Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package patch for openSUSE:Factory checked 
in at 2026-07-12 16:19:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/patch (Old)
 and      /work/SRC/openSUSE:Factory/.patch.new.1991 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "patch"

Sun Jul 12 16:19:47 2026 rev:51 rq:1364855 version:2.8

Changes:
--------
--- /work/SRC/openSUSE:Factory/patch/patch.changes      2026-02-03 
21:25:43.938096881 +0100
+++ /work/SRC/openSUSE:Factory/.patch.new.1991/patch.changes    2026-07-12 
16:19:50.013288541 +0200
@@ -1,0 +2,9 @@
+Thu Jul  9 14:44:39 UTC 2026 - Jean Delvare <[email protected]>
+
+- dont-infloop-on-null-ranges.patch: Apply the same checks to
+  null ranges as are applied to non-null ranges (bsc#1271166
+  CVE-2026-56289).
+- avoid-null-pointer-derefence-with-bad-hunks.patch: Avoid null
+  pointer derefence with bad hunks (bsc#1271167 CVE-2026-56288).
+
+-------------------------------------------------------------------

New:
----
  avoid-null-pointer-derefence-with-bad-hunks.patch
  dont-infloop-on-null-ranges.patch

----------(New B)----------
  New:  CVE-2026-56289).
- avoid-null-pointer-derefence-with-bad-hunks.patch: Avoid null
  pointer derefence with bad hunks (bsc#1271167 CVE-2026-56288).
  New:
- dont-infloop-on-null-ranges.patch: Apply the same checks to
  null ranges as are applied to non-null ranges (bsc#1271166
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ patch.spec ++++++
--- /var/tmp/diff_new_pack.VQvfaP/_old  2026-07-12 16:19:50.909318619 +0200
+++ /var/tmp/diff_new_pack.VQvfaP/_new  2026-07-12 16:19:50.909318619 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package patch
 #
-# Copyright (c) 2026 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 # Copyright (c) 2025 Andreas Stieger <[email protected]>
 #
 # All modifications and additions to the file contributed by third parties
@@ -30,6 +30,8 @@
 Source3:        patch.keyring
 Patch14:        CVE-2019-20633.patch
 Patch15:        CVE-2021-45261.patch
+Patch16:        avoid-null-pointer-derefence-with-bad-hunks.patch
+Patch17:        dont-infloop-on-null-ranges.patch
 BuildRequires:  ed
 # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was
 # invoking patch, so interdiff had to be fixed too.

++++++ avoid-null-pointer-derefence-with-bad-hunks.patch ++++++
From: Paul Eggert <[email protected]>
Date: Tue, 21 Apr 2026 10:05:02 -0700
Subject: Avoid null pointer derefence with bad hunks
Git-commit: e6d6a4e021660679d7fc9150f981d4920f722313
Patch-mainline: yes
References: bsc#1271167 CVE-2026-56288

Problem reported by Michał Majchrowicz.
* src/pch.c (another_hunk): Keep chars_read positive
even with malformed hunks.
---
 src/pch.c |   15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

--- a/src/pch.c
+++ b/src/pch.c
@@ -1698,7 +1698,8 @@ another_hunk (enum diff difftype, bool r
                    p_end = filldst-1;
                    malformed ();
                }
-               chars_read -= fillsrc == p_ptrn_lines && incomplete_line ();
+               chars_read -= (1 < chars_read && fillsrc == p_ptrn_lines
+                              && incomplete_line ());
                p_Char[fillsrc] = ch;
                p_line[fillsrc] = s;
                p_len[fillsrc++] = chars_read;
@@ -1715,7 +1716,8 @@ another_hunk (enum diff difftype, bool r
                    malformed ();
                }
                context++;
-               chars_read -= fillsrc == p_ptrn_lines && incomplete_line ();
+               chars_read -= (1 < chars_read && fillsrc == p_ptrn_lines
+                              && incomplete_line ());
                p_Char[fillsrc] = ch;
                p_line[fillsrc] = s;
                p_len[fillsrc++] = chars_read;
@@ -1729,7 +1731,8 @@ another_hunk (enum diff difftype, bool r
                    p_end = fillsrc-1;
                    malformed ();
                }
-               chars_read -= filldst == p_end && incomplete_line ();
+               chars_read -= (1 < chars_read && filldst == p_end
+                              && incomplete_line ());
                p_Char[filldst] = ch;
                p_line[filldst] = s;
                p_len[filldst++] = chars_read;
@@ -1812,7 +1815,8 @@ another_hunk (enum diff difftype, bool r
              fatal (("'<' followed by space or tab expected"
                      " at line %td of patch"),
                     p_input_line);
-           chars_read -= 2 + (i == p_ptrn_lines && incomplete_line ());
+           chars_read -= 2 + (3 < chars_read && i == p_ptrn_lines
+                              && incomplete_line ());
            p_len[i] = chars_read;
            p_line[i] = savebuf (patchbuf + 2, chars_read);
            p_Char[i] = '-';
@@ -1837,7 +1841,8 @@ another_hunk (enum diff difftype, bool r
              fatal (("'>' followed by space or tab expected"
                      " at line %td of patch"),
                     p_input_line);
-           chars_read -= 2 + (i == p_end && incomplete_line ());
+           chars_read -= 2 + (3 < chars_read && i == p_end
+                              && incomplete_line ());
            p_len[i] = chars_read;
            p_line[i] = savebuf (patchbuf + 2, chars_read);
            p_Char[i] = '+';

++++++ dont-infloop-on-null-ranges.patch ++++++
From: Paul Eggert <[email protected]>
Date: Tue, 21 Apr 2026 13:16:10 -0700
Subject: Don't infloop on null ranges
Git-commit: faba04ef4f2b410257f76c1b9dc85e350929c4b9
Patch-mainline: yes
References: bsc#1271166 CVE-2026-56289

Problem reported by Michał Majchrowicz.
* src/patch.c (locate_hunk): Don’t attempt to optimize
matches of a null range.  Instead, apply all the checks
we apply to non-null ranges.
---
 src/patch.c |    3 ---
 1 file changed, 3 deletions(-)

--- a/src/patch.c
+++ b/src/patch.c
@@ -1166,9 +1166,6 @@ locate_hunk (idx_t fuzz)
     ptrdiff_t max_offset = MAX (max_pos_offset, max_neg_offset);
     ptrdiff_t min_offset;
 
-    if (!pat_lines)                    /* null range matches always */
-       return first_guess;
-
     /* Do not try lines <= 0.  */
     if (first_guess <= max_neg_offset)
        max_neg_offset = first_guess - 1;

Reply via email to