SOURCES/patch-2.7.6-CVE-2018-17942.patch

@@ -0,0 +1,14 @@
+diff -up patch-2.7.6/lib/vasnprintf.c.me patch-2.7.6/lib/vasnprintf.c
+--- patch-2.7.6/lib/vasnprintf.c.me	2018-11-26 14:02:03.401718842 +0100
++++ patch-2.7.6/lib/vasnprintf.c	2018-11-26 14:03:02.923913446 +0100
+@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extr
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;

SOURCES/patch-2.7.6-CVE-2018-20969.patch

@@ -1,23 +0,0 @@
-diff -up patch-2.7.6/src/pch.c.CVE-2018-20969 patch-2.7.6/src/pch.c
---- patch-2.7.6/src/pch.c.CVE-2018-20969	2019-09-02 15:40:09.087994204 +0200
-+++ patch-2.7.6/src/pch.c	2019-09-02 15:42:23.486485786 +0200
-@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
- 	    *outname_needs_removal = true;
- 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
- 	  }
--	sprintf (buf, "%s %s%s", editor_program,
--		 verbosity == VERBOSE ? "" : "- ",
--		 outname);
- 	fflush (stdout);
- 
- 	pid = fork();
-@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
- 	else if (pid == 0)
- 	  {
- 	    dup2 (tmpfd, 0);
--	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
-+	    assert (outname[0] != '!' && outname[0] != '-');
-+	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
- 	    _exit (2);
- 	  }
- 	else

SOURCES/patch-2.7.6-CVE-2018-6951.patch

@@ -1,13 +0,0 @@
-diff -up patch-2.7.6/src/pch.c.than patch-2.7.6/src/pch.c
---- patch-2.7.6/src/pch.c.than	2018-03-13 11:12:44.726307967 +0100
-+++ patch-2.7.6/src/pch.c	2018-03-13 11:13:34.203449789 +0100
-@@ -976,7 +976,8 @@ intuit_diff_type (bool need_header, mode
-     if ((pch_rename () || pch_copy ())
- 	&& ! inname
- 	&& ! ((i == OLD || i == NEW) &&
--	      p_name[! reverse] &&
-+	      p_name[reverse] && p_name[! reverse] &&
-+	      name_is_valid (p_name[reverse]) &&
- 	      name_is_valid (p_name[! reverse])))
-       {
- 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

SOURCES/patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch

@@ -0,0 +1,25 @@
+commit 9c986353e420ead6e706262bf204d6e03322c300
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Aug 17 13:35:40 2018 +0200
+
+    Fix swapping fake lines in pch_swap
+    
+    * src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+    blank line in the middle of a context-diff hunk: that empty line stays
+    in the middle of the hunk and isn't swapped.
+    
+    Fixes: https://savannah.gnu.org/bugs/index.php?53133
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;

SOURCES/patch-2.7.6-CVE-2018-6952.patch

@@ -1,13 +0,0 @@
-diff --git a/src/pch.c b/src/pch.c
-index e92bc64..a500ad9 100644
---- a/src/pch.c
-+++ b/src/pch.c
-@@ -2122,7 +2122,7 @@ pch_swap (void)
-     }
-     if (p_efake >= 0) {			/* fix non-freeable ptr range */
- 	if (p_efake <= i)
--	    n = p_end - i + 1;
-+	    n = p_end - p_ptrn_lines;
- 	else
- 	    n = -i;
- 	p_efake += n;

SOURCES/patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch

@@ -0,0 +1,33 @@
+commit 3fcd042d26d70856e826a42b5f93dc4854d80bf0
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 19:36:15 2018 +0200
+
+    Invoke ed directly instead of using the shell
+    
+    * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+    command to avoid quoting vulnerabilities.
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ 	    *outname_needs_removal = true;
+ 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ 	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+ 	fflush (stdout);
+ 
+ 	pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ 	else if (pid == 0)
+ 	  {
+ 	    dup2 (tmpfd, 0);
+-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    assert (outname[0] != '!' && outname[0] != '-');
++	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+ 	    _exit (2);
+ 	  }
+ 	else

SOURCES/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch

@@ -0,0 +1,28 @@
+commit b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 11:34:51 2018 +0200
+
+    Allow input files to be missing for ed-style patches
+    
+    * src/pch.c (do_ed_script): Allow input files to be missing so that new
+    files will be created as with non-ed-style patches.
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+ 
+     if (! dry_run && ! skip_rest_of_patch) {
+ 	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
+ 	sprintf (buf, "%s %s%s", editor_program,
+ 		 verbosity == VERBOSE ? "" : "- ",
+ 		 outname);

SOURCES/patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch

@@ -0,0 +1,21 @@
+commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Mon Jul 15 19:10:02 2019 +0200
+
+    Avoid invalid memory access in context format diffs
+    
+    * src/pch.c (another_hunk): Avoid invalid memory access in context format
+    diffs.
+
+diff --git a/src/pch.c b/src/pch.c
+index a500ad9..cb54e03 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		  ptrn_prefix_context = context;
+ 		ptrn_suffix_context = context;
+ 		if (repl_beginning
++		    || p_end <= 0
+ 		    || (p_end
+ 			!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
+ 		  {

SOURCES/patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch

@@ -0,0 +1,24 @@
+commit 3bbebbb29f6fbbf2988b9f2e75695b7c0b1f1c9b
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 12:01:22 2018 +0100
+
+    Avoid set_file_attributes sign conversion warnings
+    
+    * src/util.c (set_file_attributes): Avoid sign conversion warnings when
+    assigning -1 to uid_t / gid_t.
+
+diff --git a/src/util.c b/src/util.c
+index b1c7266..1cc08ba 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -256,8 +256,8 @@ set_file_attributes (char const *to, enum file_attributes attr,
+     }
+   if (attr & FA_IDS)
+     {
+-      static uid_t euid = -1;
+-      static gid_t egid = -1;
++      static uid_t euid = (uid_t)-1;
++      static gid_t egid = (gid_t)-1;
+       uid_t uid;
+       uid_t gid;
+ 

