patch: Symlinks Following Vulnerability (CVE-2019-13636)

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

References:

• https://nvd.nist.gov/vuln/detail/CVE-2019-13636
• https://www.cvedetails.com/cve/CVE-2019-13636/

Patch:

https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a

Affected branches:

• master
• 3.10-stable
• 3.9-stable
• 3.8-stable
• 3.7-stable

added tag:security label

[edge] -> https://github.com/alpinelinux/aports/pull/9641
[3.10] -> https://github.com/alpinelinux/aports/pull/9642
[3.9] -> https://github.com/alpinelinux/aports/pull/9643
[3.8] -> https://github.com/alpinelinux/aports/pull/9644
[3.7] -> https://github.com/alpinelinux/aports/pull/9645

mentioned in commit 1d883b90

marked the checklist item 3.7-stable as completed

mentioned in commit 3f413a6b

marked the checklist item 3.8-stable as completed

mentioned in commit 858c1e50

marked the checklist item 3.9-stable as completed

mentioned in commit 88e814fb

marked the checklist item 3.10-stable as completed

closed via commit 38b6dd1c

marked the checklist item master as completed

made the issue visible to everyone