From bccdc5d669571b1a58711acb1f29425afb7fca89 Mon Sep 17 00:00:00 2001
From: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org>
Date: Fri, 22 Nov 2019 14:56:10 +0100
Subject: [PATCH] patch package update

Signed-off-by: basebuilder_pel7ppc64lebuilder0 <basebuilder@powerel.org>
---
 SOURCES/patch-2.7.1-CVE-2016-10713.patch   |  12 ++
 SOURCES/patch-2.7.1-CVE-2018-1000156.patch | 204 +++++++++++++++++++++
 SOURCES/patch-2.7.1-CVE-2018-6952.patch    |  12 ++
 SOURCES/patch-2.7.1-newmode.patch          |  16 ++
 SOURCES/patch-2.7.x-CVE-2018-20969.patch   |  23 +++
 SOURCES/patch-selinux.patch                |  56 +++---
 SOURCES/patchutils-args.patch              |  49 +++++
 SPECS/patch.spec                           |  44 ++++-
 8 files changed, 387 insertions(+), 29 deletions(-)
 create mode 100644 SOURCES/patch-2.7.1-CVE-2016-10713.patch
 create mode 100644 SOURCES/patch-2.7.1-CVE-2018-1000156.patch
 create mode 100644 SOURCES/patch-2.7.1-CVE-2018-6952.patch
 create mode 100644 SOURCES/patch-2.7.1-newmode.patch
 create mode 100644 SOURCES/patch-2.7.x-CVE-2018-20969.patch
 create mode 100644 SOURCES/patchutils-args.patch