SOURCES/patch-2.7.6-avoid-warnings-gcc8.patch

@@ -0,0 +1,85 @@
+commit ae81be0024ea4eaf139b7ba57e9a8ce9e4a163ec
+Author: Jim Meyering <jim@meyering.net>
+Date:   Fri Apr 6 17:17:11 2018 -0700
+
+    maint: avoid warnings from GCC8
+    
+    Hi Andreas,
+    
+    I configured with --enable-gcc-warnings and bleeding-edge gcc
+    (version 8.0.1 20180406) and hit some warning-escalated-to-errors.
+    This fixes them:
+    
+    >From a71ddb200dbe7ac0f9258796b5a51979b2740e88 Mon Sep 17 00:00:00 2001
+    From: Jim Meyering <meyering@fb.com>
+    Date: Fri, 6 Apr 2018 16:47:00 -0700
+    Subject: [PATCH] maint: avoid warnings from GCC8
+    
+    * src/common.h (FALLTHROUGH): Define.
+    * src/patch.c (abort_hunk_context): Use FALLTHROUGH macro in place of
+    a comment.  This avoids a warning from -Wimplicit-fallthrough=.
+    * src/pch.c (do_ed_script): Add otherwise unnecessary initialization
+    to avoid warning from -Wmaybe-uninitialized.
+    (another_hunk): Use FALLTHROUGH macro here, too, twice.
+
+diff --git a/src/common.h b/src/common.h
+index ec50b40..904a3f8 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -218,3 +218,11 @@ bool merge_hunk (int hunk, struct outstate *, lin where, bool *);
+ #else
+ # define merge_hunk(hunk, outstate, where, somefailed) false
+ #endif
++
++#ifndef FALLTHROUGH
++# if __GNUC__ < 7
++#  define FALLTHROUGH ((void) 0)
++# else
++#  define FALLTHROUGH __attribute__ ((__fallthrough__))
++# endif
++#endif
+diff --git a/src/patch.c b/src/patch.c
+index 0fe6d72..1ae91d9 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool reverse)
+ 	    break;
+ 	case ' ': case '-': case '+': case '!':
+ 	    fprintf (rejfp, "%c ", pch_char (i));
+-	    /* fall into */
++	    FALLTHROUGH;
+ 	case '\n':
+ 	    pch_write_line (i, rejfp);
+ 	    break;
+diff --git a/src/pch.c b/src/pch.c
+index 1055542..cda3dfa 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1735,7 +1735,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		break;
+ 	    case '=':
+ 		ch = ' ';
+-		/* FALL THROUGH */
++		FALLTHROUGH;
+ 	    case ' ':
+ 		if (fillsrc > p_ptrn_lines) {
+ 		    free(s);
+@@ -1756,7 +1756,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		    p_end = fillsrc-1;
+ 		    return -1;
+ 		}
+-		/* FALL THROUGH */
++		FALLTHROUGH;
+ 	    case '+':
+ 		if (filldst > p_end) {
+ 		    free(s);
+@@ -2394,8 +2394,7 @@ do_ed_script (char const *inname, char const *outname,
+     size_t chars_read;
+     FILE *tmpfp = 0;
+     char const *tmpname;
+-    int tmpfd;
+-    pid_t pid;
++    int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
+     int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+     char const **ed_argv;
+     int stdin_dup, status;

SOURCES/patch-2.7.6-check-of-return-value-of-fwrite.patch

@@ -0,0 +1,75 @@
+commit 1e9104c18019e7dc6b5590aea4b1d4f9d8ecfd56
+Author: Bruno Haible <bruno@clisp.org>
+Date:   Sat Apr 7 12:21:04 2018 +0200
+
+    Fix check of return value of fwrite().
+    
+    * src/patch.c (copy_till): Consider incomplete fwrite() write as an error.
+    * src/pch.c (pch_write_line, do_ed_script): Likewise.
+
+diff --git a/src/patch.c b/src/patch.c
+index 1ae91d9..3fcaec5 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -2,7 +2,7 @@
+ 
+ /* Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall
+ 
+-   Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2012 Free Software
++   Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2018 Free Software
+    Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+@@ -1641,7 +1641,7 @@ copy_till (struct outstate *outstate, lin lastline)
+ 	if (size)
+ 	  {
+ 	    if ((! outstate->after_newline  &&  putc ('\n', fp) == EOF)
+-		|| ! fwrite (s, sizeof *s, size, fp))
++		|| fwrite (s, sizeof *s, size, fp) < size)
+ 	      write_fatal ();
+ 	    outstate->after_newline = s[size - 1] == '\n';
+ 	    outstate->zero_output = false;
+diff --git a/src/pch.c b/src/pch.c
+index cda3dfa..79a3c99 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2279,8 +2279,11 @@ pfetch (lin line)
+ bool
+ pch_write_line (lin line, FILE *file)
+ {
+-  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
+-  if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
++  bool after_newline =
++    (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
++
++  if (fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)
++      < p_len[line])
+     write_fatal ();
+   return after_newline;
+ }
+@@ -2427,13 +2430,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+ 	    if (tmpfp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
++		if (fwrite (buf, sizeof *buf, chars_read, tmpfp) < chars_read)
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+ 		    if (tmpfp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
++			if (fwrite (buf, sizeof *buf, chars_read, tmpfp)
++			    < chars_read)
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2448,7 +2452,7 @@ do_ed_script (char const *inname, char const *outname,
+     }
+     if (dry_run || skip_rest_of_patch)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4
+ 	|| fflush (tmpfp) != 0)
+       write_fatal ();
+ 

