initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>

SOURCES/patch-2.7.6-CVE-2018-17942.patch

@@ -0,0 +1,14 @@
+diff -up patch-2.7.6/lib/vasnprintf.c.me patch-2.7.6/lib/vasnprintf.c
+--- patch-2.7.6/lib/vasnprintf.c.me	2018-11-26 14:02:03.401718842 +0100
++++ patch-2.7.6/lib/vasnprintf.c	2018-11-26 14:03:02.923913446 +0100
+@@ -860,7 +860,9 @@ convert_to_decimal (mpn_t a, size_t extr
+   size_t a_len = a.nlimbs;
+   /* 0.03345 is slightly larger than log(2)/(9*log(10)).  */
+   size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+-  char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
++  /* We need extra_zeroes bytes for zeroes, followed by c_len bytes for the
++     digits of a, followed by 1 byte for the terminating NUL.  */
++  char *c_ptr = (char *) malloc (xsum (xsum (extra_zeroes, c_len), 1));
+   if (c_ptr != NULL)
+     {
+       char *d_ptr = c_ptr;

SOURCES/patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch

@@ -0,0 +1,25 @@
+commit 9c986353e420ead6e706262bf204d6e03322c300
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Aug 17 13:35:40 2018 +0200
+
+    Fix swapping fake lines in pch_swap
+    
+    * src/pch.c (pch_swap): Fix swapping p_bfake and p_efake when there is a
+    blank line in the middle of a context-diff hunk: that empty line stays
+    in the middle of the hunk and isn't swapped.
+    
+    Fixes: https://savannah.gnu.org/bugs/index.php?53133
+
+diff --git a/src/pch.c b/src/pch.c
+index e92bc64..a500ad9 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2122,7 +2122,7 @@ pch_swap (void)
+     }
+     if (p_efake >= 0) {			/* fix non-freeable ptr range */
+ 	if (p_efake <= i)
+-	    n = p_end - i + 1;
++	    n = p_end - p_ptrn_lines;
+ 	else
+ 	    n = -i;
+ 	p_efake += n;

SOURCES/patch-2.7.6-CVE-2019-13636-symlinks.patch

@@ -0,0 +1,102 @@
+commit dce4683cbbe107a95f1f0d45fabc304acfb5d71a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Mon Jul 15 16:21:48 2019 +0200
+
+    Don't follow symlinks unless --follow-symlinks is given
+    
+    * src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+    append_to_file): Unless the --follow-symlinks option is given, open files with
+    the O_NOFOLLOW flag to avoid following symlinks.  So far, we were only doing
+    that consistently for input files.
+    * src/util.c (create_backup): When creating empty backup files, (re)create them
+    with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+     {
+       if (S_ISREG (instat.st_mode))
+         {
+-	  int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++	  int flags = O_RDONLY | binary_transput;
+ 	  size_t buffered = 0, n;
++	  int ifd;
++
++	  if (! follow_symlinks)
++	    flags |= O_NOFOLLOW;
++	  ifd = safe_open (filename, flags, 0);
+ 	  if (ifd < 0)
+ 	    pfatal ("can't open file %s", quotearg (filename));
+ 
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++  int flags = O_RDONLY | binary_transput;
+   int ifd;
+   FILE *ifp;
+   int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+ 
+   if (instat.st_size == 0)
+     filename = NULL_DEVICE;
+-  if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++  if (! follow_symlinks)
++    flags |= O_NOFOLLOW;
++  if ((ifd = safe_open (filename, flags, 0)) < 0
+       || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+     pfatal ("Can't open file %s", quotearg (filename));
+   if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -388,7 +388,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+ 
+ 	  try_makedirs_errno = ENOENT;
+ 	  safe_unlink (bakname);
+-	  while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++	  while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ 	    {
+ 	      if (errno != try_makedirs_errno)
+ 		pfatal ("Can't create file %s", quotearg (bakname));
+@@ -579,10 +579,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++  int from_flags = O_RDONLY | O_BINARY;
+   int fromfd;
+   ssize_t i;
+ 
+-  if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++  if (! follow_symlinks)
++    from_flags |= O_NOFOLLOW;
++  if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+     pfatal ("Can't reopen file %s", quotearg (from));
+   while ((i = read (fromfd, buf, bufsize)) != 0)
+     {
+@@ -625,6 +628,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+   else
+     {
+       assert (S_ISREG (mode));
++      if (! follow_symlinks)
++	to_flags |= O_NOFOLLOW;
+       tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ 			  to_dir_known_to_exist);
+       copy_to_fd (from, tofd);
+@@ -640,9 +645,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++  int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+   int tofd;
+ 
+-  if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++  if (! follow_symlinks)
++    to_flags |= O_NOFOLLOW;
++  if ((tofd = safe_open (to, to_flags, 0)) < 0)
+     pfatal ("Can't reopen file %s", quotearg (to));
+   copy_to_fd (from, tofd);
+   if (close (tofd) != 0)

SOURCES/patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch

@@ -0,0 +1,33 @@
+commit 3fcd042d26d70856e826a42b5f93dc4854d80bf0
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 19:36:15 2018 +0200
+
+    Invoke ed directly instead of using the shell
+    
+    * src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+    command to avoid quoting vulnerabilities.
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ 	    *outname_needs_removal = true;
+ 	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ 	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+ 	fflush (stdout);
+ 
+ 	pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ 	else if (pid == 0)
+ 	  {
+ 	    dup2 (tmpfd, 0);
+-	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    assert (outname[0] != '!' && outname[0] != '-');
++	    execlp (editor_program, editor_program, "-", outname, (char  *) NULL);
+ 	    _exit (2);
+ 	  }
+ 	else

SOURCES/patch-2.7.6-abort_when_cleaning_up_fails.patch

@@ -0,0 +1,46 @@
+commit b7b028a77bd855f6f56b17c8837fc1cca77b469d
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Jun 28 00:30:25 2019 +0200
+
+    Abort when cleaning up fails
+    
+    When a fatal error triggers during cleanup, another attempt will be made to
+    clean up, which will likely lead to the same fatal error.  So instead, bail out
+    when that happens.
+    src/patch.c (cleanup): Bail out when called recursively.
+    (main): There is no need to call output_files() before cleanup() as cleanup()
+    already does that.
+
+diff --git a/src/patch.c b/src/patch.c
+index 4616a48..02fd982 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -685,7 +685,6 @@ main (int argc, char **argv)
+     }
+     if (outstate.ofp && (ferror (outstate.ofp) || fclose (outstate.ofp) != 0))
+       write_fatal ();
+-    output_files (NULL);
+     cleanup ();
+     delete_files ();
+     if (somefailed)
+@@ -1991,7 +1990,6 @@ void
+ fatal_exit (int sig)
+ {
+   cleanup ();
+-
+   if (sig)
+     exit_with_signal (sig);
+ 
+@@ -2011,6 +2009,12 @@ remove_if_needed (char const *name, bool *needs_removal)
+ static void
+ cleanup (void)
+ {
++  static bool already_cleaning_up;
++
++  if (already_cleaning_up)
++    return;
++  already_cleaning_up = true;
++
+   remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
+   remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+   remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);

SOURCES/patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch

@@ -0,0 +1,28 @@
+commit b5a91a01e5d0897facdd0f49d64b76b0f02b43e1
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 11:34:51 2018 +0200
+
+    Allow input files to be missing for ed-style patches
+    
+    * src/pch.c (do_ed_script): Allow input files to be missing so that new
+    files will be created as with non-ed-style patches.
+
+diff --git a/src/pch.c b/src/pch.c
+index bc6278c..0c5cc26 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2394,9 +2394,11 @@ do_ed_script (char const *inname, char const *outname,
+ 
+     if (! dry_run && ! skip_rest_of_patch) {
+ 	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	assert (! inerrno);
+-	*outname_needs_removal = true;
+-	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
+ 	sprintf (buf, "%s %s%s", editor_program,
+ 		 verbosity == VERBOSE ? "" : "- ",
+ 		 outname);

SOURCES/patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch

@@ -0,0 +1,21 @@
+commit 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Mon Jul 15 19:10:02 2019 +0200
+
+    Avoid invalid memory access in context format diffs
+    
+    * src/pch.c (another_hunk): Avoid invalid memory access in context format
+    diffs.
+
+diff --git a/src/pch.c b/src/pch.c
+index a500ad9..cb54e03 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		  ptrn_prefix_context = context;
+ 		ptrn_suffix_context = context;
+ 		if (repl_beginning
++		    || p_end <= 0
+ 		    || (p_end
+ 			!= p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
+ 		  {

SOURCES/patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch

@@ -0,0 +1,24 @@
+commit 3bbebbb29f6fbbf2988b9f2e75695b7c0b1f1c9b
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 12:01:22 2018 +0100
+
+    Avoid set_file_attributes sign conversion warnings
+    
+    * src/util.c (set_file_attributes): Avoid sign conversion warnings when
+    assigning -1 to uid_t / gid_t.
+
+diff --git a/src/util.c b/src/util.c
+index b1c7266..1cc08ba 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -256,8 +256,8 @@ set_file_attributes (char const *to, enum file_attributes attr,
+     }
+   if (attr & FA_IDS)
+     {
+-      static uid_t euid = -1;
+-      static gid_t egid = -1;
++      static uid_t euid = (uid_t)-1;
++      static gid_t egid = (gid_t)-1;
+       uid_t uid;
+       uid_t gid;
+ 

