Compare commits
5 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
e3660cb4bc | ||
|
74cab49813 | ||
|
2d31e7e2d2 | ||
|
332f70f226 | ||
|
60ff8b08c8 |
0
.cvsignore → .gitignore
vendored
0
.cvsignore → .gitignore
vendored
21
Makefile
21
Makefile
@ -1,21 +0,0 @@
|
|||||||
# Makefile for source rpm: libtool
|
|
||||||
# $Id: Makefile,v 1.1 2004/09/09 07:44:21 cvsdist Exp $
|
|
||||||
NAME := libtool
|
|
||||||
SPECFILE = $(firstword $(wildcard *.spec))
|
|
||||||
|
|
||||||
define find-makefile-common
|
|
||||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
|
||||||
|
|
||||||
ifeq ($(MAKEFILE_COMMON),)
|
|
||||||
# attempt a checkout
|
|
||||||
define checkout-makefile-common
|
|
||||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
|
||||||
endef
|
|
||||||
|
|
||||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
|
||||||
endif
|
|
||||||
|
|
||||||
include $(MAKEFILE_COMMON)
|
|
91
libtool-1.5.22-CVE-2009-3736.patch
Normal file
91
libtool-1.5.22-CVE-2009-3736.patch
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
diff -urN libtool-1.5.26.orig/libltdl/ltdl.c libtool-1.5.26/libltdl/ltdl.c
|
||||||
|
--- libtool-1.5.26.orig/libltdl/ltdl.c 2007-11-15 13:36:41.000000000 -0600
|
||||||
|
+++ libtool-1.5.26/libltdl/ltdl.c 2009-11-15 21:13:37.000000000 -0600
|
||||||
|
@@ -2192,7 +2192,8 @@
|
||||||
|
static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
|
||||||
|
const char *filename));
|
||||||
|
static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
|
||||||
|
- const char *filename));
|
||||||
|
+ const char *filename,
|
||||||
|
+ const char * useloader));
|
||||||
|
static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
|
||||||
|
static int lt_argz_insert LT_PARAMS((char **pargz,
|
||||||
|
size_t *pargz_len,
|
||||||
|
@@ -2390,9 +2391,10 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
static int
|
||||||
|
-tryall_dlopen (handle, filename)
|
||||||
|
+tryall_dlopen (handle, filename, useloader)
|
||||||
|
lt_dlhandle *handle;
|
||||||
|
const char *filename;
|
||||||
|
+ const char *useloader;
|
||||||
|
{
|
||||||
|
lt_dlhandle cur;
|
||||||
|
lt_dlloader *loader;
|
||||||
|
@@ -2459,6 +2461,11 @@
|
||||||
|
|
||||||
|
while (loader)
|
||||||
|
{
|
||||||
|
+ if (useloader && strcmp(loader->loader_name, useloader))
|
||||||
|
+ {
|
||||||
|
+ loader = loader->next;
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
lt_user_data data = loader->dlloader_data;
|
||||||
|
|
||||||
|
cur->module = loader->module_open (data, filename);
|
||||||
|
@@ -2528,7 +2535,7 @@
|
||||||
|
error += tryall_dlopen_module (handle,
|
||||||
|
(const char *) 0, prefix, filename);
|
||||||
|
}
|
||||||
|
- else if (tryall_dlopen (handle, filename) != 0)
|
||||||
|
+ else if (tryall_dlopen (handle, filename, NULL) != 0)
|
||||||
|
{
|
||||||
|
++error;
|
||||||
|
}
|
||||||
|
@@ -2549,7 +2556,7 @@
|
||||||
|
/* Try to open the old library first; if it was dlpreopened,
|
||||||
|
we want the preopened version of it, even if a dlopenable
|
||||||
|
module is available. */
|
||||||
|
- if (old_name && tryall_dlopen (handle, old_name) == 0)
|
||||||
|
+ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
@@ -2813,7 +2820,7 @@
|
||||||
|
|
||||||
|
/* Try to dlopen the file, but do not continue searching in any
|
||||||
|
case. */
|
||||||
|
- if (tryall_dlopen (handle, filename) != 0)
|
||||||
|
+ if (tryall_dlopen (handle, filename,NULL) != 0)
|
||||||
|
*handle = 0;
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
