import patch-2.7.6-11.el8
This commit is contained in:
commit
3332e69d2e
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/patch-2.7.6.tar.xz
|
1
.patch.metadata
Normal file
1
.patch.metadata
Normal file
@ -0,0 +1 @@
|
||||
6f64fa75993bdb285ac4ed6eca6c9212725bff91 SOURCES/patch-2.7.6.tar.xz
|
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
23
SOURCES/patch-2.7.6-CVE-2018-20969.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.CVE-2018-20969 2019-09-02 15:40:09.087994204 +0200
|
||||
+++ patch-2.7.6/src/pch.c 2019-09-02 15:42:23.486485786 +0200
|
||||
@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
|
||||
*outname_needs_removal = true;
|
||||
copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||
}
|
||||
- sprintf (buf, "%s %s%s", editor_program,
|
||||
- verbosity == VERBOSE ? "" : "- ",
|
||||
- outname);
|
||||
fflush (stdout);
|
||||
|
||||
pid = fork();
|
||||
@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
|
||||
else if (pid == 0)
|
||||
{
|
||||
dup2 (tmpfd, 0);
|
||||
- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
||||
+ assert (outname[0] != '!' && outname[0] != '-');
|
||||
+ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
|
||||
_exit (2);
|
||||
}
|
||||
else
|
13
SOURCES/patch-2.7.6-CVE-2018-6951.patch
Normal file
13
SOURCES/patch-2.7.6-CVE-2018-6951.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff -up patch-2.7.6/src/pch.c.than patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.than 2018-03-13 11:12:44.726307967 +0100
|
||||
+++ patch-2.7.6/src/pch.c 2018-03-13 11:13:34.203449789 +0100
|
||||
@@ -976,7 +976,8 @@ intuit_diff_type (bool need_header, mode
|
||||
if ((pch_rename () || pch_copy ())
|
||||
&& ! inname
|
||||
&& ! ((i == OLD || i == NEW) &&
|
||||
- p_name[! reverse] &&
|
||||
+ p_name[reverse] && p_name[! reverse] &&
|
||||
+ name_is_valid (p_name[reverse]) &&
|
||||
name_is_valid (p_name[! reverse])))
|
||||
{
|
||||
say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
|
13
SOURCES/patch-2.7.6-CVE-2018-6952.patch
Normal file
13
SOURCES/patch-2.7.6-CVE-2018-6952.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/src/pch.c b/src/pch.c
|
||||
index e92bc64..a500ad9 100644
|
||||
--- a/src/pch.c
|
||||
+++ b/src/pch.c
|
||||
@@ -2122,7 +2122,7 @@ pch_swap (void)
|
||||
}
|
||||
if (p_efake >= 0) { /* fix non-freeable ptr range */
|
||||
if (p_efake <= i)
|
||||
- n = p_end - i + 1;
|
||||
+ n = p_end - p_ptrn_lines;
|
||||
else
|
||||
n = -i;
|
||||
p_efake += n;
|
102
SOURCES/patch-2.7.6-CVE-2019-13636-symlinks.patch
Normal file
102
SOURCES/patch-2.7.6-CVE-2019-13636-symlinks.patch
Normal file
@ -0,0 +1,102 @@
|
||||
commit dce4683cbbe107a95f1f0d45fabc304acfb5d71a
|
||||
Author: Andreas Gruenbacher <agruen@gnu.org>
|
||||
Date: Mon Jul 15 16:21:48 2019 +0200
|
||||
|
||||
Don't follow symlinks unless --follow-symlinks is given
|
||||
|
||||
* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
|
||||
append_to_file): Unless the --follow-symlinks option is given, open files with
|
||||
the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
|
||||
that consistently for input files.
|
||||
* src/util.c (create_backup): When creating empty backup files, (re)create them
|
||||
with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
|
||||
|
||||
diff --git a/src/inp.c b/src/inp.c
|
||||
index 32d0919..22d7473 100644
|
||||
--- a/src/inp.c
|
||||
+++ b/src/inp.c
|
||||
@@ -238,8 +238,13 @@ plan_a (char const *filename)
|
||||
{
|
||||
if (S_ISREG (instat.st_mode))
|
||||
{
|
||||
- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
|
||||
+ int flags = O_RDONLY | binary_transput;
|
||||
size_t buffered = 0, n;
|
||||
+ int ifd;
|
||||
+
|
||||
+ if (! follow_symlinks)
|
||||
+ flags |= O_NOFOLLOW;
|
||||
+ ifd = safe_open (filename, flags, 0);
|
||||
if (ifd < 0)
|
||||
pfatal ("can't open file %s", quotearg (filename));
|
||||
|
||||
@@ -340,6 +345,7 @@ plan_a (char const *filename)
|
||||
static void
|
||||
plan_b (char const *filename)
|
||||
{
|
||||
+ int flags = O_RDONLY | binary_transput;
|
||||
int ifd;
|
||||
FILE *ifp;
|
||||
int c;
|
||||
@@ -353,7 +359,9 @@ plan_b (char const *filename)
|
||||
|
||||
if (instat.st_size == 0)
|
||||
filename = NULL_DEVICE;
|
||||
- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
|
||||
+ if (! follow_symlinks)
|
||||
+ flags |= O_NOFOLLOW;
|
||||
+ if ((ifd = safe_open (filename, flags, 0)) < 0
|
||||
|| ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
|
||||
pfatal ("Can't open file %s", quotearg (filename));
|
||||
if (TMPINNAME_needs_removal)
|
||||
diff --git a/src/util.c b/src/util.c
|
||||
index 1cc08ba..fb38307 100644
|
||||
--- a/src/util.c
|
||||
+++ b/src/util.c
|
||||
