Tue May 4 20:46:31 2010 UTC ()
Add patch to embedded libltdl for CVE-2009-3736 from:
http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
(tez)
diff -r1.44 -r1.45 pkgsrc/lang/gcc34/Makefile
diff -r1.19 -r1.20 pkgsrc/lang/gcc34/distinfo
diff -r0 -r1.1 pkgsrc/lang/gcc34/patches/patch-cd
--- pkgsrc/lang/gcc34/Attic/Makefile 2010/03/24 19:43:25 1.44
+++ pkgsrc/lang/gcc34/Attic/Makefile 2010/05/04 20:46:31 1.45
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
1 | # $NetBSD: Makefile,v 1.44 2010/03/24 19:43:25 asau Exp $ | | 1 | # $NetBSD: Makefile,v 1.45 2010/05/04 20:46:31 tez Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= gcc-${GCC_VERSION} | | 4 | DISTNAME= gcc-${GCC_VERSION} |
5 | PKGNAME= gcc34-${GCC_VERSION} | | 5 | PKGNAME= gcc34-${GCC_VERSION} |
6 | PKGREVISION= 2 | | 6 | PKGREVISION= 3 |
7 | CATEGORIES= lang | | 7 | CATEGORIES= lang |
8 | MASTER_SITES= ${MASTER_SITE_GNU:=gcc/gcc-${GCC_VERSION}/} | | 8 | MASTER_SITES= ${MASTER_SITE_GNU:=gcc/gcc-${GCC_VERSION}/} |
9 | EXTRACT_SUFX= .tar.bz2 | | 9 | EXTRACT_SUFX= .tar.bz2 |
10 | | | 10 | |
11 | MAINTAINER= shannonjr@NetBSD.org | | 11 | MAINTAINER= shannonjr@NetBSD.org |
12 | HOMEPAGE= http://www.gnu.org/software/gcc/gcc.html | | 12 | HOMEPAGE= http://www.gnu.org/software/gcc/gcc.html |
13 | COMMENT= This is the gcc 3.4 compiler | | 13 | COMMENT= This is the gcc 3.4 compiler |
14 | | | 14 | |
15 | GCC_VERSION= 3.4.6 | | 15 | GCC_VERSION= 3.4.6 |
16 | | | 16 | |
17 | NOT_FOR_PLATFORM= Interix-*-* | | 17 | NOT_FOR_PLATFORM= Interix-*-* |
18 | | | 18 | |
19 | .include "../../mk/bsd.prefs.mk" | | 19 | .include "../../mk/bsd.prefs.mk" |
--- pkgsrc/lang/gcc34/Attic/distinfo 2009/04/22 18:59:54 1.19
+++ pkgsrc/lang/gcc34/Attic/distinfo 2010/05/04 20:46:31 1.20
| @@ -1,21 +1,22 @@ | | | @@ -1,21 +1,22 @@ |
1 | $NetBSD: distinfo,v 1.19 2009/04/22 18:59:54 hasso Exp $ | | 1 | $NetBSD: distinfo,v 1.20 2010/05/04 20:46:31 tez Exp $ |
2 | | | 2 | |
3 | SHA1 (gcc-3.4.6.tar.bz2) = 97b290fdc572c8e490b3b39f243e69bacad23c2b | | 3 | SHA1 (gcc-3.4.6.tar.bz2) = 97b290fdc572c8e490b3b39f243e69bacad23c2b |
4 | RMD160 (gcc-3.4.6.tar.bz2) = b15003368cedc7964f6ceaee0c39ddc43a46c442 | | 4 | RMD160 (gcc-3.4.6.tar.bz2) = b15003368cedc7964f6ceaee0c39ddc43a46c442 |
5 | Size (gcc-3.4.6.tar.bz2) = 28193401 bytes | | 5 | Size (gcc-3.4.6.tar.bz2) = 28193401 bytes |
6 | SHA1 (patch-aa) = 40ba26c4af81ecc0effce3b7ac3c74bdfe4b56a6 | | 6 | SHA1 (patch-aa) = 40ba26c4af81ecc0effce3b7ac3c74bdfe4b56a6 |
7 | SHA1 (patch-ab) = 50345471e99264104e136acd7c09da0a5275cb62 | | 7 | SHA1 (patch-ab) = 50345471e99264104e136acd7c09da0a5275cb62 |
8 | SHA1 (patch-ae) = 928fa6155e614ca85b02359cf893d6c62231b192 | | 8 | SHA1 (patch-ae) = 928fa6155e614ca85b02359cf893d6c62231b192 |
9 | SHA1 (patch-af) = cdd6b0d13c557996cb6582d7fa5dc651d37ee0ee | | 9 | SHA1 (patch-af) = cdd6b0d13c557996cb6582d7fa5dc651d37ee0ee |
10 | SHA1 (patch-ag) = beee5294d387faafa640ab048823499da629e715 | | 10 | SHA1 (patch-ag) = beee5294d387faafa640ab048823499da629e715 |
11 | SHA1 (patch-ah) = 3b3471f42e801f8588c1e0959d5cfa704ce16a3e | | 11 | SHA1 (patch-ah) = 3b3471f42e801f8588c1e0959d5cfa704ce16a3e |
12 | SHA1 (patch-ai) = 78320fde6d073cb4bc87b281b83168f173344341 | | 12 | SHA1 (patch-ai) = 78320fde6d073cb4bc87b281b83168f173344341 |
13 | SHA1 (patch-aj) = ea0bef88be9e823ed2acfa54a59f29016de8cc5e | | 13 | SHA1 (patch-aj) = ea0bef88be9e823ed2acfa54a59f29016de8cc5e |
