Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 252398 - Stabilize =app-shells/pdsh-2.18-r1 (was: bundles its own libltdl)
Summary: Stabilize =app-shells/pdsh-2.18-r1 (was: bundles its own libltdl)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Cluster Team
URL:
Whiteboard:
Keywords: STABLEREQ
Depends on:
Blocks: bundled-libs
  Show dependency tree
 
Reported: 2008-12-24 15:31 UTC by Diego Elio Pettenò (RETIRED)
Modified: 2010-09-10 19:01 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Diego Elio Pettenò (RETIRED) gentoo-dev 2008-12-24 15:31:06 UTC
Have fun...
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2010-03-03 11:34:16 UTC
This is CVE-2009-3736.
Comment 2 Samuli Suominen (RETIRED) gentoo-dev 2010-03-03 11:40:05 UTC
# Samuli Suominen <ssuominen@gentoo.org> (03 Mar 2010)
# Masked for QA, security
#
# After over an year of no word from maintainers
#
# Internal copy of vuln. libltdl, CVE-2009-3736
#
# Masked for removal in 60 days
app-shells/pdsh
Comment 3 Samuli Suominen (RETIRED) gentoo-dev 2010-03-26 22:24:38 UTC
Fixed in Debian,

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560892

Patch is included in,

http://ftp.de.debian.org/debian/pool/main/p/pdsh/pdsh_2.18-6.debian.tar.gz

Pretty much,

--- src/pdsh/Makefile.am
+++ src/pdsh/Makefile.am
@@ -14,8 +14,7 @@
 MODULE_LIBS =              $(top_builddir)/src/modules/libmods.la 
 else
 MODULE_FLAGS =             -export-dynamic $(AIX_PDSH_LDFLAGS)
-LTDL_FILES =               ltdl.h ltdl.c
-LTDL_LDADD =               $(LIBADD_DL)
+LTDL_LDADD =               $(LIBADD_DL) -lltdl
 endif
 
 pdsh_LDADD =               $(READLINE_LIBS) $(LTDL_LDADD)
@@ -25,7 +24,7 @@
 pdsh_inst_LDADD =          $(pdsh_LDADD)
 pdsh_inst_LDFLAGS =        $(pdsh_LDFLAGS)
 
-pdsh_SOURCES =             $(PDSH_SOURCES) $(LTDL_FILES)
+pdsh_SOURCES =             $(PDSH_SOURCES)
 pdsh_inst_SOURCES =        $(pdsh_SOURCES)
 nodist_pdsh_SOURCES =      testconfig.c
 nodist_pdsh_inst_SOURCES = config.c

In case anyone is intrested in saving the package.
Comment 4 Justin Bronder (RETIRED) gentoo-dev 2010-04-06 16:31:36 UTC
+*pdsh-2.18-r1 (06 Apr 2010)
+
+  06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild,
+  +files/pdsh-2.18-unbundle-libtool.patch:
+  Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the
+  patch.
+


Do we need a stable bug for the new rev?
Comment 5 Samuli Suominen (RETIRED) gentoo-dev 2010-04-06 16:35:37 UTC
(In reply to comment #4)
> +*pdsh-2.18-r1 (06 Apr 2010)
> +
> +  06 Apr 2010; Justin Bronder <jsbronder@gentoo.org> +pdsh-2.18-r1.ebuild,
> +  +files/pdsh-2.18-unbundle-libtool.patch:
> +  Unbundle libtool and bump EAPI. Thanks to ssuominen for tracking down the
> +  patch.
> +
> 
> 
> Do we need a stable bug for the new rev?
> 

Yep, please unmask and get it stabilized like normal security bug (although I think this bug will work just as fine for that). Thanks for applying the patch!
Comment 6 Justin Bronder (RETIRED) gentoo-dev 2010-04-06 17:29:05 UTC
Archs please mark app-shells/pdsh-2.18-r1 stable.  Note that the testsuite is buggy and RESTRICT'ed.

Thanks.
Comment 7 Andreas Schürch gentoo-dev 2010-04-07 16:37:37 UTC
Tested on x86, looks good.
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-04-08 07:22:51 UTC
x86 stable, thanks Andreas