SOURCES/patch-2.7.6-avoid-warnings-gcc8.patch

@@ -0,0 +1,85 @@
+commit ae81be0024ea4eaf139b7ba57e9a8ce9e4a163ec
+Author: Jim Meyering <jim@meyering.net>
+Date:   Fri Apr 6 17:17:11 2018 -0700
+
+    maint: avoid warnings from GCC8
+    
+    Hi Andreas,
+    
+    I configured with --enable-gcc-warnings and bleeding-edge gcc
+    (version 8.0.1 20180406) and hit some warning-escalated-to-errors.
+    This fixes them:
+    
+    >From a71ddb200dbe7ac0f9258796b5a51979b2740e88 Mon Sep 17 00:00:00 2001
+    From: Jim Meyering <meyering@fb.com>
+    Date: Fri, 6 Apr 2018 16:47:00 -0700
+    Subject: [PATCH] maint: avoid warnings from GCC8
+    
+    * src/common.h (FALLTHROUGH): Define.
+    * src/patch.c (abort_hunk_context): Use FALLTHROUGH macro in place of
+    a comment.  This avoids a warning from -Wimplicit-fallthrough=.
+    * src/pch.c (do_ed_script): Add otherwise unnecessary initialization
+    to avoid warning from -Wmaybe-uninitialized.
+    (another_hunk): Use FALLTHROUGH macro here, too, twice.
+
+diff --git a/src/common.h b/src/common.h
+index ec50b40..904a3f8 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -218,3 +218,11 @@ bool merge_hunk (int hunk, struct outstate *, lin where, bool *);
+ #else
+ # define merge_hunk(hunk, outstate, where, somefailed) false
+ #endif
++
++#ifndef FALLTHROUGH
++# if __GNUC__ < 7
++#  define FALLTHROUGH ((void) 0)
++# else
++#  define FALLTHROUGH __attribute__ ((__fallthrough__))
++# endif
++#endif
+diff --git a/src/patch.c b/src/patch.c
+index 0fe6d72..1ae91d9 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -1381,7 +1381,7 @@ abort_hunk_context (bool header, bool reverse)
+ 	    break;
+ 	case ' ': case '-': case '+': case '!':
+ 	    fprintf (rejfp, "%c ", pch_char (i));
+-	    /* fall into */
++	    FALLTHROUGH;
+ 	case '\n':
+ 	    pch_write_line (i, rejfp);
+ 	    break;
+diff --git a/src/pch.c b/src/pch.c
+index 1055542..cda3dfa 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1735,7 +1735,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		break;
+ 	    case '=':
+ 		ch = ' ';
+-		/* FALL THROUGH */
++		FALLTHROUGH;
+ 	    case ' ':
+ 		if (fillsrc > p_ptrn_lines) {
+ 		    free(s);
+@@ -1756,7 +1756,7 @@ another_hunk (enum diff difftype, bool rev)
+ 		    p_end = fillsrc-1;
+ 		    return -1;
+ 		}
+-		/* FALL THROUGH */
++		FALLTHROUGH;
+ 	    case '+':
+ 		if (filldst > p_end) {
+ 		    free(s);
+@@ -2394,8 +2394,7 @@ do_ed_script (char const *inname, char const *outname,
+     size_t chars_read;
+     FILE *tmpfp = 0;
+     char const *tmpname;
+-    int tmpfd;
+-    pid_t pid;
++    int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
+     int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+     char const **ed_argv;
+     int stdin_dup, status;

SOURCES/patch-2.7.6-check-of-return-value-of-fwrite.patch

@@ -0,0 +1,75 @@
+commit 1e9104c18019e7dc6b5590aea4b1d4f9d8ecfd56
+Author: Bruno Haible <bruno@clisp.org>
+Date:   Sat Apr 7 12:21:04 2018 +0200
+
+    Fix check of return value of fwrite().
+    
+    * src/patch.c (copy_till): Consider incomplete fwrite() write as an error.
+    * src/pch.c (pch_write_line, do_ed_script): Likewise.
+
+diff --git a/src/patch.c b/src/patch.c
+index 1ae91d9..3fcaec5 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -2,7 +2,7 @@
+ 
+ /* Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall
+ 
+-   Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2012 Free Software
++   Copyright (C) 1989-1993, 1997-1999, 2002-2003, 2006, 2009-2018 Free Software
+    Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+@@ -1641,7 +1641,7 @@ copy_till (struct outstate *outstate, lin lastline)
+ 	if (size)
+ 	  {
+ 	    if ((! outstate->after_newline  &&  putc ('\n', fp) == EOF)
+-		|| ! fwrite (s, sizeof *s, size, fp))
++		|| fwrite (s, sizeof *s, size, fp) < size)
+ 	      write_fatal ();
+ 	    outstate->after_newline = s[size - 1] == '\n';
+ 	    outstate->zero_output = false;
+diff --git a/src/pch.c b/src/pch.c
+index cda3dfa..79a3c99 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2279,8 +2279,11 @@ pfetch (lin line)
+ bool
+ pch_write_line (lin line, FILE *file)
+ {
+-  bool after_newline = (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
+-  if (! fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file))
++  bool after_newline =
++    (p_len[line] > 0) && (p_line[line][p_len[line] - 1] == '\n');
++
++  if (fwrite (p_line[line], sizeof (*p_line[line]), p_len[line], file)
++      < p_len[line])
+     write_fatal ();
+   return after_newline;
+ }
+@@ -2427,13 +2430,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+ 	    if (tmpfp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
++		if (fwrite (buf, sizeof *buf, chars_read, tmpfp) < chars_read)
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+ 		    if (tmpfp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
++			if (fwrite (buf, sizeof *buf, chars_read, tmpfp)
++			    < chars_read)
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2448,7 +2452,7 @@ do_ed_script (char const *inname, char const *outname,
+     }
+     if (dry_run || skip_rest_of_patch)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) < (size_t) 4
+ 	|| fflush (tmpfp) != 0)
+       write_fatal ();
+ 

SOURCES/patch-2.7.6-cleanups-in-do_ed_script.patch

@@ -0,0 +1,91 @@
+commit 2a32bf09f5e9572da4be183bb0dbde8164351474
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 20:32:46 2018 +0200
+
+    Minor cleanups in do_ed_script
+    
+    * src/pch.c (do_ed_script): Minor cleanups.
+
+diff --git a/src/pch.c b/src/pch.c
+index 1f14624..1055542 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2396,6 +2396,10 @@ do_ed_script (char const *inname, char const *outname,
+     char const *tmpname;
+     int tmpfd;
+     pid_t pid;
++    int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++    char const **ed_argv;
++    int stdin_dup, status;
++
+ 
+     if (! dry_run && ! skip_rest_of_patch)
+       {
+@@ -2443,7 +2447,7 @@ do_ed_script (char const *inname, char const *outname,
+ 	    break;
+ 	}
+     }
+-    if (!tmpfp)
++    if (dry_run || skip_rest_of_patch)
+       return;
+     if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
+ 	|| fflush (tmpfp) != 0)
+@@ -2452,36 +2456,29 @@ do_ed_script (char const *inname, char const *outname,
+     if (lseek (tmpfd, 0, SEEK_SET) == -1)
+       pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	char const **ed_argv;
+-	int stdin_dup, status;
+-
++    if (inerrno != ENOENT)
++      {
+ 	*outname_needs_removal = true;
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
+-	fflush (stdout);
+-
+-	if ((stdin_dup = dup (0)) == -1
+-	    || dup2 (tmpfd, 0) == -1)
+-	  pfatal ("Failed to duplicate standard input");
+-	assert (outname[0] != '!' && outname[0] != '-');
+-	ed_argv = alloca (4 * sizeof * ed_argv);
+-	ed_argv[0] = editor_program;
+-	ed_argv[1] = "-";
+-	ed_argv[2] = outname;
+-	ed_argv[3] = (char  *) NULL;
+-	status = execute (editor_program, editor_program, (char **)ed_argv,
+-			  false, false, false, false, true, false, NULL);
+-	if (status)
+-	  fatal ("%s FAILED", editor_program);
+-	if (dup2 (stdin_dup, 0) == -1
+-	    || close (stdin_dup) == -1)
+-	  pfatal ("Failed to duplicate standard input");
+-    }
++	copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++      }
++    fflush (stdout);
++
++    if ((stdin_dup = dup (0)) == -1
++	|| dup2 (tmpfd, 0) == -1)
++      pfatal ("Failed to duplicate standard input");
++    assert (outname[0] != '!' && outname[0] != '-');
++    ed_argv = alloca (4 * sizeof * ed_argv);
++    ed_argv[0] = editor_program;
++    ed_argv[1] = "-";
++    ed_argv[2] = outname;
++    ed_argv[3] = (char  *) NULL;
++    status = execute (editor_program, editor_program, (char **)ed_argv,
++		      false, false, false, false, true, false, NULL);
++    if (status)
++      fatal ("%s FAILED", editor_program);
++    if (dup2 (stdin_dup, 0) == -1
++	|| close (stdin_dup) == -1)
++      pfatal ("Failed to duplicate standard input");
+ 
+     fclose (tmpfp);
+     safe_unlink (tmpname);

