diff --git a/SOURCES/readline-6.2-rl_trace.patch b/SOURCES/readline-6.2-rl_trace.patch new file mode 100644 index 0000000..961b8cc --- /dev/null +++ b/SOURCES/readline-6.2-rl_trace.patch @@ -0,0 +1,39 @@ +diff --git a/util.c b/util.c +index 6c68ad8..713e637 100644 +--- a/util.c ++++ b/util.c +@@ -493,10 +493,13 @@ _rl_trace (va_alist) + + if (_rl_tracefp == 0) + _rl_tropen (); ++ if (!_rl_tracefp) ++ goto out; + vfprintf (_rl_tracefp, format, args); + fprintf (_rl_tracefp, "\n"); + fflush (_rl_tracefp); + ++out: + va_end (args); + } + +@@ -509,16 +512,17 @@ _rl_tropen () + fclose (_rl_tracefp); + sprintf (fnbuf, "/var/tmp/rltrace.%ld", getpid()); + unlink(fnbuf); +- _rl_tracefp = fopen (fnbuf, "w+"); ++ _rl_tracefp = fopen (fnbuf, "w+xe"); + return _rl_tracefp != 0; + } + + int + _rl_trclose () + { +- int r; ++ int r = 0; + +- r = fclose (_rl_tracefp); ++ if (_rl_tracefp) ++ r = fclose (_rl_tracefp); + _rl_tracefp = 0; + return r; + } diff --git a/SPECS/readline.spec b/SPECS/readline.spec index e8de3f5..90e80f8 100644 --- a/SPECS/readline.spec +++ b/SPECS/readline.spec @@ -1,7 +1,7 @@ Summary: A library for editing typed command lines Name: readline Version: 6.2 -Release: 6%{?dist} +Release: 9%{?dist} License: GPLv3+ Group: System Environment/Libraries URL: http://cnswww.cns.cwru.edu/php/chet/readline/rltop.html @@ -17,6 +17,7 @@ Patch22: readline-6.2-cppmacro.patch # add workaround for problem in gdb # in new version of readline needs to be deleted Patch23: readline-6.2-gdb.patch +Patch24: readline-6.2-rl_trace.patch Requires(post): /sbin/install-info Requires(preun): /sbin/install-info BuildRequires: ncurses-devel @@ -60,6 +61,7 @@ library. %patch21 -p1 -b .audit %patch22 -p1 -b .cppmacro %patch23 -p1 -b .gdb +%patch24 -p1 -b .rl pushd examples rm -f rlfe/configure @@ -137,6 +139,15 @@ fi %{_libdir}/lib*.a %changelog +* Mon Mar 24 2014 Lukáš Nykrýn - 6.2-9 +- fix for CVE-2014-2524 + +* Fri Jan 24 2014 Daniel Mach - 6.2-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 6.2-7 +- Mass rebuild 2013-12-27 + * Thu Feb 14 2013 Fedora Release Engineering - 6.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild