r36908 - in /packages/scilab/trunk/debian: changelog patches/CVE-2010-3378.diff
sylvestre at users.alioth.debian.org
sylvestre at users.alioth.debian.org
Sat Oct 2 11:42:00 UTC 2010
Author: sylvestre
Date: Sat Oct 2 11:41:59 2010
New Revision: 36908
URL: http://svn.debian.org/wsvn/debian-science/?sc=1&rev=36908
Log:
+ * SECURITY UPDATE:
+ - (CVE-2010-3378) : Insecure library loading (Closes: #598422, #598423)
Added:
packages/scilab/trunk/debian/patches/CVE-2010-3378.diff
Modified:
packages/scilab/trunk/debian/changelog
Modified: packages/scilab/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/debian-science/packages/scilab/trunk/debian/changelog?rev=36908&op=diff
==============================================================================
--- packages/scilab/trunk/debian/changelog (original)
+++ packages/scilab/trunk/debian/changelog Sat Oct 2 11:41:59 2010
@@ -1,3 +1,10 @@
+scilab (5.2.2-8) unstable; urgency=high
+
+ * SECURITY UPDATE:
+ - (CVE-2010-3378) : Insecure library loading (Closes: #598422, #598423)
+
+ -- Sylvestre Ledru <sylvestre at debian.org> Thu, 30 Sep 2010 15:17:57 +0200
+
scilab (5.2.2-7) unstable; urgency=low
* Fix a bad upload: Not binNMU-able (Closes: #597755)
Added: packages/scilab/trunk/debian/patches/CVE-2010-3378.diff
URL: http://svn.debian.org/wsvn/debian-science/packages/scilab/trunk/debian/patches/CVE-2010-3378.diff?rev=36908&op=file
==============================================================================
--- packages/scilab/trunk/debian/patches/CVE-2010-3378.diff (added)
+++ packages/scilab/trunk/debian/patches/CVE-2010-3378.diff Sat Oct 2 11:41:59 2010
@@ -1,0 +1,40 @@
+--- scilab-5.2.2.orig/bin/scilab 2010-04-20 16:41:55.000000000 +0200
++++ scilab-5.2.2/bin/scilab 2010-09-30 15:33:08.000000000 +0200
+@@ -280,7 +280,7 @@
+ *darwin* | *Darwin*)
+ # Seems to be always that under Mac OS X. Don't hesitate to submit a bug report if it is not the case.
+ JAVA_HOME="/System/Library/Frameworks/JavaVM.framework/Home/"
+- LD_LIBRARY_PATH="$JAVA_HOME/../Libraries:$LD_LIBRARY_PATH"
++ LD_LIBRARY_PATH="$JAVA_HOME/../Libraries${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+ if test $SCIVERBOSE -ne 0; then
+ echo "Using default Mac OS X vm: $JAVA_HOME"
+ echo "And LD_LIBRARY_PATH: $LD_LIBRARY_PATH"
+@@ -459,7 +459,7 @@
+ CLASSPATH="$CLASSPATH:$SCI/modules/jvm/jar/org.scilab.modules.jvm.jar"
+ # @TODO This is the default path of the official sun JVM.
+ # It is different for other implementation of the JVM....
+- LD_LIBRARY_PATH="$JRE_HOME/lib/$proc/:$JRE_HOME/lib/$proc/server/:$JRE_HOME/lib/$proc/native_threads/:$LD_LIBRARY_PATH"
++ LD_LIBRARY_PATH="$JRE_HOME/lib/$proc/:$JRE_HOME/lib/$proc/server/:$JRE_HOME/lib/$proc/native_threads/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+ fi
+ else
+ if test $SCIVERBOSE -ne 0; then
+@@ -518,16 +518,16 @@
+ case $OS in
+ *darwin* | *Darwin*) # MacOS X
+ # When using some packaging tools like fink which are storing the info in /sw/lib
+- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/sw/lib/"
++ LD_LIBRARY_PATH="/sw/lib/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
+ # Export the path to the Scilab lib when Scilab has been install ...
+ # to a Mac os x specific variable used by the linker before LD_LIBRARY_PATH
+- DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$SCI/../../lib/scilab/
++ DYLD_LIBRARY_PATH=$SCI/../../lib/scilab/${DYLD_LIBRARY_PATH:+:$DYLD_LIBRARY_PATH}:
+ # Crappy workaround for the dynamic load of sundials under Mac OS X
+ # in the source tree version. This does not occur in the binary
+ # thanks to the previous declaration on ../../lib/scilab
+ # See bug #4949
+ if test -d "$SCI/modules/scicos/.libs/"; then
+- DYLD_LIBRARY_PATH=$DYLD_LIBRARY_PATH:$SCI/modules/scicos/.libs/
++ DYLD_LIBRARY_PATH=$SCI/modules/scicos/.libs/${DYLD_LIBRARY_PATH:+:$DYLD_LIBRARY_PATH}
+ fi
+ export DYLD_LIBRARY_PATH
+ ;;
More information about the debian-science-commits
mailing list