patch (2.7.6-3+deb10u1) buster-security; urgency=high * Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401). * Fix CVE-2019-13638: shell command injection. * Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style patches (closes: #933140). -- Laszlo Boszormenyi (GCS) Fri, 26 Jul 2019 10:58:07 +0000 patch (2.7.6-3) unstable; urgency=medium * Use short debhelper rules format (closes: #905486). * Change package priority to optional. * Update Standards-Version to 4.1.5 . * Sync with Ubuntu. [ Marc Deslauriers ] * debian/patches/0001-Fix-ed-style-test-failure.patch: fix ed-style test. -- Laszlo Boszormenyi (GCS) Sun, 05 Aug 2018 11:10:39 +0000 patch (2.7.6-2) unstable; urgency=high * Backport patches from upstream Git tree: - fix NULL pointer read with mangled rename, - allow input files to be missing for ed-style patches, - CVE-2018-1000156: fix arbitrary command execution in ed-style patches (closes: #894993). * Disable Vcs-* fields for now. -- Laszlo Boszormenyi (GCS) Fri, 06 Apr 2018 15:20:36 +0000 patch (2.7.6-1) unstable; urgency=medium * New upstream release: - don't allow a hunk to overlap with the previous one (closes: #717782). * Mark historical changelog entries as is. * Update debhelper level to 11 . * Update Standards-Version to 4.1.3 . -- Laszlo Boszormenyi (GCS) Wed, 14 Feb 2018 18:14:46 +0000 patch (2.7.5-1) unstable; urgency=medium * New upstream release. * Fix symlink directory regression (closes: #777122). * Update Standards-Version to 3.9.6 . -- Laszlo Boszormenyi (GCS) Sat, 07 Mar 2015 06:27:14 +0000 patch (2.7.4-2) unstable; urgency=low * Backport test suite fixes. -- Laszlo Boszormenyi (GCS) Wed, 04 Feb 2015 22:33:38 +0000 patch (2.7.4-1) unstable; urgency=high * New upstream release. * Fix symlink handling (closes: #776257). * Fix infinite loop with fuzzed diff (closes: #776271). -- Laszlo Boszormenyi (GCS) Sat, 31 Jan 2015 21:43:36 +0000 patch (2.7.3-1) unstable; urgency=high * New upstream release with security fixes: - fix all cases of CVE-2015-1196 (closes: #775873, #775901), - fix infinite loop while applying patch, CVE-2014-9637. * Remove outdated disable-update-version and add_manpage_time.patch Debian patches. * Add homepage field. * Add watch file. -- Laszlo Boszormenyi (GCS) Fri, 23 Jan 2015 20:27:32 +0000 patch (2.7.1-7) unstable; urgency=high * Backport patches from upstream Git tree: - fix CVE-2015-119: directory traversal via symlinks (closes: #775227), - infinite loop while applying patch (closes: #775540), - segmentation fault while applying corrupted patch (closes: #775793). -- Laszlo Boszormenyi (GCS) Tue, 20 Jan 2015 19:34:19 +0000 patch (2.7.1-6) unstable; urgency=medium * Fix ed check during build (closes: #721429, #729132). -- Laszlo Boszormenyi (GCS) Sun, 10 Aug 2014 18:05:47 +0000 patch (2.7.1-5) unstable; urgency=low * Add watch file. [ James Hunt ] * Fix segfault due to incorrect usage (closes: #742470). -- Laszlo Boszormenyi (GCS) Mon, 14 Apr 2014 18:31:53 +0200 patch (2.7.1-4) unstable; urgency=low * New maintainer (closes: #728664). * Add manual last change date (closes: #674052). * Update Standards-Version to 3.9.5 . -- Laszlo Boszormenyi (GCS) Mon, 04 Nov 2013 12:36:11 +0000 patch (2.7.1-3) unstable; urgency=low * Call 'ed' without a path. Closes: #714423. * Update copyright for GPL v3. Closes: #664640. -- Christoph Berg Sun, 30 Jun 2013 16:14:19 +0200 patch (2.7.1-2) experimental; urgency=low * Add PATH_MAX workaround for GNU/Hurd. -- Christoph Berg Fri, 04 Jan 2013 11:08:47 +0100 patch (2.7.1-1) experimental; urgency=low * New upstream release. -- Christoph Berg Thu, 03 Jan 2013 17:34:45 +0100 patch (2.6.1.136-31a7-1) experimental; urgency=low * New upstream snapshot. * Use dh_auto_test. Closes: #627196 * 3.0 (quilt). * Fix Suggests broken in the last upload. -- Christoph Berg Wed, 25 Jan 2012 15:03:09 +0100 patch (2.6.1-2.1) unstable; urgency=low * NMU with maintainer approval * Set patch as Multi-Arch: foreign to allow use when cross-compiling -- Riku Voipio Mon, 16 Jan 2012 14:13:59 +0200 patch (2.6.1.85-423d-3) experimental; urgency=low * Remove lenny compatibility options -U --unified-reject-files and --global-reject-file. -- Christoph Berg Sun, 06 Feb 2011 20:42:58 +0100 patch (2.6.1.85-423d-2) experimental; urgency=low * Enable -m short option for --merge as documented in help and manpage. Closes: #597305. -- Christoph Berg Wed, 22 Sep 2010 22:09:13 +0200 patch (2.6.1.85-423d-1) experimental; urgency=low * New upstream snapshot. + Improved CR stripping heuristics: Closes: #484539. + Refuses to patch symlinks: Closes: #243309. + Preserves uid/gid/mode where possible: Closes: #262737. + Refuses to patch read-only files unless -f or -t are used: Closes: #274079. -- Christoph Berg Tue, 11 May 2010 09:59:01 +0200 patch (2.6.1-3) unstable; urgency=low * 3.0 (quilt). * Fix Suggests broken in the last upload. -- Christoph Berg Wed, 25 Jan 2012 15:00:41 +0100 patch (2.6.1-2) unstable; urgency=low * Use dh_auto_test. Closes: #627196 -- Christoph Berg Fri, 20 May 2011 23:45:48 +0200 patch (2.6.1-1) unstable; urgency=low * New upstream version. + Improved CR stripping heuristics. Closes: #484539 + Fixes: creates files and directories instead of asking for the file location. Closes: #568248 * Remove lenny compatibility options -U --unified-reject-files and --global-reject-file. * Null update-version.sh file so it doesn't interfere with the git repository the package is hosted in. -- Christoph Berg Sun, 06 Feb 2011 20:19:30 +0100 patch (2.6-2) unstable; urgency=low * Update watch file. * Section: vcs. * Suggests: diffutils-doc instead of diff-doc, thanks Christoph Anton Mitterer for spotting. Closes: #558974. -- Christoph Berg Wed, 02 Dec 2009 10:25:26 +0100 patch (2.6-1) unstable; urgency=low * New upstream version. Fixes: + Closes: #402737: append to .rej files instead of overwriting them + Closes: #372769: patch aborts with "pch.c:622: intuit_diff_type: Assertion `i0 != NONE' failed." + Closes: #558485: patch creates backup files with 000 perms for newly created files + Closes: #386188: -o creates empty output on null patch + Closes: #271946: fails to create new files when POSIXLY_CORRECT is set + Closes: #445309: output result to stdout * Document in NEWS that the unified-reject-files and global-reject-file options are now included upstream, but called differently. * Enable test suite. -- Christoph Berg Mon, 30 Nov 2009 15:22:49 +0100 patch (2.5.9-5) unstable; urgency=low * Convert packaging to quilt. * Tell lintian that part of the changelog is in a different format. * Bump Standards-Version. -- Christoph Berg Mon, 21 Apr 2008 21:04:02 +0200 patch (2.5.9-4) unstable; urgency=low * New maintainer (Closes: #349323). * Use dpatch, add patches: + unified-reject-files: write unified reject files (Closes: #26675). + global-reject-file: write a global reject file. + manpage-char: fix weird character. * Suggests: diff-doc. * Bump Standards-Version. -- Christoph Berg Sat, 28 Jan 2006 18:46:28 +0100 patch (2.5.9-3) unstable; urgency=low * Orphaned. -- Michael Fedrowitz Sun, 22 Jan 2006 11:40:22 +0100 patch (2.5.9-2) unstable; urgency=low * Standards-Version 3.6.1 (no changes required). * Applied upstream patch to fix CR stripping. (Closes: #196297) * Applied a patch from SUSE to prevent previously created backup files from being overwritten. (Closes: #248950) * Ran aclocal and autoconf to make the above patch work. * Touch aclocal.m4 and configure during build to prevent the usual time-skew problems. * Removed emacs vars from changelog. -- Michael Fedrowitz Sun, 18 Jul 2004 12:56:02 +0200 patch (2.5.9-1) unstable; urgency=low * New upstream release: - Handles filenames with spaces. (closes: #99808) - Don't try to stat output file after skipping a patch. (closes: #157232) - CR in hunk header doesn't trigger CR stripping. (closes: #192272) * Standards-Version 3.5.10 (no changes required). * Remove obsolete CFLAGS. (closes: #193403) * Update copyright file. -- Michael Fedrowitz Tue, 20 May 2003 21:13:37 +0200 patch (2.5.8-2) experimental; urgency=low * Standards-Version 3.5.8: - Support