mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 13:58:15 -05:00
gnu: readline-6.2: Fix CVE-2014-2524.
* gnu/packages/patches/readline-6.2-CVE-2014-2524.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/readline.scm (readline-6.2): Use it.
This commit is contained in:
parent
27d7c4e93a
commit
d9721bcf27
3 changed files with 45 additions and 0 deletions
|
@ -827,6 +827,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/rapicorn-isnan.patch \
|
%D%/packages/patches/rapicorn-isnan.patch \
|
||||||
%D%/packages/patches/ratpoison-shell.patch \
|
%D%/packages/patches/ratpoison-shell.patch \
|
||||||
%D%/packages/patches/readline-link-ncurses.patch \
|
%D%/packages/patches/readline-link-ncurses.patch \
|
||||||
|
%D%/packages/patches/readline-6.2-CVE-2014-2524.patch \
|
||||||
%D%/packages/patches/ripperx-missing-file.patch \
|
%D%/packages/patches/ripperx-missing-file.patch \
|
||||||
%D%/packages/patches/rpm-CVE-2014-8118.patch \
|
%D%/packages/patches/rpm-CVE-2014-8118.patch \
|
||||||
%D%/packages/patches/rsem-makefile.patch \
|
%D%/packages/patches/rsem-makefile.patch \
|
||||||
|
|
42
gnu/packages/patches/readline-6.2-CVE-2014-2524.patch
Normal file
42
gnu/packages/patches/readline-6.2-CVE-2014-2524.patch
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
Fix CVE-2014-2524:
|
||||||
|
|
||||||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524
|
||||||
|
http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00057.html
|
||||||
|
|
||||||
|
Patch copied from:
|
||||||
|
https://ftp.gnu.org/gnu/readline/readline-6.3-patches/readline63-003
|
||||||
|
|
||||||
|
READLINE PATCH REPORT
|
||||||
|
=====================
|
||||||
|
|
||||||
|
Readline-Release: 6.3
|
||||||
|
Patch-ID: readline63-003
|
||||||
|
|
||||||
|
Bug-Reported-by:
|
||||||
|
Bug-Reference-ID:
|
||||||
|
Bug-Reference-URL:
|
||||||
|
|
||||||
|
Bug-Description:
|
||||||
|
|
||||||
|
There are debugging functions in the readline release that are theoretically
|
||||||
|
exploitable as security problems. They are not public functions, but have
|
||||||
|
global linkage.
|
||||||
|
|
||||||
|
Patch (apply with `patch -p0'):
|
||||||
|
|
||||||
|
*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400
|
||||||
|
--- util.c 2014-03-20 10:25:53.000000000 -0400
|
||||||
|
***************
|
||||||
|
*** 477,480 ****
|
||||||
|
--- 479,483 ----
|
||||||
|
}
|
||||||
|
|
||||||
|
+ #if defined (DEBUG)
|
||||||
|
#if defined (USE_VARARGS)
|
||||||
|
static FILE *_rl_tracefp;
|
||||||
|
***************
|
||||||
|
*** 539,542 ****
|
||||||
|
--- 542,546 ----
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
+ #endif /* DEBUG */
|
|
@ -84,6 +84,8 @@ (define-public readline-6.2
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append "mirror://gnu/readline/readline-"
|
(uri (string-append "mirror://gnu/readline/readline-"
|
||||||
version ".tar.gz"))
|
version ".tar.gz"))
|
||||||
|
(patches (search-patches "readline-6.2-CVE-2014-2524.patch"))
|
||||||
|
(patch-flags '("-p0"))
|
||||||
(sha256
|
(sha256
|
||||||
(base32
|
(base32
|
||||||
"10ckm2bd2rkxhvdmj7nmbsylmihw0abwcsnxf8y27305183rd9kr"))))))
|
"10ckm2bd2rkxhvdmj7nmbsylmihw0abwcsnxf8y27305183rd9kr"))))))
|
||||||
|
|
Loading…
Reference in a new issue