Debian Bug report logs - #776271
Infinite loop in patch

version graph

Package: patch; Maintainer for patch is Laszlo Boszormenyi (GCS) <gcs@debian.org>; Source for patch is src:patch (PTS, buildd, popcon).

Reported by: Fernando Muñoz <fernando@null-life.com>

Date: Mon, 26 Jan 2015 04:36:02 UTC

Severity: normal

Tags: fixed-upstream, security, upstream

Found in versions patch/2.6.1-2.1, patch/2.6.1-3

Fixed in version patch/2.7.4-1

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#776271; Package patch. (Mon, 26 Jan 2015 04:36:07 GMT) (full text, mbox, link).

Acknowledgement sent to Fernando Muñoz <fernando@null-life.com>:
New Bug report received and forwarded. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Mon, 26 Jan 2015 04:36:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Fernando Muñoz <fernando@null-life.com>
To: submit@bugs.debian.org
Subject: Infinite loop in patch
Date: Sun, 25 Jan 2015 23:33:07 -0500
[Message part 1 (text/plain, inline)]
Package: patch

The attached file gets patch utility into an infinite loop

$ patch any.h -i loop2.patch
patching file any.h
patching file any.h
..

file was fuzzed with lcamtuf's afl.

[loop2.patch.gz (application/x-gzip, attachment)]

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Sat, 31 Jan 2015 22:39:15 GMT) (full text, mbox, link).

Notification sent to Fernando Muñoz <fernando@null-life.com>:
Bug acknowledged by developer. (Sat, 31 Jan 2015 22:39:15 GMT) (full text, mbox, link).

Message #10 received at 776271-close@bugs.debian.org (full text, mbox, reply):

From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
To: 776271-close@bugs.debian.org
Subject: Bug#776271: fixed in patch 2.7.4-1
Date: Sat, 31 Jan 2015 22:34:21 +0000
Source: patch
Source-Version: 2.7.4-1

We believe that the bug you reported is fixed in the latest version of
patch, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 776271@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated patch package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 31 Jan 2015 21:43:36 +0000
Source: patch
Binary: patch
Architecture: source amd64
Version: 2.7.4-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 patch      - Apply a diff file to an original
Closes: 776257 776271
Changes:
 patch (2.7.4-1) unstable; urgency=high
 .
   * New upstream release.
   * Fix symlink handling (closes: #776257).
   * Fix infinite loop with fuzzed diff (closes: #776271).
Checksums-Sha1:
 76f1baef0d53a524fff28cca012b2858feab3b13 1795 patch_2.7.4-1.dsc
 b2e29867263095e0f8bfd4b1319124b04102f2b0 714392 patch_2.7.4.orig.tar.xz
 c7a999d94774007075e362cfbc3eab2c531bb56e 8052 patch_2.7.4-1.debian.tar.xz
 0fbdc13c651980381713aaf4c8195e7452a8abc9 105294 patch_2.7.4-1_amd64.deb
Checksums-Sha256:
 4c913aa5513930f41e5672124f19ed95a2acca379842a326a17244f0fbd8057f 1795 patch_2.7.4-1.dsc
 0eacbb07ce106fe4dcbfbe6c052e55b50bf3df8e1bb16228c9da77b6659ff109 714392 patch_2.7.4.orig.tar.xz
 e9ec22dee279dac0e02509d36455f4db4087ab974932a1bbe6be41f9738f24cb 8052 patch_2.7.4-1.debian.tar.xz
 6dc00d2141207fe457eafabe2e2e45a6fca74c1a9c107118738bb4b761736ba8 105294 patch_2.7.4-1_amd64.deb
Files:
 ef2b5b2785161a55872f8ac9050bb485 1795 vcs standard patch_2.7.4-1.dsc
 abc59498fcdddd44e0d07764aa105fd2 714392 vcs standard patch_2.7.4.orig.tar.xz
 021e82e1a3b89f417c2c623f43035be1 8052 vcs standard patch_2.7.4-1.debian.tar.xz
 c8fbd2a491796d04359bd8dc2a240056 105294 vcs standard patch_2.7.4-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUzVUrAAoJENzjEOeGTMi/5l8QAJ1kfzb3cm8go2mpkP573Arz
NkstVIAbl2DYOXYuXX6bS/KURFDcrG4FGL3/4iX1vPdjQqRsTHP0C3qfz477pKhm
Se2kVT64jtAaFf14U3kll5T28s1KDwP++MDBKGCK7N6K/6IHP/jjYgXf5dKxV+xL
LXvSj+0HPo1eMZlhKASbKVXqSAx/4sReHH5a9TF6X3xFq9wzMO2x+l3+K6T7mt7C
zy5z4gUqMeTNztm0vZ6W8+nn6Yl4Crl8/xCYAiOXAaBcjj0vxKPVUHyDNkhO6ves
hAeFvvwJhMz7/zozsrrZzxWsuc7zxBt4cxbiEAw7/CaAHksXg7LZeOmioriKL8XR
jYbVolNNEuKmhXUaZkYBxRYZD+E9XJGNEqtJA1QnPMeR5sRLT7Nq4gPYoteeYITC
sbMHvF/qzTlNy93nFYfyQALN1vIPv4Gv3DYu3h3P7sA3DTIjT0hZ/rYhSBIxvItX
jwQxQvr7koCxCgM558wPV4l/H0Fqmr5sF5tATx14e+4oKEsWnvCYHsSk4fzvgnOz
KKN9mSPJwjNG2OAzeCUFK6sxyOvIrdPYYfEYAysLrZdWZdQuZtHON1lOLxKhBHBc
+rSc3Yke2Z/lfPkEAImpmqzrLq11ChQFU9fhPm/yI2CtAyr7ZPf9T3xIh1Lxb8Ou
//Qj59vnlADE2gJID3fq
=7dFp
-----END PGP SIGNATURE-----

Added tag(s) upstream and security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Mon, 02 Feb 2015 15:03:05 GMT) (full text, mbox, link).

Marked as found in versions patch/2.6.1-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 03 Feb 2015 16:03:04 GMT) (full text, mbox, link).

Added tag(s) fixed-upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 03 Feb 2015 16:09:04 GMT) (full text, mbox, link).

Marked as found in versions patch/2.6.1-2.1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 03 Feb 2015 16:09:09 GMT) (full text, mbox, link).

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 05 Dec 2016 10:39:10 GMT) (full text, mbox, link).

Bug unarchived. Request was from Don Armstrong <don@debian.org> to control@bugs.debian.org. (Wed, 07 Dec 2016 01:39:34 GMT) (full text, mbox, link).

Message #23 received at 776271-close@bugs.debian.org (full text, mbox, reply):

From: "USPS Express Delivery" <philip.vincent@kaarenpixton.com>
To: 776271-close@bugs.debian.org
Subject: New status of your USPS delivery (code: 24887294673)
Date: Wed, 25 Jan 2017 23:15:47 -0500
[Message part 1 (text/plain, inline)]
Dear Customer,



Your item has arrived at January 25, but our courier was not able to deliver the parcel.



Please check delivery label attached!



Warm regards,

Philip Vincent,

USPS Delivery Agent.


[Ground-Label-24887294673.zip (application/zip, attachment)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 23 Feb 2017 07:36:27 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Jul 15 16:56:47 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.