summaryrefslogtreecommitdiff
path: root/sys-devel/patch
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2019-08-18 18:16:17 +0100
committerV3n3RiX <venerix@redcorelinux.org>2019-08-18 18:16:17 +0100
commitfc637fb28da700da71ec2064d65ca5a7a31b9c6c (patch)
tree326613a08f25851c388715e205576a2e7d25dc4f /sys-devel/patch
parentb24bd25253fe093f722ab576d29fdc41d04cb1ee (diff)
gentoo resync : 18.08.2019
Diffstat (limited to 'sys-devel/patch')
-rw-r--r--sys-devel/patch/Manifest7
-rw-r--r--sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch26
-rw-r--r--sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch102
-rw-r--r--sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch37
-rw-r--r--sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch108
-rw-r--r--sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch38
-rw-r--r--sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch89
-rw-r--r--sys-devel/patch/patch-2.7.6-r4.ebuild46
8 files changed, 453 insertions, 0 deletions
diff --git a/sys-devel/patch/Manifest b/sys-devel/patch/Manifest
index bf04e9e0b057..644d11554a80 100644
--- a/sys-devel/patch/Manifest
+++ b/sys-devel/patch/Manifest
@@ -1,9 +1,16 @@
+AUX patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch 729 BLAKE2B b0d9199178095e0227db4441ad3649626a494f5f21b92f04b6dee452d2bf86b13b80fae5058d548a443be08f91c36a1eb9838d6b468a8264847647b239989222 SHA512 8726f2a930d2ef09455f6ca1a231c09d4dbef591e4d0a460ed799649afac8ebff3bb9692e1e50b208e10296605fbe11343394860fb113befd905b1caa343e482
+AUX patch-2.7.6-CVE-2018-1000156-fix1.patch 3431 BLAKE2B 3812a2f343b3f91f4648bd2d0793f9ea2465e42e405b90e556028c776d69553ccb97d075d7d2c22c0a972d9f5dd2fdeae0793c27ed948e990c3e2fe89df1c9a1 SHA512 d4a01bee11d7c68cff9e1f55d6e231d72cb138511779b5f9347f2bc1d035055d8bc5f93e98a3bd0970659253f27bdd15151c8e9cfee5f2fb51ff148e106dcda5
+AUX patch-2.7.6-CVE-2018-1000156-fix2.patch 1195 BLAKE2B c33c1dabdb46ddbdd534a9dfde41c5e008ac4deba4fe25427deab5023ff4456dbf01f85a3aa1ad3fdd2919bda96227ad62bbc83911e93c74b90a73e4aeed9846 SHA512 e4340ce2fb9ac34d1c99c96abec8b7e107994cc759a8ebb0fb2b60c5ead5601bc88763f09a36115b96439167196a1880800dfeb7fcc01d8a8ee18467e8a52b17
AUX patch-2.7.6-CVE-2018-1000156.patch 4525 BLAKE2B bc0a12de74f2089fc3141618ef2bf3242d5b1c47d8900c645f2612b84b75dc625260528bb64070b9514b5e55852aa2dd93204fdbc6dacf1df6a0f6d72b53f980 SHA512 82873743ea469c614c9250b78ddfe4e3e754692caede2eb79ac9d5ab991df3329fc6485643fc0d38410b1d5c163485058a2ea8d4ecc0992d0dc0727cc3c3425f
AUX patch-2.7.6-CVE-2018-6951.patch 981 BLAKE2B 585015980a4eecc28c427caf4f827a172f02165b291a8bbe87baea289bee25228d59ccbf7aec9938dfdc3c46865fd238c5c0e272796f59062ef73794e96851db SHA512 db51d0b791d38dd4f1b373621ee18620ae339b172f58a79420fdaa4a4b1b1d9df239cf61bbddc4e6a4896b28b8cffc7c99161eb5e2facaec8df86a1bf7755bc0
AUX patch-2.7.6-CVE-2018-6952.patch 851 BLAKE2B a7c73ed10a1f71557bf28a5ee9d9800a01d7a3dc61e78428779b93e3e01766289e427f8fef39027d7e65e0153cb4464c92a9a58af7ecbe5f2c7ca3a0ea8aaff3 SHA512 99df964d826d400f87e9b82bf2600d8663c59bb8f9bf4aec082adc8cf6261744f37d416e15492d6e883202ade521d4436cb41c91f516085c3e6ce8e01a8956fb
+AUX patch-2.7.6-CVE-2019-13636.patch 3749 BLAKE2B 162bc7fd617d713cc6e39988eecf662cd49c118a313442337b3b990694986d8a0797042494329aad28d7d8647b93fda39f8e95f4c414cb6e82d50c01d03b00b7 SHA512 348f12c4c975540203c715413ce86b72a175c3364192cd09d856f9102bdc2ddd2e3539c4b9bd1a6ebf10759513c946c739847ef5c794443f375e4f1f58b6a34e