diff --git a/SOURCES/patch-2.7.1-CVE-2016-10713.patch b/SOURCES/patch-2.7.1-CVE-2016-10713.patch
new file mode 100644
index 00000000..17f8ebc3
--- /dev/null
+++ b/SOURCES/patch-2.7.1-CVE-2016-10713.patch
@@ -0,0 +1,12 @@
+diff -up patch-2.7.1/src/pch.c.me patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.me	2018-11-22 14:09:28.099973290 +0100
++++ patch-2.7.1/src/pch.c	2018-11-22 14:17:57.741797271 +0100
+@@ -2278,7 +2278,7 @@ pfetch (lin line)
+ bool
+ pch_write_line (lin line, FILE *file)
+ {
+-  bool after_newline = p_line[line][p_len[line] - 1] == '\n';
++  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
+   if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
+     write_fatal ();
+   return after_newline;
diff --git a/SOURCES/patch-2.7.1-CVE-2018-1000156.patch b/SOURCES/patch-2.7.1-CVE-2018-1000156.patch
new file mode 100644
index 00000000..b5c28cfe
--- /dev/null
+++ b/SOURCES/patch-2.7.1-CVE-2018-1000156.patch
@@ -0,0 +1,204 @@
+diff -up patch-2.7.1/src/pch.c.CVE-2018-1000156 patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.CVE-2018-1000156	2012-09-22 19:44:33.000000000 +0200
++++ patch-2.7.1/src/pch.c	2018-04-13 22:19:04.509532690 +0200
+@@ -31,6 +31,7 @@
+ #if HAVE_SETMODE_DOS
+ # include <io.h>
+ #endif
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2381,22 +2382,28 @@ do_ed_script (char const *inname, char c
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd = -1;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++       /* Write ed script to a temporary file.  This causes ed to abort on
++          invalid commands such as when line numbers or ranges exceed the
++          number of available lines.  When ed reads from a pipe, it rejects
++          invalid commands and treats the next line as a new command, which
++          can lead to arbitrary command execution.  */
++
++       tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++       if (tmpfd == -1)
++         pfatal ("Can't create temporary file %s", quotearg (tmpname));
++       tmpfp = fdopen (tmpfd, "w+b");
++       if (! tmpfp)
++         pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2407,14 +2414,14 @@ do_ed_script (char const *inname, char c
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	    if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	    if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		    if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		    if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2427,13 +2434,50 @@ do_ed_script (char const *inname, char c
+ 	    break;
+ 	}
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-	|| fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++	|| fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++       int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++       *outname_needs_removal = true;
++       if (inerrno != ENOENT)
++         {
++           *outname_needs_removal = true;
++           copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++         }
++       sprintf (buf, "%s %s%s", editor_program,
++                verbosity == VERBOSE ? "" : "- ",
++                outname);
++       fflush (stdout);
++
++       pid = fork();
++       if (pid == -1)
++         pfatal ("Can't fork");
++       else if (pid == 0)
++         {
++           dup2 (tmpfd, 0);
++           execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++           _exit (2);
++         }
++       else
++         {
++           int wstatus;
++           if (waitpid (pid, &wstatus, 0) == -1
++               || ! WIFEXITED (wstatus)
++               || WEXITSTATUS (wstatus) != 0)
++             fatal ("%s FAILED", editor_program);
++         }
++    }
++
++    fclose (tmpfp);
++    unlink (tmpname);
++    free((char*) tmpname);
+ 
+     if (ofp)
+       {
+diff -up patch-2.7.1/tests/ed-style.CVE-2018-1000156 patch-2.7.1/tests/ed-style
+--- patch-2.7.1/tests/ed-style.CVE-2018-1000156	2018-04-13 22:17:57.367258994 +0200
++++ patch-2.7.1/tests/ed-style	2018-04-13 22:17:57.367258994 +0200
+@@ -0,0 +1,40 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require_cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
+diff -up patch-2.7.1/tests/Makefile.am.CVE-2018-1000156 patch-2.7.1/tests/Makefile.am
