdl may load and execute code from a library in the current directory
|
||||
Patch207: libltdl-CVE-2009-3736.patch
|
||||
|
||||
#{?arts:Requires: arts >= %{arts_ev}}
|
||||
#Requires: %{qt3} >= %{qt3_ev}
|
||||
Requires: hicolor-icon-theme
|
||||
%if %{kde_settings}
|
||||
Requires: kde-settings >= 3.5
|
||||
%endif
|
||||
Requires: kde-filesystem
|
||||
%if "%{name}" != "kdelibs"
|
||||
Requires: kdelibs-common
|
||||
%endif
|
||||
Requires: redhat-menus
|
||||
Requires: shadow-utils
|
||||
BuildRequires: sudo
|
||||
Requires(hint): sudo
|
||||
|
||||
%if 0%{?fedora} > 4 || 0%{?rhel} > 4
|
||||
%if 0%{?fedora}
|
||||
%define libkdnssd libkdnssd
|
||||
# omit for now, may contribute to http://bugzilla.redhat.com/441222
|
||||
#Requires: %{libkdnssd}
|
||||
%endif
|
||||
%define BuildRequires: xorg-x11-proto-devel libX11-devel
|
||||
%define _with_rgbfile --with-rgbfile=%{_datadir}/X11/rgb.txt
|
||||
Requires: iceauth
|
||||
%endif
|
||||
|
||||
Requires(pre): coreutils
|
||||
Requires(post): /sbin/ldconfig
|
||||
Requires(postun): /sbin/ldconfig
|
||||
Requires: hunspell
|
||||
|
||||
BuildRequires: gettext
|
||||
BuildRequires: pcre-devel
|
||||
BuildRequires: cups-devel cups
|
||||
BuildRequires: %{qt3}-devel %{qt3}-devel-docs
|
||||
%{?arts:BuildRequires: arts-devel >= %{arts_ev}}
|
||||
BuildRequires: arts-devel >= %{arts_ev}
|
||||
BuildRequires: flex >= 2.5.4a-13
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: libxslt-devel
|
||||
|
@ -167,30 +149,18 @@ BuildRequires: libart_lgpl-devel
|
|||
BuildRequires: bzip2-devel
|
||||
BuildRequires: libtiff-devel
|
||||
BuildRequires: libacl-devel libattr-devel
|
||||
%if 0%{?fedora} >= 9
|
||||
BuildRequires: enchant-devel
|
||||
Requires: hunspell
|
||||
%else
|
||||
BuildRequires: aspell-devel
|
||||
%endif
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: openldap-devel
|
||||
BuildRequires: db4-devel
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: glibc-kernheaders
|
||||
%if 0%{?fedora} > 5 || 0%{?rhel} > 4
|
||||
%define _with_libutempter 1
|
||||
BuildRequires: libutempter-devel
|
||||
%else
|
||||
BuildRequires: utempter
|
||||
%endif
|
||||
BuildRequires: findutils
|
||||
BuildRequires: jasper-devel
|
||||
BuildRequires: OpenEXR-devel
|
||||
%if %{make_cvs}
|
||||
BuildRequires: automake libtool
|
||||
%endif
|
||||
|
||||
%if "%{name}" != "kdelibs" && "%{?apidocs}" != "1"
|
||||
Obsoletes: kdelibs-apidocs < 6:%{version}-%{release}
|
||||
|
@ -215,17 +185,12 @@ kimgio (image manipulation).
|
|||
%package devel
|
||||
Group: Development/Libraries
|
||||
Summary: Header files and documentation for compiling KDE 3 applications.
