From aca5b2b7992462a7dd7677fb1f5a0edd2955be6d3f8bc4bcc5c07e58d906d545 Mon Sep 17 00:00:00 2001 From: Jean Delvare Date: Mon, 16 Feb 2015 14:06:29 +0000 Subject: [PATCH] - patch 2.7.4 Fixes a functional regression introduced by the previous security fix. The security fix would forbid legitimate use cases of relative symbolic links. [boo#918058] + Allow arbitrary symlink targets again. + Do not change permissions if there isn't an explicit mode change. + Fix indentation heuristic for context diffs. - Please also note that the previous update fixed security bugs boo#915328 and boo#915329 even though it did not say so. OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=46 --- patch-2.7.3.tar.bz2 | 3 --- patch-2.7.3.tar.bz2.sig | 17 ----------------- patch-2.7.4.tar.bz2 | 3 +++ patch-2.7.4.tar.bz2.sig | 17 +++++++++++++++++ patch.changes | 15 +++++++++++++++ patch.spec | 4 ++-- 6 files changed, 37 insertions(+), 22 deletions(-) delete mode 100644 patch-2.7.3.tar.bz2 delete mode 100644 patch-2.7.3.tar.bz2.sig create mode 100644 patch-2.7.4.tar.bz2 create mode 100644 patch-2.7.4.tar.bz2.sig diff --git a/patch-2.7.3.tar.bz2 b/patch-2.7.3.tar.bz2 deleted file mode 100644 index b016045..0000000 --- a/patch-2.7.3.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:02f6246736de92785d9c76c0ecab1121a516e52bfeb40c749a68ca4709e4487d -size 811416 diff --git a/patch-2.7.3.tar.bz2.sig b/patch-2.7.3.tar.bz2.sig deleted file mode 100644 index 8810184..0000000 --- a/patch-2.7.3.tar.bz2.sig +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABAgAGBQJUwWXSAAoJEMTJJ81dGzbXddEP/1teuYcysAFblAyfTr1JiEzi -Eo7v2T/E8RaEfkViSD5fX/wKVvAHBxm0xytN5DGztoyN/YBsP5jD34oFBioq77ik -wXs+EVPOiPkeKmOObHQ8oh4tOVkA+duzOYrtfz1xrAbbG8wKpH+VziKczmsSp/bw -JwET4w3r6tvQfANunRlhTvGVBgXrlPd2X14SzIYtYDnHF4pjLd9s2GYimlhChWFI -GV/60bmj1Esoc7upTgR7PzShGYQm0WfiODFwdSCD6qowLnyUjzwuB6YzJVfuR5be -30L0sbGWzXj2mVRCWbgiqUYoZ4aupE3EGwiCdcHWZ3LTKRSjXhiwkzh2Fqa20s98 -5NjmHVinl1k6yE/7w9rHZr/A5I08IiDAeJe4R+JGpQuDw+g7ooOTCdNZH6waBRv1 -f2jyi4lV3O3+b1T3lU9YTKiN8QovE2AjBTXGDhjpbz553q1rmb0068kMW+BmX2Sv -fY5YLf+nS1DXAGuGfNZ2nwD8aH88uIREHI+gmmA1lCXJ8pipbmpcN7P1E3kXdG/8 -hiJ/pA1nuZEWCdmuP0d91Z6dhHYsasWXmv9cGVA6q8chtRAToXA/jiqb+nBPIwON -JGm1rPi+8P3Bsp/Ix74B1JmfjUzqgqUxFxQIPSSlmoGp5ThkRmTXg0MTQFuXU1iU -QyqhcXwFlXi279/qmhyO -=ykie ------END PGP SIGNATURE----- diff --git a/patch-2.7.4.tar.bz2 b/patch-2.7.4.tar.bz2 new file mode 100644 index 0000000..2e4cfaf --- /dev/null +++ b/patch-2.7.4.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bf1c0d7db8212aa7bd4a780acd381c93e79469bf44fa4923236e306cc247a4e4 +size 836700 diff --git a/patch-2.7.4.tar.bz2.sig b/patch-2.7.4.tar.bz2.sig new file mode 100644 index 0000000..239cc26 --- /dev/null +++ b/patch-2.7.4.tar.bz2.sig @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABAgAGBQJUzUchAAoJEMTJJ81dGzbXrhMQAIkA2ZdGbIqqPYdTKbfWwWOo +Z+J6yjQ+nLUq3aByIds0HPC7LtvopcBHl7jVXY5Fr4SVyLCSGkQ90zQp8TKnkb4O +a4wBlr5y+VjPOxm1sHc8YS1fk7my030jax+TfWIkJP1O1Gu1loSVyDnU+uzZHFGN +9DI1EIwTUt8w2dEumfi1YLkD3a1I1pzonpWPgikcFKhmSG4BEcCP7W3tmT9sdIoU +cXS+Xu9tlj+ulkARig4HDogypCDhoUd1B3jXLJ36iVAXfQ6d2q47Qi4R+rblEdY7 +YhBI1iO0Lbtkyi1z4YfBKzZSnrW8T10omNVOmFZGbKPFkbmjzgp0zsqA+2rz66QL +ub0vFw+yl2OBzaUCi4rpaZguGa9tfoOIfPgN+HvoHjBq14u+SW2zZnG5mN6FxlTJ +klohqXLny+ENtntWLGjsh7uH4e6RHcZdvhMJJJmhHUFjlzH5TsuXWXaLncC1NUGT +KmcgR/nhvaZOtR2duJ6Qosj6cT3gAdGAxPV2aulOwQ2HMB6vY2dL5pyX+7CKfLQa +OBCc8eIt8UEeQFdES32d7peOfBOpem+AOxhqhQ3xCMuHVI2bvHbANhUNlizBhSQn +1PVFoj4h481ID0wC9YgrehiZwQn3FAGpem2e+oPLIEq469G80L6xs/btbngOFQnO +9Hd266ZUlk5v+bqQ9bxG +=xiFc +-----END PGP SIGNATURE----- diff --git a/patch.changes b/patch.changes index 72d4a22..5ee82ef 100644 --- a/patch.changes +++ b/patch.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Mon Feb 16 11:51:58 CET 2015 - jdelvare@suse.de + +- patch 2.7.4 + Fixes a functional regression introduced by the previous security + fix. The security fix would forbid legitimate use cases of + relative symbolic links. + [boo#918058] + + Allow arbitrary symlink targets again. + + Do not change permissions if there isn't an explicit mode + change. + + Fix indentation heuristic for context diffs. +- Please also note that the previous update fixed security bugs + boo#915328 and boo#915329 even though it did not say so. + ------------------------------------------------------------------- Fri Jan 23 00:58:35 UTC 2015 - andreas.stieger@gmx.de diff --git a/patch.spec b/patch.spec index b956777..3ad4b01 100644 --- a/patch.spec +++ b/patch.spec @@ -1,7 +1,7 @@ # # spec file for package patch # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: patch -Version: 2.7.3 +Version: 2.7.4 Release: 0 Summary: GNU patch License: GPL-3.0+