fix security issues in libltdl bundle within kdelibs CVE-2009-3736
This commit is contained in:
parent
d4f3889cdf
commit
ada66a22ac
|
@ -27,7 +27,7 @@
|
||||||
|
|
||||||
Summary: K Desktop Environment 3 - Libraries
|
Summary: K Desktop Environment 3 - Libraries
|
||||||
Version: 3.5.10
|
Version: 3.5.10
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
|
|
||||||
Name: kdelibs3
|
Name: kdelibs3
|
||||||
Obsoletes: kdelibs < 6:%{version}-%{release}
|
Obsoletes: kdelibs < 6:%{version}-%{release}
|
||||||
|
@ -97,6 +97,8 @@ Patch204: kdelibs-3.5.10-cve-2009-1698.patch
|
||||||
Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
|
Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
|
||||||
# fix oCERT-2009-015 - unrestricted XMLHttpRequest access to local URLs
|
# fix oCERT-2009-015 - unrestricted XMLHttpRequest access to local URLs
|
||||||
Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
|
Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
|
||||||
|
# CVE-2009-3736, libltdl may load and execute code from a library in the current directory
|
||||||
|
Patch207: libltdl-CVE-2009-3736.patch
|
||||||
|
|
||||||
Requires: hicolor-icon-theme
|
Requires: hicolor-icon-theme
|
||||||
%if %{kde_settings}
|
%if %{kde_settings}
|
||||||
|
@ -249,6 +251,7 @@ format for easy browsing
|
||||||
%patch204 -p1 -b .cve-2009-1698
|
%patch204 -p1 -b .cve-2009-1698
|
||||||
%patch205 -p1 -b .cve-2009-2702
|
%patch205 -p1 -b .cve-2009-2702
|
||||||
%patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
|
%patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
|
||||||
|
%patch207 -p1 -b .CVE-2009-3736
|
||||||
|
|
||||||
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
|
||||||
|
|
||||||
|
@ -572,6 +575,9 @@ touch --no-create %{_datadir}/icons/crystalsvg 2> /dev/null || :
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Dec 07 2009 Than Ngo <than@redhat.com> - 3.5.10-21
|
||||||
|
- fix security issues in libltdl bundle within kdelibs CVE-2009-3736
|
||||||
|
|
||||||
* Mon Nov 2 2009 Lukáš Tinkl <ltinkl@redhat.com> - 3.5.10-20
|
* Mon Nov 2 2009 Lukáš Tinkl <ltinkl@redhat.com> - 3.5.10-20
|
||||||
- fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428
|
- fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
|
||||||
|
--- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
|
||||||
|
+++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
|
||||||
|
@@ -1544,7 +1544,8 @@
|
||||||
|
/* try to open the old library first; if it was dlpreopened,
|
||||||
|
we want the preopened version of it, even if a dlopenable
|
||||||
|
module is available */
|
||||||
|
- if (old_name && tryall_dlopen(handle, old_name) == 0)
|
||||||
|
+ if (old_name && tryall_dlopen(handle, old_name,
|
||||||
|
+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -2158,7 +2159,7 @@
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
- if (!file)
|
||||||
|
+ else
|
||||||
|
{
|
||||||
|
file = fopen (filename, LT_READTEXT_MODE);
|
||||||
|
}
|
Loading…
Reference in New Issue