gnu/packages/patches/readline-6.2-CVE-2014-2524.patch

   1 Fix CVE-2014-2524:
   2
   3 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524
   4 http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
   5
   6 Patch copied from:
   7 https://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-003
   8
   9                            READLINE PATCH REPORT
  10                            =====================
  11
  12 Readline-Release: 6.3
  13 Patch-ID: readline63-003
  14
  15 Bug-Reported-by:
  16 Bug-Reference-ID:
  17 Bug-Reference-URL:
  18
  19 Bug-Description:
  20
  21 There are debugging functions in the readline release that are theoretically
  22 exploitable as security problems.  They are not public functions, but have
  23 global linkage.
  24
  25 Patch (apply with `patch -p0'):
  26
  27 *** ../readline-6.3/util.c      2013-09-02 13:36:12.000000000 -0400
  28 --- util.c      2014-03-20 10:25:53.000000000 -0400
  29 ***************
  30 *** 477,480 ****
  31 --- 479,483 ----
  32   }
  33
  34 + #if defined (DEBUG)
  35   #if defined (USE_VARARGS)
  36   static FILE *_rl_tracefp;
  37 ***************
  38 *** 539,542 ****
  39 --- 542,546 ----
  40   }
  41   #endif
  42 + #endif /* DEBUG */