|
||||
%if "%{name}" == "kdelibs"
|
||||
Obsoletes: kdelibs3-devel < %{version}-%{release}
|
||||
Provides: kdelibs3-devel = %{version}-%{release}
|
||||
%else
|
||||
Obsoletes: kdelibs-devel < 6:%{version}-%{release}
|
||||
Provides: kdelibs-devel = 6:%{version}-%{release}
|
||||
%endif
|
||||
Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
|
||||
Requires: %{qt3}-devel
|
||||
Requires: openssl-devel
|
||||
%{?arts:Requires: arts-devel}
|
||||
Requires: arts-devel
|
||||
%{?libkdnssd:Requires: libkdnssd-devel}
|
||||
%description devel
|
||||
This package includes the header files you will need to compile
|
||||
|
@ -235,15 +200,9 @@ applications for KDE 3.
|
|||
Group: Development/Documentation
|
||||
Summary: KDE 3 API documentation.
|
||||
Requires: %{name} = %{?epoch:%{epoch}:}%{version}
|
||||
%if "%{name}" == "kdelibs"
|
||||
Provides: kdelibs3-apidocs = %{version}-%{release}
|
||||
%else
|
||||
Obsoletes: kdelibs-apidocs < 6:%{version}-%{release}
|
||||
Provides: kdelibs-apidocs = 6:%{version}-%{release}
|
||||
%endif
|
||||
%if 0%{?fedora} > 9
|
||||
BuildArch: noarch
|
||||
%endif
|
||||
|
||||
%description apidocs
|
||||
This package includes the KDE 3 API documentation in HTML
|
||||
|
@ -266,26 +225,23 @@ format for easy browsing
|
|||
%patch38 -p1 -b .cupsdconf2-group
|
||||
%patch39 -p1 -b .kabc-make
|
||||
%patch40 -p1 -b .kdeprint-utf8
|
||||
%{?_with_libutempter:%patch41 -p1 -b .utempter}
|
||||
%patch41 -p1 -b .utempter
|
||||
%patch43 -p1 -b .lang
|
||||
%patch45 -p1 -b .xdg-autostart
|
||||
%patch46 -p1 -b .kate-vhdl
|
||||
%if 0%{?fedora} >= 9
|
||||
%patch48 -p1 -b .kspell
|
||||
%patch49 -p1 -b .kspell2
|
||||
%patch50 -p1 -b .no-ispell
|
||||
%endif
|
||||
%patch51 -p1 -b .cupsserverbin
|
||||
%patch52 -p1 -b .KDE3
|
||||
%if "%{name}" != "kdelibs"
|
||||
%patch53 -p1 -b .drkonqi-kde4
|
||||
%endif
|
||||
%patch54 -p1 -b .flock-redefinition
|
||||
%patch55 -p1 -b .latex-syntax
|
||||
|
||||
%patch100 -p1 -b .kstandarddirs
|
||||
%patch101 -p1 -b .libtool-shlibext
|
||||
%patch104 -p1 -b .gcc44
|
||||
%patch105 -p1 -b .ossl-1.x
|
||||
|
||||
# security fixes
|
||||
%patch200 -p1 -b .cve-2009-2537
|
||||
|
@ -295,14 +251,13 @@ format for easy browsing
|
|||
%patch204 -p1 -b .cve-2009-1698
|
||||
%patch205 -p1 -b .cve-2009-2702
|
||||
%patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
|
||||
%patch207 -p1 -b .CVE-2009-3736
|
||||
|
||||
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
||||
|
||||
%if %{make_cvs}
|
||||
# hack/fix for newer automake
|
||||
sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh
|
||||
make -f admin/Makefile.common cvs
|
||||
%endif
|
||||
sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh
|
||||
make -f admin/Makefile.common cvs
|
||||
|
||||
|
||||
%build
|
||||
|
@ -337,17 +292,12 @@ export DO_NOT_COMPILE="libkscreensaver"
|
|||
--enable-sendfile \
|
||||