+--- patch-2.7.1/tests/Makefile.am.CVE-2018-1000156	2018-04-13 22:17:57.360258966 +0200
++++ patch-2.7.1/tests/Makefile.am	2018-04-13 22:17:57.367258994 +0200
+@@ -28,6 +28,7 @@ TESTS = \
+ 	criss-cross \
+ 	crlf-handling \
+ 	dash-o-append \
++	ed-style \
+ 	empty-files \
+ 	fifo \
+ 	file-modes \
+diff -up patch-2.7.1/tests/Makefile.in.orig patch-2.7.1/tests/Makefile.in
+--- patch-2.7.1/tests/Makefile.in.orig	2018-04-13 22:24:23.758796422 +0200
++++ patch-2.7.1/tests/Makefile.in	2018-04-13 22:26:09.860216420 +0200
+@@ -1083,6 +1083,7 @@ TESTS = \
+ 	criss-cross \
+ 	crlf-handling \
+ 	dash-o-append \
++	ed-style \
+ 	empty-files \
+ 	fifo \
+ 	file-modes \
+@@ -1310,6 +1311,8 @@ crlf-handling.log: crlf-handling
+ 	@p='crlf-handling'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ dash-o-append.log: dash-o-append
+ 	@p='dash-o-append'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
++ed-style.log: ed-style
++	@p='ed-style'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ empty-files.log: empty-files
+ 	@p='empty-files'; $(am__check_pre) $(LOG_COMPILE) "$$tst" $(am__check_post)
+ fifo.log: fifo
diff --git a/SOURCES/patch-2.7.1-CVE-2018-6952.patch b/SOURCES/patch-2.7.1-CVE-2018-6952.patch
new file mode 100644
index 00000000..70fd8e38
--- /dev/null
+++ b/SOURCES/patch-2.7.1-CVE-2018-6952.patch
@@ -0,0 +1,12 @@
+diff -up patch-2.7.1/src/pch.c.me patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.me	2018-11-22 14:09:28.099973290 +0100
++++ patch-2.7.1/src/pch.c	2018-11-22 16:41:02.966632693 +0100
+@@ -2113,7 +2113,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;
diff --git a/SOURCES/patch-2.7.1-newmode.patch b/SOURCES/patch-2.7.1-newmode.patch
new file mode 100644
index 00000000..4c7a1cc7
--- /dev/null
+++ b/SOURCES/patch-2.7.1-newmode.patch
@@ -0,0 +1,16 @@
+diff -up patch-2.7.1/src/patch.c.newmode patch-2.7.1/src/patch.c
+--- patch-2.7.1/src/patch.c.newmode	2018-11-26 15:23:49.990764455 +0100
++++ patch-2.7.1/src/patch.c	2018-11-26 15:27:55.307567239 +0100
+@@ -560,8 +560,11 @@ main (int argc, char **argv)
+ 			}
+ 
+ 		      if (inerrno)
+-			set_file_attributes (TMPOUTNAME, attr, NULL, NULL,
++			{
++			  if (set_mode) attr |= FA_MODE;
++			  set_file_attributes (TMPOUTNAME, attr, NULL, NULL,
+ 					     mode, &new_time);
++			}
+ 		      else
+ 			{
+ 			  attr |= FA_IDS | FA_MODE | FA_XATTRS;
diff --git a/SOURCES/patch-2.7.x-CVE-2018-20969.patch b/SOURCES/patch-2.7.x-CVE-2018-20969.patch
new file mode 100644
index 00000000..43c565b2
--- /dev/null
+++ b/SOURCES/patch-2.7.x-CVE-2018-20969.patch
@@ -0,0 +1,23 @@
+diff -up patch-2.7.1/src/pch.c.orig patch-2.7.1/src/pch.c
+--- patch-2.7.1/src/pch.c.orig	2019-09-02 10:01:18.283754723 +0200
++++ patch-2.7.1/src/pch.c	2019-09-02 10:03:31.742214005 +0200
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char c
+            *outname_needs_removal = true;
+            copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+          }
+-       sprintf (buf, "%s %s%s", editor_program,
+-                verbosity == VERBOSE ? "" : "- ",
+-                outname);
+        fflush (stdout);
+ 
+        pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char c
+        else if (pid == 0)
+          {
+            dup2 (tmpfd, 0);
+-           execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++           assert (outname[0] != '!' && outname[0] != '-');
++           execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+            _exit (2);
+          }
+        else
diff --git a/SOURCES/patch-selinux.patch b/SOURCES/patch-selinux.patch
index 0ed8bcd0..aa6ed03c 100644
--- a/SOURCES/patch-selinux.patch
+++ b/SOURCES/patch-selinux.patch
@@ -1,6 +1,6 @@
 diff -up patch-2.7.1/src/common.h.selinux patch-2.7.1/src/common.h
---- patch-2.7.1/src/common.h.selinux	2012-09-28 15:00:04.000000000 +0100
-+++ patch-2.7.1/src/common.h	2012-10-18 17:53:43.735748614 +0100
+--- patch-2.7.1/src/common.h.selinux	2012-09-28 16:00:04.000000000 +0200
++++ patch-2.7.1/src/common.h	2018-11-26 15:41:05.747151852 +0100
 @@ -30,6 +30,8 @@
  #include <sys/types.h>
  #include <time.h>
@@ -19,8 +19,8 @@ diff -up patch-2.7.1/src/common.h.selinux patch-2.7.1/src/common.h
  XTERN bool posixly_correct;
  
