From b1e3f5471a7d4a2f4abac193cb21554377e715b0e35db3a0ea886e798ffedbdb Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 4 Dec 2009 08:53:43 +0000 Subject: [PATCH] Accepting request 25303 from Base:System Copy from Base:System/libtool based on submit request 25303 from user psmt OBS-URL: https://build.opensuse.org/request/show/25303 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libtool?expand=0&rev=14 --- libtool-2.2.6a.tar.lzma | 3 - libtool-2.2.6b.tar.lzma | 3 + libtool.changes | 12 +++ libtool.spec | 192 ++-------------------------------------- 4 files changed, 22 insertions(+), 188 deletions(-) delete mode 100644 libtool-2.2.6a.tar.lzma create mode 100644 libtool-2.2.6b.tar.lzma diff --git a/libtool-2.2.6a.tar.lzma b/libtool-2.2.6a.tar.lzma deleted file mode 100644 index 31d9b1c..0000000 --- a/libtool-2.2.6a.tar.lzma +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1d22960afeab230c9c380365ea8791b194109a5f9d5916a1e29c3d0bdaa9638a -size 733923 diff --git a/libtool-2.2.6b.tar.lzma b/libtool-2.2.6b.tar.lzma new file mode 100644 index 0000000..26b7bda --- /dev/null +++ b/libtool-2.2.6b.tar.lzma @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:66ebad3c02e5cb6672bfbda1183fb6fc919d33d676eb8be4b7834aa7c3b8b7ae +size 739089 diff --git a/libtool.changes b/libtool.changes index 41e6244..756d81b 100644 --- a/libtool.changes +++ b/libtool.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Wed Nov 18 15:54:26 CET 2009 - pth@suse.de + +- VUL-0 CVE-2009-3736 Update to 2.2.6b (bnc#556122): + * Fix libltdl to no longer attempt to dlopen() the old_library + listed in the .la file. Now will use only the preopen loader to + attempt to load it. This may be a security issue, all users are + advised to upgrade. + * Similarly, don't open module.la from the current directory, this + changes the behavior of libltdl to match the documentation. + * Adapt test suite to changes. + ------------------------------------------------------------------- Sat Feb 7 11:11:12 CET 2009 - schwab@suse.de diff --git a/libtool.spec b/libtool.spec index d0a1bb3..0923094 100644 --- a/libtool.spec +++ b/libtool.spec @@ -1,5 +1,5 @@ # -# spec file for package libtool (Version 2.2.6) +# spec file for package libtool (Version 2.2.6b) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,12 +18,12 @@ Name: libtool -BuildRequires: lzma -License: GPL v2 or later +BuildRequires: lzma zlib-devel +License: GPLv2+ Group: Development/Tools/Building Summary: A Tool to Build Shared Libraries -Version: 2.2.6 -Release: 6 +Version: 2.2.6b +Release: 1 AutoReqProv: on # bug437293 %ifarch ppc64 @@ -33,7 +33,7 @@ Obsoletes: libtool-64bit PreReq: %{install_info_prereq} Requires: libltdl7 = %{version} Url: http://www.gnu.org/software/libtool/ -Source: ftp://ftp.gnu.org/pub/gnu/libtool/libtool-%{version}a.tar.lzma +Source: ftp://ftp.gnu.org/pub/gnu/libtool/libtool-%{version}.tar.lzma #Patch: libtool-%{version}.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -54,7 +54,7 @@ Authors: Bob Friesenhahn %package -n libltdl7 -License: GPL v2 or later +License: GPLv2+ Summary: Libtool Runtime Library Group: Development/Libraries/C and C++ AutoReqProv: on @@ -126,181 +126,3 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libltdl.so.