SOURCES/patch-2.7.6-crash-RLIMIT_NOFILE.patch

@@ -0,0 +1,84 @@
+commit 61d7788b83b302207a67b82786f4fd79e3538f30
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:10:43 2019 +0200
+
+    Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+    
+    * src/safe.c (min_cached_fds): Define minimum number of cached dir file
+    descriptors.
+    (max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
+    (init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
+    RLIM_INFINITY.  Set the initial hash table size to min_cached_fds, independent
+    of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
+    hash table will usually suffice; if needed, the hash table will grow.
+    (insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
+    RLIM_INFINITY.
+
+diff --git a/src/safe.c b/src/safe.c
+index 5a7202f..f147b0e 100644
+--- a/src/safe.c
++++ b/src/safe.c
+@@ -67,7 +67,8 @@ struct cached_dirfd {
+ };
+ 
+ static Hash_table *cached_dirfds = NULL;
+-static size_t max_cached_fds;
++static rlim_t min_cached_fds = 8;
++static rlim_t max_cached_fds;
+ LIST_HEAD (lru_list);
+ 
+ static size_t hash_cached_dirfd (const void *entry, size_t table_size)
+@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
+ {
+   struct rlimit nofile;
+ 
+-  max_cached_fds = 8;
+   if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
+-    max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
++    {
++      if (nofile.rlim_cur == RLIM_INFINITY)
++        max_cached_fds = RLIM_INFINITY;
++      else
++	max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
++    }
++  else
++    max_cached_fds = min_cached_fds;
+ 
+-  cached_dirfds = hash_initialize (max_cached_fds,
++  cached_dirfds = hash_initialize (min_cached_fds,
+ 				   NULL,
+ 				   hash_cached_dirfd,
+ 				   compare_cached_dirfds,
+@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
+   if (cached_dirfds == NULL)
+     init_dirfd_cache ();
+ 
+-  /* Trim off the least recently used entries */
+-  while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
++  if (max_cached_fds != RLIM_INFINITY)
+     {
+-      struct cached_dirfd *last =
+-	list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+-      if (&last->lru_link == &lru_list)
+-	break;
+-      if (last->fd == keepfd)
++      /* Trim off the least recently used entries */
++      while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ 	{
+-	  last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++	  struct cached_dirfd *last =
++	    list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+ 	  if (&last->lru_link == &lru_list)
+ 	    break;
++	  if (last->fd == keepfd)
++	    {
++	      last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++	      if (&last->lru_link == &lru_list)
++		break;
++	    }
++	  remove_cached_dirfd (last);
+ 	}
+-      remove_cached_dirfd (last);
+     }
+ 
+   /* Only insert if the parent still exists. */

SOURCES/patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch

@@ -0,0 +1,95 @@
+commit 19599883ffb6a450d2884f081f8ecf68edbed7ee
+Author: Jean Delvare <jdelvare@suse.de>
+Date:   Thu May 3 14:31:55 2018 +0200
+
+    Don't leak temporary file on failed ed-style patch
+    
+    Now that we write ed-style patches to a temporary file before we
+    apply them, we need to ensure that the temporary file is removed
+    before we leave, even on fatal error.
+    
+    * src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+      tmpname. Don't unlink the file directly, instead tag it for removal
+      at exit time.
+    * src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+    
+    This closes bug #53820:
+    https://savannah.gnu.org/bugs/index.php?53820
+    
+    Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+
+diff --git a/src/common.h b/src/common.h
+index 904a3f8..53c5e32 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+ 
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+ 
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/patch.c b/src/patch.c
+index 3fcaec5..9146597 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -1999,6 +1999,7 @@ cleanup (void)
+   remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
+   remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+   remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
++  remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+   remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
+   output_files (NULL);
+ }
+diff --git a/src/pch.c b/src/pch.c
+index 79a3c99..1bb3153 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2396,7 +2396,6 @@ do_ed_script (char const *inname, char const *outname,
+     file_offset beginning_of_this_line;
+     size_t chars_read;
+     FILE *tmpfp = 0;
+-    char const *tmpname;
+     int tmpfd = -1; /* placate gcc's -Wmaybe-uninitialized */
+     int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+     char const **ed_argv;
+@@ -2411,12 +2410,13 @@ do_ed_script (char const *inname, char const *outname,
+ 	   invalid commands and treats the next line as a new command, which
+ 	   can lead to arbitrary command execution.  */
+ 
+-	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ 	if (tmpfd == -1)
+-	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	  pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++	TMPEDNAME_needs_removal = true;
+ 	tmpfp = fdopen (tmpfd, "w+b");
+ 	if (! tmpfp)
+-	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++	  pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+       }
+ 
+     for (;;) {
+@@ -2457,7 +2457,7 @@ do_ed_script (char const *inname, char const *outname,
+       write_fatal ();
+ 
+     if (lseek (tmpfd, 0, SEEK_SET) == -1)
+-      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+ 
+     if (inerrno != ENOENT)
+       {
+@@ -2484,7 +2484,6 @@ do_ed_script (char const *inname, char const *outname,
+       pfatal ("Failed to duplicate standard input");
+ 
+     fclose (tmpfp);
+-    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {

SOURCES/patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch

@@ -0,0 +1,71 @@
+commit 369dcccdfa6336e5a873d6d63705cfbe04c55727
+Author: Jean Delvare <jdelvare@suse.de>
+Date:   Mon May 7 15:14:45 2018 +0200
+
+    Don't leak temporary file on failed multi-file ed-style patch
+    
+    The previous fix worked fine with single-file ed-style patches, but
+    would still leak temporary files in the case of multi-file ed-style
+    patch. Fix that case as well, and extend the test case to check for
+    it.
+    
+    * src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+      the next file in a patch.
+    
+    This closes bug #53820:
+    https://savannah.gnu.org/bugs/index.php?53820
+    
+    Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+    Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ 	    }
+ 	  remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ 	}
++      remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+ 
+       if (! skip_rest_of_patch && ! file_type)
+ 	{
+diff --git a/tests/ed-style b/tests/ed-style
+index 6b6ef9d..504e6e5 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -38,3 +38,34 @@ EOF
+ check 'cat foo' <<EOF
+ foo
+ EOF
++
++# Test the case where one ed-style patch modifies several files
++
++cat > ed3.diff <<EOF
++--- foo
+++++ foo
++1c
++bar
++.
++--- baz
+++++ baz
++0a
++baz
++.
++EOF
++
++# Apparently we can't create a file with such a patch, while it works fine
++# when the file name is provided on the command line
++cat > baz <<EOF
++EOF
++
++check 'patch -e -i ed3.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++bar
++EOF
++
++check 'cat baz' <<EOF
++baz
++EOF

SOURCES/patch-2.7.6-failed_assertion.patch

@@ -0,0 +1,29 @@
+commit 76e775847f4954b63dc72afe34d9d921c6688b31
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Tue Jul 16 01:16:28 2019 +0200
+
+    Fix failed assertion 'outstate->after_newline'
+    
+    The assertion triggers when the -o FILE option is used, more than one output
+    file is written into FILE, and one of those files (except the last one) ends in
+    the middle of a line.
+    * src/patch.c (main): Fix the case described above.
+
+diff --git a/src/patch.c b/src/patch.c
+index 02fd982..3794319 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -369,6 +369,13 @@ main (int argc, char **argv)
+ 	    /* outstate.ofp now owns the file descriptor */
+ 	    outfd = -1;
+ 	  }
++	else
++	  {
++	    /* When writing to a single output file (-o FILE), always pretend
++	       that the output file ends in a newline.  Otherwise, when another
++	       file is written to the same output file, apply_hunk will fail.  */
++	    outstate.after_newline = true;
++	  }
+ 
+ 	/* find out where all the lines are */
+ 	if (!skip_rest_of_patch) {

SOURCES/patch-2.7.6-fix-ed-style-test-failure.patch

@@ -0,0 +1,22 @@
+commit 458ac51a05426c1af9aa6bf1342ecf60728c19b4
+Author: Bruno Haible <bruno@clisp.org>
+Date:   Sat Apr 7 12:34:03 2018 +0200
+
+    Fix 'ed-style' test failure.
+    
+    * tests/ed-style: Remove '?' line from expected output.
+
+diff --git a/tests/ed-style b/tests/ed-style
+index d8c0689..6b6ef9d 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -31,8 +31,7 @@ r !echo bar
+ ,p
+ EOF
+ 
+-check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
+-?
++check 'patch -e foo -i ed2.diff > /dev/null 2> /dev/null || echo "Status: $?"' <<EOF
+ Status: 2
+ EOF
+ 

SOURCES/patch-2.7.6-fix-korn-shell-incompatibility.patch

@@ -0,0 +1,21 @@
+commit 074e2395f81d0ecaa66b71a6c228c70b49db72e5
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 17:05:00 2018 +0100
+
+    Test suite: fix Korn shell incompatibility
+    
+    tests/merge: In a Korn shell, shift apparently fails when $# is 0.
+
+diff --git a/tests/merge b/tests/merge
+index b628891..e950b92 100644
+--- a/tests/merge
++++ b/tests/merge
+@@ -32,7 +32,7 @@ x2() {
+ 	shift
+     done > b.sed
+     echo "$body" | sed -f b.sed > b
+-    shift
++    test $# -eq 0 || shift
+     while test $# -gt 0 ; do
+ 	echo "$1"
+ 	shift

