On 8/16/2010 4:42 PM, Ralf Wildenhues wrote: > * Charles Wilson wrote on Mon, Aug 16, 2010 at 10:27:46PM CEST: >> Taking all of this together, I wonder if a good approach might be the >> following: libltdl replaces the '=' with the value of the environment >> variable LIBLTDL_SYSROOT. So usually -- with this variable empty -- '=' >> is just stripped out, which would be typical on the $host system. This >> would open up possible exploits -- but if you --finish your .la files, >> then there ARE no '=' markers to replace, so you'd be safe. > > Sounds good. Make that LTDL_SYSROOT please, though, similar to the > other variables it uses.
I was going to work on this, this weekend, but some family/medical stuff came up. Sorry...I'm not sure when I'll be able to get to it. >> I was just copying the pattern I saw elsewhere. If it's safe to proceed >> without the default, then that's fine too. > > Yep it should be. Paolo, are you going to squash this: http://lists.gnu.org/archive/html/libtool-patches/2010-08/msg00145.html perhaps without this change: > - if $opt_dry_run; then > + if ${opt_dry_run-false}; then into [PATCH] improve code for sysroot --mode=finish.eml ? -- Chuck