+AUX patch-2.7.6-CVE-2019-13638.patch 1184 BLAKE2B e52b1336a8410538e4c490e08c239eecf29baf03b4226fda865941d081f8289961746ff7526cfce6d298321826c9b3ee047bd56ba1c27f1c53036f3ac2250669 SHA512 d60f8c2364fca9b73aa73b5914cfd6571d11528d13fa7703ccfa93730cbdf8a6e4c9ca04cb7d02a40d33c38075890790b490052d5217e728b0948991da937980
+AUX patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch 3046 BLAKE2B 8cdeab68f392b5d89f7857f3126c162fa2859cfc2815ba5507423f958f5f85a1dbbb86244f40c13aa8769d7630fa3b91611e33d41fb12c76d1849152e5652ecc SHA512 f886614c6f4d46d02218a436ae7980014fe6ef0d49114d122623ff0cd946cdeb136eebe33a59a8ccfef070e91cddf86cdca1d7feb8579f734b1bab6decb0bfd4
AUX patch-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch 860 BLAKE2B 3514ecd15b9c379efcb3cfcb0b1bcb389b63a5d6a108f889812498581c62f86655bb0acacc2a1e495a97613140770796030e82d050d12e502f0d3caadcf54097 SHA512 ced7714cba5f038affb29311aa42f112cea99882e38abc41106bed550ad9996fbc3df314fae5168ca305aaa39429f9d81dbf83469f93f7fe3736a044d41cecd9
AUX patch-2.7.6-fix-error-handling-with-git-style-patches.patch 3582 BLAKE2B c443abb5112283aeb20db4ccf57c0d1241bfa586ad8d54d0ff2e1ae9026174f560df37dda1fedfc39db8178db05f77a4f94827ede80982311f475f460e4ae57f SHA512 1c05cf05b7348b86c878bd464a3f2f978b3e97655bf4f9aa83732af8bfd1e82046b88db39b7ce70e33ffc00c7f09c28ba777fba3fbd9538fd76767bfc396f382
AUX patch-2.7.6-fix-test-suite.patch 2610 BLAKE2B e750283b85f0cb9d52324f28b8a03087980e8a61b16c3465914eeca65a3b800d8946a10c4dd0ab08b18c1cbc37810e55fb5c35314082a8c11e383b7d50d1bd3f SHA512 7ced1f9b937bf62131654d8a25c8d2a3f3cfe5fa8961e2e000542cce68061b10895bc0001ded898b9a43608af1f9c07903dc5c2f0a41662470d97188ed682115
DIST patch-2.7.6.tar.xz 783756 BLAKE2B e3dd2d155a94c39cb60eafc26677e84de14c3a6d5814dff69de091ded52f21862490970254297795f2c42a0c3203f7e88a8f65bb66968f8dfd6e066bf53f2dfb SHA512 fcca87bdb67a88685a8a25597f9e015f5e60197b9a269fa350ae35a7991ed8da553939b4bbc7f7d3cfd863c67142af403b04165633acbce4339056a905e87fbd
EBUILD patch-2.7.6-r3.ebuild 1298 BLAKE2B 877407aae8120af22287b88e18b6ee7c32b4b0a23b38b1d6d32aa59ead1b04f7d8c88255502200992a2f81b3de6ef4ce0034ecffebb331d94244e81df2fcfd1c SHA512 17273f1362407e6e3841e859329b80bed8bee532dc865f54e046f858cac2d7b7f92b3fe5aa2409b7bed8236ad15b7c55841ddea0db7d89238f3c6b21f4c8f179
+EBUILD patch-2.7.6-r4.ebuild 1685 BLAKE2B 64246ce2a49e6e8314a1adf051a4b5cb58bab797acc296ecacf5a602a26256e2870b96b52d6522faf10c543c4250eb04d24953581bc7b1c3900c998240155c69 SHA512 73d04bf12481de8f2476c40af3c8e499acc17fd48455494905b2f94ce5751266bc8dd0e8f353df5034d8d4ebb455d97b5b4a83e58575565c70500f02191646f0
MISC metadata.xml 253 BLAKE2B 295e9d6d93aaa12af413972e1590c67087801cc09c9aa6b59d4606c0f4106d1dacf2baa9858559083b4c6d91beeef218d0729e8593a33788958da6d2897e8ce2 SHA512 54a9069aeb4165d2dff3d473c8001bc51613aac9dff3f7f5e9971a9891a737a31511ffa11cbd523febe581ac1d9de2bdf2f40410f0c4239138f2ccca3ef15555
diff --git a/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
new file mode 100644
index 000000000000..5eef875b85d4
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
@@ -0,0 +1,26 @@
+From 15b158db3ae11cb835f2eb8d2eb48e09d1a4af48 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 19:10:02 +0200
+Subject: Avoid invalid memory access in context format diffs
+
+* src/pch.c (another_hunk): Avoid invalid memory access in context format
+diffs.
