[Pkg-openmpi-commits] r213 - in /openmpi/trunk/debian: changelog patches/libtool patches/series

manuel at users.alioth.debian.org manuel at users.alioth.debian.org
Tue Dec 8 00:42:11 UTC 2009 

Author: manuel
Date: Tue Dec  8 00:42:11 2009
New Revision: 213

URL: http://svn.debian.org/wsvn/pkg-openmpi/?sc=1&rev=213
Log:
Fixed libtool security issue

Added:
    openmpi/trunk/debian/patches/libtool
Modified:
    openmpi/trunk/debian/changelog
    openmpi/trunk/debian/patches/series

Modified: openmpi/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/changelog?rev=213&op=diff
==============================================================================
--- openmpi/trunk/debian/changelog (original)
+++ openmpi/trunk/debian/changelog Tue Dec  8 00:42:11 2009
@@ -1,3 +1,10 @@
+openmpi (1.3.3-4) unstable; urgency=medium
+
+  * Fixed security issue in copy of libtool, see CVE-2009-3736.
+    Closes: #559836.
+
+ -- Manuel Prinz <manuel at debian.org>  Tue, 08 Dec 2009 00:58:02 +0100
+
 openmpi (1.3.3-3.1) unstable; urgency=low
 
   * Non-maintainer upload with the maintainer's permission.

Added: openmpi/trunk/debian/patches/libtool
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/patches/libtool?rev=213&op=file
==============================================================================
--- openmpi/trunk/debian/patches/libtool (added)
+++ openmpi/trunk/debian/patches/libtool Tue Dec  8 00:42:11 2009
@@ -1,0 +1,31 @@
+Description: Fix security issue in libtool copy
+ This patch fixes a security issue in libtool's dlopen(). This is CVE-2009-3736
+ (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736).
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836
+Author: Manuel Prinz <manuel at debian.org>
+Last-Update: 2009-12-08
+---
+ opal/libltdl/ltdl.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/opal/libltdl/ltdl.c
++++ b/opal/libltdl/ltdl.c
+@@ -529,7 +529,8 @@
+   /* Try to open the old library first; if it was dlpreopened,
+      we want the preopened version of it, even if a dlopenable
+      module is available.  */
+-  if (old_name && tryall_dlopen (handle, old_name, advise, 0) == 0)
++  if (old_name && tryall_dlopen (handle, old_name,
++			  advise, lt_dlloader_find ("lt_preopen") ) == 0)
+     {
+       return 0;
+     }
+@@ -1345,7 +1346,7 @@
+ 	    }
+ #endif
+ 	}
+-      if (!file)
++      else
+ 	{
+ 	  file = fopen (attempt, LT_READTEXT_MODE);
+ 	}

Modified: openmpi/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/patches/series?rev=213&op=diff
==============================================================================
--- openmpi/trunk/debian/patches/series (original)
+++ openmpi/trunk/debian/patches/series Tue Dec  8 00:42:11 2009
@@ -2,3 +2,4 @@
 sparc_build
 manpage-errors
 manpage-errors-checkpoint
+libtool

More information about the Pkg-openmpi-commits mailing list