14 | SHA1 (patch-ak) = 1188e98e65fce3b968f9a2c211ffe315644d87d5 | | 14 | SHA1 (patch-ak) = 1188e98e65fce3b968f9a2c211ffe315644d87d5 |
15 | SHA1 (patch-al) = 3368a43981499dd46b2caa111eae19a0549d7499 | | 15 | SHA1 (patch-al) = 3368a43981499dd46b2caa111eae19a0549d7499 |
16 | SHA1 (patch-am) = 5a27d8f6a289f9b110a4bdc640547e43b799f08c | | 16 | SHA1 (patch-am) = 5a27d8f6a289f9b110a4bdc640547e43b799f08c |
17 | SHA1 (patch-at) = f74c2cd4919c59c0591e5aac7fdf8bb20fb87b96 | | 17 | SHA1 (patch-at) = f74c2cd4919c59c0591e5aac7fdf8bb20fb87b96 |
18 | SHA1 (patch-ba) = 6fc03fc155f630329f7dc831eece6b6464b453a6 | | 18 | SHA1 (patch-ba) = 6fc03fc155f630329f7dc831eece6b6464b453a6 |
19 | SHA1 (patch-bb) = aa088194fb073fcde8d2f558ed55ec36106d60d0 | | 19 | SHA1 (patch-bb) = aa088194fb073fcde8d2f558ed55ec36106d60d0 |
20 | SHA1 (patch-ca) = e04ff912406505abd015789f288ef09a7e1ae386 | | 20 | SHA1 (patch-ca) = e04ff912406505abd015789f288ef09a7e1ae386 |
21 | SHA1 (patch-cc) = 0af9845a62f9a6f8ec27657d0ae0c16394e9fc12 | | 21 | SHA1 (patch-cc) = 0af9845a62f9a6f8ec27657d0ae0c16394e9fc12 |
| | | 22 | SHA1 (patch-cd) = a22078951e1369900fcb58a281c75b3a86edd3ea |
$NetBSD: patch-cd,v 1.1 2010/05/04 20:46:31 tez Exp $
CVE-2009-3736 fix for embedded libltdl
--- libjava/libltdl/ltdl.c.orig 2010-04-30 10:49:19.822297200 -0500
+++ libjava/libltdl/ltdl.c 2010-04-30 10:49:34.600872700 -0500
@@ -2159,7 +2159,8 @@
static int try_dlopen LT_PARAMS((lt_dlhandle *handle,
const char *filename));
static int tryall_dlopen LT_PARAMS((lt_dlhandle *handle,
- const char *filename));
+ const char *filename,
+ const char * useloader));
static int unload_deplibs LT_PARAMS((lt_dlhandle handle));
static int lt_argz_insert LT_PARAMS((char **pargz,
size_t *pargz_len,
@@ -2345,9 +2346,10 @@
}
static int
-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
lt_dlhandle *handle;
const char *filename;
+ const char *useloader;
{
lt_dlhandle cur;
lt_dlloader *loader;
@@ -2414,6 +2416,11 @@
while (loader)
{
+ if (useloader && strcmp(loader->loader_name, useloader))
+ {
+ loader = loader->next;
+ continue;
+ }
lt_user_data data = loader->dlloader_data;
cur->module = loader->module_open (data, filename);
@@ -2483,7 +2490,7 @@
error += tryall_dlopen_module (handle,
(const char *) 0, prefix, filename);
}
- else if (tryall_dlopen (handle, filename) != 0)
+ else if (tryall_dlopen (handle, filename, NULL) != 0)
{
++error;
}
@@ -2504,7 +2511,7 @@
/* Try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available. */
- if (old_name && tryall_dlopen (handle, old_name) == 0)
+ if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
{
return 0;
}
@@ -2768,7 +2775,7 @@
/* Try to dlopen the file, but do not continue searching in any
case. */
- if (tryall_dlopen (handle, filename) != 0)
+ if (tryall_dlopen (handle, filename,NULL) != 0)
*handle = 0;
return 1;
@@ -3053,7 +3060,7 @@
/* lt_dlclose()ing yourself is very bad! Disallow it. */
LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
- if (tryall_dlopen (&newhandle, 0) != 0)
+ if (tryall_dlopen (&newhandle, 0, NULL) != 0)
{
LT_DLFREE (*phandle);
return 1;
@@ -3175,7 +3182,7 @@
}
#endif
}
- if (!file)
+ else
{
file = fopen (filename, LT_READTEXT_MODE);
}
@@ -3359,7 +3366,7 @@
#endif
)))
{
- if (tryall_dlopen (&newhandle, filename) != 0)
+ if (tryall_dlopen (&newhandle, filename, NULL) != 0)
{
newhandle = NULL;
}