SOURCES/patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch

@@ -0,0 +1,24 @@
+commit f290f48a621867084884bfff87f8093c15195e6a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Mon Feb 12 16:48:24 2018 +0100
+
+    Fix segfault with mangled rename patch
+    
+    http://savannah.gnu.org/bugs/?53132
+    * src/pch.c (intuit_diff_type): Ensure that two filenames are specified
+    for renames and copies (fix the existing check).
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..bc6278c 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -974,7 +974,8 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+     if ((pch_rename () || pch_copy ())
+ 	&& ! inname
+ 	&& ! ((i == OLD || i == NEW) &&
+-	      p_name[! reverse] &&
++	      p_name[reverse] && p_name[! reverse] &&
++	      name_is_valid (p_name[reverse]) &&
+ 	      name_is_valid (p_name[! reverse])))
+       {
+ 	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");

SOURCES/patch-2.7.6-improve_support_for_memory_leak_detection.patch

@@ -0,0 +1,48 @@
+commit 2b584aec9e5f2806b1eccadcabe7e901fcfa0b0a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:02:02 2019 +0200
+
+    Improve support for memory leak detection
+    
+    When building with the address sanitizer on, free some more resources before
+    exiting.  (This is unnecessary when not looking for memory leaks.)
+    * src/patch.c (init_files_to_delete): Add dispose function for freeing
+    filenames.
+
+diff --git a/src/patch.c b/src/patch.c
+index 81c7a02..4616a48 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -36,6 +36,10 @@
+ #include <minmax.h>
+ #include <safe.h>
+ 
++#ifdef __SANITIZE_ADDRESS__
++# define FREE_BEFORE_EXIT
++#endif
++
+ /* procedures */
+ 
+ static FILE *create_output_file (char const *, int);
+@@ -1777,10 +1781,20 @@ struct file_to_delete {
+ 
+ static gl_list_t files_to_delete;
+ 
++#ifdef FREE_BEFORE_EXIT
++void dispose_file_to_delete (const void *elt)
++{
++	free ((void *) elt);
++}
++#else
++#define dispose_file_to_delete NULL
++#endif
++
+ static void
+ init_files_to_delete (void)
+ {
+-  files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL, NULL, true);
++  files_to_delete = gl_list_create_empty (GL_LINKED_LIST, NULL, NULL,
++					  dispose_file_to_delete, true);
+ }
+ 
+ static void

SOURCES/patch-2.7.6-make-debug-output-more-useful.patch

@@ -0,0 +1,40 @@
+commit ff81775f4eb6ab9a91b75e4031e8216654c0c76a
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Aug 17 10:31:22 2018 +0200
+
+    Make the (debug & 2) output more useful
+    
+    * src/pch.c (another_hunk): In the (debug & 2) output, fix how empty
+    lines that are not part of the patch context are printed.  Also, add
+    newlines to lines that are missing them to keep the output readable.
+
+diff --git a/src/pch.c b/src/pch.c
+index 1bb3153..e92bc64 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1916,8 +1916,13 @@ another_hunk (enum diff difftype, bool rev)
+ 	lin i;
+ 
+ 	for (i = 0; i <= p_end + 1; i++) {
+-	    fprintf (stderr, "%s %c",
+-		     format_linenum (numbuf0, i),
++	    fputs (format_linenum (numbuf0, i), stderr);
++	    if (p_Char[i] == '\n')
++	      {
++	        fputc('\n', stderr);
++		continue;
++	      }
++	    fprintf (stderr, " %c",
+ 		     p_Char[i]);
+ 	    if (p_Char[i] == '*')
+ 	      fprintf (stderr, " %s,%s\n",
+@@ -1930,7 +1935,8 @@ another_hunk (enum diff difftype, bool rev)
+ 	    else if (p_Char[i] != '^')
+ 	      {
+ 		fputs(" |", stderr);
+-		pch_write_line (i, stderr);
++		if (! pch_write_line (i, stderr))
++		  fputc('\n', stderr);
+ 	      }
+ 	    else
+ 	      fputc('\n', stderr);

SOURCES/patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch

@@ -0,0 +1,20 @@
+commit a5b442ce01b80a758606ede316f739426a12bc33
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Thu Jun 27 11:09:31 2019 +0200
+
+    Skip "ed" test when the ed utility is not installed
+    
+    * tests/ed-style: Require ed.
+
+diff --git a/tests/ed-style b/tests/ed-style
+index 504e6e5..9907cb6 100644
+--- a/tests/ed-style
++++ b/tests/ed-style
+@@ -7,6 +7,7 @@
+ . $srcdir/test-lib.sh
+ 
+ require cat
++require ed
+ use_local_patch
+ use_tmpdir
+ 

SOURCES/patch-2.7.6-test-suite-compatibility-fixes.patch

@@ -0,0 +1,124 @@
+commit f6bc5b14bd193859851d15a049bafb1007acd288
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Wed Feb 7 12:10:41 2018 +0100
+
+    Test suite compatibility fixes
+    
+    * tests/crlf-handling, tests/git-cleanup, tests/test-lib.sh: Use printf
+    instead of echo -e / echo -n for compatibility with systems that don't
+    support these echo options.
+    * tests/merge: Minor other cleanups.
+
+diff --git a/tests/crlf-handling b/tests/crlf-handling
+index 239149c..c192cac 100644
+--- a/tests/crlf-handling
++++ b/tests/crlf-handling
+@@ -14,7 +14,7 @@ use_local_patch
+ use_tmpdir
+ 
+ lf2crlf() {
+-    while read l; do echo -e "$l\r"; done
++    while read l; do printf "%s\r\n" "$l"; done
+ }
+ 
+ echo 1 > a
+diff --git a/tests/git-cleanup b/tests/git-cleanup
+index 2e3e4c6..ca527a1 100644
+--- a/tests/git-cleanup
++++ b/tests/git-cleanup
+@@ -36,8 +36,8 @@ BAD PATCH
+ EOF
+ 
+ echo 1 > f
+-echo -n '' > g
+-echo -n '' > h
++printf '' > g
++printf '' > h
+ 
+ check 'patch -f -i 1.diff || echo status: $?' <<EOF
+ patching file f
+diff --git a/tests/merge b/tests/merge
+index 22d787b..b628891 100644
+--- a/tests/merge
++++ b/tests/merge
+@@ -30,30 +30,28 @@ x2() {
+     while test $# -gt 0 && test "$1" != -- ; do
+ 	echo "$1"
+ 	shift
+-    done > a.sed
+-    echo "$body" | sed -f a.sed > b
++    done > b.sed
++    echo "$body" | sed -f b.sed > b
+     shift
+     while test $# -gt 0 ; do
+ 	echo "$1"
+ 	shift
+-    done > b.sed
+-    echo "$body" | sed -f b.sed > c
+-    rm -f a.sed b.sed
++    done > c.sed
++    echo "$body" | sed -f c.sed > c
++    rm -f b.sed c.sed
+     output=`diff -u a b | patch $ARGS -f c`
+     status=$?
+     echo "$output" | sed -e '/^$/d' -e '/^patching file c$/d'
+     cat c
+-    test $status == 0 || echo "Status: $status"
++    test $status = 0 || echo "Status: $status"
+ }
+ 
+ x() {
+-    ARGS="$ARGS --merge" x2 "$@"
++    ARGS="--merge" x2 "$@"
+     echo
+-    ARGS="$ARGS --merge=diff3" x2 "$@"
++    ARGS="--merge=diff3" x2 "$@"
+ }
+ 
+-unset ARGS
+-
+ # ==============================================================
+ 
+ check 'x 3' <<EOF
+diff --git a/tests/test-lib.sh b/tests/test-lib.sh
+index be0d7e3..661da52 100644
+--- a/tests/test-lib.sh
++++ b/tests/test-lib.sh
+@@ -41,7 +41,7 @@ use_local_patch() {
+ 
+     eval 'patch() {
+ 	if test -n "$GDB" ; then
+-	  echo -e "\n" >&3
++	  printf "\n\n" >&3
+ 	  gdbserver localhost:53153 $PATCH "$@" 2>&3
+ 	else
+           $PATCH "$@"
+@@ -113,22 +113,15 @@ cleanup() {
+     exit $status
+ }
+ 
+-if test -z "`echo -n`"; then
+-    if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
+-	eval '
+-	    _start_test() {
+-		echo -n "[${BASH_LINENO[2]}] $* -- "
+-	    }'
+-    else
+-	eval '
+-	    _start_test() {
+-		echo -n "* $* -- "
+-	    }'
+-    fi
++if eval 'test -n "${BASH_LINENO[0]}" 2>/dev/null'; then
++    eval '
++	_start_test() {
++	    printf "[${BASH_LINENO[2]}] %s -- " "$*"
++	}'
+ else
+     eval '
+ 	_start_test() {
+-	    echo "* $*"
++	    printf "* %s -- " "$*"
+ 	}'
+ fi
+ 

