From 88cb8e194f9248c8f03d7d735f2d05a5c759e1a6 Mon Sep 17 00:00:00 2001
From: Dave Anderson <anderson@redhat.com>
Date: Tue, 3 Mar 2015 13:48:16 -0500
Subject: [PATCH] Fix for insecure temporary file usage in _rl_tropen() as
 reported by readline library CVE-2014-2524. (anderson@redhat.com)

---
 gdb-7.6.patch | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/gdb-7.6.patch b/gdb-7.6.patch
index abece19..5f10cc8 100644
--- a/gdb-7.6.patch
+++ b/gdb-7.6.patch
@@ -1723,3 +1723,41 @@
  unsigned64 convert_ps (SIM_STATE, int rm, unsigned64 op, FP_formats from,
  		       FP_formats to);
  #define ConvertPS(rm,op,from,to) convert_ps (SIM_ARGS, rm, op, from, to)
+
+--- gdb-7.6/readline/util.c
++++ gdb-7.6/readline/util.c
+@@ -493,10 +493,13 @@ _rl_trace (va_alist)
+ 
+   if (_rl_tracefp == 0)
+     _rl_tropen ();
++  if (!_rl_tracefp)
++    goto out;
+   vfprintf (_rl_tracefp, format, args);
+   fprintf (_rl_tracefp, "\n");
+   fflush (_rl_tracefp);
+ 
++out:
+   va_end (args);
+ }
+ 
+@@ -509,16 +512,17 @@ _rl_tropen ()
+     fclose (_rl_tracefp);
+   sprintf (fnbuf, "/var/tmp/rltrace.%ld", getpid());
+   unlink(fnbuf);
+-  _rl_tracefp = fopen (fnbuf, "w+");
++  _rl_tracefp = fopen (fnbuf, "w+xe");
+   return _rl_tracefp != 0;
+ }
+ 
+ int
+ _rl_trclose ()
+ {
+-  int r;
++  int r = 0;
+ 
+-  r = fclose (_rl_tracefp);
++  if (_rl_tracefp)
++    r = fclose (_rl_tracefp);
+   _rl_tracefp = 0;
+   return r;
+ }