+---
+ src/pch.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/pch.c b/src/pch.c
+index a500ad9..cb54e03 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -1328,6 +1328,7 @@ another_hunk (enum diff difftype, bool rev)
+ ptrn_prefix_context = context;
+ ptrn_suffix_context = context;
+ if (repl_beginning
++ || p_end <= 0
+ || (p_end
+ != p_ptrn_lines + 1 + (p_Char[p_end - 1] == '\n')))
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch
new file mode 100644
index 000000000000..d2492f593175
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix1.patch
@@ -0,0 +1,102 @@
+From 19599883ffb6a450d2884f081f8ecf68edbed7ee Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Thu, 3 May 2018 14:31:55 +0200
+Subject: Don't leak temporary file on failed ed-style patch
+
+Now that we write ed-style patches to a temporary file before we
+apply them, we need to ensure that the temporary file is removed
+before we leave, even on fatal error.
+
+* src/pch.c (do_ed_script): Use global TMPEDNAME instead of local
+ tmpname. Don't unlink the file directly, instead tag it for removal
+ at exit time.
+* src/patch.c (cleanup): Unlink TMPEDNAME at exit.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+---
+ src/common.h | 2 ++
+ src/patch.c | 1 +
+ src/pch.c | 11 +++++------
+ 3 files changed, 8 insertions(+), 6 deletions(-)
+
+diff --git a/src/common.h b/src/common.h
+index 904a3f8..53c5e32 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -94,10 +94,12 @@ XTERN char const *origsuff;
+ XTERN char const * TMPINNAME;
+ XTERN char const * TMPOUTNAME;
+ XTERN char const * TMPPATNAME;
++XTERN char const * TMPEDNAME;
+
+ XTERN bool TMPINNAME_needs_removal;
+ XTERN bool TMPOUTNAME_needs_removal;
+ XTERN bool TMPPATNAME_needs_removal;
++XTERN bool TMPEDNAME_needs_removal;
+
+ #ifdef DEBUGGING
+ XTERN int debug;
+diff --git a/src/patch.c b/src/patch.c
+index 3fcaec5..9146597 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -2003,6 +2003,7 @@ cleanup (void)
+ remove_if_needed (TMPINNAME, &TMPINNAME_needs_removal);
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ remove_if_needed (TMPPATNAME, &TMPPATNAME_needs_removal);
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+ remove_if_needed (TMPREJNAME, &TMPREJNAME_needs_removal);
+ output_files (NULL);
+ }
+diff --git a/src/pch.c b/src/pch.c
+index 79a3c99..1bb3153 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2392,7 +2392,6 @@ do_ed_script (char const *inname, char c
+ file_offset beginning_of_this_line;
+ size_t chars_read;
+ FILE *tmpfp = 0;
+- char const *tmpname;
+ int tmpfd;
+ pid_t pid;
+
+@@ -2404,12 +2403,13 @@ do_ed_script (char const *inname, char const *outname,
+ invalid commands and treats the next line as a new command, which
+ can lead to arbitrary command execution. */
+
+- tmpfd = make_tempfile (&tmpname, 'e', NULL, O_RDWR | O_BINARY, 0);
++ tmpfd = make_tempfile (&TMPEDNAME, 'e', NULL, O_RDWR | O_BINARY, 0);
+ if (tmpfd == -1)
+- pfatal ("Can't create temporary file %s", quotearg (tmpname));