@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
|
||||
|
||||
try_makedirs_errno = ENOENT;
|
||||
safe_unlink (bakname);
|
||||
- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
|
||||
+ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
|
||||
{
|
||||
if (errno != try_makedirs_errno)
|
||||
pfatal ("Can't create file %s", quotearg (bakname));
|
||||
@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
|
||||
static void
|
||||
copy_to_fd (const char *from, int tofd)
|
||||
{
|
||||
+ int from_flags = O_RDONLY | O_BINARY;
|
||||
int fromfd;
|
||||
ssize_t i;
|
||||
|
||||
- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
|
||||
+ if (! follow_symlinks)
|
||||
+ from_flags |= O_NOFOLLOW;
|
||||
+ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
|
||||
pfatal ("Can't reopen file %s", quotearg (from));
|
||||
while ((i = read (fromfd, buf, bufsize)) != 0)
|
||||
{
|
||||
@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
|
||||
else
|
||||
{
|
||||
assert (S_ISREG (mode));
|
||||
+ if (! follow_symlinks)
|
||||
+ to_flags |= O_NOFOLLOW;
|
||||
tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
|
||||
to_dir_known_to_exist);
|
||||
copy_to_fd (from, tofd);
|
||||
@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
|
||||
void
|
||||
append_to_file (char const *from, char const *to)
|
||||
{
|
||||
+ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
|
||||
int tofd;
|
||||
|
||||
- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
|
||||
+ if (! follow_symlinks)
|
||||
+ to_flags |= O_NOFOLLOW;
|
||||
+ if ((tofd = safe_open (to, to_flags, 0)) < 0)
|
||||
pfatal ("Can't reopen file %s", quotearg (to));
|
||||
copy_to_fd (from, tofd);
|
||||
if (close (tofd) != 0)
|
58
SOURCES/patch-2.7.6-gcc8.patch
Normal file
58
SOURCES/patch-2.7.6-gcc8.patch
Normal file
@ -0,0 +1,58 @@
|
||||
diff -up patch-2.7.6/.me.orig patch-2.7.6/.me
|
||||
diff -up patch-2.7.6/src/common.h.orig patch-2.7.6/src/common.h
|
||||
--- patch-2.7.6/src/common.h.orig 2018-06-18 17:20:49.661363500 +0200
|
||||
+++ patch-2.7.6/src/common.h 2018-06-18 17:22:21.505841527 +0200
|
||||
@@ -221,3 +221,11 @@ bool merge_hunk (int hunk, struct outsta
|
||||
#else
|
||||
# define merge_hunk(hunk, outstate, where, somefailed) false
|
||||
#endif
|
||||
+
|
||||
+#ifndef FALLTHROUGH
|
||||
+# if __GNUC__ < 7
|
||||
+# define FALLTHROUGH ((void) 0)
|
||||
+# else
|
||||
+# define FALLTHROUGH __attribute__ ((__fallthrough__))
|
||||
+# endif
|
||||
+#endif
|
||||
diff -up patch-2.7.6/src/patch.c.orig patch-2.7.6/src/patch.c
|
||||
--- patch-2.7.6/src/patch.c.orig 2018-06-18 17:20:49.662363506 +0200
|
||||
+++ patch-2.7.6/src/patch.c 2018-06-18 17:22:21.507841538 +0200
|
||||
@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool re
|
||||
break;
|
||||
case ' ': case '-': case '+': case '!':
|
||||
fprintf (rejfp, "%c ", pch_char (i));
|
||||
- /* fall into */
|
||||
+ FALLTHROUGH;
|
||||
case '\n':
|
||||
pch_write_line (i, rejfp);
|
||||
break;
|
||||
diff -up patch-2.7.6/src/pch.c.orig patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.orig 2018-06-18 17:20:49.662363506 +0200
|
||||
+++ patch-2.7.6/src/pch.c 2018-06-18 17:24:00.694357762 +0200
|
||||
@@ -1742,7 +1742,7 @@ another_hunk (enum diff difftype, bool r
|
||||
break;
|
||||
case '=':
|
||||
ch = ' ';
|
||||
- /* FALL THROUGH */
|
||||
+ FALLTHROUGH;
|
||||
case ' ':
|
||||
if (fillsrc > p_ptrn_lines) {
|
||||
free(s);
|
||||
@@ -1763,7 +1763,7 @@ another_hunk (enum diff difftype, bool r
|
||||
p_end = fillsrc-1;
|
||||
return -1;
|
||||
}
|
||||
- /* FALL THROUGH */
|
||||
+ FALLTHROUGH;
|
||||
case '+':
|
||||
if (filldst > p_end) {
|
||||
free(s);
|
||||
@@ -2401,7 +2401,7 @@ do_ed_script (char const *inname, char c
|
||||
size_t chars_read;
|
||||
FILE *tmpfp = 0;
|
||||
char const *tmpname;
|
||||
- int tmpfd;
|
||||
+ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
|
||||
pid_t pid;
|
||||
|
||||
if (! dry_run && ! skip_rest_of_patch)
|
46
SOURCES/patch-2.7.x-abort_when_cleaning_up_fails.patch
Normal file
46
SOURCES/patch-2.7.x-abort_when_cleaning_up_fails.patch
Normal file
@ -0,0 +1,46 @@
|
||||
commit b7b028a77bd855f6f56b17c8837fc1cca77b469d
|
||||
Author: Andreas Gruenbacher <agruen@gnu.org>
|
||||
Date: Fri Jun 28 00:30:25 2019 +0200
|
||||
|
||||
Abort when cleaning up fails
|
||||
|
||||
When a fatal error triggers during cleanup, another attempt will be made to
|
||||
clean up, which will likely lead to the same fatal error. So instead, bail out
|
||||
when that happens.
|
||||
src/patch.c (cleanup): Bail out when called recursively.
|
||||
(main): There is no need to call output_files() before cleanup() as cleanup()
|
||||
already does that.
