SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for patch-2.7.5-8.2.x86_64.rpm :
Mon Jun 1 14:00:00 2015 jdelvareAATTsuse.de
- patch 2.7.5
Contains a security fix for a directory traversal flaw when
handling git-style patches. This could allow an attacker to
overwrite arbitrary files by applying a specially crafted patch.
[boo#913678] [CVE-2015-1196]
Contains a security fix for a directory traversal flaw when
handling patches which rename files. This could allow an attacker
to overwrite arbitrary files by applying a specially crafted
patch. [bsc#915328] [CVE-2015-1395]
Contains a security fix for a directory traversal flaw via
symbolic links. This could allow an attacker to overwrite
arbitrary files by applying a specially crafted patch.
[bsc#915329] [CVE-2015-1396]
+ Fix crash after reporting error during option parsing.
+ With git-style patches, symlinks that point outside the working
directory will no longer be created (CVE-2015-1196).
+ When a file isn\'t being deleted because the file contents don\'t
match the patch, the resulting message is now \"Not deleting
file ... as content differs from patch\" instead of \"File ...
is not empty after patch; not deleting\".
+ Function names in hunks (from diff -p) are now preserved in
reject files. [boo#904519]
+ Do not change permissions if there isn\'t an explicit mode
change.
+ Fix indentation heuristic for context diffs.

Thu Dec 6 13:00:00 2012 jdelvareAATTsuse.de
- Back to bz2 archive format as old products lack xz.

Thu Dec 6 13:00:00 2012 jdelvareAATTsuse.de
- Version 2.7.1
+ Patch no longer gets a failed assertion for certain mangled
patches.
+ Ignore destination file names that are absolute or that contain
a component of \"..\", except when working in the root directory.
This addresses CVE-2010-4651.
+ Support for most features of the \"diff --git\" format, including
renames and copies, permission changes, and symlink diffs.
Binary diffs are not supported yet; patch will complain and
skip them.
+ Support for double-quoted filenames: when a filename starts
with a double quote, it is interpreted as a C string literal.
The escape sequences \\\\, \\\", \\a, \\b, \\f, \
, \\r, \\t, \\v, and
\\ooo (a three-digit octal number between 0 and 255) are
recognized.
+ Refuse to apply a normal patch to a symlink. (Previous versions
of patch were replacing the symlink with a regular file.)
+ New --follow-symlinks option to allow to treat symlinks as
files: this was patch\'s behavior before version 2.7.
+ When trying to modify a read-only file, warn about the
potential problem by default. The --read-only command line
option allows to change this behavior.
+ Files to be deleted are deleted once the entire input has been
processed, not immediately. This fixes a bug with numbered
backup files.
+ When a timestamp specifies a time zone, honor that instead of
assuming the local time zone (--set-date) or Universal
Coordinated Time (--set-utc).
+ Support for nanosecond precision timestamps.
+ Many bug fixes.
+ Clarify the message printed when a patch is expected to empty
out and delete a file, but the file does not become empty.
+ Various improvements to messages when applying a patch to a
file of different type (regular file vs. symlink), when there
are line ending differences (LF vs. CRLF), and when in
- -dry-run mode.
+ Ignore when extended attributes cannot be preserved because
they are unsupported or because permission to set them is
denied.
- patch-revert-e0f70752.patch: Dropped, original bug fixed
upstream.
- patch-stdio.in.patch: Dropped, merged upstream.

Tue Jul 17 14:00:00 2012 ajAATTsuse.de
- patch-stdio.in.patch:
Fix build with missing gets declaration (glibc 2.16)

Fri Apr 6 14:00:00 2012 jdelvareAATTsuse.de
- patch-revert-e0f70752.patch: Revert broken upstream commit
(bnc#755136).

Wed Apr 4 14:00:00 2012 jdelvareAATTsuse.de
- Version 2.6.1.136

Wed Oct 5 14:00:00 2011 uliAATTsuse.com
- cross-build fix: use %configure macro

Mon Apr 4 14:00:00 2011 jdelvareAATTsuse.de
- Version 2.6.1.116:
+ Patch now ignores destination file names that are absolute or
that contain a component of \"..\" (CVE-2010-4651, bnc#662957).
- Drop unified-reject-files-compat.diff. Compatibility has been
provided for the past 18 months, hopefully nobody is relying on
it any longer.

