Revbump to add two upstream fixes

Package-Manager: portage-2.2.15/cvs/Linux x86_64
Manifest-Sign-Key: 0x981CA6FC

5 files changed, 346 insertions, 15 deletions

diff --git a/sys-devel/patch/ChangeLog b/sys-devel/patch/ChangeLog
index 336dbfd520e3..a3c46e0a9b5b 100644
--- a/sys-devel/patch/ChangeLog
+++ b/sys-devel/patch/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-devel/patch
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-devel/patch/ChangeLog,v 1.67 2015/01/21 07:32:08 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/patch/ChangeLog,v 1.68 2015/01/23 19:02:06 polynomial-c Exp $
+
+*patch-2.7.2-r1 (23 Jan 2015)
+
+  23 Jan 2015; Lars Wendler <polynomial-c@gentoo.org> +patch-2.7.2-r1.ebuild,
+  +files/patch-2.7.2-fix_for_CVE-2015-1196_fix.patch,
+  +files/patch-2.7.2-valid_filenames_on_renames_and_copies.patch:
+  Revbump to add two upstream fixes.
 
 *patch-2.7.2 (21 Jan 2015)
 
diff --git a/sys-devel/patch/Manifest b/sys-devel/patch/Manifest
index f5632751ec1e..c1223e8ea1c7 100644
--- a/sys-devel/patch/Manifest
+++ b/sys-devel/patch/Manifest
@@ -6,28 +6,31 @@ AUX patch-2.7.1-Fix-removing-empty-directories.patch 2094 SHA256 9e1a576fedac307
 AUX patch-2.7.1-dry-run-mode-create-temp-files-in-temp-dir.patch 815 SHA256 1b9c214bb21ce98e0205161110b27ce7c3fade80f1c5af799ee064b33f3cd1e8 SHA512 fbb7adfafedda770c4662c31004b87c1184bc52025d71f0500af8494fccdceb9a21ebdf9d4bfb7429318a3b3d4766c74f26bca250cba88242e5624618a83e058 WHIRLPOOL 67d7adfb7a1ebcb889801942c504c1f1d17e1729d5e791a70010b5969712e313671c6c9617b576294d699572baed487a435d70419100fdd6c3d94cb469e8a012
 AUX patch-2.7.1-initialize_data_structures_early_enough.patch 2148 SHA256 62aacb522251df87f4882533f68d09a42022461c76491e0560aa4e25ddcdbab0 SHA512 57ffb7a22056b1e37d442b63aff2df7df041c6950b7d437b726c3021224bf81035fbbee88a815ba98d9449229a5426f1aa7cbf9265f8fb8ef6e9b608b0f9841a WHIRLPOOL 083ac9efb2445afbfb645da86873a13a06b869c77499d6870e332175c33d7d89de03e85bcae749c5755b9b888592604e4f894eeb1b998ddd856f4ad32f346858
 AUX patch-2.7.1-prevent_depend_on_autotools.patch 1602 SHA256 0988b3e0bb9d192fe3e6923c4d8e3550e6f290dac8d44bddcc0505b6bd2d67d0 SHA512 ec639c2a21216501822b49395596e2139ad2f7570bb75a393f4591501d56ae05c3376a712c0ad4984d715a3410da4113298bca5a571a005762d73069cc45bfca WHIRLPOOL 9a197ba472f08e5978b81c1ee04318ef367bb5bc9f439c97d511aa7653429a1da8e0967e55ab243a1003f786cd79f7939f1cc6aba7e5540b2fd09b0353e37bec