|
||||
|
||||
diff --git a/src/patch.c b/src/patch.c
|
||||
index 4616a48..02fd982 100644
|
||||
--- a/src/patch.c
|
||||
+++ b/src/patch.c
|
||||
@@ -685,7 +685,6 @@ main (int argc, char **argv)
|
||||
}
|
||||
if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
|
||||
write_fatal ();
|
||||
- output_files (NULL);
|
||||
cleanup ();
|
||||
delete_files ();
|
||||
if (somefailed)
|
||||
@@ -1991,7 +1990,6 @@ void
|
||||
fatal_exit (int sig)
|
||||
{
|
||||
cleanup ();
|
||||
-
|
||||
if (sig)
|
||||
exit_with_signal (sig);
|
||||
|
||||
@@ -2011,6 +2009,12 @@ remove_if_needed (char const *name, bool *needs_removal)
|
||||
static void
|
||||
cleanup (void)
|
||||
{
|
||||
+ static bool already_cleaning_up;
|
||||
+
|
||||
+ if (already_cleaning_up)
|
||||
+ return;
|
||||
+ already_cleaning_up = true;
|
||||
+
|
||||
remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
|
||||
remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
|
||||
remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
|
209
SOURCES/patch-CVE-2018-1000156.patch
Normal file
209
SOURCES/patch-CVE-2018-1000156.patch
Normal file
@ -0,0 +1,209 @@
|
||||
diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.CVE-2018-1000156 2018-06-19 10:10:41.407826617 +0200
|
||||
+++ patch-2.7.6/src/pch.c 2018-06-19 10:11:01.200927524 +0200
|
||||
@@ -33,6 +33,7 @@
|
||||
# include <io.h>
|
||||
#endif
|
||||
#include <safe.h>
|
||||
+#include <sys/wait.h>
|
||||
|
||||
#define INITHUNKMAX 125 /* initial dynamic allocation size */
|
||||
|
||||
@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
|
||||
static char const editor_program[] = EDITOR_PROGRAM;
|
||||
|
||||
file_offset beginning_of_this_line;
|
||||
- FILE *pipefp = 0;
|
||||
size_t chars_read;
|
||||
+ FILE *tmpfp = 0;
|
||||
+ char const *tmpname;
|
||||
+ int tmpfd;
|
||||
+ pid_t pid;
|
||||
+
|
||||
+ if (! dry_run && ! skip_rest_of_patch)
|
||||
+ {
|
||||
+ /* Write ed script to a temporary file. This causes ed to abort on
|
||||
+ invalid commands such as when line numbers or ranges exceed the
|
||||
+ number of available lines. When ed reads from a pipe, it rejects
|
||||
+ invalid commands and treats the next line as a new command, which
|
||||
+ can lead to arbitrary command execution. */
|
||||
+
|
||||
+ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
|
||||
+ if (tmpfd == -1)
|
||||
+ pfatal ("Can't create temporary file %s", quotearg (tmpname));
|
||||
+ tmpfp = fdopen (tmpfd, "w+b");
|
||||
+ if (! tmpfp)
|
||||
+ pfatal ("Can't open stream for file %s", quotearg (tmpname));
|
||||
+ }
|
||||
|
||||
- if (! dry_run && ! skip_rest_of_patch) {
|
||||
- int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
||||
- assert (! inerrno);
|
||||
- *outname_needs_removal = true;
|
||||
- copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||
- sprintf (buf, "%s %s%s", editor_program,
|
||||
- verbosity == VERBOSE ? "" : "- ",
|
||||
- outname);
|
||||
- fflush (stdout);
|
||||
- pipefp = popen(buf, binary_transput ? "wb" : "w");
|
||||
- if (!pipefp)
|
||||
- pfatal ("Can't open pipe to %s", quotearg (buf));
|
||||
- }
|
||||
for (;;) {
|
||||
char ed_command_letter;
|
||||
beginning_of_this_line = file_tell (pfp);
|
||||
@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
|
||||
}
|
||||
ed_command_letter = get_ed_command_letter (buf);
|
||||
if (ed_command_letter) {
|
||||
- if (pipefp)
|
||||
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
|
||||
+ if (tmpfp)
|
||||
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
|
||||
write_fatal ();
|
||||
if (ed_command_letter != 'd' && ed_command_letter != 's') {
|
||||
p_pass_comments_through = true;
|
||||
while ((chars_read = get_line ()) != 0) {
|
||||
- if (pipefp)
|
||||
- if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
|
||||
+ if (tmpfp)
|
||||
+ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
|
||||
write_fatal ();
|
||||
if (chars_read == 2 && strEQ (buf, ".\n"))
|
||||
break;
|
||||
@@ -2435,13 +2442,50 @@ do_ed_script (char const *inname, char c
|
||||
break;
|
||||
}
|
||||
}
|
||||
- if (!pipefp)
|
||||
+ if (!tmpfp)
|
||||
return;
|
||||
- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
|
||||
- || fflush (pipefp) != 0)
|
||||
+ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
|
||||
+ || fflush (tmpfp) != 0)
|
||||
write_fatal ();
|
||||
- if (pclose (pipefp) != 0)
|
||||
- fatal ("%s FAILED", editor_program);
|
||||
+
|
||||
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
|
||||
+ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
|
||||
+
|
||||
+ if (! dry_run && ! skip_rest_of_patch) {
|
||||
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
|
||||
+ *outname_needs_removal = true;
|
||||
+ if (inerrno != ENOENT)
|
||||
+ {
|
||||
+ *outname_needs_removal = true;
|
||||
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
|
||||
+ }
|
||||
+ sprintf (buf, "%s %s%s", editor_program,
|
||||
+ verbosity == VERBOSE ? "" : "- ",
|
||||
+ outname);
|
||||
+ fflush (stdout);
|
||||
+
|
||||
+ pid = fork();
|
||||
+ if (pid == -1)
|
||||
+ pfatal ("Can't fork");
|
||||
+ else if (pid == 0)
|
||||
+ {
|
||||
+ dup2 (tmpfd, 0);
|
||||
+ execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
|
||||
+ _exit (2);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ int wstatus;
|
||||
+ if (waitpid (pid, &wstatus, 0) == -1
|
||||
+ || ! WIFEXITED (wstatus)
|
||||
+ || WEXITSTATUS (wstatus) != 0)
|
||||
+ fatal ("%s FAILED", editor_program);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ fclose (tmpfp);
|
||||
+ safe_unlink (tmpname);
|
||||
+ free((char*) tmpname);
|
||||
|
||||
if (ofp)
|
||||
{
|
||||
diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
|
||||
--- patch-2.7.6/tests/ed-style.CVE-2018-1000156 2018-06-19 10:10:41.409826627 +0200
|
||||
+++ patch-2.7.6/tests/ed-style 2018-06-19 11:28:43.354641294 +0200
|
||||
@@ -0,0 +1,40 @@
|
||||
+# Copyright (C) 2018 Free Software Foundation, Inc.
|
||||
+#
|
||||
+# Copying and distribution of this file, with or without modification,
|
||||
+# in any medium, are permitted without royalty provided the copyright
|
||||
+# notice and this notice are preserved.
|
||||
+
|
||||
+. $srcdir/test-lib.sh
|
||||
+
|
||||
+require cat
|
||||
+use_local_patch
|
||||
+use_tmpdir
|
||||
+
|
||||
+# ==============================================================
|
||||
+
|
||||
+cat > ed1.diff <<EOF
|
||||
+0a
|
||||
+foo
|
||||
+.
