Accepting request 590591 from devel:tools

- Move COPYING from %doc to %license. - Add AUTHORS and COPYING to %doc. - fix-segfault-mangled-rename.patch: Fix segfault with mangled rename patch (bsc#1080951, CVE-2018-6951, savannah#53132). - patch 2.7.6: * Files specified on the command line are no longer verified to be inside the current working directory, so commands like "patch -i foo.diff ../foo" will work again * Fixes CVE-2016-10713 (Out-of-bounds access within pch_write_line() in pch.c could possibly lead to DoS via a crafted input file; bsc#1080918) * Various fixes OBS-URL: https://build.opensuse.org/request/show/590591 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/patch?expand=0&rev=41
2018-03-30 09:55:13 +00:00 · 2018-03-30 09:55:13 +00:00 · 9dfa552ac5
commit 9dfa552ac5
parent 961092e7ae 163aef10cd
8 changed files with 82 additions and 29 deletions
--- a/fix-segfault-mangled-rename.patch
+++ b/fix-segfault-mangled-rename.patch
@ -0,0 +1,25 @@
 From: Andreas Gruenbacher <agruen@gnu.org>
 Date: Mon, 12 Feb 2018 16:48:24 +0100
 Subject: Fix segfault with mangled rename patch
 Patch-mainline: yes
 Git-commit: f290f48a621867084884bfff87f8093c15195e6a
 References: bsc#1080951, CVE-2018-6951, savannah#53133
 http://savannah.gnu.org/bugs/?53132
 * src/pch.c (intuit_diff_type): Ensure that two filenames are specified
 for renames and copies (fix the existing check).
 diff --git a/src/pch.c b/src/pch.c
 index ff9ed2c..bc6278c 100644
 --- a/src/pch.c
 +++ b/src/pch.c
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
     if ((pch_rename () || pch_copy ())
 	&& ! inname
 	&& ! ((i == OLD || i == NEW) &&
 -	      p_name[! reverse] &&
 +	      p_name[reverse] && p_name[! reverse] &&
 +	      name_is_valid (p_name[reverse]) &&
 	      name_is_valid (p_name[! reverse])))
       {
 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
--- a/patch-2.7.5.tar.xz
+++ b/patch-2.7.5.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299
 size 727704
--- a/patch-2.7.5.tar.xz.sig
+++ b/patch-2.7.5.tar.xz.sig
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 iQIcBAABAgAGBQJU+kkKAAoJEMTJJ81dGzbX5kkQAIzmrfE6cNYkfZhpyhdFVeI1
 0BJ74bkhTuu66lcjR3YR/ADP6agAOTxD787hG9WuwSjDjHmVXnFjQ9izdtR5U7Ak
 JcjPR/NEMCbpWTUiK5GToz/hyvOq/H/dl0FA0Myv1LFIrQZFIT28x1+x89bp8j/n
 SLlEV/KKFLZ9yZKuDId2WSQNfFPJgKpUXA71A5JUk1U2csX1vj5IpVu/wjFj1Z+m
 6vuBSJ/iKAGq9hibVqz/q9FC+M3/oVCvBNPXex4RQHjNoviKUoNCw1f4QOjv1OOt
 mXWly0sOTynDlzlv3XQTCm+BKENfl+Uij4Bw7fRHGu4sSUVu3CluZjjsIPmy195l
 WvYuJ181S83VP01iW9o6Tnhdgxp0XH7d0SFKOeIo+xzHW86hgg5UFOAw8AHGfh1i
 lnXjDYvnx2p0hl3/izHXuCq/vJ0O4D8CSbljBHoUXw83piW1k44Fn1NWD691IJKc
 W11V6qbANt5E57/7hwm+zK8xp1ooew/SZBOlVVQYpDXiv4nTIHHxmnk/1z9c56F2
 LqI13farflnxboJwOlDjdxbPXths6G9zWu2Q7+fQOo7WZsCmoa4z7w4YsGCNLZRW
 sv/Hz0U29DokL/m3fZMjfwrWEb3n7T691Lb7NoRGkdXmxfwZiH2hiXWFHJsWwmMW
 Hu8c7dwmco6PrPOg1Gpd
 =9BQ9
 -----END PGP SIGNATURE-----
--- a/patch-2.7.6.tar.xz
+++ b/patch-2.7.6.tar.xz
--- a/patch-2.7.6.tar.xz.sig
+++ b/patch-2.7.6.tar.xz.sig
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIcBAABAgAGBQJaed0dAAoJENW/n+sDE2U62ScQAK02GcPxJccBefkcuC6q/or9
 f1im2lIpc1YJqxHmmhDeRu9twjuFycUV55hud+OroJe2xYKZrI6oUwJBldKTRfHu
 whlhRzERO3U4z9pvi8XWbKvObsmqSBIgsM72oby4aPLCWk7IpJprR6BnRZdtnBg1
