commit 6b89862020c85bacfe667d487ce31e8200ce2380 Author: CentOS Sources Date: Fri Aug 2 11:32:17 2019 -0400 import patch-2.7.6-8.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b016cef --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/patch-2.7.6.tar.xz diff --git a/.patch.metadata b/.patch.metadata new file mode 100644 index 0000000..5380928 --- /dev/null +++ b/.patch.metadata @@ -0,0 +1 @@ +6f64fa75993bdb285ac4ed6eca6c9212725bff91 SOURCES/patch-2.7.6.tar.xz diff --git a/SOURCES/patch-2.7.6-CVE-2018-6951.patch b/SOURCES/patch-2.7.6-CVE-2018-6951.patch new file mode 100644 index 0000000..770e91c --- /dev/null +++ b/SOURCES/patch-2.7.6-CVE-2018-6951.patch @@ -0,0 +1,13 @@ +diff -up patch-2.7.6/src/pch.c.than patch-2.7.6/src/pch.c +--- patch-2.7.6/src/pch.c.than 2018-03-13 11:12:44.726307967 +0100 ++++ patch-2.7.6/src/pch.c 2018-03-13 11:13:34.203449789 +0100 +@@ -976,7 +976,8 @@ intuit_diff_type (bool need_header, mode + if ((pch_rename () || pch_copy ()) + && ! inname + && ! ((i == OLD || i == NEW) && +- p_name[! reverse] && ++ p_name[reverse] && p_name[! reverse] && ++ name_is_valid (p_name[reverse]) && + name_is_valid (p_name[! reverse]))) + { + say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy"); diff --git a/SOURCES/patch-2.7.6-CVE-2018-6952.patch b/SOURCES/patch-2.7.6-CVE-2018-6952.patch new file mode 100644 index 0000000..4e93f93 --- /dev/null +++ b/SOURCES/patch-2.7.6-CVE-2018-6952.patch @@ -0,0 +1,13 @@ +diff --git a/src/pch.c b/src/pch.c +index e92bc64..a500ad9 100644 +--- a/src/pch.c ++++ b/src/pch.c +@@ -2122,7 +2122,7 @@ pch_swap (void) + } + if (p_efake >= 0) { /* fix non-freeable ptr range */ + if (p_efake <= i) +- n = p_end - i + 1; ++ n = p_end - p_ptrn_lines; + else + n = -i; + p_efake += n; diff --git a/SOURCES/patch-2.7.6-gcc8.patch b/SOURCES/patch-2.7.6-gcc8.patch new file mode 100644 index 0000000..9a96878 --- /dev/null +++ b/SOURCES/patch-2.7.6-gcc8.patch @@ -0,0 +1,58 @@ +diff -up patch-2.7.6/.me.orig patch-2.7.6/.me +diff -up patch-2.7.6/src/common.h.orig patch-2.7.6/src/common.h +--- patch-2.7.6/src/common.h.orig 2018-06-18 17:20:49.661363500 +0200 ++++ patch-2.7.6/src/common.h 2018-06-18 17:22:21.505841527 +0200 +@@ -221,3 +221,11 @@ bool merge_hunk (int hunk, struct outsta + #else + # define merge_hunk(hunk, outstate, where, somefailed) false + #endif ++ ++#ifndef FALLTHROUGH ++# if __GNUC__ < 7 ++# define FALLTHROUGH ((void) 0) ++# else ++# define FALLTHROUGH __attribute__ ((__fallthrough__)) ++# endif ++#endif +diff -up patch-2.7.6/src/patch.c.orig patch-2.7.6/src/patch.c +--- patch-2.7.6/src/patch.c.orig 2018-06-18 17:20:49.662363506 +0200 ++++ patch-2.7.6/src/patch.c 2018-06-18 17:22:21.507841538 +0200 +@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool re + break; + case ' ': case '-': case '+': case '!': + fprintf (rejfp, "%c ", pch_char (i)); +- /* fall into */ ++ FALLTHROUGH; + case '\n': + pch_write_line (i, rejfp); + break; +diff -up patch-2.7.6/src/pch.c.orig patch-2.7.6/src/pch.c +--- patch-2.7.6/src/pch.c.orig 2018-06-18 17:20:49.662363506 +0200 ++++ patch-2.7.6/src/pch.c 2018-06-18 17:24:00.694357762 +0200 +@@ -1742,7 +1742,7 @@ another_hunk (enum diff difftype, bool r + break; + case '=': + ch = ' '; +- /* FALL THROUGH */ ++ FALLTHROUGH; + case ' ': + if (fillsrc > p_ptrn_lines) { + free(s); +@@ -1763,7 +1763,7 @@ another_hunk (enum diff difftype, bool r + p_end = fillsrc-1; + return -1; + } +- /* FALL THROUGH */ ++ FALLTHROUGH; + case '+': + if (filldst > p_end) { + free(s); +@@ -2401,7 +2401,7 @@ do_ed_script (char const *inname, char c + size_t chars_read; + FILE *tmpfp = 0; + char const *tmpname; +- int tmpfd; ++ int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */ + pid_t pid; + + if (! dry_run && ! skip_rest_of_patch) diff --git a/SOURCES/patch-CVE-2018-1000156.patch b/SOURCES/patch-CVE-2018-1000156.patch new file mode 100644 index 0000000..ae132c8 --- /dev/null +++ b/SOURCES/patch-CVE-2018-1000156.patch @@ -0,0 +1,209 @@ +diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c +--- patch-2.7.6/src/pch.c.CVE-2018-1000156 2018-06-19 10:10:41.407826617 +0200 ++++ patch-2.7.6/src/pch.c 2018-06-19 10:11:01.200927524 +0200 +@@ -33,6 +33,7 @@ + # include + #endif + #include ++#include + + #define INITHUNKMAX 125 /* initial dynamic allocation size */ + +@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c + static char const editor_program[] = EDITOR_PROGRAM; + + file_offset beginning_of_this_line; +- FILE *pipefp = 0; + size_t chars_read; ++ FILE *tmpfp = 0; ++ char const *tmpname; ++ int tmpfd; ++ pid_t pid; ++ ++ if (! dry_run && ! skip_rest_of_patch) ++ { ++ /* Write ed script to a temporary file. This causes ed to abort on ++ invalid commands such as when line numbers or ranges exceed the ++ number of available lines. When ed reads from a pipe, it rejects ++ invalid commands and treats the next line as a new command, which ++ can lead to arbitrary command execution. */ ++ ++ tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0); ++ if (tmpfd == -1) ++ pfatal ("Can't create temporary file %s", quotearg (tmpname)); ++ tmpfp = fdopen (tmpfd, "w+b"); ++ if (! tmpfp) ++ pfatal ("Can't open stream for file %s", quotearg (tmpname)); ++ } + +- if (! dry_run && ! skip_rest_of_patch) { +- int exclusive = *outname_needs_removal ? 0 : O_EXCL; +- assert (! inerrno); +- *outname_needs_removal = true; +- copy_file (inname, outname, 0, exclusive, instat.st_mode, true); +- sprintf (buf, "%s %s%s", editor_program, +- verbosity == VERBOSE ? "" : "- ", +- outname); +- fflush (stdout); +- pipefp = popen(buf, binary_transput ? "wb" : "w"); +- if (!pipefp) +- pfatal ("Can't open pipe to %s", quotearg (buf)); +- } + for (;;) { + char ed_command_letter; + beginning_of_this_line = file_tell (pfp); +@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c + } + ed_command_letter = get_ed_command_letter (buf); + if (ed_command_letter) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (ed_command_letter != 'd' && ed_command_letter != 's') { + p_pass_comments_through = true; + while ((chars_read = get_line ()) != 0) { +- if (pipefp) +- if (! fwrite (buf, sizeof *buf, chars_read, pipefp)) ++ if (tmpfp) ++ if (! fwrite (buf, sizeof *buf, chars_read, tmpfp)) + write_fatal (); + if (chars_read == 2 && strEQ (buf, ".\n")) + break; +@@ -2435,13 +2442,50 @@ do_ed_script (char const *inname, char c + break; + } + } +- if (!pipefp) ++ if (!tmpfp) + return; +- if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0 +- || fflush (pipefp) != 0) ++ if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0 ++ || fflush (tmpfp) != 0) + write_fatal (); +- if (pclose (pipefp) != 0) +- fatal ("%s FAILED", editor_program); ++ ++ if (lseek (tmpfd, 0, SEEK_SET) == -1) ++ pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname)); ++ ++ if (! dry_run && ! skip_rest_of_patch) { ++ int exclusive = *outname_needs_removal ? 