* %changelog -* Sat Feb 07 2009 schwab@suse.de -- Rebuild broken info file. -* Fri Jan 09 2009 schwab@suse.de -- Fix last change. -* Wed Jan 07 2009 olh@suse.de -- obsolete old -XXbit packages (bnc#437293) -* Sun Sep 07 2008 schwab@suse.de -- Update to libtool 2.2.6. - * New features: - - New lt_dloadvise_preload() call to set a hint that only preloadeded - modules can be opened. - - libtoolize no longer removes config.guess and config.sub, even when - --install is passed. - * Changes in supported systems or compilers: - - Fixes for ifort on Darwin, and newer Intel compilers (icc 10, ifort 9) - on GNU/Linux. - - Fixes for cwrapper (cygwin/mingw) under -stdc=c99. - - Support cross compile of MinGW with Wine. - - Initial support for cegcc (Windows CE/PocketPC) cross compilation. - - Initial support for lf95 (Lahey Fortran 8.1) on GNU/Linux. - * Bug fixes: - - Several testsuite issues have been fixed, thanks to user feedback. - - Fix 2.2 regression that caused argz symbols to be exported from - libltdl unrenamed on systems that do not have working argz. - - Revert "lt_dlopen(NULL) works on AIX again.". It was not the - correct fix. - - Diagnose '-L' arguments correctly. - - Libtool no longer tries to open devices as files in execute mode. - - Libtool no longer removes *.gcno profile information from GCC. -* Wed May 21 2008 cthiel@suse.de -- fix baselibs.conf -* Thu Apr 10 2008 ro@suse.de -- added baselibs.conf file to build xxbit packages - for multilib support -* Fri Feb 01 2008 schwab@suse.de -- Update to libtool 1.5.26. - * Improved support for Mac OS X Leopard. - * More robust parsing of mangled `.la' files inside libltdl, fixing a - possible overrun and a crash due to memory exhaustion. - * Fix compile command line for gcj on MinGW. - * Some configure variables have been renamed to fix caching: - lt_prog_compiler_pic_works to lt_cv_prog_compiler_pic_works - lt_prog_compiler_static_works to lt_cv_prog_compiler_static_works. - * Support for AIX 6.1. - * Bug Fixes. -* Tue Nov 13 2007 schwab@suse.de -- Fix C++ includes. -* Wed Jun 27 2007 schwab@suse.de -- Update to libtool 1.5.24. - * Initial support for Interix newer than version 3. - * Use getconf ARG_MAX to find the max command line length. - * Bug Fixes. -* Wed Jun 06 2007 schwab@suse.de -- Rename libltdl to libltdl-3. -* Mon Sep 18 2006 schwab@suse.de -- Remove build requires. -* Tue May 23 2006 schwab@suse.de -- Fix dependency. -* Fri Jan 27 2006 schwab@suse.de -- Split off libtldl package. -* Wed Jan 25 2006 mls@suse.de -- converted neededforbuild to BuildRequires -* Fri Jan 13 2006 schwab@suse.de -- Run ldconfig. -* Mon Jan 09 2006 schwab@suse.de -- Update to libtool 1.5.22. -* Thu Sep 01 2005 schwab@suse.de -- Update to libtool 1.5.20. -* Tue May 17 2005 schwab@suse.de -- Update to libtool 1.5.18. -* Thu Apr 28 2005 schwab@suse.de -- Don't install in libltdl data files in libltdl directory. -* Tue Apr 26 2005 schwab@suse.de -- Update to libtool 1.5.16. -* Sat Feb 12 2005 schwab@suse.de -- Update to libtool 1.5.14. -* Mon Feb 07 2005 schwab@suse.de -- Fix handling of -pthread during linking. -* Sat Feb 05 2005 schwab@suse.de -- Update to libtool 1.5.12. -* Fri Oct 08 2004 schwab@suse.de -- Update to libtool 1.5.10. -* Tue Aug 10 2004 ro@suse.de -- clean neededforbuild -* Sat Aug 07 2004 schwab@suse.de -- Update to libtool 1.5.8. -* Mon Apr 12 2004 schwab@suse.de -- Update to libtool 1.5.6. -* Mon Jan 26 2004 