[pkgsrc/trunk]: pkgsrc/devel Fix a potential security issue in libltdl by mak...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/devel Fix a potential security issue in libltdl by mak...
From: joerg <joerg%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 08:44:22 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ba0e78eb09f3
branches:  trunk
changeset: 568597:ba0e78eb09f3
user:      joerg <joerg%pkgsrc.org@localhost>
date:      Tue Dec 15 17:07:43 2009 +0000

description:
Fix a potential security issue in libltdl by making sure that the
current directory is not included in the search path. Bump revision
of libltdl. Patch backported from tez@

diffstat:

 devel/libltdl/Makefile         |   3 +-
 devel/libtool/distinfo         |   3 +-
 devel/libtool/patches/patch-ae |  93 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 97 insertions(+), 2 deletions(-)

diffs (126 lines):

diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libltdl/Makefile
--- a/devel/libltdl/Makefile    Tue Dec 15 16:42:31 2009 +0000
+++ b/devel/libltdl/Makefile    Tue Dec 15 17:07:43 2009 +0000
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2006/01/30 22:19:57 tv Exp $
+# $NetBSD: Makefile,v 1.4 2009/12/15 17:07:43 joerg Exp $
 #
 
 .include "../../devel/libtool/Makefile.common"
 
 PKGNAME=       ${DISTNAME:S/tool-/ltdl-/}
+PKGREVISION=   1
 SVR4_PKGNAME=  lltdl
 
 COMMENT=       Generic shared library support (libltdl abstraction library)
diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libtool/distinfo
--- a/devel/libtool/distinfo    Tue Dec 15 16:42:31 2009 +0000
+++ b/devel/libtool/distinfo    Tue Dec 15 17:07:43 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.74 2009/07/08 21:01:43 markd Exp $
+$NetBSD: distinfo,v 1.75 2009/12/15 17:07:43 joerg Exp $
 
 SHA1 (libtool-1.5.26.tar.gz) = 4c1738351736562a951a345e24f233d00953ec0a
 RMD160 (libtool-1.5.26.tar.gz) = 4d1d7dd0308b98e8f590723ae5daddb8da49ac11
@@ -7,3 +7,4 @@
 SHA1 (patch-ab) = 271e58419f0581f02b69094e865c16126b554f7b
 SHA1 (patch-ac) = 52f22f3f7a58e22d2240d0c6bb77455783ee5d70
 SHA1 (patch-ad) = e3e3164b1e9598deab233450a1f7a8262dd09d66
+SHA1 (patch-ae) = 958897656acd515487ddb0ae66cbc95e8531fbc4
diff -r 0c849d791ac7 -r ba0e78eb09f3 devel/libtool/patches/patch-ae
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/devel/libtool/patches/patch-ae    Tue Dec 15 17:07:43 2009 +0000
@@ -0,0 +1,93 @@
+$NetBSD: patch-ae,v 1.8 2009/12/15 17:07:43 joerg Exp $
+backport of libltdl 2.26b security fixes from gnu git repo
+
+--- libltdl/ltdl.c.orig        2009-11-30 18:14:58.302462100 -0600
++++ libltdl/ltdl.c     2009-11-30 18:17:57.759481200 -0600
+@@ -2192,7 +2192,8 @@
+ static        int     try_dlopen            LT_PARAMS((lt_dlhandle *handle,
+                                                const char *filename));
+ static        int     tryall_dlopen         LT_PARAMS((lt_dlhandle *handle,
+-                                               const char *filename));
++                                               const char *filename,
++                                               const char * useloader));
+ static        int     unload_deplibs        LT_PARAMS((lt_dlhandle handle));
+ static        int     lt_argz_insert        LT_PARAMS((char **pargz,
+                                                size_t *pargz_len,
+@@ -2390,9 +2391,10 @@
+ }
+ 
+ static int
+-tryall_dlopen (handle, filename)
++tryall_dlopen (handle, filename, useloader)
+      lt_dlhandle *handle;
+      const char *filename;
++     const char *useloader;
+ {
+   lt_dlhandle  cur;
+   lt_dlloader   *loader;
+@@ -2459,6 +2461,11 @@
+ 
+   while (loader)
+     {
++      if (useloader && strcmp(loader->loader_name, useloader))
++      {
++        loader = loader->next;
++        continue;
++      }
+       lt_user_data data = loader->dlloader_data;
+ 
+       cur->module = loader->module_open (data, filename);
+@@ -2528,7 +2535,7 @@
+       error += tryall_dlopen_module (handle,
+                                    (const char *) 0, prefix, filename);
+     }
+-  else if (tryall_dlopen (handle, filename) != 0)
++  else if (tryall_dlopen (handle, filename, NULL) != 0)
+     {
+       ++error;
+     }
+@@ -2549,7 +2556,7 @@
+   /* Try to open the old library first; if it was dlpreopened,
+      we want the preopened version of it, even if a dlopenable
+      module is available.  */
+-  if (old_name && tryall_dlopen (handle, old_name) == 0)
++  if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
+     {
+       return 0;
+     }
+@@ -2813,7 +2820,7 @@
+ 
+   /* Try to dlopen the file, but do not continue searching in any
+      case.  */
+-  if (tryall_dlopen (handle, filename) != 0)
++  if (tryall_dlopen (handle, filename,NULL) != 0)
+     *handle = 0;
+ 
+   return 1;
+@@ -3103,7 +3110,7 @@
+       /* lt_dlclose()ing yourself is very bad!  Disallow it.  */
+       LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
+ 
+-      if (tryall_dlopen (&newhandle, 0) != 0)
++      if (tryall_dlopen (&newhandle, 0, NULL) != 0)
+       {
+         LT_DLFREE (*phandle);
+         return 1;
+@@ -3225,7 +3232,7 @@
+           }
+ #endif
+       }
+-      if (!file)
++      else
+       {
+         file = fopen (filename, LT_READTEXT_MODE);
+       }
+@@ -3412,7 +3419,7 @@
+ #endif
+                  )))
+       {
+-          if (tryall_dlopen (&newhandle, filename) != 0)
++          if (tryall_dlopen (&newhandle, filename, NULL) != 0)
+             {
+               newhandle = NULL;
+             }

Prev by Date: [pkgsrc/trunk]: pkgsrc/multimedia/dvdstyler Not MAKE_JOBS_SAFE.
Next by Date: [pkgsrc/trunk]: pkgsrc/x11/xcb-proto/patches Remove unneeded patch.
Previous by Thread: [pkgsrc/trunk]: pkgsrc/multimedia/dvdstyler Not MAKE_JOBS_SAFE.
Next by Thread: [pkgsrc/trunk]: pkgsrc/x11/xcb-proto/patches Remove unneeded patch.
Indexes:

Home | Main Index | Thread Index | Old Index