|
||||
+EOF
|
||||
+
|
||||
+check 'patch -e foo -i ed1.diff' <<EOF
|
||||
+EOF
|
||||
+
|
||||
+check 'cat foo' <<EOF
|
||||
+foo
|
||||
+EOF
|
||||
+
|
||||
+cat > ed2.diff <<EOF
|
||||
+1337a
|
||||
+r !echo bar
|
||||
+,p
|
||||
+EOF
|
||||
+
|
||||
+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
|
||||
+Status: 2
|
||||
+EOF
|
||||
+
|
||||
+check 'cat foo' <<EOF
|
||||
+foo
|
||||
+EOF
|
||||
diff -up patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 patch-2.7.6/tests/Makefile.am
|
||||
--- patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 2018-02-03 13:41:49.000000000 +0100
|
||||
+++ patch-2.7.6/tests/Makefile.am 2018-06-19 10:10:41.409826627 +0200
|
||||
@@ -32,6 +32,7 @@ TESTS = \
|
||||
crlf-handling \
|
||||
dash-o-append \
|
||||
deep-directories \
|
||||
+ ed-style \
|
||||
empty-files \
|
||||
false-match \
|
||||
fifo \
|
||||
diff -up patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 patch-2.7.6/tests/Makefile.in
|
||||
--- patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 2018-02-03 14:33:56.000000000 +0100
|
||||
+++ patch-2.7.6/tests/Makefile.in 2018-06-19 10:10:41.409826627 +0200
|
||||
@@ -1308,6 +1308,7 @@ TESTS = \
|
||||
crlf-handling \
|
||||
dash-o-append \
|
||||
deep-directories \
|
||||
+ ed-style \
|
||||
empty-files \
|
||||
false-match \
|
||||
fifo \
|
||||
@@ -1645,6 +1646,13 @@ empty-files.log: empty-files
|
||||
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
|
||||
--log-file $$b.log --trs-file $$b.trs \
|
||||
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
|
||||
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
|
||||
+ed-style.log: empty-files
|
||||
+ @p='ed-style'; \
|
||||
+ b='ed-style'; \
|
||||
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
|
||||
+ --log-file $$b.log --trs-file $$b.trs \
|
||||
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
|
||||
"$$tst" $(AM_TESTS_FD_REDIRECT)
|
||||
false-match.log: false-match
|
||||
@p='false-match'; \
|
326
SOURCES/patch-selinux.patch
Normal file
326
SOURCES/patch-selinux.patch
Normal file
@ -0,0 +1,326 @@
|
||||
diff -up patch-2.7.6/src/common.h.selinux patch-2.7.6/src/common.h
|
||||
--- patch-2.7.6/src/common.h.selinux 2018-02-03 12:41:49.000000000 +0000
|
||||
+++ patch-2.7.6/src/common.h 2018-02-12 12:29:44.415225377 +0000
|
||||
@@ -30,6 +30,8 @@
|
||||
#include <sys/types.h>
|
||||
#include <time.h>
|
||||
|
||||
+#include <selinux/selinux.h>
|
||||
+
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <limits.h>
|
||||
@@ -84,6 +86,7 @@ XTERN char *outfile;
|
||||
XTERN int inerrno;
|
||||
XTERN int invc;
|
||||
XTERN struct stat instat;
|
||||
+XTERN security_context_t incontext;
|
||||
XTERN bool dry_run;
|
||||
XTERN bool posixly_correct;
|
||||
|
||||
diff -up patch-2.7.6/src/inp.c.selinux patch-2.7.6/src/inp.c
|
||||
--- patch-2.7.6/src/inp.c.selinux 2017-09-04 12:34:16.000000000 +0100
|
||||
+++ patch-2.7.6/src/inp.c 2018-02-12 12:29:44.415225377 +0000
|
||||
@@ -145,7 +145,7 @@ get_input_file (char const *filename, ch
|
||||
char *getbuf;
|
||||
|
||||
if (inerrno == -1)
|
||||
- inerrno = stat_file (filename, &instat);
|
||||
+ inerrno = stat_file (filename, &instat, &incontext);
|
||||
|
||||
/* Perhaps look for RCS or SCCS versions. */
|
||||
if (S_ISREG (file_type)
|
||||
@@ -190,7 +190,7 @@ get_input_file (char const *filename, ch
|
||||
}
|
||||
|
||||
if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
|
||||
- &instat))
|
||||
+ &instat, &incontext))
|
||||
inerrno = 0;
|
||||
|
||||
free (getbuf);
|
||||
@@ -201,6 +201,7 @@ get_input_file (char const *filename, ch
|
||||
{
|
||||
instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
|
||||
instat.st_size = 0;
|
||||
+ incontext = NULL;
|
||||
}
|
||||
else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
|
||||
&& (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
|
||||
diff -up patch-2.7.6/src/Makefile.am.selinux patch-2.7.6/src/Makefile.am
|
||||
--- patch-2.7.6/src/Makefile.am.selinux 2017-09-04 12:34:16.000000000 +0100
|
||||
+++ patch-2.7.6/src/Makefile.am 2018-02-12 12:29:44.415225377 +0000
|
||||
@@ -37,7 +37,7 @@ patch_SOURCES = \
|
||||
|
||||
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
|
||||
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
|
||||
- $(LIB_XATTR) $(LIB_EACCESS)
|
||||
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
|
||||
|
||||
if ENABLE_MERGE
|
||||
patch_SOURCES += merge.c
|
||||
diff -up patch-2.7.6/src/Makefile.in.selinux patch-2.7.6/src/Makefile.in
|
||||
--- patch-2.7.6/src/Makefile.in.selinux 2018-02-03 13:33:56.000000000 +0000
|
||||
+++ patch-2.7.6/src/Makefile.in 2018-02-12 12:29:44.415225377 +0000
|
||||
@@ -1147,7 +1147,7 @@ patch_SOURCES = bestmatch.h common.h inp
|
||||
AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
|
||||
$(am__append_2)
|
||||
patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
|
||||
- $(LIB_XATTR) $(LIB_EACCESS)
|
||||
+ $(LIB_XATTR) $(LIB_EACCESS) -lselinux
|
||||
|
||||
all: all-am
|
||||
|
||||
diff -up patch-2.7.6/src/patch.c.selinux patch-2.7.6/src/patch.c
|
||||
--- patch-2.7.6/src/patch.c.selinux 2018-02-03 12:41:49.000000000 +0000
|
||||
