Subject: pkg/24511: libtool-base update on pkgsrc-2003Q4 branch
To: None <tech-pkg@netbsd.org>
From: Aymeric Vincent <vincent@labri.fr>
List: tech-pkg
Date: 03/11/2004 18:59:09
--Apple-Mail-2--210981721
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed
[ Please keep me CC'd as I'm not on tech-pkg ]
Hi,
here is a diff which should fix the race condition found in <1.5.2
libtool's.
I would like to request a pullup of this diff on the pkgsrc-2003Q4
branch but would like to get some feedback first, because I didn't find
a definitive reference that this was the only security issue solved in
1.5.2.
Leaving this package in that state prevents the use of the
audit-packages feature on the packages which depend on libtool, which
means a lot of them.
URLs of interest:
http://www.securityfocus.com/advisories/6430
http://www.forbiddenweb.org/viewtopic.php?t=5165
http://savannah.gnu.org/cgi-bin/viewcvs/libtool/libtool/ltmain.in.diff?
r1=1.369&r2=1.370
Aymeric
--Apple-Mail-2--210981721
Content-Transfer-Encoding: 7bit
Content-Type: application/octet-stream;
x-unix-mode=0644;
name="libtool-diff"
Content-Disposition: attachment;
filename=libtool-diff
Index: Makefile.common
===================================================================
RCS file: /cvsroot/pkgsrc/devel/libtool/Makefile.common,v
retrieving revision 1.35
diff -u -r1.35 Makefile.common
--- Makefile.common 2 Nov 2003 19:19:30 -0000 1.35
+++ Makefile.common 11 Mar 2004 17:44:03 -0000
@@ -3,7 +3,7 @@
DISTNAME= libtool-ml-20010614
PKGPFX= ${DISTNAME:C/ml-/1.4./}
-PKGREVISION= 16
+PKGREVISION= 17
WRKSRC= ${WRKDIR}/libtool-ml
CATEGORIES= devel pkgtools
MASTER_SITES= ${MASTER_SITE_LOCAL}
Index: distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/devel/libtool/distinfo,v
retrieving revision 1.28
diff -u -r1.28 distinfo
--- distinfo 5 Oct 2003 08:19:19 -0000 1.28
+++ distinfo 11 Mar 2004 17:44:03 -0000
@@ -3,7 +3,7 @@
SHA1 (libtool-ml-20010614.tar.gz) = ff746666737e420592c3017d65bf4c47f1430dac
Size (libtool-ml-20010614.tar.gz) = 784246 bytes
SHA1 (patch-aa) = a3b37684e39b34077c3026a72787218942648bdf
-SHA1 (patch-ab) = 76d0762ff80ddeac72a740383797502ab2ee4921
+SHA1 (patch-ab) = 0fd4890a6837d8c270bb91676c0ed6c28542db98
SHA1 (patch-ac) = 61196acaa12edee0b1209b2ba7c6414453bfa438
SHA1 (patch-ad) = 6aab76688d0f55648e35adc45a3492ba9c87acfb
SHA1 (patch-ae) = 03de2a4fc9d828d62c6e6126ecf2dbbfeb1d82ea
Index: patches/patch-ab
===================================================================
RCS file: /cvsroot/pkgsrc/devel/libtool/patches/patch-ab,v
retrieving revision 1.29
diff -u -r1.29 patch-ab
--- patches/patch-ab 5 Oct 2003 08:19:19 -0000 1.29
+++ patches/patch-ab 11 Mar 2004 17:44:04 -0000
@@ -1,6 +1,6 @@
-$NetBSD: patch-ab,v 1.29 2003/10/05 08:19:19 grant Exp $
+$NetBSD$
---- ltmain.sh.orig 2001-06-14 14:06:50.000000000 +1000
+--- ltmain.sh.orig Thu Jun 14 06:06:50 2001
+++ ltmain.sh
@@ -211,6 +211,8 @@ do
--mode) prevopt="--mode" prev=mode ;;
@@ -189,7 +189,21 @@
if test "$need_version" = no; then
versuffix=
else
-@@ -5053,7 +5090,7 @@ relink_command=\"$relink_command\""
+@@ -4761,8 +4798,12 @@ relink_command=\"$relink_command\""
+ tmpdir="/tmp"
+ test -n "$TMPDIR" && tmpdir="$TMPDIR"
+ tmpdir="$tmpdir/libtool-$$"
+- if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :
++ save_umask=`umask`
++ umask 0077
++ if $mkdir "$tmpdir"; then
++ umask $save_umask
+ else
++ umask $save_umask
+ $echo "$modename: error: cannot create temporary directory \`$tmpdir'" 1>&2
+ continue
+ fi
+@@ -5053,7 +5094,7 @@ relink_command=\"$relink_command\""
fi
# Now prepare to actually exec the command.
--Apple-Mail-2--210981721--