SOURCES/patch-2.7.6-cleanups-in-do_ed_script.patch

@@ -0,0 +1,91 @@
+commit 2a32bf09f5e9572da4be183bb0dbde8164351474
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 20:32:46 2018 +0200
+
+    Minor cleanups in do_ed_script
+    
+    * src/pch.c (do_ed_script): Minor cleanups.
+
+diff --git a/src/pch.c b/src/pch.c
+index 1f14624..1055542 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2396,6 +2396,10 @@ do_ed_script (char const *inname, char const *outname,
+     char const *tmpname;
+     int tmpfd;
+     pid_t pid;
++    int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++    char const **ed_argv;
++    int stdin_dup, status;
++
+ 
+     if (! dry_run && ! skip_rest_of_patch)
+       {
+@@ -2443,7 +2447,7 @@ do_ed_script (char const *inname, char const *outname,
+ 	    break;
+ 	}
+     }
+-    if (!tmpfp)
++    if (dry_run || skip_rest_of_patch)
+       return;
+     if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ 	|| fflush (tmpfp) != 0)
+@@ -2452,36 +2456,29 @@ do_ed_script (char const *inname, char const *outname,
+     if (lseek (tmpfd, 0, SEEK_SET) == -1)
+       pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	char const **ed_argv;
+-	int stdin_dup, status;
+-
++    if (inerrno != ENOENT)
++      {
+ 	*outname_needs_removal = true;
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
+-	fflush (stdout);
+-
+-	if ((stdin_dup = dup (0)) == -1
+-	    || dup2 (tmpfd, 0) == -1)
+-	  pfatal ("Failed to duplicate standard input");
+-	assert (outname[0] != '!' && outname[0] != '-');
+-	ed_argv = alloca (4 * sizeof * ed_argv);
+-	ed_argv[0] = editor_program;
+-	ed_argv[1] = "-";
+-	ed_argv[2] = outname;
+-	ed_argv[3] = (char  *) NULL;
+-	status = execute (editor_program, editor_program, (char **)ed_argv,
+-			  false, false, false, false, true, false, NULL);
+-	if (status)
+-	  fatal ("%s FAILED", editor_program);
+-	if (dup2 (stdin_dup, 0) == -1
+-	    || close (stdin_dup) == -1)
+-	  pfatal ("Failed to duplicate standard input");
+-    }
++	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++      }
++    fflush (stdout);
++
++    if ((stdin_dup = dup (0)) == -1
++	|| dup2 (tmpfd, 0) == -1)
++      pfatal ("Failed to duplicate standard input");
++    assert (outname[0] != '!' && outname[0] != '-');
++    ed_argv = alloca (4 * sizeof * ed_argv);
++    ed_argv[0] = editor_program;
++    ed_argv[1] = "-";
++    ed_argv[2] = outname;
++    ed_argv[3] = (char  *) NULL;
++    status = execute (editor_program, editor_program, (char **)ed_argv,
++		      false, false, false, false, true, false, NULL);
++    if (status)
++      fatal ("%s FAILED", editor_program);
++    if (dup2 (stdin_dup, 0) == -1
++	|| close (stdin_dup) == -1)
++      pfatal ("Failed to duplicate standard input");
+ 
+     fclose (tmpfp);
+     safe_unlink (tmpname);

SOURCES/patch-2.7.6-crash-RLIMIT_NOFILE.patch

@@ -0,0 +1,84 @@
+commit 61d7788b83b302207a67b82786f4fd79e3538f30
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:10:43 2019 +0200
+
+    Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+    
+    * src/safe.c (min_cached_fds): Define minimum number of cached dir file
+    descriptors.
+    (max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
+    (init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
+    RLIM_INFINITY.  Set the initial hash table size to min_cached_fds, independent
+    of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
+    hash table will usually suffice; if needed, the hash table will grow.
+    (insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
+    RLIM_INFINITY.
+
+diff --git a/src/safe.c b/src/safe.c
+index 5a7202f..f147b0e 100644
+--- a/src/safe.c
++++ b/src/safe.c
+@@ -67,7 +67,8 @@ struct cached_dirfd {
+ };
+ 
+ static Hash_table *cached_dirfds = NULL;
+-static size_t max_cached_fds;
++static rlim_t min_cached_fds = 8;
++static rlim_t max_cached_fds;
+ LIST_HEAD (lru_list);
+ 
+ static size_t hash_cached_dirfd (const void *entry, size_t table_size)
+@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
+ {
+   struct rlimit nofile;
+ 
+-  max_cached_fds = 8;
+   if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
+-    max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
++    {
++      if (nofile.rlim_cur == RLIM_INFINITY)
++        max_cached_fds = RLIM_INFINITY;
++      else
++	max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
++    }
++  else
++    max_cached_fds = min_cached_fds;
+ 
+-  cached_dirfds = hash_initialize (max_cached_fds,
++  cached_dirfds = hash_initialize (min_cached_fds,
+ 				   NULL,
+ 				   hash_cached_dirfd,
+ 				   compare_cached_dirfds,
+@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
+   if (cached_dirfds == NULL)
+     init_dirfd_cache ();
+ 
+-  /* Trim off the least recently used entries */
+-  while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
++  if (max_cached_fds != RLIM_INFINITY)
+     {
+-      struct cached_dirfd *last =
+-	list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+-      if (&last->lru_link == &lru_list)
+-	break;
+-      if (last->fd == keepfd)
++      /* Trim off the least recently used entries */
++      while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ 	{
+-	  last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++	  struct cached_dirfd *last =
++	    list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+ 	  if (&last->lru_link == &lru_list)
+ 	    break;
++	  if (last->fd == keepfd)
++	    {
++	      last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++	      if (&last->lru_link == &lru_list)
++		break;
++	    }
++	  remove_cached_dirfd (last);
+ 	}
+-      remove_cached_dirfd (last);
+     }
+ 
+   /* Only insert if the parent still exists. */

