Go to file
Jean Delvare c3fb4c48e5 Don't leak temporary file on failed multi-file ed-style patch
The previous fix worked fine with single-file ed-style patches, but
would still leak temporary files in the case of multi-file ed-style
patch. Fix that case as well, and extend the test case to check for
it.

* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
  the next file in a patch.

This closes bug #53820:
https://savannah.gnu.org/bugs/index.php?53820

Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")

Gbp-Pq: Name 0007-Do_not_leak_temporary_file_on_failed_multi-file.patch
2022-05-14 02:38:25 +08:00
build-aux Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
debian Import Debian changes 2.7.6-ok1 2022-05-14 02:38:20 +08:00
lib Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
m4 Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
pc Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
src Don't leak temporary file on failed multi-file ed-style patch 2022-05-14 02:38:25 +08:00
tests Don't leak temporary file on failed multi-file ed-style patch 2022-05-14 02:38:25 +08:00
.tarball-version Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
.version Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
AUTHORS Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
COPYING Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
ChangeLog Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
ChangeLog-2011 Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
GNUmakefile Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
INSTALL Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
Makefile.am Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
Makefile.in Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
NEWS Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
README Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
TODO Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
aclocal.m4 Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
bootstrap Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
cfg.mk Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
config.hin Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
configure Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
configure.ac Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
maint.mk Import Upstream version 2.7.6 2022-05-14 02:38:20 +08:00
patch.man backupmode 2022-05-14 02:38:24 +08:00

README

This is GNU patch, which applies diff files to original files.

This version of patch has many changes made by the Free Software Foundation.
They add support for:
 * handling arbitrary binary data and large files
 * the unified context diff format that GNU diff can produce
 * merging into files instead of creating reject files
 * making GNU Emacs-style backup files
 * improved interaction with RCS and SCCS
 * the GNU conventions for option parsing and configuring and compilation.
 * better POSIX compliance
They also fix some bugs.

If you obtained this file as part of a "git clone", then see the
README-hacking file.  If this file came to you as part of a tar archive,
then see the file INSTALL for compilation and installation instructions.

See the file NEWS for a list of major changes in the current release.
A more detailed description of all changes can be found in the file ChangeLog
in tar archives, and with "git log" which shows the version control history.

Tutorial-style documentation for patch is included in the GNU
Diffutils package; get GNU Diffutils 2.8 or later for up-to-date
documentation for patch.

Use `configure --disable-largefile' to disable large file support;
this is reportedly necessary on Red Hat GNU/Linux 6.0 to avoid a C library bug.
For MS-DOS using DJGPP tools, see the file pc/djgpp/README.
For other systems, copy config.hin to config.h and change
#undef statements in it to #define as appropriate for your system,
and copy Makefile.in to Makefile and set the variables that are
enclosed in @ signs as appropriate for your system.

Please send bug reports for this version of patch to
<bug-patch@gnu.org>.

The Free Software Foundation is distributing this version of patch
independently because as of this writing, Larry Wall has not released a
new version of patch since mid-1988.  We have heard that he has been
too busy working on other things, like Perl.  He has graciously agreed
to let GNU `patch' be distributed under the terms of the GNU General
Public License.

------

Copyright (C) 1984, 1985, 1986, 1987, 1988 Larry Wall

Copyright (C) 1989-1993, 1997, 1999, 2002, 2009, 2011-2012 Free Software
Foundation, Inc.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.