DEB_BUILD_GNU_TYPE and DEB_HOST_GNU_TYPE. - Support DEB_BUILD_OPTIONS noopt instead of debug. - Always build with -g. - Build depend on debhelper (>= 4.1.0) to get rid of /usr/doc link. * Use debhelper v4. * Minor fixes to copyright file. * Don't try to stat the output file if the user elected to skip a patch. (Fixes #157232, not closing since this is for experimental.) * Applied patch from upstream to strip trailing whitespace from filenames found in patch headers. (This fixes the glibc build.) -- Michael Fedrowitz Thu, 2 Jan 2003 19:37:49 +0100 patch (2.5.8-1) experimental; urgency=low * New upstream testing release. -- Michael Fedrowitz Mon, 3 Jun 2002 16:53:35 +0200 patch (2.5.7-1) experimental; urgency=low * New upstream testing release (which is likely to become the new stable release). -- Michael Fedrowitz Fri, 31 May 2002 19:01:55 +0200 patch (2.5.6-1) experimental; urgency=low * New upstream testing release (plus two patches from upstream which will be in the next version), which incorporates all of our patches or fixes the problems in different ways. * Uploading to experimental until final release. -- Michael Fedrowitz Wed, 29 May 2002 22:30:18 +0200 patch (2.5.4-11) unstable; urgency=low * Fix patch -D. (closes: #140247) * Improve indentation guessing for ed diffs. (closes: #140642) -- Michael Fedrowitz Sat, 6 Apr 2002 20:19:19 +0200 patch (2.5.4-10) unstable; urgency=low * Fix segfault on illegal arguments to certain options. (closes: #137222) -- Michael Fedrowitz Tue, 12 Mar 2002 22:48:53 +0100 patch (2.5.4-9) unstable; urgency=low * Debhelperized debian/rules. -- Michael Fedrowitz Sun, 10 Feb 2002 19:09:16 +0100 patch (2.5.4-8) unstable; urgency=low * New maintainer. (closes: #130835) * Call configure with ac_cv_sys_long_file_names=yes (all Debian systems have long file names, but the test may fail if the build target is invoked under fakeroot or is invoked as root while /usr is mounted read-only). (closes: #129257) * Don't build with -g by default. * Support DEB_BUILD_OPTIONS. * Standards-Version 3.5.6. -- Michael Fedrowitz Sat, 26 Jan 2002 15:17:35 +0100 patch (2.5.4-7) unstable; urgency=low * Orphaned this package. -- Adrian Bunk Fri, 25 Jan 2002 13:07:18 +0100 patch (2.5.4-6) unstable; urgency=high * Applied patches from RedHat for the following bugs: - Correct default suffix to .orig. (closes: #122476) - 'no such file' does now appear before the skip patch question. - Fix a possible segfault. -- Adrian Bunk Wed, 5 Dec 2001 12:15:10 +0100 patch (2.5.4-5) unstable; urgency=low * s/GNU Public License/GNU General Public License/ in debian/copyright. (closes: #102238) -- Adrian Bunk Sun, 15 Jul 2001 17:44:36 +0200 patch (2.5.4-4) unstable; urgency=low * Added a build dependency and a suggestion for ed. (closes: #86822) * Strip the binary better. -- Adrian Bunk Sat, 2 Jun 2001 18:35:53 +0200 patch (2.5.4-3) unstable; urgency=low * Added a patch from Alessandro Rubini that corrects messages about offsets. (closes: #68943) -- Adrian Bunk Tue, 16 Jan 2001 00:10:03 +0100 patch (2.5.4-2) unstable; urgency=low * Removed the build dependency on patch. There's no longer a debian/patches since 2.5.4-1 (all problems are fixed upstream) and therefore no call to patch when building the package. (closes: #76205) * Upload sponsored by Tony Mancill . -- Adrian Bunk Sun, 5 Nov 2000 17:48:00 +0100 patch (2.5.4-1) unstable; urgency=low * New upstream release. (closes: #49119) * Upload sponsored by Tony Mancill . -- Adrian Bunk Sat, 5 Aug 2000 22:46:32 +0200 patch (2.5-3) unstable; urgency=low * New Maintainer * Removed patch.log from source * Debian patches to the source are now in debian/patches * /usr/doc -> /usr/share/doc * /usr/man -> /usr/share/man * Added Build-Depends to debian/control * Added Section to debian/control * Added "-isp" to dpkg-gencontrol * Added "-g -Wall" to CFLAGS * Removed "-s" from LDFLAGS * Standards-Version: 3.1.1.1 * Updated copyright * Approved the patches from the NMUs Closes: #57100, #56621, #58811 * Upload sponsored by Tony Mancill -- Adrian Bunk Mon, 