0 : O_EXCL; ++ *outname_needs_removal = true; ++ if (inerrno != ENOENT) ++ { ++ *outname_needs_removal = true; ++ copy_file (inname, outname, 0, exclusive, instat.st_mode, true); ++ } ++ sprintf (buf, "%s %s%s", editor_program, ++ verbosity == VERBOSE ? "" : "- ", ++ outname); ++ fflush (stdout); ++ ++ pid = fork(); ++ if (pid == -1) ++ pfatal ("Can't fork"); ++ else if (pid == 0) ++ { ++ dup2 (tmpfd, 0); ++ execl ("/bin/sh", "sh", "-c", buf, (char *) 0); ++ _exit (2); ++ } ++ else ++ { ++ int wstatus; ++ if (waitpid (pid, &wstatus, 0) == -1 ++ || ! WIFEXITED (wstatus) ++ || WEXITSTATUS (wstatus) != 0) ++ fatal ("%s FAILED", editor_program); ++ } ++ } ++ ++ fclose (tmpfp); ++ safe_unlink (tmpname); ++ free((char*) tmpname); + + if (ofp) + { +diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style +--- patch-2.7.6/tests/ed-style.CVE-2018-1000156 2018-06-19 10:10:41.409826627 +0200 ++++ patch-2.7.6/tests/ed-style 2018-06-19 11:28:43.354641294 +0200 +@@ -0,0 +1,40 @@ ++# Copyright (C) 2018 Free Software Foundation, Inc. ++# ++# Copying and distribution of this file, with or without modification, ++# in any medium, are permitted without royalty provided the copyright ++# notice and this notice are preserved. ++ ++. $srcdir/test-lib.sh ++ ++require cat ++use_local_patch ++use_tmpdir ++ ++# ============================================================== ++ ++cat > ed1.diff < ed2.diff < /dev/null 2> /dev/null || echo "Status: $?"' < + #include + ++#include ++ + #include + + #include +@@ -84,6 +86,7 @@ XTERN char *outfile; + XTERN int inerrno; + XTERN int invc; + XTERN struct stat instat; ++XTERN security_context_t incontext; + XTERN bool dry_run; + XTERN bool posixly_correct; + +diff -up patch-2.7.6/src/inp.c.selinux patch-2.7.6/src/inp.c +--- patch-2.7.6/src/inp.c.selinux 2017-09-04 12:34:16.000000000 +0100 ++++ patch-2.7.6/src/inp.c 2018-02-12 12:29:44.415225377 +0000 +@@ -145,7 +145,7 @@ get_input_file (char const *filename, ch + char *getbuf; + + if (inerrno == -1) +- inerrno = stat_file (filename, &instat); ++ inerrno = stat_file (filename, &instat, &incontext); + + /* Perhaps look for RCS or SCCS versions. */ + if (S_ISREG (file_type) +@@ -190,7 +190,7 @@ get_input_file (char const *filename, ch + } + + if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf, +- &instat)) ++ &instat, &incontext)) + inerrno = 0; + + free (getbuf); +@@ -201,6 +201,7 @@ get_input_file (char const *filename, ch + { + instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH; + instat.st_size = 0; ++ incontext = NULL; + } + else if (! ((S_ISREG (file_type) || S_ISLNK (file_type)) + && (file_type & S_IFMT) == (instat.st_mode & S_IFMT))) +diff -up patch-2.7.6/src/Makefile.am.selinux patch-2.7.6/src/Makefile.am +--- patch-2.7.6/src/Makefile.am.selinux 2017-09-04 12:34:16.000000000 +0100 ++++ patch-2.7.6/src/Makefile.am 2018-02-12 12:29:44.415225377 +0000 +@@ -37,7 +37,7 @@ patch_SOURCES = \ + + AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib + patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \ +- $(LIB_XATTR) $(LIB_EACCESS) ++ $(LIB_XATTR) $(LIB_EACCESS) -lselinux + + if ENABLE_MERGE + patch_SOURCES += merge.c +diff -up patch-2.7.6/src/Makefile.in.selinux patch-2.7.6/src/Makefile.in +--- patch-2.7.6/src/Makefile.in.selinux 2018-02-03 13:33:56.000000000 +0000 ++++ patch-2.7.6/src/Makefile.in 2018-02-12 12:29:44.415225377 +0000 +@@ -1147,7 +1147,7 @@ patch_SOURCES = bestmatch.h common.h inp + AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \ + $(am__append_2) + patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \ +- $(LIB_XATTR) $(LIB_EACCESS) ++ $(LIB_XATTR) $(LIB_EACCESS) -lselinux + + all: all-am + +diff -up patch-2.7.6/src/patch.c.selinux patch-2.7.6/src/patch.c +--- patch-2.7.6/src/patch.c.selinux 2018-02-03 12:41:49.000000000 +0000 ++++ patch-2.7.6/src/patch.c 2018-02-12 12:30:27.315164138 +0000 +@@ -269,19 +269,19 @@ main (int argc, char **argv) + if (! strcmp (inname, outname)) + { + if (inerrno == -1) +- inerrno = stat_file (inname, &instat); ++ inerrno = stat_file (inname, &instat, NULL); + outstat = instat; + outerrno = inerrno; + } + else +- outerrno = stat_file (outname, &outstat); ++ outerrno = stat_file (outname, &outstat, NULL); + + if (! outerrno) + { + if (has_queued_output (&outstat)) + { + output_files (&outstat); +- outerrno = stat_file (outname, &outstat); ++ outerrno = stat_file (outname, &outstat, NULL); + inerrno = -1; + } + if (! outerrno) +@@ -598,7 +598,7 @@ main (int argc, char **argv) + } + else + { +- attr |= FA_IDS | FA_MODE | FA_XATTRS; ++ attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT; + set_file_attributes (TMPOUTNAME, attr, inname, &instat, + mode, &new_time); + } +@@ -658,7 +658,7 @@ main (int argc, char **argv) + struct stat oldst; + int olderrno; + +- olderrno = stat_file (rej, &oldst); ++ olderrno = stat_file (rej, &oldst, NULL); + if (olderrno && olderrno != ENOENT) + write_fatal (); + if (! olderrno && lookup_file_id (&oldst) == CREATED) +@@ -1790,7 +1790,7 @@ delete_file_later (const char *name, con + + if (! st) + { +- if (stat_file (name, &st_tmp) != 0) ++ if (stat_file (name, &st_tmp, NULL) != 0) + pfatal ("Can't get file attributes of %s %s", "file", name); + st = &st_tmp; + } +diff -up patch-2.7.6/src/pch.c.selinux patch-2.7.6/src/pch.c +--- patch-2.7.6/src/pch.c.selinux 2018-02-03 12:41:49.000000000 +0000 ++++ patch-2.7.6/src/pch.c 2018-02-12 12:29:44.416225375 +0000 +@@ -1,6 +1,6 @@ + /* reading patches */ + +-/* Copyright (C) 1986, 1987, 1988 Larry Wall ++/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall + + Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software + Foundation, Inc. +@@ -296,7 +296,7 @@ there_is_another_patch (bool need_header + if (t > buf + 1 && *(t - 1) == '\n') + { + inname = xmemdup0 (buf, t - buf - 1); +- inerrno = stat_file (inname, &instat); ++ inerrno = stat_file (inname, &instat, &incontext); + if (inerrno) + { + perror (inname); +@@ -433,6 +433,7 @@ intuit_diff_type (bool need_header, mode + bool extended_headers = false; + enum nametype i; + struct stat st[3]; ++ security_context_t con[3]; + int stat_errno[3]; + int version_controlled[3]; + enum diff retval; +@@ -473,6 +474,7 @@ intuit_diff_type (bool need_header, mode + version_controlled[OLD] = -1; + version_controlled[NEW] = -1; + version_controlled[INDEX] = -1; ++ con[OLD] = con[NEW] = con[INDEX] = NULL; + p_rfc934_nesting = 0; + p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1; + p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0; +@@ -883,7 +885,7 @@ intuit_diff_type (bool need_header, mode + } + else + { +- stat_errno[i] = stat_file (p_name[i], &st[i]); ++ stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]); + if (! stat_errno[i]) + { + if (lookup_file_id (&st[i]) == DELETE_LATER) +@@ -922,7 +924,7 @@ intuit_diff_type (bool need_header, mode + if (cs) + { + if (version_get (p_name[i], cs, false, readonly, +- getbuf, &st[i])) ++ getbuf, &st[i], &con[i])) + stat_errno[i] = 0; + else + version_controlled[i] = 0; +@@ -985,7 +987,7 @@ intuit_diff_type (bool need_header, mode + { + if (inname) + { +- inerrno = stat_file (inname, &instat); ++ inerrno = stat_file (inname, &instat, &incontext); + if (inerrno || (instat.st_mode & S_IFMT) == file_type) + maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0); + } +@@ -998,8 +1000,14 @@ intuit_diff_type (bool need_header, mode + inerrno = stat_errno[i]; + invc = version_controlled[i]; + instat = st[i]; ++ incontext = con[i]; ++ con[i] = NULL; + } + ++ for (i = OLD; i <= INDEX; i++) ++ if (con[i]) ++ freecon (con[i]); ++ + return retval; + } + +diff -up patch-2.7.6/src/util.c.selinux patch-2.7.6/src/util.c +--- patch-2.7.6/src/util.c.selinux 2018-02-03 12:41:49.000000000 +0000 ++++ patch-2.7.6/src/util.c 2018-02-12 12:29:44.417225374 +0000 +@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu + S_ISLNK (mode) ? "symbolic link" : "file", + quotearg (to)); + } ++ if (attr & FA_SECCONTEXT) ++ { ++ security_context_t outcontext; ++ if (incontext && getfilecon (to, &outcontext) != -1 && outcontext) ++ { ++ if (strcmp (outcontext, incontext) && ++ setfilecon (to, incontext) != 0) ++ { ++ freecon (outcontext); ++ if (errno != ENOTSUP && errno != EPERM) ++ pfatal ("Can't set security context on file %s", ++ quotearg (to)); ++ } ++ else ++ freecon (outcontext); ++ } ++ } + } + + static void +@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_ + struct stat to_st; + int to_errno; + +- to_errno = stat_file (to, &to_st); ++ to_errno = stat_file (to, &to_st, NULL); + if (backup) + create_backup (to, to_errno ? NULL : &to_st, false); + if (! to_errno) +@@ -818,7 +835,8 @@ version_controller (char const *filename + Return true if successful. */ + bool + version_get (char const *filename, char const *cs, bool exists, bool readonly, +- char const *getbuf, struct stat *filestat) ++ char const *getbuf, struct stat *filestat, ++ security_context_t *filecontext) + { + if (patch_get < 0) + { +@@ -843,6 +861,13 @@ version_get (char const *filename, char + fatal ("Can't get file %s from %s", quotearg (filename), cs); + if (safe_stat (filename, filestat) != 0) + pfatal ("%s", quotearg (filename)); ++ if (filecontext && getfilecon (filename, filecontext) == -1) ++ { ++ if (errno == ENODATA || errno == ENOTSUP) ++ *filecontext = NULL; ++ else ++ pfatal ("%s", quotearg (filename)); ++ } + } + + return 1; +@@ -1670,12 +1695,28 @@ make_tempfile (char const **name, char l + return fd; + } + +-int stat_file (char const *filename, struct stat *st) ++int stat_file (char const *filename, struct stat *st, security_context_t *con) + { + int (*xstat)(char const *, struct stat *) = + follow_symlinks ? safe_stat : safe_lstat; ++ int (*xgetfilecon)(char const *, security_context_t *) = ++ follow_symlinks ? getfilecon : lgetfilecon; ++ ++ if (xstat (filename, st) == 0) ++ { ++ if (con) ++ { ++ if (xgetfilecon (filename, con) != -1 || ++ errno == ENODATA || errno == ENOTSUP) ++ return 0; + +- return xstat (filename, st) == 0 ? 0 : errno; ++ *con = NULL; ++ } ++ else ++ return 0; ++ } ++ ++ return errno; + } + + /* Check if a filename is relative and free of ".." components. +diff -up patch-2.7.6/src/util.h.selinux patch-2.7.6/src/util.h +--- patch-2.7.6/src/util.h.selinux 2018-02-03 12:41:49.000000000 +0000 ++++ patch-2.7.6/src/util.h 2018-02-12 12:30:08.533190949 +0000 +@@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha + char *savebuf (char const *, size_t); + char *savestr (char const *); + char const *version_controller (char const *, bool, struct stat const *, char **, char **); +-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *); ++bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *); + int create_file (char const *, int, mode_t, bool); + int systemic (char const *); + char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin); +@@ -67,7 +67,7 @@ void insert_file_id (struct stat const * + enum file_id_type lookup_file_id (struct stat const *); + void set_queued_output (struct stat const *, bool); + bool has_queued_output (struct stat const *); +-int stat_file (char const *, struct stat *); ++int stat_file (char const *, struct stat *, security_context_t *); + bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE; + bool cwd_is_root (char const *); + +@@ -75,7 +75,8 @@ enum file_attributes { + FA_TIMES = 1, + FA_IDS = 2, + FA_MODE = 4, +- FA_XATTRS = 8 ++ FA_XATTRS = 8, ++ FA_SECCONTEXT = 16 + }; + + void set_file_attributes (char const *, enum file_attributes, char const *, diff --git a/SPECS/patch.spec b/SPECS/patch.spec new file mode 100644 index 0000000..0adcd82 --- /dev/null +++ b/SPECS/patch.spec @@ -0,0 +1,402 @@ +%global gnulib_ver 20180203 + +Summary: Utility for modifying/upgrading files +Name: patch +Version: 2.7.6 +Release: 8%{?dist} +License: GPLv3+ +URL: http://www.gnu.org/software/patch/patch.html +Group: Development/Tools +Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz +Patch1: patch-2.7.6-CVE-2018-6951.patch +Patch2: patch-CVE-2018-1000156.patch +Patch3: patch-2.7.6-gcc8.patch +Patch4: patch-2.7.6-CVE-2018-6952.patch +Patch100: patch-selinux.patch +BuildRequires: libselinux-devel +BuildRequires: libattr-devel +BuildRequires: ed +BuildRequires: automake autoconf + +Provides: bundled(gnulib) = %{gnulib_ver} + +%description +The patch program applies diff files to originals. The diff command +is used to compare an original to a changed file. Diff lists the +changes made to the file. A person who has the original file can then +use the patch command with the diff file to add the changes to their +original file (patching the file). + +Patch should be installed because it is a common way of upgrading +applications. + +%prep +%setup -q + +# CVE-2018-6951, NULL pointer dereference causes a crash +%patch1 -p1 -b .CVE-2018-6951 + +# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands +%patch2 -p1 -b .CVE-2018-1000156 + +# Fix to build with gcc8 +%patch3 -p1 -b .gcc8 + +# CVE-2018-6952, Double free of memory +%patch4 -p1 -b .CVE-2018-6952 + +# SELinux support. +%patch100 -p1 -b .selinux + +%build +CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" +%ifarch sparcv9 +CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'` +%endif +%configure --disable-silent-rules +make %{?_smp_mflags} + +%check +make check + +%install +rm -rf $RPM_BUILD_ROOT +%makeinstall + +%files +%defattr(-,root,root,-) +%license COPYING +%doc NEWS README +%{_bindir}/* +%{_mandir}/*/* + +%changelog +* Tue Nov 27 2018 Than Ngo - 2.7.6-8 +- Added virtual provides for bundled gnulib library + +* Wed Sep 12 2018 Than Ngo - 2.7.6-7 +- Resolves: #1554752, CVE-2018-6952 Double free of memory + +* Mon Jun 18 2018 Than Ngo - 2.7.6-6 +- avoid warnings from GCC8 + +* Mon Apr 09 2018 Than Ngo - 2.7.6-5 +- fixed CVE-2018-1000156 + +* Tue Mar 13 2018 Than Ngo - 2.7.6-4 +- apply the patch for CVE-2018-6951 + +* Mon Feb 12 2018 Tim Waugh - 2.7.6-3 +- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952). + +* Thu Feb 08 2018 Fedora Release Engineering - 2.7.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 2.7.5-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.7.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Feb 01 2017 Stephen Gallagher - 2.7.5-4 +- Add missing %%license macro + +* Thu Feb 04 2016 Fedora Release Engineering - 2.7.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Jun 18 2015 Fedora Release Engineering - 2.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Mar 9 2015 Tim Waugh - 2.7.5-1 +- Fixed memory leak in selinux patch. +- 2.7.5, including an even better fix for CVE-2015-1196 that still + allows relative symlinks to be created/used. + +* Sat Feb 21 2015 Till Maas - 2.7.4-2 +- Rebuilt for Fedora 23 Change + https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code + +* Sun Feb 1 2015 Tim Waugh - 2.7.4-1 +- 2.7.4, including a better fix for CVE-2015-1196 that still allows + symlinks referencing ".." to be created. + +* Fri Jan 23 2015 Tim Waugh - 2.7.3-1 +- 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637). + +* Tue Jan 20 2015 Tim Waugh - 2.7.1-12 +- Apply upstream patch to fix line numbering integer overflow. + +* Tue Jan 20 2015 Tim Waugh - 2.7.1-11 +- Apply upstream patch to fix directory traversal via symlinks + (bug #1182157, CVE-2015-1196). + +* Sun Aug 17 2014 Fedora Release Engineering - 2.7.