rpms/patch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

RHEL 9.0.0 Alpha bootstrap

Browse Source 
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/patch#961dbc996f263a22a7e98d6e6a7d6e7dadaa8dc5
This commit is contained in:
Petr Šabata 2020-10-15 23:00:02 +02:00
parent 6fc2893135
commit 1fa08665ef
43 changed files with 4546 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@ -0,0 +1,10 @@
patch-2.5.4.tar.gz
patch-2.6.tar.xz
patch-2.6.1.tar.xz
/patch-2.7.tar.xz
/patch-2.7.1.tar.xz
/patch-2.7.2.tar.xz
/patch-2.7.3.tar.xz
/patch-2.7.4.tar.xz
/patch-2.7.5.tar.xz
/patch-2.7.6.tar.xz

9
STAGE1-patch Normal file
View File

@ -0,0 +1,9 @@
srpm patch
mcd $BUILDDIR/$1
cat <<EOF > config.cache
ac_cv_func_strnlen_working=yes
EOF
$SRC/${1}-*/configure $TCONFIGARGS --cache-file=config.cache
notparallel
make $J V=1
make $J install DESTDIR=${ROOTFS}

7
gating.yaml Normal file
View File

@ -0,0 +1,7 @@
--- !Policy
product_versions:
- fedora-*
decision_context: bodhi_update_push_testing
rules:
- !PassingTestCaseRule {test_case_name: dist.depcheck}
- !PassingTestCaseRule {test_case_name: dist.abicheck}

14
patch-2.7.6-CVE-2018-17942.patch Normal file
View File

@ -0,0 +1,14 @@
diff -up patch-2.7.6/lib/vasnprintf.c.me patch-2.7.6/lib/vasnprintf.c
--- patch-2.7.6/lib/vasnprintf.c.me 2018-11-26 14:02:03.401718842 +0100
+++ patch-2.7.6/lib/vasnprintf.c 2018-11-26 14:03:02.923913446 +0100
@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extr
size_t a_len = a.nlimbs;
/* 0.03345 is slightly larger than log(2)/(9*log(10)). */
size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
- char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
+ /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
+ digits of a, followed by 1 byte for the terminating NUL. */
+ char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
if (c_ptr != NULL)
{
char *d_ptr = c_ptr;

25
patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch Normal file
View File

@ -0,0 +1,25 @@
commit 9c986353e420ead6e706262bf204d6e03322c300
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Aug 17 13:35:40 2018 +0200
Fix swapping fake lines in pch_swap
* src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
blank line in the middle of a context-diff hunk: that empty line stays
in the middle of the hunk and isn't swapped.
Fixes: https://savannah.gnu.org/bugs/index.php?53133
diff --git a/src/pch.c b/src/pch.c
index e92bc64..a500ad9 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2122,7 +2122,7 @@ pch_swap (void)
}
if (p_efake >= 0) { /* fix non-freeable ptr range */
if (p_efake <= i)
- n = p_end - i + 1;
+ n = p_end - p_ptrn_lines;
else
n = -i;
p_efake += n;

102
patch-2.7.6-CVE-2019-13636-symlinks.patch Normal file
View File

@ -0,0 +1,102 @@
commit dce4683cbbe107a95f1f0d45fabc304acfb5d71a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 16:21:48 2019 +0200
Don't follow symlinks unless --follow-symlinks is given
* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
append_to_file): Unless the --follow-symlinks option is given, open files with
the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
that consistently for input files.
* src/util.c (create_backup): When creating empty backup files, (re)create them
with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
diff --git a/src/inp.c b/src/inp.c
index 32d0919..22d7473 100644
--- a/src/inp.c
+++ b/src/inp.c
@@ -238,8 +238,13 @@ plan_a (char const *filename)
{
if (S_ISREG (instat.st_mode))
{
- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
+ int flags = O_RDONLY | binary_transput;
size_t buffered = 0, n;
+ int ifd;
+
+ if (! follow_symlinks)
+ flags |= O_NOFOLLOW;
+ ifd = safe_open (filename, flags, 0);
if (ifd < 0)
pfatal ("can't open file %s", quotearg (filename));
@@ -340,6 +345,7 @@ plan_a (char const *filename)
static void
plan_b (char const *filename)
{
+ int flags = O_RDONLY | binary_transput;
int ifd;
FILE *ifp;
int c;
@@ -353,7 +359,9 @@ plan_b (char const *filename)
if (instat.st_size == 0)
filename = NULL_DEVICE;
- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
+ if (! follow_symlinks)
+ flags |= O_NOFOLLOW;
+ if ((ifd = safe_open (filename, flags, 0)) < 0
|| ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
pfatal ("Can't open file %s", quotearg (filename));
if (TMPINNAME_needs_removal)
diff --git a/src/util.c b/src/util.c
index 1cc08ba..fb38307 100644
--- a/src/util.c
+++ b/src/util.c
@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
try_makedirs_errno = ENOENT;
safe_unlink (bakname);
- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
{
if (errno != try_makedirs_errno)
pfatal ("Can't create file %s", quotearg (bakname));
@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
static void
copy_to_fd (const char *from, int tofd)
{
+ int from_flags = O_RDONLY | O_BINARY;
int fromfd;
ssize_t i;
- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
+ if (! follow_symlinks)
+ from_flags |= O_NOFOLLOW;
+ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
pfatal ("Can't reopen file %s", quotearg (from));
while ((i = read (fromfd, buf, bufsize)) != 0)
{
@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
else
{
assert (S_ISREG (mode));
+ if (! follow_symlinks)
+ to_flags |= O_NOFOLLOW;
tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
to_dir_known_to_exist);
copy_to_fd (from, tofd);
@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
void
append_to_file (char const *from, char const *to)
{
+ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
int tofd;
- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
+ if (! follow_symlinks)
+ to_flags |= O_NOFOLLOW;
+ if ((tofd = safe_open (to, to_flags, 0)) < 0)
pfatal ("Can't reopen file %s", quotearg (to));
copy_to_fd (from, tofd);
if (close (tofd) != 0)

33
patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch Normal file
View File

@ -0,0 +1,33 @@
commit 3fcd042d26d70856e826a42b5f93dc4854d80bf0
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 19:36:15 2018 +0200
Invoke ed directly instead of using the shell
* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
command to avoid quoting vulnerabilities.
diff --git a/src/pch.c b/src/pch.c
index 4fd5a05..16e001a 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
*outname_needs_removal = true;
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
}
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
fflush (stdout);
pid = fork();
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
else if (pid == 0)
{
dup2 (tmpfd, 0);
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ assert (outname[0] != '!' && outname[0] != '-');
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
_exit (2);
}
else

46
patch-2.7.6-abort_when_cleaning_up_fails.patch Normal file
View File

@ -0,0 +1,46 @@
commit b7b028a77bd855f6f56b17c8837fc1cca77b469d
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Jun 28 00:30:25 2019 +0200
Abort when cleaning up fails
When a fatal error triggers during cleanup, another attempt will be made to
clean up, which will likely lead to the same fatal error. So instead, bail out
when that happens.
src/patch.c (cleanup): Bail out when called recursively.
(main): There is no need to call output_files() before cleanup() as cleanup()
already does that.
diff --git a/src/patch.c b/src/patch.c
index 4616a48..02fd982 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -685,7 +685,6 @@ main (int argc, char **argv)
}
if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
write_fatal ();
- output_files (NULL);
cleanup ();
delete_files ();
if (somefailed)
@@ -1991,7 +1990,6 @@ void
fatal_exit (int sig)
{
cleanup ();
-
if (sig)
exit_with_signal (sig);
@@ -2011,6 +2009,12 @@ remove_if_needed (char const *name, bool *needs_removal)
static void
cleanup (void)
{
+ static bool already_cleaning_up;
+
+ if (already_cleaning_up)
+ return;
+ already_cleaning_up = true;
+
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);

28
patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch Normal file
View File

@ -0,0 +1,28 @@
commit b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 11:34:51 2018 +0200
Allow input files to be missing for ed-style patches
* src/pch.c (do_ed_script): Allow input files to be missing so that new
files will be created as with non-ed-style patches.
diff --git a/src/pch.c b/src/pch.c
index bc6278c..0c5cc26 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
if (! dry_run && ! skip_rest_of_patch) {
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- assert (! inerrno);
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
sprintf (buf, "%s %s%s", editor_program,
verbosity == VERBOSE ? "" : "- ",
outname);

21
patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch Normal file
View File

@ -0,0 +1,21 @@
commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 19:10:02 2019 +0200
Avoid invalid memory access in context format diffs
* src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
diff --git a/src/pch.c b/src/pch.c
index a500ad9..cb54e03 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
ptrn_prefix_context = context;
ptrn_suffix_context = context;
if (repl_beginning
+ || p_end <= 0
|| (p_end
!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
{

24
patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch Normal file
View File

@ -0,0 +1,24 @@
commit 3bbebbb29f6fbbf2988b9f2e75695b7c0b1f1c9b
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 12:01:22 2018 +0100
Avoid set_file_attributes sign conversion warnings
* src/util.c (set_file_attributes): Avoid sign conversion warnings when
assigning -1 to uid_t / gid_t.
diff --git a/src/util.c b/src/util.c
index b1c7266..1cc08ba 100644
--- a/src/util.c
+++ b/src/util.c
@@ -256,8 +256,8 @@ set_file_attributes (char const *to, enum file_attributes attr,
}
if (attr & FA_IDS)
{
- static uid_t euid = -1;
- static gid_t egid = -1;
+ static uid_t euid = (uid_t)-1;
+ static gid_t egid = (gid_t)-1;
uid_t uid;
uid_t gid;