29 May 2000 14:29:05 +0200 patch (2.5-2.2) frozen unstable; urgency=medium * NMU * Fixed a buffer overrun in mktemp (closes: #58811) -- Randolph Chung Sat, 26 Feb 2000 12:27:09 -0700 patch (2.5-2.1) frozen unstable; urgency=medium * Non-maintainer upload * Update location of GPL and Artistic license in copyright * Apply patch from Colin Phipps to fix unsafe file handling, Closes: Bug#56621 * Add -D_XOPEN_SOURCE=500 to CFLAGS so patch builds correctly again Closes: Bug#57100 -- Wichert Akkerman Sun, 20 Feb 2000 16:39:13 +0100 patch (2.5-2) unstable; urgency=low * Apply patch from "James A" to fix segv when skipping a patch. This does fix (Bug #14693, #16116, #16391). It might fix #14653 but I need more information. * Don't use su during build - allow fakeroot and friends to do their stuff. (Fixes #15459, #18319) * Use original source. * Updated standards to 2.4.0.0. (No changes.) * lintian clean. -- Darren Stalder Sat, 14 Mar 1998 19:11:46 -0800 patch (2.5-1) unstable; urgency=low * New upstream version. * Problem in patch with Index overriding filenames fixed in upstream. (Bug #10420) * Compiled for libc6. (Bug #11699) * Updated to conform to debian packaging standards 2.3.0.0. -- Darren Stalder Fri, 19 Sep 1997 23:41:38 +0000 patch (2.2-1) unstable; urgency=low * Larry Wall said that patch is under the Artistic License. (Bug #7215) * Make sure that ChangeLog actually becomes /usr/doc/patch/changelog.gz to conform to policy. (Bug #7237) * Upstream changes fix the problem with basename. (Bug #8324, #8811) * Upstream changes fix "no newline" problem. (Bug #9754) * Updated to conform to debian packaging standards 2.1.3.2. -- Darren Stalder Fri, 19 Sep 1997 23:23:32 +0000 patch (2.1-11) unstable; urgency=high * Built completely as root to bypass autoconf bug where it doesn't detect long filename support * Waiting on Larry Wall to see if patch will have to be moved to non-free. -- Darren Stalder Mon, 10 Feb 1997 03:18:58 -0800 patch (2.1-10) unstable; urgency=low * Updated to dpkg standards version 2.1.1.2, changed the rules file to the format that I'm used to. This fixes #3348. * Reverted the Makefile.in to the upstream version since the changed parameters can be passed on the command line * Reverted util.h and backupfile.c since the basename problem isn't there anymore. * Applied patch by Herbert Xu to handle long lines. -- Darren Stalder Sat, 1 Feb 1997 17:08:10 -0800 Old Changelog: The following changes are from Bill Mitchell: Changes for the debian patch-2.1-9 elf package * rebuilt for elf Changes for the debian patch-2.1-8 binary distribution 1. Install patch.1 in /usr/man/man1, not /usr/man (oops). Changes for the debian patch-2.1-7 binary distribution 1. Changed debian.rules file to Ian Murdock style. 2. Cleaned up control file description and extended description. 3. In debian.rules, add -DLINUX to CFLAGS. 4. In util.h, added #ifndef LINUX block around obsolete basename() declaration. It conflicts with the declaration in the file /usr/include/unistd.h in the linux 1.2.1 kernel sources. 5. In backupfile, added #ifndef LINUX block around obsolete basename() declarations. Changes for the debian patch-2.1-6 binary distribution 1. Removed leading tab on "include debian.rules.inc" line of debian.rules Changes for the debian patch-2.1-5 binary distribution 1. Changes for new packaging guidelines preinst and postinst scripts return exit status use debian.rules.inc 1.6 to support new package naming conventions debian.rules changes for new debian.rules.inc Changes for the debian patch-2.1-4 binary distribution 1. Modified debian.rules to use debian.rules.inc Changes for the debian patch-2.1-3 binary distribution 1. For the debian.rules target build: pass CFLAGS and LDFLAGS to Makefile Changes for the debian patch-2.1-2 binary distribution 1. Corrected permissions on man pages from 640 to 644 Changes for the patch-2.1-1 debian binary distribution 1. Renamed README.debian to debian.README 2. Renamed COPYRIGHT.debian to debian.COPYRIGHT 3. Added debian.control 4. Added debian.rules