This is the mail archive of the libffi-discuss@sourceware.org mailing list for the libffi project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: CVE-2009-4029 vulnerability


On 01/26/2010 08:59 AM, Giuseppe Scrivano wrote:
Hello,

please consider this patch, it fixes the CVE-2009-4029 vulnerability.  I
just recreated some files using the latest version of automake.

For more information about CVE-2009-4029:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4029


I sent a patch to fix this problem directly in the Firefox source tree, but they suggested me to send it here:

https://bugzilla.mozilla.org/show_bug.cgi?id=542110

Thanks Giuseppe. I've rebuilt the Makefiles in git with automake 1.11.1. The next release should be OK.


AG


Thanks, Giuseppe Scrivano



 From 29ff0cdfc47daceedb441c9d942c66dd8aae8163 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano<gscrivano@gnu.org>
Date: Tue, 26 Jan 2010 14:51:45 +0100
Subject: [PATCH] Fix CVE-2009-4029 vulnerability

---
  ChangeLog             |    7 +++++++
  Makefile.in           |   24 ++++++++++++++----------
  include/Makefile.in   |    9 ++++++---
  man/Makefile.in       |    9 ++++++---
  testsuite/Makefile.in |    9 ++++++---
  5 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 57e72b8..e146077 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-01-26  Giuseppe Scrivano<gscrivano@gnu.org>
+
+	* Makefile.in: Regenerate.
+	* include/Makefile.in: Likewise.
+	* man/Makefile.in: Likewise.
+	* testsuite/Makefile.in: Likewise.
+
  2010-01-07  Rainer Orth<ro@CeBiTec.Uni-Bielefeld.DE>

  	PR libffi/40701
diff --git a/Makefile.in b/Makefile.in
index 8c003b6..c247a2b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
  # @configure_input@

  # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -69,8 +69,10 @@ DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
  	compile config.guess config.sub depcomp install-sh ltmain.sh \
  	mdate-sh missing texinfo.tex
  ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
  am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
  	$(ACLOCAL_M4)
  am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
@@ -319,6 +321,7 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
  PACKAGE_NAME = @PACKAGE_NAME@
  PACKAGE_STRING = @PACKAGE_STRING@
  PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
  PACKAGE_VERSION = @PACKAGE_VERSION@
  PATH_SEPARATOR = @PATH_SEPARATOR@
  RANLIB = @RANLIB@
@@ -1232,7 +1235,7 @@ uninstall-pkgconfigDATA:
  #     (which will cause the Makefiles to be regenerated when you run `make');
  # (2) otherwise, pass the desired values on the `make' command line.
  $(RECURSIVE_TARGETS):
-	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
  	for f in x $$MAKEFLAGS; do \
  	  case $$f in \
  	    *=* | --[!k]*);; \
@@ -1257,7 +1260,7 @@ $(RECURSIVE_TARGETS):
  	fi; test -z "$$fail"

  $(RECURSIVE_CLEAN_TARGETS):
-	@failcom='exit 1'; \
+	@fail= failcom='exit 1'; \
  	for f in x $$MAKEFLAGS; do \
  	  case $$f in \
  	    *=* | --[!k]*);; \
@@ -1424,7 +1427,8 @@ distdir: $(DISTFILES)
  	  top_distdir="$(top_distdir)" distdir="$(distdir)" \
  	  dist-info
  	-test -n "$(am__skip_mode_fix)" \
-	|| find "$(distdir)" -type d ! -perm -777 -exec chmod a+rwx {} \; -o \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
  	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
  	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
  	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
@@ -1468,17 +1472,17 @@ dist dist-all: distdir
  distcheck: dist
  	case '$(DIST_ARCHIVES)' in \
  	*.tar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).tar.gz | $(am__untar) ;;\
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
  	*.tar.bz2*) \
-	  bunzip2 -c $(distdir).tar.bz2 | $(am__untar) ;;\
+	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
  	*.tar.lzma*) \
-	  unlzma -c $(distdir).tar.lzma | $(am__untar) ;;\
+	  lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
  	*.tar.xz*) \
  	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
  	*.tar.Z*) \
  	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
  	*.shar.gz*) \
-	  GZIP=$(GZIP_ENV) gunzip -c $(distdir).shar.gz | unshar ;;\
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
  	*.zip*) \
  	  unzip $(distdir).zip ;;\
  	esac
diff --git a/include/Makefile.in b/include/Makefile.in
index 3a55fd4..6d3b0ec 100644
--- a/include/Makefile.in
+++ b/include/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
  # @configure_input@

  # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -39,8 +39,10 @@ subdir = include
  DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
  	$(srcdir)/ffi.h.in
  ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
  am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
  	$(ACLOCAL_M4)
  mkinstalldirs = $(install_sh) -d
@@ -133,6 +135,7 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
  PACKAGE_NAME = @PACKAGE_NAME@
  PACKAGE_STRING = @PACKAGE_STRING@
  PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
  PACKAGE_VERSION = @PACKAGE_VERSION@
  PATH_SEPARATOR = @PATH_SEPARATOR@
  RANLIB = @RANLIB@
diff --git a/man/Makefile.in b/man/Makefile.in
index d50f19d..72f59f6 100644
--- a/man/Makefile.in
+++ b/man/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
  # @configure_input@

  # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -37,8 +37,10 @@ target_triplet = @target@
  subdir = man
  DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
  ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
-	$(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
  am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
  	$(ACLOCAL_M4)
  mkinstalldirs = $(install_sh) -d
@@ -131,6 +133,7 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
  PACKAGE_NAME = @PACKAGE_NAME@
  PACKAGE_STRING = @PACKAGE_STRING@
  PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
  PACKAGE_VERSION = @PACKAGE_VERSION@
  PATH_SEPARATOR = @PATH_SEPARATOR@
  RANLIB = @RANLIB@
diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
index a954696..c6f5ae7 100644
--- a/testsuite/Makefile.in
+++ b/testsuite/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11 from Makefile.am.
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
  # @configure_input@

# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -37,8 +37,10 @@ target_triplet = @target@
subdir = testsuite
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
- $(top_srcdir)/configure.ac
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
mkinstalldirs = $(install_sh) -d
@@ -108,6 +110,7 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
RANLIB = @RANLIB@


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]