@@ -3103,7 +3110,7 @@
|
||||||
|
/* lt_dlclose()ing yourself is very bad! Disallow it. */
|
||||||
|
LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
|
||||||
|
|
||||||
|
- if (tryall_dlopen (&newhandle, 0) != 0)
|
||||||
|
+ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
|
||||||
|
{
|
||||||
|
LT_DLFREE (*phandle);
|
||||||
|
return 1;
|
||||||
|
@@ -3225,7 +3232,7 @@
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
- if (!file)
|
||||||
|
+ else
|
||||||
|
{
|
||||||
|
file = fopen (filename, LT_READTEXT_MODE);
|
||||||
|
}
|
||||||
|
@@ -3412,7 +3419,7 @@
|
||||||
|
#endif
|
||||||
|
)))
|
||||||
|
{
|
||||||
|
- if (tryall_dlopen (&newhandle, filename) != 0)
|
||||||
|
+ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
|
||||||
|
{
|
||||||
|
newhandle = NULL;
|
||||||
|
}
|
@ -1,14 +0,0 @@
|
|||||||
diff -up libtool-1.5.24/libltdl/ltdl.c.relativepath libtool-1.5.24/libltdl/ltdl.c
|
|
||||||
--- libtool-1.5.24/libltdl/ltdl.c.relativepath 2007-06-01 07:04:54.000000000 +0200
|
|
||||||
+++ libtool-1.5.24/libltdl/ltdl.c 2007-07-24 12:56:22.000000000 +0200
|
|
||||||
@@ -3225,7 +3225,9 @@ try_dlopen (phandle, filename)
|
|
||||||
}
|
|
||||||
if (!file)
|
|
||||||
{
|
|
||||||
- file = fopen (filename, LT_READTEXT_MODE);
|
|
||||||
+ /* don't open .la files in current directory, root might get tricked to run a binary in a prepared directory */
|
|
||||||
+ if(!strncmp((filename + strlen(filename) - 3), LTDL_ARCHIVE_EXT,3) || strstr(filename,"/"))
|
|
||||||
+ file = fopen (filename, LT_READTEXT_MODE);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If we didn't find the file by now, it really isn't there. Set
|
|
10
libtool.spec
10
libtool.spec
@ -3,7 +3,7 @@
|
|||||||
Summary: The GNU Portable Library Tool
|
Summary: The GNU Portable Library Tool
|
||||||
Name: libtool
|
Name: libtool
|
||||||
Version: 1.5.26
|
Version: 1.5.26
|
||||||
Release: 4%{?dist}
|
Release: 4%{?dist}.1
|
||||||
License: GPLv2+ and LGPLv2+ and GFDL
|
License: GPLv2+ and LGPLv2+ and GFDL
|
||||||
Group: Development/Tools
|
Group: Development/Tools
|
||||||
Source: http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.gz
|
Source: http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.gz
|
||||||
@ -13,9 +13,7 @@ Requires(post): /sbin/install-info
|
|||||||
Requires(preun): /sbin/install-info
|
Requires(preun): /sbin/install-info
|
||||||
Patch1: libtool-1.5.24-multilib.patch
|
Patch1: libtool-1.5.24-multilib.patch
|
||||||
|
|
||||||
# don't read .la file in current working directory, root might get tricked
|
Patch2: libtool-1.5.22-CVE-2009-3736.patch
|
||||||
# into running a prepared binary in that directory:
|
|
||||||
Patch2: libtool-1.5.24-relativepath.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf >= 2.59, automake >= 1.9.2, texinfo
|
BuildRequires: autoconf >= 2.59, automake >= 1.9.2, texinfo
|
||||||
Requires: autoconf >= 2.58, automake >= 1.4
|
Requires: autoconf >= 2.58, automake >= 1.4
|
||||||
@ -152,6 +150,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Dec 02 2009 Karsten Hopp <karsten@redhat.com> 1.5.26-4.1
|
||||||
|
- add fix for CVE-2009-3736:
|
||||||
|
libltdl may load and execute code from a library in the current directory
|
||||||
|
|
||||||
* Fri Aug 29 2008 Dennis Gilmore <dennis@ausil.us> 1.5.26-4
|
* Fri Aug 29 2008 Dennis Gilmore <dennis@ausil.us> 1.5.26-4
|
||||||
- rebuild for gcc-4.3.2
|
- rebuild for gcc-4.3.2
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user