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Jun 06 2014 Fedora Release Engineering - 2.7.1-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat Aug 03 2013 Fedora Release Engineering - 2.7.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jun 12 2013 Tim Waugh 2.7.1-6 +- Don't segfault when given bad arguments (bug #972330). + +* Thu Apr 11 2013 Tim Waugh 2.7.1-5 +- Don't document unsupported -m option; document -x option (bug #948972). + +* Mon Mar 25 2013 Ville Skyttä - 2.7.1-4 +- Build with xattr support. +- Make build output more verbose. +- Fix bogus date in %%changelog. + +* Mon Mar 11 2013 Tim Waugh 2.7.1-3 +- Upstream patch to fix removal of empty directories (bug #919489). + +* Thu Feb 14 2013 Fedora Release Engineering - 2.7.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Oct 18 2012 Tim Waugh 2.7.1-1 +- Fixed license (since 2.6 it has been GPLv3+). +- 2.7.1. + +* Thu Oct 18 2012 Tim Waugh 2.7-1 +- 2.7. No longer need sigsegv, get-arg, CVE-2010-4651, + backup-if-mismatch or coverity-leak patches. + +* Fri Jul 20 2012 Fedora Release Engineering - 2.6.1-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 2.6.1-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Nov 25 2011 Tim Waugh 2.6.1-11 +- Fixed NULL dereference in selinux patch. + +* Mon May 16 2011 Tim Waugh 2.6.1-10 +- Applied Jiri Popelka's fixes from Coverity scan (bug #704554): + - Avoid unchecked return from getfilecon() in patch-selinux.patch. + - Fix memory leak. + +* Wed Feb 16 2011 Tim Waugh 2.6.1-9 +- Let --posix cause --no-backup-if-mismatch (bug #678016). + +* Thu Feb 10 2011 Tim Waugh 2.6.1-8 +- Incorporate upstream fix for CVE-2010-4651 patch so that a target + name given on the command line is not validated (bug #667529). + +* Tue Feb 8 2011 Tim Waugh 2.6.1-7 +- Applied upstream patch to fix CVE-2010-4651 so that malicious + patches cannot create files above the current directory + (bug #667529). + +* Tue Jan 4 2011 Tim Waugh 2.6.1-6 +- Use smp_mflags correctly (bug #665770). + +* Mon Aug 16 2010 Tim Waugh 2.6.1-5 +- Another fix for the selinux patch (bug #618215). + +* Fri Aug 6 2010 Tim Waugh 2.6.1-4 +- Fixed interpretation of return value from getfilecon(). +- Fixed argument type for --get (bug #553624). + +* Fri Aug 6 2010 Dennis Gilmore +- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now + +* Tue Jul 27 2010 Tim Waugh 2.6.1-3 +- Fixed argument type for --get (bug #553624). + +* Wed Mar 3 2010 Tim Waugh 2.6.1-2 +- Added comments for all patches. +- Ship COPYING file. +- Removed sparc ifdefs in spec file. + +* Mon Jan 4 2010 Tim Waugh 2.6.1-1 +- 2.6.1 (bug #551569). No longer need best-name patch. + +* Thu Dec 24 2009 Tim Waugh 2.6-2 +- Applied upstream patch to prevent incorrect filename being chosen + when adding a new file (bug #549122). + +* Mon Nov 16 2009 Tim Waugh 2.6-1 +- 2.6. No longer need stderr, suffix, stripcr, parse, allow-spaces, + ifdef, program_name, or posix-backup patches. + +* Sat Jul 25 2009 Fedora Release Engineering - 2.5.4-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Apr 29 2009 Tim Waugh 2.5.4-39 +- Fixed operation when SELinux is disabled (bug #498102). Patch from + Jan Kratochvil. + +* Thu Feb 26 2009 Fedora Release Engineering - 2.5.4-38 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Feb 17 2009 Tim Waugh 2.5.4-37 +- Don't set SELinux file context if it is already correct. + +* Mon Nov 24 2008 Tim Waugh 2.5.4-36 +- Better summary. + +* Mon Jun 30 2008 Tim Waugh 2.5.4-35 +- Don't fail if setfilecon() returns EPERM (bug #453365), although the + setfilecon man page suggests that ENOTSUP will be returned in this + case. + +* Mon Jun 16 2008 Tim Waugh 2.5.4-34 +- Only