Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package patch for openSUSE:Factory checked in at 2026-02-03 21:25:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/patch (Old) and /work/SRC/openSUSE:Factory/.patch.new.1995 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patch" Tue Feb 3 21:25:32 2026 rev:50 rq:1329975 version:2.8 Changes: -------- --- /work/SRC/openSUSE:Factory/patch/patch.changes 2025-04-20 20:05:56.848031668 +0200 +++ /work/SRC/openSUSE:Factory/.patch.new.1995/patch.changes 2026-02-03 21:25:43.938096881 +0100 @@ -1,0 +2,6 @@ +Thu Jan 29 09:24:15 UTC 2026 - Jean Delvare <[email protected]> + +- CVE-2021-45261.patch: Clear range of pointers before they are + used/freed (boo#1194037 CVE-2021-45261). + +------------------------------------------------------------------- New: ---- CVE-2021-45261.patch ----------(New B)---------- New: - CVE-2021-45261.patch: Clear range of pointers before they are used/freed (boo#1194037 CVE-2021-45261). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ patch.spec ++++++ --- /var/tmp/diff_new_pack.KB5QNW/_old 2026-02-03 21:25:44.922138165 +0100 +++ /var/tmp/diff_new_pack.KB5QNW/_new 2026-02-03 21:25:44.926138333 +0100 @@ -1,7 +1,7 @@ # # spec file for package patch # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2026 SUSE LLC # Copyright (c) 2025 Andreas Stieger <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -29,6 +29,7 @@ # https://savannah.gnu.org/people/viewgpg.php?user_id=15000 Source3: patch.keyring Patch14: CVE-2019-20633.patch +Patch15: CVE-2021-45261.patch BuildRequires: ed # See bnc#662957. The fix for CVE-2010-4651 breaks the way interdiff was # invoking patch, so interdiff had to be fixed too. ++++++ CVE-2021-45261.patch ++++++ From: Petr Sumbera <[email protected]> Subject: Clear range of pointers before they are used/freed References: boo#1194037 CVE-2021-45261 Patch-mainline: Not yet, submitted to bug tracker at https://savannah.gnu.org/bugs/?61685 Fix the following segmentation fault: ==46183==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x7fae9677ec86 bp 0xbebebebebebebebe sp 0x7ffc4350de80 T0) ==46183==The signal is caused by a READ memory access. ==46183==Hint: this fault was caused by a dereference of a high value address (see register values below). Dissassemble the provided pc to learn which register was used. #0 0x7fae9677ec86 in __asan::asan_free(void*, __sanitizer::BufferedStackTrace*, __asan::AllocType) (/lib64/libasan.so.6+0x28c86) #1 0x7fae9680a674 in free (/lib64/libasan.so.6+0xb4674) #2 0x4166f3 in another_hunk /home/test/gnu-patch/src/pch.c:1187 #3 0x4086ad in main /home/test/gnu-patch/src/patch.c:408 #4 0x7fae9658ceaf in __libc_start_call_main (/lib64/libc.so.6+0x3feaf) #5 0x7fae9658cf5f in __libc_start_main_impl (/lib64/libc.so.6+0x3ff5f) #6 0x404b64 in _start (/home/test/gnu-patch/PROTO/bin/patch+0x404b64) --- src/pch.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/src/pch.c +++ b/src/pch.c @@ -1348,7 +1348,8 @@ another_hunk (enum diff difftype, bool r /* 'Old' lines were omitted. Set up to fill them in from 'new' context lines. */ ptrn_missing = true; - p_end = p_ptrn_lines + 1; + while (p_end < p_ptrn_lines + 1) + p_line[p_end++] = NULL; ptrn_prefix_context = ptrn_suffix_context = -1; fillsrc = p_end + 1; filldst = 1;