SOURCES/patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch

@@ -0,0 +1,95 @@
+commit 19599883ffb6a450d2884f081f8ecf68edbed7ee
+Author: Jean Delvare <jdelvare@suse.de>
+Date:   Thu May 3 14:31:55 2018 +0200
+
+    Don't leak temporary file on failed ed-style patch
+    
+    Now that we write ed-style patches to a temporary file before we
+    apply them, we need to ensure that the temporary file is removed
+    before we leave, even on fatal error.
+    
+    * src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+      tmpname. Don't unlink the file directly, instead tag it for removal
+      at exit time.
+    * src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+    
+    This closes bug #53820:
+    https://savannah.gnu.org/bugs/index.php?53820
+    
+    Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+
+diff --git a/src/common.h b/src/common.h
+index 904a3f8..53c5e32 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+ 
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+ 
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/patch.c b/src/patch.c
+index 3fcaec5..9146597 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -1999,6 +1999,7 @@ cleanup (void)
+   remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
+   remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+   remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
++  remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+   remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
+   output_files (NULL);
+ }
+diff --git a/src/pch.c b/src/pch.c
+index 79a3c99..1bb3153 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
+     file_offset beginning_of_this_line;
+     size_t chars_read;
+     FILE *tmpfp = 0;
+-    char const *tmpname;
+     int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
+     int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+     char const **ed_argv;
+@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
+ 	   invalid commands and treats the next line as a new command, which
+ 	   can lead to arbitrary command execution.  */
+ 
+-	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ 	if (tmpfd == -1)
+-	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	  pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++	TMPEDNAME_needs_removal = true;
+ 	tmpfp = fdopen (tmpfd, "w+b");
+ 	if (! tmpfp)
+-	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++	  pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+       }
+ 
+     for (;;) {
+@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
+       write_fatal ();
+ 
+     if (lseek (tmpfd, 0, SEEK_SET) == -1)
+-      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+ 
+     if (inerrno != ENOENT)
+       {
+@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
+       pfatal ("Failed to duplicate standard input");
+ 
+     fclose (tmpfp);
+-    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {

SOURCES/patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch

@@ -0,0 +1,71 @@
+commit 369dcccdfa6336e5a873d6d63705cfbe04c55727
+Author: Jean Delvare <jdelvare@suse.de>
+Date:   Mon May 7 15:14:45 2018 +0200
+
+    Don't leak temporary file on failed multi-file ed-style patch
+    
+    The previous fix worked fine with single-file ed-style patches, but
+    would still leak temporary files in the case of multi-file ed-style
+    patch. Fix that case as well, and extend the test case to check for
+    it.
+    
+    * src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+      the next file in a patch.
+    
+    This closes bug #53820:
+    https://savannah.gnu.org/bugs/index.php?53820
+    
+    Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+    Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ 	    }
+ 	  remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ 	}
++      remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+ 
+       if (! skip_rest_of_patch && ! file_type)
+ 	{
+diff --git a/tests/ed-style b/tests/ed-style
+index 6b6ef9d..504e6e5 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -38,3 +38,34 @@ EOF
+ check 'cat foo' <<EOF
+ foo
+ EOF
++
++# Test the case where one ed-style patch modifies several files
++
++cat > ed3.diff <<EOF
++--- foo
+++++ foo
++1c
++bar
++.
++--- baz
+++++ baz
++0a
++baz
++.
++EOF
++
++# Apparently we can't create a file with such a patch, while it works fine
++# when the file name is provided on the command line
++cat > baz <<EOF
++EOF
++
++check 'patch -e -i ed3.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++bar
++EOF
++
++check 'cat baz' <<EOF
++baz
++EOF

SOURCES/patch-2.7.6-failed_assertion.patch

@@ -0,0 +1,29 @@
+commit 76e775847f4954b63dc72afe34d9d921c6688b31
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Tue Jul 16 01:16:28 2019 +0200
+
+    Fix failed assertion 'outstate->after_newline'
+    
+    The assertion triggers when the -o FILE option is used, more than one output
+    file is written into FILE, and one of those files (except the last one) ends in
+    the middle of a line.
+    * src/patch.c (main): Fix the case described above.
+
+diff --git a/src/patch.c b/src/patch.c
+index 02fd982..3794319 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -369,6 +369,13 @@ main (int argc, char **argv)
+ 	    /* outstate.ofp now owns the file descriptor */
+ 	    outfd = -1;
+ 	  }
++	else
++	  {
++	    /* When writing to a single output file (-o FILE), always pretend
++	       that the output file ends in a newline.  Otherwise, when another
++	       file is written to the same output file, apply_hunk will fail.  */
++	    outstate.after_newline = true;
++	  }
+ 
+ 	/* find out where all the lines are */
+ 	if (!skip_rest_of_patch) {

SOURCES/patch-2.7.6-fix-ed-style-test-failure.patch

@@ -0,0 +1,22 @@
+commit 458ac51a05426c1af9aa6bf1342ecf60728c19b4
+Author: Bruno Haible <bruno@clisp.org>
+Date:   Sat Apr 7 12:34:03 2018 +0200
+
+    Fix 'ed-style' test failure.
+    
+    * tests/ed-style: Remove '?' line from expected output.
+
+diff --git a/tests/ed-style b/tests/ed-style
+index d8c0689..6b6ef9d 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -31,8 +31,7 @@ r !echo bar
+ ,p
+ EOF
+ 
+-check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
+-?
++check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
+ Status: 2
+ EOF
+ 

SOURCES/patch-2.7.6-fix-korn-shell-incompatibility.patch

@@ -0,0 +1,21 @@
+commit 074e2395f81d0ecaa66b71a6c228c70b49db72e5
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 17:05:00 2018 +0100
+
+    Test suite: fix Korn shell incompatibility
+    
+    tests/merge: In a Korn shell, shift apparently fails when $# is 0.
+
+diff --git a/tests/merge b/tests/merge
+index b628891..e950b92 100644
+--- a/tests/merge
++++ b/tests/merge
+@@ -32,7 +32,7 @@ x2() {
+ 	shift
+     done > b.sed
+     echo "$body" | sed -f b.sed > b
+-    shift
++    test $# -eq 0 || shift
+     while test $# -gt 0 ; do
+ 	echo "$1"
+ 	shift

SOURCES/patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch

@@ -0,0 +1,24 @@
+commit f290f48a621867084884bfff87f8093c15195e6a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Mon Feb 12 16:48:24 2018 +0100
+
+    Fix segfault with mangled rename patch
+    
+    http://savannah.gnu.org/bugs/?53132
+    * src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+    for renames and copies (fix the existing check).
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

