lines in pch_swap. This bug was causing a double free leading to
a crash (boo#1080985 CVE-2018-6952).
- abort-when-cleaning-up-fails.patch: Abort when cleaning up fails.
This bug could cause an infinite loop when a patch wouldn't
apply, leading to a segmentation fault (boo#1111572).
- dont-follow-symlinks-unless-asked.patch: Don't follow symlinks
unless --follow-symlinks is given. This increases the security
against malicious patches (boo#1142041 CVE-2019-13636).
- pass-the-correct-stat-to-backup-files.patch: Pass the correct
stat to backup files. This bug would occasionally cause backup
files to be missing when all hunks failed to apply (boo#1198106).
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=64
- ed-style-01-missing-input-files.patch: Allow input files to be
missing for ed-style patches.
- ed-style-02-fix-arbitrary-command-execution.patch,
ed-style-03-update-test-Makefile.patch: Fix arbitrary command
execution in ed-style patches.
- ed-style-04-invoke-ed-directly.patch: Invoke ed directly instead
of using the shell.
- ed-style-05-minor-cleanups.patch: Minor cleanups in do_ed_script.
- ed-style-06-fix-test-failure.patch: Fix 'ed-style' test failure.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=58
Fixes a functional regression introduced by the previous security
fix. The security fix would forbid legitimate use cases of
relative symbolic links.
[boo#918058]
+ Allow arbitrary symlink targets again.
+ Do not change permissions if there isn't an explicit mode
change.
+ Fix indentation heuristic for context diffs.
- Please also note that the previous update fixed security bugs
boo#915328 and boo#915329 even though it did not say so.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=46
+ Patch no longer gets a failed assertion for certain mangled
patches.
+ Ignore destination file names that are absolute or that contain
a component of "..", except when working in the root directory.
This addresses CVE-2010-4651.
+ Support for most features of the "diff --git" format, including
renames and copies, permission changes, and symlink diffs.
Binary diffs are not supported yet; patch will complain and
skip them.
+ Support for double-quoted filenames: when a filename starts
with a double quote, it is interpreted as a C string literal.
The escape sequences \\, \", \a, \b, \f, \n, \r, \t, \v, and
\ooo (a three-digit octal number between 0 and 255) are
recognized.
+ Refuse to apply a normal patch to a symlink. (Previous versions
of patch were replacing the symlink with a regular file.)
+ New --follow-symlinks option to allow to treat symlinks as
files: this was patch's behavior before version 2.7.
+ When trying to modify a read-only file, warn about the
potential problem by default. The --read-only command line
option allows to change this behavior.
+ Files to be deleted are deleted once the entire input has been
processed, not immediately. This fixes a bug with numbered
backup files.
+ When a timestamp specifies a time zone, honor that instead of
assuming the local time zone (--set-date) or Universal
Coordinated Time (--set-utc).
+ Support for nanosecond precision timestamps.
+ Many bug fixes.
+ Clarify the message printed when a patch is expected to empty
out and delete a file, but the file does not become empty.
+ Various improvements to messages when applying a patch to a
file of different type (regular file vs. symlink), when there
are line ending differences (LF vs. CRLF), and when in
--dry-run mode.
+ Ignore when extended attributes cannot be preserved because
they are unsupported or because permission to set them is
denied.
- patch-revert-e0f70752.patch: Dropped, original bug fixed
upstream.
- patch-stdio.in.patch: Dropped, merged upstream.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=35
+ Patch now ignores destination file names that are absolute or
that contain a component of ".." (CVE-2010-4651, bnc#662957).
- Drop unified-reject-files-compat.diff. Compatibility has been
provided for the past 18 months, hopefully nobody is relying on
it any longer.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=22
+ Support for most features of the "diff --git" format: renames
and copies, permission changes, symlink diffs. (Binary diffs
are not supported yet; patch will complain and skip them.)
+ Support for double-quoted filenames: when a filename in a
context diff starts with a double quote, it is interpreted as
a C string literal. The escape sequences \\, \", \a, \b, \f, \n,
\r, \t, \v, and \ooo (a three-digit octal number between 0 and
255) are recognized.
+ Refuse to patch read-only files by default, or at least warn
when patching such files with --force or --batch.
+ Refuse to apply a normal patch to a symlink. (Previous
versions of patch were wrongly replacing the symlink with a
regular file.)
+ When a timestamp specifies a time zone, honor that instead of
assuming the local time zone (--set-date) or Universal
Coordinated Time (--set-utc).
+ Support for nanosecond precision timestamps.
+ Many portability and bug fixes.
OBS-URL: https://build.opensuse.org/package/show/devel:tools/patch?expand=0&rev=14