- fix-swapping-fake-lines-in-pch_swap.patch: Fix swapping fake
lines in pch_swap. This bug was causing a double free leading to
a crash (boo#1080985 CVE-2018-6952).
- abort-when-cleaning-up-fails.patch: Abort when cleaning up fails.
This bug could cause an infinite loop when a patch wouldn't
apply, leading to a segmentation fault (boo#1111572).
- dont-follow-symlinks-unless-asked.patch: Don't follow symlinks
unless --follow-symlinks is given. This increases the security
against malicious patches (boo#1142041 CVE-2019-13636).
- pass-the-correct-stat-to-backup-files.patch: Pass the correct
stat to backup files. This bug would occasionally cause backup
files to be missing when all hunks failed to apply (boo#1198106).
OBS-URL: https://build.opensuse.org/request/show/976181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/patch?expand=0&rev=45
lines in pch_swap. This bug was causing a double free leading to
a crash (boo#1080985 CVE-2018-6952).
- abort-when-cleaning-up-fails.patch: Abort when cleaning up fails.
This bug could cause an infinite loop when a patch wouldn't
apply, leading to a segmentation fault (boo#1111572).
- dont-follow-symlinks-unless-asked.patch: Don't follow symlinks
unless --follow-symlinks is given. This increases the security
against malicious patches (boo#1142041 CVE-2019-13636).
- pass-the-correct-stat-to-backup-files.patch: Pass the correct
stat to backup files. This bug would occasionally cause backup
files to be missing when all hunks failed to apply (boo#1198106).
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=64
- ed-style-01-missing-input-files.patch: Allow input files to be
missing for ed-style patches.
- ed-style-02-fix-arbitrary-command-execution.patch,
ed-style-03-update-test-Makefile.patch: Fix arbitrary command
execution in ed-style patches.
- ed-style-04-invoke-ed-directly.patch: Invoke ed directly instead
of using the shell.
- ed-style-05-minor-cleanups.patch: Minor cleanups in do_ed_script.
- ed-style-06-fix-test-failure.patch: Fix 'ed-style' test failure.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=58
- Move COPYING from %doc to %license.
- Add AUTHORS and COPYING to %doc.
- fix-segfault-mangled-rename.patch: Fix segfault with mangled
rename patch (bsc#1080951, CVE-2018-6951, savannah#53132).
- patch 2.7.6:
* Files specified on the command line are no longer verified to
be inside the current working directory, so commands like
"patch -i foo.diff ../foo" will work again
* Fixes CVE-2016-10713 (Out-of-bounds access within
pch_write_line() in pch.c could possibly lead to DoS via a
crafted input file; bsc#1080918)
* Various fixes
OBS-URL: https://build.opensuse.org/request/show/590591
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/patch?expand=0&rev=41
Fixes a functional regression introduced by the previous security
fix. The security fix would forbid legitimate use cases of
relative symbolic links.
[boo#918058]
+ Allow arbitrary symlink targets again.
+ Do not change permissions if there isn't an explicit mode
change.
+ Fix indentation heuristic for context diffs.
- Please also note that the previous update fixed security bugs
boo#915328 and boo#915329 even though it did not say so.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=46
+ Patch no longer gets a failed assertion for certain mangled
patches.
+ Ignore destination file names that are absolute or that contain
a component of "..", except when working in the root directory.
This addresses CVE-2010-4651.
+ Support for most features of the "diff --git" format, including
renames and copies, permission changes, and symlink diffs.
Binary diffs are not supported yet; patch will complain and
skip them.
+ Support for double-quoted filenames: when a filename starts
with a double quote, it is interpreted as a C string literal.
The escape sequences \\, \", \a, \b, \f, \n, \r, \t, \v, and
\ooo (a three-digit octal number between 0 and 255) are
recognized.
+ Refuse to apply a normal patch to a symlink. (Previous versions
of patch were replacing the symlink with a regular file.)
+ New --follow-symlinks option to allow to treat symlinks as
files: this was patch's behavior before version 2.7.
+ When trying to modify a read-only file, warn about the
potential problem by default. The --read-only command line
option allows to change this behavior.
+ Files to be deleted are deleted once the entire input has been
processed, not immediately. This fixes a bug with numbered
backup files.
+ When a timestamp specifies a time zone, honor that instead of
assuming the local time zone (--set-date) or Universal
Coordinated Time (--set-utc).
+ Support for nanosecond precision timestamps.
+ Many bug fixes.
+ Clarify the message printed when a patch is expected to empty
out and delete a file, but the file does not become empty.
+ Various improvements to messages when applying a patch to a
file of different type (regular file vs. symlink), when there
are line ending differences (LF vs. CRLF), and when in
--dry-run mode.
+ Ignore when extended attributes cannot be preserved because
they are unsupported or because permission to set them is
denied.
- patch-revert-e0f70752.patch: Dropped, original bug fixed
upstream.
- patch-stdio.in.patch: Dropped, merged upstream.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=35