SOURCES/patch-2.7.6-gcc8.patch

@@ -1,58 +0,0 @@
-diff -up patch-2.7.6/.me.orig patch-2.7.6/.me
-diff -up patch-2.7.6/src/common.h.orig patch-2.7.6/src/common.h
---- patch-2.7.6/src/common.h.orig	2018-06-18 17:20:49.661363500 +0200
-+++ patch-2.7.6/src/common.h	2018-06-18 17:22:21.505841527 +0200
-@@ -221,3 +221,11 @@ bool merge_hunk (int hunk, struct outsta
- #else
- # define merge_hunk(hunk, outstate, where, somefailed) false
- #endif
-+
-+#ifndef FALLTHROUGH
-+# if __GNUC__ < 7
-+#  define FALLTHROUGH ((void) 0)
-+# else
-+#  define FALLTHROUGH __attribute__ ((__fallthrough__))
-+# endif
-+#endif
-diff -up patch-2.7.6/src/patch.c.orig patch-2.7.6/src/patch.c
---- patch-2.7.6/src/patch.c.orig	2018-06-18 17:20:49.662363506 +0200
-+++ patch-2.7.6/src/patch.c	2018-06-18 17:22:21.507841538 +0200
-@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool re
- 	    break;
- 	case ' ': case '-': case '+': case '!':
- 	    fprintf (rejfp, "%c ", pch_char (i));
--	    /* fall into */
-+	    FALLTHROUGH;
- 	case '\n':
- 	    pch_write_line (i, rejfp);
- 	    break;
-diff -up patch-2.7.6/src/pch.c.orig patch-2.7.6/src/pch.c
---- patch-2.7.6/src/pch.c.orig	2018-06-18 17:20:49.662363506 +0200
-+++ patch-2.7.6/src/pch.c	2018-06-18 17:24:00.694357762 +0200
-@@ -1742,7 +1742,7 @@ another_hunk (enum diff difftype, bool r
- 		break;
- 	    case '=':
- 		ch = ' ';
--		/* FALL THROUGH */
-+		FALLTHROUGH;
- 	    case ' ':
- 		if (fillsrc > p_ptrn_lines) {
- 		    free(s);
-@@ -1763,7 +1763,7 @@ another_hunk (enum diff difftype, bool r
- 		    p_end = fillsrc-1;
- 		    return -1;
- 		}
--		/* FALL THROUGH */
-+		FALLTHROUGH;
- 	    case '+':
- 		if (filldst > p_end) {
- 		    free(s);
-@@ -2401,7 +2401,7 @@ do_ed_script (char const *inname, char c
-     size_t chars_read;
-     FILE *tmpfp = 0;
-     char const *tmpname;
--    int tmpfd;
-+    int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
-     pid_t pid;
- 
-     if (! dry_run && ! skip_rest_of_patch)

SOURCES/patch-2.7.6-improve_support_for_memory_leak_detection.patch

@@ -0,0 +1,48 @@
+commit 2b584aec9e5f2806b1eccadcabe7e901fcfa0b0a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:02:02 2019 +0200
+
+    Improve support for memory leak detection
+    
+    When building with the address sanitizer on, free some more resources before
+    exiting.  (This is unnecessary when not looking for memory leaks.)
+    * src/patch.c (init_files_to_delete): Add dispose function for freeing
+    filenames.
+
+diff --git a/src/patch.c b/src/patch.c
+index 81c7a02..4616a48 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -36,6 +36,10 @@
+ #include <minmax.h>
+ #include <safe.h>
+ 
++#ifdef __SANITIZE_ADDRESS__
++# define FREE_BEFORE_EXIT
++#endif
++
+ /* procedures */
+ 
+ static FILE *create_output_file (char const *, int);
+@@ -1777,10 +1781,20 @@ struct file_to_delete {
+ 
+ static gl_list_t files_to_delete;
+ 
++#ifdef FREE_BEFORE_EXIT
++void dispose_file_to_delete (const void *elt)
++{
++	free ((void *) elt);
++}
++#else
++#define dispose_file_to_delete NULL
++#endif
++
+ static void
+ init_files_to_delete (void)
+ {
+-  files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL, NULL, true);
++  files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL,
++					  dispose_file_to_delete, true);
+ }
+ 
+ static void

SOURCES/patch-2.7.6-make-debug-output-more-useful.patch

@@ -0,0 +1,40 @@
+commit ff81775f4eb6ab9a91b75e4031e8216654c0c76a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Aug 17 10:31:22 2018 +0200
+
+    Make the (debug & 2) output more useful
+    
+    * src/pch.c (another_hunk): In the (debug & 2) output, fix how empty
+    lines that are not part of the patch context are printed.  Also, add
+    newlines to lines that are missing them to keep the output readable.
+
+diff --git a/src/pch.c b/src/pch.c
+index 1bb3153..e92bc64 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1916,8 +1916,13 @@ another_hunk (enum diff difftype, bool rev)
+ 	lin i;
+ 
+ 	for (i = 0; i <= p_end + 1; i++) {
+-	    fprintf (stderr, "%s %c",
+-		     format_linenum (numbuf0, i),
++	    fputs (format_linenum (numbuf0, i), stderr);
++	    if (p_Char[i] == '\n')
++	      {
++	        fputc('\n', stderr);
++		continue;
++	      }
++	    fprintf (stderr, " %c",
+ 		     p_Char[i]);
+ 	    if (p_Char[i] == '*')
+ 	      fprintf (stderr, " %s,%s\n",
+@@ -1930,7 +1935,8 @@ another_hunk (enum diff difftype, bool rev)
+ 	    else if (p_Char[i] != '^')
+ 	      {
+ 		fputs(" |", stderr);
+-		pch_write_line (i, stderr);
++		if (! pch_write_line (i, stderr))
++		  fputc('\n', stderr);
+ 	      }
+ 	    else
+ 	      fputc('\n', stderr);