++ pfatal ("Can't create temporary file %s", quotearg (TMPEDNAME));
++ TMPEDNAME_needs_removal = true;
+ tmpfp = fdopen (tmpfd, "w+b");
+ if (! tmpfp)
+- pfatal ("Can't open stream for file %s", quotearg (tmpname));
++ pfatal ("Can't open stream for file %s", quotearg (TMPEDNAME));
+ }
+
+ for (;;) {
+@@ -2449,7 +2449,7 @@ do_ed_script (char const *inname, char c
+ write_fatal ();
+
+ if (lseek (tmpfd, 0, SEEK_SET) == -1)
+- pfatal ("Can't rewind to the beginning of file %s", quotearg (tmpname));
++ pfatal ("Can't rewind to the beginning of file %s", quotearg (TMPEDNAME));
+
+ if (! dry_run && ! skip_rest_of_patch) {
+ int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+@@ -2482,7 +2482,6 @@ do_ed_script (char const *inname, char c
+ }
+
+ fclose (tmpfp);
+- safe_unlink (tmpname);
+
+ if (ofp)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch
new file mode 100644
index 000000000000..7b74ff06c4bd
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2018-1000156-fix2.patch
@@ -0,0 +1,37 @@
+From 369dcccdfa6336e5a873d6d63705cfbe04c55727 Mon Sep 17 00:00:00 2001
+From: Jean Delvare <jdelvare@suse.de>
+Date: Mon, 7 May 2018 15:14:45 +0200
+Subject: Don't leak temporary file on failed multi-file ed-style patch
+
+The previous fix worked fine with single-file ed-style patches, but
+would still leak temporary files in the case of multi-file ed-style
+patch. Fix that case as well, and extend the test case to check for
+it.
+
+* src/patch.c (main): Unlink TMPEDNAME if needed before moving to
+ the next file in a patch.
+
+This closes bug #53820:
+https://savannah.gnu.org/bugs/index.php?53820
+
+Fixes: 123eaff0d5d1 ("Fix arbitrary command execution in ed-style patches (CVE-2018-1000156)")
+Fixes: 19599883ffb6 ("Don't leak temporary file on failed ed-style patch")
+---
+ src/patch.c | 1 +
+ 2 files changed, 32 insertions(+)
+
+diff --git a/src/patch.c b/src/patch.c
+index 9146597..81c7a02 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -236,6 +236,7 @@ main (int argc, char **argv)
+ }
+ remove_if_needed (TMPOUTNAME, &TMPOUTNAME_needs_removal);
+ }
++ remove_if_needed (TMPEDNAME, &TMPEDNAME_needs_removal);
+
+ if (! skip_rest_of_patch && ! file_type)
+ {
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch
new file mode 100644
index 000000000000..3515399f073d
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13636.patch
@@ -0,0 +1,108 @@
+From dce4683cbbe107a95f1f0d45fabc304acfb5d71a Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Mon, 15 Jul 2019 16:21:48 +0200
+Subject: Don't follow symlinks unless --follow-symlinks is given
+
+* src/inp.c (plan_a, plan_b), src/util.c (copy_to_fd, copy_file,
+append_to_file): Unless the --follow-symlinks option is given, open files with
+the O_NOFOLLOW flag to avoid following symlinks. So far, we were only doing
+that consistently for input files.
+* src/util.c (create_backup): When creating empty backup files, (re)create them
+with O_CREAT | O_EXCL to avoid following symlinks in that case as well.
