From 2761a2bd8b215e35830e21725c3dfd2e5598ba32 Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Tue, 6 Oct 2015 14:04:20 +0100 Subject: readline: actually apply readline63-003 (aka CVE-2014-2524) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This file wasn't named as a patch, nor told to apply explicity, so it was just unpacked to the work directory and not applied. Rename the file so the patch is applied correctly. (thanks to Petter Mabäcker for spotting this) (From OE-Core master rev: 02be728762c77962f9c3034cd7995ad51afaee95) (From OE-Core rev: 7f2e2d57c7496547b7970377547482ead2e152cf) Signed-off-by: Ross Burton Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- .../readline/readline-6.3/readline63-003 | 43 ---------------------- .../readline/readline-6.3/readline63-003.patch | 43 ++++++++++++++++++++++ meta/recipes-core/readline/readline_6.3.bb | 2 +- 3 files changed, 44 insertions(+), 44 deletions(-) delete mode 100644 meta/recipes-core/readline/readline-6.3/readline63-003 create mode 100644 meta/recipes-core/readline/readline-6.3/readline63-003.patch diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003 deleted file mode 100644 index 98a9d81..0000000 --- a/meta/recipes-core/readline/readline-6.3/readline63-003 +++ /dev/null @@ -1,43 +0,0 @@ -readline: Security Advisory - readline - CVE-2014-2524 - -Upstream-Status: Backport - -Signed-off-by: Yue Tao - - READLINE PATCH REPORT - ===================== - -Readline-Release: 6.3 -Patch-ID: readline63-003 - -Bug-Reported-by: -Bug-Reference-ID: -Bug-Reference-URL: - -Bug-Description: - -There are debugging functions in the readline release that are theoretically -exploitable as security problems. They are not public functions, but have -global linkage. - -Patch (apply with `patch -p0'): - -*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 ---- util.c 2014-03-20 10:25:53.000000000 -0400 -*************** -*** 477,480 **** ---- 479,483 ---- - } - -+ #if defined (DEBUG) - #if defined (USE_VARARGS) - static FILE *_rl_tracefp; -*************** -*** 539,542 **** ---- 542,546 ---- - } - #endif -+ #endif /* DEBUG */ - - - diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003.patch b/meta/recipes-core/readline/readline-6.3/readline63-003.patch new file mode 100644 index 0000000..98a9d81 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline63-003.patch @@ -0,0 +1,43 @@ +readline: Security Advisory - readline - CVE-2014-2524 + +Upstream-Status: Backport + +Signed-off-by: Yue Tao + + READLINE PATCH REPORT + ===================== + +Readline-Release: 6.3 +Patch-ID: readline63-003 + +Bug-Reported-by: +Bug-Reference-ID: +Bug-Reference-URL: + +Bug-Description: + +There are debugging functions in the readline release that are theoretically +exploitable as security problems. They are not public functions, but have +global linkage. + +Patch (apply with `patch -p0'): + +*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 +--- util.c 2014-03-20 10:25:53.000000000 -0400 +*************** +*** 477,480 **** +--- 479,483 ---- + } + ++ #if defined (DEBUG) + #if defined (USE_VARARGS) + static FILE *_rl_tracefp; +*************** +*** 539,542 **** +--- 542,546 ---- + } + #endif ++ #endif /* DEBUG */ + + + diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index 55964a6..6ba1c18 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb @@ -1,6 +1,6 @@ require readline.inc -SRC_URI += "file://readline63-003 \ +SRC_URI += "file://readline63-003.patch;striplevel=0 \ file://readline-dispatch-multikey.patch" SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a" -- cgit v1.1