readline: Security Advisory - readline - CVE-2014-2524

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524 (From OE-Core rev: 0e95eef8817f51504dcc50d855dcbef172cfc897) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Kai Kang <kai.kang@windriver.com> 2014-10-15 13:56:24 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-18 16:14:04 +0200
commit: bacc6575a933b5df4ca8fcb90a5ce2326013c7a3 (patch)
tree: 52a4afe1167b87dda66562c90f519806574e125a
parent: 7a9f5c9120d9330fae5f432630de120be11c28d9 (diff)
download: poky-bacc6575a933b5df4ca8fcb90a5ce2326013c7a3.tar.gz
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003
new file mode 100644
index 0000000000..98a9d810b6
--- /dev/null
+++ b/meta/recipes-core/readline/readline-6.3/readline63-003
@@ -0,0 +1,43 @@
+readline: Security Advisory - readline - CVE-2014-2524
+Upstream-Status: Backport
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+                           READLINE PATCH REPORT
+                           =====================
+Readline-Release: 6.3
+Patch-ID: readline63-003
+Bug-Reported-by:
+Bug-Reference-ID:
+Bug-Reference-URL:
+Bug-Description:
+There are debugging functions in the readline release that are theoretically
+exploitable as security problems.  They are not public functions, but have
+global linkage.
+Patch (apply with `patch -p0'):
+*** ../readline-6.3/util.c      2013-09-02 13:36:12.000000000 -0400
+--- util.c      2014-03-20 10:25:53.000000000 -0400
+***************
+*** 477,480 ****
+--- 479,483 ----
+  }
+  
+ #if defined (DEBUG)
+  #if defined (USE_VARARGS)
+  static FILE *_rl_tracefp;
+***************
+*** 539,542 ****
+--- 542,546 ----
+  }
+  #endif
+ #endif /* DEBUG */
+  
+  
diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb
index aa30f668b4..f02f197d47 100644
--- a/meta/recipes-core/readline/readline_6.3.bb
+++ b/meta/recipes-core/readline/readline_6.3.bb
@@ -1,5 +1,7 @@
 require readline.inc
+SRC_URI += "file://readline63-003"
 SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a"
 SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43"
author	Kai Kang <kai.kang@windriver.com>	2014-10-15 13:56:24 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-10-18 16:14:04 +0200
commit	bacc6575a933b5df4ca8fcb90a5ce2326013c7a3 (patch)
tree	52a4afe1167b87dda66562c90f519806574e125a
parent	7a9f5c9120d9330fae5f432630de120be11c28d9 (diff)
download	poky-bacc6575a933b5df4ca8fcb90a5ce2326013c7a3.tar.gz

diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003 new file mode 100644 index 0000000000..98a9d810b6 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline63-003
@@ -0,0 +1,43 @@
		1	readline: Security Advisory - readline - CVE-2014-2524
		2
		3	Upstream-Status: Backport
		4
		5	Signed-off-by: Yue Tao <yue.tao@windriver.com>
		6
		7	READLINE PATCH REPORT
		8	=====================
		9
		10	Readline-Release: 6.3
		11	Patch-ID: readline63-003
		12
		13	Bug-Reported-by:
		14	Bug-Reference-ID:
		15	Bug-Reference-URL:
		16
		17	Bug-Description:
		18
		19	There are debugging functions in the readline release that are theoretically
		20	exploitable as security problems. They are not public functions, but have
		21	global linkage.
		22
		23	Patch (apply with `patch -p0'):
		24
		25	*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400
		26	--- util.c 2014-03-20 10:25:53.000000000 -0400
		27	***************
		28	* 477,480 **
		29	--- 479,483 ----
		30	}
		31
		32	+ #if defined (DEBUG)
		33	#if defined (USE_VARARGS)
		34	static FILE *_rl_tracefp;
		35	***************
		36	* 539,542 **
		37	--- 542,546 ----
		38	}
		39	#endif
		40	+ #endif /* DEBUG */
		41
		42
		43


diff --git a/meta/recipes-core/readline/readline_6.3.bb b/meta/recipes-core/readline/readline_6.3.bb index aa30f668b4..f02f197d47 100644 --- a/meta/recipes-core/readline/readline_6.3.bb +++ b/meta/recipes-core/readline/readline_6.3.bb
@@ -1,5 +1,7 @@
1	require readline.inc	1	require readline.inc
2		2
		3	SRC_URI += "file://readline63-003"
		4
3	SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a"	5	SRC_URI[archive.md5sum] = "33c8fb279e981274f485fd91da77e94a"
4	SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43"	6	SRC_URI[archive.sha256sum] = "56ba6071b9462f980c5a72ab0023893b65ba6debb4eeb475d7a563dc65cafd43"
5		7