write simple backups for each file once during a run + (bug #234822). + +* Thu Jun 12 2008 Tim Waugh 2.5.4-33 +- Fix selinux patch and apply it. Build requires libselinux-devel. + +* Fri Feb 8 2008 Tim Waugh 2.5.4-32 +- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887). + +* Mon Dec 3 2007 Tim Waugh 2.5.4-31 +- Convert spec file to UTF-8 (bug #226233). +- Use _bindir macro in %%files (bug #226233). +- Parallel make (bug #226233). +- Better defattr declaration (bug #226233). + +* Thu Oct 4 2007 Tim Waugh +- Beginnings of an SELinux patch (bug #165799); not applied yet. + +* Wed Aug 29 2007 Tim Waugh 2.5.4-30 +- Added dist tag. +- More specific license tag. +- Fixed summary. +- Better buildroot tag. + +* Wed Jul 12 2006 Jesse Keating - 2.5.4-29.2.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 2.5.4-29.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.5.4-29.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Sep 8 2005 Tim Waugh 2.5.4-29 +- Remove SELinux patch for now (bug #167822). + +* Wed Sep 7 2005 Tim Waugh 2.5.4-27 +- Applied patch from Ulrich Drepper to fix string overread (bug #167675). + +* Tue Sep 6 2005 Tim Waugh 2.5.4-26 +- Preserve SELinux file contexts (bug #165799). + +* Thu Aug 11 2005 Tim Waugh 2.5.4-25 +- Fixed CRLF detection (bug #154283). + +* Wed May 4 2005 Tim Waugh 2.5.4-24 +- Reverted last change (bug #154283, bug #156762). + +* Fri Apr 29 2005 Tim Waugh 2.5.4-23 +- Applied patch from Toshio Kuratomi to avoid problems with DOS-format + newlines (bug #154283). + +* Wed Mar 2 2005 Tim Waugh 2.5.4-22 +- Rebuild for new GCC. + +* Wed Feb 9 2005 Tim Waugh 2.5.4-21 +- Rebuilt. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Sat Oct 25 2003 Tim Waugh 2.5.4-18 +- Rebuilt. + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Nov 20 2002 Tim Powers +- rebuilt in current collinst + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Tue Apr 9 2002 Tim Waugh 2.5.4-12 +- Fix error reporting when given bad options (bug #62981). + +* Tue Mar 5 2002 Tim Waugh 2.5.4-11 +- s/Copyright:/License:/. +- Fix -D behaviour (bug #60688). + +* Tue May 29 2001 Tim Waugh 2.5.4-10 +- Merge Mandrake patch: + - fix possible segfault + +* Fri Dec 1 2000 Tim Waugh +- Rebuild because of fileutils bug. + +* Thu Nov 2 2000 Tim Waugh +- use .orig as default suffix, as per man page and previous behaviour + (bug #20202). +- use better patch for this, from maintainer. + +* Wed Oct 4 2000 Tim Waugh +- actually use the RPM_OPT_FLAGS + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Tue Jun 13 2000 Trond Eivind Glomsrød +- Use %%makeinstall, %%{_tmppath} and %%{_mandir} + +* Fri May 12 2000 Trond Eivind Glomsrød +- added URL + +* Wed Feb 16 2000 Bernhard Rosenkraenzer +- 2.5.4 +- Fix up LFS support on Alpha (Bug #5732) + +* Mon Feb 7 2000 Bill Nottingham +- handle compressed manpages + +* Sun Jun 06 1999 Alan Cox +- Fix the case where stderr isnt flushed for ask(). Now the 'no such file' + appears before the skip patch question, not at the very end, Doh! + +* Mon Mar 22 1999 Jeff Johnson +- (ultra?) sparc was getting large file system support. + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 7) + +* Fri Dec 18 1998 Cristian Gafton +- build against glibc 2.1 + +* Tue Sep 1 1998 Jeff Johnson +- bump release to preserve newer than back-ported 4.2. + +* Tue Jun 09 1998 Prospector System +- translations modified for de, fr + +* Tue Jun 9 1998 Jeff Johnson +- Fix for problem #682 segfault. + +* Fri Apr 24 1998 Prospector System +- translations modified for de, fr, tr + +* Tue Apr 07 1998 Cristian Gafton +- added buildroot + +* Tue Oct 21 1997 Cristian Gafton +- updated to 2.5 + +* Mon Jun 02 1997 Erik Troan +- built against glibc