Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patch for openSUSE:Factory checked in at 2026-07-12 16:19:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/patch (Old) and /work/SRC/openSUSE:Factory/.patch.new.1991 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patch" Sun Jul 12 16:19:47 2026 rev:51 rq:1364855 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/patch/patch.changes 2026-02-03 21:25:43.938096881 +0100 +++ /work/SRC/openSUSE:Factory/.patch.new.1991/patch.changes 2026-07-12 16:19:50.013288541 +0200 @@ -1,0 +2,9 @@ +Thu Jul 9 14:44:39 UTC 2026 - Jean Delvare <[email protected]> + +- dont-infloop-on-null-ranges.patch: Apply the same checks to + null ranges as are applied to non-null ranges (bsc#1271166 + CVE-2026-56289). +- avoid-null-pointer-derefence-with-bad-hunks.patch: Avoid null + pointer derefence with bad hunks (bsc#1271167 CVE-2026-56288). + +------------------------------------------------------------------- New: ---- avoid-null-pointer-derefence-with-bad-hunks.patch dont-infloop-on-null-ranges.patch ----------(New B)---------- New: CVE-2026-56289). - avoid-null-pointer-derefence-with-bad-hunks.patch: Avoid null pointer derefence with bad hunks (bsc#1271167 CVE-2026-56288). New: - dont-infloop-on-null-ranges.patch: Apply the same checks to null ranges as are applied to non-null ranges (bsc#1271166 ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ patch.spec ++++++ --- /var/tmp/diff_new_pack.VQvfaP/_old 2026-07-12 16:19:50.909318619 +0200 +++ /var/tmp/diff_new_pack.VQvfaP/_new 2026-07-12 16:19:50.909318619 +0200 @@ -1,7 +1,7 @@ # # spec file for package patch # -# Copyright (c) 2026 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # Copyright (c) 2025 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -30,6 +30,8 @@ Source3: patch.keyring Patch14: CVE-2019-20633.patch Patch15: CVE-2021-45261.patch +Patch16: avoid-null-pointer-derefence-with-bad-hunks.patch +Patch17: dont-infloop-on-null-ranges.patch BuildRequires: ed # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was # invoking patch, so interdiff had to be fixed too. ++++++ avoid-null-pointer-derefence-with-bad-hunks.patch ++++++ From: Paul Eggert <[email protected]> Date: Tue, 21 Apr 2026 10:05:02 -0700 Subject: Avoid null pointer derefence with bad hunks Git-commit: e6d6a4e021660679d7fc9150f981d4920f722313 Patch-mainline: yes References: bsc#1271167 CVE-2026-56288 Problem reported by Michał Majchrowicz. * src/pch.c (another_hunk): Keep chars_read positive even with malformed hunks. --- src/pch.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) --- a/src/pch.c +++ b/src/pch.c @@ -1698,7 +1698,8 @@ another_hunk (enum diff difftype, bool r p_end = filldst-1; malformed (); } - chars_read -= fillsrc == p_ptrn_lines && incomplete_line (); + chars_read -= (1 < chars_read && fillsrc == p_ptrn_lines + && incomplete_line ()); p_Char[fillsrc] = ch; p_line[fillsrc] = s; p_len[fillsrc++] = chars_read; @@ -1715,7 +1716,8 @@ another_hunk (enum diff difftype, bool r malformed (); } context++; - chars_read -= fillsrc == p_ptrn_lines && incomplete_line (); + chars_read -= (1 < chars_read && fillsrc == p_ptrn_lines + && incomplete_line ()); p_Char[fillsrc] = ch; p_line[fillsrc] = s; p_len[fillsrc++] = chars_read; @@ -1729,7 +1731,8 @@ another_hunk (enum diff difftype, bool r p_end = fillsrc-1; malformed (); } - chars_read -= filldst == p_end && incomplete_line (); + chars_read -= (1 < chars_read && filldst == p_end + && incomplete_line ()); p_Char[filldst] = ch; p_line[filldst] = s; p_len[filldst++] = chars_read; @@ -1812,7 +1815,8 @@ another_hunk (enum diff difftype, bool r fatal (("'<' followed by space or tab expected" " at line %td of patch"), p_input_line); - chars_read -= 2 + (i == p_ptrn_lines && incomplete_line ()); + chars_read -= 2 + (3 < chars_read && i == p_ptrn_lines + && incomplete_line ()); p_len[i] = chars_read; p_line[i] = savebuf (patchbuf + 2, chars_read); p_Char[i] = '-'; @@ -1837,7 +1841,8 @@ another_hunk (enum diff difftype, bool r fatal (("'>' followed by space or tab expected" " at line %td of patch"), p_input_line); - chars_read -= 2 + (i == p_end && incomplete_line ()); + chars_read -= 2 + (3 < chars_read && i == p_end + && incomplete_line ()); p_len[i] = chars_read; p_line[i] = savebuf (patchbuf + 2, chars_read); p_Char[i] = '+'; ++++++ dont-infloop-on-null-ranges.patch ++++++ From: Paul Eggert <[email protected]> Date: Tue, 21 Apr 2026 13:16:10 -0700 Subject: Don't infloop on null ranges Git-commit: faba04ef4f2b410257f76c1b9dc85e350929c4b9 Patch-mainline: yes References: bsc#1271166 CVE-2026-56289 Problem reported by Michał Majchrowicz. * src/patch.c (locate_hunk): Don’t attempt to optimize matches of a null range. Instead, apply all the checks we apply to non-null ranges. --- src/patch.c | 3 --- 1 file changed, 3 deletions(-) --- a/src/patch.c +++ b/src/patch.c @@ -1166,9 +1166,6 @@ locate_hunk (idx_t fuzz) ptrdiff_t max_offset = MAX (max_pos_offset, max_neg_offset); ptrdiff_t min_offset; - if (!pat_lines) /* null range matches always */ - return first_guess; - /* Do not try lines <= 0. */ if (first_guess <= max_neg_offset) max_neg_offset = first_guess - 1;