+AUX patch-2.7.2-fix_for_CVE-2015-1196_fix.patch 6088 SHA256 5a66e13659f9126854350bf8f0e15bb11d48159fae2fc8187d2a20f4e38136c0 SHA512 9b7f2b45f11f884faa82be00ca98913f17bec820f7b5bf947881446509121826b56502f4753452d9a98130533ff07f224c375cce3a57a12c9acbd81d52c13c32 WHIRLPOOL 2e2c6dafe1b313f2772b975b392b29f162a71831a8daa641d596ea8f66f7b7fc9ff0375ac6edc30fae25fb118467fea693797bb78c836021b544c7bdb19b22ff
+AUX patch-2.7.2-valid_filenames_on_renames_and_copies.patch 1843 SHA256 1905cc3418558b313634ec9ceaea06f223eef3de078ed0ccde2561f1eebb9129 SHA512 8e52cc952d8f1608e932b713501d9282a7cf568e0d8bd5b255263b2085d1bd90505103adc4a2964ec6924634baff0a47768c3f03518b585db549088defc1598c WHIRLPOOL 0f2baa2a8ec893cbbbc8a1d2374f0ee06d6d93cb98d5f7d8655d95a3cb75d2d367167a2a42dbd925d027800b2ae787c6464f0a6c97f0a4f9bb0c2f8b294b2592
 DIST patch-2.6.1.tar.bz2 253719 SHA256 1d1441380c92ed8572049411406964a0a987aefd228be3abb8623eca1f3ced8a SHA512 a751bd9d14c82e047c9e914bf03f3296f76e2ebc3f9fb4c3f480590c303d492235a6b340056c612afef6c6b2c8d8de794189b5ba933f53687effb6acb2c5b187 WHIRLPOOL c93833d02d981fa417f5389638ec4731b5addfc0314f92709deb992ad6bab86e67b68b5ee704ed46627944469f1c4e58df51b316c1f4539e196077639013c600
 DIST patch-2.7.1.tar.xz 675896 SHA256 9124ba46db0abd873d0995c2ca880e81252676bb6c03e0a37dfc5f608a9b0ceb SHA512 e10274bd59875d4ec5b02960d23f54e5b2a94ac19554c4a013fdb1df48f01012ce418627c74f7a6bd0a416527dd2ead347642878a057048ede9ee2d9c76a51b0 WHIRLPOOL 5e9d4f2f3ea0fe6d4c9ca577a1ca9103b78d7429e7f67cce4eb2cdea00c71cb9bfe9882101c04be3a5fa6a9ad5e05ff3f1d851a5ef2ae4b80f03696d1c13c6f9
 DIST patch-2.7.2.tar.xz 684108 SHA256 9a55c7e7415fa789acc45dbe78fe4675b1fa12c1ccb19f1513f69fca3f798a9a SHA512 dcfcc06e0503236b05a9202906116a5ec039b30d8d4ad0eddd63601a2ba37b81cd4ebf71749ff69c0e05d49ae4fe8a01332d5c6c6499ab5eb1eea9176b374ede WHIRLPOOL 66e019eef0b33709357a5ffcdf43f43ad41673c64368644676ab82407611e905f201446042c824c30e690424f5db218ad4903785431bbd479c1be249c5e72732
 EBUILD patch-2.6.1.ebuild 1013 SHA256 56f327dfdcf34f638721dc42e60f682121799b1e5dc9f2d585387178df97031a SHA512 1415b53b21f48dddac43c761b9fec24a0ae008510b3c014122c6e60dfe99497dba0677f49e169dc6266c5059e8730e561ba206c4be50c951c4716378f8e53eda WHIRLPOOL b7f2a2413775d201b4bdace89792aa0044a4847375044ea00a140c85c4153a0aadd5831f6782f49ad621b9b8284b5d49d08dc597fe057c03819f16ea2444a3b0
