3 files changed, 110 insertions, 0 deletions
diff --git a/meta/recipes-core/readline/readline-6.3/configure-fix.patch b/meta/recipes-core/readline/readline-6.3/configure-fix.patch
new file mode 100644
index 0000000000..ef3104f8a6
--- /dev/null
+++ b/meta/recipes-core/readline/readline-6.3/configure-fix.patch
@@ -0,0 +1,35 @@
+Upstream-Status: Pending
+Without this it fails to link against libtermcap causing various missing
+symbols issues.
+RP - 8/10/08
+Support 6.3 which uses configure.ac rather than configure.in.
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ configure.ac | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index cea8f91..9075b8f 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -218,10 +218,10 @@ if test -f ${srcdir}/support/shobj-conf; then
+         AC_MSG_CHECKING(configuration for building shared libraries)
+         eval `TERMCAP_LIB=$TERMCAP_LIB ${CONFIG_SHELL-/bin/sh} ${srcdir}/support/shobj-conf -C "${CC}" -c ${host_cpu} -o ${host_os} -v ${host_vendor}`
+ 
+-#      case "$SHLIB_LIBS" in
+-#      *curses*|*termcap*|*termlib*)   ;;
+-#      *)                      SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
+-#      esac
+       case "$SHLIB_LIBS" in
+       *curses*|*termcap*|*termlib*)   ;;
+       *)                      SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
+       esac
+        
+         AC_SUBST(SHOBJ_CC)
+         AC_SUBST(SHOBJ_CFLAGS)
+-- 
+1.8.1.2
diff --git a/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
new file mode 100644
index 0000000000..54d1ac6eb9
--- /dev/null
+++ b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
@@ -0,0 +1,32 @@
+From 8ef852a5be72c75e17f2510bea52455f809b56ce Mon Sep 17 00:00:00 2001
+From: Chet Ramey <chet.ramey@case.edu>
+Date: Fri, 28 Mar 2014 14:07:42 -0400
+Subject: [PATCH 04/10] Readline-6.3 patch 2
+Fixes multi-key issue identified in this thread:
+http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html
+Upstream-Status: Backport
+Signed-off-by: Saul Wold <sgw@linux.intel.com>
+---
+ readline.c | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+diff --git a/readline.c b/readline.c
+index eb4eae3..abb29a0 100644
+--- a/readline.c
+++ b/readline.c
+@@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt)
+     r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ));
+ 
+   RL_CHECK_SIGNALS ();
+-  if (r == 0)                  /* success! */
+  /* We only treat values < 0 specially to simulate recursion. */
+  if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0))  /* success! or failure! */
+     {
+       _rl_keyseq_chain_dispose ();
+       RL_UNSETSTATE (RL_STATE_MULTIKEY);
+-- 
+1.8.3.1
diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003
new file mode 100644
index 0000000000..98a9d810b6
--- /dev/null
+++ b/meta/recipes-core/readline/readline-6.3/readline63-003
@@ -0,0 +1,43 @@
+readline: Security Advisory - readline - CVE-2014-2524
+Upstream-Status: Backport
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+                           READLINE PATCH REPORT
+                           =====================
+Readline-Release: 6.3
+Patch-ID: readline63-003
+Bug-Reported-by:
+Bug-Reference-ID:
+Bug-Reference-URL:
+Bug-Description:
+There are debugging functions in the readline release that are theoretically
+exploitable as security problems.  They are not public functions, but have
+global linkage.
+Patch (apply with `patch -p0'):
+*** ../readline-6.3/util.c      2013-09-02 13:36:12.000000000 -0400
+--- util.c      2014-03-20 10:25:53.000000000 -0400
+***************
+*** 477,480 ****
+--- 479,483 ----
+  }
+  
+ #if defined (DEBUG)
+  #if defined (USE_VARARGS)
+  static FILE *_rl_tracefp;
+***************
+*** 539,542 ****
+--- 542,546 ----
+  }
+  #endif
+ #endif /* DEBUG */
+  
+

