From 6adddf045d3130cdc8fa03d392cfa3e2b8b115b3 Mon Sep 17 00:00:00 2001
From: Erik van Pienbroek <epienbro@fedoraproject.org>
Date: Thu, 29 May 2014 17:42:24 +0200
Subject: [PATCH] Fix CVE-2014-2524 (RHBZ #1077035)

---
 mingw-readline.spec                        |  7 ++++++
 readline-6.2-debug_fncs_security_fix.patch | 29 ++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 readline-6.2-debug_fncs_security_fix.patch

diff --git a/mingw-readline.spec b/mingw-readline.spec
index 1dbe9bf..bee9cfa 100644
--- a/mingw-readline.spec
+++ b/mingw-readline.spec
@@ -10,6 +10,9 @@ Group:          System Environment/Libraries
 URL:            http://cnswww.cns.cwru.edu/php/chet/readline/rltop.html
 Source0:        ftp://ftp.gnu.org/gnu/readline/readline-%{version}.tar.gz
 
+# CVE-2014-2524
+Patch0:         readline-6.2-debug_fncs_security_fix.patch
+
 BuildArch:      noarch
 
 BuildRequires:  mingw32-filesystem >= 95
@@ -82,6 +85,7 @@ Static version of the cross compiled readline library.
 
 %prep
 %setup -q -n readline-%{version}
+%patch0 -p1
 
 
 %build
@@ -130,6 +134,9 @@ rm -f $RPM_BUILD_ROOT%{mingw64_datadir}/readline/*.c
 
 
 %changelog
+* Thu May 29 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 6.2-4
+- Fix CVE-2014-2524 (RHBZ #1077035)
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/readline-6.2-debug_fncs_security_fix.patch b/readline-6.2-debug_fncs_security_fix.patch
new file mode 100644
index 0000000..8e07978
--- /dev/null
+++ b/readline-6.2-debug_fncs_security_fix.patch
@@ -0,0 +1,29 @@
+From 0597f0b34a0c93578b83f24ecca9e66d183728c5 Mon Sep 17 00:00:00 2001
+From: jchaloup <jchaloup@redhat.com>
+Date: Mon, 26 May 2014 13:02:02 +0200
+Subject: [PATCH] security fix for debug functions
+
+---
+ util.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/util.c b/util.c
+index 6c68ad8..bc50dc1 100644
+--- a/util.c
++++ b/util.c
+@@ -468,6 +468,7 @@ _rl_savestring (s)
+   return (strcpy ((char *)xmalloc (1 + (int)strlen (s)), (s)));
+ }
+ 
++#if defined (DEBUG)
+ #if defined (USE_VARARGS)
+ static FILE *_rl_tracefp;
+ 
+@@ -524,3 +525,4 @@ _rl_trclose ()
+ }
+ 
+ #endif
++#endif /* DEBUG */
+-- 
+1.9.0
+