[Pkg-openmpi-commits] r213 - in /openmpi/trunk/debian: changelog patches/libtool patches/series
manuel at users.alioth.debian.org
manuel at users.alioth.debian.org
Tue Dec 8 00:42:11 UTC 2009
Author: manuel
Date: Tue Dec 8 00:42:11 2009
New Revision: 213
URL: http://svn.debian.org/wsvn/pkg-openmpi/?sc=1&rev=213
Log:
Fixed libtool security issue
Added:
openmpi/trunk/debian/patches/libtool
Modified:
openmpi/trunk/debian/changelog
openmpi/trunk/debian/patches/series
Modified: openmpi/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/changelog?rev=213&op=diff
==============================================================================
--- openmpi/trunk/debian/changelog (original)
+++ openmpi/trunk/debian/changelog Tue Dec 8 00:42:11 2009
@@ -1,3 +1,10 @@
+openmpi (1.3.3-4) unstable; urgency=medium
+
+ * Fixed security issue in copy of libtool, see CVE-2009-3736.
+ Closes: #559836.
+
+ -- Manuel Prinz <manuel at debian.org> Tue, 08 Dec 2009 00:58:02 +0100
+
openmpi (1.3.3-3.1) unstable; urgency=low
* Non-maintainer upload with the maintainer's permission.
Added: openmpi/trunk/debian/patches/libtool
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/patches/libtool?rev=213&op=file
==============================================================================
--- openmpi/trunk/debian/patches/libtool (added)
+++ openmpi/trunk/debian/patches/libtool Tue Dec 8 00:42:11 2009
@@ -1,0 +1,31 @@
+Description: Fix security issue in libtool copy
+ This patch fixes a security issue in libtool's dlopen(). This is CVE-2009-3736
+ (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736).
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559836
+Author: Manuel Prinz <manuel at debian.org>
+Last-Update: 2009-12-08
+---
+ opal/libltdl/ltdl.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/opal/libltdl/ltdl.c
++++ b/opal/libltdl/ltdl.c
+@@ -529,7 +529,8 @@
+ /* Try to open the old library first; if it was dlpreopened,
+ we want the preopened version of it, even if a dlopenable
+ module is available. */
+- if (old_name && tryall_dlopen (handle, old_name, advise, 0) == 0)
++ if (old_name && tryall_dlopen (handle, old_name,
++ advise, lt_dlloader_find ("lt_preopen") ) == 0)
+ {
+ return 0;
+ }
+@@ -1345,7 +1346,7 @@
+ }
+ #endif
+ }
+- if (!file)
++ else
+ {
+ file = fopen (attempt, LT_READTEXT_MODE);
+ }
Modified: openmpi/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-openmpi/openmpi/trunk/debian/patches/series?rev=213&op=diff
==============================================================================
--- openmpi/trunk/debian/patches/series (original)
+++ openmpi/trunk/debian/patches/series Tue Dec 8 00:42:11 2009
@@ -2,3 +2,4 @@
sparc_build
manpage-errors
manpage-errors-checkpoint
+libtool
More information about the Pkg-openmpi-commits
mailing list