85
patch-2.7.6-avoid-warnings-gcc8.patch Normal file
View File

@ -0,0 +1,85 @@
commit ae81be0024ea4eaf139b7ba57e9a8ce9e4a163ec
Author: Jim Meyering <jim@meyering.net>
Date: Fri Apr 6 17:17:11 2018 -0700
maint: avoid warnings from GCC8
Hi Andreas,
I configured with --enable-gcc-warnings and bleeding-edge gcc
(version 8.0.1 20180406) and hit some warning-escalated-to-errors.
This fixes them:
>From a71ddb200dbe7ac0f9258796b5a51979b2740e88 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@fb.com>
Date: Fri, 6 Apr 2018 16:47:00 -0700
Subject: [PATCH] maint: avoid warnings from GCC8
* src/common.h (FALLTHROUGH): Define.
* src/patch.c (abort_hunk_context): Use FALLTHROUGH macro in place of
a comment. This avoids a warning from -Wimplicit-fallthrough=.
* src/pch.c (do_ed_script): Add otherwise unnecessary initialization
to avoid warning from -Wmaybe-uninitialized.
(another_hunk): Use FALLTHROUGH macro here, too, twice.
diff --git a/src/common.h b/src/common.h
index ec50b40..904a3f8 100644
--- a/src/common.h
+++ b/src/common.h
@@ -218,3 +218,11 @@ bool merge_hunk (int hunk, struct outstate *, lin where, bool *);
#else
# define merge_hunk(hunk, outstate, where, somefailed) false
#endif
+
+#ifndef FALLTHROUGH
+# if __GNUC__ < 7
+# define FALLTHROUGH ((void) 0)
+# else
+# define FALLTHROUGH __attribute__ ((__fallthrough__))
+# endif
+#endif
diff --git a/src/patch.c b/src/patch.c
index 0fe6d72..1ae91d9 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool reverse)
break;
case ' ': case '-': case '+': case '!':
fprintf (rejfp, "%c ", pch_char (i));
- /* fall into */
+ FALLTHROUGH;
case '\n':
pch_write_line (i, rejfp);
break;
diff --git a/src/pch.c b/src/pch.c
index 1055542..cda3dfa 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1735,7 +1735,7 @@ another_hunk (enum diff difftype, bool rev)
break;
case '=':
ch = ' ';
- /* FALL THROUGH */
+ FALLTHROUGH;
case ' ':
if (fillsrc > p_ptrn_lines) {
free(s);
@@ -1756,7 +1756,7 @@ another_hunk (enum diff difftype, bool rev)
p_end = fillsrc-1;
return -1;
}
- /* FALL THROUGH */
+ FALLTHROUGH;
case '+':
if (filldst > p_end) {
free(s);
@@ -2394,8 +2394,7 @@ do_ed_script (char const *inname, char const *outname,
size_t chars_read;
FILE *tmpfp = 0;
char const *tmpname;
- int tmpfd;
- pid_t pid;
+ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
char const **ed_argv;
int stdin_dup, status;

21
patch-2.7.6-avoid_invalid_memory_access.patch Normal file
View File

@ -0,0 +1,21 @@
commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Jul 15 19:10:02 2019 +0200
Avoid invalid memory access in context format diffs
* src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
diff --git a/src/pch.c b/src/pch.c
index a500ad9..cb54e03 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
ptrn_prefix_context = context;
ptrn_suffix_context = context;
if (repl_beginning
+ || p_end <= 0
|| (p_end
!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
{

75
patch-2.7.6-check-of-return-value-of-fwrite.patch Normal file
View File

@ -0,0 +1,75 @@
commit 1e9104c18019e7dc6b5590aea4b1d4f9d8ecfd56
Author: Bruno Haible <bruno@clisp.org>
Date: Sat Apr 7 12:21:04 2018 +0200
Fix check of return value of fwrite().
* src/patch.c (copy_till): Consider incomplete fwrite() write as an error.
* src/pch.c (pch_write_line, do_ed_script): Likewise.
diff --git a/src/patch.c b/src/patch.c
index 1ae91d9..3fcaec5 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -2,7 +2,7 @@
/* Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall
- Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2012 Free Software
+ Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2018 Free Software
Foundation, Inc.
This program is free software: you can redistribute it and/or modify
@@ -1641,7 +1641,7 @@ copy_till (struct outstate *outstate, lin lastline)
if (size)
{
if ((! outstate->after_newline && putc ('\n', fp) == EOF)
- || ! fwrite (s, sizeof *s, size, fp))
+ || fwrite (s, sizeof *s, size, fp) < size)
write_fatal ();
outstate->after_newline = s[size - 1] == '\n';
outstate->zero_output = false;
diff --git a/src/pch.c b/src/pch.c
index cda3dfa..79a3c99 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2279,8 +2279,11 @@ pfetch (lin line)
bool
pch_write_line (lin line, FILE *file)
{
- bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
- if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
+ bool after_newline =
+ (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
+
+ if (fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)
+ < p_len[line])
write_fatal ();
return after_newline;
}
@@ -2427,13 +2430,14 @@ do_ed_script (char const *inname, char const *outname,
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
if (tmpfp)
- if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ if (fwrite (buf, sizeof *buf, chars_read, tmpfp) < chars_read)
write_fatal ();
if (ed_command_letter != 'd' && ed_command_letter != 's') {
p_pass_comments_through = true;
while ((chars_read = get_line ()) != 0) {
if (tmpfp)
- if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ if (fwrite (buf, sizeof *buf, chars_read, tmpfp)
+ < chars_read)
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2448,7 +2452,7 @@ do_ed_script (char const *inname, char const *outname,
}
if (dry_run || skip_rest_of_patch)
return;
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4
|| fflush (tmpfp) != 0)
write_fatal ();

91
patch-2.7.6-cleanups-in-do_ed_script.patch Normal file
View File

@ -0,0 +1,91 @@
commit 2a32bf09f5e9572da4be183bb0dbde8164351474
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 20:32:46 2018 +0200
Minor cleanups in do_ed_script
* src/pch.c (do_ed_script): Minor cleanups.
diff --git a/src/pch.c b/src/pch.c
index 1f14624..1055542 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,6 +2396,10 @@ do_ed_script (char const *inname, char const *outname,
char const *tmpname;
int tmpfd;
pid_t pid;
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ char const **ed_argv;
+ int stdin_dup, status;
+
if (! dry_run && ! skip_rest_of_patch)
{
@@ -2443,7 +2447,7 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
- if (!tmpfp)
+ if (dry_run || skip_rest_of_patch)
return;
if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
|| fflush (tmpfp) != 0)
@@ -2452,36 +2456,29 @@ do_ed_script (char const *inname, char const *outname,
if (lseek (tmpfd, 0, SEEK_SET) == -1)
pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- char const **ed_argv;
- int stdin_dup, status;
-
+ if (inerrno != ENOENT)
+ {
*outname_needs_removal = true;
- if (inerrno != ENOENT)
- {
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
- fflush (stdout);
-
- if ((stdin_dup = dup (0)) == -1
- || dup2 (tmpfd, 0) == -1)
- pfatal ("Failed to duplicate standard input");
- assert (outname[0] != '!' && outname[0] != '-');
- ed_argv = alloca (4 * sizeof * ed_argv);
- ed_argv[0] = editor_program;
- ed_argv[1] = "-";
- ed_argv[2] = outname;
- ed_argv[3] = (char *) NULL;
- status = execute (editor_program, editor_program, (char **)ed_argv,
- false, false, false, false, true, false, NULL);
- if (status)
- fatal ("%s FAILED", editor_program);
- if (dup2 (stdin_dup, 0) == -1
- || close (stdin_dup) == -1)
- pfatal ("Failed to duplicate standard input");
- }
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+ fflush (stdout);
+
+ if ((stdin_dup = dup (0)) == -1
+ || dup2 (tmpfd, 0) == -1)
+ pfatal ("Failed to duplicate standard input");
+ assert (outname[0] != '!' && outname[0] != '-');
+ ed_argv = alloca (4 * sizeof * ed_argv);
+ ed_argv[0] = editor_program;
+ ed_argv[1] = "-";
+ ed_argv[2] = outname;
+ ed_argv[3] = (char *) NULL;
+ status = execute (editor_program, editor_program, (char **)ed_argv,
+ false, false, false, false, true, false, NULL);
+ if (status)
+ fatal ("%s FAILED", editor_program);
+ if (dup2 (stdin_dup, 0) == -1
+ || close (stdin_dup) == -1)
+ pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
safe_unlink (tmpname);

84
patch-2.7.6-crash-RLIMIT_NOFILE.patch Normal file
View File

@ -0,0 +1,84 @@
commit 61d7788b83b302207a67b82786f4fd79e3538f30
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:10:43 2019 +0200
Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
* src/safe.c (min_cached_fds): Define minimum number of cached dir file
descriptors.
(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
hash table will usually suffice; if needed, the hash table will grow.
(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
RLIM_INFINITY.
diff --git a/src/safe.c b/src/safe.c
index 5a7202f..f147b0e 100644
--- a/src/safe.c
+++ b/src/safe.c
@@ -67,7 +67,8 @@ struct cached_dirfd {
};
static Hash_table *cached_dirfds = NULL;
-static size_t max_cached_fds;
+static rlim_t min_cached_fds = 8;
+static rlim_t max_cached_fds;
LIST_HEAD (lru_list);
static size_t hash_cached_dirfd (const void *entry, size_t table_size)
@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
{
struct rlimit nofile;
- max_cached_fds = 8;
if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
+ {
+ if (nofile.rlim_cur == RLIM_INFINITY)
+ max_cached_fds = RLIM_INFINITY;
+ else
+ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
+ }
+ else
+ max_cached_fds = min_cached_fds;
- cached_dirfds = hash_initialize (max_cached_fds,
+ cached_dirfds = hash_initialize (min_cached_fds,
NULL,
hash_cached_dirfd,
compare_cached_dirfds,
@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
if (cached_dirfds == NULL)
init_dirfd_cache ();
- /* Trim off the least recently used entries */
- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ if (max_cached_fds != RLIM_INFINITY)
{
- struct cached_dirfd *last =
- list_entry (lru_list.prev, struct cached_dirfd, lru_link);
- if (&last->lru_link == &lru_list)
- break;
- if (last->fd == keepfd)
+ /* Trim off the least recently used entries */
+ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
{
- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ struct cached_dirfd *last =
+ list_entry (lru_list.prev, struct cached_dirfd, lru_link);
if (&last->lru_link == &lru_list)
break;
+ if (last->fd == keepfd)
+ {
+ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
+ if (&last->lru_link == &lru_list)
+ break;
+ }
+ remove_cached_dirfd (last);
}
- remove_cached_dirfd (last);
}
/* Only insert if the parent still exists. */

95
patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch Normal file
View File

@ -0,0 +1,95 @@
commit 19599883ffb6a450d2884f081f8ecf68edbed7ee
Author: Jean Delvare <jdelvare@suse.de>
Date: Thu May 3 14:31:55 2018 +0200
Don't leak temporary file on failed ed-style patch
Now that we write ed-style patches to a temporary file before we
apply them, we need to ensure that the temporary file is removed
before we leave, even on fatal error.
* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
tmpname. Don't unlink the file directly, instead tag it for removal
at exit time.
* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
diff --git a/src/common.h b/src/common.h
index 904a3f8..53c5e32 100644
--- a/src/common.h
+++ b/src/common.h
@@ -94,10 +94,12 @@ XTERN char const *origsuff;
XTERN char const * TMPINNAME;
XTERN char const * TMPOUTNAME;
XTERN char const * TMPPATNAME;
+XTERN char const * TMPEDNAME;
XTERN bool TMPINNAME_needs_removal;
XTERN bool TMPOUTNAME_needs_removal;
XTERN bool TMPPATNAME_needs_removal;
+XTERN bool TMPEDNAME_needs_removal;
#ifdef DEBUGGING
XTERN int debug;
diff --git a/src/patch.c b/src/patch.c
index 3fcaec5..9146597 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -1999,6 +1999,7 @@ cleanup (void)
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
output_files (NULL);
}
diff --git a/src/pch.c b/src/pch.c
index 79a3c99..1bb3153 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
file_offset beginning_of_this_line;
size_t chars_read;
FILE *tmpfp = 0;
- char const *tmpname;
int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
int exclusive = *outname_needs_removal ? 0 : O_EXCL;
char const **ed_argv;
@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
invalid commands and treats the next line as a new command, which
can lead to arbitrary command execution. */
- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
if (tmpfd == -1)
- pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
+ TMPEDNAME_needs_removal = true;
tmpfp = fdopen (tmpfd, "w+b");
if (! tmpfp)
- pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
}
for (;;) {
@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
write_fatal ();
if (lseek (tmpfd, 0, SEEK_SET) == -1)
- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
if (inerrno != ENOENT)
{
@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
pfatal ("Failed to duplicate standard input");
fclose (tmpfp);
- safe_unlink (tmpname);
if (ofp)
{