Fri Jul 2 14:00:00 2010 jengelhAATTmedozas.de
- Use %_smp_mflags

Wed May 5 14:00:00 2010 agruenAATTsuse.de
- Version 2.6.1.81:
+ Fix backup file detection for deleted files
+ Allow to create and delete empty files
+ Stick to the best name in the reversed-patch check
+ Various portability improvements

Sun May 2 14:00:00 2010 agruenAATTsuse.de
- Fix the linker library order.

Sun May 2 14:00:00 2010 agruenAATTsuse.de
- Be more verbose when %verbose is defined.

Sun May 2 14:00:00 2010 agruenAATTsuse.de
- Version 2.6.1.64:
+ Support for most features of the \"diff --git\" format: renames
and copies, permission changes, symlink diffs. (Binary diffs
are not supported yet; patch will complain and skip them.)
+ Support for double-quoted filenames: when a filename in a
context diff starts with a double quote, it is interpreted as
a C string literal. The escape sequences \\\\, \\\", \\a, \\b, \\f, \
,
\\r, \\t, \\v, and \\ooo (a three-digit octal number between 0 and
255) are recognized.
+ Refuse to patch read-only files by default, or at least warn
when patching such files with --force or --batch.
+ Refuse to apply a normal patch to a symlink. (Previous
versions of patch were wrongly replacing the symlink with a
regular file.)
+ When a timestamp specifies a time zone, honor that instead of
assuming the local time zone (--set-date) or Universal
Coordinated Time (--set-utc).
+ Support for nanosecond precision timestamps.
+ Many portability and bug fixes.

Sun Jan 31 13:00:00 2010 agruenAATTsuse.de
- Version 2.6.1.9:
+ Skip another ed-dependent test when ed isn\'t installed.
+ More portability fixes.

Wed Dec 30 13:00:00 2009 agruenAATTsuse.de
- Version 2.6.1:
+ Support for diff3(1) style merges which show the old, original,
and new lines of a conflict has been added (--merge=diff3).
The default still is the merge(1) format (--merge or
- -merge=merge).
+ Bug and portability fixes.
Sun Dec 6 17:32:57 CET 2009 - jengelh
- enable parallel building

Fri Nov 13 13:00:00 2009 agruenAATTsuse.de
- Version 2.6.

Mon Sep 7 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.122:
+ Try to preserve the owning group of patched files.
- Add --unified-reject-files backwards-compatibility patch to
older SUSE versions of patch.

Mon Jul 20 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.120:
+ When copying files, use full_write() from gnulib instead of
write().
+ The -m option hasn\'t been officially allocated yet. Use only
the long form for now (--merge).

Fri Jun 19 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.118:
+ Change the default value of PATCH_GET to 0.
+ When merging, make sure that hunks will not end up \"out of order\"
+ When the file to patch is specified on the command line,
apply all patches to that file
+ Some portability fixes/improvements
+ Don\'t fail when removing nonexistent files in move_file

Wed Apr 8 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.109:
+ Preserve timestamps in reject files.
+ Add support for sending output to standard output.
+ Allow special characters in filenames read interactively.
+ Don\'t forget to NUL terminate ptimestr in fetchname().

Tue Apr 7 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.104: timestamp parsing fix, 64-bit fix.

Mon Apr 6 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.97: Another bugfix.

Mon Apr 6 14:00:00 2009 agruenAATTsuse.de
- Version 2.5.9.95: Gnulib update, bug fixes.

Fri Apr 3 14:00:00 2009 agruenAATTsuse.de
- Update to version patch-2.5.9.77: updated manpage and NEWS, no
strict depenency on ed in the test suite anymore, and slightly
improved handling of asymmetric hunks.

Thu Apr 2 14:00:00 2009 agruenAATTsuse.de
- Update to version patch-2.5.9.69 which has all our patches
merged in one form or anther, along with many other fixes and
improvements (see NEWS).


  
ICM