SOURCES/patch-CVE-2018-1000156.patch

@@ -0,0 +1,202 @@
+commit 123eaff0d5d1aebe128295959435b9ca5909c26d
+Author: Andreas Gruenbacher <agruen@gnu.org>
+Date:   Fri Apr 6 12:14:49 2018 +0200
+
+    Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)
+    
+    * src/pch.c (do_ed_script): Write ed script to a temporary file instead
+    of piping it to ed: this will cause ed to abort on invalid commands
+    instead of rejecting them and carrying on.
+    * tests/ed-style: New test case.
+    * tests/Makefile.am (TESTS): Add test case.
+
+diff --git a/src/pch.c b/src/pch.c
+index 0c5cc26..4fd5a05 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include <io.h>
+ #endif
+ #include <safe.h>
++#include <sys/wait.h>
+ 
+ #define INITHUNKMAX 125			/* initial dynamic allocation size */
+ 
+@@ -2389,24 +2390,28 @@ do_ed_script (char const *inname, char const *outname,
+     static char const editor_program[] = EDITOR_PROGRAM;
+ 
+     file_offset beginning_of_this_line;
+-    FILE *pipefp = 0;
+     size_t chars_read;
++    FILE *tmpfp = 0;
++    char const *tmpname;
++    int tmpfd;
++    pid_t pid;
++
++    if (! dry_run && ! skip_rest_of_patch)
++      {
++	/* Write ed script to a temporary file.  This causes ed to abort on
++	   invalid commands such as when line numbers or ranges exceed the
++	   number of available lines.  When ed reads from a pipe, it rejects
++	   invalid commands and treats the next line as a new command, which
++	   can lead to arbitrary command execution.  */
++
++	tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++	if (tmpfd == -1)
++	  pfatal ("Can't create temporary file %s", quotearg (tmpname));
++	tmpfp = fdopen (tmpfd, "w+b");
++	if (! tmpfp)
++	  pfatal ("Can't open stream for file %s", quotearg (tmpname));
++      }
+ 
+-    if (! dry_run && ! skip_rest_of_patch) {
+-	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-	if (inerrno != ENOENT)
+-	  {
+-	    *outname_needs_removal = true;
+-	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-	  }
+-	sprintf (buf, "%s %s%s", editor_program,
+-		 verbosity == VERBOSE ? "" : "- ",
+-		 outname);
+-	fflush (stdout);
+-	pipefp = popen(buf, binary_transput ? "wb" : "w");
+-	if (!pipefp)
+-	  pfatal ("Can't open pipe to %s", quotearg (buf));
+-    }
+     for (;;) {
+ 	char ed_command_letter;
+ 	beginning_of_this_line = file_tell (pfp);
+@@ -2417,14 +2422,14 @@ do_ed_script (char const *inname, char const *outname,
+ 	}
+ 	ed_command_letter = get_ed_command_letter (buf);
+ 	if (ed_command_letter) {
+-	    if (pipefp)
+-		if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++	    if (tmpfp)
++		if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 		    write_fatal ();
+ 	    if (ed_command_letter != 'd' && ed_command_letter != 's') {
+ 	        p_pass_comments_through = true;
+ 		while ((chars_read = get_line ()) != 0) {
+-		    if (pipefp)
+-			if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++		    if (tmpfp)
++			if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+ 			    write_fatal ();
+ 		    if (chars_read == 2  &&  strEQ (buf, ".\n"))
+ 			break;
+@@ -2437,13 +2442,49 @@ do_ed_script (char const *inname, char const *outname,
+ 	    break;
+ 	}
+     }
+-    if (!pipefp)
++    if (!tmpfp)
+       return;
+-    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, pipefp) == 0
+-	|| fflush (pipefp) != 0)
++    if (fwrite ("w\nq\n", sizeof (char), (size_t) 4, tmpfp) == 0
++	|| fflush (tmpfp) != 0)
+       write_fatal ();
+-    if (pclose (pipefp) != 0)
+-      fatal ("%s FAILED", editor_program);
++
++    if (lseek (tmpfd, 0, SEEK_SET) == -1)
++      pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++
++    if (! dry_run && ! skip_rest_of_patch) {
++	int exclusive = *outname_needs_removal ? 0 : O_EXCL;
++	*outname_needs_removal = true;
++	if (inerrno != ENOENT)
++	  {
++	    *outname_needs_removal = true;
++	    copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
++	  }
++	sprintf (buf, "%s %s%s", editor_program,
++		 verbosity == VERBOSE ? "" : "- ",
++		 outname);
++	fflush (stdout);
++
++	pid = fork();
++	if (pid == -1)
++	  pfatal ("Can't fork");
++	else if (pid == 0)
++	  {
++	    dup2 (tmpfd, 0);
++	    execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++	    _exit (2);
++	  }
++	else
++	  {
++	    int wstatus;
++	    if (waitpid (pid, &wstatus, 0) == -1
++	        || ! WIFEXITED (wstatus)
++		|| WEXITSTATUS (wstatus) != 0)
++	      fatal ("%s FAILED", editor_program);
++	  }
++    }
++
++    fclose (tmpfp);
++    safe_unlink (tmpname);
+ 
+     if (ofp)
+       {
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 6b6df63..16f8693 100644
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -32,6 +32,7 @@ TESTS = \
+ 	crlf-handling \
+ 	dash-o-append \
+ 	deep-directories \
++	ed-style \
+ 	empty-files \
+ 	false-match \
+ 	fifo \
+diff --git a/tests/ed-style b/tests/ed-style
+new file mode 100644
+index 0000000..d8c0689
+--- /dev/null
++++ b/tests/ed-style
+@@ -0,0 +1,41 @@
++# Copyright (C) 2018 Free Software Foundation, Inc.
++#
++# Copying and distribution of this file, with or without modification,
++# in any medium, are permitted without royalty provided the copyright
++# notice and this notice are preserved.
++
++. $srcdir/test-lib.sh
++
++require cat
++use_local_patch
++use_tmpdir
++
++# ==============================================================
++
++cat > ed1.diff <<EOF
++0a
++foo
++.
++EOF
++
++check 'patch -e foo -i ed1.diff' <<EOF
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF
++
++cat > ed2.diff <<EOF
++1337a
++r !echo bar
++,p
++EOF
++
++check 'patch -e foo -i ed2.diff 2> /dev/null || echo "Status: $?"' <<EOF
++?
++Status: 2
++EOF
++
++check 'cat foo' <<EOF
++foo
++EOF