71
patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch Normal file
View File

@ -0,0 +1,71 @@
commit 369dcccdfa6336e5a873d6d63705cfbe04c55727
Author: Jean Delvare <jdelvare@suse.de>
Date: Mon May 7 15:14:45 2018 +0200
Don't leak temporary file on failed multi-file ed-style patch
The previous fix worked fine with single-file ed-style patches, but
would still leak temporary files in the case of multi-file ed-style
patch. Fix that case as well, and extend the test case to check for
it.
* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
the next file in a patch.
This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820
Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
diff --git a/src/patch.c b/src/patch.c
index 9146597..81c7a02 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -236,6 +236,7 @@ main (int argc, char **argv)
}
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
}
+ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
if (! skip_rest_of_patch && ! file_type)
{
diff --git a/tests/ed-style b/tests/ed-style
index 6b6ef9d..504e6e5 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -38,3 +38,34 @@ EOF
check 'cat foo' <<EOF
foo
EOF
+
+# Test the case where one ed-style patch modifies several files
+
+cat > ed3.diff <<EOF
+--- foo
++++ foo
+1c
+bar
+.
+--- baz
++++ baz
+0a
+baz
+.
+EOF
+
+# Apparently we can't create a file with such a patch, while it works fine
+# when the file name is provided on the command line
+cat > baz <<EOF
+EOF
+
+check 'patch -e -i ed3.diff' <<EOF
+EOF
+
+check 'cat foo' <<EOF
+bar
+EOF
+
+check 'cat baz' <<EOF
+baz
+EOF

29
patch-2.7.6-failed_assertion.patch Normal file
View File

@ -0,0 +1,29 @@
commit 76e775847f4954b63dc72afe34d9d921c6688b31
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Tue Jul 16 01:16:28 2019 +0200
Fix failed assertion 'outstate->after_newline'
The assertion triggers when the -o FILE option is used, more than one output
file is written into FILE, and one of those files (except the last one) ends in
the middle of a line.
* src/patch.c (main): Fix the case described above.
diff --git a/src/patch.c b/src/patch.c
index 02fd982..3794319 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -369,6 +369,13 @@ main (int argc, char **argv)
/* outstate.ofp now owns the file descriptor */
outfd = -1;
}
+ else
+ {
+ /* When writing to a single output file (-o FILE), always pretend
+ that the output file ends in a newline. Otherwise, when another
+ file is written to the same output file, apply_hunk will fail. */
+ outstate.after_newline = true;
+ }
/* find out where all the lines are */
if (!skip_rest_of_patch) {

22
patch-2.7.6-fix-ed-style-test-failure.patch Normal file
View File

@ -0,0 +1,22 @@
commit 458ac51a05426c1af9aa6bf1342ecf60728c19b4
Author: Bruno Haible <bruno@clisp.org>
Date: Sat Apr 7 12:34:03 2018 +0200
Fix 'ed-style' test failure.
* tests/ed-style: Remove '?' line from expected output.
diff --git a/tests/ed-style b/tests/ed-style
index d8c0689..6b6ef9d 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -31,8 +31,7 @@ r !echo bar
,p
EOF
-check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
-?
+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
Status: 2
EOF

21
patch-2.7.6-fix-korn-shell-incompatibility.patch Normal file
View File

@ -0,0 +1,21 @@
commit 074e2395f81d0ecaa66b71a6c228c70b49db72e5
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 17:05:00 2018 +0100
Test suite: fix Korn shell incompatibility
tests/merge: In a Korn shell, shift apparently fails when $# is 0.
diff --git a/tests/merge b/tests/merge
index b628891..e950b92 100644
--- a/tests/merge
+++ b/tests/merge
@@ -32,7 +32,7 @@ x2() {
shift
done > b.sed
echo "$body" | sed -f b.sed > b
- shift
+ test $# -eq 0 || shift
while test $# -gt 0 ; do
echo "$1"
shift

24
patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch Normal file
View File

@ -0,0 +1,24 @@
commit f290f48a621867084884bfff87f8093c15195e6a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Mon Feb 12 16:48:24 2018 +0100
Fix segfault with mangled rename patch
http://savannah.gnu.org/bugs/?53132
* src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
diff --git a/src/pch.c b/src/pch.c
index ff9ed2c..bc6278c 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
if ((pch_rename () || pch_copy ())
&& ! inname
&& ! ((i == OLD || i == NEW) &&
- p_name[! reverse] &&
+ p_name[reverse] && p_name[! reverse] &&
+ name_is_valid (p_name[reverse]) &&
name_is_valid (p_name[! reverse])))
{
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

48
patch-2.7.6-improve_support_for_memory_leak_detection.patch Normal file
View File

@ -0,0 +1,48 @@
commit 2b584aec9e5f2806b1eccadcabe7e901fcfa0b0a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:02:02 2019 +0200
Improve support for memory leak detection
When building with the address sanitizer on, free some more resources before
exiting. (This is unnecessary when not looking for memory leaks.)
* src/patch.c (init_files_to_delete): Add dispose function for freeing
filenames.
diff --git a/src/patch.c b/src/patch.c
index 81c7a02..4616a48 100644
--- a/src/patch.c
+++ b/src/patch.c
@@ -36,6 +36,10 @@
#include <minmax.h>
#include <safe.h>
+#ifdef __SANITIZE_ADDRESS__
+# define FREE_BEFORE_EXIT
+#endif
+
/* procedures */
static FILE *create_output_file (char const *, int);
@@ -1777,10 +1781,20 @@ struct file_to_delete {
static gl_list_t files_to_delete;
+#ifdef FREE_BEFORE_EXIT
+void dispose_file_to_delete (const void *elt)
+{
+ free ((void *) elt);
+}
+#else
+#define dispose_file_to_delete NULL
+#endif
+
static void
init_files_to_delete (void)
{
- files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL, NULL, true);
+ files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL,
+ dispose_file_to_delete, true);
}
static void

40
patch-2.7.6-make-debug-output-more-useful.patch Normal file
View File

@ -0,0 +1,40 @@
commit ff81775f4eb6ab9a91b75e4031e8216654c0c76a
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Aug 17 10:31:22 2018 +0200
Make the (debug & 2) output more useful
* src/pch.c (another_hunk): In the (debug & 2) output, fix how empty
lines that are not part of the patch context are printed. Also, add
newlines to lines that are missing them to keep the output readable.
diff --git a/src/pch.c b/src/pch.c
index 1bb3153..e92bc64 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -1916,8 +1916,13 @@ another_hunk (enum diff difftype, bool rev)
lin i;
for (i = 0; i <= p_end + 1; i++) {
- fprintf (stderr, "%s %c",
- format_linenum (numbuf0, i),
+ fputs (format_linenum (numbuf0, i), stderr);
+ if (p_Char[i] == '\n')
+ {
+ fputc('\n', stderr);
+ continue;
+ }
+ fprintf (stderr, " %c",
p_Char[i]);
if (p_Char[i] == '*')
fprintf (stderr, " %s,%s\n",
@@ -1930,7 +1935,8 @@ another_hunk (enum diff difftype, bool rev)
else if (p_Char[i] != '^')
{
fputs(" |", stderr);
- pch_write_line (i, stderr);
+ if (! pch_write_line (i, stderr))
+ fputc('\n', stderr);
}
else
fputc('\n', stderr);

20
patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch Normal file
View File

@ -0,0 +1,20 @@
commit a5b442ce01b80a758606ede316f739426a12bc33
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Thu Jun 27 11:09:31 2019 +0200
Skip "ed" test when the ed utility is not installed
* tests/ed-style: Require ed.
diff --git a/tests/ed-style b/tests/ed-style
index 504e6e5..9907cb6 100644
--- a/tests/ed-style
+++ b/tests/ed-style
@@ -7,6 +7,7 @@
. $srcdir/test-lib.sh
require cat
+require ed
use_local_patch
use_tmpdir

1774
patch-2.7.6-switch-from-fork-execlp-to-execute.patch Normal file
View File

File diff suppressed because it is too large Load Diff

124
patch-2.7.6-test-suite-compatibility-fixes.patch Normal file
View File

@ -0,0 +1,124 @@
commit f6bc5b14bd193859851d15a049bafb1007acd288
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Wed Feb 7 12:10:41 2018 +0100
Test suite compatibility fixes
* tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
instead of echo -e / echo -n for compatibility with systems that don't
support these echo options.
* tests/merge: Minor other cleanups.
diff --git a/tests/crlf-handling b/tests/crlf-handling
index 239149c..c192cac 100644
--- a/tests/crlf-handling
+++ b/tests/crlf-handling
@@ -14,7 +14,7 @@ use_local_patch
use_tmpdir
lf2crlf() {
- while read l; do echo -e "$l\r"; done
+ while read l; do printf "%s\r\n" "$l"; done
}
echo 1 > a
diff --git a/tests/git-cleanup b/tests/git-cleanup
index 2e3e4c6..ca527a1 100644
--- a/tests/git-cleanup
+++ b/tests/git-cleanup
@@ -36,8 +36,8 @@ BAD PATCH
EOF
echo 1 > f
-echo -n '' > g
-echo -n '' > h
+printf '' > g
+printf '' > h
check 'patch -f -i 1.diff || echo status: $?' <<EOF
patching file f
diff --git a/tests/merge b/tests/merge
index 22d787b..b628891 100644
--- a/tests/merge
+++ b/tests/merge
@@ -30,30 +30,28 @@ x2() {
while test $# -gt 0 && test "$1" != -- ; do
echo "$1"
shift
- done > a.sed
- echo "$body" | sed -f a.sed > b
+ done > b.sed
+ echo "$body" | sed -f b.sed > b
shift
while test $# -gt 0 ; do
echo "$1"
shift
- done > b.sed
- echo "$body" | sed -f b.sed > c
- rm -f a.sed b.sed
+ done > c.sed
+ echo "$body" | sed -f c.sed > c
+ rm -f b.sed c.sed
output=`diff -u a b | patch $ARGS -f c`
status=$?
echo "$output" | sed -e '/^$/d' -e '/^patching file c$/d'
cat c
- test $status == 0 || echo "Status: $status"
+ test $status = 0 || echo "Status: $status"
}
x() {
- ARGS="$ARGS --merge" x2 "$@"
+ ARGS="--merge" x2 "$@"
echo
- ARGS="$ARGS --merge=diff3" x2 "$@"
+ ARGS="--merge=diff3" x2 "$@"
}
-unset ARGS
-
# ==============================================================
check 'x 3' <<EOF
diff --git a/tests/test-lib.sh b/tests/test-lib.sh
index be0d7e3..661da52 100644
--- a/tests/test-lib.sh
+++ b/tests/test-lib.sh
@@ -41,7 +41,7 @@ use_local_patch() {
eval 'patch() {
if test -n "$GDB" ; then
- echo -e "\n" >&3
+ printf "\n\n" >&3
gdbserver localhost:53153 $PATCH "$@" 2>&3
else
$PATCH "$@"
@@ -113,22 +113,15 @@ cleanup() {
exit $status
}
-if test -z "`echo -n`"; then
- if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
- eval '
- _start_test() {
- echo -n "[${BASH_LINENO[2]}] $* -- "
- }'
- else
- eval '
- _start_test() {
- echo -n "* $* -- "
- }'
- fi
+if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
+ eval '
+ _start_test() {
+ printf "[${BASH_LINENO[2]}] %s -- " "$*"
+ }'
else
eval '
_start_test() {
- echo "* $*"
+ printf "* %s -- " "$*"
}'
fi