+++ patch-2.7.6/src/patch.c 2018-02-12 12:30:27.315164138 +0000
|
||||
@@ -269,19 +269,19 @@ main (int argc, char **argv)
|
||||
if (! strcmp (inname, outname))
|
||||
{
|
||||
if (inerrno == -1)
|
||||
- inerrno = stat_file (inname, &instat);
|
||||
+ inerrno = stat_file (inname, &instat, NULL);
|
||||
outstat = instat;
|
||||
outerrno = inerrno;
|
||||
}
|
||||
else
|
||||
- outerrno = stat_file (outname, &outstat);
|
||||
+ outerrno = stat_file (outname, &outstat, NULL);
|
||||
|
||||
if (! outerrno)
|
||||
{
|
||||
if (has_queued_output (&outstat))
|
||||
{
|
||||
output_files (&outstat);
|
||||
- outerrno = stat_file (outname, &outstat);
|
||||
+ outerrno = stat_file (outname, &outstat, NULL);
|
||||
inerrno = -1;
|
||||
}
|
||||
if (! outerrno)
|
||||
@@ -598,7 +598,7 @@ main (int argc, char **argv)
|
||||
}
|
||||
else
|
||||
{
|
||||
- attr |= FA_IDS | FA_MODE | FA_XATTRS;
|
||||
+ attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT;
|
||||
set_file_attributes (TMPOUTNAME, attr, inname, &instat,
|
||||
mode, &new_time);
|
||||
}
|
||||
@@ -658,7 +658,7 @@ main (int argc, char **argv)
|
||||
struct stat oldst;
|
||||
int olderrno;
|
||||
|
||||
- olderrno = stat_file (rej, &oldst);
|
||||
+ olderrno = stat_file (rej, &oldst, NULL);
|
||||
if (olderrno && olderrno != ENOENT)
|
||||
write_fatal ();
|
||||
if (! olderrno && lookup_file_id (&oldst) == CREATED)
|
||||
@@ -1790,7 +1790,7 @@ delete_file_later (const char *name, con
|
||||
|
||||
if (! st)
|
||||
{
|
||||
- if (stat_file (name, &st_tmp) != 0)
|
||||
+ if (stat_file (name, &st_tmp, NULL) != 0)
|
||||
pfatal ("Can't get file attributes of %s %s", "file", name);
|
||||
st = &st_tmp;
|
||||
}
|
||||
diff -up patch-2.7.6/src/pch.c.selinux patch-2.7.6/src/pch.c
|
||||
--- patch-2.7.6/src/pch.c.selinux 2018-02-03 12:41:49.000000000 +0000
|
||||
+++ patch-2.7.6/src/pch.c 2018-02-12 12:29:44.416225375 +0000
|
||||
@@ -1,6 +1,6 @@
|
||||
/* reading patches */
|
||||
|
||||
-/* Copyright (C) 1986, 1987, 1988 Larry Wall
|
||||
+/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall
|
||||
|
||||
Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
|
||||
Foundation, Inc.
|
||||
@@ -296,7 +296,7 @@ there_is_another_patch (bool need_header
|
||||
if (t > buf + 1 && *(t - 1) == '\n')
|
||||
{
|
||||
inname = xmemdup0 (buf, t - buf - 1);
|
||||
- inerrno = stat_file (inname, &instat);
|
||||
+ inerrno = stat_file (inname, &instat, &incontext);
|
||||
if (inerrno)
|
||||
{
|
||||
perror (inname);
|
||||
@@ -433,6 +433,7 @@ intuit_diff_type (bool need_header, mode
|
||||
bool extended_headers = false;
|
||||
enum nametype i;
|
||||
struct stat st[3];
|
||||
+ security_context_t con[3];
|
||||
int stat_errno[3];
|
||||
int version_controlled[3];
|
||||
enum diff retval;
|
||||
@@ -473,6 +474,7 @@ intuit_diff_type (bool need_header, mode
|
||||
version_controlled[OLD] = -1;
|
||||
version_controlled[NEW] = -1;
|
||||
version_controlled[INDEX] = -1;
|
||||
+ con[OLD] = con[NEW] = con[INDEX] = NULL;
|
||||
p_rfc934_nesting = 0;
|
||||
p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
|
||||
p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
|
||||
@@ -883,7 +885,7 @@ intuit_diff_type (bool need_header, mode
|
||||
}
|
||||
else
|
||||
{
|
||||
- stat_errno[i] = stat_file (p_name[i], &st[i]);
|
||||
+ stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]);
|
||||
if (! stat_errno[i])
|
||||
{
|
||||
if (lookup_file_id (&st[i]) == DELETE_LATER)
|
||||
@@ -922,7 +924,7 @@ intuit_diff_type (bool need_header, mode
|
||||
if (cs)
|
||||
{
|
||||
if (version_get (p_name[i], cs, false, readonly,
|
||||
- getbuf, &st[i]))
|
||||
+ getbuf, &st[i], &con[i]))
|
||||
stat_errno[i] = 0;
|
||||
else
|
||||
version_controlled[i] = 0;
|
||||
@@ -985,7 +987,7 @@ intuit_diff_type (bool need_header, mode
|
||||
{
|
||||
if (inname)
|
||||
{
|
||||
- inerrno = stat_file (inname, &instat);
|
||||
+ inerrno = stat_file (inname, &instat, &incontext);
|
||||
if (inerrno || (instat.st_mode & S_IFMT) == file_type)
|
||||
maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
|
||||
}
|
||||
@@ -998,8 +1000,14 @@ intuit_diff_type (bool need_header, mode
|
||||
inerrno = stat_errno[i];
|
||||
invc = version_controlled[i];
|
||||
instat = st[i];
|
||||
+ incontext = con[i];
|
||||
+ con[i] = NULL;
|
||||
}
|
||||
|
||||
+ for (i = OLD; i <= INDEX; i++)
|
||||
+ if (con[i])
|
||||
+ freecon (con[i]);
|
||||
+
|
||||
return retval;
|
||||
}
|
||||
|
||||
diff -up patch-2.7.6/src/util.c.selinux patch-2.7.6/src/util.c
|
||||
--- patch-2.7.6/src/util.c.selinux 2018-02-03 12:41:49.000000000 +0000
|
||||
+++ patch-2.7.6/src/util.c 2018-02-12 12:29:44.417225374 +0000
|
||||
@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu
|
||||
S_ISLNK (mode) ? "symbolic link" : "file",
|
||||
quotearg (to));
|
||||
}
|
||||
+ if (attr & FA_SECCONTEXT)
|
||||
+ {
|
||||
+ security_context_t outcontext;
|
||||
+ if (incontext && getfilecon (to, &outcontext) != -1 && outcontext)
|
||||
+ {
|
||||
+ if (strcmp (outcontext, incontext) &&
|
||||
+ setfilecon (to, incontext) != 0)
|
||||
+ {
|
||||
+ freecon (outcontext);
|
||||
+ if (errno != ENOTSUP && errno != EPERM)
|
||||