 diff -up patch-2.7.1/src/inp.c.selinux patch-2.7.1/src/inp.c
---- patch-2.7.1/src/inp.c.selinux	2012-09-19 02:07:31.000000000 +0100
-+++ patch-2.7.1/src/inp.c	2012-10-18 17:53:43.736748619 +0100
+--- patch-2.7.1/src/inp.c.selinux	2012-09-19 03:07:31.000000000 +0200
++++ patch-2.7.1/src/inp.c	2018-11-26 15:41:05.747151852 +0100
 @@ -138,7 +138,7 @@ get_input_file (char const *filename, ch
      char *getbuf;
  
@@ -48,8 +48,8 @@ diff -up patch-2.7.1/src/inp.c.selinux patch-2.7.1/src/inp.c
      else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
  	        && (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
 diff -up patch-2.7.1/src/Makefile.am.selinux patch-2.7.1/src/Makefile.am
---- patch-2.7.1/src/Makefile.am.selinux	2012-09-14 10:15:41.000000000 +0100
-+++ patch-2.7.1/src/Makefile.am	2012-10-18 17:53:43.736748619 +0100
+--- patch-2.7.1/src/Makefile.am.selinux	2012-09-14 11:15:41.000000000 +0200
++++ patch-2.7.1/src/Makefile.am	2018-11-26 15:41:05.747151852 +0100
 @@ -34,7 +34,7 @@ patch_SOURCES = \
  
  AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
@@ -60,8 +60,8 @@ diff -up patch-2.7.1/src/Makefile.am.selinux patch-2.7.1/src/Makefile.am
  if ENABLE_MERGE
    patch_SOURCES += merge.c
 diff -up patch-2.7.1/src/Makefile.in.selinux patch-2.7.1/src/Makefile.in
---- patch-2.7.1/src/Makefile.in.selinux	2012-09-28 17:41:31.000000000 +0100
-+++ patch-2.7.1/src/Makefile.in	2012-10-18 17:53:43.736748619 +0100
+--- patch-2.7.1/src/Makefile.in.selinux	2012-09-28 18:41:31.000000000 +0200
++++ patch-2.7.1/src/Makefile.in	2018-11-26 15:41:05.748151855 +0100
 @@ -981,7 +981,7 @@ patch_SOURCES = bestmatch.h common.h inp
  AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
  	$(am__append_2)
@@ -72,9 +72,9 @@ diff -up patch-2.7.1/src/Makefile.in.selinux patch-2.7.1/src/Makefile.in
  all: all-am
  
 diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
---- patch-2.7.1/src/patch.c.selinux	2012-09-28 11:43:12.000000000 +0100
-+++ patch-2.7.1/src/patch.c	2012-10-18 17:57:41.708586721 +0100
-@@ -256,19 +256,19 @@ main (int argc, char **argv)
+--- patch-2.7.1/src/patch.c.selinux	2018-11-26 15:41:05.746151849 +0100
++++ patch-2.7.1/src/patch.c	2018-11-26 15:42:11.784367497 +0100
+@@ -257,19 +257,19 @@ main (int argc, char **argv)
  	  if (! strcmp (inname, outname))
  	    {
  	      if (inerrno == -1)
@@ -97,8 +97,8 @@ diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
  		  inerrno = -1;
  		}
  	      if (! outerrno)
-@@ -563,7 +563,7 @@ main (int argc, char **argv)
- 					     mode, &new_time);
+@@ -567,7 +567,7 @@ main (int argc, char **argv)
+ 			}
  		      else
  			{
 -			  attr |= FA_IDS | FA_MODE | FA_XATTRS;
@@ -106,7 +106,7 @@ diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
  			  set_file_attributes (TMPOUTNAME, attr, inname, &instat,
  					       mode, &new_time);
  			}
-@@ -623,7 +623,7 @@ main (int argc, char **argv)
+@@ -627,7 +627,7 @@ main (int argc, char **argv)
  			struct stat oldst;
  			int olderrno;
  