16
patch-2.7.6.tar.xz.sig Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJaed0dAAoJENW/n+sDE2U62ScQAK02GcPxJccBefkcuC6q/or9
f1im2lIpc1YJqxHmmhDeRu9twjuFycUV55hud+OroJe2xYKZrI6oUwJBldKTRfHu
whlhRzERO3U4z9pvi8XWbKvObsmqSBIgsM72oby4aPLCWk7IpJprR6BnRZdtnBg1
jzM3Yka8k01+dmVH2rsoSEGAe9sZbXJazBoYg8N/wHKe2+NY4W3esZ7flxQJ9RvB
GxjVU/KbyoNXIoFU4EnMalcLTZTHThhv2kQ1/cQZ+gt/1+f00DoieaUaIg3qB8jX
IqYE4GvXILgx8+REE3utt0zKv7pYGBNRkuACUE2hLZoY4SporJ0J63/7Y8zrzjxQ
GE27+DcjxBQGd1GnpO/Xb4kpqBGyn4KrlBIiHkhk2GgyBewpXPMog3cJki7A/1vz
Qb+JTY8PBqvOe7DmxW4Bp1vX6eOKn14FDQ7q3ZPjAd52Jtn7GUEt4etCduQh7ZNt
ElLLvpPro1wxG1bTbA3+TysCd+9XWWjwKJlPK5Jbdii0R73iy386UZGN1t1kmBzS
1mn3nh82z/XO9lPU3e1WP0BANAzTrNqA66ZbfQ9fIu6UO8R/+ygT7U5yie+X3xwP
kM6HR6oD0eDkqbPbOr8hey0kPG3FAWkZ47Oju5ad1ntUBFj4buLybEY0e08hncJS
gdt7wrbeKKxzdrcyQ1qy
=mjHo
-----END PGP SIGNATURE-----

202
patch-CVE-2018-1000156.patch Normal file
View File

@ -0,0 +1,202 @@
commit 123eaff0d5d1aebe128295959435b9ca5909c26d
Author: Andreas Gruenbacher <agruen@gnu.org>
Date: Fri Apr 6 12:14:49 2018 +0200
Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
* src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
* tests/ed-style: New test case.
* tests/Makefile.am (TESTS): Add test case.
diff --git a/src/pch.c b/src/pch.c
index 0c5cc26..4fd5a05 100644
--- a/src/pch.c
+++ b/src/pch.c
@@ -33,6 +33,7 @@
# include <io.h>
#endif
#include <safe.h>
+#include <sys/wait.h>
#define INITHUNKMAX 125 /* initial dynamic allocation size */
@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
static char const editor_program[] = EDITOR_PROGRAM;
file_offset beginning_of_this_line;
- FILE *pipefp = 0;
size_t chars_read;
+ FILE *tmpfp = 0;
+ char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+ if (! dry_run && ! skip_rest_of_patch)
+ {
+ /* Write ed script to a temporary file. This causes ed to abort on
+ invalid commands such as when line numbers or ranges exceed the
+ number of available lines. When ed reads from a pipe, it rejects
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
+ }
- if (! dry_run && ! skip_rest_of_patch) {
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
- if (inerrno != ENOENT)
- {
- *outname_needs_removal = true;
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- }
- sprintf (buf, "%s %s%s", editor_program,
- verbosity == VERBOSE ? "" : "- ",
- outname);
- fflush (stdout);
- pipefp = popen(buf, binary_transput ? "wb" : "w");
- if (!pipefp)
- pfatal ("Can't open pipe to %s", quotearg (buf));
- }
for (;;) {
char ed_command_letter;
beginning_of_this_line = file_tell (pfp);
@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
}
ed_command_letter = get_ed_command_letter (buf);
if (ed_command_letter) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (ed_command_letter != 'd' && ed_command_letter != 's') {
p_pass_comments_through = true;
while ((chars_read = get_line ()) != 0) {
- if (pipefp)
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
+ if (tmpfp)
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
write_fatal ();
if (chars_read == 2 && strEQ (buf, ".\n"))
break;
@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
break;
}
}
- if (!pipefp)
+ if (!tmpfp)
return;
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
- || fflush (pipefp) != 0)
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ || fflush (tmpfp) != 0)
write_fatal ();
- if (pclose (pipefp) != 0)
- fatal ("%s FAILED", editor_program);
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+ *outname_needs_removal = true;
+ if (inerrno != ENOENT)
+ {
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+ sprintf (buf, "%s %s%s", editor_program,
+ verbosity == VERBOSE ? "" : "- ",
+ outname);
+ fflush (stdout);
+
+ pid = fork();
+ if (pid == -1)
+ pfatal ("Can't fork");
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
+ _exit (2);
+ }
+ else
+ {
+ int wstatus;
+ if (waitpid (pid, &wstatus, 0) == -1
+ || ! WIFEXITED (wstatus)
+ || WEXITSTATUS (wstatus) != 0)
+ fatal ("%s FAILED", editor_program);
+ }
+ }
+
+ fclose (tmpfp);
+ safe_unlink (tmpname);
if (ofp)
{
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 6b6df63..16f8693 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -32,6 +32,7 @@ TESTS = \
crlf-handling \
dash-o-append \
deep-directories \
+ ed-style \
empty-files \
false-match \
fifo \
diff --git a/tests/ed-style b/tests/ed-style
new file mode 100644
index 0000000..d8c0689
--- /dev/null
+++ b/tests/ed-style
@@ -0,0 +1,41 @@
+# Copyright (C) 2018 Free Software Foundation, Inc.
+#
+# Copying and distribution of this file, with or without modification,
+# in any medium, are permitted without royalty provided the copyright
+# notice and this notice are preserved.
+
+. $srcdir/test-lib.sh
+
+require cat
+use_local_patch
+use_tmpdir
+
+# ==============================================================
+
+cat > ed1.diff <<EOF
+0a
+foo
+.
+EOF
+
+check 'patch -e foo -i ed1.diff' <<EOF
+EOF
+
+check 'cat foo' <<EOF
+foo
+EOF
+
+cat > ed2.diff <<EOF
+1337a
+r !echo bar
+,p
+EOF
+
+check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
+?
+Status: 2
+EOF
+
+check 'cat foo' <<EOF
+foo
+EOF