SOURCES/patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch

@@ -0,0 +1,20 @@
+commit a5b442ce01b80a758606ede316f739426a12bc33
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:09:31 2019 +0200
+
+    Skip "ed" test when the ed utility is not installed
+    
+    * tests/ed-style: Require ed.
+
+diff --git a/tests/ed-style b/tests/ed-style
+index 504e6e5..9907cb6 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -7,6 +7,7 @@
+ . $srcdir/test-lib.sh
+ 
+ require cat
++require ed
+ use_local_patch
+ use_tmpdir
+ 

SOURCES/patch-2.7.6-test-suite-compatibility-fixes.patch

@@ -0,0 +1,124 @@
+commit f6bc5b14bd193859851d15a049bafb1007acd288
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 12:10:41 2018 +0100
+
+    Test suite compatibility fixes
+    
+    * tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
+    instead of echo -e / echo -n for compatibility with systems that don't
+    support these echo options.
+    * tests/merge: Minor other cleanups.
+
+diff --git a/tests/crlf-handling b/tests/crlf-handling
+index 239149c..c192cac 100644
+--- a/tests/crlf-handling
++++ b/tests/crlf-handling
+@@ -14,7 +14,7 @@ use_local_patch
+ use_tmpdir
+ 
+ lf2crlf() {
+-    while read l; do echo -e "$l\r"; done
++    while read l; do printf "%s\r\n" "$l"; done
+ }
+ 
+ echo 1 > a
+diff --git a/tests/git-cleanup b/tests/git-cleanup
+index 2e3e4c6..ca527a1 100644
+--- a/tests/git-cleanup
++++ b/tests/git-cleanup
+@@ -36,8 +36,8 @@ BAD PATCH
+ EOF
+ 
+ echo 1 > f
+-echo -n '' > g
+-echo -n '' > h
++printf '' > g
++printf '' > h
+ 
+ check 'patch -f -i 1.diff || echo status: $?' <<EOF
+ patching file f
+diff --git a/tests/merge b/tests/merge
+index 22d787b..b628891 100644
+--- a/tests/merge
++++ b/tests/merge
+@@ -30,30 +30,28 @@ x2() {
+     while test $# -gt 0 && test "$1" != -- ; do
+ 	echo "$1"
+ 	shift
+-    done > a.sed
+-    echo "$body" | sed -f a.sed > b
++    done > b.sed
++    echo "$body" | sed -f b.sed > b
+     shift
+     while test $# -gt 0 ; do
+ 	echo "$1"
+ 	shift
+-    done > b.sed
+-    echo "$body" | sed -f b.sed > c
+-    rm -f a.sed b.sed
++    done > c.sed
++    echo "$body" | sed -f c.sed > c
++    rm -f b.sed c.sed
+     output=`diff -u a b | patch $ARGS -f c`
+     status=$?
+     echo "$output" | sed -e '/^$/d' -e '/^patching file c$/d'
+     cat c
+-    test $status == 0 || echo "Status: $status"
++    test $status = 0 || echo "Status: $status"
+ }
+ 
+ x() {
+-    ARGS="$ARGS --merge" x2 "$@"
++    ARGS="--merge" x2 "$@"
+     echo
+-    ARGS="$ARGS --merge=diff3" x2 "$@"
++    ARGS="--merge=diff3" x2 "$@"
+ }
+ 
+-unset ARGS
+-
+ # ==============================================================
+ 
+ check 'x 3' <<EOF
+diff --git a/tests/test-lib.sh b/tests/test-lib.sh
+index be0d7e3..661da52 100644
+--- a/tests/test-lib.sh
++++ b/tests/test-lib.sh
+@@ -41,7 +41,7 @@ use_local_patch() {
+ 
+     eval 'patch() {
+ 	if test -n "$GDB" ; then
+-	  echo -e "\n" >&3
++	  printf "\n\n" >&3
+ 	  gdbserver localhost:53153 $PATCH "$@" 2>&3
+ 	else
+           $PATCH "$@"
+@@ -113,22 +113,15 @@ cleanup() {
+     exit $status
+ }
+ 
+-if test -z "`echo -n`"; then
+-    if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
+-	eval '
+-	    _start_test() {
+-		echo -n "[${BASH_LINENO[2]}] $* -- "
+-	    }'
+-    else
+-	eval '
+-	    _start_test() {
+-		echo -n "* $* -- "
+-	    }'
+-    fi
++if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
++    eval '
++	_start_test() {
++	    printf "[${BASH_LINENO[2]}] %s -- " "$*"
++	}'
+ else
+     eval '
+ 	_start_test() {
+-	    echo "* $*"
++	    printf "* %s -- " "$*"
+ 	}'
+ fi
+ 

SOURCES/patch-CVE-2018-1000156.patch

@@ -1,6 +1,19 @@
-diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
---- patch-2.7.6/src/pch.c.CVE-2018-1000156	2018-06-19 10:10:41.407826617 +0200
-+++ patch-2.7.6/src/pch.c	2018-06-19 10:11:01.200927524 +0200
+commit 123eaff0d5d1aebe128295959435b9ca5909c26d
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 12:14:49 2018 +0200
+
+    Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
+    
+    * src/pch.c (do_ed_script): Write ed script to a temporary file instead
+    of piping it to ed: this will cause ed to abort on invalid commands
+    instead of rejecting them and carrying on.
+    * tests/ed-style: New test case.
+    * tests/Makefile.am (TESTS): Add test case.
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
 @@ -33,6 +33,7 @@
  # include <io.h>
  #endif
@@ -9,7 +22,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
  
  #define INITHUNKMAX 125			/* initial dynamic allocation size */
  
-@@ -2389,22 +2390,28 @@ do_ed_script (char const *inname, char c
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
      static char const editor_program[] = EDITOR_PROGRAM;
  
      file_offset beginning_of_this_line;
@@ -38,9 +51,11 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
  