@@ -115,7 +115,7 @@ diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
  			if (olderrno && olderrno != ENOENT)
  			  write_fatal ();
  		        if (! olderrno && lookup_file_id (&oldst) == CREATED)
-@@ -1749,7 +1749,7 @@ delete_file_later (const char *name, con
+@@ -1754,7 +1754,7 @@ delete_file_later (const char *name, con
  
    if (! st)
      {
@@ -125,8 +125,8 @@ diff -up patch-2.7.1/src/patch.c.selinux patch-2.7.1/src/patch.c
        st = &st_tmp;
      }
 diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
---- patch-2.7.1/src/pch.c.selinux	2012-09-22 18:44:33.000000000 +0100
-+++ patch-2.7.1/src/pch.c	2012-10-18 18:04:28.619008832 +0100
+--- patch-2.7.1/src/pch.c.selinux	2018-11-26 15:41:05.744151842 +0100
++++ patch-2.7.1/src/pch.c	2018-11-26 15:41:05.749151858 +0100
 @@ -1,6 +1,6 @@
  /* reading patches */
  
@@ -135,7 +135,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  
     Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
     Foundation, Inc.
-@@ -293,7 +293,7 @@ there_is_another_patch (bool need_header
+@@ -294,7 +294,7 @@ there_is_another_patch (bool need_header
  	  {
  	    inname = savebuf (buf, t - buf);
  	    inname[t - buf - 1] = 0;
@@ -144,7 +144,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  	    if (inerrno)
  	      {
  		perror (inname);
-@@ -468,6 +468,7 @@ intuit_diff_type (bool need_header, mode
+@@ -469,6 +469,7 @@ intuit_diff_type (bool need_header, mode
      bool extended_headers = false;
      enum nametype i;
      struct stat st[3];
@@ -152,7 +152,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
      int stat_errno[3];
      int version_controlled[3];
      enum diff retval;
-@@ -507,6 +508,7 @@ intuit_diff_type (bool need_header, mode
+@@ -508,6 +509,7 @@ intuit_diff_type (bool need_header, mode
      version_controlled[OLD] = -1;
      version_controlled[NEW] = -1;
      version_controlled[INDEX] = -1;
@@ -160,7 +160,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
      p_rfc934_nesting = 0;
      p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
      p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
-@@ -914,7 +916,7 @@ intuit_diff_type (bool need_header, mode
+@@ -915,7 +917,7 @@ intuit_diff_type (bool need_header, mode
  		}
  	      else
  		{
@@ -169,7 +169,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  		  if (! stat_errno[i])
  		    {
  		      if (lookup_file_id (&st[i]) == DELETE_LATER)
-@@ -953,7 +955,7 @@ intuit_diff_type (bool need_header, mode
+@@ -954,7 +956,7 @@ intuit_diff_type (bool need_header, mode
  			  if (cs)
  			    {
  			      if (version_get (p_name[i], cs, false, readonly,
@@ -178,7 +178,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  				stat_errno[i] = 0;
  			      else
  				version_controlled[i] = 0;
-@@ -1006,7 +1008,7 @@ intuit_diff_type (bool need_header, mode
+@@ -1007,7 +1009,7 @@ intuit_diff_type (bool need_header, mode
        {
  	if (inname)
  	  {
@@ -187,7 +187,7 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  	    if (inerrno || (instat.st_mode & S_IFMT) == file_type)
  	      maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
  	  }
-@@ -1019,8 +1021,14 @@ intuit_diff_type (bool need_header, mode
+@@ -1020,8 +1022,14 @@ intuit_diff_type (bool need_header, mode
  	inerrno = stat_errno[i];
  	invc = version_controlled[i];
  	instat = st[i];
@@ -203,8 +203,8 @@ diff -up patch-2.7.1/src/pch.c.selinux patch-2.7.1/src/pch.c
  }
  
