Hello community, here is the log from the commit of package patch for openSUSE:Factory checked in at 2015-03-01 14:45:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/patch (Old) and /work/SRC/openSUSE:Factory/.patch.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patch" Changes: -------- --- /work/SRC/openSUSE:Factory/patch/patch.changes 2014-11-24 11:08:01.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.patch.new/patch.changes 2015-03-01 14:45:28.000000000 +0100 @@ -1,0 +2,41 @@ +Mon Feb 16 11:51:58 CET 2015 - jdelvare@suse.de + +- patch 2.7.4 + Fixes a functional regression introduced by the previous security + fix. The security fix would forbid legitimate use cases of + relative symbolic links. + [boo#918058] + + Allow arbitrary symlink targets again. + + Do not change permissions if there isn't an explicit mode + change. + + Fix indentation heuristic for context diffs. +- Please also note that the previous update fixed security bugs + boo#915328 and boo#915329 even though it did not say so. + +------------------------------------------------------------------- +Fri Jan 23 00:58:35 UTC 2015 - andreas.stieger@gmx.de + +- patch 2.7.3 + Contains a security fix for a directory traversal flaw when + handling git-style patches. This could allow an attacker to + overwrite arbitrary files by applying a specially crafted patch. + [boo#913678] [CVE-2015-1196] + + With git-style patches, symlinks that point outside the working + directory will no longer be created (CVE-2015-1196). + + When a file isn't being deleted because the file contents don't + match the patch, the resulting message is now "Not deleting + file ... as content differs from patch" instead of "File ... + is not empty after patch; not deleting". + + Function names in hunks (from diff -p) are now preserved in + reject files + This change was previously added as a patch. [boo#904519] +- Version 2.7.2 differed from the above only slightly. +- packaging changes: + + Verify source signatures + + Removed patches now upstream: + * error-report-crash.patch + * reject-print-function-01-drop-useless-test.patch + * reject-print-function-02-handle-unified-format.patch + + run spec-cleaner + +------------------------------------------------------------------- Old: ---- error-report-crash.patch patch-2.7.1.tar.bz2 reject-print-function-01-drop-useless-test.patch reject-print-function-02-handle-unified-format.patch New: ---- patch-2.7.4.tar.bz2 patch-2.7.4.tar.bz2.sig patch.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ patch.spec ++++++ --- /var/tmp/diff_new_pack.yV58dr/_old 2015-03-01 14:45:30.000000000 +0100 +++ /var/tmp/diff_new_pack.yV58dr/_new 2015-03-01 14:45:30.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package patch # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,55 +16,43 @@ # -Url: http://ftp.gnu.org/gnu/patch/ - Name: patch -# See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was -# invoking patch, so interdiff had to be fixed too. -Conflicts: patchutils < 0.3.2 -Version: 2.7.1 +Version: 2.7.4 Release: 0 Summary: GNU patch License: GPL-3.0+ Group: Productivity/Text/Utilities -Source: http://ftp.gnu.org/gnu/patch/patch-%version.tar.bz2 -Patch: error-report-crash.patch -Patch1: reject-print-function-01-drop-useless-test.patch -Patch2: reject-print-function-02-handle-unified-format.patch +Url: http://ftp.gnu.org/gnu/patch/ +Source: http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.bz2 +Source2: http://ftp.gnu.org/gnu/patch/%{name}-%{version}.tar.bz2.sig +Source3: http://savannah.gnu.org/project/memberlist-gpgkeys.php?group=patch&download=1#/patch.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build +# See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was +# invoking patch, so interdiff had to be fixed too. +Conflicts: patchutils < 0.3.2 %description The GNU patch program is used to apply diffs between original and changed files (generated by the diff command) to the original files. - - -Authors: --------- - Larry Wall - Paul Eggert - %prep %setup -q -%patch -p1 -%patch1 -p1 -%patch2 -p1 %build -export CFLAGS="$RPM_OPT_FLAGS -Wall -O2 -pipe" -%configure --prefix=%{_prefix} +export CFLAGS="%{optflags} -Wall -O2 -pipe" +%configure make %{?_smp_mflags} %{verbose:V=1}; %check -make check %{verbose:V=1} +make %{?_smp_mflags} check %{verbose:V=1} %install -make install DESTDIR=$RPM_BUILD_ROOT %{verbose:V=1} +make install DESTDIR=%{buildroot} %{verbose:V=1} %files %defattr(-,root,root) %doc NEWS README -/usr/bin/patch +%{_bindir}/patch %doc %{_mandir}/man1/patch.1.gz %changelog ++++++ patch-2.7.1.tar.bz2 -> patch-2.7.4.tar.bz2 ++++++ ++++ 41475 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de