SOURCES/patch-selinux.patch

@@ -0,0 +1,326 @@
+diff -up patch-2.7.6/src/common.h.selinux patch-2.7.6/src/common.h
+--- patch-2.7.6/src/common.h.selinux	2018-02-03 12:41:49.000000000 +0000
++++ patch-2.7.6/src/common.h	2018-02-12 12:29:44.415225377 +0000
+@@ -30,6 +30,8 @@
+ #include <sys/types.h>
+ #include <time.h>
+ 
++#include <selinux/selinux.h>
++
+ #include <sys/stat.h>
+ 
+ #include <limits.h>
+@@ -84,6 +86,7 @@ XTERN char *outfile;
+ XTERN int inerrno;
+ XTERN int invc;
+ XTERN struct stat instat;
++XTERN security_context_t incontext;
+ XTERN bool dry_run;
+ XTERN bool posixly_correct;
+ 
+diff -up patch-2.7.6/src/inp.c.selinux patch-2.7.6/src/inp.c
+--- patch-2.7.6/src/inp.c.selinux	2017-09-04 12:34:16.000000000 +0100
++++ patch-2.7.6/src/inp.c	2018-02-12 12:29:44.415225377 +0000
+@@ -145,7 +145,7 @@ get_input_file (char const *filename, ch
+     char *getbuf;
+ 
+     if (inerrno == -1)
+-      inerrno = stat_file (filename, &instat);
++	inerrno = stat_file (filename, &instat, &incontext);
+ 
+     /* Perhaps look for RCS or SCCS versions.  */
+     if (S_ISREG (file_type)
+@@ -190,7 +190,7 @@ get_input_file (char const *filename, ch
+ 	    }
+ 
+ 	    if (cs && version_get (filename, cs, ! inerrno, elsewhere, getbuf,
+-				   &instat))
++				   &instat, &incontext))
+ 	      inerrno = 0;
+ 
+ 	    free (getbuf);
+@@ -201,6 +201,7 @@ get_input_file (char const *filename, ch
+       {
+ 	instat.st_mode = S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH;
+ 	instat.st_size = 0;
++	incontext = NULL;
+       }
+     else if (! ((S_ISREG (file_type) || S_ISLNK (file_type))
+ 	        && (file_type & S_IFMT) == (instat.st_mode & S_IFMT)))
+diff -up patch-2.7.6/src/Makefile.am.selinux patch-2.7.6/src/Makefile.am
+--- patch-2.7.6/src/Makefile.am.selinux	2017-09-04 12:34:16.000000000 +0100
++++ patch-2.7.6/src/Makefile.am	2018-02-12 12:29:44.415225377 +0000
+@@ -37,7 +37,7 @@ patch_SOURCES = \
+ 
+ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib
+ patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
+-	      $(LIB_XATTR) $(LIB_EACCESS)
++	      $(LIB_XATTR) $(LIB_EACCESS) -lselinux
+ 
+ if ENABLE_MERGE
+   patch_SOURCES += merge.c
+diff -up patch-2.7.6/src/Makefile.in.selinux patch-2.7.6/src/Makefile.in
+--- patch-2.7.6/src/Makefile.in.selinux	2018-02-03 13:33:56.000000000 +0000
++++ patch-2.7.6/src/Makefile.in	2018-02-12 12:29:44.415225377 +0000
+@@ -1147,7 +1147,7 @@ patch_SOURCES = bestmatch.h common.h inp
+ AM_CPPFLAGS = -I$(top_builddir)/lib -I$(top_srcdir)/lib \
+ 	$(am__append_2)
+ patch_LDADD = $(LDADD) $(top_builddir)/lib/libpatch.a $(LIB_CLOCK_GETTIME) \
+-	      $(LIB_XATTR) $(LIB_EACCESS)
++	      $(LIB_XATTR) $(LIB_EACCESS) -lselinux
+ 
+ all: all-am
+ 
+diff -up patch-2.7.6/src/patch.c.selinux patch-2.7.6/src/patch.c
+--- patch-2.7.6/src/patch.c.selinux	2018-02-03 12:41:49.000000000 +0000
++++ patch-2.7.6/src/patch.c	2018-02-12 12:30:27.315164138 +0000
+@@ -269,19 +269,19 @@ main (int argc, char **argv)
+ 	  if (! strcmp (inname, outname))
+ 	    {
+ 	      if (inerrno == -1)
+-		inerrno = stat_file (inname, &instat);
++		inerrno = stat_file (inname, &instat, NULL);
+ 	      outstat = instat;
+ 	      outerrno = inerrno;
+ 	    }
+ 	  else
+-	    outerrno = stat_file (outname, &outstat);
++	    outerrno = stat_file (outname, &outstat, NULL);
+ 
+ 	  if (! outerrno)
+ 	    {
+ 	      if (has_queued_output (&outstat))
+ 		{
+ 		  output_files (&outstat);
+-		  outerrno = stat_file (outname, &outstat);
++		  outerrno = stat_file (outname, &outstat, NULL);
+ 		  inerrno = -1;
+ 		}
+ 	      if (! outerrno)
+@@ -598,7 +598,7 @@ main (int argc, char **argv)
+ 			}
+ 		      else
+ 			{
+-			  attr |= FA_IDS | FA_MODE | FA_XATTRS;
++			  attr |= FA_IDS | FA_MODE | FA_XATTRS | FA_SECCONTEXT;
+ 			  set_file_attributes (TMPOUTNAME, attr, inname, &instat,
+ 					       mode, &new_time);
+ 			}
+@@ -658,7 +658,7 @@ main (int argc, char **argv)
+ 			struct stat oldst;
+ 			int olderrno;
+ 
+-			olderrno = stat_file (rej, &oldst);
++			olderrno = stat_file (rej, &oldst, NULL);
+ 			if (olderrno && olderrno != ENOENT)
+ 			  write_fatal ();
+ 		        if (! olderrno && lookup_file_id (&oldst) == CREATED)
+@@ -1790,7 +1790,7 @@ delete_file_later (const char *name, con
+ 
+   if (! st)
+     {
+-      if (stat_file (name, &st_tmp) != 0)
++      if (stat_file (name, &st_tmp, NULL) != 0)
+ 	pfatal ("Can't get file attributes of %s %s", "file", name);
+       st = &st_tmp;
+     }
+diff -up patch-2.7.6/src/pch.c.selinux patch-2.7.6/src/pch.c
+--- patch-2.7.6/src/pch.c.selinux	2018-02-03 12:41:49.000000000 +0000
++++ patch-2.7.6/src/pch.c	2018-02-12 12:29:44.416225375 +0000
+@@ -1,6 +1,6 @@
+ /* reading patches */
+ 
+-/* Copyright (C) 1986, 1987, 1988 Larry Wall
++/* Copyright (C) 1986, 1987, 1988, 2012 Larry Wall
+ 
+    Copyright (C) 1990-1993, 1997-2003, 2006, 2009-2012 Free Software
+    Foundation, Inc.
+@@ -296,7 +296,7 @@ there_is_another_patch (bool need_header
+ 	if (t > buf + 1 && *(t - 1) == '\n')
+ 	  {
+ 	    inname = xmemdup0 (buf, t - buf - 1);
+-	    inerrno = stat_file (inname, &instat);
++	    inerrno = stat_file (inname, &instat, &incontext);
+ 	    if (inerrno)
+ 	      {
+ 		perror (inname);
+@@ -433,6 +433,7 @@ intuit_diff_type (bool need_header, mode
+     bool extended_headers = false;
+     enum nametype i;
+     struct stat st[3];
++    security_context_t con[3];
+     int stat_errno[3];
+     int version_controlled[3];
+     enum diff retval;
+@@ -473,6 +474,7 @@ intuit_diff_type (bool need_header, mode
+     version_controlled[OLD] = -1;
+     version_controlled[NEW] = -1;
+     version_controlled[INDEX] = -1;
++    con[OLD] = con[NEW] = con[INDEX] = NULL;
+     p_rfc934_nesting = 0;
+     p_timestamp[OLD].tv_sec = p_timestamp[NEW].tv_sec = -1;
+     p_says_nonexistent[OLD] = p_says_nonexistent[NEW] = 0;
+@@ -883,7 +885,7 @@ intuit_diff_type (bool need_header, mode
+ 		}
+ 	      else
+ 		{
+-		  stat_errno[i] = stat_file (p_name[i], &st[i]);
++		  stat_errno[i] = stat_file (p_name[i], &st[i], &con[i]);
+ 		  if (! stat_errno[i])
+ 		    {
+ 		      if (lookup_file_id (&st[i]) == DELETE_LATER)
+@@ -922,7 +924,7 @@ intuit_diff_type (bool need_header, mode
+ 			  if (cs)
+ 			    {
+ 			      if (version_get (p_name[i], cs, false, readonly,
+-					       getbuf, &st[i]))
++					       getbuf, &st[i], &con[i]))
+ 				stat_errno[i] = 0;
+ 			      else
+ 				version_controlled[i] = 0;
+@@ -985,7 +987,7 @@ intuit_diff_type (bool need_header, mode
+       {
+ 	if (inname)
+ 	  {
+-	    inerrno = stat_file (inname, &instat);
++	    inerrno = stat_file (inname, &instat, &incontext);
+ 	    if (inerrno || (instat.st_mode & S_IFMT) == file_type)
+ 	      maybe_reverse (inname, inerrno, inerrno || instat.st_size == 0);
+ 	  }
+@@ -998,8 +1000,14 @@ intuit_diff_type (bool need_header, mode
+ 	inerrno = stat_errno[i];
+ 	invc = version_controlled[i];
+ 	instat = st[i];
++	incontext = con[i];
++	con[i] = NULL;
+       }
+ 
++    for (i = OLD; i <= INDEX; i++)
++      if (con[i])
++	freecon (con[i]);
++
+     return retval;
+ }
+ 
+diff -up patch-2.7.6/src/util.c.selinux patch-2.7.6/src/util.c
+--- patch-2.7.6/src/util.c.selinux	2018-02-03 12:41:49.000000000 +0000
++++ patch-2.7.6/src/util.c	2018-02-12 12:29:44.417225374 +0000
+@@ -300,6 +300,23 @@ set_file_attributes (char const *to, enu
+ 		S_ISLNK (mode) ? "symbolic link" : "file",
+ 		quotearg (to));
+     }
++  if (attr & FA_SECCONTEXT)
++    {
++      security_context_t outcontext;
++      if (incontext && getfilecon (to, &outcontext) != -1 && outcontext)
++	{
++	  if (strcmp (outcontext, incontext) &&
++	      setfilecon (to, incontext) != 0)
++	    {
++	      freecon (outcontext);
++	      if (errno != ENOTSUP && errno != EPERM)
++		pfatal ("Can't set security context on file %s",
++			quotearg (to));
++	    }
++	  else
++	    freecon (outcontext);
++	}
++    }
+ }
+ 
+ static void
+@@ -446,7 +463,7 @@ move_file (char const *from, bool *from_
+   struct stat to_st;
+   int to_errno;
+ 
+-  to_errno = stat_file (to, &to_st);
++  to_errno = stat_file (to, &to_st, NULL);
+   if (backup)
+     create_backup (to, to_errno ? NULL : &to_st, false);
+   if (! to_errno)
+@@ -818,7 +835,8 @@ version_controller (char const *filename
+    Return true if successful.  */
+ bool
+ version_get (char const *filename, char const *cs, bool exists, bool readonly,
+-	     char const *getbuf, struct stat *filestat)
++	     char const *getbuf, struct stat *filestat,
++	     security_context_t *filecontext)
+ {
+   if (patch_get < 0)
+     {
+@@ -843,6 +861,13 @@ version_get (char const *filename, char
+ 	fatal ("Can't get file %s from %s", quotearg (filename), cs);
+       if (safe_stat (filename, filestat) != 0)
+ 	pfatal ("%s", quotearg (filename));
++      if (filecontext && getfilecon (filename, filecontext) == -1)
++	{
++	  if (errno == ENODATA || errno == ENOTSUP)
++	    *filecontext = NULL;
++	  else
++	    pfatal ("%s", quotearg (filename));
++	}
+     }
+ 
+   return 1;
+@@ -1670,12 +1695,28 @@ make_tempfile (char const **name, char l
+   return fd;
+ }
+ 
+-int stat_file (char const *filename, struct stat *st)
++int stat_file (char const *filename, struct stat *st, security_context_t *con)
+ {
+   int (*xstat)(char const *, struct stat *) =
+     follow_symlinks ? safe_stat : safe_lstat;
++  int (*xgetfilecon)(char const *, security_context_t *) =
++    follow_symlinks ? getfilecon : lgetfilecon;
++
++  if (xstat (filename, st) == 0)
++    {
++      if (con)
++	{
++	  if (xgetfilecon (filename, con) != -1 ||
++	      errno == ENODATA || errno == ENOTSUP)
++	    return 0;
+ 
+-  return xstat (filename, st) == 0 ? 0 : errno;
++	  *con = NULL;
++	}
++      else
++	return 0;
++    }
++ 
++  return errno;
+ }
+ 
+ /* Check if a filename is relative and free of ".." components.
+diff -up patch-2.7.6/src/util.h.selinux patch-2.7.6/src/util.h
+--- patch-2.7.6/src/util.h.selinux	2018-02-03 12:41:49.000000000 +0000
++++ patch-2.7.6/src/util.h	2018-02-12 12:30:08.533190949 +0000
+@@ -44,7 +44,7 @@ char *parse_name (char const *, int, cha
+ char *savebuf (char const *, size_t);
+ char *savestr (char const *);
+ char const *version_controller (char const *, bool, struct stat const *, char **, char **);
+-bool version_get (char const *, char const *, bool, bool, char const *, struct stat *);
++bool version_get (char const *, char const *, bool, bool, char const *, struct stat *, security_context_t *);
+ int create_file (char const *, int, mode_t, bool);
+ int systemic (char const *);
+ char *format_linenum (char[LINENUM_LENGTH_BOUND + 1], lin);
+@@ -67,7 +67,7 @@ void insert_file_id (struct stat const *
+ enum file_id_type lookup_file_id (struct stat const *);
+ void set_queued_output (struct stat const *, bool);
+ bool has_queued_output (struct stat const *);
+-int stat_file (char const *, struct stat *);
++int stat_file (char const *, struct stat *, security_context_t *);
+ bool filename_is_safe (char const *) _GL_ATTRIBUTE_PURE;
+ bool cwd_is_root (char const *);
+ 
+@@ -75,7 +75,8 @@ enum file_attributes {
+   FA_TIMES = 1,
+   FA_IDS = 2,
+   FA_MODE = 4,
+-  FA_XATTRS = 8
++  FA_XATTRS = 8,
++  FA_SECCONTEXT = 16
+ };
+ 
+ void set_file_attributes (char const *, enum file_attributes, char const *,