 EBUILD patch-2.7.1-r3.ebuild 1388 SHA256 b59edda27f1c76d18fa3130cca5d5c3af0a6556ead06698ce0e6f510cf38ef63 SHA512 7192e4fd2f7856f2a9d599af1d9dfe13629c731d1b5d9da72cfa1f4c619b47131620656c859aece426ef64160741cbe8b3c3433a2164d49e49a5a5894a3cde72 WHIRLPOOL 7fe063706978f7831d30a691d0e082c16727a91a50ba5700b5ae2f583cf82b9460ebdeb8609f2a5f8545e7eb858699888b4d3f983202cf2412b487a90b7de306
+EBUILD patch-2.7.2-r1.ebuild 1258 SHA256 fd015ca79e35cc51e31a6e7dfde4eafe25f09b080a322f7670f8fac5851f065f SHA512 dbb926895978fdadfd3718d658f1b4c2bc22f5482f62f162e206f52183bea0e8dbee9fbf2944834ffb9125fb1427ec925dcfdef3ae464ee0f86aadb5b8f37be2 WHIRLPOOL 020362fa73b1a180b29d6792a2f9377b91bfb80b551f5198af1298dc3dbe670ca9b20547388c1c77f1fa1f6adb7cd59f1dceaabe282900e9847b3419d91c5956
 EBUILD patch-2.7.2.ebuild 1110 SHA256 52fde29093c1bc3627472f332ad14304c5a40bc09260aa06cae9d6054f0c8cf9 SHA512 52c50725ef3376ae9ed81c8056ef20fb1b58f21228e7a3118483aa7546406f3b30343ee5d7b0b91720992c5b46086e9388a6db434f53e3a258ac606576e9571e WHIRLPOOL 9e9d55448c84410f756553da9c576caa3df591837c262ab0086b07e0d27ca4d44ae4a19a24492b6c234c5842a8e12bf78c6d7ba659739dcf2ace1cad8850d86d
-MISC ChangeLog 8183 SHA256 971ff350c67566c28758075e9bcaa642dae89b6a546ce7005bfff6b57de17d70 SHA512 800fb367092bfc16ffa6b1fadc52db31bdcbbc1533534bc1a5fdf0f5d78186eb420a3545cc5f414a75736d310abfbf11104d8747b6135c7e4a62f93fef6a4606 WHIRLPOOL 8c4ea51d6651c227d6e43e9a3d8ee33ed006538d5cdf4a6edc1fb0f1e10abf7d86fc5e9b49a17377296009af3fad0a3bdd6c353ed6f609c4c909f1fd6b9fe3df
+MISC ChangeLog 8450 SHA256 fb776dbce12f365c502c8234f0f1072dfc814776419b167f11d1b155810afa58 SHA512 08a7507b0346a8abab82575ec8de5aa5bcf5b0bbd7520e8a6d4713637904214c3fc136a9928103b4fc851fe2d2bfb323dae99135c609aae98d4939c8d203d69e WHIRLPOOL 333b7de99beec4bcbec1e0112a1a0b97f31227e1427be76ef94d6bcdc235db1a95e42d2d91c17117e43a151b1b9b101035bf9a77f8421374ea948f6c032fd08d
 MISC metadata.xml 164 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92 SHA512 8eb0d5153d388f6ea069c64b93882244816a0a09aecc0d73cb872121ce0eb24c5ccafa96aad0b620b2300f319e1af101fa7fa6c5d0d561719d49bb07da0a2eca WHIRLPOOL 11a1441bddb7a6c69653c663902b7da5767ae6ad515ac2aabfc42fe37927a1ccc21472deeee454009ff720201a41c3e4a912df42661a0a87150fb46126da2d52
