Summary: | Stabilize =app-shells/pdsh-2.18-r1 (was: bundles its own libltdl) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | New packages | Assignee: | Gentoo Cluster Team <cluster> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra, security, wolf31o2 |
Priority: | High | Keywords: | STABLEREQ |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 251464 |
Description
Diego Elio Pettenò (RETIRED)
2008-12-24 15:31:06 UTC
This is CVE-2009-3736. # Samuli Suominen <ssuominen@gentoo.org> (03 Mar 2010) # Masked for QA, security # # After over an year of no word from maintainers # # Internal copy of vuln. libltdl, CVE-2009-3736 # # Masked for removal in 60 days app-shells/pdsh Fixed in Debian, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560892 Patch is included in, http://ftp.de.debian.org/debian/pool/main/p/pdsh/pdsh_2.18-6.debian.tar.gz Pretty much, --- src/pdsh/Makefile.am +++ src/pdsh/Makefile.am @@ -14,8 +14,7 @@ MODULE_LIBS = $(top_builddir)/src/modules/libmods.la else MODULE_FLAGS = -export-dynamic $(AIX_PDSH_LDFLAGS) -LTDL_FILES = ltdl.h ltdl.c -LTDL_LDADD = $(LIBADD_DL) +LTDL_LDADD = $(LIBADD_DL) -lltdl endif pdsh_LDADD = $(READLINE_LIBS) $(LTDL_LDADD) @@ -25,7 +24,7 @@ pdsh_inst_LDADD = $(pdsh_LDADD) pdsh_inst_LDFLAGS = $(pdsh_LDFLAGS) -pdsh_SOURCES = $(PDSH_SOURCES) $(LTDL_FILES) +pdsh_SOURCES = $(PDSH_SOURCES) pdsh_inst_SOURCES = $(pdsh_SOURCES) nodist_pdsh_SOURCES = testconfig.c nodist_pdsh_inst_SOURCES = config.c In case anyone is intrested in saving the package. +*pdsh-2.18-r1 (06 Apr 2010) + + 06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild, + +files/pdsh-2.18-unbundle-libtool.patch: + Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the + patch. + Do we need a stable bug for the new rev? (In reply to comment #4) > +*pdsh-2.18-r1 (06 Apr 2010) > + > + 06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild, > + +files/pdsh-2.18-unbundle-libtool.patch: > + Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the > + patch. > + > > > Do we need a stable bug for the new rev? > Yep, please unmask and get it stabilized like normal security bug (although I think this bug will work just as fine for that). Thanks for applying the patch! Archs please mark app-shells/pdsh-2.18-r1 stable. Note that the testsuite is buggy and RESTRICT'ed. Thanks. Tested on x86, looks good. x86 stable, thanks Andreas |