From d1e6fe9cf59d89d2121aeba6397cc1d9a79ed573 Mon Sep 17 00:00:00 2001
From: "Dr. Werner Fink" <werner@suse.com>
Date: Tue, 18 Mar 2014 11:26:57 +0000
Subject: [PATCH] .

OBS-URL: https://build.opensuse.org/package/show/Base:System/bash?expand=0&rev=161
---
 bash.changes               |  7 +++++++
 bash.spec                  |  3 +++
 readline-6.2-rltrace.patch | 43 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 readline-6.2-rltrace.patch

diff --git a/bash.changes b/bash.changes
index 928ba90e..b186f8d6 100644
--- a/bash.changes
+++ b/bash.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar 18 11:25:21 UTC 2014 - werner@suse.de
+
+- CVE-2014-2524: bash,readline: temporary file misuse in _rl_tropen (bnc#868822)
+  Even if used only by developers to debug readline library do not
+  open temporary files from public location without O_EXCL 
+
 -------------------------------------------------------------------
 Fri Jan 31 16:39:08 UTC 2014 - werner@suse.de
 
diff --git a/bash.spec b/bash.spec
index ae7f2aec..8aebc85f 100644
--- a/bash.spec
+++ b/bash.spec
@@ -91,6 +91,7 @@ Patch25:        readline-6.2-endpw.dif
 Patch26:        readline-6.2-msgdynamic.patch
 Patch27:        readline-6.2-xmalloc.dif
 Patch30:        readline-6.2-destdir.patch
+Patch31:        readline-6.2-rltrace.patch
 Patch40:        bash-4.1-bash.bashrc.dif
 Patch42:        audit-patch
 Patch43:        audit-rl-patch
@@ -309,6 +310,7 @@ done
 %patch24 -p0 -b .metamode
 #%patch25 -p0 -b .endpw
 %patch26 -p0 -b .msgdy
+%patch31 -p0 -b .tmp
 %patch40 -p0 -b .bashrc
 %if 0%suse_version >= 1100
 %patch42 -p1 -b .audit
@@ -334,6 +336,7 @@ done
 %patch24 -p2 -b .metamode
 #%patch25 -p2 -b .endpw
 %patch26 -p2 -b .msgdy
+%patch31 -p2 -b .tmp
 %patch27 -p0 -b .xm
 %patch30 -p0 -b .destdir
 %if 0%suse_version >= 1100
diff --git a/readline-6.2-rltrace.patch b/readline-6.2-rltrace.patch
new file mode 100644
index 00000000..dfd7a32e
--- /dev/null
+++ b/readline-6.2-rltrace.patch
@@ -0,0 +1,43 @@
+Even if used only by developers to debug readline library do not open
+temporary files from public location without O_EXCL (bcn#868822).
+
+---
+ util.c |   10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+--- lib/readline/util.c
++++ lib/readline/util.c	2014-03-18 11:18:25.774735305 +0000
+@@ -493,10 +493,12 @@ _rl_trace (va_alist)
+ 
+   if (_rl_tracefp == 0)
+     _rl_tropen ();
++  if (!_rl_tracefp)
++    goto out;
+   vfprintf (_rl_tracefp, format, args);
+   fprintf (_rl_tracefp, "\n");
+   fflush (_rl_tracefp);
+-
++out:
+   va_end (args);
+ }
+ 
+@@ -509,7 +511,7 @@ _rl_tropen ()
+     fclose (_rl_tracefp);
+   sprintf (fnbuf, "/var/tmp/rltrace.%ld", getpid());
+   unlink(fnbuf);
+-  _rl_tracefp = fopen (fnbuf, "w+");
++  _rl_tracefp = fopen (fnbuf, "w+xe");
+   return _rl_tracefp != 0;
+ }
+ 
+@@ -517,8 +519,8 @@ int
+ _rl_trclose ()
+ {
+   int r;
+-
+-  r = fclose (_rl_tracefp);
++  if (_rl_tracefp)
++    r = fclose (_rl_tracefp);
+   _rl_tracefp = 0;
+   return r;
+ }