SPECS/patch.spec

@@ -0,0 +1,470 @@
+%global gnulib_ver 20180203
+
+Summary: Utility for modifying/upgrading files
+Name: patch
+Version: 2.7.6
+Release: 16%{?dist}
+License: GPLv3+
+URL: https://savannah.gnu.org/projects/patch/
+Source: https://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
+Patch0: patch-2.7.6-avoid-set_file_attributes-sign-conversion-warnings.patch
+patch1: patch-2.7.6-test-suite-compatibility-fixes.patch
+Patch2: patch-2.7.6-fix-korn-shell-incompatibility.patch
+Patch3: patch-2.7.6-fix-segfault-with-mangled-rename-patch.patch
+Patch4: patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+Patch5: patch-CVE-2018-1000156.patch
+Patch6: patch-2.7.6-CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell.patch
+Patch7: patch-2.7.6-switch-from-fork-execlp-to-execute.patch
+Patch8: patch-2.7.6-cleanups-in-do_ed_script.patch
+Patch9: patch-2.7.6-avoid-warnings-gcc8.patch
+Patch10: patch-2.7.6-check-of-return-value-of-fwrite.patch
+Patch11: patch-2.7.6-fix-ed-style-test-failure.patch
+Patch12: patch-2.7.6-dont-leak-temporary-file-on-failed-ed-style-patch.patch
+Patch13: patch-2.7.6-dont-leak-temporary-file-on-failed-multi-file-ed-style-patch.patch
+Patch14: patch-2.7.6-make-debug-output-more-useful.patch
+Patch15: patch-2.7.6-CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap.patch
+Patch16: patch-2.7.6-improve_support_for_memory_leak_detection.patch
+patch17: patch-2.7.6-skip-ed-test-when-the-ed-utility-is-not-installed.patch
+Patch18: patch-2.7.6-abort_when_cleaning_up_fails.patch
+Patch19: patch-2.7.6-crash-RLIMIT_NOFILE.patch
+Patch20: patch-2.7.6-CVE-2019-13636-symlinks.patch
+Patch21: patch-2.7.6-avoid-invalid-memory-access-in-context-format-diffs.patch
+Patch22: patch-2.7.6-CVE-2018-17942.patch
+Patch23: patch-2.7.6-failed_assertion.patch
+Patch100: patch-selinux.patch
+
+BuildRequires: make
+BuildRequires: gcc
+BuildRequires: libselinux-devel
+BuildRequires: libattr-devel
+BuildRequires: ed
+BuildRequires: autoconf automake
+
+Requires: ed
+
+Provides: bundled(gnulib) = %{gnulib_ver}
+
+%description
+The patch program applies diff files to originals.  The diff command
+is used to compare an original to a changed file.  Diff lists the
+changes made to the file.  A person who has the original file can then
+use the patch command with the diff file to add the changes to their
+original file (patching the file).
+
+Patch should be installed because it is a common way of upgrading
+applications.
+
+%prep
+%setup -q
+%patch0 -p1 -b .avoid-set_file_attributes-sign-conversion-warnings
+%patch1 -p1 -b .test-suite-compatibility-fixes
+%patch2 -p1 -b .fix-korn-shell-incompatibility
+%patch3 -p1 -b .fix-segfault-with-mangled-rename-patch
+%patch4 -p1 -b .allow-input-files-to-be-missing-for-ed-style-patches
+# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
+%patch5 -p1 -b .CVE-2018-1000156
+%patch6 -p1 -b .CVE-2019-13638-invoked-ed-directly-instead-of-using-the-shell
+%patch7 -p1 -b .switch-from-fork-execlp-to-execute
+%patch8 -p1 -b .cleanups-in-do_ed_script
+%patch9 -p1 -b .avoid-warnings-gcc8
+%patch10 -p1 -b .check-of-return-value-of-fwrite
+%patch11 -p1 -b .fix-ed-style-test-failure
+%patch12 -p1 -b .dont-leak-temporary-file-on-failed-ed-style-patch
+%patch13 -p1 -b .dont-leak-temporary-file-on-failed-multi-file-ed-style-patch
+%patch14 -p1 -b .make-debug-output-more-useful
+%patch15 -p1 -b .CVE-2018-6952-fix-swapping-fake-lines-in-pch_swap
+%patch16 -p1 -b .improve_support_for_memory_leak_detection
+%patch17 -p1 -b .skip-ed-test-when-the-ed-utility-is-not-installed
+%patch18 -p1 -b .abort_when_cleaning_up_fails
+%patch19 -p1 -b .crash-RLIMIT_NOFILE
+%patch20 -p1 -b .CVE-2019-13636-symlinks
+%patch21 -p1 -b .avoid-invalid-memory-access-in-context-format-diffs
+# CVE-2018-17942 gnulib: heap-based buffer overflow
+%patch22 -p1 -b .CVE-2018-17942-gnulib_buffer_overflow
+%patch23 -p1 -b .failed_assertion
+# SELinux support.
+%patch100 -p1 -b .selinux
+
+%build
+CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE"
+%ifarch sparcv9
+CFLAGS=`echo $CFLAGS|sed -e 's|-fstack-protector||g'`
+%endif
+autoreconf
+%configure --disable-silent-rules
+%make_build
+
+%check
+make check
+
+%install
+%makeinstall
+
+%files
+%license COPYING
+%doc NEWS README
+%{_bindir}/*
+%{_mandir}/*/*
+
+%changelog
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-16
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.7.6-15
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Mon Jul 29 2019 Than Ngo <than@redhat.com> - 2.7.6-11
+- fixed #1733917, CVE-2019-13638 patch: OS shell command injection when processing crafted patch files 
+
+* Wed Jul 24 2019 Than Ngo <than@redhat.com> - 2.7.6-10
+- backported patch, abort when cleaning up fails
+- backported patch, improve support for memory leak detection
+- backported patch, don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+- backported patch, CVE-2019-13636, don't follow symlinks unless --follow-symlinks is given
+- backported patch, avoid invalid memory accessin context format diffs
+- backported patch, fix failed assertion
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Nov 26 2018 Than Ngo <than@redhat.com> - 2.7.6-8
+- Added virtual provides for bundled gnulib library
+- Fixed CVE-2018-17942, gnulib: heap-based buffer overflow
+
+* Thu Oct 11 2018 Than Ngo <than@redhat.com> - 2.7.6-7
+- Fixed #1582675 - Patch can be crashed and coredumped with a trivial wrong command
+
+* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
+- Fixed #1554752 - Double free of memory, CVE-2018-6952
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu May  3 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-4
+- Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary
+  commands.
+
+* Mon Feb 12 2018 Tim Waugh <twaugh@redhat.com> - 2.7.6-3
+- 2.7.6 (CVE-2016-10713, CVE-2018-6951, CVE-2018-6952).
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Feb 01 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.7.5-4
+- Add missing %%license macro
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon Mar  9 2015 Tim Waugh <twaugh@redhat.com> - 2.7.5-1
+- Fixed memory leak in selinux patch.
+- 2.7.5, including an even better fix for CVE-2015-1196 that still
+  allows relative symlinks to be created/used.
+
+* Sat Feb 21 2015 Till Maas <opensource@till.name> - 2.7.4-2
+- Rebuilt for Fedora 23 Change
+  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
+
+* Sun Feb  1 2015 Tim Waugh <twaugh@redhat.com> - 2.7.4-1
+- 2.7.4, including a better fix for CVE-2015-1196 that still allows
+  symlinks referencing ".." to be created.
+
+* Fri Jan 23 2015 Tim Waugh <twaugh@redhat.com> - 2.7.3-1
+- 2.7.3 (bug #1182157, CVE-2015-1196, bug #1184491, CVE-2014-9637).
+
+* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-12
+- Apply upstream patch to fix line numbering integer overflow.
+
+* Tue Jan 20 2015 Tim Waugh <twaugh@redhat.com> - 2.7.1-11
+- Apply upstream patch to fix directory traversal via symlinks
+  (bug #1182157, CVE-2015-1196).
+
+* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jun 12 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-6
+- Don't segfault when given bad arguments (bug #972330).
+
+* Thu Apr 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-5
+- Don't document unsupported -m option; document -x option (bug #948972).
+
+* Mon Mar 25 2013 Ville Skyttä <ville.skytta@iki.fi> - 2.7.1-4
+- Build with xattr support.
+- Make build output more verbose.
+- Fix bogus date in %%changelog.
+
+* Mon Mar 11 2013 Tim Waugh <twaugh@redhat.com> 2.7.1-3
+- Upstream patch to fix removal of empty directories (bug #919489).
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7.1-1
+- Fixed license (since 2.6 it has been GPLv3+).
+- 2.7.1.
+
+* Thu Oct 18 2012 Tim Waugh <twaugh@redhat.com> 2.7-1
+- 2.7.  No longer need sigsegv, get-arg, CVE-2010-4651,
