Hello community, here is the log from the commit of package patch for openSUSE:Factory checked in at Thu Apr 7 10:07:30 CEST 2011. -------- --- patch/patch.changes 2010-07-02 08:57:54.000000000 +0200 +++ /mounts/work_src_done/STABLE/patch/patch.changes 2011-04-04 15:15:18.000000000 +0200 @@ -1,0 +2,10 @@ +Mon Apr 4 15:11:04 CEST 2011 - jdelvare@suse.de + +- Version 2.6.1.116: + + Patch now ignores destination file names that are absolute or + that contain a component of ".." (CVE-2010-4651, bnc#662957). +- Drop unified-reject-files-compat.diff. Compatibility has been + provided for the past 18 months, hopefully nobody is relying on + it any longer. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- patch-2.6.1.81-5b68.tar.bz2 unified-reject-files-compat.diff New: ---- patch-2.6.1.116-33c4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ patch.spec ++++++ --- /var/tmp/diff_new_pack.PwffJE/_old 2011-04-07 10:05:14.000000000 +0200 +++ /var/tmp/diff_new_pack.PwffJE/_new 2011-04-07 10:05:14.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package patch (Version 2.6.1.81) +# spec file for package patch # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,17 +18,19 @@ # norootforbuild Url: ftp://alpha.gnu.org/gnu/diffutils/ -%define hash -5b68 +%define hash -33c4 Name: patch License: GPLv3+ Group: Productivity/Text/Utilities AutoReqProv: on -Version: 2.6.1.81 -Release: 4 +# See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was +# invoking patch, so interdiff had to be fixed too. +Conflicts: patchutils < 0.3.2 +Version: 2.6.1.116 +Release: 1 Summary: GNU patch Source: ftp://alpha.gnu.org/gnu/patch/patch-%version%hash.tar.bz2 -Patch: unified-reject-files-compat.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -44,7 +46,6 @@ %prep %setup -q -n patch-%version%hash -%patch -p1 %build CFLAGS="$RPM_OPT_FLAGS -Wall -O2 -pipe" \ ++++++ patch-2.6.1.81-5b68.tar.bz2 -> patch-2.6.1.116-33c4.tar.bz2 ++++++ ++++ 17777 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org