 -    if (! dry_run && ! skip_rest_of_patch) {
 -	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
--	assert (! inerrno);
--	*outname_needs_removal = true;
--	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
 -	sprintf (buf, "%s %s%s", editor_program,
 -		 verbosity == VERBOSE ? "" : "- ",
 -		 outname);
@@ -52,7 +67,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
      for (;;) {
  	char ed_command_letter;
  	beginning_of_this_line = file_tell (pfp);
-@@ -2415,14 +2422,14 @@ do_ed_script (char const *inname, char c
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
  	}
  	ed_command_letter = get_ed_command_letter (buf);
  	if (ed_command_letter) {
@@ -71,7 +86,7 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
  			    write_fatal ();
  		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
  			break;
-@@ -2435,13 +2442,50 @@ do_ed_script (char const *inname, char c
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
  	    break;
  	}
      }
@@ -123,14 +138,27 @@ diff -up patch-2.7.6/src/pch.c.CVE-2018-1000156 patch-2.7.6/src/pch.c
 +
 +    fclose (tmpfp);
 +    safe_unlink (tmpname);
-+    free((char*) tmpname);
  
      if (ofp)
        {
-diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
---- patch-2.7.6/tests/ed-style.CVE-2018-1000156	2018-06-19 10:10:41.409826627 +0200
-+++ patch-2.7.6/tests/ed-style	2018-06-19 11:28:43.354641294 +0200
-@@ -0,0 +1,40 @@
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..16f8693 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -32,6 +32,7 @@ TESTS = \
+ 	crlf-handling \
+ 	dash-o-append \
+ 	deep-directories \
++	ed-style \
+ 	empty-files \
+ 	false-match \
+ 	fifo \
+diff --git a/tests/ed-style b/tests/ed-style
+new file mode 100644
+index 0000000..d8c0689
+--- /dev/null
++++ b/tests/ed-style
+@@ -0,0 +1,41 @@
 +# Copyright (C) 2018 Free Software Foundation, Inc.
 +#
 +# Copying and distribution of this file, with or without modification,
@@ -164,46 +192,11 @@ diff -up patch-2.7.6/tests/ed-style.CVE-2018-1000156 patch-2.7.6/tests/ed-style
 +,p
 +EOF
 +
-+check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++?
 +Status: 2
 +EOF
 +
 +check 'cat foo' <<EOF
 +foo
 +EOF
-diff -up patch-2.7.6/tests/Makefile.am.CVE-2018-1000156 patch-2.7.6/tests/Makefile.am
---- patch-2.7.6/tests/Makefile.am.CVE-2018-1000156	2018-02-03 13:41:49.000000000 +0100
-+++ patch-2.7.6/tests/Makefile.am	2018-06-19 10:10:41.409826627 +0200
-@@ -32,6 +32,7 @@ TESTS = \
- 	crlf-handling \
- 	dash-o-append \
- 	deep-directories \
-+	ed-style \
- 	empty-files \
- 	false-match \
- 	fifo \
-diff -up patch-2.7.6/tests/Makefile.in.CVE-2018-1000156 patch-2.7.6/tests/Makefile.in
---- patch-2.7.6/tests/Makefile.in.CVE-2018-1000156	2018-02-03 14:33:56.000000000 +0100
-+++ patch-2.7.6/tests/Makefile.in	2018-06-19 10:10:41.409826627 +0200
-@@ -1308,6 +1308,7 @@ TESTS = \
- 	crlf-handling \
- 	dash-o-append \
- 	deep-directories \
-+	ed-style \
- 	empty-files \
- 	false-match \
- 	fifo \
-@@ -1645,6 +1646,13 @@ empty-files.log: empty-files
- 	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- 	--log-file $$b.log --trs-file $$b.trs \
- 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-+	"$$tst" $(AM_TESTS_FD_REDIRECT)
-+ed-style.log: empty-files
-+	@p='ed-style'; \
-+	b='ed-style'; \
-+	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-+	--log-file $$b.log --trs-file $$b.trs \
-+	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- 	"$$tst" $(AM_TESTS_FD_REDIRECT)
- false-match.log: false-match
- 	@p='false-match'; \

SPECS/patch.spec

@@ -3,23 +3,44 @@
 Summary: Utility for modifying/upgrading files
 Name: patch
 Version: 2.7.6
-Release: 11%{?dist}
+Release: 16%{?dist}
 License: GPLv3+
-URL: http://www.gnu.org/software/patch/patch.html
-Group: Development/Tools
-Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
-Patch1: patch-2.7.6-CVE-2018-6951.patch
-Patch2: patch-CVE-2018-1000156.patch
-Patch3: patch-2.7.6-gcc8.patch
-Patch4: patch-2.7.6-CVE-2018-6952.patch
-Patch5: patch-2.7.6-CVE-2018-20969.patch
-Patch6: patch-2.7.6-CVE-2019-13636-symlinks.patch
-Patch7: patch-2.7.x-abort_when_cleaning_up_fails.patch
+URL: https://savannah.gnu.org/projects/patch/
+Source: https://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
+Patch0: patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch
+patch1: patch-2.7.6-test-suite-compatibility-fixes.patch
+Patch2: patch-2.7.6-fix-korn-shell-incompatibility.patch
+Patch3: patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch
+Patch4: patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+Patch5: patch-CVE-2018-1000156.patch
+Patch6: patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch
+Patch7: patch-2.7.6-switch-from-fork-execlp-to-execute.patch
+Patch8: patch-2.7.6-cleanups-in-do_ed_script.patch
+Patch9: patch-2.7.6-avoid-warnings-gcc8.patch
+Patch10: patch-2.7.6-check-of-return-value-of-fwrite.patch
+Patch11: patch-2.7.6-fix-ed-style-test-failure.patch
+Patch12: patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch
+Patch13: patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch
+Patch14: patch-2.7.6-make-debug-output-more-useful.patch
+Patch15: patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch
+Patch16: patch-2.7.6-improve_support_for_memory_leak_detection.patch
+patch17: patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch
+Patch18: patch-2.7.6-abort_when_cleaning_up_fails.patch
+Patch19: patch-2.7.6-crash-RLIMIT_NOFILE.patch
+Patch20: patch-2.7.6-CVE-2019-13636-symlinks.patch
+Patch21: patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch
+Patch22: patch-2.7.6-CVE-2018-17942.patch
+Patch23: patch-2.7.6-failed_assertion.patch
 Patch100: patch-selinux.patch
+
+BuildRequires: make
+BuildRequires: gcc
 BuildRequires: libselinux-devel
 BuildRequires: libattr-devel
 BuildRequires: ed
-BuildRequires: automake autoconf
+BuildRequires: autoconf automake
+
+Requires: ed
 
 Provides: bundled(gnulib) = %{gnulib_ver}
 
@@ -35,28 +56,32 @@ applications.
 