 diff -up patch-2.7.1/src/util.c.selinux patch-2.7.1/src/util.c
---- patch-2.7.1/src/util.c.selinux	2012-09-22 21:09:10.000000000 +0100
-+++ patch-2.7.1/src/util.c	2012-10-18 18:23:51.358951905 +0100
+--- patch-2.7.1/src/util.c.selinux	2012-09-22 22:09:10.000000000 +0200
++++ patch-2.7.1/src/util.c	2018-11-26 15:41:05.749151858 +0100
 @@ -294,6 +294,19 @@ set_file_attributes (char const *to, enu
  		S_ISLNK (mode) ? "symbolic link" : "file",
  		quotearg (to));
@@ -288,8 +288,8 @@ diff -up patch-2.7.1/src/util.c.selinux patch-2.7.1/src/util.c
 +  return errno;
  }
 diff -up patch-2.7.1/src/util.h.selinux patch-2.7.1/src/util.h
---- patch-2.7.1/src/util.h.selinux	2012-09-21 21:21:16.000000000 +0100
-+++ patch-2.7.1/src/util.h	2012-10-18 18:02:38.923626167 +0100
+--- patch-2.7.1/src/util.h.selinux	2012-09-21 22:21:16.000000000 +0200
++++ patch-2.7.1/src/util.h	2018-11-26 15:41:05.749151858 +0100
 @@ -45,7 +45,7 @@ char *parse_name (char const *, int, cha
  char *savebuf (char const *, size_t);
  char *savestr (char const *);
diff --git a/SOURCES/patchutils-args.patch b/SOURCES/patchutils-args.patch
new file mode 100644
index 00000000..76e7f1ff
--- /dev/null
+++ b/SOURCES/patchutils-args.patch
@@ -0,0 +1,49 @@
+diff -U0 patchutils-0.3.3/ChangeLog.args patchutils-0.3.3/ChangeLog
+--- patchutils-0.3.3/ChangeLog.args	2013-04-02 11:42:17.000000000 +0100
++++ patchutils-0.3.3/ChangeLog	2013-04-11 12:46:59.396964337 +0100
+@@ -0,0 +1,5 @@
++2013-04-11  Tim Waugh  <twaugh@redhat.com>
++
++	* src/filterdiff.c: Don't show grepdiff-specific options in
++	help output for filterdiff/lsdiff (bug #948973).
++
+diff -up patchutils-0.3.3/src/filterdiff.c.args patchutils-0.3.3/src/filterdiff.c
+--- patchutils-0.3.3/src/filterdiff.c.args	2011-05-26 14:47:46.000000000 +0100
++++ patchutils-0.3.3/src/filterdiff.c	2013-04-11 12:46:59.397964342 +0100
+@@ -2,7 +2,7 @@
+  * filterdiff - extract (or exclude) a diff from a diff file
+  * lsdiff - show which files are modified by a patch
+  * grepdiff - show files modified by a patch containing a regexp
+- * Copyright (C) 2001, 2002, 2003, 2004, 2008, 2009, 2011 Tim Waugh <twaugh@redhat.com>
++ * Copyright (C) 2001, 2002, 2003, 2004, 2008, 2009, 2011, 2013 Tim Waugh <twaugh@redhat.com>
+  *
+  * This program is free software; you can redistribute it and/or modify
+  * it under the terms of the GNU General Public License as published by
+@@ -1068,7 +1068,7 @@ const char * syntax_str =
+ "            remove all comments (non-diff lines) from output (filterdiff)\n"
+ "  -z, --decompress\n"
+ "            decompress .gz and .bz2 files\n"
+-"  -n, --line-number\n"
++"  -n, --line-number (lsdiff, grepdiff)\n"
+ "            show line numbers (lsdiff, grepdiff)\n"
+ "  --number-files (lsdiff, grepdiff)\n"
+ "            show file numbers, for use with filterdiff's --files option (lsdiff, grepdiff)\n"
+@@ -1085,15 +1085,15 @@ const char * syntax_str =
+ "            prefix pathnames in old files with PREFIX\n"
+ "  --addnewprefix=PREFIX\n"
+ "            prefix pathnames in new files with PREFIX\n"
+-"  -s, --status\n"
++"  -s, --status (lsdiff)\n"
+ "            show file additions and removals (lsdiff)\n"
+ "  -v, --verbose\n"
+ "            verbose output -- use more than once for extra verbosity\n"
+-"  -E, --extended-regexp\n"
++"  -E, --extended-regexp (grepdiff)\n"
+ "            use extended regexps, like egrep (grepdiff)\n"
+ "  -E, --empty-files-as-absent (lsdiff)\n"
+ "            treat empty files as absent (lsdiff)\n"
+-"  -f FILE, --file=FILE\n"
++"  -f FILE, --file=FILE (grepdiff)\n"
+ "            read regular expressions from FILE (grepdiff)\n"
+ "  --filter  run as 'filterdiff' (grepdiff, lsdiff)\n"
+ "  --list    run as 'lsdiff' (filterdiff, grepdiff)\n"
diff --git a/SPECS/patch.spec b/SPECS/patch.spec
index b75ab9ff..ed209f24 100644
--- a/SPECS/patch.spec
+++ b/SPECS/patch.spec
@@ -1,7 +1,9 @@
+%global gnulib_ver 20120926
+
 Summary: Utility for modifying/upgrading files
 Name: patch
 Version: 2.7.1
-Release: 8%{?dist}
+Release: 12%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/patch/patch.html
 Group: Development/Tools
@@ -9,12 +11,22 @@ Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
 Patch1: patch-remove-empty-dir.patch
 Patch2: patch-args.patch
 Patch3: patch-args-segfault.patch
+Patch4: patch-2.7.1-CVE-2018-1000156.patch
+Patch5: patch-2.7.1-CVE-2016-10713.patch
+Patch6: patch-2.7.1-CVE-2018-6952.patch
+Patch7: patch-2.7.1-newmode.patch
+# CVE-2018-20969, Invoke ed directly instead of using the shell
+Patch8: patch-2.7.x-CVE-2018-20969.patch
+# Selinux
 Patch100: patch-selinux.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: libselinux-devel
 BuildRequires: libattr-devel
 BuildRequires: ed
+BuildRequires: automake autoconf
+
+Provides: bundled(gnulib) = %{gnulib_ver}
 
