Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
|
e3660cb4bc | |
|
74cab49813 | |
|
2d31e7e2d2 | |
|
332f70f226 | |
|
60ff8b08c8 |
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: libtool
|
||||
# $Id: Makefile,v 1.1 2004/09/09 07:44:21 cvsdist Exp $
|
||||
NAME := libtool
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
|
@ -0,0 +1,91 @@
|
|||
diff -urN libtool-1.5.26.orig/libltdl/ltdl.c libtool-1.5.26/libltdl/ltdl.c
|
||||
--- libtool-1.5.26.orig/libltdl/ltdl.c 2007-11-15 13:36:41.000000000 -0600
|
||||
+++ libtool-1.5.26/libltdl/ltdl.c 2009-11-15 21:13:37.000000000 -0600
|
||||
@@ -2192,7 +2192,8 @@
|
||||
static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
|
||||
const char *filename));
|
||||
static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
|
||||
- const char *filename));
|
||||
+ const char *filename,
|
||||
+ const char * useloader));
|
||||
static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
|
||||
static int lt_argz_insert LT_PARAMS((char **pargz,
|
||||
size_t *pargz_len,
|
||||
@@ -2390,9 +2391,10 @@
|
||||
}
|
||||
|
||||
static int
|
||||
-tryall_dlopen (handle, filename)
|
||||
+tryall_dlopen (handle, filename, useloader)
|
||||
lt_dlhandle *handle;
|
||||
const char *filename;
|
||||
+ const char *useloader;
|
||||
{
|
||||
lt_dlhandle cur;
|
||||
lt_dlloader *loader;
|
||||
@@ -2459,6 +2461,11 @@
|
||||
|
||||
while (loader)
|
||||
{
|
||||
+ if (useloader && strcmp(loader->loader_name, useloader))
|
||||
+ {
|
||||
+ loader = loader->next;
|
||||
+ continue;
|
||||
+ }
|
||||
lt_user_data data = loader->dlloader_data;
|
||||
|
||||
cur->module = loader->module_open (data, filename);
|
||||
@@ -2528,7 +2535,7 @@
|
||||
error += tryall_dlopen_module (handle,
|
||||
(const char *) 0, prefix, filename);
|
||||
}
|
||||
- else if (tryall_dlopen (handle, filename) != 0)
|
||||
+ else if (tryall_dlopen (handle, filename, NULL) != 0)
|
||||
{
|
||||
++error;
|
||||
}
|
||||
@@ -2549,7 +2556,7 @@
|
||||
/* Try to open the old library first; if it was dlpreopened,
|
||||
we want the preopened version of it, even if a dlopenable
|
||||
module is available. */
|
||||
- if (old_name && tryall_dlopen (handle, old_name) == 0)
|
||||
+ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
@@ -2813,7 +2820,7 @@
|
||||
|
||||
/* Try to dlopen the file, but do not continue searching in any
|
||||
case. */
|
||||
- if (tryall_dlopen (handle, filename) != 0)
|
||||
+ if (tryall_dlopen (handle, filename,NULL) != 0)
|
||||
*handle = 0;
|
||||
|
||||
return 1;
|
||||
@@ -3103,7 +3110,7 @@
|
||||
/* lt_dlclose()ing yourself is very bad! Disallow it. */
|
||||
LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
|
||||
|
||||
- if (tryall_dlopen (&newhandle, 0) != 0)
|
||||
+ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
|
||||
{
|
||||
LT_DLFREE (*phandle);
|
||||
return 1;
|
||||
@@ -3225,7 +3232,7 @@
|
||||
}
|
||||
#endif
|
||||
}
|
||||
- if (!file)
|
||||
+ else
|
||||
{
|
||||
file = fopen (filename, LT_READTEXT_MODE);
|
||||
}
|
||||
@@ -3412,7 +3419,7 @@
|
||||
#endif
|
||||
)))
|
||||
{
|
||||
- if (tryall_dlopen (&newhandle, filename) != 0)
|
||||
+ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
|
||||
{
|
||||
newhandle = NULL;
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
diff -up libtool-1.5.24/libltdl/ltdl.c.relativepath libtool-1.5.24/libltdl/ltdl.c
|
||||
--- libtool-1.5.24/libltdl/ltdl.c.relativepath 2007-06-01 07:04:54.000000000 +0200
|
||||
+++ libtool-1.5.24/libltdl/ltdl.c 2007-07-24 12:56:22.000000000 +0200
|
||||
@@ -3225,7 +3225,9 @@ try_dlopen (phandle, filename)
|
||||
}
|
||||
if (!file)
|
||||
{
|
||||
- file = fopen (filename, LT_READTEXT_MODE);
|
||||
+ /* don't open .la files in current directory, root might get tricked to run a binary in a prepared directory */
|
||||
+ if(!strncmp((filename + strlen(filename) - 3), LTDL_ARCHIVE_EXT,3) || strstr(filename,"/"))
|
||||
+ file = fopen (filename, LT_READTEXT_MODE);
|
||||
}
|
||||
|
||||
/* If we didn't find the file by now, it really isn't there. Set
|
10
libtool.spec
10
libtool.spec
|
@ -3,7 +3,7 @@
|
|||
Summary: The GNU Portable Library Tool
|
||||
Name: libtool
|
||||
Version: 1.5.26
|
||||
Release: 4%{?dist}
|
||||
Release: 4%{?dist}.1
|
||||
License: GPLv2+ and LGPLv2+ and GFDL
|
||||
Group: Development/Tools
|
||||
Source: http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.gz
|
||||
|
@ -13,9 +13,7 @@ Requires(post): /sbin/install-info
|
|||
Requires(preun): /sbin/install-info
|
||||
Patch1: libtool-1.5.24-multilib.patch
|
||||
|
||||
# don't read .la file in current working directory, root might get tricked
|
||||
# into running a prepared binary in that directory:
|
||||
Patch2: libtool-1.5.24-relativepath.patch
|
||||
Patch2: libtool-1.5.22-CVE-2009-3736.patch
|
||||
|
||||
BuildRequires: autoconf >= 2.59, automake >= 1.9.2, texinfo
|
||||
Requires: autoconf >= 2.58, automake >= 1.4
|
||||
|
@ -152,6 +150,10 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 02 2009 Karsten Hopp <karsten@redhat.com> 1.5.26-4.1
|
||||
- add fix for CVE-2009-3736:
|
||||
libltdl may load and execute code from a library in the current directory
|
||||
|
||||
* Fri Aug 29 2008 Dennis Gilmore <dennis@ausil.us> 1.5.26-4
|
||||
- rebuild for gcc-4.3.2
|
||||
|
||||
|
|
Loading…
Reference in New Issue