HCoop / jackhill / guix / guix.git / blame
| Commit | Line | Data |
|---|---|---|
| d9721bcf LF |
1 | Fix CVE-2014-2524: |
| 2 | ||
| 3 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524 | |
| 4 | http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html | |
| 5 | ||
| 6 | Patch copied from: | |
| 7 | https://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-003 | |
| 8 | ||
| 9 | READLINE PATCH REPORT | |
| 10 | ===================== | |
| 11 | ||
| 12 | Readline-Release: 6.3 | |
| 13 | Patch-ID: readline63-003 | |
| 14 | ||
| 15 | Bug-Reported-by: | |
| 16 | Bug-Reference-ID: | |
| 17 | Bug-Reference-URL: | |
| 18 | ||
| 19 | Bug-Description: | |
| 20 | ||
| 21 | There are debugging functions in the readline release that are theoretically | |
| 22 | exploitable as security problems. They are not public functions, but have | |
| 23 | global linkage. | |
| 24 | ||
| 25 | Patch (apply with `patch -p0'): | |
| 26 | ||
| 27 | *** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 | |
| 28 | --- util.c 2014-03-20 10:25:53.000000000 -0400 | |
| 29 | *************** | |
| 30 | *** 477,480 **** | |
| 31 | --- 479,483 ---- | |
| 32 | } | |
| 33 | ||
| 34 | + #if defined (DEBUG) | |
| 35 | #if defined (USE_VARARGS) | |
| 36 | static FILE *_rl_tracefp; | |
| 37 | *************** | |
| 38 | *** 539,542 **** | |
| 39 | --- 542,546 ---- | |
| 40 | } | |
| 41 | #endif | |
| 42 | + #endif /* DEBUG */ |