+ pfatal ("Can't set security context on file %s",
|
||||
+ quotearg (to));
|
||||
+ }
|
||||
+ else
|
||||
+ freecon (outcontext);
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
static void
|
||||
@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_
|
||||
struct stat to_st;
|
||||
int to_errno;
|
||||
|
||||
- to_errno = stat_file (to, &to_st);
|
||||
+ to_errno = stat_file (to, &to_st, NULL);
|
||||
if (backup)
|
||||
create_backup (to, to_errno ? NULL : &to_st, false);
|
||||
if (! to_errno)
|
||||
@@ -818,7 +835,8 @@ version_controller (char const *filename
|
||||
Return true if successful. */
|
||||
bool
|
||||
version_get (char const *filename, char const *cs, bool exists, bool readonly,
|
||||
- char const *getbuf, struct stat *filestat)
|
||||
+ char const *getbuf, struct stat *filestat,
|
||||
+ security_context_t *filecontext)
|
||||
{
|
||||
if (patch_get < 0)
|
||||
{
|
||||
@@ -843,6 +861,13 @@ version_get (char const *filename, char
|
||||
fatal ("Can't get file %s from %s", quotearg (filename), cs);
|
||||
if (safe_stat (filename, filestat) != 0)
|
||||
pfatal ("%s", quotearg (filename));
|
||||
+ if (filecontext && getfilecon (filename, filecontext) == -1)
|
||||
+ {
|
||||
+ if (errno == ENODATA || errno == ENOTSUP)
|
||||
+ *filecontext = NULL;
|
||||
+ else
|
||||
+ pfatal ("%s", quotearg (filename));
|
||||
+ }
|
||||
}
|
||||
|
||||
return 1;
|
||||
@@ -1670,12 +1695,28 @@ make_tempfile (char const **name, char l
|
||||
return fd;
|
||||
}
|
||||
|
||||
-int stat_file (char const *filename, struct stat *st)
|
||||
+int stat_file (char const *filename, struct stat *st, security_context_t *con)
|
||||
{
|
||||
int (*xstat)(char const *, struct stat *) =
|
||||
follow_symlinks ? safe_stat : safe_lstat;
|
||||
+ int (*xgetfilecon)(char const *, security_context_t *) =
|
||||
+ follow_symlinks ? getfilecon : lgetfilecon;
|
||||
+
|
||||
+ if (xstat (filename, st) == 0)
|
||||
+ {
|
||||
+ if (con)
|
||||
+ {
|
||||
+ if (xgetfilecon (filename, con) != -1 ||
|
||||
+ errno == ENODATA || errno == ENOTSUP)
|
||||
+ return 0;
|
||||
|
||||
- return xstat (filename, st) == 0 ? 0 : errno;
|
||||
+ *con = NULL;
|
||||
+ }
|
||||
+ else
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return errno;
|
||||
}
|
||||
|
||||
/* Check if a filename is relative and free of ".." components.
|
||||
diff -up patch-2.7.6/src/util.h.selinux patch-2.7.6/src/util.h
|
||||
--- patch-2.7.6/src/util.h.selinux 2018-02-03 12:41:49.000000000 +0000
|
||||
+++ patch-2.7.6/src/util.h 2018-02-12 12:30:08.533190949 +0000
|
||||
@@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha
|
||||
char *savebuf (char const *, size_t);
|
||||
char *savestr (char const *);
|
||||
char const *version_controller (char const *, bool, struct stat const *, char **, char **);
|
||||
-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
|
||||
+bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
|
||||
int create_file (char const *, int, mode_t, bool);
|
||||
int systemic (char const *);
|
||||
char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin);
|
||||
@@ -67,7 +67,7 @@ void insert_file_id (struct stat const *
|
||||
enum file_id_type lookup_file_id (struct stat const *);
|
||||
void set_queued_output (struct stat const *, bool);
|
||||
bool has_queued_output (struct stat const *);
|
||||
-int stat_file (char const *, struct stat *);
|
||||
+int stat_file (char const *, struct stat *, security_context_t *);
|
||||
bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE;
|
||||
bool cwd_is_root (char const *);
|
||||
|
||||
@@ -75,7 +75,8 @@ enum file_attributes {
|
||||
FA_TIMES = 1,
|
||||
FA_IDS = 2,
|
||||
FA_MODE = 4,
|
||||
- FA_XATTRS = 8
|
||||
+ FA_XATTRS = 8,
|
||||
+ FA_SECCONTEXT = 16
|
||||
};
|
||||
|
||||
void set_file_attributes (char const *, enum file_attributes, char const *,
|
424
SPECS/patch.spec
Normal file
424
SPECS/patch.spec
Normal file
@ -0,0 +1,424 @@
|
||||
%global gnulib_ver 20180203
|
||||
|
||||
Summary: Utility for modifying/upgrading files
|
||||
Name: patch
|
||||
Version: 2.7.6
|
||||
Release: 11%{?dist}
|
||||
License: GPLv3+
|
||||
URL: http://www.gnu.org/software/patch/patch.html
|
||||
Group: Development/Tools
|
||||
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
|
||||
Patch1: patch-2.7.6-CVE-2018-6951.patch
|
||||
Patch2: patch-CVE-2018-1000156.patch
|
||||
Patch3: patch-2.7.6-gcc8.patch
|
||||
Patch4: patch-2.7.6-CVE-2018-6952.patch
|
||||
Patch5: patch-2.7.6-CVE-2018-20969.patch
|
||||
Patch6: patch-2.7.6-CVE-2019-13636-symlinks.patch
|
||||
Patch7: patch-2.7.x-abort_when_cleaning_up_fails.patch
|
||||
Patch100: patch-selinux.patch
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: ed
|
||||
BuildRequires: automake autoconf
|
||||
|
||||
Provides: bundled(gnulib) = %{gnulib_ver}
|
||||
|
||||
%description
|
||||
The patch program applies diff files to originals. The diff command
|
||||
is used to compare an original to a changed file. Diff lists the
|
||||
changes made to the file. A person who has the original file can then
|
||||
use the patch command with the diff file to add the changes to their
|
||||
original file (patching the file).