326
patch-selinux.patch Normal file
View File

@ -0,0 +1,326 @@
diff -up patch-2.7.6/src/common.h.selinux patch-2.7.6/src/common.h
--- patch-2.7.6/src/common.h.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/common.h 2018-02-12 12:29:44.415225377 +0000
@@ -30,6 +30,8 @@
#include <sys/types.h>
#include <time.h>
+#include <selinux/selinux.h>
+
#include <sys/stat.h>
#include <limits.h>
@@ -84,6 +86,7 @@ XTERN char *outfile;
XTERN int inerrno;
XTERN int invc;
XTERN struct stat instat;
+XTERN security_context_t incontext;
XTERN bool dry_run;
XTERN bool posixly_correct;
diff -up patch-2.7.6/src/inp.c.selinux patch-2.7.6/src/inp.c
--- patch-2.7.6/src/inp.c.selinux 2017-09-04 12:34:16.000000000 +0100
+++ patch-2.7.6/src/inp.c 2018-02-12 12:29:44.415225377 +0000
@@ -145,7 +145,7 @@ get_input_file (char const *filename, ch
char *getbuf;
if (inerrno == -1)
- inerrno = stat_file (filename, &instat);
+ inerrno = stat_file (filename, &instat, &incontext);
/* Perhaps look for RCS or SCCS versions. */
if (S_ISREG (file_type)
@@ -190,7 +190,7 @@ get_input_file (char const *filename, ch
}
if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
- &instat))
+ &instat, &incontext))
inerrno = 0;
free (getbuf);
@@ -201,6 +201,7 @@ get_input_file (char const *filename, ch
{
instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
instat.st_size = 0;
+ incontext = NULL;
}
else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
&& (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
diff -up patch-2.7.6/src/Makefile.am.selinux patch-2.7.6/src/Makefile.am
--- patch-2.7.6/src/Makefile.am.selinux 2017-09-04 12:34:16.000000000 +0100
+++ patch-2.7.6/src/Makefile.am 2018-02-12 12:29:44.415225377 +0000
@@ -37,7 +37,7 @@ patch_SOURCES = \
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
- $(LIB_XATTR) $(LIB_EACCESS)
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
if ENABLE_MERGE
patch_SOURCES += merge.c
diff -up patch-2.7.6/src/Makefile.in.selinux patch-2.7.6/src/Makefile.in
--- patch-2.7.6/src/Makefile.in.selinux 2018-02-03 13:33:56.000000000 +0000
+++ patch-2.7.6/src/Makefile.in 2018-02-12 12:29:44.415225377 +0000
@@ -1147,7 +1147,7 @@ patch_SOURCES = bestmatch.h common.h inp
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
$(am__append_2)
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
- $(LIB_XATTR) $(LIB_EACCESS)
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
all: all-am
diff -up patch-2.7.6/src/patch.c.selinux patch-2.7.6/src/patch.c
--- patch-2.7.6/src/patch.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/patch.c 2018-02-12 12:30:27.315164138 +0000
@@ -269,19 +269,19 @@ main (int argc, char **argv)
if (! strcmp (inname, outname))
{
if (inerrno == -1)
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, NULL);
outstat = instat;
outerrno = inerrno;
}
else
- outerrno = stat_file (outname, &outstat);
+ outerrno = stat_file (outname, &outstat, NULL);
if (! outerrno)
{
if (has_queued_output (&outstat))
{
output_files (&outstat);
- outerrno = stat_file (outname, &outstat);
+ outerrno = stat_file (outname, &outstat, NULL);
inerrno = -1;
}
if (! outerrno)
@@ -598,7 +598,7 @@ main (int argc, char **argv)
}
else
{
- attr |= FA_IDS | FA_MODE | FA_XATTRS;
+ attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT;
set_file_attributes (TMPOUTNAME, attr, inname, &instat,
mode, &new_time);
}
@@ -658,7 +658,7 @@ main (int argc, char **argv)
struct stat oldst;
int olderrno;
- olderrno = stat_file (rej, &oldst);
+ olderrno = stat_file (rej, &oldst, NULL);
if (olderrno && olderrno != ENOENT)
write_fatal ();
if (! olderrno && lookup_file_id (&oldst) == CREATED)
@@ -1790,7 +1790,7 @@ delete_file_later (const char *name, con
if (! st)
{
- if (stat_file (name, &st_tmp) != 0)
+ if (stat_file (name, &st_tmp, NULL) != 0)
pfatal ("Can't get file attributes of %s %s", "file", name);
st = &st_tmp;
}
diff -up patch-2.7.6/src/pch.c.selinux patch-2.7.6/src/pch.c
--- patch-2.7.6/src/pch.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/pch.c 2018-02-12 12:29:44.416225375 +0000
@@ -1,6 +1,6 @@
/* reading patches */
-/* Copyright (C) 1986, 1987, 1988 Larry Wall
+/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall
Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
Foundation, Inc.
@@ -296,7 +296,7 @@ there_is_another_patch (bool need_header
if (t > buf + 1 && *(t - 1) == '\n')
{
inname = xmemdup0 (buf, t - buf - 1);
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, &incontext);
if (inerrno)
{
perror (inname);
@@ -433,6 +433,7 @@ intuit_diff_type (bool need_header, mode
bool extended_headers = false;
enum nametype i;
struct stat st[3];
+ security_context_t con[3];
int stat_errno[3];
int version_controlled[3];
enum diff retval;
@@ -473,6 +474,7 @@ intuit_diff_type (bool need_header, mode
version_controlled[OLD] = -1;
version_controlled[NEW] = -1;
version_controlled[INDEX] = -1;
+ con[OLD] = con[NEW] = con[INDEX] = NULL;
p_rfc934_nesting = 0;
p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
@@ -883,7 +885,7 @@ intuit_diff_type (bool need_header, mode
}
else
{
- stat_errno[i] = stat_file (p_name[i], &st[i]);
+ stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]);
if (! stat_errno[i])
{
if (lookup_file_id (&st[i]) == DELETE_LATER)
@@ -922,7 +924,7 @@ intuit_diff_type (bool need_header, mode
if (cs)
{
if (version_get (p_name[i], cs, false, readonly,
- getbuf, &st[i]))
+ getbuf, &st[i], &con[i]))
stat_errno[i] = 0;
else
version_controlled[i] = 0;
@@ -985,7 +987,7 @@ intuit_diff_type (bool need_header, mode
{
if (inname)
{
- inerrno = stat_file (inname, &instat);
+ inerrno = stat_file (inname, &instat, &incontext);
if (inerrno || (instat.st_mode & S_IFMT) == file_type)
maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
}
@@ -998,8 +1000,14 @@ intuit_diff_type (bool need_header, mode
inerrno = stat_errno[i];
invc = version_controlled[i];
instat = st[i];
+ incontext = con[i];
+ con[i] = NULL;
}
+ for (i = OLD; i <= INDEX; i++)
+ if (con[i])
+ freecon (con[i]);
+
return retval;
}
diff -up patch-2.7.6/src/util.c.selinux patch-2.7.6/src/util.c
--- patch-2.7.6/src/util.c.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/util.c 2018-02-12 12:29:44.417225374 +0000
@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu
S_ISLNK (mode) ? "symbolic link" : "file",
quotearg (to));
}
+ if (attr & FA_SECCONTEXT)
+ {
+ security_context_t outcontext;
+ if (incontext && getfilecon (to, &outcontext) != -1 && outcontext)
+ {
+ if (strcmp (outcontext, incontext) &&
+ setfilecon (to, incontext) != 0)
+ {
+ freecon (outcontext);
+ if (errno != ENOTSUP && errno != EPERM)
+ pfatal ("Can't set security context on file %s",
+ quotearg (to));
+ }
+ else
+ freecon (outcontext);
+ }
+ }
}
static void
@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_
struct stat to_st;
int to_errno;
- to_errno = stat_file (to, &to_st);
+ to_errno = stat_file (to, &to_st, NULL);
if (backup)
create_backup (to, to_errno ? NULL : &to_st, false);
if (! to_errno)
@@ -818,7 +835,8 @@ version_controller (char const *filename
Return true if successful. */
bool
version_get (char const *filename, char const *cs, bool exists, bool readonly,
- char const *getbuf, struct stat *filestat)
+ char const *getbuf, struct stat *filestat,
+ security_context_t *filecontext)
{
if (patch_get < 0)
{
@@ -843,6 +861,13 @@ version_get (char const *filename, char
fatal ("Can't get file %s from %s", quotearg (filename), cs);
if (safe_stat (filename, filestat) != 0)
pfatal ("%s", quotearg (filename));
+ if (filecontext && getfilecon (filename, filecontext) == -1)
+ {
+ if (errno == ENODATA || errno == ENOTSUP)
+ *filecontext = NULL;
+ else
+ pfatal ("%s", quotearg (filename));
+ }
}
return 1;
@@ -1670,12 +1695,28 @@ make_tempfile (char const **name, char l
return fd;
}
-int stat_file (char const *filename, struct stat *st)
+int stat_file (char const *filename, struct stat *st, security_context_t *con)
{
int (*xstat)(char const *, struct stat *) =
follow_symlinks ? safe_stat : safe_lstat;
+ int (*xgetfilecon)(char const *, security_context_t *) =
+ follow_symlinks ? getfilecon : lgetfilecon;
+
+ if (xstat (filename, st) == 0)
+ {
+ if (con)
+ {
+ if (xgetfilecon (filename, con) != -1 ||
+ errno == ENODATA || errno == ENOTSUP)
+ return 0;
- return xstat (filename, st) == 0 ? 0 : errno;
+ *con = NULL;
+ }
+ else
+ return 0;
+ }
+
+ return errno;
}
/* Check if a filename is relative and free of ".." components.
diff -up patch-2.7.6/src/util.h.selinux patch-2.7.6/src/util.h
--- patch-2.7.6/src/util.h.selinux 2018-02-03 12:41:49.000000000 +0000
+++ patch-2.7.6/src/util.h 2018-02-12 12:30:08.533190949 +0000
@@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha
char *savebuf (char const *, size_t);
char *savestr (char const *);
char const *version_controller (char const *, bool, struct stat const *, char **, char **);
-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
+bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
int create_file (char const *, int, mode_t, bool);
int systemic (char const *);
char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin);
@@ -67,7 +67,7 @@ void insert_file_id (struct stat const *
enum file_id_type lookup_file_id (struct stat const *);
void set_queued_output (struct stat const *, bool);
bool has_queued_output (struct stat const *);
-int stat_file (char const *, struct stat *);
+int stat_file (char const *, struct stat *, security_context_t *);
bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE;
bool cwd_is_root (char const *);
@@ -75,7 +75,8 @@ enum file_attributes {
FA_TIMES = 1,
FA_IDS = 2,
FA_MODE = 4,
- FA_XATTRS = 8
+ FA_XATTRS = 8,
+ FA_SECCONTEXT = 16
};
void set_file_attributes (char const *, enum file_attributes, char const *,