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iQIcBAEBCAAGBQJUv1X5AAoJEPiazRVxLXTFA2gP/1EMYjsfnxDg8/Tj8mMynzG+
-YJ4Yut/iPfQDfDr4TPrNaN51CUjMwI95ZLYk1V7D+LF51p8X/8+c/YqDqNAVKxSq
-4jTqkdLlvJyNpz78oJE2Sdvk+8z8xTGAmk4l05LotpTTkzPy3Ndm9KcTKyeTCa4Q
-U27PSBKgUY4E8rEzrr5f8e1ptX6MBSYPWkl2rtXdQXwYBIz4hb6CbSXmgkym+Lec
-mg9Iv2K9EVkSA8+vCa7bMho1iuMBkdSDGedj8/+gA30RK3D2eaIz+ZBYX3GuI9eB
-Lud2RdPIH5BpFKnBSgJ/itzs2Dr1B5cJ17MsH7T1DeHFHeltlHhsuCwy/K2h0TbM
-8aJK1Vmm40ctN/uSOO6C6BtvNR2sP2rwmTYf8cbjUKBV4xcpExEz2DqSClnB08VB
-xmGz1TI08vBM/yisxJsyORzCK7Jq1Dyl8Q5AZbf000inXIt66Ru3Aarv77malcRd
-jokKe2pBSn+s3qvWagY5yjmju59CjAd06u4Kp56i5K3zbTSLycdilQjssBuFJZq8
-PsghpIVd0uAcZiUPuymxtAfQ2vglqo6aqoFZJXQmD74AnDFRNY60so/LIZp7cuL2
-6CPLkXxjSOBCyFKLWIFkqzu1H3VVD4v77mYLhs4uLYf5I3G2fE9LuYZ67pf3BA0r
-EXv+UAZVhPbz5Wdipdyg
-=ncdp
+iQIcBAEBCAAGBQJUwpqvAAoJEPiazRVxLXTFaeIP/2gJ7S6sBXTHaWmYGZRWrknE
+rfkD/OPZ1vb2oPZHB25U6Kba1SHWY9APh8byQdjZ8RSeRh3ZsCTnNP5iShWpUpPb
+TfuiEMjAy/zngg3WbAYgDLkZ2W+BzgI7yGdHteyEivdPN73ICzLSd5fSYKirFSbV
+xHJ05eW7VuA+LMrAUWmJUhlBCya9vWVuj5tBRaZ8stJQcBnx3C6gP/O8YaK9m+kT
+zrvk7usErwlx57NVrmBQ9O02EjMJO5Ia1D+Q6gn19GbIo6F9ZMwgGLnP1F0T2xRD
+UeDygTawskAiuW2hlIKVRP5GDDaWDN+oOd/473o4rfT97EcsHAlnscdQwXvlvCsy
+xWyygtKRoQM0aaOcQiNhoLOsfaekkY9V7GV9VRLgPSqvoEx8X95ZsX/MojnDzXMh
+BOmfzDchCuDhZfQItV/2P0azLWfpZd4ltkDaA3CKQphjA5h4EaDMafD4tkYw9mQ9
+uEVh9kGFTQcplJSuIXnHTZTgVOm/lMx9ugD3OkW4wtjXnV17qJcT6D8uPGbPaLnM
+p7AD1px4YxVz2bJkeDtuMm4ciHo+PgMlNj9rc/OU9tbLOlj2Df3PKHtrvVBMN4f0
+uGTBscyYKtAFzNNlr6LGkxoXyjY+URaLpjPviB5aLy2oOi6+U5tD0lRWmfOdAKyU
+gZAu4GnDqsp/BN7qIJZ6
+=wfA3
 -----END PGP SIGNATURE-----
diff --git a/sys-devel/patch/files/patch-2.7.2-fix_for_CVE-2015-1196_fix.patch b/sys-devel/patch/files/patch-2.7.2-fix_for_CVE-2015-1196_fix.patch
new file mode 100644
index 000000000000..7f5130c56c3c
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.2-fix_for_CVE-2015-1196_fix.patch
@@ -0,0 +1,220 @@
+From 41688ad8ef88bc296f3bed30b171ec73e5876b88 Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Wed, 21 Jan 2015 09:01:15 +0000
+Subject: Fix the fix for CVE-2015-1196
+
+* src/util.c (filename_is_safe): New function split off from name_is_valid().
