[readline/f20] security patch for debug functions, #1077026
Jan Chaloupka
jchaloup at fedoraproject.org
Mon May 26 12:02:23 UTC 2014
commit 707a9285babd7ecd9adcd6c9b53c1388080ea39a
Author: jchaloup <jchaloup at redhat.com>
Date: Mon May 26 14:00:10 2014 +0200
security patch for debug functions, #1077026
readline-6.2-debug_fncs_security_fix.patch | 29 ++++++++++++++++++++++++++++
readline.spec | 9 +++++++-
2 files changed, 37 insertions(+), 1 deletions(-)
---
diff --git a/readline-6.2-debug_fncs_security_fix.patch b/readline-6.2-debug_fncs_security_fix.patch
new file mode 100644
index 0000000..8e07978
--- /dev/null
+++ b/readline-6.2-debug_fncs_security_fix.patch
@@ -0,0 +1,29 @@
+From 0597f0b34a0c93578b83f24ecca9e66d183728c5 Mon Sep 17 00:00:00 2001
+From: jchaloup <jchaloup at redhat.com>
+Date: Mon, 26 May 2014 13:02:02 +0200
+Subject: [PATCH] security fix for debug functions
+
+---
+ util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util.c b/util.c
+index 6c68ad8..bc50dc1 100644
+--- a/util.c
++++ b/util.c
+@@ -468,6 +468,7 @@ _rl_savestring (s)
+ return (strcpy ((char *)xmalloc (1 + (int)strlen (s)), (s)));
+ }
+
++#if defined (DEBUG)
+ #if defined (USE_VARARGS)
+ static FILE *_rl_tracefp;
+
+@@ -524,3 +525,4 @@ _rl_trclose ()
+ }
+
+ #endif
++#endif /* DEBUG */
+--
+1.9.0
+
diff --git a/readline.spec b/readline.spec
index 76dbd5f..53892c1 100644
--- a/readline.spec
+++ b/readline.spec
@@ -1,7 +1,7 @@
Summary: A library for editing typed command lines
Name: readline
Version: 6.2
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv3+
Group: System Environment/Libraries
URL: http://cnswww.cns.cwru.edu/php/chet/readline/rltop.html
@@ -19,6 +19,8 @@ Patch22: readline-6.2-cppmacro.patch
Patch23: readline-6.2-gdb.patch
#temporary fix build on 64b ARM
Patch24: readline-aarch64.patch
+# BZ1077026, security fix for temporary file
+Patch25: readline-6.2-debug_fncs_security_fix.patch
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
BuildRequires: ncurses-devel
@@ -63,6 +65,7 @@ library.
%patch22 -p1 -b .cppmacro
%patch23 -p1 -b .gdb
%patch24 -p1 -b .arm
+%patch25 -p1 -b .debug_fncs_security_fix
pushd examples
rm -f rlfe/configure
@@ -140,6 +143,10 @@ fi
%{_libdir}/lib*.a
%changelog
+* Mon May 26 2014 jchaloup <jchaloup at redhat.com> - 6.2-9
+- resolves: #1077026
+ Security patch for debug functions
+
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 6.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
More information about the scm-commits
mailing list