From 02be728762c77962f9c3034cd7995ad51afaee95 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 6 Oct 2015 14:04:20 +0100 Subject: readline: actually apply readline63-003 (aka CVE-2014-2524) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This file wasn't named as a patch, nor told to apply explicity, so it was just unpacked to the work directory and not applied. Rename the file so the patch is applied correctly. (thanks to Petter Mabäcker for spotting this) Signed-off-by: Ross Burton --- .../readline/readline-6.3/readline63-003 | 43 ---------------------- .../readline/readline-6.3/readline63-003.patch | 43 ++++++++++++++++++++++ meta/recipes-core/readline/readline_6.3.bb | 2 +- 3 files changed, 44 insertions(+), 44 deletions(-) delete mode 100644 meta/recipes-core/readline/readline-6.3/readline63-003 create mode 100644 meta/recipes-core/readline/readline-6.3/readline63-003.patch (limited to 'meta/recipes-core/readline') diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003 deleted file mode 100644 index 98a9d810b6..0000000000 --- a/meta/recipes-core/readline/readline-6.3/readline63-003 +++ /dev/null @@ -1,43 +0,0 @@ -readline: Security Advisory - readline - CVE-2014-2524 - -Upstream-Status: Backport - -Signed-off-by: Yue Tao - - READLINE PATCH REPORT - ===================== - -Readline-Release: 6.3 -Patch-ID: readline63-003 - -Bug-Reported-by: -Bug-Reference-ID: -Bug-Reference-URL: - -Bug-Description: - -There are debugging functions in the readline release that are theoretically -exploitable as security problems. They are not public functions, but have -global linkage. - -Patch (apply with `patch -p0'): - -*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 ---- util.c 2014-03-20 10:25:53.000000000 -0400 -*************** -*** 477,480 **** ---- 479,483 ---- - } - -+ #if defined (DEBUG) - #if defined (USE_VARARGS) - static FILE *_rl_tracefp; -*************** -*** 539,542 **** ---- 542,546 ---- - } - #endif -+ #endif /* DEBUG */ - - - diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003.patch b/meta/recipes-core/readline/readline-6.3/readline63-003.patch new file mode 100644 index 0000000000..98a9d810b6 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline63-003.patch @@ -0,0 +1,43 @@ +readline: Security Advisory - readline - CVE-2014-2524 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao + + READLINE PATCH REPORT + ===================== + +Readline-Release: 6.3 +Patch-ID: readline63-003 + +Bug-Reported-by: +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +There are debugging functions in the readline release that are theoretically +exploitable as security problems. They are not public functions, but have +global linkage. + +Patch (apply with `patch -p0'): + +*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 +--- util.c 2014-03-20 10:25:53.000000000 -0400 +*************** +*** 477,480 **** +--- 479,483 ---- + } + ++ #if defined (DEBUG) + #if defined (USE_VARARGS) + static FILE *_rl_tracefp; +*************** +*** 539,542 **** +--- 542,546 ---- + } + #endif ++ #endif /* DEBUG */ + + + diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index 55964a6cf8..6ba1c186d8 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb @@ -1,6 +1,6 @@ require readline.inc -SRC_URI += "file://readline63-003 \ +SRC_URI += "file://readline63-003.patch;striplevel=0 \ file://readline-dispatch-multikey.patch" SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" -- cgit 1.2.3-korg