Changelog for
patch-debuginfo-2.7.6-150000.5.3.1.x86_64.rpm :
* Tue May 10 2022 jdelvareAATTsuse.de- fix-swapping-fake-lines-in-pch_swap.patch: Fix swapping fake lines in pch_swap. This bug was causing a double free leading to a crash (boo#1080985 CVE-2018-6952).- abort-when-cleaning-up-fails.patch: Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn\'t apply, leading to a segmentation fault (boo#1111572).- dont-follow-symlinks-unless-asked.patch: Don\'t follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (boo#1142041 CVE-2019-13636).- pass-the-correct-stat-to-backup-files.patch: Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (boo#1198106).
* Wed May 09 2018 jdelvareAATTsuse.de- ed-style-07-dont-leak-tmp-file.patch, ed-style-08-dont-leak-tmp-file-multi.patch: Fix temporary file leak when applying ed-style patches (bsc#1092500, savannah#53820).
* Wed Apr 18 2018 jdelvareAATTsuse.de- Add ed as BuildRequires so ed-style patches can be checked by the test suite.
* Wed Apr 18 2018 jdelvareAATTsuse.deFix CVE-2018-1000156 (bsc#1088420, savannah#53566).- ed-style-01-missing-input-files.patch: Allow input files to be missing for ed-style patches.- ed-style-02-fix-arbitrary-command-execution.patch, ed-style-03-update-test-Makefile.patch: Fix arbitrary command execution in ed-style patches.- ed-style-04-invoke-ed-directly.patch: Invoke ed directly instead of using the shell.- ed-style-05-minor-cleanups.patch: Minor cleanups in do_ed_script.- ed-style-06-fix-test-failure.patch: Fix \'ed-style\' test failure.
* Thu Mar 22 2018 jdelvareAATTsuse.de- Move COPYING from %doc to %license.
* Wed Mar 21 2018 jdelvareAATTsuse.de- Add AUTHORS and COPYING to %doc.- fix-segfault-mangled-rename.patch: Fix segfault with mangled rename patch (bsc#1080951, CVE-2018-6951, savannah#53132).
* Wed Feb 07 2018 astiegerAATTsuse.com- patch 2.7.6:
* Files specified on the command line are no longer verified to be inside the current working directory, so commands like \"patch -i foo.diff ../foo\" will work again
* Fixes CVE-2016-10713 (Out-of-bounds access within pch_write_line() in pch.c could possibly lead to DoS via a crafted input file; bsc#1080918)
* Various fixes
* Sat Mar 07 2015 jdelvareAATTsuse.de- patch 2.7.5 Fixes a functional regression introduced by the previous update. + Patching through symbolic links works again, as long as the target is within the working tree.
* Mon Feb 16 2015 jdelvareAATTsuse.de- patch 2.7.4 Fixes a functional regression introduced by the previous security fix. The security fix would forbid legitimate use cases of relative symbolic links. [boo#918058] + Allow arbitrary symlink targets again. + Do not change permissions if there isn\'t an explicit mode change. + Fix indentation heuristic for context diffs.- Please also note that the previous update fixed security bugs boo#915328 and boo#915329 even though it did not say so.
* Fri Jan 23 2015 andreas.stiegerAATTgmx.de- patch 2.7.3 Contains a security fix for a directory traversal flaw when handling git-style patches. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch. [boo#913678] [CVE-2015-1196] + With git-style patches, symlinks that point outside the working directory will no longer be created (CVE-2015-1196). + When a file isn\'t being deleted because the file contents don\'t match the patch, the resulting message is now \"Not deleting file ... as content differs from patch\" instead of \"File ... is not empty after patch; not deleting\". + Function names in hunks (from diff -p) are now preserved in reject files This change was previously added as a patch. [boo#904519]- Version 2.7.2 differed from the above only slightly.- packaging changes: + Verify source signatures + Removed patches now upstream:
* error-report-crash.patch
* reject-print-function-01-drop-useless-test.patch
* reject-print-function-02-handle-unified-format.patch + run spec-cleaner
* Mon Nov 10 2014 jdelvareAATTsuse.de- reject-print-function-01-drop-useless-test.patch: Drop useless test in another_hunk().- reject-print-function-02-handle-unified-format.patch: Preserve C function name in unified rejects (bnc#904519).