diff --git a/meta/recipes-core/readline/readline-6.3/configure-fix.patch b/meta/recipes-core/readline/readline-6.3/configure-fix.patch new file mode 100644 index 0000000000..ef3104f8a6 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/configure-fix.patch
@@ -0,0 +1,35 @@
	1	Upstream-Status: Pending
	2
	3	Without this it fails to link against libtermcap causing various missing
	4	symbols issues.
	5
	6	RP - 8/10/08
	7
	8	Support 6.3 which uses configure.ac rather than configure.in.
	9	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
	10	---
	11	configure.ac \| 8 ++++----
	12	1 file changed, 4 insertions(+), 4 deletions(-)
	13
	14	diff --git a/configure.ac b/configure.ac
	15	index cea8f91..9075b8f 100644
	16	--- a/configure.ac
	17	+++ b/configure.ac
	18	@@ -218,10 +218,10 @@ if test -f ${srcdir}/support/shobj-conf; then
	19	AC_MSG_CHECKING(configuration for building shared libraries)
	20	eval `TERMCAP_LIB=$TERMCAP_LIB ${CONFIG_SHELL-/bin/sh} ${srcdir}/support/shobj-conf -C "${CC}" -c ${host_cpu} -o ${host_os} -v ${host_vendor}`
	21
	22	-# case "$SHLIB_LIBS" in
	23	-# curses\|termcap\|termlib) ;;
	24	-# *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
	25	-# esac
	26	+ case "$SHLIB_LIBS" in
	27	+ curses\|termcap\|termlib) ;;
	28	+ *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;;
	29	+ esac
	30
	31	AC_SUBST(SHOBJ_CC)
	32	AC_SUBST(SHOBJ_CFLAGS)
	33	--
	34	1.8.1.2
	35


diff --git a/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch new file mode 100644 index 0000000000..54d1ac6eb9 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline-dispatch-multikey.patch
@@ -0,0 +1,32 @@
	1	From 8ef852a5be72c75e17f2510bea52455f809b56ce Mon Sep 17 00:00:00 2001
	2	From: Chet Ramey <chet.ramey@case.edu>
	3	Date: Fri, 28 Mar 2014 14:07:42 -0400
	4	Subject: [PATCH 04/10] Readline-6.3 patch 2
	5
	6	Fixes multi-key issue identified in this thread:
	7	http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html
	8
	9	Upstream-Status: Backport
	10
	11	Signed-off-by: Saul Wold <sgw@linux.intel.com>
	12	---
	13	readline.c \| 3 ++-
	14	1 files changed, 2 insertions(+), 1 deletions(-)
	15
	16	diff --git a/readline.c b/readline.c
	17	index eb4eae3..abb29a0 100644
	18	--- a/readline.c
	19	+++ b/readline.c
	20	@@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt)
	21	r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ));
	22
	23	RL_CHECK_SIGNALS ();
	24	- if (r == 0) /* success! */
	25	+ /* We only treat values < 0 specially to simulate recursion. */
	26	+ if (r >= 0 \|\| (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0)) /* success! or failure! */
	27	{
	28	_rl_keyseq_chain_dispose ();
	29	RL_UNSETSTATE (RL_STATE_MULTIKEY);
	30	--
	31	1.8.3.1
	32


diff --git a/meta/recipes-core/readline/readline-6.3/readline63-003 b/meta/recipes-core/readline/readline-6.3/readline63-003 new file mode 100644 index 0000000000..98a9d810b6 --- /dev/null +++ b/meta/recipes-core/readline/readline-6.3/readline63-003
@@ -0,0 +1,43 @@
	1	readline: Security Advisory - readline - CVE-2014-2524
	2
	3	Upstream-Status: Backport
	4
	5	Signed-off-by: Yue Tao <yue.tao@windriver.com>
	6
	7	READLINE PATCH REPORT
	8	=====================
	9
	10	Readline-Release: 6.3
	11	Patch-ID: readline63-003
	12
	13	Bug-Reported-by:
	14	Bug-Reference-ID:
	15	Bug-Reference-URL:
	16
	17	Bug-Description:
	18
	19	There are debugging functions in the readline release that are theoretically
	20	exploitable as security problems. They are not public functions, but have
	21	global linkage.
	22
	23	Patch (apply with `patch -p0'):
	24
	25	*** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400
	26	--- util.c 2014-03-20 10:25:53.000000000 -0400
	27	***************
	28	* 477,480 **
	29	--- 479,483 ----
	30	}
	31
	32	+ #if defined (DEBUG)
	33	#if defined (USE_VARARGS)
	34	static FILE *_rl_tracefp;
	35	***************
	36	* 539,542 **
	37	--- 542,546 ----
	38	}
	39	#endif
	40	+ #endif /* DEBUG */
	41
	42
	43