+---
+ src/inp.c | 12 ++++++++++--
+ src/util.c | 14 +++++++++++---
+ 2 files changed, 21 insertions(+), 5 deletions(-)
+
+diff --git a/src/inp.c b/src/inp.c
+index 32d0919..22d7473 100644
+--- a/src/inp.c
++++ b/src/inp.c
+@@ -238,8 +238,13 @@ plan_a (char const *filename)
+ {
+ if (S_ISREG (instat.st_mode))
+ {
+- int ifd = safe_open (filename, O_RDONLY|binary_transput, 0);
++ int flags = O_RDONLY | binary_transput;
+ size_t buffered = 0, n;
++ int ifd;
++
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ ifd = safe_open (filename, flags, 0);
+ if (ifd < 0)
+ pfatal ("can't open file %s", quotearg (filename));
+
+@@ -340,6 +345,7 @@ plan_a (char const *filename)
+ static void
+ plan_b (char const *filename)
+ {
++ int flags = O_RDONLY | binary_transput;
+ int ifd;
+ FILE *ifp;
+ int c;
+@@ -353,7 +359,9 @@ plan_b (char const *filename)
+
+ if (instat.st_size == 0)
+ filename = NULL_DEVICE;
+- if ((ifd = safe_open (filename, O_RDONLY | binary_transput, 0)) < 0
++ if (! follow_symlinks)
++ flags |= O_NOFOLLOW;
++ if ((ifd = safe_open (filename, flags, 0)) < 0
+ || ! (ifp = fdopen (ifd, binary_transput ? "rb" : "r")))
+ pfatal ("Can't open file %s", quotearg (filename));
+ if (TMPINNAME_needs_removal)
+diff --git a/src/util.c b/src/util.c
+index 1cc08ba..fb38307 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -393,7 +393,7 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+
+ try_makedirs_errno = ENOENT;
+ safe_unlink (bakname);
+- while ((fd = safe_open (bakname, O_CREAT | O_WRONLY | O_TRUNC, 0666)) < 0)
++ while ((fd = safe_open (bakname, O_CREAT | O_EXCL | O_WRONLY | O_TRUNC, 0666)) < 0)
+ {
+ if (errno != try_makedirs_errno)
+ pfatal ("Can't create file %s", quotearg (bakname));
+@@ -584,10 +584,13 @@ create_file (char const *file, int open_flags, mode_t mode,
+ static void
+ copy_to_fd (const char *from, int tofd)
+ {
++ int from_flags = O_RDONLY | O_BINARY;
+ int fromfd;
+ ssize_t i;
+
+- if ((fromfd = safe_open (from, O_RDONLY | O_BINARY, 0)) < 0)
++ if (! follow_symlinks)
++ from_flags |= O_NOFOLLOW;
++ if ((fromfd = safe_open (from, from_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (from));
+ while ((i = read (fromfd, buf, bufsize)) != 0)
+ {
+@@ -630,6 +633,8 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ else
+ {
+ assert (S_ISREG (mode));
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
+ tofd = create_file (to, O_WRONLY | O_BINARY | to_flags, mode,
+ to_dir_known_to_exist);
+ copy_to_fd (from, tofd);
+@@ -645,9 +650,12 @@ copy_file (char const *from, char const *to, struct stat *tost,
+ void
+ append_to_file (char const *from, char const *to)
+ {
++ int to_flags = O_WRONLY | O_APPEND | O_BINARY;
+ int tofd;
+
+- if ((tofd = safe_open (to, O_WRONLY | O_BINARY | O_APPEND, 0)) < 0)
++ if (! follow_symlinks)
++ to_flags |= O_NOFOLLOW;
++ if ((tofd = safe_open (to, to_flags, 0)) < 0)
+ pfatal ("Can't reopen file %s", quotearg (to));
+ copy_to_fd (from, tofd);
+ if (close (tofd) != 0)
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch
new file mode 100644
index 000000000000..38caff628aaf
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-CVE-2019-13638.patch
@@ -0,0 +1,38 @@
+From 3fcd042d26d70856e826a42b5f93dc4854d80bf0 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Fri, 6 Apr 2018 19:36:15 +0200
+Subject: Invoke ed directly instead of using the shell
+
+* src/pch.c (do_ed_script): Invoke ed directly instead of using a shell
+command to avoid quoting vulnerabilities.
+---
+ src/pch.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/pch.c b/src/pch.c
+index 4fd5a05..16e001a 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -2459,9 +2459,6 @@ do_ed_script (char const *inname, char const *outname,
+ *outname_needs_removal = true;
+ copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+ }
+- sprintf (buf, "%s %s%s", editor_program,
+- verbosity == VERBOSE ? "" : "- ",
+- outname);
+ fflush (stdout);
+
+ pid = fork();
+@@ -2470,7 +2467,8 @@ do_ed_script (char const *inname, char const *outname,
+ else if (pid == 0)
+ {
+ dup2 (tmpfd, 0);
+- execl ("/bin/sh", "sh", "-c", buf, (char *) 0);
++ assert (outname[0] != '!' && outname[0] != '-');
++ execlp (editor_program, editor_program, "-", outname, (char *) NULL);
+ _exit (2);
+ }
+ else
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
new file mode 100644
index 000000000000..961e57861382
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
@@ -0,0 +1,89 @@
+From 61d7788b83b302207a67b82786f4fd79e3538f30 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Thu, 27 Jun 2019 11:10:43 +0200
+Subject: Don't crash when RLIMIT_NOFILE is set to RLIM_INFINITY
+
+* src/safe.c (min_cached_fds): Define minimum number of cached dir file
+descriptors.
+(max_cached_fds): Change type to rlim_t to allow storing RLIM_INFINITY.