460
patch.spec Normal file
View File

@ -0,0 +1,460 @@
%global gnulib_ver 20180203
Summary: Utility for modifying/upgrading files
Name: patch
Version: 2.7.6
Release: 13%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch0: patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch
patch1: patch-2.7.6-test-suite-compatibility-fixes.patch
Patch2: patch-2.7.6-fix-korn-shell-incompatibility.patch
Patch3: patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch
Patch4: patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
Patch5: patch-CVE-2018-1000156.patch
Patch6: patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch
Patch7: patch-2.7.6-switch-from-fork-execlp-to-execute.patch
Patch8: patch-2.7.6-cleanups-in-do_ed_script.patch
Patch9: patch-2.7.6-avoid-warnings-gcc8.patch
Patch10: patch-2.7.6-check-of-return-value-of-fwrite.patch
Patch11: patch-2.7.6-fix-ed-style-test-failure.patch
Patch12: patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch
Patch13: patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch
Patch14: patch-2.7.6-make-debug-output-more-useful.patch
Patch15: patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch
Patch16: patch-2.7.6-improve_support_for_memory_leak_detection.patch
patch17: patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch
Patch18: patch-2.7.6-abort_when_cleaning_up_fails.patch
Patch19: patch-2.7.6-crash-RLIMIT_NOFILE.patch
Patch20: patch-2.7.6-CVE-2019-13636-symlinks.patch
Patch21: patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch
Patch22: patch-2.7.6-CVE-2018-17942.patch
Patch23: patch-2.7.6-failed_assertion.patch
Patch100: patch-selinux.patch
BuildRequires: gcc
BuildRequires: libselinux-devel
BuildRequires: libattr-devel
BuildRequires: ed
BuildRequires: autoconf automake
Requires: ed
Provides: bundled(gnulib) = %{gnulib_ver}
%description
The patch program applies diff files to originals. The diff command
is used to compare an original to a changed file. Diff lists the
changes made to the file. A person who has the original file can then
use the patch command with the diff file to add the changes to their
original file (patching the file).
Patch should be installed because it is a common way of upgrading
applications.
%prep
%setup -q
%patch0 -p1 -b .avoid-set_file_attributes-sign-conversion-warnings
%patch1 -p1 -b .test-suite-compatibility-fixes
%patch2 -p1 -b .fix-korn-shell-incompatibility
%patch3 -p1 -b .fix-segfault-with-mangled-rename-patch
%patch4 -p1 -b .allow-input-files-to-be-missing-for-ed-style-patches
# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
%patch5 -p1 -b .CVE-2018-1000156
%patch6 -p1 -b .CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell
%patch7 -p1 -b .switch-from-fork-execlp-to-execute
%patch8 -p1 -b .cleanups-in-do_ed_script
%patch9 -p1 -b .avoid-warnings-gcc8
%patch10 -p1 -b .check-of-return-value-of-fwrite
%patch11 -p1 -b .fix-ed-style-test-failure
%patch12 -p1 -b .dont-leak-temporary-file-on-failed-ed-style-patch
%patch13 -p1 -b .dont-leak-temporary-file-on-failed-multi-file-ed-style-patch
%patch14 -p1 -b .make-debug-output-more-useful
%patch15 -p1 -b .CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap
%patch16 -p1 -b .improve_support_for_memory_leak_detection
%patch17 -p1 -b .skip-ed-test-when-the-ed-utility-is-not-installed
%patch18 -p1 -b .abort_when_cleaning_up_fails
%patch19 -p1 -b .crash-RLIMIT_NOFILE
%patch20 -p1 -b .CVE-2019-13636-symlinks
%patch21 -p1 -b .avoid-invalid-memory-access-in-context-format-diffs
# CVE-2018-17942 gnulib: heap-based buffer overflow
%patch22 -p1 -b .CVE-2018-17942-gnulib_buffer_overflow
%patch23 -p1 -b .failed_assertion
# SELinux support.
%patch100 -p1 -b .selinux
%build
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
%ifarch sparcv9
CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
%endif
autoreconf
%configure --disable-silent-rules
make %{?_smp_mflags}
%check
make check
%install
rm -rf $RPM_BUILD_ROOT
%makeinstall
%files
%license COPYING
%doc NEWS README
%{_bindir}/*
%{_mandir}/*/*
%changelog
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jul 29 2019 Than Ngo <than@redhat.com> - 2.7.6-11
- fixed #1733917, CVE-2019-13638 patch: OS shell command injection when processing crafted patch files
* Wed Jul 24 2019 Than Ngo <than@redhat.com> - 2.7.6-10
- backported patch, abort when cleaning up fails
- backported patch, improve support for memory leak detection
- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
- backported patch, avoid invalid memory accessin context format diffs
- backported patch, fix failed assertion
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Nov 26 2018 Than Ngo <than@redhat.com> - 2.7.6-8
- Added virtual provides for bundled gnulib library
- Fixed CVE-2018-17942, gnulib: heap-based buffer overflow
* Thu Oct 11 2018 Than Ngo <than@redhat.com> - 2.7.6-7
- Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command
* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
- Fixed #1554752 - Double free of memory, CVE-2018-6952
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 3 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-4
- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary
commands.
* Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Wed Feb 01 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.7.5-4
- Add missing %%license macro
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Mon Mar 9 2015 Tim Waugh <twaugh@redhat.com> - 2.7.5-1
- Fixed memory leak in selinux patch.
- 2.7.5, including an even better fix for CVE-2015-1196 that still
allows relative symlinks to be created/used.
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.4-2
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Sun Feb 1 2015 Tim Waugh <twaugh@redhat.com> - 2.7.4-1
- 2.7.4, including a better fix for CVE-2015-1196 that still allows
symlinks referencing ".." to be created.
* Fri Jan 23 2015 Tim Waugh <twaugh@redhat.com> - 2.7.3-1
- 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637).
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-12
- Apply upstream patch to fix line numbering integer overflow.
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-11
- Apply upstream patch to fix directory traversal via symlinks
(bug #1182157, CVE-2015-1196).
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jun 12 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-6
- Don't segfault when given bad arguments (bug #972330).
* Thu Apr 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-5
- Don't document unsupported -m option; document -x option (bug #948972).
* Mon Mar 25 2013 Ville Skyttä <ville.skytta@iki.fi> - 2.7.1-4
- Build with xattr support.
- Make build output more verbose.
- Fix bogus date in %%changelog.
* Mon Mar 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-3
- Upstream patch to fix removal of empty directories (bug #919489).
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7.1-1
- Fixed license (since 2.6 it has been GPLv3+).
- 2.7.1.
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7-1
- 2.7. No longer need sigsegv, get-arg, CVE-2010-4651,
backup-if-mismatch or coverity-leak patches.
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Nov 25 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-11
- Fixed NULL dereference in selinux patch.
* Mon May 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-10
- Applied Jiri Popelka's fixes from Coverity scan (bug #704554):
- Avoid unchecked return from getfilecon() in patch-selinux.patch.
- Fix memory leak.
* Wed Feb 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-9
- Let --posix cause --no-backup-if-mismatch (bug #678016).
* Thu Feb 10 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-8
- Incorporate upstream fix for CVE-2010-4651 patch so that a target
name given on the command line is not validated (bug #667529).
* Tue Feb 8 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-7
- Applied upstream patch to fix CVE-2010-4651 so that malicious
patches cannot create files above the current directory
(bug #667529).
* Tue Jan 4 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-6
- Use smp_mflags correctly (bug #665770).
* Mon Aug 16 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-5
- Another fix for the selinux patch (bug #618215).
* Fri Aug 6 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-4
- Fixed interpretation of return value from getfilecon().
- Fixed argument type for --get (bug #553624).
* Fri Aug 6 2010 Dennis Gilmore <dennis@ausil.us>
- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now
* Tue Jul 27 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-3
- Fixed argument type for --get (bug #553624).
* Wed Mar 3 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-2
- Added comments for all patches.
- Ship COPYING file.
- Removed sparc ifdefs in spec file.
* Mon Jan 4 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-1
- 2.6.1 (bug #551569). No longer need best-name patch.
* Thu Dec 24 2009 Tim Waugh <twaugh@redhat.com> 2.6-2
- Applied upstream patch to prevent incorrect filename being chosen
when adding a new file (bug #549122).
* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 2.6-1
- 2.6. No longer need stderr, suffix, stripcr, parse, allow-spaces,
ifdef, program_name, or posix-backup patches.
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Apr 29 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-39
- Fixed operation when SELinux is disabled (bug #498102). Patch from
Jan Kratochvil.
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-38
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Tue Feb 17 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-37
- Don't set SELinux file context if it is already correct.
* Mon Nov 24 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-36
- Better summary.
* Mon Jun 30 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-35
- Don't fail if setfilecon() returns EPERM (bug #453365), although the
setfilecon man page suggests that ENOTSUP will be returned in this
case.
* Mon Jun 16 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-34
- Only write simple backups for each file once during a run
(bug #234822).
* Thu Jun 12 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-33
- Fix selinux patch and apply it. Build requires libselinux-devel.
* Fri Feb 8 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-32
- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887).
* Mon Dec 3 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-31
- Convert spec file to UTF-8 (bug #226233).
- Use _bindir macro in %%files (bug #226233).
- Parallel make (bug #226233).
- Better defattr declaration (bug #226233).
* Thu Oct 4 2007 Tim Waugh <twaugh@redhat.com>
- Beginnings of an SELinux patch (bug #165799); not applied yet.
* Wed Aug 29 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-30
- Added dist tag.
- More specific license tag.
- Fixed summary.
- Better buildroot tag.
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.2
- rebuild
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.1
- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2
- rebuilt for new gcc4.1 snapshot and glibc changes
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
- rebuilt
* Thu Sep 8 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-29
- Remove SELinux patch for now (bug #167822).
* Wed Sep 7 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-27
- Applied patch from Ulrich Drepper to fix string overread (bug #167675).
* Tue Sep 6 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-26
- Preserve SELinux file contexts (bug #165799).
* Thu Aug 11 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-25
- Fixed CRLF detection (bug #154283).
* Wed May 4 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-24
- Reverted last change (bug #154283, bug #156762).
* Fri Apr 29 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-23
- Applied patch from Toshio Kuratomi to avoid problems with DOS-format
newlines (bug #154283).
* Wed Mar 2 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-22
- Rebuild for new GCC.
* Wed Feb 9 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-21
- Rebuilt.
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Sat Oct 25 2003 Tim Waugh <twaugh@redhat.com> 2.5.4-18
- Rebuilt.
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
- rebuilt
* Wed Nov 20 2002 Tim Powers <timp@redhat.com>
- rebuilt in current collinst
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Thu May 23 2002 Tim Powers <timp@redhat.com>
- automated rebuild
* Tue Apr 9 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-12
- Fix error reporting when given bad options (bug #62981).
* Tue Mar 5 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-11
- s/Copyright:/License:/.
- Fix -D behaviour (bug #60688).
* Tue May 29 2001 Tim Waugh <twaugh@redhat.com> 2.5.4-10
- Merge Mandrake patch:
- fix possible segfault
* Fri Dec 1 2000 Tim Waugh <twaugh@redhat.com>
- Rebuild because of fileutils bug.
* Thu Nov 2 2000 Tim Waugh <twaugh@redhat.com>
- use .orig as default suffix, as per man page and previous behaviour
(bug #20202).
- use better patch for this, from maintainer.
* Wed Oct 4 2000 Tim Waugh <twaugh@redhat.com>
- actually use the RPM_OPT_FLAGS
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
* Tue Jun 13 2000 Trond Eivind Glomsrød <teg@redhat.com>
- Use %%makeinstall, %%{_tmppath} and %%{_mandir}
* Fri May 12 2000 Trond Eivind Glomsrød <teg@redhat.com>
- added URL
* Wed Feb 16 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- 2.5.4
- Fix up LFS support on Alpha (Bug #5732)
* Mon Feb 7 2000 Bill Nottingham <notting@redhat.com>
- handle compressed manpages
* Sun Jun 06 1999 Alan Cox <alan@redhat.com>
- Fix the case where stderr isnt flushed for ask(). Now the 'no such file'
appears before the skip patch question, not at the very end, Doh!
* Mon Mar 22 1999 Jeff Johnson <jbj@redhat.com>
- (ultra?) sparc was getting large file system support.
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
- auto rebuild in the new build environment (release 7)
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
- build against glibc 2.1
* Tue Sep 1 1998 Jeff Johnson <jbj@redhat.com>
- bump release to preserve newer than back-ported 4.2.
* Tue Jun 09 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr
* Tue Jun 9 1998 Jeff Johnson <jbj@redhat.com>
- Fix for problem #682 segfault.
* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr
* Tue Apr 07 1998 Cristian Gafton <gafton@redhat.com>
- added buildroot
* Tue Oct 21 1997 Cristian Gafton <gafton@redhat.com>
- updated to 2.5
* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
- built against glibc

1
sources Normal file
View File

@ -0,0 +1 @@
SHA512 (patch-2.7.6.tar.xz) = fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd

65
tests/Cannot-handle-file-names-with-integrated-spaces/Makefile Normal file
View File

@ -0,0 +1,65 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/patch/Regression/Cannot-handle-file-names-with-integrated-spaces
# Description: Test for bz431887 (Cannot handle file names with integrated spaces)
# Author: Ondrej Moris <omoris@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/patch/Regression/Cannot-handle-file-names-with-integrated-spaces
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Ondrej Moris <omoris@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for bz431887 (Cannot handle file names with integrated spaces)" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: patch" >> $(METADATA)
@echo "Requires: patch" >> $(METADATA)
@echo "Requires: expect" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Bug: 431887" >> $(METADATA)
rhts-lint $(METADATA)

27
tests/Cannot-handle-file-names-with-integrated-spaces/PURPOSE Normal file
View File

@ -0,0 +1,27 @@
PURPOSE of /CoreOS/patch/Regression/Cannot-handle-file-names-with-integrated-spaces
Description: Test for bz431887 (Cannot handle file names with integrated spaces)
Author: Ondrej Moris <omoris@redhat.com>
Bug summary: Cannot handle file names with integrated spaces
Bugzilla link: https://bugzilla.redhat.com/show_bug.cgi?id=431887
Description:
Description of problem:
If the file name for the file to be patched in a patch file has spaces, it
cannot be handled by patch.
Version-Release number of selected component (if applicable):
patch-2.5.4-29.2.2
How reproducible:
create a patch of a file with spaces in path
try to apply the patch
Actual results:
patch asks for the file name to patch
Expected results:
Just the patched file
Additional info:
Note that this bug is fixed upstream on 2003-05-18!

