Bug#559827: siproxd Re: Bug#559827: CVE-2009-3736 update
Mark Purcell
msp at debian.org
Fri Feb 19 22:37:39 UTC 2010
On Sunday 13 December 2009 10:07:00 you wrote:
> It has come to my attention that a lot of maintainers are simply adding
> a build-depends on libltdl3-dev to try to solve this problem. This is
> not a sufficient solution since your package will still use the
> embedded libtool code copy. You need to add '--without-included-ltdl'
> to your configure arguments to do this right.
Michael,
Thanks for surfacing this issue, I have forwarded the issue upstream as you may of seen from my earlier email.
One issue is that for '--without-included-ltdl' to work, it needs to be supported in the configure script, which in a lot of cases it isn't :-(
I have been revewing a few packages which rdepend on libltdt7 to see how they have setup configure to address this issue.
Something like:
configure.ac:
dnl
dnl Check for libltdl
dnl
AC_CHECK_LIB([ltdl],[lt_dlinit],,
[AC_MSG_ERROR([[libltdl not found]])])
Will perform the check, but then things get complicated in terms of changing paths, ensuring that the imbedded copy doesn't get built/ linked against.
Do you have any code snippets from best practise for using the system provided libltdl?
Thanks,
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20100219/d1edee43/attachment.pgp>
More information about the Pkg-voip-maintainers
mailing list