Hi all, I have packaged the new version of libtool for unstable. This fixes CVE-2009-3736. I am looking for a sponsor for the upload.
The upstream changes are substantial (the diff between 2.2.6a and 2.2.6b is 7.3 MiB, so I have chosen not to attach it). Instead, I have attached a diff for my changes to just the debian directory. If you feel more comfortable building the package yourself, you can download the new upstream release directly, run 'uupdate -v 2.2.6b', then apply my diff. The uupdate applies cleanly. The package can be found on mentors.debian.net: - URL: http://mentors.debian.net/debian/pool/main/l/libtool - Source repository: deb-src http://mentors.debian.net/debian unstable main contrib non-free - dget http://mentors.debian.net/debian/pool/main/l/libtool/libtool_2.2.6b-0+nmu1.dsc I would be glad if someone uploaded this package for me. Kind regards, Mike
diff -urN libtool-2.2.6a/debian/changelog libtool-2.2.6b/debian/changelog --- libtool-2.2.6a/debian/changelog 2009-12-06 22:56:43.000000000 -0500 +++ libtool-2.2.6b/debian/changelog 2009-12-08 20:27:32.000000000 -0500 @@ -1,3 +1,14 @@ +libtool (2.2.6b-0+nmu1) unstable; urgency=high + + * Non-maintainer upload by the security team. + * New upstream release fixes local privilege escalation CVE-2009-3736. + (Closes: #559797) + * Update to standards version 3.8.3. + * Update to debhelper 5. + * libtool-doc now depends on install-info. + + -- Michael Gilbert <michael.s.gilb...@gmail.com> Tue, 08 Dec 2009 19:57:37 -0500 + libtool (2.2.6a-4) unstable; urgency=low * link_all_deplibs was only set to no for the CXX tag. Set it to no diff -urN libtool-2.2.6a/debian/compat libtool-2.2.6b/debian/compat --- libtool-2.2.6a/debian/compat 2009-12-06 22:56:43.000000000 -0500 +++ libtool-2.2.6b/debian/compat 2009-12-08 20:18:07.000000000 -0500 @@ -1 +1 @@ -4 +5 diff -urN libtool-2.2.6a/debian/control libtool-2.2.6b/debian/control --- libtool-2.2.6a/debian/control 2009-12-06 22:56:43.000000000 -0500 +++ libtool-2.2.6b/debian/control 2009-12-08 20:26:55.000000000 -0500 @@ -1,10 +1,10 @@ Source: libtool -Build-Depends: debhelper (>= 4.0), texi2html, texinfo, file, gfortran | fortran95-compiler, gcj [!hppa !hurd-i386], automake (>= 1:1.10), autoconf, autotools-dev, quilt +Build-Depends: debhelper (>= 5.0), texi2html, texinfo, file, gfortran | fortran95-compiler, gcj [!hppa !hurd-i386], automake (>= 1:1.10), autoconf, autotools-dev, quilt Build-Conflicts: automake1.9 Section: devel Priority: optional Maintainer: Kurt Roeckx <k...@roeckx.be> -Standards-Version: 3.8.1 +Standards-Version: 3.8.3 Homepage: http://www.gnu.org/software/libtool/ Package: libtool @@ -28,6 +28,7 @@ Architecture: all Section: doc Conflicts: libtool1.4-doc +Depends: install-info Description: Generic library support script This package contains the GNU libtool documentation. .