76
tests/Cannot-handle-file-names-with-integrated-spaces/runtest.sh Normal file
View File

@ -0,0 +1,76 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/patch/Regression/Cannot-handle-file-names-with-integrated-spaces
# Description: Test for bz431887 (Cannot handle file names with integrated spaces)
# Author: Ondrej Moris <omoris@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include rhts environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="patch"
function apply_patch {
expect <<EOF
set timeout 5
spawn patch -i spaces.patch
expect "patching file 'f i r s t'" { expect timeout ; exit 0 }
exit 1
EOF
return $?
}
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlPhaseEnd
rlPhaseStartTest
rlRun "echo \"1\" > \"f i r s t\"" 0
rlRun "echo \"2\" > \"s e c o n d\"" 0
rlAssertExists "f i r s t"
rlAssertExists "s e c o n d"
rlAssertDiffer "f i r s t" "s e c o n d"
rlRun "diff -u f\ i\ r\ s\ t s\ e\ c\ o\ n\ d > spaces.patch" 1
rlRun "apply_patch" 0 "Patching file with spaces in its name"
rlAssertExists "f i r s t"
rlAssertExists "s e c o n d"
rlAssertNotDiffer "f i r s t" "s e c o n d"
rlPhaseEnd
rlPhaseStartCleanup
rlRun "rm -f f\ i\ r\ s\ t s\ e\ c\ o\ n\ d spaces.patch"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

63
tests/Regression-wrong-name-used-when-adding-new-file/Makefile Normal file
View File

@ -0,0 +1,63 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/patch/Regression/Regression-wrong-name-used-when-adding-new-file
# Description: Test for Regression: wrong name used when adding new file
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/patch/Regression/Regression-wrong-name-used-when-adding-new-file
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Karel Srot <ksrot@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Test for Regression: wrong name used when adding new file" >> $(METADATA)
@echo "Type: Regression" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: patch" >> $(METADATA)
@echo "Requires: patch" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
rhts-lint $(METADATA)

55
tests/Regression-wrong-name-used-when-adding-new-file/PURPOSE Normal file
View File

@ -0,0 +1,55 @@
PURPOSE of /CoreOS/patch/Regression/Regression-wrong-name-used-when-adding-new-file
Description: Test for Regression: wrong name used when adding new file
Author: Karel Srot <ksrot@redhat.com>
Bug summary: Regression: wrong name used when adding new file
Description:
+++ This bug was initially created as a clone of Bug #549122 +++
Description of problem:
Regression: Suffix inside of new files of patch files are added to new files.
Take http://cvs.fedoraproject.org/viewvc/devel/popt/popt-1.13-multilib.patch
for example for reproducing:
With patch-2.6-1, "%patch0 -p1 -b .multilib" causes:
-rw-r--r-- 1 tux tux 256 Dec 20 15:26 footer_no_timestamp.html.multilib
-rw-r--r-- 1 tux tux 0 Dec 20 15:26 footer_no_timestamp.html.multilib.multilib
-rw-r--r-- 1 tux tux 51543 Dec 20 15:26 Doxyfile.in
-rw-r--r-- 1 tux tux 51519 May 25 2007 Doxyfile.in.multilib
With patch-2.5.4-36, "%patch0 -p1 -b .multilib" causes:
-rw-r--r-- 1 tux tux 256 Dec 20 15:32 footer_no_timestamp.html
---------- 1 tux tux 0 Dec 20 15:32 footer_no_timestamp.html.multilib
-rw-r--r-- 1 tux tux 51543 Dec 20 15:32 Doxyfile.in
-rw-r--r-- 1 tux tux 51519 May 25 2007 Doxyfile.in.multilib
You see what I mean? If the file is created by the patch file, the suffix
inside of the patch is appended to the new created file. That behaviour has
been introduced with the new version and it looks like a regression to me.
Version-Release number of selected component (if applicable):
patch-2.6-1
patch-2.5.4-36
How reproducible:
Everytime, see above.
Actual results:
Regression: Suffixes inside of patches at new files are added to new files
Expected results:
Good old behaviour like at patch-2.5.4-36.
--- Additional comment from twaugh@redhat.com on 2009-12-21 05:17:27 EDT ---
Verified.
Affects F-12 and F-11 as well.
--- Additional comment from twaugh@redhat.com on 2009-12-21 11:44:02 EDT ---
Reported upstream:
https://savannah.gnu.org/bugs/index.php?28367

57
tests/Regression-wrong-name-used-when-adding-new-file/runtest.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/patch/Regression/Regression-wrong-name-used-when-adding-new-file
# Description: Test for Regression: wrong name used when adding new file
# Author: Karel Srot <ksrot@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include rhts environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="patch"
rlJournalStart
rlPhaseStartSetup
rlAssertRpm $PACKAGE
rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
rlRun "pushd $TmpDir"
rlRun "mkdir a b && touch a/file && echo content > b/file.new" 0 "Preparing test environment"
rlRun "diff -u a/file b/file.new > test.patch" 1 "Preparing a patch"
rlPhaseEnd
rlPhaseStartTest
rlRun "patch -p1 -b -z .backup -i test.patch" 0 "Patching the test file"
rlAssertExists file
rlAssertExists file.backup
rlAssertNotExists file.new
rlAssertNotExists file.new.backup
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

21
tests/tests.yml Normal file
View File

@ -0,0 +1,21 @@
---
# Run tests in all contexts
- hosts: localhost
tags:
- classic
roles:
- role: standard-test-beakerlib
tests:
- Cannot-handle-file-names-with-integrated-spaces
- Regression-wrong-name-used-when-adding-new-file
- upstream-test-suite
required_packages:
- patch
- expect
- gcc
- rpm-build
- automake
- libselinux-devel
- ed
- libattr-devel
- wget

65
tests/upstream-test-suite/Makefile Normal file
View File

@ -0,0 +1,65 @@
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Makefile of /CoreOS/patch/Sanity/upstream-test-suite
# Description: tests upstream test suite
# Author: Miroslav Vadkerti <mvadkert@redhat.com>
# Author: Than Ngo <than@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2019 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
export TEST=/CoreOS/patch/Sanity/upstream-test-suite
export TESTVERSION=1.0
BUILT_FILES=
FILES=$(METADATA) runtest.sh Makefile PURPOSE
.PHONY: all install download clean
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
chmod a+x runtest.sh
clean:
rm -f *~ $(BUILT_FILES)
include /usr/share/rhts/lib/rhts-make.include
$(METADATA): Makefile
@echo "Owner: Miroslav Vadkerti <mvadkert@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "Description: Executes upstream test suite" >> $(METADATA)
@echo "Type: Sanity" >> $(METADATA)
@echo "TestTime: 30m" >> $(METADATA)
@echo "RunFor: patch" >> $(METADATA)
@echo "Requires: patch gcc rpm-build automake libselinux-devel ed libattr-devel" >> $(METADATA)
@echo "Priority: Normal" >> $(METADATA)
@echo "License: GPLv2" >> $(METADATA)
@echo "Confidential: no" >> $(METADATA)
@echo "Destructive: no" >> $(METADATA)
@echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
rhts-lint $(METADATA)

7
tests/upstream-test-suite/PURPOSE Normal file
View File

@ -0,0 +1,7 @@
PURPOSE of /CoreOS/patch/Sanity/upstream-test-suite
Description: Tests upstream test suite
Author: Miroslav Vadkerti <mvadkert@redhat.com>
tests following scenarios:
* download source rpm and build
* use the system patch to run the upstream test suite

77
tests/upstream-test-suite/runtest.sh Executable file
View File

@ -0,0 +1,77 @@
#!/bin/bash
# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# runtest.sh of /CoreOS/patch/Sanity/selftest
# Description: Executes the upstream test suite comming with the package
# Author: Miroslav Vadkerti <mvadkert@redhat.com>
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# Copyright (c) 2010 Red Hat, Inc. All rights reserved.
#
# This copyrighted material is made available to anyone wishing
# to use, modify, copy, or redistribute it subject to the terms
# and conditions of the GNU General Public License version 2.
#
# This program is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
# PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public
# License along with this program; if not, write to the Free
# Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Include rhts environment
. /usr/bin/rhts-environment.sh || exit 1
. /usr/share/beakerlib/beakerlib.sh || exit 1
PACKAGE="patch"
PACKAGES="patch gcc rpm-build automake libselinux-devel"
UPSTREAMPKG="patch-*"
BUILDLOG=`mktemp`
TESTLOG=`mktemp`
TARGET=$(echo `uname -m` | egrep ppc)
if [[ $TARGET != "" ]]; then TARGET="--target `uname -m`"; fi
TOPDIR=`mktemp -d`
SPEC="$TOPDIR/SPECS/$PACKAGE*.spec"
TESTDIR="$TOPDIR/BUILD/$UPSTREAMPKG/"
PATCH=/usr/bin/patch
rlJournalStart
rlPhaseStartSetup
for PKG in $PACKAGES; do
rlAssertRpm $PKG
done
rlPhaseEnd
rlPhaseStartTest
rlAssertExists $PATCH
rlFetchSrcForInstalled $PACKAGE
rlRun "rpm -ivh --define '_topdir $TOPDIR' $PACKAGE*.src.rpm" 0 "Installing $PACKAGE src rpm"
echo "+ Building $PACKAGE (Log: $BUILDLOG)"
echo "+ Build command: rpmbuild -bc $SPEC $TARGET"
rlRun "rpmbuild --define '_topdir $TOPDIR' -bc $SPEC $TARGET &> $BUILDLOG"
echo "+ Buildlog:"
tail -n 100 $BUILDLOG
rlRun "pushd ."
rlRun "cd $TESTDIR"
rlRun "make check &> $TESTLOG"
cat $TESTLOG
if rlIsRHEL 6; then
rlAssertGrep 'All tests succeeded!' $TESTLOG
else
rlAssertNotGrep "^FAIL:" $TESTLOG
fi
rlPhaseEnd
rlPhaseStartCleanup
rlRun "popd"
rlRun "rm -rf $PACKAGE*.src.rpm" 0 "Removing source rpm"
rlPhaseEnd
rlJournalPrintText
rlJournalEnd