--with-distribution="$(cat /etc/redhat-release 2>/dev/null)" \
|
||||
--with-alsa \
|
||||
%if 0%{?fedora} >= 9
|
||||
--without-aspell \
|
||||
%else
|
||||
--with-aspell \
|
||||
%endif
|
||||
--without-hspell \
|
||||
--disable-libfam \
|
||||
--enable-dnotify \
|
||||
--enable-inotify \
|
||||
--with-utempter \
|
||||
%{!?arts:--without-arts} \
|
||||
%{?_with_rgbfile} \
|
||||
--with-jasper \
|
||||
--with-openexr \
|
||||
|
@ -387,14 +337,9 @@ for i in *; do
|
|||
done
|
||||
popd
|
||||
|
||||
%if 0%{?fedora} < 12 && 0%{?rhel} < 6
|
||||
install -p -m 644 -D %{SOURCE1} %{buildroot}%{_sysconfdir}/profile.d/kde.sh
|
||||
install -p -m 644 -D %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/kde.csh
|
||||
|
||||
%if "%{name}" == "kdelibs"
|
||||
# menus
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/kde/xdg/menus
|
||||
mv %{buildroot}%{_sysconfdir}/xdg/menus/applications.menu \
|
||||
%{buildroot}%{_sysconfdir}/xdg/menus/kde-applications.menu
|
||||
%endif
|
||||
|
||||
# Use hicolor-icon-theme rpm/pkg instead (#178319)
|
||||
|
@ -432,7 +377,6 @@ find $RPM_BUILD_ROOT%{_libdir} -name "*.la" | xargs \
|
|||
rm -f %{buildroot}%{_libdir}/libkdnssd.la
|
||||
%{?libkdnssd:rm -rf %{buildroot}{%{_libdir}/libkdnssd.*,%{_includedir}/kde/dnssd}}
|
||||
|
||||
%if "%{name}" != "kdelibs"
|
||||
# remove conflicts with kdelibs-4
|
||||
rm -f %{buildroot}%{_bindir}/checkXML
|
||||
rm -f %{buildroot}%{_bindir}/ksvgtopng
|
||||
|
@ -480,7 +424,7 @@ rm -f %{buildroot}%{_docdir}/HTML/en/common/xml.dcl
|
|||
rm -rf %{buildroot}%{_datadir}/locale/all_languages
|
||||
rm -rf %{buildroot}%{_sysconfdir}/xdg/menus/
|
||||
rm -rf %{buildroot}%{_datadir}/autostart/
|
||||
rm -r %{buildroot}%{_datadir}/config/colors/40.colors
|
||||
rm -f %{buildroot}%{_datadir}/config/colors/40.colors
|
||||
rm -f %{buildroot}%{_datadir}/config/colors/Rainbow.colors
|
||||
rm -f %{buildroot}%{_datadir}/config/colors/Royal.colors
|
||||
rm -f %{buildroot}%{_datadir}/config/colors/Web.colors
|
||||
|
@ -490,8 +434,6 @@ rm -f %{buildroot}%{_bindir}/preparetips
|
|||
# don't show kresources
|
||||
sed -i -e "s,^OnlyShowIn=KDE;,OnlyShowIn=KDE3;," %{buildroot}%{_datadir}/applications/kde/kresources.desktop
|
||||
|
||||
%endif
|
||||
|
||||
%if 0%{?include_crystalsvg} == 0
|
||||
# remove all crystalsvg icons for now
|
||||
rm -rf %{buildroot}%{_datadir}/icons/crystalsvg/
|
||||
|
@ -534,7 +476,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||
%defattr(-,root,root,-)
|
||||
%doc README
|
||||
%doc COPYING.LIB
|
||||
%if 0%{?fedora} < 12 && 0%{?rhel} < 6
|
||||
%config(noreplace) %{_sysconfdir}/profile.d/*
|
||||
%endif
|
||||
%{_bindir}/artsmessage
|
||||
%{_bindir}/cupsdconf
|
||||
%{_bindir}/cupsdoprint
|
||||
|
@ -606,28 +550,13 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||
%{_datadir}/servicetypes/*
|
||||
%ghost %{_datadir}/services/ksycoca
|
||||
%{_docdir}/HTML/en/kspell
|
||||