+  backup-if-mismatch or coverity-leak patches.
+
+* Fri Jul 20 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Fri Nov 25 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-11
+- Fixed NULL dereference in selinux patch.
+
+* Mon May 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-10
+- Applied Jiri Popelka's fixes from Coverity scan (bug #704554):
+  - Avoid unchecked return from getfilecon() in patch-selinux.patch.
+  - Fix memory leak.
+
+* Wed Feb 16 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-9
+- Let --posix cause --no-backup-if-mismatch (bug #678016).
+
+* Thu Feb 10 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-8
+- Incorporate upstream fix for CVE-2010-4651 patch so that a target
+  name given on the command line is not validated (bug #667529).
+
+* Tue Feb  8 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-7
+- Applied upstream patch to fix CVE-2010-4651 so that malicious
+  patches cannot create files above the current directory
+  (bug #667529).
+
+* Tue Jan  4 2011 Tim Waugh <twaugh@redhat.com> 2.6.1-6
+- Use smp_mflags correctly (bug #665770).
+
+* Mon Aug 16 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-5
+- Another fix for the selinux patch (bug #618215).
+
+* Fri Aug  6 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-4
+- Fixed interpretation of return value from getfilecon().
+- Fixed argument type for --get (bug #553624).
+
+* Fri Aug  6 2010 Dennis Gilmore <dennis@ausil.us>
+- using -fstack-projector causes weirdness on 32 bit sparc so disabling for now
+
+* Tue Jul 27 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-3
+- Fixed argument type for --get (bug #553624).
+
+* Wed Mar  3 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-2
+- Added comments for all patches.
+- Ship COPYING file.
+- Removed sparc ifdefs in spec file.
+
+* Mon Jan  4 2010 Tim Waugh <twaugh@redhat.com> 2.6.1-1
+- 2.6.1 (bug #551569).  No longer need best-name patch.
+
+* Thu Dec 24 2009 Tim Waugh <twaugh@redhat.com> 2.6-2
+- Applied upstream patch to prevent incorrect filename being chosen
+  when adding a new file (bug #549122).
+
+* Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 2.6-1
+- 2.6.  No longer need stderr, suffix, stripcr, parse, allow-spaces,
+  ifdef, program_name, or posix-backup patches.
+
+* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Wed Apr 29 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-39
+- Fixed operation when SELinux is disabled (bug #498102).  Patch from
+  Jan Kratochvil.
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.4-38
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 17 2009 Tim Waugh <twaugh@redhat.com> 2.5.4-37
+- Don't set SELinux file context if it is already correct.
+
+* Mon Nov 24 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-36
+- Better summary.
+
+* Mon Jun 30 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-35
+- Don't fail if setfilecon() returns EPERM (bug #453365), although the
+  setfilecon man page suggests that ENOTSUP will be returned in this
+  case.
+
+* Mon Jun 16 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-34
+- Only write simple backups for each file once during a run
+  (bug #234822).
+
+* Thu Jun 12 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-33
+- Fix selinux patch and apply it.  Build requires libselinux-devel.
+
+* Fri Feb  8 2008 Tim Waugh <twaugh@redhat.com> 2.5.4-32
+- Applied patch from 2.5.9 to allow spaces in filenames (bug #431887).
+
+* Mon Dec  3 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-31
+- Convert spec file to UTF-8 (bug #226233).
+- Use _bindir macro in %%files (bug #226233).
+- Parallel make (bug #226233).
+- Better defattr declaration (bug #226233).
+
+* Thu Oct  4 2007 Tim Waugh <twaugh@redhat.com>
+- Beginnings of an SELinux patch (bug #165799); not applied yet.
+
+* Wed Aug 29 2007 Tim Waugh <twaugh@redhat.com> 2.5.4-30
+- Added dist tag.
+- More specific license tag.
+- Fixed summary.
+- Better buildroot tag.
+
+* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.2
+- rebuild
+
+* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2.1
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 2.5.4-29.2
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
+- rebuilt
+
+* Thu Sep  8 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-29
+- Remove SELinux patch for now (bug #167822).
+
+* Wed Sep  7 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-27
+- Applied patch from Ulrich Drepper to fix string overread (bug #167675).
+
+* Tue Sep  6 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-26
+- Preserve SELinux file contexts (bug #165799).
+
+* Thu Aug 11 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-25
+- Fixed CRLF detection (bug #154283).
+
+* Wed May  4 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-24
+- Reverted last change (bug #154283, bug #156762).
+
+* Fri Apr 29 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-23
+- Applied patch from Toshio Kuratomi to avoid problems with DOS-format
+  newlines (bug #154283).
+
+* Wed Mar  2 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-22
+- Rebuild for new GCC.
+
+* Wed Feb  9 2005 Tim Waugh <twaugh@redhat.com> 2.5.4-21
+- Rebuilt.
+
+* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Sat Oct 25 2003 Tim Waugh <twaugh@redhat.com> 2.5.4-18
+- Rebuilt.
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
+- rebuilt
+
+* Wed Nov 20 2002 Tim Powers <timp@redhat.com>
+- rebuilt in current collinst
+
+* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Thu May 23 2002 Tim Powers <timp@redhat.com>
+- automated rebuild
+
+* Tue Apr  9 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-12
+- Fix error reporting when given bad options (bug #62981).
+
+* Tue Mar  5 2002 Tim Waugh <twaugh@redhat.com> 2.5.4-11
+- s/Copyright:/License:/.
+- Fix -D behaviour (bug #60688).
+
+* Tue May 29 2001 Tim Waugh <twaugh@redhat.com> 2.5.4-10
+- Merge Mandrake patch:
+  - fix possible segfault
+
+* Fri Dec  1 2000 Tim Waugh <twaugh@redhat.com>
+- Rebuild because of fileutils bug.
+
+* Thu Nov  2 2000 Tim Waugh <twaugh@redhat.com>
+- use .orig as default suffix, as per man page and previous behaviour
+  (bug #20202).
+- use better patch for this, from maintainer.
+
+* Wed Oct  4 2000 Tim Waugh <twaugh@redhat.com>
+- actually use the RPM_OPT_FLAGS
+
+* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
+- automatic rebuild
+
+* Tue Jun 13 2000 Trond Eivind Glomsrød <teg@redhat.com>
+- Use %%makeinstall, %%{_tmppath} and %%{_mandir}
+
+* Fri May 12 2000 Trond Eivind Glomsrød <teg@redhat.com>
+- added URL
+
+* Wed Feb 16 2000 Bernhard Rosenkraenzer <bero@redhat.com>
+- 2.5.4
+- Fix up LFS support on Alpha (Bug #5732)
+
+* Mon Feb  7 2000 Bill Nottingham <notting@redhat.com>
+- handle compressed manpages
+
+* Sun Jun 06 1999 Alan Cox <alan@redhat.com>
+- Fix the case where stderr isnt flushed for ask(). Now the 'no such file'
+  appears before the skip patch question, not at the very end, Doh!
+
+* Mon Mar 22 1999 Jeff Johnson <jbj@redhat.com>
+- (ultra?) sparc was getting large file system support.
+
+* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
+- auto rebuild in the new build environment (release 7)
+
+* Fri Dec 18 1998 Cristian Gafton <gafton@redhat.com>
+- build against glibc 2.1
+
+* Tue Sep  1 1998 Jeff Johnson <jbj@redhat.com>
+- bump release to preserve newer than back-ported 4.2.
+
+* Tue Jun 09 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr
+
+* Tue Jun  9 1998 Jeff Johnson <jbj@redhat.com>
+- Fix for problem #682 segfault.
+
+* Fri Apr 24 1998 Prospector System <bugs@redhat.com>
+- translations modified for de, fr, tr
+
+* Tue Apr 07 1998 Cristian Gafton <gafton@redhat.com>
+- added buildroot
+
+* Tue Oct 21 1997 Cristian Gafton <gafton@redhat.com>
+- updated to 2.5
+
+* Mon Jun 02 1997 Erik Troan <ewt@redhat.com>
+- built against glibc