Smalltalk › Gnu

[Patch]State of CVE-2009-3736

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Jochen Schmitt

[Patch]State of CVE-2009-3736

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo,

on March 2010 I have introduced a patch to gnu-smalltalk-3.1-8 to fix
the security issue CVE-2009-3736. Unfortunately, I'm not uptodate
of the upstream integration of fixing this securiy issue. Therfore I will
ask, if this issue is fix on gnu-smalltalk-3.2. I not, you may find
the content
of the patch, I have created, below for upstream integration.

Best Regards:

Jochen Schmitt

diff -up smalltalk-3.2/configure.ac.ltdl smalltalk-3.2/configure.ac
- --- smalltalk-3.2/configure.ac.ltdl 2010-05-02 19:57:05.822849367
+0200
+++ smalltalk-3.2/configure.ac 2010-05-02 19:57:05.829850352 +0200
@@ -105,19 +105,8 @@ AM_MISSING_PROG(AUTOM4TE, autom4te, $mis
dnl ^L
dnl ------------------------------ SUBDIRS --------------------

- -AC_ARG_WITH(system-libltdl,
- -[ --with-system-libltdl[=PATH] use system libltdl.la (search in
PATH if given)],
- -[], [with_system_libltdl=no])
- -
- -if test $with_system_libltdl = no; then
- - AC_LIBOBJ(ltdl)
- - AC_CONFIG_LINKS([lib-src/ltdl.h:lib-src/ltdl_.h])
- - INCLTDL= LIBLTDL=
- -elif test $with_system_libltdl = yes; then
- - INCLTDL= LIBLTDL=-lltdl
- -else
- - INCLTDL="-I$withval/../include" LIBLTDL="-L$withval -lltdl"
- -fi
+INCLTDL= LIBLTDL=-lltdl
+
AC_SUBST(INCLTDL)
AC_SUBST(LIBLTDL)

diff -up smalltalk-3.2/lib-src/Makefile.am.ltdl
smalltalk-3.2/lib-src/Makefile.am
- --- smalltalk-3.2/lib-src/Makefile.am.ltdl 2010-05-02
19:59:34.232735191 +0200
+++ smalltalk-3.2/lib-src/Makefile.am 2010-05-02 19:59:49.835724459
+0200
@@ -11,7 +11,7 @@ library_la_SOURCES = \
noinst_HEADERS = \
obstack.h poll_.h getopt.h md5.h ansidecl.h strspell.h lock.h \
mathl.h trigl.h avltrees.h rbtrees.h trigl.c sincosl.c
getaddrinfo.h \
- - socketx.h ltdl_.h regex.h pointer-set.h
+ socketx.h regex.h pointer-set.h

DISTCLEANFILES = poll.h ltdl.h

~
~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iJwEAQECAAYFAkwjjREACgkQZLAIBz9lVu/7WQQAvpkWcLoZFUOfbAMSGfW2g/v5
VStjyLQXPvOT22RGfVAVc7Fz7/S2BeZgJfcbSWcm9v53hKr37g1ONuURFqMawp53
CruT5Ru2J4ukxid9p07oAg88GD+vb/UhGz/cXVsRrkRrGnXoZywO8vdDFXupEBXX
2etiJd/9Zv6FazwPFpA=
=m/pB
-----END PGP SIGNATURE-----

_______________________________________________
help-smalltalk mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/help-smalltalk

Paolo Bonzini-2

Re: [Patch]State of CVE-2009-3736

On 06/24/2010 06:51 PM, Jochen Schmitt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hallo,
>
> on March 2010 I have introduced a patch to gnu-smalltalk-3.1-8 to fix
> the security issue CVE-2009-3736. Unfortunately, I'm not uptodate
> of the upstream integration of fixing this securiy issue. Therfore I will
> ask, if this issue is fix on gnu-smalltalk-3.2.

Yes, it is fixed. However, with 3.2 you can also simply configure
--with-system-libltdl (I suppose you're already using system libffi and
libsigsegv) and drop the Fedora-specific patch.

Thanks!

Paolo

_______________________________________________
help-smalltalk mailing list
[hidden email]
http://lists.gnu.org/mailman/listinfo/help-smalltalk