 %prep
 %setup -q
-
-# CVE-2018-6951, NULL pointer dereference causes a crash
-%patch1 -p1 -b .CVE-2018-6951
-
+%patch0 -p1 -b .avoid-set_file_attributes-sign-conversion-warnings
+%patch1 -p1 -b .test-suite-compatibility-fixes
+%patch2 -p1 -b .fix-korn-shell-incompatibility
+%patch3 -p1 -b .fix-segfault-with-mangled-rename-patch
+%patch4 -p1 -b .allow-input-files-to-be-missing-for-ed-style-patches
 # CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
-%patch2 -p1 -b .CVE-2018-1000156
-
-# Fix to build with gcc8
-%patch3 -p1 -b .gcc8
-
-# CVE-2018-6952, Double free of memory
-%patch4 -p1 -b .CVE-2018-6952
-
-# CVE-2018-20969, do_ed_script in pch.c does not block strings beginning with a ! character
-%patch5 -p1 -b .CVE-2018-20969
-
-# CVE-2019-13636, Don't follow symlinks unless --follow-symlinks is given
-%patch6 -p1 -b .CVE-2019-13636
-
-# bz#1665928, Abort when cleaning up fails
-%patch7 -p1 -b .abort_when_cleaning_up_fails
-
+%patch5 -p1 -b .CVE-2018-1000156
+%patch6 -p1 -b .CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell
+%patch7 -p1 -b .switch-from-fork-execlp-to-execute
+%patch8 -p1 -b .cleanups-in-do_ed_script
+%patch9 -p1 -b .avoid-warnings-gcc8
+%patch10 -p1 -b .check-of-return-value-of-fwrite
+%patch11 -p1 -b .fix-ed-style-test-failure
+%patch12 -p1 -b .dont-leak-temporary-file-on-failed-ed-style-patch
+%patch13 -p1 -b .dont-leak-temporary-file-on-failed-multi-file-ed-style-patch
+%patch14 -p1 -b .make-debug-output-more-useful
+%patch15 -p1 -b .CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap
+%patch16 -p1 -b .improve_support_for_memory_leak_detection
+%patch17 -p1 -b .skip-ed-test-when-the-ed-utility-is-not-installed
+%patch18 -p1 -b .abort_when_cleaning_up_fails
+%patch19 -p1 -b .crash-RLIMIT_NOFILE
+%patch20 -p1 -b .CVE-2019-13636-symlinks
+%patch21 -p1 -b .avoid-invalid-memory-access-in-context-format-diffs
+# CVE-2018-17942 gnulib: heap-based buffer overflow
+%patch22 -p1 -b .CVE-2018-17942-gnulib_buffer_overflow
+%patch23 -p1 -b .failed_assertion
 # SELinux support.
 %patch100 -p1 -b .selinux
 
@@ -65,48 +90,69 @@ CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
 %ifarch sparcv9
 CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
 %endif
+autoreconf
 %configure --disable-silent-rules
-make %{?_smp_mflags}
+%make_build
 
 %check
 make check
 
 %install
-rm -rf $RPM_BUILD_ROOT
 %makeinstall
 
 %files
-%defattr(-,root,root,-)
 %license COPYING
 %doc NEWS README
 %{_bindir}/*
 %{_mandir}/*/*
 
 %changelog
-* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-11
-- Related: #1733565, apply the patch correctly
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-16
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Tue Nov 19 2019 Than Ngo <than@redhat.com> - 2.7.6-10
-- CVE-2019-13636 , Don't follow symlinks unless --follow-symlinks is given
-- Resolves: #1665928, patch has a huge error output and segfaults when the file to be patched does not exist
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-15
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
 
-* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.6-9
-- CVE-2018-20969, invoke ed directly instead of using the shell
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Tue Nov 27 2018 Than Ngo <than@redhat.com> - 2.7.6-8
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jul 29 2019 Than Ngo <than@redhat.com> - 2.7.6-11
+- fixed #1733917, CVE-2019-13638 patch: OS shell command injection when processing crafted patch files 
+
+* Wed Jul 24 2019 Than Ngo <than@redhat.com> - 2.7.6-10
+- backported patch, abort when cleaning up fails
+- backported patch, improve support for memory leak detection
+- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
+- backported patch, avoid invalid memory accessin context format diffs
+- backported patch, fix failed assertion
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Nov 26 2018 Than Ngo <than@redhat.com> - 2.7.6-8
 - Added virtual provides for bundled gnulib library
+- Fixed CVE-2018-17942, gnulib: heap-based buffer overflow
 
-* Wed Sep 12 2018 Than Ngo <than@redhat.com> - 2.7.6-7
-- Resolves: #1554752, CVE-2018-6952 Double free of memory
+* Thu Oct 11 2018 Than Ngo <than@redhat.com> - 2.7.6-7
+- Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command
 
-* Mon Jun 18 2018 Than Ngo <than@redhat.com> - 2.7.6-6
-- avoid warnings from GCC8
+* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
+- Fixed #1554752 - Double free of memory, CVE-2018-6952
 
-* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.6-5
-- fixed CVE-2018-1000156
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
-* Tue Mar 13 2018 Than Ngo <than@redhat.com> - 2.7.6-4
-- apply the patch for CVE-2018-6951
+* Thu May  3 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-4
+- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary
+  commands.
 
 * Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
 - 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).