85
upstream-key.gpg Normal file
View File

@ -0,0 +1,85 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQGiBErnFxkRBADiiaYtqw46j2/Dwvw/pUdHeK1T3kqJGxxyWb1xNtQMOTaViNRB
fmc19omxdOylPBfGwMN3Aavw2HCdC5F8JeVTXIO9hyM79zf15qNrrfku9IwG7Lmu
iKxSLgSDPwMyL9rT+lpaxvpU4m5nRfCwaIN38K+mpqfKLp/5mptaDsvoewCg6IuK
sQemv/fsfolVGW/zzL+7eBMD/0XO/I957FEuwX+1wCMtLMFj0tdJq2AdOAkh/T9X
zC7aoPSwA97zlSFoKYS4J9W0SdIgyY5FqLwfvbo43qr03AdaLCKDu8lmTnfDp/jp
C7kBQWTFSdhkVjtncJQW91MseJ5bjXuZJCZFN3Qo0onP4d1dr4KdPe+nAxUeHEjp
NgOYBACV7w+/Eu5dY6OydEl9kanKyiUGhV17YUWX5RRyNqlsSEFDrVgym1eGZ1Z8
xrcXWO2za5sRCe5jkik7v0IUxaAA2B0BWLOM4TEJgLcOyztgzDIrXYLQO1xdCUDz
TN+cXKAlz6xrAQrD4OQGv18xyVxyoBts+oVpnFOM4CONnnBLnrQkQW5kcmVhcyBH
cnVlbmJhY2hlciA8YWdAYmVzdGJpdHMuYXQ+iEYEEBECAAYFAkrnG3kACgkQGfdM
MnwSO19wEwCfQTrsTruGEgl7toByUQNCEhGoPCUAoLAVDVwg6HHyACOw26Paqb8/
rRzriGYEExECACYFAkrnG0ICGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgIDAQIeAQIX
gAAKCRD36HL+uXFU09PpAJ9XviQi141MU+/RkdpMZDZeXJiMTwCfa2+HmZdwYfB6
afmnTD1EgFpu+0CIZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJO
pVMIBQkFn29kAAoJEPfocv65cVTTvc4AnRxuY0LHpdhdjO1TuzQhD1gCZdmIAJ45
l6Xj6rkbDnsnKQ1FYyLMrIncZ7QkQW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVu
QGdudS5vcmc+iGYEExECACYFAkrnJOsCGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAAKCRD36HL+uXFU023zAKCyx8vewuQOcwNxxXZ7bm8Xe9qbaACgoenm
P/d1BzSUnX2+u6Do/50fvvGIZgQTEQIAJgUCSvF2vwIbAwUJA8JnAAYLCQgHAwIE
FQIIAwQWAgMBAh4BAheAAAoJEPfocv65cVTTQFYAoOBupY4jexET3XohajG4XDmW
J7lKAJ4uGjiGR0jS1WAQOhlODmhX8Fz7sohmBBMRAgAmAhsDBgsJCAcDAgQVAggD
BBYCAwECHgECF4AFAk6lUwgFCQWfb2QACgkQ9+hy/rlxVNNgIACcDYn4NYw2bIlK
dv2I9qXM2oUcnGsAoId8eaK7Bbpaf9yu/upu3bu6afp/tCRBbmRyZWFzIEdydWVu
YmFjaGVyIDxhZ3J1ZW5Ac3VzZS5kZT6IRgQQEQIABgUCSucbeQAKCRAZ90wyfBI7
X5wYAJ99gjXqaUSodK5o9ot9iJ1sNLHiYQCgnh6UW5pbZeqPyq31htZVFRWHoJqI
ZgQTEQIAJgUCSucXGQIbAwUJA8JnAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJ
EPfocv65cVTTJwoAoK5WIYEQGeun8lgbcplXIs9josSsAKDV+3sv3zoeBy3CezQr
Qqu24BC8LohmBBMRAgAmBQJK5xwCAhsDBQkDwmcABgsJCAcDAgQVAggDBBYCAwEC
HgECF4AACgkQ9+hy/rlxVNNjfACgk/yFhJkuD80ow7/BreguMzIxwwwAoOEfRy2J
LTKJaPsy/P3qbVfSN5tqiGgEExECACkCGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAUCSvF2zQIZAQAKCRD36HL+uXFU04YhAJdV3JUl3ouHXRHG6EI9lTna
ZTK6AJ9eN5XMIGbFjG7ob6zZAhWqnhNsyIhpBBMRAgApAhsDBQkDwmcABgsJCAcD
AgQVAggDBBYCAwECHgECF4AFAkrnG4YCGQEACgkQ9+hy/rlxVNPhTQCgyIZQbcM6
MyLwBXLx6M2anOaYMoYAnA2MMTEL/9CHi3H2Jyx5uvrLmZTaiGkEExECACkCGwMF
CQPCZwAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCSucdvQIZAQAKCRD36HL+uXFU
0zxqAKCGF6V9kNMqap5jeemjJ4TriA6LxwCfcsijmwXGI3vITyiBO1X8f7Z90/mI
ZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQkFn29kBQJOpVPoAAoJ
EPfocv65cVTThTwAnjYmXmbEQvqMu5ozW65qnHJS1DcjAKCjuR4gZSuNUh5Y6Dmw
812MC3UjMohpBBMRAgApAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4ACGQEFAk6l
Uv0FCQWfb2QACgkQ9+hy/rlxVNPydgCgnrhwInWuZ9bTKT/TOwaGZVQISo4An2E8
2vxhg8EsXtaR29lHT7CeMyeqtCdBbmRyZWFzIEdydWVuYmFjaGVyIDxhZ3J1ZW5A
bGluYml0LmNvbT6IZgQTEQIAJgUCSucdtAIbAwUJA8JnAAYLCQgHAwIEFQIIAwQW
AgMBAh4BAheAAAoJEPfocv65cVTT+UAAmgIc0N0K/Ock/dQnA9xVExBdNFakAJ0e
TB3SVXAIa5lhhWc1GZmxKidPGohmBBMRAgAmAhsDBgsJCAcDAgQVAggDBBYCAwEC
HgECF4AFAk6lUwgFCQWfb2QACgkQ9+hy/rlxVNOn8wCdGunqok07wMS1U6qhZdGE
BF6mh5oAni9/qN1iKn4VRawMNQpemh6fTJfniGYEExECACYFAk1c+joCGwMFCQPC
ZwAGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRD36HL+uXFU008lAJ9rKQV7HVie
IdMPbJWEtmHxIkb2IgCghre+tNcE0uAeFm44r1792LU44kiIaQQTEQIAKQIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheABQkFn29kBQJOpVPoAhkBAAoJEPfocv65cVTT
k5AAn2nQfHXSLcoipj7+cI4dn1AqsmhBAKCrA6ooseBLsGG2ilRqSv6R15LMerQn
QW5kcmVhcyBHcnVlbmJhY2hlciA8YWdydWVuQG5vdmVsbC5jb20+iEYEEBECAAYF
AkrnG3kACgkQGfdMMnwSO1+TegCePUCJFe4prxTcDzi3ttgkj7pS+kIAn1KARNuE
0lKnLOWBe155x0858mOJiGYEExECACYFAkrnGxQCGwMFCQPCZwAGCwkIBwMCBBUC
CAMEFgIDAQIeAQIXgAAKCRD36HL+uXFU06rnAKCLVEWgTvCpOUpG2CnSV+skaomm
BACeM1B4j8uxjvwLuvs0W0GdZLVfaHmIZgQTEQIAJgIbAwYLCQgHAwIEFQIIAwQW
AgMBAh4BAheABQJOpVMIBQkFn29kAAoJEPfocv65cVTTdK4AoN/sVAqnPlISqvQk
4uMBYnIZzOhKAJ9bP1tUP/3dGQSHz/umBaOIKPOFRLQnQW5kcmVhcyBHcnVlbmJh
Y2hlciA8YWdydWVuQGtlcm5lbC5vcmc+iGYEExECACYCGwMGCwkIBwMCBBUCCAME
FgIDAQIeAQIXgAUCTqVTCAUJBZ9vZAAKCRD36HL+uXFU00VJAKCbI5lIcGulHNgC
E3+73WMjmUR9uwCfdRBR1Uy9/S2RS1aOneASPstId0WIZgQTEQIAJgUCTVz6CwIb
AwUJA8JnAAYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEPfocv65cVTTg+gAoJgk
/qkpaM2BrHwGKCEja8OpGFUDAKDV4rF2fI9eK3C8K094ddXiIia5ZrQzQW5kcmVh
cyBHcnVlbmJhY2hlciA8YW5kcmVhcy5ncnVlbmJhY2hlckBnbWFpbC5jb20+iGYE
ExECACYCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAUCTqVTCAUJBZ9vZAAKCRD3
6HL+uXFU089CAJ9EoK8KCgfdsu4XpGgl5pb1OeI4EwCgxfuO5v4anihFyVbR7NXE
r6qAKWqIZgQTEQIAJgUCTVz6WQIbAwUJA8JnAAYLCQgHAwIEFQIIAwQWAgMBAh4B
AheAAAoJEPfocv65cVTTIU0An29niIPlAMID3GEPzhaTqOppAK/2AKCfDE84zPkQ
pKsDjIskYuZk6muhKLkCDQRK5xcZEAgAzDwZQnK1wDK5vpXZSc8Yca6s/cvw1JX2
ojqHPwXp1LNif4JPYk40q+I+ebLuxQBn8X4NKqoinSqzxNzQJC5v880bm8MLCKpU
XU9S9BYL+37U8VZ9UQMDIvNFh4wek85sq9gJbKMfJmEwcICScvYxO9RL0/jpRFH5
AmgLvW+MEgLEgk8GA7IpxpZ9EybBAG61N4BbTWQv6wIWshIDBItxBRbVsliWwfJ8
qgrAGO4/PRPwTTScEpy0MvzXUKTFHj4WsYxyFW+JWixvDtq2hM9SXKv2yKXpi8i1
YW5gzlGjAm2jRRZvQdRV2mD6JjvxwhG23m8mt/JH6w5so3QIzKwKBwADBQf+KGVn
l+tdDcw/JcW5xiQvV8k7SFNA/33YJQSgFmyuYlSXVs3aiPykbIsDhxAvlxcHMZGS
0nL3OXdX16cKMSDx0SYv50D/Dm/0C/uMUTs+3cC+kbAmMrXtnUbnixUI+pyfQz6m
zXTpRRYRRrbDszCJH1VNsgfiGtNIXMSRRMlKRh+0HzO5EJCAiMgOE2a1SR2Nj24C
KA5bVX5g5nyinUmct+0d33xv8hktNnqw/dLDsuMirTsD48p5YoVgkqMTtgICUkvH
yYfuzJUdc1acURMz2ldxNgJdvrvFd3EBsHSNFmLQJusVNTwtiYsX0oqyvWzdP3q0
OS/Y8O62e+IdEIPsK4hPBBgRAgAPBQJK5xcZAhsMBQkDwmcAAAoJEPfocv65cVTT
1D4AoNZnrWgXdJmhwM791Q8pBZ4rMFYhAJ9MVzO8FZbf1x1Cw/2J/mXxeu3xsw==
=uAo+
-----END PGP PUBLIC KEY BLOCK-----