[BACK]Return to patch-ae CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / devel / libtool / patches

File: [cvs.NetBSD.org] / pkgsrc / devel / libtool / patches / Attic / patch-ae (download)

Revision 1.8, Tue Dec 15 17:07:43 2009 UTC (10 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.7: +91 -30 lines

Fix a potential security issue in libltdl by making sure that the
current directory is not included in the search path. Bump revision
of libltdl. Patch backported from tez@

$NetBSD: patch-ae,v 1.8 2009/12/15 17:07:43 joerg Exp $
backport of libltdl 2.26b security fixes from gnu git repo

--- libltdl/ltdl.c.orig	2009-11-30 18:14:58.302462100 -0600
+++ libltdl/ltdl.c	2009-11-30 18:17:57.759481200 -0600
@@ -2192,7 +2192,8 @@
 static	int	try_dlopen	      LT_PARAMS((lt_dlhandle *handle,
 						 const char *filename));
 static	int	tryall_dlopen	      LT_PARAMS((lt_dlhandle *handle,
-						 const char *filename));
+						 const char *filename,
+						 const char * useloader));
 static	int	unload_deplibs	      LT_PARAMS((lt_dlhandle handle));
 static	int	lt_argz_insert	      LT_PARAMS((char **pargz,
 						 size_t *pargz_len,
@@ -2390,9 +2391,10 @@
 }
 
 static int
-tryall_dlopen (handle, filename)
+tryall_dlopen (handle, filename, useloader)
      lt_dlhandle *handle;
      const char *filename;
+     const char *useloader;
 {
   lt_dlhandle	 cur;
   lt_dlloader   *loader;
@@ -2459,6 +2461,11 @@
 
   while (loader)
     {
+      if (useloader && strcmp(loader->loader_name, useloader))
+	{
+	  loader = loader->next;
+	  continue;
+	}
       lt_user_data data = loader->dlloader_data;
 
       cur->module = loader->module_open (data, filename);
@@ -2528,7 +2535,7 @@
       error += tryall_dlopen_module (handle,
 				     (const char *) 0, prefix, filename);
     }
-  else if (tryall_dlopen (handle, filename) != 0)
+  else if (tryall_dlopen (handle, filename, NULL) != 0)
     {
       ++error;
     }
@@ -2549,7 +2556,7 @@
   /* Try to open the old library first; if it was dlpreopened,
      we want the preopened version of it, even if a dlopenable
      module is available.  */
-  if (old_name && tryall_dlopen (handle, old_name) == 0)
+  if (old_name && tryall_dlopen (handle, old_name, "dlpreload") == 0)
     {
       return 0;
     }
@@ -2813,7 +2820,7 @@
 
   /* Try to dlopen the file, but do not continue searching in any
      case.  */
-  if (tryall_dlopen (handle, filename) != 0)
+  if (tryall_dlopen (handle, filename,NULL) != 0)
     *handle = 0;
 
   return 1;
@@ -3103,7 +3110,7 @@
       /* lt_dlclose()ing yourself is very bad!  Disallow it.  */
       LT_DLSET_FLAG (*phandle, LT_DLRESIDENT_FLAG);
 
-      if (tryall_dlopen (&newhandle, 0) != 0)
+      if (tryall_dlopen (&newhandle, 0, NULL) != 0)
 	{
 	  LT_DLFREE (*phandle);
 	  return 1;
@@ -3225,7 +3232,7 @@
 	    }
 #endif
 	}
-      if (!file)
+      else
 	{
 	  file = fopen (filename, LT_READTEXT_MODE);
 	}
@@ -3412,7 +3419,7 @@
 #endif
 		   )))
 	{
-          if (tryall_dlopen (&newhandle, filename) != 0)
+          if (tryall_dlopen (&newhandle, filename, NULL) != 0)
             {
               newhandle = NULL;
             }