pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/devel Fix a potential security issue in libltdl by mak...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ba0e78eb09f3
branches: trunk
changeset: 568597:ba0e78eb09f3
user: joerg <joerg%pkgsrc.org@localhost>
date: Tue Dec 15 17:07:43 2009 +0000
description:
Fix a potential security issue in libltdl by making sure that the
current directory is not included in the search path. Bump revision
of libltdl. Patch backported from tez@
diffstat:
devel/libltdl/Makefile | 3 +-
devel/libtool/distinfo | 3 +-
devel/libtool/patches/patch-ae | 93 ++++++++++++++++++++++++++++++++++++++++++
3 files changed, 97 insertions(+), 2 deletions(-)
diffs (126 lines):
diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libltdl/Makefile
--- a/devel/libltdl/Makefile Tue Dec 15 16:42:31 2009 +0000
+++ b/devel/libltdl/Makefile Tue Dec 15 17:07:43 2009 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2006/01/30 22:19:57 tv Exp $
+# $NetBSD: Makefile,v 1.4 2009/12/15 17:07:43 joerg Exp $
#
.include "../../devel/libtool/Makefile.common"
PKGNAME= ${DISTNAME:S/tool-/ltdl-/}
+PKGREVISION= 1
SVR4_PKGNAME= lltdl
COMMENT= Generic shared library support (libltdl abstraction library)
diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libtool/distinfo
--- a/devel/libtool/distinfo Tue Dec 15 16:42:31 2009 +0000
+++ b/devel/libtool/distinfo Tue Dec 15 17:07:43 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.74 2009/07/08 21:01:43 markd Exp $
+$NetBSD: distinfo,v 1.75 2009/12/15 17:07:43 joerg Exp $
SHA1 (libtool-1.5.26.tar.gz) = 4c1738351736562a951a345e24f233d00953ec0a
RMD160 (libtool-1.5.26.tar.gz) = 4d1d7dd0308b98e8f590723ae5daddb8da49ac11
@@ -7,3 +7,4 @@
SHA1 (patch-ab) = 271e58419f0581f02b69094e865c16126b554f7b
SHA1 (patch-ac) = 52f22f3f7a58e22d2240d0c6bb77455783ee5d70
SHA1 (patch-ad) = e3e3164b1e9598deab233450a1f7a8262dd09d66
+SHA1 (patch-ae) = 958897656acd515487ddb0ae66cbc95e8531fbc4
diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libtool/patches/patch-ae
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/libtool/patches/patch-ae Tue Dec 15 17:07:43 2009 +0000
@@ -0,0 +1,93 @@
+$NetBSD: patch-ae,v 1.8 2009/12/15 17:07:43 joerg Exp $
+backport of libltdl 2.26b security fixes from gnu git repo
+
+--- libltdl/ltdl.c.orig 2009-11-30 18:14:58.302462100 -0600
++++ libltdl/ltdl.c 2009-11-30 18:17:57.759481200 -0600
+@@ -2192,7 +2192,8 @@
+ static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
+ const char *filename));
+ static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
+- const char *filename));
++ const char *filename,
++ const char * useloader));
+ static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
+ static int lt_argz_insert LT_PARAMS((char **pargz,
+ size_t *pargz_len,
+@@ -2390,9 +2391,10 @@
+ }
+
+ static int
+-tryall_dlopen (handle, filename)
++tryall_dlopen (handle, filename, useloader)
+ lt_dlhandle *handle;
+ const char *filename;
++ const char *useloader;
+ {
+ lt_dlhandle cur;
+ lt_dlloader *loader;
+@@ -2459,6 +2461,11 @@
+
+ while (loader)
+ {
++ if (useloader && strcmp(loader->loader_name, useloader))
++ {
++ loader = loader->next;
++ continue;
++ }
+ lt_user_data data = loader->dlloader_data;
+
+ cur->module = loader->module_open (data, filename);
+@@ -2528,7 +2535,7 @@
+ error += tryall_dlopen_module (handle,
+ (const char *) 0, prefix, filename);
+ }
+- else if (tryall_dlopen (handle, filename) != 0)
++ else if (tryall_dlopen (handle, filename, NULL) != 0)
+ {
+ ++error;
+ }
+@@ -2549,7 +2556,7 @@
+ /* Try to open the old library first; if it was dlpreopened,
+ we want the preopened version of it, even if a dlopenable
+ module is available. */
+- if (old_name && tryall_dlopen (handle, old_name) == 0)
++ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
+ {
+ return 0;
+ }
+@@ -2813,7 +2820,7 @@
+
+ /* Try to dlopen the file, but do not continue searching in any
+ case. */
+- if (tryall_dlopen (handle, filename) != 0)
++ if (tryall_dlopen (handle, filename,NULL) != 0)
+ *handle = 0;
+
+ return 1;
+@@ -3103,7 +3110,7 @@
+ /* lt_dlclose()ing yourself is very bad! Disallow it. */
+ LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
+
+- if (tryall_dlopen (&newhandle, 0) != 0)
++ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
+ {
+ LT_DLFREE (*phandle);
+ return 1;
+@@ -3225,7 +3232,7 @@
+ }
+ #endif
+ }
+- if (!file)
++ else
+ {
+ file = fopen (filename, LT_READTEXT_MODE);
+ }
+@@ -3412,7 +3419,7 @@
+ #endif
+ )))
+ {
+- if (tryall_dlopen (&newhandle, filename) != 0)
++ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
+ {
+ newhandle = NULL;
+ }
Home |
Main Index |
Thread Index |
Old Index