 jzM3Yka8k01+dmVH2rsoSEGAe9sZbXJazBoYg8N/wHKe2+NY4W3esZ7flxQJ9RvB
 GxjVU/KbyoNXIoFU4EnMalcLTZTHThhv2kQ1/cQZ+gt/1+f00DoieaUaIg3qB8jX
 IqYE4GvXILgx8+REE3utt0zKv7pYGBNRkuACUE2hLZoY4SporJ0J63/7Y8zrzjxQ
 GE27+DcjxBQGd1GnpO/Xb4kpqBGyn4KrlBIiHkhk2GgyBewpXPMog3cJki7A/1vz
 Qb+JTY8PBqvOe7DmxW4Bp1vX6eOKn14FDQ7q3ZPjAd52Jtn7GUEt4etCduQh7ZNt
 ElLLvpPro1wxG1bTbA3+TysCd+9XWWjwKJlPK5Jbdii0R73iy386UZGN1t1kmBzS
 1mn3nh82z/XO9lPU3e1WP0BANAzTrNqA66ZbfQ9fIu6UO8R/+ygT7U5yie+X3xwP
 kM6HR6oD0eDkqbPbOr8hey0kPG3FAWkZ47Oju5ad1ntUBFj4buLybEY0e08hncJS
 gdt7wrbeKKxzdrcyQ1qy
 =mjHo
 -----END PGP SIGNATURE-----
--- a/patch.changes
+++ b/patch.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Thu Mar 22 09:43:43 CET 2018 - jdelvare@suse.de
 - Move COPYING from %doc to %license.
 -------------------------------------------------------------------
 Wed Mar 21 16:44:09 CET 2018 - jdelvare@suse.de
 - Add AUTHORS and COPYING to %doc.
 - fix-segfault-mangled-rename.patch: Fix segfault with mangled
  rename patch (bsc#1080951, CVE-2018-6951, savannah#53132).
 -------------------------------------------------------------------
 Wed Feb  7 18:43:51 UTC 2018 - astieger@suse.com
 - patch 2.7.6:
  * Files specified on the command line are no longer verified to
    be inside the current working directory, so commands like
    "patch -i foo.diff ../foo" will work again
  * Fixes CVE-2016-10713 (Out-of-bounds access within
    pch_write_line() in pch.c could possibly lead to DoS via a
    crafted input file; bsc#1080918)
  * Various fixes
 -------------------------------------------------------------------
 Sat Mar  7 10:42:46 CET 2015 - jdelvare@suse.de
--- a/patch.keyring
+++ b/patch.keyring
--- a/patch.spec
+++ b/patch.spec
@ -1,7 +1,7 @@
 #
 # spec file for package patch
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
 Name:           patch
-Version:        2.7.5
+Version:        2.7.6
 Release:        0
 Summary:        GNU patch
 License:        GPL-3.0+
@ -26,13 +26,13 @@ Url:            http://ftp.gnu.org/gnu/patch/
 Source:         http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.xz
 Source2:        http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.xz.sig
 Source3:        http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1#/patch.keyring
-%if 0%{?suse_version} < 1220
+Patch1:         fix-segfault-mangled-rename.patch
 BuildRequires:  xz
 %endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was
 # invoking patch, so interdiff had to be fixed too.
 Conflicts:      patchutils < 0.3.2
 %if 0%{?suse_version} < 1220
 BuildRequires:  xz
 %endif
 %description
 The GNU patch program is used to apply diffs between original and
@ -40,6 +40,7 @@ changed files (generated by the diff command) to the original files.
 %prep
 %setup -q
 %patch1 -p1
 %build
 export CFLAGS="%{optflags} -Wall -O2 -pipe"
@ -53,9 +54,13 @@ make %{?_smp_mflags} check %{verbose:V=1}
 make install DESTDIR=%{buildroot} %{verbose:V=1}
 %files
-%defattr(-,root,root)
+%doc AUTHORS NEWS README
-%doc NEWS README
+%if 0%{?suse_version} >= 1500
 %license COPYING
 %else
 %doc COPYING
 %endif
 %{_bindir}/patch
-%doc %{_mandir}/man1/patch.1.gz
+%{_mandir}/man1/patch.1%{ext_man}
 %changelog