+(symlink_target_is_valid): Explain why we cannot have absolute symlinks or
+symlinks with ".." components for now.
+(move_file): Move absolute filename check here and explain.
+* tests/symlinks: Put test case with ".." symlink in comments for now.
+* NEWS: Add CVE number.
+---
+diff --git a/NEWS b/NEWS
+index d3f1c2d..d79cead 100644
+--- a/NEWS
++++ b/NEWS
+@@ -4,7 +4,7 @@
+   deleting".
+ * Function names in hunks (from diff -p) are now preserved in reject files.
+ * With git-style patches, symlinks that point outside the working directory
+-  will no longer be created.
++  will no longer be created (CVE-2015-1196).
+ 
+ Changes in version 2.7.1:
+ 
+diff --git a/src/pch.c b/src/pch.c
+index bb39576..028d51f 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -401,21 +401,7 @@ name_is_valid (char const *name)
+ 	return false;
+     }
+ 
+-  if (IS_ABSOLUTE_FILE_NAME (name))
+-    is_valid = false;
+-  else
+-    for (n = name; *n; )
+-      {
+-	if (*n == '.' && *++n == '.' && ( ! *++n || ISSLASH (*n)))
+-	  {
+-	    is_valid = false;
+-	    break;
+-	  }
+-	while (*n && ! ISSLASH (*n))
+-	  n++;
+-	while (ISSLASH (*n))
+-	  n++;
+-      }
++  is_valid = filename_is_safe (name);
+ 
+   /* Allow any filename if we are in the filesystem root.  */
+   if (! is_valid && cwd_is_root (name))
+diff --git a/src/util.c b/src/util.c
+index 94c7582..ae05caa 100644
+--- a/src/util.c
++++ b/src/util.c
+@@ -423,55 +423,18 @@ create_backup (char const *to, const struct stat *to_st, bool leave_original)
+     }
+ }
+ 
++/* Only allow symlink targets which are relative and free of ".." components:
++ * otherwise, the operating system may follow one of those symlinks in a
++ * pathname component, leading to a path traversal vulnerability.
++ *
++ * An alternative to disallowing many kinds of symlinks would be to implement
++ * path traversal in user space using openat() without following symlinks
++ * altogether.
++ */
+ static bool
+ symlink_target_is_valid (char const *target, char const *to)
+ {
+-  bool is_valid;
+-
+-  if (IS_ABSOLUTE_FILE_NAME (to))
+-    is_valid = true;
+-  else if (IS_ABSOLUTE_FILE_NAME (target))
+-    is_valid = false;
+-  else
+-    {
+-      unsigned int depth = 0;
+-      char const *t;
+-
+-      is_valid = true;
+-      t = to;
+-      while (*t)
+-	{
+-	  while (*t && ! ISSLASH (*t))
+-	    t++;
+-	  if (ISSLASH (*t))
+-	    {
+-	      while (ISSLASH (*t))
+-		t++;
+-	      depth++;
+-	    }
+-	}
+-
+-      t = target;
+-      while (*t)
+-	{
+-	  if (*t == '.' && *++t == '.' && (! *++t || ISSLASH (*t)))
+-	    {
+-	      if (! depth--)
+-		{
+-		  is_valid = false;
+-		  break;
+-		}
+-	    }
+-	  else
+-	    {
+-	      while (*t && ! ISSLASH (*t))
+-		t++;
+-	      depth++;
+-	    }
+-	  while (ISSLASH (*t))
+-	    t++;
+-	}
+-    }
++  bool is_valid = filename_is_safe (target);
+ 
+   /* Allow any symlink target if we are in the filesystem root.  */
+   return is_valid || cwd_is_root (to);
+@@ -520,7 +483,11 @@ move_file (char const *from, bool *from_needs_removal,
+ 	    read_fatal ();
+ 	  buffer[size] = 0;
+ 
+-	  if (! symlink_target_is_valid (buffer, to))
++	  /* If we are allowed to create a file with an absolute path name,
++	     anywhere, we also don't need to worry about symlinks that can
++	     leave the working directory.  */
++	  if (! (IS_ABSOLUTE_FILE_NAME (to)
++		 || symlink_target_is_valid (buffer, to)))
+ 	    {
+ 	      fprintf (stderr, "symbolic link target '%s' is invalid\n",
+ 		       buffer);
+@@ -1720,6 +1687,28 @@ int stat_file (char const *filename, struct stat *st)
+   return xstat (filename, st) == 0 ? 0 : errno;
+ }
+ 
++/* Check if a filename is relative and free of ".." components.
