rpms/libtool/F-10 libtool-1.5.22-CVE-2009-3736.patch, NONE, 1.1 libtool.spec, 1.63, 1.64

Karsten Hopp karsten at fedoraproject.org
Wed Dec 2 11:39:33 UTC 2009 

Author: karsten

Update of /cvs/extras/rpms/libtool/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7207

Modified Files:
	libtool.spec 
Added Files:
	libtool-1.5.22-CVE-2009-3736.patch 
Log Message:
- add fix for CVE-2009-3736:
  libltdl may load and execute code from a library in the current directory


libtool-1.5.22-CVE-2009-3736.patch:
 ltdl.c |   23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

--- NEW FILE libtool-1.5.22-CVE-2009-3736.patch ---
diff -urN libtool-1.5.26.orig/libltdl/ltdl.c libtool-1.5.26/libltdl/ltdl.c
--- libtool-1.5.26.orig/libltdl/ltdl.c	2007-11-15 13:36:41.000000000 -0600
+++ libtool-1.5.26/libltdl/ltdl.c	2009-11-15 21:13:37.000000000 -0600
@@ -2192,7 +2192,8 @@
 static	int	try_dlopen	      LT_PARAMS((lt_dlhandle *handle,
 						 const char *filename));
 static	int	tryall_dlopen	      LT_PARAMS((lt_dlhandle *handle,
-						 const char *filename));
+						 const char *filename,
+						 const char * useloader));
 static	int	unload_deplibs	      LT_PARAMS((lt_dlhandle handle));
 static	int	lt_argz_insert	      LT_PARAMS((char **pargz,
 						 size_t *pargz_len,
@@ -2390,9 +2391,10 @@
 }
 
 static int
-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
      lt_dlhandle *handle;
      const char *filename;
+     const char *useloader;
 {
   lt_dlhandle	 cur;
   lt_dlloader   *loader;
@@ -2459,6 +2461,11 @@
 
   while (loader)
     {
+      if (useloader && strcmp(loader->loader_name, useloader))
+	{
+	  loader = loader->next;
+	  continue;
+	}
       lt_user_data data = loader->dlloader_data;
 
       cur->module = loader->module_open (data, filename);
@@ -2528,7 +2535,7 @@
       error += tryall_dlopen_module (handle,
 				     (const char *) 0, prefix, filename);
     }
-  else if (tryall_dlopen (handle, filename) != 0)
+  else if (tryall_dlopen (handle, filename, NULL) != 0)
     {
       ++error;
     }
@@ -2549,7 +2556,7 @@
   /* Try to open the old library first; if it was dlpreopened,
      we want the preopened version of it, even if a dlopenable
      module is available.  */
-  if (old_name && tryall_dlopen (handle, old_name) == 0)
+  if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
     {
       return 0;
     }
@@ -2813,7 +2820,7 @@
 
   /* Try to dlopen the file, but do not continue searching in any
      case.  */
-  if (tryall_dlopen (handle, filename) != 0)
+  if (tryall_dlopen (handle, filename,NULL) != 0)
     *handle = 0;
 
   return 1;
@@ -3103,7 +3110,7 @@
       /* lt_dlclose()ing yourself is very bad!  Disallow it.  */
       LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
 
-      if (tryall_dlopen (&newhandle, 0) != 0)
+      if (tryall_dlopen (&newhandle, 0, NULL) != 0)
 	{
 	  LT_DLFREE (*phandle);
 	  return 1;
@@ -3225,7 +3232,7 @@
 	    }
 #endif
 	}
-      if (!file)
+      else
 	{
 	  file = fopen (filename, LT_READTEXT_MODE);
 	}
@@ -3412,7 +3419,7 @@
 #endif
 		   )))
 	{
-          if (tryall_dlopen (&newhandle, filename) != 0)
+          if (tryall_dlopen (&newhandle, filename, NULL) != 0)
             {
               newhandle = NULL;
             }


Index: libtool.spec
===================================================================
RCS file: /cvs/extras/rpms/libtool/F-10/libtool.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- libtool.spec	29 Aug 2008 22:21:39 -0000	1.63
+++ libtool.spec	2 Dec 2009 11:39:33 -0000	1.64
@@ -3,7 +3,7 @@
 Summary: The GNU Portable Library Tool
 Name:    libtool
 Version: 1.5.26
-Release: 4%{?dist}
+Release: 4%{?dist}.1
 License: GPLv2+ and LGPLv2+ and GFDL
 Group:   Development/Tools
 Source:  http://ftp.gnu.org/gnu/libtool/libtool-%{version}.tar.gz
@@ -13,9 +13,7 @@ Requires(post):  /sbin/install-info
 Requires(preun): /sbin/install-info
 Patch1:  libtool-1.5.24-multilib.patch
 
-# don't  read .la file in current working directory, root might get tricked
-# into running a prepared binary in that directory:
-Patch2:  libtool-1.5.24-relativepath.patch
+Patch2:  libtool-1.5.22-CVE-2009-3736.patch
 
 BuildRequires: autoconf >= 2.59, automake >= 1.9.2, texinfo
 Requires: autoconf >= 2.58, automake >= 1.4
@@ -152,6 +150,10 @@ fi
 
 
 %changelog
+* Wed Dec 02 2009 Karsten Hopp <karsten at redhat.com> 1.5.26-4.1
+- add fix for CVE-2009-3736:
+  libltdl may load and execute code from a library in the current directory
+
 * Fri Aug 29 2008 Dennis Gilmore <dennis at ausil.us> 1.5.26-4
 - rebuild for gcc-4.3.2

More information about the fedora-extras-commits mailing list