summaryrefslogtreecommitdiff
path: root/devel/libtool
diff options
context:
space:
mode:
authorjoerg <joerg@pkgsrc.org>2009-12-15 17:07:43 +0000
committerjoerg <joerg@pkgsrc.org>2009-12-15 17:07:43 +0000
commit392a8b5727ecc839d851236c2719b0ad69c30725 (patch)
tree6e36f275f457de256431129a7c5ede1f39cc5086 /devel/libtool
parent574bbc79fceef9750f3a130b83305220b47fd0c6 (diff)
downloadpkgsrc-392a8b5727ecc839d851236c2719b0ad69c30725.tar.gz
Fix a potential security issue in libltdl by making sure that the
current directory is not included in the search path. Bump revision of libltdl. Patch backported from tez@
Diffstat (limited to 'devel/libtool')
-rw-r--r--devel/libtool/distinfo3
-rw-r--r--devel/libtool/patches/patch-ae93
2 files changed, 95 insertions, 1 deletions
diff --git a/devel/libtool/distinfo b/devel/libtool/distinfo
index d077b5e857c..436077df600 100644
--- a/devel/libtool/distinfo
+++ b/devel/libtool/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.74 2009/07/08 21:01:43 markd Exp $
+$NetBSD: distinfo,v 1.75 2009/12/15 17:07:43 joerg Exp $
SHA1 (libtool-1.5.26.tar.gz) = 4c1738351736562a951a345e24f233d00953ec0a
RMD160 (libtool-1.5.26.tar.gz) = 4d1d7dd0308b98e8f590723ae5daddb8da49ac11
@@ -7,3 +7,4 @@ SHA1 (patch-aa) = 4c979de3439dfffa48295e094c1aee40c7e79fa6
SHA1 (patch-ab) = 271e58419f0581f02b69094e865c16126b554f7b
SHA1 (patch-ac) = 52f22f3f7a58e22d2240d0c6bb77455783ee5d70
SHA1 (patch-ad) = e3e3164b1e9598deab233450a1f7a8262dd09d66
+SHA1 (patch-ae) = 958897656acd515487ddb0ae66cbc95e8531fbc4
diff --git a/devel/libtool/patches/patch-ae b/devel/libtool/patches/patch-ae
new file mode 100644
index 00000000000..c165320140b
--- /dev/null
+++ b/devel/libtool/patches/patch-ae
@@ -0,0 +1,93 @@
+$NetBSD: patch-ae,v 1.8 2009/12/15 17:07:43 joerg Exp $
+backport of libltdl 2.26b security fixes from gnu git repo
+
+--- libltdl/ltdl.c.orig 2009-11-30 18:14:58.302462100 -0600
++++ libltdl/ltdl.c 2009-11-30 18:17:57.759481200 -0600
+@@ -2192,7 +2192,8 @@
+ static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
+ const char *filename));
+ static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
+- const char *filename));
++ const char *filename,
++ const char * useloader));
+ static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
+ static int lt_argz_insert LT_PARAMS((char **pargz,
+ size_t *pargz_len,
+@@ -2390,9 +2391,10 @@
+ }
+
+ static int
+-tryall_dlopen (handle, filename)
++tryall_dlopen (handle, filename, useloader)
+ lt_dlhandle *handle;
+ const char *filename;
++ const char *useloader;
+ {
+ lt_dlhandle cur;
+ lt_dlloader *loader;
+@@ -2459,6 +2461,11 @@
+
+ while (loader)
+ {
++ if (useloader && strcmp(loader->loader_name, useloader))
++ {
++ loader = loader->next;
++ continue;
++ }
+ lt_user_data data = loader->dlloader_data;
+
+ cur->module = loader->module_open (data, filename);
+@@ -2528,7 +2535,7 @@
+ error += tryall_dlopen_module (handle,
+ (const char *) 0, prefix, filename);
+ }
+- else if (tryall_dlopen (handle, filename) != 0)
++ else if (tryall_dlopen (handle, filename, NULL) != 0)
+ {
+ ++error;
+ }
+@@ -2549,7 +2556,7 @@
+ /* Try to open the old library first; if it was dlpreopened,
+ we want the preopened version of it, even if a dlopenable
+ module is available. */
+- if (old_name && tryall_dlopen (handle, old_name) == 0)
++ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
+ {
+ return 0;
+ }
+@@ -2813,7 +2820,7 @@
+
+ /* Try to dlopen the file, but do not continue searching in any
+ case. */
+- if (tryall_dlopen (handle, filename) != 0)
++ if (tryall_dlopen (handle, filename,NULL) != 0)
+ *handle = 0;
+
+ return 1;
+@@ -3103,7 +3110,7 @@
+ /* lt_dlclose()ing yourself is very bad! Disallow it. */
+ LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
+
+- if (tryall_dlopen (&newhandle, 0) != 0)
++ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
+ {
+ LT_DLFREE (*phandle);
+ return 1;
+@@ -3225,7 +3232,7 @@
+ }
+ #endif
+ }
+- if (!file)
++ else
+ {
+ file = fopen (filename, LT_READTEXT_MODE);
+ }
+@@ -3412,7 +3419,7 @@
+ #endif
+ )))
+ {
+- if (tryall_dlopen (&newhandle, filename) != 0)
++ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
+ {
+ newhandle = NULL;
+ }