rpms/arts/devel libltdl-CVE-2009-3736.patch, NONE, 1.1 arts.spec, 1.98, 1.99
Than Ngo
than at fedoraproject.org
Mon Dec 7 14:52:14 UTC 2009
Author: than
Update of /cvs/extras/rpms/arts/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20287
Modified Files:
arts.spec
Added Files:
libltdl-CVE-2009-3736.patch
Log Message:
fix security issues in libltdl CVE-2009-3736
libltdl-CVE-2009-3736.patch:
ltdl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE libltdl-CVE-2009-3736.patch ---
diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
--- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
+++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
@@ -1544,7 +1544,8 @@
/* try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available */
- if (old_name && tryall_dlopen(handle, old_name) == 0)
+ if (old_name && tryall_dlopen(handle, old_name,
+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
{
return 0;
}
@@ -2158,7 +2159,7 @@
}
#endif
}
- if (!file)
+ else
{
file = fopen (filename, LT_READTEXT_MODE);
}
Index: arts.spec
===================================================================
RCS file: /cvs/extras/rpms/arts/devel/arts.spec,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -p -r1.98 -r1.99
--- arts.spec 6 Dec 2009 22:36:03 -0000 1.98
+++ arts.spec 7 Dec 2009 14:52:13 -0000 1.99
@@ -3,7 +3,6 @@
%define multilib_arches %{ix86} x86_64 ppc ppc64 s390 s390x sparcv9 sparc64
-%define final 1
%define make_cvs 1
Name: arts
@@ -30,6 +29,9 @@ Patch50: arts-1.5.4-dlopenext.patch
Patch51: kde-3.5-libtool-shlibext.patch
# upstream patches
+# security patches
+# CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
+Patch200: libltdl-CVE-2009-3736.patch
# used in artsdsp
Requires: which
@@ -81,6 +83,8 @@ Install %{name}-devel if you intend to w
%patch50 -p1 -b .dlopenext
%patch51 -p1 -b .libtool-shlibext
+%patch200 -p1 -b .CVE-2009-3736
+
%if %{make_cvs}
# hack/fix for newer automake
sed -iautomake -e 's|automake\*1.10\*|automake\*1.1[0-5]\*|' admin/cvs.sh
@@ -99,9 +103,7 @@ unset QTDIR && . /etc/profile.d/qt.sh
--enable-new-ldflags \
--disable-libmad \
--with-alsa \
-%if 0%{?final}
--enable-final
-%endif
## hack for artsdsp (see http://bugzilla.redhat.com/329671)
#make %{?_smp_mflags} -k || \
@@ -187,6 +189,7 @@ rm -rf %{buildroot}
%changelog
* Sun Dec 06 2009 Than Ngo <than at redhat.com> - 1.5.10-9
- fix url
+- fix security issues in libltdl (CVE-2009-3736)
* Wed Sep 02 2009 Than Ngo <than at redhat.com> - 1.5.10-8
- drop support fedora < 10
More information about the fedora-extras-commits
mailing list