- update to 2.2.6b, fixes CVE-2009-3736: libltdl may load and execute codelibtool-2_2_6-11_fc11_2

from a library in the current directory
author: Karsten Hopp <karsten@fedoraproject.org> 2009-12-02 11:34:09 +0000
committer: Karsten Hopp <karsten@fedoraproject.org> 2009-12-02 11:34:09 +0000
commit: 0441a2a8d01481a79fa807d6ea4fad7d2de1e0bf (patch)
tree: 02d09c6dbe3740712e6000756e01286ef8cdc342 /libtool-1.5.24-relativepath.patch
parent: 2821ffac4887c36815f13d555908b1a5dac4143b (diff)
1 files changed, 0 insertions, 14 deletions
diff --git a/libtool-1.5.24-relativepath.patch b/libtool-1.5.24-relativepath.patch
deleted file mode 100644
index 1549b2f..0000000
--- a/libtool-1.5.24-relativepath.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up libtool-1.5.24/libltdl/ltdl.c.relativepath libtool-1.5.24/libltdl/ltdl.c
---- libtool-1.5.24/libltdl/ltdl.c.relativepath	2007-06-01 07:04:54.000000000 +0200
-+++ libtool-1.5.24/libltdl/ltdl.c	2007-07-24 12:56:22.000000000 +0200
-@@ -3225,7 +3225,9 @@ try_dlopen (phandle, filename)
- 	}
-       if (!file)
- 	{
--	  file = fopen (filename, LT_READTEXT_MODE);
-+	  /* don't open .la files in current directory, root might get tricked to run a binary in a prepared directory */
-+	  if(!strncmp((filename + strlen(filename) - 3), LTDL_ARCHIVE_EXT,3) || strstr(filename,"/"))
-+	    file = fopen (filename, LT_READTEXT_MODE);
- 	}
- 
-       /* If we didn't find the file by now, it really isn't there.  Set
author	Karsten Hopp <karsten@fedoraproject.org>	2009-12-02 11:34:09 +0000
committer	Karsten Hopp <karsten@fedoraproject.org>	2009-12-02 11:34:09 +0000
commit	0441a2a8d01481a79fa807d6ea4fad7d2de1e0bf (patch)
tree	02d09c6dbe3740712e6000756e01286ef8cdc342 /libtool-1.5.24-relativepath.patch
parent	2821ffac4887c36815f13d555908b1a5dac4143b (diff)