diff options
author | joerg <joerg@pkgsrc.org> | 2009-12-15 17:07:43 +0000 |
---|---|---|
committer | joerg <joerg@pkgsrc.org> | 2009-12-15 17:07:43 +0000 |
commit | 392a8b5727ecc839d851236c2719b0ad69c30725 (patch) | |
tree | 6e36f275f457de256431129a7c5ede1f39cc5086 /devel | |
parent | 574bbc79fceef9750f3a130b83305220b47fd0c6 (diff) | |
download | pkgsrc-392a8b5727ecc839d851236c2719b0ad69c30725.tar.gz |
Fix a potential security issue in libltdl by making sure that the
current directory is not included in the search path. Bump revision
of libltdl. Patch backported from tez@
Diffstat (limited to 'devel')
-rw-r--r-- | devel/libltdl/Makefile | 3 | ||||
-rw-r--r-- | devel/libtool/distinfo | 3 | ||||
-rw-r--r-- | devel/libtool/patches/patch-ae | 93 |
3 files changed, 97 insertions, 2 deletions
diff --git a/devel/libltdl/Makefile b/devel/libltdl/Makefile index 34863868cbe..efdba383df5 100644 --- a/devel/libltdl/Makefile +++ b/devel/libltdl/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.3 2006/01/30 22:19:57 tv Exp $ +# $NetBSD: Makefile,v 1.4 2009/12/15 17:07:43 joerg Exp $ # .include "../../devel/libtool/Makefile.common" PKGNAME= ${DISTNAME:S/tool-/ltdl-/} +PKGREVISION= 1 SVR4_PKGNAME= lltdl COMMENT= Generic shared library support (libltdl abstraction library) diff --git a/devel/libtool/distinfo b/devel/libtool/distinfo index d077b5e857c..436077df600 100644 --- a/devel/libtool/distinfo +++ b/devel/libtool/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.74 2009/07/08 21:01:43 markd Exp $ +$NetBSD: distinfo,v 1.75 2009/12/15 17:07:43 joerg Exp $ SHA1 (libtool-1.5.26.tar.gz) = 4c1738351736562a951a345e24f233d00953ec0a RMD160 (libtool-1.5.26.tar.gz) = 4d1d7dd0308b98e8f590723ae5daddb8da49ac11 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 4c979de3439dfffa48295e094c1aee40c7e79fa6 SHA1 (patch-ab) = 271e58419f0581f02b69094e865c16126b554f7b SHA1 (patch-ac) = 52f22f3f7a58e22d2240d0c6bb77455783ee5d70 SHA1 (patch-ad) = e3e3164b1e9598deab233450a1f7a8262dd09d66 +SHA1 (patch-ae) = 958897656acd515487ddb0ae66cbc95e8531fbc4 diff --git a/devel/libtool/patches/patch-ae b/devel/libtool/patches/patch-ae new file mode 100644 index 00000000000..c165320140b --- /dev/null +++ b/devel/libtool/patches/patch-ae @@ -0,0 +1,93 @@ +$NetBSD: patch-ae,v 1.8 2009/12/15 17:07:43 joerg Exp $ +backport of libltdl 2.26b security fixes from gnu git repo + +--- libltdl/ltdl.c.orig 2009-11-30 18:14:58.302462100 -0600 ++++ libltdl/ltdl.c 2009-11-30 18:17:57.759481200 -0600 +@@ -2192,7 +2192,8 @@ + static int try_dlopen LT_PARAMS((lt_dlhandle *handle, + const char *filename)); + static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle, +- const char *filename)); ++ const char *filename, ++ const char * useloader)); + static int unload_deplibs LT_PARAMS((lt_dlhandle handle)); + static int lt_argz_insert LT_PARAMS((char **pargz, + size_t *pargz_len, +@@ -2390,9 +2391,10 @@ + } + + static int +-tryall_dlopen (handle, filename) ++tryall_dlopen (handle, filename, useloader) + lt_dlhandle *handle; + const char *filename; ++ const char *useloader; + { + lt_dlhandle cur; + lt_dlloader *loader; +@@ -2459,6 +2461,11 @@ + + while (loader) + { ++ if (useloader && strcmp(loader->loader_name, useloader)) ++ { ++ loader = loader->next; ++ continue; ++ } + lt_user_data data = loader->dlloader_data; + + cur->module = loader->module_open (data, filename); +@@ -2528,7 +2535,7 @@ + error += tryall_dlopen_module (handle, + (const char *) 0, prefix, filename); + } +- else if (tryall_dlopen (handle, filename) != 0) ++ else if (tryall_dlopen (handle, filename, NULL) != 0) + { + ++error; + } +@@ -2549,7 +2556,7 @@ + /* Try to open the old library first; if it was dlpreopened, + we want the preopened version of it, even if a dlopenable + module is available. */ +- if (old_name && tryall_dlopen (handle, old_name) == 0) ++ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0) + { + return 0; + } +@@ -2813,7 +2820,7 @@ + + /* Try to dlopen the file, but do not continue searching in any + case. */ +- if (tryall_dlopen (handle, filename) != 0) ++ if (tryall_dlopen (handle, filename,NULL) != 0) + *handle = 0; + + return 1; +@@ -3103,7 +3110,7 @@ + /* lt_dlclose()ing yourself is very bad! Disallow it. */ + LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG); + +- if (tryall_dlopen (&newhandle, 0) != 0) ++ if (tryall_dlopen (&newhandle, 0, NULL) != 0) + { + LT_DLFREE (*phandle); + return 1; +@@ -3225,7 +3232,7 @@ + } + #endif + } +- if (!file) ++ else + { + file = fopen (filename, LT_READTEXT_MODE); + } +@@ -3412,7 +3419,7 @@ + #endif + ))) + { +- if (tryall_dlopen (&newhandle, filename) != 0) ++ if (tryall_dlopen (&newhandle, filename, NULL) != 0) + { + newhandle = NULL; + } |