%if "%{name}" == "kdelibs"
|
||||
%{_sysconfdir}/xdg/menus/*.menu
|
||||
%{_datadir}/autostart/*
|
||||
# include also the conflicting file in kdelibs fedora < 9
|
||||
%{_docdir}/HTML/en/common
|
||||
%{_datadir}/locale/all_languages
|
||||
%else
|
||||
%{_docdir}/HTML/en/common/*
|
||||
%endif
|
||||
%if 0%{?include_crystalsvg}
|
||||
%{_datadir}/icons/crystalsvg/
|
||||
%endif
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
# include also the conflicting file in kdelibs-devel fedora < 9
|
||||
%if "%{name}" == "kdelibs"
|
||||
%{_bindir}/checkXML
|
||||
%{_bindir}/ksvgtopng
|
||||
%{_bindir}/kunittestmodrunner
|
||||
%{_bindir}/preparetips
|
||||
%endif
|
||||
%{_bindir}/dcopidl*
|
||||
%{_bindir}/kconfig_compiler
|
||||
%{_bindir}/makekdewidgets
|
||||
|
@ -646,12 +575,30 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
|||
|
||||
|
||||
%changelog
|
||||
* Mon Nov 2 2009 Lukáš Tinkl <ltinkl@redhat.com> - 3.5.10-14
|
||||
* Mon Dec 07 2009 Than Ngo <than@redhat.com> - 3.5.10-21
|
||||
- fix security issues in libltdl bundle within kdelibs CVE-2009-3736
|
||||
|
||||
* Mon Nov 2 2009 Lukáš Tinkl <ltinkl@redhat.com> - 3.5.10-20
|
||||
- fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428
|
||||
|
||||
* Sun Sep 06 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13.1
|
||||
* Mon Sep 28 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-19
|
||||
- Conflicts with kde-settings (#526109)
|
||||
|
||||
* Mon Sep 28 2009 Than Ngo <than@redhat.com> - 3.5.10-18
|
||||
- rhel cleanup
|
||||
|
||||
* Wed Sep 23 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-17
|
||||
- move /etc/profile.d/kde.(sh|csh) to kde-settings (F-12+)
|
||||
|
||||
* Fri Sep 04 2009 Than Ngo <than@redhat.com> - 3.5.10-16
|
||||
- openssl-1.0 build fixes
|
||||
|
||||
* Fri Sep 04 2009 Than Ngo <than@redhat.com> - 3.5.10-15
|
||||
- fix for CVE-2009-2702
|
||||
|
||||
* Thu Sep 03 2009 Rex Dieter <rdieter@fedoraproject.org> - 3.5.10-14
|
||||
- kde.(sh|csh): drop KDE_IS_PRELINKED (workaround bug #515539)
|
||||
|
||||
* Sun Jul 26 2009 Kevin Kofler <Kevin@tigcc.ticalc.org> - 3.5.10-13
|
||||
- fix CVE-2009-2537 - select length DoS
|
||||
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
|
||||
--- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
|
||||
+++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
|
||||
@@ -1544,7 +1544,8 @@
|
||||
/* try to open the old library first; if it was dlpreopened,
|
||||
we want the preopened version of it, even if a dlopenable
|
||||
module is available */
|
||||
- if (old_name && tryall_dlopen(handle, old_name) == 0)
|
||||
+ if (old_name && tryall_dlopen(handle, old_name,
|
||||
+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -2158,7 +2159,7 @@
|
||||
}
|
||||
#endif
|
||||
}
|
||||
- if (!file)
|
||||
+ else
|
||||
{
|
||||
file = fopen (filename, LT_READTEXT_MODE);
|
||||
}
|
Loading…
Reference in New Issue