From 677e72bdb1e962a327e8cb6d2c6b18c749b6252d Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Sep 10 2018 11:27:04 +0000
Subject: Fixed #1554752 - Double free of memory, CVE-2018-6952


---

diff --git a/patch.spec b/patch.spec
index 4049b5a..2a07b8c 100644
--- a/patch.spec
+++ b/patch.spec
@@ -1,16 +1,17 @@
 Summary: Utility for modifying/upgrading files
 Name: patch
 Version: 2.7.6
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/patch/patch.html
 Group: Development/Tools
 Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
 Patch1: patch-CVE-2018-1000156.patch
+Patch2: patch-2.7.6-CVE-2018-6952.patch
 Patch100: patch-selinux.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  gcc
+BuildRequires: gcc
 BuildRequires: libselinux-devel
 BuildRequires: libattr-devel
 BuildRequires: ed
@@ -30,6 +31,8 @@ applications.
 
 # CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
 %patch1 -p1 -b .CVE-2018-1000156
+# CVE-2018-6952
+%patch2 -p1 -b .CVE-2018-6952
 
 # SELinux support.
 %patch100 -p1 -b .selinux
@@ -56,6 +59,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*
 
 %changelog
+* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
+- Fixed #1554752 - Double free of memory, CVE-2018-6952
+
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild