./0000775000175000017500000000000012511411356011434 5ustar nielsenrnielsenr./readline63-0030000664000175000017500000000151712511411356013617 0ustar nielsenrnielsenrreadline: Security Advisory - readline - CVE-2014-2524 Upstream-Status: Backport Signed-off-by: Yue Tao READLINE PATCH REPORT ===================== Readline-Release: 6.3 Patch-ID: readline63-003 Bug-Reported-by: Bug-Reference-ID: Bug-Reference-URL: Bug-Description: There are debugging functions in the readline release that are theoretically exploitable as security problems. They are not public functions, but have global linkage. Patch (apply with `patch -p0'): *** ../readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 --- util.c 2014-03-20 10:25:53.000000000 -0400 *************** *** 477,480 **** --- 479,483 ---- } + #if defined (DEBUG) #if defined (USE_VARARGS) static FILE *_rl_tracefp; *************** *** 539,542 **** --- 542,546 ---- } #endif + #endif /* DEBUG */ ./configure-fix.patch0000664000175000017500000000201312511411356015216 0ustar nielsenrnielsenrUpstream-Status: Pending Without this it fails to link against libtermcap causing various missing symbols issues. RP - 8/10/08 Support 6.3 which uses configure.ac rather than configure.in. Signed-off-by: Hongxu Jia --- configure.ac | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index cea8f91..9075b8f 100644 --- a/configure.ac +++ b/configure.ac @@ -218,10 +218,10 @@ if test -f ${srcdir}/support/shobj-conf; then AC_MSG_CHECKING(configuration for building shared libraries) eval `TERMCAP_LIB=$TERMCAP_LIB ${CONFIG_SHELL-/bin/sh} ${srcdir}/support/shobj-conf -C "${CC}" -c ${host_cpu} -o ${host_os} -v ${host_vendor}` -# case "$SHLIB_LIBS" in -# *curses*|*termcap*|*termlib*) ;; -# *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;; -# esac + case "$SHLIB_LIBS" in + *curses*|*termcap*|*termlib*) ;; + *) SHLIB_LIBS="$SHLIB_LIBS $TERMCAP_LIB" ;; + esac AC_SUBST(SHOBJ_CC) AC_SUBST(SHOBJ_CFLAGS) -- 1.8.1.2 ./readline-dispatch-multikey.patch0000664000175000017500000000175712511411356017710 0ustar nielsenrnielsenrFrom 8ef852a5be72c75e17f2510bea52455f809b56ce Mon Sep 17 00:00:00 2001 From: Chet Ramey Date: Fri, 28 Mar 2014 14:07:42 -0400 Subject: [PATCH 04/10] Readline-6.3 patch 2 Fixes multi-key issue identified in this thread: http://lists.gnu.org/archive/html/bug-readline/2014-03/msg00010.html Upstream-Status: Backport Signed-off-by: Saul Wold --- readline.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/readline.c b/readline.c index eb4eae3..abb29a0 100644 --- a/readline.c +++ b/readline.c @@ -744,7 +744,8 @@ _rl_dispatch_callback (cxt) r = _rl_subseq_result (r, cxt->oldmap, cxt->okey, (cxt->flags & KSEQ_SUBSEQ)); RL_CHECK_SIGNALS (); - if (r == 0) /* success! */ + /* We only treat values < 0 specially to simulate recursion. */ + if (r >= 0 || (r == -1 && (cxt->flags & KSEQ_SUBSEQ) == 0)) /* success! or failure! */ { _rl_keyseq_chain_dispose (); RL_UNSETSTATE (RL_STATE_MULTIKEY); -- 1.8.3.1