|
||||
|
||||
Patch should be installed because it is a common way of upgrading
|
||||
applications.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
# CVE-2018-6951, NULL pointer dereference causes a crash
|
||||
%patch1 -p1 -b .CVE-2018-6951
|
||||
|
||||
# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
|
||||
%patch2 -p1 -b .CVE-2018-1000156
|
||||
|
||||
# Fix to build with gcc8
|
||||
%patch3 -p1 -b .gcc8
|
||||
|
||||
# CVE-2018-6952, Double free of memory
|
||||
%patch4 -p1 -b .CVE-2018-6952
|
||||
|
||||
# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
|
||||
%patch5 -p1 -b .CVE-2018-20969
|
||||
|
||||
# CVE-2019-13636, Don't follow symlinks unless --follow-symlinks is given
|
||||
%patch6 -p1 -b .CVE-2019-13636
|
||||
|
||||
# bz#1665928, Abort when cleaning up fails
|
||||
%patch7 -p1 -b .abort_when_cleaning_up_fails
|
||||
|
||||
# SELinux support.
|
||||
%patch100 -p1 -b .selinux
|
||||
|
||||
%build
|
||||
CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
|
||||
%ifarch sparcv9
|
||||
CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
|
||||
%endif
|
||||
%configure --disable-silent-rules
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%check
|
||||
make check
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
%makeinstall
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%license COPYING
|
||||
%doc NEWS README
|
||||
%{_bindir}/*
|
||||
%{_mandir}/*/*
|
||||
|
||||
%changelog
|
||||
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-11
|
||||
- Related: #1733565, apply the patch correctly
|
||||
|
||||
* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-10
|
||||
- CVE-2019-13636 , Don't follow symlinks unless --follow-symlinks is given
|
||||
- Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist
|
||||
|
||||
* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
|
||||
- CVE-2018-20969, invoke ed directly instead of using the shell
|
||||
|
||||
* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
|
||||
- Added virtual provides for bundled gnulib library
|
||||
|
||||
* Wed Sep 12 2018 Than Ngo <than@redhat.com> - 2.7.6-7
|
||||
- Resolves: #1554752, CVE-2018-6952 Double free of memory
|
||||
|
||||
* Mon Jun 18 2018 Than Ngo <than@redhat.com> - 2.7.6-6
|
||||
- avoid warnings from GCC8
|
||||
|
||||
* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.6-5
|
||||
- fixed CVE-2018-1000156
|
||||
|
||||
* Tue Mar 13 2018 Than Ngo <than@redhat.com> - 2.7.6-4
|
||||
- apply the patch for CVE-2018-6951
|
||||
|
||||
* Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
|
||||
- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).
|
||||
|
||||
* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Wed Feb 01 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.7.5-4
|
||||
- Add missing %%license macro
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Mon Mar 9 2015 Tim Waugh <twaugh@redhat.com> - 2.7.5-1
|
||||
- Fixed memory leak in selinux patch.
|
||||
- 2.7.5, including an even better fix for CVE-2015-1196 that still
|
||||
allows relative symlinks to be created/used.
|
||||
|
||||
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.4-2
|
||||
- Rebuilt for Fedora 23 Change
|
||||
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
||||
|
||||
* Sun Feb 1 2015 Tim Waugh <twaugh@redhat.com> - 2.7.4-1
|
||||
- 2.7.4, including a better fix for CVE-2015-1196 that still allows
|
||||
symlinks referencing ".." to be created.
|
||||
|
||||
* Fri Jan 23 2015 Tim Waugh <twaugh@redhat.com> - 2.7.3-1
|
||||
- 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637).
|
||||
|
||||
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-12
|
||||
- Apply upstream patch to fix line numbering integer overflow.
|
||||
|
||||
* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-11
|
||||
- Apply upstream patch to fix directory traversal via symlinks
|
||||
(bug #1182157, CVE-2015-1196).
|
||||
|
||||
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||
|
||||
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
* Wed Jun 12 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-6
|
||||
- Don't segfault when given bad arguments (bug #972330).
|
||||
|
||||
* Thu Apr 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-5
|
||||
- Don't document unsupported -m option; document -x option (bug #948972).
|
||||
|
||||
* Mon Mar 25 2013 Ville Skyttä <ville.skytta@iki.fi> - 2.7.1-4
|
||||
- Build with xattr support.
|
||||
- Make build output more verbose.
|
||||
- Fix bogus date in %%changelog.
|
||||
|
||||
* Mon Mar 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-3
|
||||
- Upstream patch to fix removal of empty directories (bug #919489).
|
||||
|
||||
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||
|
||||
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7.1-1
|
||||
- Fixed license (since 2.6 it has been GPLv3+).
|
||||
- 2.7.1.
|
||||
|
||||
* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7-1
|
||||
- 2.7. No longer need sigsegv, get-arg, CVE-2010-4651,
|
||||
backup-if-mismatch or coverity-leak patches.
|
||||
|
||||
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-13
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||
|
||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-12
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||
|
||||
* Fri Nov 25 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-11
|
||||
- Fixed NULL dereference in selinux patch.
|
||||
|
||||
* Mon May 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-10
|
||||
- Applied Jiri Popelka's fixes from Coverity scan (bug #704554):
|
||||
- Avoid unchecked return from getfilecon() in patch-selinux.patch.
|
||||
- Fix memory leak.
|
||||
|
||||
* Wed Feb 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-9
|
||||
- Let --posix cause --no-backup-if-mismatch (bug #678016).
|
||||
|
||||
* Thu Feb 10 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-8
|
||||
- Incorporate upstream fix for CVE-2010-4651 patch so that a target
|
||||
name given on the command line is not validated (bug #667529).
|
||||
|
||||
* Tue Feb 8 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-7
|
||||
- Applied upstream patch to fix CVE-2010-4651 so that malicious
|
||||
patches cannot create files above the current directory
|
||||
(bug #667529).
|
||||
|
||||
* Tue Jan 4 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-6
|
||||
- Use smp_mflags correctly (bug #665770).
|
||||
|
||||
* Mon Aug 16 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-5
|
||||
- Another fix for the selinux patch (bug #618215).
|
||||
|
||||
* Fri Aug 6 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-4
|
||||
- Fixed interpretation of return value from getfilecon().
|
||||
- Fixed argument type for --get (bug #553624).
|
||||
|
||||
* Fri Aug 6 2010 Dennis Gilmore <dennis@ausil.us>
|
||||
- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now
|
||||
|
||||
* Tue Jul 27 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-3
|
||||
- Fixed argument type for --get (bug #553624).
|
||||
|
||||
* Wed Mar 3 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-2
|
||||
- Added comments for all patches.
|
||||
- Ship COPYING file.
|
||||
- Removed sparc ifdefs in spec file.
|
||||
|
||||
* Mon Jan 4 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-1
|
||||
- 2.6.1 (bug #551569). No longer need best-name patch.
|
||||
|
||||
* Thu Dec 24 2009 Tim Waugh <twaugh@redhat.com> 2.6-2
|
||||
- Applied upstream patch to prevent incorrect filename being chosen
|
||||
when adding a new file (bug #549122).
|
||||
|
||||
* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 2.6-1
|
||||
- 2.6. No longer need stderr, suffix, stripcr, parse, allow-spaces,
|
||||
ifdef, program_name, or posix-backup patches.
|
||||
|
||||
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-40
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||
|
||||
* Wed Apr 29 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-39
|
||||
- Fixed operation when SELinux is disabled (bug #498102). Patch from
|
||||
Jan Kratochvil.