++   Such a path cannot lead to files outside the working tree
++   as long as the working tree only contains symlinks that are
++   "filename_is_safe" when followed.  */
++bool
++filename_is_safe (char const *name)
++{
++  if (IS_ABSOLUTE_FILE_NAME (name))
++    return false;
++  while (*name)
++    {
++      if (*name == '.' && *++name == '.'
++	  && ( ! *++name || ISSLASH (*name)))
++	return false;
++      while (*name && ! ISSLASH (*name))
++	name++;
++      while (ISSLASH (*name))
++	name++;
++    }
++  return true;
++}
++
+ /* Check if we are in the root of a particular filesystem namespace ("/" on
+    UNIX or a particular drive's root on DOS-like systems).  */
+ bool
+diff --git a/src/util.h b/src/util.h
+index 579c5de..6b3308a 100644
+--- a/src/util.h
++++ b/src/util.h
+@@ -69,6 +69,7 @@ enum file_id_type lookup_file_id (struct stat const *);
+ void set_queued_output (struct stat const *, bool);
+ bool has_queued_output (struct stat const *);
+ int stat_file (char const *, struct stat *);
++bool filename_is_safe (char const *);
+ bool cwd_is_root (char const *);
+ 
+ enum file_attributes {
+diff --git a/tests/symlinks b/tests/symlinks
+index 6211026..04a9b73 100644
+--- a/tests/symlinks
++++ b/tests/symlinks
+@@ -148,20 +148,24 @@ ncheck 'test ! -L symlink'
+ 
+ # Patch should not create symlinks which point outside the working directory.
+ 
+-cat > symlink-target.diff <<EOF
+-diff --git a/dir/foo b/dir/foo
+-new file mode 120000
+-index 0000000..cad2309
+---- /dev/null
+-+++ b/dir/foo
+-@@ -0,0 +1 @@
+-+../foo
+-\ No newline at end of file
+-EOF
+-
+-check 'patch -p1 < symlink-target.diff || echo "Status: $?"' <<EOF
+-patching symbolic link dir/foo
+-EOF
++# We cannot even ensure that symlinks with ".." components are safe: we cannot
++# guarantee that they won't end up higher up in the working tree than we think;
++# the path to the symlink may follow symlinks itself.
++#
++#cat > symlink-target.diff <<EOF
++#diff --git a/dir/foo b/dir/foo
++#new file mode 120000
++#index 0000000..cad2309
++#--- /dev/null
++#+++ b/dir/foo
++#@@ -0,0 +1 @@
++#+../foo
++#\ No newline at end of file
++#EOF
++#
++#check 'patch -p1 < symlink-target.diff || echo "Status: $?"' <<EOF
++#patching symbolic link dir/foo
++#EOF
+ 
+ cat > bad-symlink-target1.diff <<EOF
+ diff --git a/bar b/bar
+--
+cgit v0.9.0.2
diff --git a/sys-devel/patch/files/patch-2.7.2-valid_filenames_on_renames_and_copies.patch b/sys-devel/patch/files/patch-2.7.2-valid_filenames_on_renames_and_copies.patch
new file mode 100644
index 000000000000..ff0383738b97
--- /dev/null
+++ b/sys-devel/patch/files/patch-2.7.2-valid_filenames_on_renames_and_copies.patch
@@ -0,0 +1,66 @@
+From 17953b5893f7c9835f0dd2a704ba04e0371d2cbd Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruen@gnu.org>
+Date: Wed, 21 Jan 2015 12:01:08 +0000
+Subject: For renames and copies, make sure that both file names are valid
+
+* src/patch.c (main): Allow there_is_another_patch() to set the
+skip_rest_of_patch flag.
