16436 – patch 2.7.4 causes regression in patching files inside of symlinked directories

Bug 16436 - patch 2.7.4 causes regression in patching files inside of symlinked directories

Summary: patch 2.7.4 causes regression in patching files inside of symlinked directories

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	5
Hardware:	i586 Linux

Priority:	Normal Severity: critical
Target Milestone:	---
Assignee:	QA Team
QA Contact:

URL:
Whiteboard:	MGA4TOO has_procedure MGA4-32-OK MGA5...
Keywords:	validated_update

Depends on:
Blocks:	16387
	Show dependency tree / graph

Reported:	2015-07-21 22:34 CEST by David Walser
Modified:	2015-07-23 11:40 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	patch-2.7.4-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-07-21 22:34:57 CEST

The upstream bug report is here:
http://savannah.gnu.org/bugs/?44251

Since java-1.8.0-openjdk just changed its build directory name from jdk8 to openjdk, but most of the patches still use jdk8 in their file paths, Fedora added a symlink during the build (ln -s openjdk jdk8).  Patch 2.7.4 refuses to follow this symlink, so most of the patches are rejected.

This update is needed to build the newest java-1.8.0-openjdk security update.  Since this fixes a real regression, it is being fixed in Mageia 4 as well.

Updated packages uploaded for Mageia 4, Mageia 5, and Cauldron.

Advisory:
----------------------------------------

The update to the patch package in MGASA-2015-0068 broke the patch command's
ability to patch files inside of a directory whose name was a symlink
(savannah#44251).

The patch package has been updated to version 2.7.5 to fix this regression.

References:
http://savannah.gnu.org/bugs/?44251
http://git.savannah.gnu.org/cgit/patch.git/plain/NEWS?id=3b698ab6a13fd3e5890689cd85cf41312c682f8c
http://advisories.mageia.org/MGASA-2015-0068.html
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
patch-2.7.5-1.mga4
patch-2.7.5-1.mga5

from SRPMS:
patch-2.7.5-1.mga4.src.rpm
patch-2.7.5-1.mga5.src.rpm

Reproducible: 

Steps to Reproduce:

David Walser 2015-07-21 22:35:17 CEST

Blocks: (none) => 16387
Whiteboard: (none) => MGA4TOO

Comment 1 David Walser 2015-07-21 22:39:26 CEST

Sysadmins, I need you to regenerate the chroot for Mageia 5 updates_testing to use the patch 2.7.5 build, so that I can build the java security update.

CC: (none) => sysadmin-bugs
Severity: normal => critical

Comment 2 Thomas Backlund 2015-07-21 22:45:21 CEST

just BR patch >= 2.7.5 in java package

CC: (none) => tmb

Comment 3 David Walser 2015-07-21 22:55:10 CEST

Test procedure:

mkdir dir1
ln -s dir1 dir2
echo a > dir2/a
echo b > dir2/b
diff -u dir2/a dir2/b > foo.diff
patch -p0 < foo.diff

Before the update:
Refusing to follow symbolic link dir2

After the update:
patching file dir2/a

Tested successfully on Mageia 4 i586 and on the build system on Mageia 5 (both arches).

Whiteboard: MGA4TOO => MGA4TOO has_procedure MGA4-32-OK MGA5-32-OK MGA5-64-OK

Comment 4 Samuel Verschelde 2015-07-22 17:42:14 CEST

Testing OK Mageia 4 64. Update validated, needs advisory uploaded.

Keywords: (none) => validated_update
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA5-32-OK MGA5-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-32-OK MGA5-64-OK MGA4-64-OK

Dave Hodgins 2015-07-23 03:51:49 CEST

CC: (none) => davidwhodgins
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA5-32-OK MGA5-64-OK MGA4-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA5-32-OK MGA5-64-OK MGA4-64-OK advisory

Comment 5 Mageia Robot 2015-07-23 11:40:08 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGAA-2015-0066.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.