|
||||
|
||||
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-38
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||
|
||||
* Tue Feb 17 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-37
|
||||
- Don't set SELinux file context if it is already correct.
|
||||
|
||||
* Mon Nov 24 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-36
|
||||
- Better summary.
|
||||
|
||||
* Mon Jun 30 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-35
|
||||
- Don't fail if setfilecon() returns EPERM (bug #453365), although the
|
||||
setfilecon man page suggests that ENOTSUP will be returned in this
|
||||
case.
|
||||
|
||||
* Mon Jun 16 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-34
|
||||
- Only write simple backups for each file once during a run
|
||||
(bug #234822).
|
||||
|
||||
* Thu Jun 12 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-33
|
||||
- Fix selinux patch and apply it. Build requires libselinux-devel.
|
||||
|
||||
* Fri Feb 8 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-32
|
||||
- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887).
|
||||
|
||||
* Mon Dec 3 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-31
|
||||
- Convert spec file to UTF-8 (bug #226233).
|
||||
- Use _bindir macro in %%files (bug #226233).
|
||||
- Parallel make (bug #226233).
|
||||
- Better defattr declaration (bug #226233).
|
||||
|
||||
* Thu Oct 4 2007 Tim Waugh <twaugh@redhat.com>
|
||||
- Beginnings of an SELinux patch (bug #165799); not applied yet.
|
||||
|
||||
* Wed Aug 29 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-30
|
||||
- Added dist tag.
|
||||
- More specific license tag.
|
||||
- Fixed summary.
|
||||
- Better buildroot tag.
|
||||
|
||||
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.2
|
||||
- rebuild
|
||||
|
||||
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.1
|
||||
- bump again for double-long bug on ppc(64)
|
||||
|
||||
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2
|
||||
- rebuilt for new gcc4.1 snapshot and glibc changes
|
||||
|
||||
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Thu Sep 8 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-29
|
||||
- Remove SELinux patch for now (bug #167822).
|
||||
|
||||
* Wed Sep 7 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-27
|
||||
- Applied patch from Ulrich Drepper to fix string overread (bug #167675).
|
||||
|
||||
* Tue Sep 6 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-26
|
||||
- Preserve SELinux file contexts (bug #165799).
|
||||
|
||||
* Thu Aug 11 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-25
|
||||
- Fixed CRLF detection (bug #154283).
|
||||
|
||||
* Wed May 4 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-24
|
||||
- Reverted last change (bug #154283, bug #156762).
|
||||
|
||||
* Fri Apr 29 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-23
|
||||
- Applied patch from Toshio Kuratomi to avoid problems with DOS-format
|
||||
newlines (bug #154283).
|
||||
|
||||
* Wed Mar 2 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-22
|
||||
- Rebuild for new GCC.
|
||||
|
||||
* Wed Feb 9 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-21
|
||||
- Rebuilt.
|
||||
|
||||
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Sat Oct 25 2003 Tim Waugh <twaugh@redhat.com> 2.5.4-18
|
||||
- Rebuilt.
|
||||
|
||||
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
||||
- rebuilt
|
||||
|
||||
* Wed Nov 20 2002 Tim Powers <timp@redhat.com>
|
||||
- rebuilt in current collinst
|
||||
|
||||
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
||||
- automated rebuild
|
||||
|
||||
* Tue Apr 9 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-12
|
||||
- Fix error reporting when given bad options (bug #62981).
|
||||
|
||||
* Tue Mar 5 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-11
|
||||
- s/Copyright:/License:/.
|
||||
- Fix -D behaviour (bug #60688).
|
||||
|
||||
* Tue May 29 2001 Tim Waugh <twaugh@redhat.com> 2.5.4-10
|
||||
- Merge Mandrake patch:
|
||||
- fix possible segfault
|
||||
|
||||
* Fri Dec 1 2000 Tim Waugh <twaugh@redhat.com>
|
||||
- Rebuild because of fileutils bug.
|
||||
|
||||
* Thu Nov 2 2000 Tim Waugh <twaugh@redhat.com>
|
||||
- use .orig as default suffix, as per man page and previous behaviour
|
||||
(bug #20202).
|
||||
- use better patch for this, from maintainer.
|
||||
|
||||
* Wed Oct 4 2000 Tim Waugh <twaugh@redhat.com>
|
||||
- actually use the RPM_OPT_FLAGS
|
||||
|
||||
* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
|
||||
- automatic rebuild
|
||||
|
||||
* Tue Jun 13 2000 Trond Eivind Glomsrød <teg@redhat.com>
|
||||
- Use %%makeinstall, %%{_tmppath} and %%{_mandir}
|
||||
|
||||
* Fri May 12 2000 Trond Eivind Glomsrød <teg@redhat.com>
|
||||
- added URL
|
||||
|
||||
* Wed Feb 16 2000 Bernhard Rosenkraenzer <bero@redhat.com>
|
||||
- 2.5.4
|
||||
- Fix up LFS support on Alpha (Bug #5732)
|
||||
|
||||
* Mon Feb 7 2000 Bill Nottingham <notting@redhat.com>
|
||||
- handle compressed manpages
|
||||
|
||||
* Sun Jun 06 1999 Alan Cox <alan@redhat.com>
|
||||
- Fix the case where stderr isnt flushed for ask(). Now the 'no such file'
|
||||
appears before the skip patch question, not at the very end, Doh!
|
||||
|
||||
* Mon Mar 22 1999 Jeff Johnson <jbj@redhat.com>
|
||||
- (ultra?) sparc was getting large file system support.
|
||||
|
||||
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
||||
- auto rebuild in the new build environment (release 7)
|
||||
|
||||
* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
|
||||
- build against glibc 2.1
|
||||
|
||||
* Tue Sep 1 1998 Jeff Johnson <jbj@redhat.com>
|
||||
- bump release to preserve newer than back-ported 4.2.
|
||||
|
||||
* Tue Jun 09 1998 Prospector System <bugs@redhat.com>
|
||||
- translations modified for de, fr
|
||||
|
||||
* Tue Jun 9 1998 Jeff Johnson <jbj@redhat.com>
|
||||
- Fix for problem #682 segfault.
|
||||
|
||||
* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
|
||||
- translations modified for de, fr, tr
|
||||
|
||||
* Tue Apr 07 1998 Cristian Gafton <gafton@redhat.com>
|
||||
- added buildroot
|
||||
|
||||
* Tue Oct 21 1997 Cristian Gafton <gafton@redhat.com>
|
||||
- updated to 2.5
|
||||
|
||||
* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
|
||||
- built against glibc
|
Loading…
Reference in New Issue
Block a user