+* src/pch.c (intuit_diff_type): For renames and copies, also check the "other"
+file name.
+(pch_copy, pch_rename): Now that both names are checked in intuit_diff_type(),
+we know they are defined here.
+---
+diff --git a/src/patch.c b/src/patch.c
+index 441732e..cb4dbb2 100644
+--- a/src/patch.c
++++ b/src/patch.c
+@@ -196,6 +196,9 @@ main (int argc, char **argv)
+       bool mismatch = false;
+       char const *outname = NULL;
+ 
++      if (skip_rest_of_patch)
++	somefailed = true;
++
+       if (have_git_diff != pch_git_diff ())
+ 	{
+ 	  if (have_git_diff)
+diff --git a/src/pch.c b/src/pch.c
+index 33facd9..bb39576 100644
+--- a/src/pch.c
++++ b/src/pch.c
+@@ -978,6 +978,16 @@ intuit_diff_type (bool need_header, mode_t *p_file_type)
+ 	  }
+       }
+ 
++    if ((pch_rename () || pch_copy ())
++	&& ! inname
++	&& ! ((i == OLD || i == NEW) &&
++	      p_name[! reverse] &&
++	      name_is_valid (p_name[! reverse])))
++      {
++	say ("Cannot %s file without two valid file names\n", pch_rename () ? "rename" : "copy");
++	skip_rest_of_patch = true;
++      }
++
+     if (i == NONE)
+       {
+ 	if (inname)
+@@ -2178,14 +2188,12 @@ pch_name (enum nametype type)
+ 
+ bool pch_copy (void)
+ {
+-  return p_copy[OLD] && p_copy[NEW]
+-	 && p_name[OLD] && p_name[NEW];
++  return p_copy[OLD] && p_copy[NEW];
+ }
+ 
+ bool pch_rename (void)
+ {
+-  return p_rename[OLD] && p_rename[NEW]
+-	 && p_name[OLD] && p_name[NEW];
++  return p_rename[OLD] && p_rename[NEW];
+ }
+ 
+ /* Return the specified line position in the old file of the old context. */
+--
+cgit v0.9.0.2
diff --git a/sys-devel/patch/patch-2.7.2-r1.ebuild b/sys-devel/patch/patch-2.7.2-r1.ebuild
new file mode 100644
index 000000000000..2fcf133f043e
--- /dev/null
+++ b/sys-devel/patch/patch-2.7.2-r1.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/patch/patch-2.7.2-r1.ebuild,v 1.1 2015/01/23 19:02:06 polynomial-c Exp $
+
+EAPI=4
+
+inherit flag-o-matic eutils
+
+DESCRIPTION="Utility to apply diffs to files"
+HOMEPAGE="http://www.gnu.org/software/patch/patch.html"
+SRC_URI="mirror://gnu/patch/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~x86-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~ia64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="static test xattr"
+
+RDEPEND="xattr? ( sys-apps/attr )"
+DEPEND="${RDEPEND}
+	test? ( sys-apps/ed )"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-valid_filenames_on_renames_and_copies.patch \
+		"${FILESDIR}"/${P}-fix_for_CVE-2015-1196_fix.patch
+}
+
+src_configure() {
+	use static && append-ldflags -static
+
+	# Do not let $ED mess up the search for `ed` 470210.
+	ac_cv_path_ED=$(type -P ed) \
+	econf \
+		$(use_enable xattr) \
+		--program-prefix="$(use userland_BSD && echo g)"
+}