Given that libltdl has been found vulnerable, this should be checked thoroughly.
Created attachment 221915 [details, diff] Use system libltdl Here is a patch to use system libtool instead of bundled copy, but I'm having a bit trouble: --- naim-0.11.8.3.2.ebuild 2009-09-23 12:43:57.000000000 +0300 +++ naim-0.11.8.3.2-r1.ebuild 2010-03-03 12:43:19.000000000 +0200 @@ -3,6 +3,7 @@ # $Header: /var/cvsroot/gentoo-x86/net-im/naim/naim-0.11.8.3.2.ebuild,v 1.1 2009/09/23 09:43:57 ssuominen Exp $ EAPI=2 +inherit autotools eutils DESCRIPTION="An ncurses based AOL Instant Messenger" HOMEPAGE="http://naim.n.ml.org" @@ -13,12 +14,18 @@ KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" IUSE="debug screen" -RDEPEND="sys-libs/ncurses +DEPEND=">=sys-devel/libtool-2.2.6b + sys-libs/ncurses screen? ( app-misc/screen )" -DEPEND="${RDEPEND}" MAKEOPTS="${MAKEOPTS} -j1" +src_prepare() { + epatch "${FILESDIR}"/${P}-system_libltdl.patch + rm -rf libltdl + AT_M4DIR="libfiretalk src" eautoreconf +} + src_configure() { local myconf="--disable-dnsupdate" Will result in: ./configure: line 4426: ac_fn_c_check_type: command not found ./configure: line 4505: syntax error near unexpected token `fi' ./configure: line 4505: `fi'
# Samuli Suominen <ssuominen@gentoo.org> (03 Mar 2010) # Masked for QA, security # # Internal copy of vuln. libltdl, CVE-2009-3736 # # Bugs 252402, 296953, 296954, 215252, 297649 # # Masked for removal in 60 days net-libs/libnetdude net-analyzer/netdude net-im/naim
Removed from tree.
(In reply to comment #3) > Removed from tree. > I opened a bug in the naim issue tracker. I borrowed your patch and added two of my own to get naim to compile. I'm not sure if what I did to update lt_dlhandle_next and lt_dlforeach to the modern libltdl API is correct. http://code.google.com/p/naim/issues/detail?id=32
