From 211bce4f23230c7898cccdb73b582420f830f977 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Wed, 4 Nov 2015 11:17:50 +0000 Subject: readline: rename patch to contain CVE reference To help automated scanning of CVEs, put the CVE ID in the filename. Signed-off-by: Ross Burton --- .../readline-6.3/readline-cve-2014-2524.patch | 43 ++++++++++++++++++++++ .../readline/readline-6.3/readline63-003.patch | 43 ---------------------- meta/recipes-core/readline/readline_6.3.bb | 2 +- 3 files changed, 44 insertions(+), 44 deletions(-) create mode 100644 meta/recipes-core/readline/readline-6.3/readline-cve-2014-2524.patch delete mode 100644 meta/recipes-core/readline/readline-6.3/readline63-003.patch (limited to 'meta/recipes-core/readline') diff --git a/meta/recipes-core/readline/readline-6.3/readline-cve-2014-2524.patch b/meta/recipes-core/readline/readline-6.3/readline-cve-2014-2524.patch new file mode 100644 index 0000000000..98a9d810b6 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline-cve-2014-2524.patch @@ -0,0 +1,43 @@ +readline: Security Advisory - readline - CVE-2014-2524 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao + + READLINE PATCH REPORT + ===================== + +Readline-Release: 6.3 +Patch-ID: readline63-003 + +Bug-Reported-by: +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +There are debugging functions in the readline release that are theoretically +exploitable as security problems. They are not public functions, but have +global linkage. + +Patch (apply with `patch -p0'): + +*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 +--- util.c 2014-03-20 10:25:53.000000000 -0400 +*************** +*** 477,480 **** +--- 479,483 ---- + } + ++ #if defined (DEBUG) + #if defined (USE_VARARGS) + static FILE *_rl_tracefp; +*************** +*** 539,542 **** +--- 542,546 ---- + } + #endif ++ #endif /* DEBUG */ + + + diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003.patch b/meta/recipes-core/readline/readline-6.3/readline63-003.patch deleted file mode 100644 index 98a9d810b6..0000000000 --- a/meta/recipes-core/readline/readline-6.3/readline63-003.patch +++ /dev/null @@ -1,43 +0,0 @@ -readline: Security Advisory - readline - CVE-2014-2524 - -Upstream-Status: Backport - -Signed-off-by: Yue Tao - - READLINE PATCH REPORT - ===================== - -Readline-Release: 6.3 -Patch-ID: readline63-003 - -Bug-Reported-by: -Bug-Reference-ID: -Bug-Reference-URL: - -Bug-Description: - -There are debugging functions in the readline release that are theoretically -exploitable as security problems. They are not public functions, but have -global linkage. - -Patch (apply with `patch -p0'): - -*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 ---- util.c 2014-03-20 10:25:53.000000000 -0400 -*************** -*** 477,480 **** ---- 479,483 ---- - } - -+ #if defined (DEBUG) - #if defined (USE_VARARGS) - static FILE *_rl_tracefp; -*************** -*** 539,542 **** ---- 542,546 ---- - } - #endif -+ #endif /* DEBUG */ - - - diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index 6ba1c186d8..fc362ae5a9 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb @@ -1,6 +1,6 @@ require readline.inc -SRC_URI += "file://readline63-003.patch;striplevel=0 \ +SRC_URI += "file://readline-cve-2014-2524.patch;striplevel=0 \ file://readline-dispatch-multikey.patch" SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" -- cgit 1.2.3-korg