+(init_dirfd_cache): Set max_cached_fds to RLIM_INFINITY when RLIMIT_NOFILE is
+RLIM_INFINITY. Set the initial hash table size to min_cached_fds, independent
+of RLIMIT_NOFILE: patches commonly only affect one or a few files, so a small
+hash table will usually suffice; if needed, the hash table will grow.
+(insert_cached_dirfd): Don't shrink the cache when max_cached_fds is
+RLIM_INFINITY.
+---
+ src/safe.c | 36 +++++++++++++++++++++++-------------
+ 1 file changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/src/safe.c b/src/safe.c
+index 5a7202f..f147b0e 100644
+--- a/src/safe.c
++++ b/src/safe.c
+@@ -67,7 +67,8 @@ struct cached_dirfd {
+ };
+
+ static Hash_table *cached_dirfds = NULL;
+-static size_t max_cached_fds;
++static rlim_t min_cached_fds = 8;
++static rlim_t max_cached_fds;
+ LIST_HEAD (lru_list);
+
+ static size_t hash_cached_dirfd (const void *entry, size_t table_size)
+@@ -98,11 +99,17 @@ static void init_dirfd_cache (void)
+ {
+ struct rlimit nofile;
+
+- max_cached_fds = 8;
+ if (getrlimit (RLIMIT_NOFILE, &nofile) == 0)
+- max_cached_fds = MAX (nofile.rlim_cur / 4, max_cached_fds);
++ {
++ if (nofile.rlim_cur == RLIM_INFINITY)
++ max_cached_fds = RLIM_INFINITY;
++ else
++ max_cached_fds = MAX (nofile.rlim_cur / 4, min_cached_fds);
++ }
++ else
++ max_cached_fds = min_cached_fds;
+
+- cached_dirfds = hash_initialize (max_cached_fds,
++ cached_dirfds = hash_initialize (min_cached_fds,
+ NULL,
+ hash_cached_dirfd,
+ compare_cached_dirfds,
+@@ -148,20 +155,23 @@ static void insert_cached_dirfd (struct cached_dirfd *entry, int keepfd)
+ if (cached_dirfds == NULL)
+ init_dirfd_cache ();
+
+- /* Trim off the least recently used entries */
+- while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
++ if (max_cached_fds != RLIM_INFINITY)
+ {
+- struct cached_dirfd *last =
+- list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+- if (&last->lru_link == &lru_list)
+- break;
+- if (last->fd == keepfd)
++ /* Trim off the least recently used entries */
++ while (hash_get_n_entries (cached_dirfds) >= max_cached_fds)
+ {
+- last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++ struct cached_dirfd *last =
++ list_entry (lru_list.prev, struct cached_dirfd, lru_link);
+ if (&last->lru_link == &lru_list)
+ break;
++ if (last->fd == keepfd)
++ {
++ last = list_entry (last->lru_link.prev, struct cached_dirfd, lru_link);
++ if (&last->lru_link == &lru_list)
++ break;
++ }
++ remove_cached_dirfd (last);
+ }
+- remove_cached_dirfd (last);
+ }
+
+ /* Only insert if the parent still exists. */
+--
+cgit v1.0-41-gc330
+
diff --git a/sys-devel/patch/patch-2.7.6-r4.ebuild b/sys-devel/patch/patch-2.7.6-r4.ebuild
new file mode 100644
index 000000000000..ef42ee0ed008
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.6-r4.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="https://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+ test? ( sys-apps/ed )"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-fix-test-suite.patch
+ "${FILESDIR}"/${PN}-2.7.6-fix-error-handling-with-git-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6951.patch
+ "${FILESDIR}"/${PN}-2.7.6-allow-input-files-to-be-missing-for-ed-style-patches.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-6952.patch
+ "${FILESDIR}"/${PN}-2.7.6-Do-not-crash-when-RLIMIT_NOFILE-is-set-to-RLIM_INFINITY.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix1.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2018-1000156-fix2.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13636.patch
+ "${FILESDIR}"/${PN}-2.7.6-CVE-2019-13638.patch
+ "${FILESDIR}"/${PN}-2.7.6-Avoid-invalid-memory-access-in-context-format-diffs.patch
+)
+
+src_configure() {
+ use static && append-ldflags -static
+
+ local myeconfargs=(
+ $(use_enable xattr)
+ --program-prefix="$(use userland_BSD && echo g)"
+ )
+ # Do not let $ED mess up the search for `ed` 470210.
+ ac_cv_path_ED=$(type -P ed) \
+ econf "${myeconfargs[@]}"
+}