 %description
 The patch program applies diff files to originals.  The diff command
@@ -38,6 +50,21 @@ applications.
 # Don't segfault when given bad arguments (bug #972330).
 %patch3 -p1 -b .args-segfault
 
+# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
+%patch4 -p1 -b .CVE-2018-1000156
+
+# CVE-2016-10713, Out-of-bounds access in pch_write_line function
+%patch5 -p1 -b .CVE-2016-10713
+
+# CVE-2018-6952, Double free of memory
+%patch6 -p1 -b .CVE-2018-6952
+
+# honor the new file mode
+%patch7 -p1 -b .newmode
+
+# CVE-2018-20969, Invoke ed directly instead of using the shell
+%patch8 -p1 -b .CVE-2018-20969
+
 # SELinux support.
 %patch100 -p1 -b .selinux
 
@@ -66,6 +93,21 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*
 
 %changelog
+* Mon Sep 02 2019 Than Ngo <than@redhat.com> - 2.7.1-12
+- Fixed CVE-2018-20969, invoke ed directly instead of using the shell
+
+* Thu Nov 22 2018 Than Ngo <than@redhat.com> - 2.7.1-11
+- Fixed CVE-2016-10713 - Out-of-bounds access in pch_write_line function 
+- Fixed CVE-2018-6952 - Double free of memory
+- Resolves: #1626473, honor new file mode 100755 when applying patches
+- Resolves: #1653294, Added virtual provides for bundled gnulib library
+
+* Fri Apr 13 2018 Than Ngo <than@redhat.com> - 2.7.1-10
+- Fixed Coverity reported issues
+
+* Mon Apr 09 2018 Than Ngo <than@redhat.com> - 2.7.1-9
+- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands
+
 * Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.7.1-8
 - Mass rebuild 2014-01-24