schwab@suse.de -- Update to libtool 1.5.2. -* Wed Oct 15 2003 schwab@suse.de -- Make sure we get a full-featured libtool [#32356]. -* Thu Jul 03 2003 meissner@suse.de -- biarch fix for powerpc64-*linux*. -* Fri Apr 25 2003 schwab@suse.de -- Update to libtool 1.5. -- Fix AC_PROG_LD_GNU. -* Thu Apr 24 2003 ro@suse.de -- fix install_info --delete call and move from preun to postun -* Mon Apr 07 2003 schwab@suse.de -- Only delete info entries when removing last version. -* Thu Feb 06 2003 schwab@suse.de -- Use %%install_info. -* Wed Dec 04 2002 schwab@suse.de -- Make sure we are using the fixed libtool macros during configuring. -* Thu Oct 24 2002 schwab@suse.de -- Update to libtool 1.4.3. -* Thu Sep 19 2002 schwab@suse.de -- Remove execute permission from *.la. -- libtoolize: fix reference to configure.in. -* Tue Sep 17 2002 ro@suse.de -- removed bogus self-provides -* Mon Jul 29 2002 meissner@suse.de -- Added patch for a directory open problem (exhibited by gphoto in - LANG=de_DE). (extracted from libtool CVS) -* Fri Jun 07 2002 schwab@suse.de -- Fix for lib64. -* Wed Jun 05 2002 schwab@suse.de -- Fix logic in ltmain.sh. -* Mon Apr 15 2002 sf@suse.de -- use pass_all in AC_DEPLIBS_CHECK_METHOD for x86_64 -* Thu Mar 28 2002 schwab@suse.de -- Fix last change to not patch the generated file. -* Wed Feb 13 2002 stepan@suse.de -- allow link against an archive when building a shared library -- patch to use mktemp to create the tempdir -- fix test quoting in ltmain.in -* Tue Feb 05 2002 schwab@suse.de -- Add patch to support DESTDIR. -* Fri Jan 04 2002 schwab@suse.de -- Quote $AS when writing it to libtool script. -* Tue Nov 13 2001 schwab@suse.de -- Use pass_all on mips. -* Mon Oct 08 2001 schwab@suse.de -- Fix quoting with "libtool --mode=execute". -* Thu Sep 27 2001 schwab@suse.de -- Update to libtool 1.4.2 (more portability fixes). -* Tue Sep 04 2001 schwab@suse.de -- Update to libtool 1.4.1 (only portability fixes). -* Mon Jul 23 2001 schwab@suse.de -- Use pass_all in AC_DEPLIBS_CHECK_METHOD for s390* and m68k. -* Tue Jun 12 2001 schwab@suse.de -- Add URL. -- Install some docs. -* Mon Jun 11 2001 olh@suse.de -- recognize ppc64 -* Thu May 03 2001 schwab@suse.de -- Update to libtool 1.4. -* Mon Feb 19 2001 schwab@suse.de -- Fix use of suse_update_config macro. -* Mon Feb 19 2001 ro@suse.de -- fix specfile for sparc64 (again) -* Thu Feb 15 2001 fober@suse.de -- add suse_update_config (for the reason of 390 and the sake of the - rest) -* Wed Sep 20 2000 fober@suse.de -- s390: change deplibs_check_method back to file_magic (like 1.3.4) -* Mon Sep 04 2000 nadvornik@suse.cz -- update to 1.3.5 -* Fri May 12 2000 schwab@suse.de -- Don't add libc to deplibs on Linux. -* Sat Apr 01 2000 bk@suse.de -- updated config.sub and config.guess patches for s390 -* Tue Mar 28 2000 bk@suse.de -- patched config.sub and config.guess for s390 -* Wed Mar 22 2000 schwab@suse.de -- Fix linux -> linux-gnu transformation in ltconfig. -* Fri Feb 11 2000 kukuk@suse.de -- Add patches from LinuxPPC reference sources -* Tue Jan 25 2000 kukuk@suse.de -- Update to 1.3.4 -- move /usr/info -> /usr/share/info -* Mon Sep 13 1999 bs@suse.de -- ran old prepare_spec on spec file to switch to new prepare_spec. -* Mon Jul 19 1999 florian@suse.de -- update to version 1.3.3 -* Sat Sep 26 1998 ke@suse.de -- initial version: 1.2b.