Bug 152772 - RH9's vendor supplied readline core dumps
RH9's vendor supplied readline core dumps
Status: CLOSED WONTFIX
Product: Fedora Legacy
Classification: Retired
Component: readline (Show other bugs)
unspecified
other Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, NEEDSWORK, rh90, discussion
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-08-26 16:59 EDT by Jeff Pitman
Modified: 2007-04-18 13:22 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-07 18:31:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:26:55 EST
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=92372 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97937 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=114270 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112048 
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=98229 
 
Entering [Shift]-Enter in any readline application will cause an immediate 
coredump.  Fix can be found here:  
 
ftp://ftp.cwru.edu/pub/bash/readline-4.3-patches/readline43-001 
 
Or, a rebuild of FC-devel's readline under RH9 works as well.



------- Additional Comments From cra@wpi.edu 2004-10-06 08:58:32 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was able to reproduce this problem by typing "ESC O M" in any
readline-enabled app, such as lftp.  The given patch fixes the problem.

Built rh90 packages based on FC1's readline-4.3-7.src.rpm package which
are identical except for the addition of the readline43-001 patch:

http://angus.ind.wpi.edu/~cra/fedora/legacy/readline/

8db9655e1b7fb567a8a40c4524709ee6ee470169  readline-4.3-5.0.9.legacy.i386.rpm
6b14cd5640eacbf37e0d0c2603fe78557ebccc9e  readline-4.3-5.0.9.legacy.src.rpm
d0f2fd94d326cdbd2923f8233d0a22eeece04dbc 
readline-debuginfo-4.3-5.0.9.legacy.i386.rpm
dfa182539892dbc02016f245b464ae7fc205cd17  readline-devel-4.3-5.0.9.legacy.i386.rpm

Please QA.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBZEAEw2eg+Um7WIYRAq4+AJ4v7uG1aLeyjECsxCvTTkmmGZHITACcDYft
Ovf7HgkLhLrQlDn6CEdNA5g=
=K4jB
-----END PGP SIGNATURE-----




------- Additional Comments From symbiont@berlios.de 2004-10-19 05:18:40 ----

Charles' rebuilt packages operate correctly and the shift-enter bug no longer 
exists.  Thanks! 



------- Additional Comments From dom@earth.li 2004-10-19 08:00:59 ----

Do we want to push this as an offical update? If so we need some formal QA.
I don't have strong views either way - if it's a trivial fix and the bug is
affecting people then I don't object.



------- Additional Comments From pekkas@netcore.fi 2004-12-15 23:13:03 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
                                                                               
                       
These are not security vulnerabilities AFAICS, because they are triggered by
user's input, and I doubt readline is used with setuid apps.
                                                                               
                       
That said, backporting FC1 release is too noisy; spec file and different
fixes are a mess.
                                                                               
                       
So, I suggest two alternative approaches:
 a) re-work the packages to be based on RHEL3 BA update, includes a
different bugfix -- this has very few changes.  Then add the -001 patch on
top of that, and be done.
                                                                               
                       
   If someone creates the packages, I can do the QA.
                                                                               
                       
 b) abandon the whole update, as it's not a security update.
                                                                               
                       
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
                                                                               
                       
iD8DBQFBwVFcGHbTkzxSL7QRAo5EAJ9iyuRvZNglh+Jt03gGtcd+6I3O6wCfSFrK
BjUglRX2avQtlryG9DD/N8k=
=NzwS
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-02-16 13:24:55 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on the following:

6b14cd5640eacbf37e0d0c2603fe78557ebccc9e  readline-4.3-5.0.9.legacy.src.rpm

It is identical to the FC1 release, which is in turn identical to the
rh9 release except for the following:

- - Removal of a few patches that were commented out in the rh9 spec file
- - Addition of the readline43-001 patch

I don't see any reason to rebuild packages for this, the one Charles made
is perfectly good.

It's not a security fix, but seems to be a popular bug. I will build and
release this and will simply send a note to the FL list for the release details.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCE9aRLMAs/0C4zNoRAp+AAKCdK7TgJn4hNoSV/3LiX92aFZDqMQCaAkAu
hfxEcFIC0xVVTnZNIAxMxaU=
=DIiM
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2005-02-17 10:20:26 ----

Do you mean that this will not be pushed out through updates-testing/updates
channels?  Fine with me.

If I misunderstood, I'd have to take another look at the readline spec files,
but I got the feeling that FC1 was a mess.  It was some time ago though..



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:26 -------

This bug previously known as bug 2017 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2017
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P3. Setting to default priority "normal".
Unknown severity minor. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Dominic Hargreaves 2005-04-07 09:02:57 EDT
Marc, ping? Shall we just close this?
Comment 2 Marc Deslauriers 2005-04-07 18:31:59 EDT
Yes. Whoever has the problem is either living with it or has already upgraded to
newer packages.

Note You need to log in before you can comment on or make changes to this bug.